Shulou(Shulou.com)06/01 Report--

This article shares with you the content of a sample analysis of the vlan configuration of linux virtual network devices. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Brief introduction

VLAN is an additional function of the network stack and is located in the lower two layers. First, let's learn the implementation of the lower two layers of the network stack in Linux, and then see how to add the function of VLAN. The next two layers involve specific hardware devices. The increasingly sophisticated Linux kernel has achieved good code isolation, as well as for network device drivers, as shown in the following figure:

It should be noted here that the network device net_dev under Linux does not necessarily correspond to the actual hardware device, as long as a struct net_device {} structure (netdevice.h) is registered into the kernel, then this network device exists. The structure is large and contains the protocol address of the device (for IP, the IP address), so that it can be recognized by the network layer and participate in the routing system, the most famous of which is loopback devices. Different devices (including hardware and non-hardware) have different ops operation methods, which are implemented by the driver itself. Some universal and device-independent operation processes (such as device locking, etc.) are extracted by Linux, which we call the driver framework.

Vlan configuration of linux virtual network devices

We connect two network namespaces through a bridge and two device pairs, and create two vlan in each namespace.

Configure vlan with vconfig:

# create bridge brctl addbr br-test-vlan # create veth pair ip link add veth01 type veth peer name veth20ip link add veth02 type veth peer name veth30 # add a segment of veth pair to bridge brctl addif br-test-vlan veth01brctl addif br-test-vlan veth02 # launch device ip link set dev br-test-vlan upip link set dev veth01 upip link set dev veth02 upip link set dev veth20 upip link set dev veth30 up # create network namespace ip netns add test-vlan-vm01ip netns add test-vlan -vm02 # adds the other end of the device pair to another namespace (actually it can also be played in one namespace Ip link set veth20 netns test-vlan-vm01ip link set veth30 netns test-vlan-vm02 # enter two namespaces to create vlan and configure ip# configuration namespaces test-vlan-vm01ip netns exec test-vlan-vm01 bash# configure vlan 3001 and vlan 3002vconfig add veth20 3001vconfig add veth20 300 launch two vlan devices ip link set veth20.3001 upip link set veth20.3002 up # configure ip on two vlan (for simplicity here IP is used on the same network segment, but the disadvantage is Need to know a little bit about routing) ip an add 172.16.30.1 dev veth20.3001ip 24 dev veth20.3001ip an add 172.16.30.2 dev veth20.3001route add 24 dev veth20.3002 # add routing route add 172.16.30.21 dev veth20.3001route add 172.16.30.22 dev veth20.3002 # configure namespace test-vlan-vm02ip netns exec test-vlan-vm02 bash# configure vlan 3001 and vlan 3002vconfig add veth30 3001vconfig add veth30 300 launch two vlan devices ip link set Veth30.3001 upip link set veth30.3002 up# configures ip on two vlan (for simplicity IP is used on the same network segment, but the disadvantage is that you need to know a little bit about routing) ip an add 172.16.30.21 ip an add 24 dev veth30.3001ip an add 172.16.30.22 dev veth30.3002 # add route route add 172.16.30.1 dev veth30.3001route add 172.16.30.2 dev veth30.3002

Check the vlan configuration:

# cat / proc/net/vlan/config VLAN Dev name | VLAN IDName-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PADveth20.3001 | 3001 | veth20veth20.3002 | 3002 | veth20

Now, we can ping two IP of the other namespace in two namespaces. Although both IP can communicate with each other, the source IP used is different, and the vlan used is also different. We can grab the package on any veth01/veth20/veth02/veth30/br-test-vlan and see the vlan message:

# tcpdump-I veth20-nn-etcpdump: verbose output suppressed, use-v or-vv for full protocol decodelistening on veth20, link-type EN10MB (Ethernet), capture size 262144 bytes15:38:18.381010 82:f7:0e:2d:3f:62 > 9e:58:72:fa:11:15, ethertype 802.1Q (0x8100), length 102: vlan 3001, p 0, ethertype IPv4, 172.16.30.1 > 172.16.30.21: ICMP echo request, id 19466, seq 1 Length 6415 9e:58:72:fa:11:15 38 9e:58:72:fa:11:15 > 82:f7:0e:2d:3f:62, ethertype 802.1Q (0x8100), length 102: vlan 3001, p 0, ethertype IPv4, 172.16.30.21 > 172.16.30.1: ICMP echo reply, id 19466, seq 1, length 641538 Switzerland 82:f7:0e:2d:3f:62 > 9e:58:72:fa:11:15, ethertype 802.1Q (0x8100), length 102: vlan 3001, p 0, ethertype IPv4 172.16.30.1 > 172.16.30.21: ICMP echo request, id 19466, seq 2, length 6415 9e:58:72:fa:11:15 > 82:f7:0e:2d:3f:62, ethertype 802.1Q (0x8100), length 102: vlan 3001, p 0, ethertype IPv4, 172.16.30.21 > 172.16.30.1: ICMP echo reply, id 19466, seq 2 Length 6415 82:f7:0e:2d:3f:62 38 seq 23.162052 82:f7:0e:2d:3f:62 > 9e:58:72:fa:11:15, ethertype 802.1Q (0x8100), length 102: vlan 3002, p 0, ethertype IPv4, 172.16.30.2 > 172.16.30.22: ICMP echo request, id 19473, seq 1, length 64151538 Switzerland 23.162107 9e:58:72:fa:11:15 > 82:f7:0e:2d:3f:62, ethertype 802.1Q (0x8100), length 102: vlan 3002, p 0, ethertype IPv4 172.16.30.22 > 172.16.30.2: ICMP echo reply, id 19473, seq 1, length 64

If you try to go from veth20.3001 to ping 172.16.30.22, you can't get through because it's a different vlan:

# ping-I veth20.3001 172.16.30.22PING 172.16.30.22 (172.16.30.22) from 172.16.30.1 veth20.3001: 56 (84) bytes of data ^ C-172.16.30.22 ping statistics-9 packets transmitted, 0 received, 100% packet loss, time 8231ms

The solution that does not apply to vconfig:

Ip link add link veth20 name veth20.3001 type vlan id 3001

Another: vlan is generally named after the device name. vlanid, but it's not mandatory, and it's okay to name it vlan3003 as follows.

# ip link add link veth20 name vlan3003 type vlan id 3003

Note: there can be at most one sub-device with the same vlan on a master device.

# ip link add link veth20 name vlan3001 type vlan id 3001 RTNETLINK answers: File exists

So, normally, it goes like this:

Thank you for reading! This is the end of the article on "sample Analysis of vlan configuration of linux Virtual Network Devices". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it out for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.