Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to use namspace to isolate DHCP services. Many people may not know much about it. In order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

Neutron provides DHCP services through dnsmasq, but how does dnsmasq serve each network independently?

The answer is quarantined through Linux Network Namespace, which is discussed in more detail in this section.

On a layer 2 network, VLAN can divide a physical switch into several independent virtual switches. Similarly, on a layer 3 network, Linux network namespace can divide a physical layer 3 network into several independent virtual layer 3 networks.

Each namespace has its own independent network stack, including route table,firewall rule,network interface device and so on.

Neutron provides independent DHCP and routing services for each network through namespace, allowing tenants to create overlapping networks.

Without namespace, networks cannot overlap, thus losing a lot of flexibility.

Each dnsmasq process is located in a separate namespace, named qdhcp-, such as flat_net, and we have:

The ip netns list command lists all namespace. Qdhcp-f153b42f-c3a1-4b6c-8865-c09b5b2aa274 is the namespace of flat_net.

In fact, the host itself has a namespace called root namespace, which has all the physical and virtual interface device. Physical interface can only be located in root namespace.

The newly created namespace has only one loopback device by default. Administrators can add virtual interface devices, such as bridge,tap, to a namespace.

For flat_net 's DHCP device tap19a0ed3d-fe, you need to put it in namespace qdhcp-f153b42f-c3a1-4b6c-8865-c09b5b2aa274, but this creates a problem: tap19a0ed3d-fe will not be able to connect directly to the bridge device brqf153b42f-c3 in root namespace.

Neutron uses veth pair to solve this problem.

Veth pair is a pair of special network devices, they are like a virtual network cable, can be used to connect two namespace. Enter data into one side of the veth pair and read it at the other end.

Tap19a0ed3d-fe and ns-19a0ed3d-fe are a pair of veth pair that connect qdhcp-f153b42f-c3a1-4b6c-8865-c09b5b2aa274 to brqf153b42f-c3.

Namespace can be managed through ip netns exec.

After reading the above, do you have any further understanding of how to isolate DHCP services with namspace? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.