VLAN

A virtual local area network (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2).[2][3] In this context, virtual refers to a physical object recreated and altered by additional logic, within the local area network. VLANs work by applying tags to network frames and handling these tags in networking systems – creating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks. In this way, VLANs can keep network applications separate despite being connected to the same physical network, and without requiring multiple sets of cabling and networking devices to be deployed.

1998 年，以太网 VLAN 在第一版 IEEE 802.1Q-1998 标准中进行了描述。 IEEE 802.1ad 对此进行了扩展，允许在提供商桥接服务中嵌套 VLAN 标签。 IEEE 802.1ah-2008 改进了该机制。

from wiki https://en.wikipedia.org/wiki/VLAN

其他相关协议：

IEEE 802.1QinQ (802.1ad)

这是一种扩展的 VLAN 标签技术，有时也称为“双层 VLAN”或“堆叠 VLAN”。QinQ 允许多重 VLAN 标签被插入到一个单一的以太网帧中，这样做可以进一步增加网络的灵活性和扩展性，特别是在服务提供商环境中，用以区分不同客户的流量。

IEEE 802.1ah

IEEE 802.1ah 通过引入一个额外的 MAC 地址层次，可以创建更多的隔离网络，有效扩展了 VLAN 的规模限制

IEEE 802.1p

这是一个在 802.1Q 标准中定义的优先级标记，用于在网络设备中实现流量优先级和简单的质量服务(QoS)。虽然它直接关联于 802.1Q 的 VLAN 标签，但它专门用于流量分类和优先级处理。

IEEE 802.1v

这个标准提供了基于协议和端口号的 VLAN 分类。它允许网络管理员根据更细粒度的规则，如网络协议类型或特定的端口号，将流量分配到 VLAN。

IEEE 802.1ak

这是多个注册协议和多个 VLAN 注册实例(MVRP/MVR)的扩展，用于更动态和灵活地管理 VLAN 配置。

GVRP (GARP VLAN Registration Protocol)

这是一个在 IEEE 802.1Q 标准中定义的协议，用于自动管理 VLAN 信息的注册和传播。GVRP 允许通过通用属性注册协议 (GARP) 自动传播 VLAN 注册和反注册，简化了 VLAN 的配置和管理。

使用场景

VLAN的出现与网络增长，管理复杂性，安全和性能需求增加有关。

网络规模不断扩大，需要更多的网络硬件，通过子网加路由模式不够灵活。
广播流量如ARP会占用大量带宽，尤其是大型局域网中
安全和隔离要求，进行流量分离防止数据泄露恶意访问
网络策略与Qos，同一网络下实现差异化服务，如实时视频流量需要比普通文件传输更高的优先级

virtual 这个词让我想到开始用的虚拟机软件，Vmware， virtualbox。在物理层上通过tags将物理网路进行划分管理。

VLAN的介绍

VLAN概念出现在以太网网络中，在以太网帧中源地址目的地址后插入TAG来区分vlan，对应保准IEEE802.1Q , VLAN标签包含以下部分：

TPID Tag Protocol Identifier：固定未0x8100，标示帧包含802.1Q标签；
优先级代码点（PCP）:3位字段，用于支持质量服务（QoS），定义帧的优先级；
丢弃合格标识（DEI）：1位，用于标识网络拥堵下可被丢弃的帧。
VLAN ID（VID）：12位，共定义4096个不同VLAN （其中0和4095保留）

Tagged VLAN： 标记VLAN信息

Untagged VLAN：未标记VLAN信息

Trunk & Access

在设置配置VLAN，可以选择两种工作模式Trunk，Access， Trunk允许以太帧携带VLAN通常用于交换机之间链接， Access只能属于一个VLAN，一边用户末端设备，服务器，打印机，终端等。

网络中不只一个交换机，而是有一大堆交换机，并且A组的一些机器直接连接到交换机1和交换机2。为了让这些机器能够相互通话，你可以在交换机1上添加一个A组VLAN的接入端口，在交换机2上也添加一个，然后在这些端口之间连接一根以太网线。这种方法可以工作，但随着交换机数量和VLAN数量的增加，它的扩展性不佳，因为你需要使用大量宝贵的交换机端口来连接你的VLAN。
https://docs.openvswitch.org/en/latest/faq/vlan/

VLAN实验

由于就一台机器使用 network namespace 和openvswitch 搭建实验环境，来验证一下vlan的功能。

环境准备

openvswitch安装。

os环境：Linux iZ8vbd88lmglnbsnad85q3Z 5.10.134-16.3.al8.x86_64+debug #1 SMP 使用源码安装

1
2
3
4
./boot.sh
./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc 
make
sudo make install

1
2
3
#ovs-tcpdump
cd python
sudo python3 setup.py install

网路拓扑

1
2
3
4
5
6
7
8
                   trunk               
    +-----------+         +-----------+
    |  ovs-br0  +---------+ ovs-br1   |
    +-+-------+-+         +-+-------+-+
access|       |             |       |  
   +--++     ++--+        +-+-+   +-+-+
   |ns1|     |ns2|        |ns3|   |ns4|
   +---+     +---+        +---+   +---+

创建两个虚拟交换机 ovs-br0 , ovs-br1。

验证vlan隔离性

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# 创建 ovs 网桥
sudo ovs-vsctl add-br ovs-br0
ovs-vsctl show

# 创建名字空间
sudo ip netns add ns1
sudo ip netns add ns2

# 创建 ovs Port 名字空间创建对应接口 veth pair
sudo ip link add veth-ns1 type veth peer name veth-ns1-br
sudo ip link set veth-ns1 netns ns1
sudo ovs-vsctl add-port ovs-br0 veth-ns1-br

sudo ip link add veth-ns2 type veth peer name veth-ns2-br
sudo ip link set veth-ns2 netns ns2
sudo ovs-vsctl add-port ovs-br0 veth-ns2-br

# ip netns
ns2 (id: 1)
ns1 (id: 0)
# ovs-vsctl show
4a999185-c1dd-4da3-98b7-5be898e88521
Bridge ovs-br0
Port ovs-br0
Interface ovs-br0
type: internal
Port veth-ns2-br
Interface veth-ns2-br
Port veth-ns1-br
Interface veth-ns1-br

# 配置ip地址
sudo ip netns exec ns1 ip addr add 192.168.10.1/24 dev veth-ns1
sudo ip netns exec ns1 ip link set veth-ns1 up
sudo ip netns exec ns1 ip link set lo up

sudo ip netns exec ns2 ip addr add 192.168.10.2/24 dev veth-ns2
sudo ip netns exec ns2 ip link set veth-ns2 up
sudo ip netns exec ns2 ip link set lo up

#激活ovs端口
sudo ip link set veth-ns1-br up
sudo ip link set veth-ns2-br up

#查看ip地址
ip netns exec ns1 ip addr show veth-ns1
89: veth-ns1@if88: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether be:0b:c4:42:94:d6 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.10.1/24 scope global veth-ns1
valid_lft forever preferred_lft forever
inet6 fe80::bc0b:c4ff:fe42:94d6/64 scope link
valid_lft forever preferred_lft forever

ip netns exec ns2 ip addr show veth-ns2
91: veth-ns2@if90: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 96:67:7a:aa:76:bb brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.10.2/24 scope global veth-ns2
valid_lft forever preferred_lft forever
inet6 fe80::9467:7aff:feaa:76bb/64 scope link
valid_lft forever preferred_lft forever

#清理 
ovs-vsctl del-br ovs-br0
ip netns | awk '{print $1}' | xargs -I {} sudo ip netns delete {}

测试ns1到ns2

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
ip netns exec ns1 ping -c 4 192.168.10.2
PING 192.168.10.2 (192.168.10.2) 56(84) bytes of data.
64 bytes from 192.168.10.2: icmp_seq=1 ttl=64 time=1.19 ms
64 bytes from 192.168.10.2: icmp_seq=2 ttl=64 time=0.215 ms
64 bytes from 192.168.10.2: icmp_seq=3 ttl=64 time=0.333 ms
64 bytes from 192.168.10.2: icmp_seq=4 ttl=64 time=0.217 ms

--- 192.168.10.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3058ms
rtt min/avg/max/mdev = 0.215/0.489/1.193/0.409 ms

在ns2抓包

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
ip netns exec ns2 tcpdump -i veth-ns2 -netvv
dropped privs to tcpdump
tcpdump: listening on veth-ns2, link-type EN10MB (Ethernet), capture size 262144 bytes
be:0b:c4:42:94:d6 > 96:67:7a:aa:76:bb, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 33490, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.2: ICMP echo request, id 19173, seq 1, length 64
96:67:7a:aa:76:bb > be:0b:c4:42:94:d6, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 60023, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.2 > 192.168.10.1: ICMP echo reply, id 19173, seq 1, length 64
be:0b:c4:42:94:d6 > 96:67:7a:aa:76:bb, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 34278, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.2: ICMP echo request, id 19173, seq 2, length 64
96:67:7a:aa:76:bb > be:0b:c4:42:94:d6, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 60277, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.2 > 192.168.10.1: ICMP echo reply, id 19173, seq 2, length 64
be:0b:c4:42:94:d6 > 96:67:7a:aa:76:bb, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 34825, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.2: ICMP echo request, id 19173, seq 3, length 64
96:67:7a:aa:76:bb > be:0b:c4:42:94:d6, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 60946, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.2 > 192.168.10.1: ICMP echo reply, id 19173, seq 3, length 64
be:0b:c4:42:94:d6 > 96:67:7a:aa:76:bb, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 35369, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.2: ICMP echo request, id 19173, seq 4, length 64
96:67:7a:aa:76:bb > be:0b:c4:42:94:d6, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 61350, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.2 > 192.168.10.1: ICMP echo reply, id 19173, seq 4, length 64
96:67:7a:aa:76:bb > be:0b:c4:42:94:d6, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.1 tell 192.168.10.2,                                     length 28
be:0b:c4:42:94:d6 > 96:67:7a:aa:76:bb, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.2 tell 192.168.10.1,                                     length 28
96:67:7a:aa:76:bb > be:0b:c4:42:94:d6, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.2 is-at 96:67:7a:aa:76:bb, len                                    gth 28
be:0b:c4:42:94:d6 > 96:67:7a:aa:76:bb, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.1 is-at be:0b:c4:42:94:d6, len                                    gth 28s

设置vlan tag=10

1
2
ovs-vsctl set port veth-ns2-br tag=10
ovs-vsctl set port veth-ns1-br tag=10

使用ovs-tcpdump此抓包，这次抓的交换机上的端口, veth-ns1-br, veth-ns2-br可以看到vlan信息,。使用tcpdump抓包接口还是没有vlan信息一样，

ovs-tcpdump是openvswitch的工具，抓到的是交换机上的报文，也就是交换机处理完毕后吧vlan tag给删掉了发给了物理接口。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# ns2 名字空间ping ns1地址
ip netns exec ns2 ping -c 4 192.168.10.1
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=1.15 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=0.322 ms
64 bytes from 192.168.10.1: icmp_seq=3 ttl=64 time=0.293 ms
64 bytes from 192.168.10.1: icmp_seq=4 ttl=64 time=0.285 ms

--- 192.168.10.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3080ms
rtt min/avg/max/mdev = 0.285/0.513/1.154/0.370 ms

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
ovs-tcpdump -i veth-ns1-br -netvv
# 可以看到请求与响应，以及4个ARP
dropped privs to tcpdump
tcpdump: listening on miveth-ns1-br, link-type EN10MB (Ethernet), capture size 262144 bytes
96:67:7a:aa:76:bb > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 30892, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.2 > 192.168.10.1: ICMP echo request, id 38872, seq 1, length 64
be:0b:c4:42:94:d6 > 96:67:7a:aa:76:bb, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 24428, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.2: ICMP echo reply, id 38872, seq 1, length 64
96:67:7a:aa:76:bb > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 31392, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.2 > 192.168.10.1: ICMP echo request, id 38872, seq 2, length 64
be:0b:c4:42:94:d6 > 96:67:7a:aa:76:bb, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 24877, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.2: ICMP echo reply, id 38872, seq 2, length 64
96:67:7a:aa:76:bb > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 32340, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.2 > 192.168.10.1: ICMP echo request, id 38872, seq 3, length 64
be:0b:c4:42:94:d6 > 96:67:7a:aa:76:bb, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 25300, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.2: ICMP echo reply, id 38872, seq 3, length 64
96:67:7a:aa:76:bb > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 32938, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.2 > 192.168.10.1: ICMP echo request, id 38872, seq 4, length 64
be:0b:c4:42:94:d6 > 96:67:7a:aa:76:bb, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 25810, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.2: ICMP echo reply, id 38872, seq 4, length 64
96:67:7a:aa:76:bb > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.1 tell 192.168.10.2, length 28
be:0b:c4:42:94:d6 > 96:67:7a:aa:76:bb, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.2 tell 192.168.10.1, length 28
96:67:7a:aa:76:bb > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.2 is-at 96:67:7a:aa:76:bb, length 28
be:0b:c4:42:94:d6 > 96:67:7a:aa:76:bb, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.1 is-at be:0b:c4:42:94:d6, length 28

把ns2 tag改为20， ping不通

1
ovs-vsctl set port veth-ns2-br tag=20

1
2
3
4
5
6
ip netns exec ns2 ping -c 4 192.168.10.1
# 未ping通
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.

--- 192.168.10.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3103msr

验证trunk&access

创建另外一台交换机，配置名字空间

vlan的trunk模式主要用于多交换机链接，如果仅是抓包trunk端口信息，一个交换机就可以。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# 创建 ovs 网桥
sudo ovs-vsctl add-br ovs-br1
sudo ovs-vsctl show 
# 创建名字空间 
sudo ip netns add ns3
sudo ip netns add ns4

# 创建 ovs Port 名字空间创建对应接口veth pair 
sudo ip link add veth-ns3 type veth peer name veth-ns3-br 
sudo ip link set veth-ns3 netns ns3 
sudo ovs-vsctl add-port ovs-br1 veth-ns3-br 
sudo ip link add veth-ns4 type veth peer name veth-ns4-br 
sudo ip link set veth-ns4 netns ns4
sudo ovs-vsctl add-port ovs-br1 veth-ns4-br

# 配置ip地址
sudo ip netns exec ns3 ip addr add 192.168.10.3/24 dev veth-ns3 
sudo ip netns exec ns3 ip link set veth-ns3 up
sudo ip netns exec ns3 ip link set lo up 
sudo ip netns exec ns4 ip addr add 192.168.10.4/24 dev veth-ns4
sudo ip netns exec ns4 ip link set veth-ns4 up 
sudo ip netns exec ns4 ip link set lo up 
#激活ovs端口 
sudo ip link set veth-ns3-br up 
sudo ip link set veth-ns4-br up 

验证ns3， ns4到ns1， ns2不通，增加两个patch类型端口对接

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
ip netns exec ns4 ping  -c 4 192.168.10.2
PING 192.168.10.2 (192.168.10.2) 56(84) bytes of data.
From 192.168.10.4 icmp_seq=1 Destination Host Unreachable
From 192.168.10.4 icmp_seq=2 Destination Host Unreachable
From 192.168.10.4 icmp_seq=3 Destination Host Unreachable
From 192.168.10.4 icmp_seq=4 Destination Host Unreachable

--- 192.168.10.2 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3094ms
pipe 4

ip netns exec ns3 ping  -c 4 192.168.10.2
PING 192.168.10.2 (192.168.10.2) 56(84) bytes of data.
From 192.168.10.3 icmp_seq=1 Destination Host Unreachable
From 192.168.10.3 icmp_seq=2 Destination Host Unreachable
From 192.168.10.3 icmp_seq=3 Destination Host Unreachable
From 192.168.10.3 icmp_seq=4 Destination Host Unreachable

--- 192.168.10.2 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3095ms

创建一对patch类型的端口将两个交换机连接

1
2
sudo ovs-vsctl add-port ovs-br0 patch0 -- set Interface patch0 type=patch options:peer=patch1
sudo ovs-vsctl add-port ovs-br1 patch1 -- set Interface patch1 type=patch options:peer=patch0

1
2
3
4
5
6
ip netns exec ns1 ping -c 4 192.168.10.4
PING 192.168.10.4 (192.168.10.4) 56(84) bytes of data.
64 bytes from 192.168.10.4: icmp_seq=1 ttl=64 time=0.352 ms
64 bytes from 192.168.10.4: icmp_seq=2 ttl=64 time=0.294 ms
64 bytes from 192.168.10.4: icmp_seq=3 ttl=64 time=0.315 ms
64 bytes from 192.168.10.4: icmp_seq=4 ttl=64 time=0.296 ms

ns3设置为trunk端口，测试ns1 到ns3与ns4的连通性，并在ns3和ns4抓包

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
# ns1->ns3
ip netns exec ns1 ping -c 1 192.168.10.3
PING 192.168.10.3 (192.168.10.3) 56(84) bytes of data.
From 192.168.10.1 icmp_seq=1 Destination Host Unreachable

--- 192.168.10.3 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

#ns1->ns4
ip netns exec ns1 ping -c 1 192.168.10.4
PING 192.168.10.4 (192.168.10.4) 56(84) bytes of data.
64 bytes from 192.168.10.4: icmp_seq=1 ttl=64 time=1.30 ms

--- 192.168.10.4 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.297/1.297/1.297/0.000 ms

ns3 端口抓包

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
# ns3
ip net exec ns3 tcpdump -i veth-ns3 -netvv
dropped privs to tcpdump
#ns1->ns3 可以看到发送arp请求，报文中包含vlan id
tcpdump: listening on veth-ns3, link-type EN10MB (Ethernet), capture size 262144 bytes
be:0b:c4:42:94:d6 > Broadcast, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.3 tell 192.168.10.1, length 28
be:0b:c4:42:94:d6 > Broadcast, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.3 tell 192.168.10.1, length 28
be:0b:c4:42:94:d6 > Broadcast, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.3 tell 192.168.10.1, length 28

#ns1->ns4
be:0b:c4:42:94:d6 > 72:31:bb:f8:97:bb, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 17262, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.4: ICMP echo request, id 49951, seq 1, length 64
72:31:bb:f8:97:bb > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 48435, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.4 > 192.168.10.1: ICMP echo reply, id 49951, seq 1, length 64
72:31:bb:f8:97:bb > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.1 tell 192.168.10.4, length 28
be:0b:c4:42:94:d6 > 72:31:bb:f8:97:bb, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.4 tell 192.168.10.1, length 28
be:0b:c4:42:94:d6 > 72:31:bb:f8:97:bb, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.1 is-at be:0b:c4:42:94:d6, length 28
72:31:bb:f8:97:bb > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.4 is-at 72:31:bb:f8:97:bb, length 28

ns4端口抓包, 未包含vlan信息

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
ip netns exec ns4 tcpdump -i veth-ns4 -netvv
dropped privs to tcpdump
#ns1->ns3
tcpdump: listening on veth-ns4, link-type EN10MB (Ethernet), capture size 262144 bytes
be:0b:c4:42:94:d6 > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.3 tell 192.168.10.1, length 28
be:0b:c4:42:94:d6 > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.3 tell 192.168.10.1, length 28
be:0b:c4:42:94:d6 > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.3 tell 192.168.10.1, length 28
#ns1->ns4
be:0b:c4:42:94:d6 > 72:31:bb:f8:97:bb, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 17262, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.4: ICMP echo request, id 49951, seq 1, length 64
72:31:bb:f8:97:bb > be:0b:c4:42:94:d6, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 48435, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.4 > 192.168.10.1: ICMP echo reply, id 49951, seq 1, length 64
72:31:bb:f8:97:bb > be:0b:c4:42:94:d6, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.1 tell 192.168.10.4, length 28
be:0b:c4:42:94:d6 > 72:31:bb:f8:97:bb, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.4 tell 192.168.10.1, length 28
72:31:bb:f8:97:bb > be:0b:c4:42:94:d6, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.4 is-at 72:31:bb:f8:97:bb, length 28
be:0b:c4:42:94:d6 > 72:31:bb:f8:97:bb, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.1 is-at be:0b:c4:42:94:d6, length 28y

由于ns3是设置为trunk模式，可以看到不同模式交换机对vlan tagid处理不同。可以在对应ns3上增加vlan。把地址绑定到设置了vlan的接口上

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# 查看地址
# ip netns exec ns3 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
102: veth-ns3@if101: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ea:d8:e9:42:35:dd brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.10.3/24 scope global veth-ns3
       valid_lft forever preferred_lft forever
    inet6 fe80::e8d8:e9ff:fe42:35dd/64 scope link
       valid_lft forever preferred_lft forever
# 增加vlan端口
# ip netns exec ns3 ip link add link veth-ns3 name vlan10 type vlan id 10
# ip netns exec ns3 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
3: vlan10@veth-ns3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether ea:d8:e9:42:35:dd brd ff:ff:ff:ff:ff:ff
102: veth-ns3@if101: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ea:d8:e9:42:35:dd brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.10.3/24 scope global veth-ns3
       valid_lft forever preferred_lft forever
    inet6 fe80::e8d8:e9ff:fe42:35dd/64 scope link
       valid_lft forever preferred_lft forever
# 设置地址
# ip netns exec ns3 ip addr del 192.168.10.3/24 dev veth-ns3
# ip netns exec ns3 ip addr add 192.168.10.3/24 dev vlan10
# ip netns exec ns3 ip  a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
3: vlan10@veth-ns3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether ea:d8:e9:42:35:dd brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.3/24 scope global vlan10
       valid_lft forever preferred_lft forever
102: veth-ns3@if101: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ea:d8:e9:42:35:dd brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::e8d8:e9ff:fe42:35dd/64 scope link
       valid_lft forever preferred_lft forever
#开启接口
# ip netns exec ns3 ip link set vlan10 up
[root@iZ8vbd88lmglnbsnad85q3Z ~]# ip netns exec ns3 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: vlan10@veth-ns3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ea:d8:e9:42:35:dd brd ff:ff:ff:ff:ff:ff
inet 192.168.10.3/24 scope global vlan10
valid_lft forever preferred_lft forever
inet6 fe80::e8d8:e9ff:fe42:35dd/64 scope link
valid_lft forever preferred_lft forever
102: veth-ns3@if101: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ea:d8:e9:42:35:dd brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::e8d8:e9ff:fe42:35dd/64 scope link
valid_lft forever preferred_lft forever

再次验证一下， ping通了。

1
2
3
4
5
6
7
# ip netns exec ns1  ping -c 1 192.168.10.3
PING 192.168.10.3 (192.168.10.3) 56(84) bytes of data.
64 bytes from 192.168.10.3: icmp_seq=1 ttl=64 time=1.11 ms

--- 192.168.10.3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.113/1.113/1.113/0.000 msz

ns3 抓包，收到报文，包含vlan信息。

1
2
3
4
5
6
7
# ip net exec ns3 tcpdump -i veth-ns3 -netvv
dropped privs to tcpdump
tcpdump: listening on veth-ns3, link-type EN10MB (Ethernet), capture size 262144 bytes
be:0b:c4:42:94:d6 > ea:d8:e9:42:35:dd, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 58351, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.3: ICMP echo request, id 51924, seq 1, length 64
ea:d8:e9:42:35:dd > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 31500, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.3 > 192.168.10.1: ICMP echo reply, id 51924, seq 1, length 64

验证bond

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# 创建网络命名空间
sudo ip netns add ns5

# 创建两对虚拟网络接口并加入命名空间
sudo ip link add veth0 type veth peer name veth0-ns5-br
sudo ip link set veth0 netns ns5
sudo ip link add veth1 type veth peer name veth1-ns5-br
sudo ip link set veth1 netns ns5

# 在命名空间中创建 bond0 并设置为 LACP 模式， 开始设置未active-backup，模拟故障后，备用接口未启动，设置LACP后回复
#sudo ip netns exec ns5 ip link add bond0 type bond mode active-backup
sudo ip netns exec ns5 ip link add bond0 type bond mode 802.3ad

# 将虚拟网络接口添加到 bond0 中
sudo ip netns exec ns5 ip link set veth0 master bond0
sudo ip netns exec ns5 ip link set veth1 master bond0

# 将 bond0 设为 up
sudo ip netns exec ns5 ip link set bond0 up

# 在主机上创建 Open vSwitch bond 并设置为  模式
#sudo ovs-vsctl add-br ovs-br0
sudo ovs-vsctl add-bond ovs-br0 bond0 veth0-ns5-br veth1-ns5-br -- set port bond0 bond_mode=active-backup

# 将 bond 设为 up，增加vlan10接口
sudo ip netns exec ns5 ip link add link bond0 name bond0.10 type vlan id 10
sudo ip netns exec ns5 ip addr add 192.168.10.5/24 dev bond0.10
sudo ip netns exec ns5 ip link set bond0 up
sudo ip netns exec ns5 ip link set bond0.10 up

从ns1 ping ns5

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
ip netns exec ns1 ping -c 4 192.168.10.5
PING 192.168.10.5 (192.168.10.5) 56(84) bytes of data.
64 bytes from 192.168.10.5: icmp_seq=1 ttl=64 time=1.15 ms
64 bytes from 192.168.10.5: icmp_seq=2 ttl=64 time=0.274 ms
64 bytes from 192.168.10.5: icmp_seq=3 ttl=64 time=0.352 ms
64 bytes from 192.168.10.5: icmp_seq=4 ttl=64 time=0.310 ms

--- 192.168.10.5 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3046ms
rtt min/avg/max/mdev = 0.274/0.520/1.147/0.363 ms

bond0状态，从ns5中veth0抓包

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
# ovs-appctl bond/show
---- bond0 ----
bond_mode: active-backup
bond may use recirculation: no, Recirc-ID : -1
bond-hash-basis: 0
lb_output action: disabled, bond-id: -1
updelay: 0 ms
downdelay: 0 ms
lacp_status: negotiated
lacp_fallback_ab: false
active-backup primary: <none>
active member mac: 4a:ad:a0:90:99:48(veth0-ns5-br)

member veth0-ns5-br: enabled
  active member
  may_enable: true

member veth1-ns5-br: enabled
  may_enable: true

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# sudo ip netns exec ns5 tcpdump -i veth0 -netvv
dropped privs to tcpdump
tcpdump: listening on veth0, link-type EN10MB (Ethernet), capture size 262144 bytes
be:0b:c4:42:94:d6 > Broadcast, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.5 tell 192.168.10.1, length 28
46:c7:36:22:3a:8e > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.5 is-at 46:c7:36:22:3a:8e, length 28
be:0b:c4:42:94:d6 > 46:c7:36:22:3a:8e, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 13000, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.5: ICMP echo request, id 14837, seq 1, length 64
46:c7:36:22:3a:8e > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 65079, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.5 > 192.168.10.1: ICMP echo reply, id 14837, seq 1, length 64
be:0b:c4:42:94:d6 > 46:c7:36:22:3a:8e, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 13556, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.5: ICMP echo request, id 14837, seq 2, length 64
46:c7:36:22:3a:8e > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 3, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.5 > 192.168.10.1: ICMP echo reply, id 14837, seq 2, length 64
be:0b:c4:42:94:d6 > 46:c7:36:22:3a:8e, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 13794, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.5: ICMP echo request, id 14837, seq 3, length 64
46:c7:36:22:3a:8e > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 808, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.5 > 192.168.10.1: ICMP echo reply, id 14837, seq 3, length 64
be:0b:c4:42:94:d6 > 46:c7:36:22:3a:8e, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 14648, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.5: ICMP echo request, id 14837, seq 4, length 64
46:c7:36:22:3a:8e > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 1617, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.5 > 192.168.10.1: ICMP echo reply, id 14837, seq 4, length 64
46:c7:36:22:3a:8e > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.1 tell 192.168.10.5, length 28
be:0b:c4:42:94:d6 > 46:c7:36:22:3a:8e, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.1 is-at be:0b:c4:42:94:d6, length 28

停止 veth0-ns5-br端口，从ns5中veth1抓包抓包

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
# ip link set  veth0-ns5-br down
# ovs-appctl bond/show
---- bond0 ----
bond_mode: active-backup
bond may use recirculation: no, Recirc-ID : -1
bond-hash-basis: 0
lb_output action: disabled, bond-id: -1
updelay: 0 ms
downdelay: 0 ms
lacp_status: negotiated
lacp_fallback_ab: false
active-backup primary: <none>
active member mac: 46:5e:3b:32:e3:99(veth1-ns5-br)

member veth0-ns5-br: disabled
  may_enable: false

member veth1-ns5-br: enabled
  active member
  may_enable: true

继续ping还是可以ping通

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# sudo ip netns exec ns5 tcpdump -i veth1 -netvv
dropped privs to tcpdump
tcpdump: listening on veth1, link-type EN10MB (Ethernet), capture size 262144 bytes
46:5e:3b:32:e3:99 > 01:80:c2:00:00:02, ethertype Slow Protocols (0x8809), length 124: LACPv1, length 110
        Actor Information TLV (0x01), length 20
          System ce:ab:95:a8:c6:4f, System Priority 65534, Key 29, Port 30, Port Priority 65535
          State Flags [Activity, Aggregation, Synchronization, Collecting, Distributing]
          0x0000:  fffe ceab 95a8 c64f 001d ffff 001e 3d00
          0x0010:  0000
        Partner Information TLV (0x02), length 20
          System 46:c7:36:22:3a:8e, System Priority 65535, Key 15, Port 2, Port Priority 255
          State Flags [Activity, Aggregation, Synchronization, Collecting, Distributing]
          0x0000:  ffff 46c7 3622 3a8e 000f 00ff 0002 3d00
          0x0010:  0000
        Collector Information TLV (0x03), length 16
          Max Delay 0
          0x0000:  0000 0000 0000 0000 0000 0000 0000
        Terminator TLV (0x00), length 0
be:0b:c4:42:94:d6 > ea:d8:e9:42:35:dd, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 37483, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.3: ICMP echo request, id 14877, seq 1, length 64
ea:d8:e9:42:35:dd > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 15526, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.3 > 192.168.10.1: ICMP echo reply, id 14877, seq 1, length 64
be:0b:c4:42:94:d6 > ea:d8:e9:42:35:dd, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 38002, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.3: ICMP echo request, id 14877, seq 2, length 64
ea:d8:e9:42:35:dd > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 16429, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.3 > 192.168.10.1: ICMP echo reply, id 14877, seq 2, length 64
be:0b:c4:42:94:d6 > ea:d8:e9:42:35:dd, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 38068, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.3: ICMP echo request, id 14877, seq 3, length 64
ea:d8:e9:42:35:dd > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 17228, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.3 > 192.168.10.1: ICMP echo reply, id 14877, seq 3, length 64
be:0b:c4:42:94:d6 > ea:d8:e9:42:35:dd, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 38836, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.10.1 > 192.168.10.3: ICMP echo request, id 14877, seq 4, length 64
ea:d8:e9:42:35:dd > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 18226, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.10.3 > 192.168.10.1: ICMP echo reply, id 14877, seq 4, length 64
be:0b:c4:42:94:d6 > ea:d8:e9:42:35:dd, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.3 tell 192.168.10.1, length 28
ea:d8:e9:42:35:dd > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.1 tell 192.168.10.3, length 28
be:0b:c4:42:94:d6 > ea:d8:e9:42:35:dd, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.1 is-at be:0b:c4:42:94:d6, length 28
ea:d8:e9:42:35:dd > be:0b:c4:42:94:d6, ethertype 802.1Q (0x8100), length 46: vlan 10, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.10.3 is-at ea:d8:e9:42:35:dd, length 28b

bond通过绑定多个网卡实现扩容和负载的功能。

bond mode类型不匹配

业务环境中出现过交换及配置了balances-rr，服务器配置active-backup导致网路不稳定。由于openvswitch不支持balances-rr，通过创建两个ns实现， ns6模拟服务器， ns7模拟交换机

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#创建网络命名空间

sudo ip netns add ns6
sudo ip netns add ns7

# 创建和配置虚拟网络设备对
#创建两对虚拟网络设备，每对设备连接两个命名空间。其中每个命名空间将有两个接口，用于创建一个 bond。

sudo ip link add veth-ns6-1 type veth peer name veth-ns7-1
sudo ip link add veth-ns6-2 type veth peer name veth-ns7-2

sudo ip link set veth-ns6-1 netns ns6
sudo ip link set veth-ns6-2 netns ns6
sudo ip link set veth-ns7-1 netns ns7
sudo ip link set veth-ns7-2 netns ns7

sudo ip netns exec ns6 ip link set veth-ns6-1 up
sudo ip netns exec ns6 ip link set veth-ns6-2 up
sudo ip netns exec ns7 ip link set veth-ns7-1 up
sudo ip netns exec ns7 ip link set veth-ns7-2 up

#配置 ns6 的 Bond0

sudo ip netns exec ns6 ip link add name bond0 type bond mode active-backup
sudo ip netns exec ns6 ip link set veth-ns6-1 down
sudo ip netns exec ns6 ip link set veth-ns6-1 down
sudo ip netns exec ns6 ip link set veth-ns6-1 master bond0
sudo ip netns exec ns6 ip link set veth-ns6-1 master bond0
sudo ip netns exec ns6 ip link set veth-ns6-1 up
sudo ip netns exec ns6 ip link set veth-ns6-1 up
sudo ip netns exec ns6 ip link set bond0 up
sudo ip netns exec ns6 ip addr add 192.168.1.10/24 dev bond0

#配置 ns7 的 Bond0
sudo ip netns exec ns7 ip link add name bond1 type bond mode balance-rr
sudo ip netns exec ns7 ip link set veth-ns7-1 down
sudo ip netns exec ns7 ip link set veth-ns7-2 down
sudo ip netns exec ns7 ip link set veth-ns7-1 master bond1
sudo ip netns exec ns7 ip link set veth-ns7-2 master bond1
sudo ip netns exec ns7 ip link set veth-ns7-1 up
sudo ip netns exec ns7 ip link set veth-ns7-2 up
sudo ip netns exec ns7 ip link set bond1 up
sudo ip netns exec ns7 ip addr add 192.168.1.20/24 dev bond1

从ns7 ping ns6，发两个包丢包50%

1
2
3
4
5
6
7
# sudo ip netns exec ns7 ping -c 2 192.168.1.10
PING 192.168.1.10 (192.168.1.10) 56(84) bytes of data.
64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.220 ms

--- 192.168.1.10 ping statistics ---
2 packets transmitted, 1 received, 50% packet loss, time 1037ms
rtt min/avg/max/mdev = 0.220/0.220/0.220/0.000 msz

在ns6的两个接口上抓包

1
2
3
4
5
6
7
# sudo ip netns exec ns7 ping -c 2 192.168.1.10
PING 192.168.1.10 (192.168.1.10) 56(84) bytes of data.
64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.341 ms

--- 192.168.1.10 ping statistics ---
2 packets transmitted, 1 received, 50% packet loss, time 1054ms
rtt min/avg/max/mdev = 0.341/0.341/0.341/0.000 msn

ns7抓包

1
2
3
4
5
6
7
8
9
  ip netns  exec ns7 tcpdump -i bond1 -netvv
dropped privs to tcpdump
tcpdump: listening on bond1, link-type EN10MB (Ethernet), capture size 262144 bytes
1a:2f:0c:5a:0d:70 > 1e:9b:fb:3c:52:09, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 54666, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.1.20 > 192.168.1.10: ICMP echo request, id 12321, seq 1, length 64
1a:2f:0c:5a:0d:70 > 1e:9b:fb:3c:52:09, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 55215, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.1.20 > 192.168.1.10: ICMP echo request, id 12321, seq 2, length 64
1e:9b:fb:3c:52:09 > 1a:2f:0c:5a:0d:70, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 7025, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.1.10 > 192.168.1.20: ICMP echo reply, id 12321, seq 2, length 64

请求id54666， 55215，只响应了一个id7025

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
# ip netns  exec ns6 tcpdump -i veth-ns6-1 -netvv icmp
dropped privs to tcpdump
tcpdump: listening on veth-ns6-1, link-type EN10MB (Ethernet), capture size 262144 bytes
1a:2f:0c:5a:0d:70 > 1e:9b:fb:3c:52:09, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 55215, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.1.20 > 192.168.1.10: ICMP echo request, id 12321, seq 2, length 64
1e:9b:fb:3c:52:09 > 1a:2f:0c:5a:0d:70, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 7025, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.1.10 > 192.168.1.20: ICMP echo reply, id 12321, seq 2, length 64

# ip netns  exec ns6 tcpdump -i veth-ns6-2 -netvv icmp
dropped privs to tcpdump
tcpdump: listening on veth-ns6-2, link-type EN10MB (Ethernet), capture size 262144 bytes
1a:2f:0c:5a:0d:70 > 1e:9b:fb:3c:52:09, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 54666, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.1.20 > 192.168.1.10: ICMP echo request, id 12321, seq 1, length 64k

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
# ip netns exec ns6 cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v5.10.134-16.3.al8.x86_64+debug

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: veth-ns6-1
MII Status: up
MII Polling Interval (ms): 0
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0

Slave Interface: veth-ns6-1
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 1e:9b:fb:3c:52:09
Slave queue ID: 0kk

可以看到返回包的接口是active-backup中primary 接口

balance-rr（Round Robin）是一种负载均衡模式，它按顺序将出站流量分配到所有可用的从属接口。每个接口轮流发送数据包，从而实现流量分配的平衡。如果服务器配置了这种模式交换机需要进行
active-backup 模式在任何时候只允许一个从属接口处于活动状态，其他所有的接口都处于备用状态。当活动接口出现故障时，某个备用接口会自动接管，从而保证网络连接的持续性。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# ip netns  exec ns6 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 1e:9b:fb:3c:52:09 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.10/24 scope global bond0
       valid_lft forever preferred_lft forever
    inet6 fe80::1c9b:fbff:fe3c:5209/64 scope link
       valid_lft forever preferred_lft forever
134: veth-ns6-1@if133: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc noqueue master bond0 state UP group default qlen 1000
    link/ether 1e:9b:fb:3c:52:09 brd ff:ff:ff:ff:ff:ff link-netns ns7
136: veth-ns6-2@if135: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 92:24:31:a7:f9:8f brd ff:ff:ff:ff:ff:ff link-netns ns7
    inet6 fe80::9024:31ff:fea7:f98f/64 scope link
       valid_lft forever preferred_lft forever
# ip netns  exec ns7 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: bond1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 1a:2f:0c:5a:0d:70 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.20/24 scope global bond1
       valid_lft forever preferred_lft forever
    inet6 fe80::182f:cff:fe5a:d70/64 scope link
       valid_lft forever preferred_lft forever
133: veth-ns7-1@if134: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc noqueue master bond1 state UP group default qlen 1000
    link/ether 1a:2f:0c:5a:0d:70 brd ff:ff:ff:ff:ff:ff link-netns ns6
135: veth-ns7-2@if136: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc noqueue master bond1 state UP group default qlen 1000
    link/ether 1a:2f:0c:5a:0d:70 brd ff:ff:ff:ff:ff:ff link-netns ns6
[root@iZ8vbd88lmglnbsnad85q3Z ~]#k

可以看到与bond0不同， bond1中两个接口mac是一样的，应该是这个原因需要在交换机进行特殊设置。

缘起：在给客户培训资料准备的过程中，发现了自己一个不了解的知识点，聚合端口类型access，trunk，于是先把vlan资料整理一下。

图片from陳丁光

VLAN #

使用场景#

VLAN的介绍#

VLAN实验#

环境准备#

网路拓扑#

验证vlan隔离性#

验证trunk&access#

验证bond#

bond mode类型不匹配#