반응형
작성일: 2023년 9월 15일
South Carolina 대학의 'Open Virtual Switch Lab Series' 문서를 바탕으로 내가 실습한 내용을 이곳에 정리함.
( Network namespace 개념부터 차곡차곡 쌓아 올리면서 Open vSwitch Use Case를 설명하기 때문에 공부하는 사람에게 많은 도움이 된다 )
참고 문서:
[ 링크 클릭 ] OVS 실습 문서 (Open Virtual Switch Lab Series, 2021년 09월 30일)
[ 링크 클릭 ] OVS 개념 및 구성 소개 [ Link ]
Linux namespaces 간 Networking 위해 Open vSwitch 구성
원본:
OVS - Linux namespace and Open vSwitch.pdf
2.13MB
아래 그림을 기반으로 Open vSwitch와 Namespace를 구성하여 테스트한다.
위 그림에 묘사된 것과 같이 Network를 구성하기 위해 아래 명령을 작성했다. (따라해보면 위 그림과 똑같은 Network 만들어진다)
## root namespace에 존재하는 모든 network interface를 조회
$ ip link
## 네임스페이스 my-ns-a, my-ns-b 를 생성
$ ip netns add my-ns-a
$ ip netns add my-ns-b
## Linux kernel에 존재하는 모든 namespace 조회
$ ip netns
my-ns-b
my-ns-a
## 'my-ns-a' 네임스페이스에 존재하는 network interface 조회
$ ip netns exec my-ns-a ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
## 가상 스위치 'sw1'를 생성
$ ovs-vsctl add-br sw1
## root namespace에 존재하는 network interface를 조회
$ ip link
... 중간 생략 ...
47: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 86:3d:02:69:23:4f brd ff:ff:ff:ff:ff:ff
48: sw1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 16:68:07:5d:c0:40 brd ff:ff:ff:ff:ff:ff
## Open vSwitch에 namespace를 연결하기
## 1) veth peer 생성하기
$ ip link add my-ns-a-eth0 type veth peer name sw1-eth1
$ ip link add my-ns-b-eth0 type veth peer name sw1-eth2
$ ip link
... 중간 생략 ...
47: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 86:3d:02:69:23:4f brd ff:ff:ff:ff:ff:ff
48: sw1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 16:68:07:5d:c0:40 brd ff:ff:ff:ff:ff:ff
51: sw1-eth1@my-ns-a-eth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether be:01:52:6f:4b:58 brd ff:ff:ff:ff:ff:ff
52: my-ns-a-eth0@sw1-eth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 96:24:a4:bf:78:f3 brd ff:ff:ff:ff:ff:ff
53: sw1-eth2@my-ns-b-eth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 46:d4:ad:57:18:20 brd ff:ff:ff:ff:ff:ff
54: my-ns-b-eth0@sw1-eth2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 2a:78:4d:57:db:37 brd ff:ff:ff:ff:ff:ff
## 2) veth peer를 각각의 namepace에 연결하기 (Attaching to namespaces)
$ ip link set my-ns-a-eth0 netns my-ns-a
$ ip link set my-ns-b-eth0 netns my-ns-b
$ ip netns exec my-ns-a ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
52: my-ns-a-eth0@if51: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 96:24:a4:bf:78:f3 brd ff:ff:ff:ff:ff:ff link-netnsid 0
$ ip netns exec my-ns-b ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
54: my-ns-b-eth0@if53: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 2a:78:4d:57:db:37 brd ff:ff:ff:ff:ff:ff link-netnsid 0
## 3) 가상 스위치 sw1에 veth peer를 연결하기 (Attaching veth peer to switch sw1)
$ ovs-vsctl add-port sw1 sw1-eth1
$ ovs-vsctl show
...
Bridge sw1
Port sw1
Interface sw1
type: internal
Port sw1-eth1
Interface sw1-eth1
...
$ ovs-vsctl add-port sw1 sw1-eth2
$ ovs-vsctl show
...
Bridge sw1
Port sw1
Interface sw1
type: internal
Port sw1-eth2
Interface sw1-eth2
Port sw1-eth1
Interface sw1-eth1
...
## 가상 스위치의 network port를 activate 하기. (Turning up the network port)
$ ip link set sw1-eth1 up
$ ip link set sw1-eth2 up
$ ip link
...
51: sw1-eth1@if52: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master ovs-system state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
link/ether be:01:52:6f:4b:58 brd ff:ff:ff:ff:ff:ff link-netns my-ns-a
53: sw1-eth2@if54: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master ovs-system state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
link/ether 46:d4:ad:57:18:20 brd ff:ff:ff:ff:ff:ff link-netns my-ns-b
...
## 각각의 namespace에 IP address를 할당하기
$ ip netns exec my-ns-a ip link set dev my-ns-a-eth0 up
$ ip netns exec my-ns-b ip link set dev my-ns-b-eth0 up
$ ip netns exec my-ns-a ip address add 192.168.1.10/24 dev my-ns-a-eth0
$ ip netns exec my-ns-b ip address add 192.168.1.20/24 dev my-ns-b-eth0
## 설정 정보 확인하기
$ ip netns exec my-ns-a ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
52: my-ns-a-eth0@if51: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 96:24:a4:bf:78:f3 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.1.10/24 scope global my-ns-a-eth0
valid_lft forever preferred_lft forever
inet6 fe80::9424:a4ff:febf:78f3/64 scope link
valid_lft forever preferred_lft forever
$ ip netns exec my-ns-b ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
54: my-ns-b-eth0@if53: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 2a:78:4d:57:db:37 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.1.20/24 scope global my-ns-b-eth0
valid_lft forever preferred_lft forever
inet6 fe80::2878:4dff:fe57:db37/64 scope link
valid_lft forever preferred_lft forever
## namespace 'my-ns-a'의 routing table 확인하기
$ ip netns exec my-ns-a ip route
192.168.1.0/24 dev my-ns-a-eth0 proto kernel scope link src 192.168.1.10
## namespace 'my-ns-b'의 routing table 확인하기
$ ip netns exec my-ns-b ip route
192.168.1.0/24 dev my-ns-b-eth0 proto kernel scope link src 192.168.1.20
## namespace 'my-ns-a'에서 bash shell 시작하기
$ ip netns exec my-ns-a bash
$ ifconfig
my-ns-a-eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.10 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::9424:a4ff:febf:78f3 prefixlen 64 scopeid 0x20<link>
ether 96:24:a4:bf:78:f3 txqueuelen 1000 (Ethernet)
RX packets 86 bytes 21517 (21.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13 bytes 1006 (1.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
$ ping 192.168.1.20 -c 2
PING 192.168.1.20 (192.168.1.20) 56(84) bytes of data.
64 bytes from 192.168.1.20: icmp_seq=1 ttl=64 time=0.088 ms
64 bytes from 192.168.1.20: icmp_seq=2 ttl=64 time=0.079 ms
--- 192.168.1.20 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1007ms
rtt min/avg/max/mdev = 0.079/0.083/0.088/0.004 ms
$ traceroute 192.168.1.20
traceroute to 192.168.1.20 (192.168.1.20), 64 hops max
1 192.168.1.20 0.452ms 0.003ms 0.002ms
'Network' 카테고리의 다른 글
| PVLAN (Private VLAN) 개념 (스터디 자료 모음) (0) | 2023.09.23 |
|---|---|
| netconf 사용 예제 코드(CISCO ISO, Juniper JunOS, Arista EOS 등) (0) | 2023.09.19 |
| ARP Scan 명령 (그리고 TCP, UDP Scan) (0) | 2023.09.08 |
| IP address 범위를 지정하여 ping 패킷 보내기 (0) | 2023.09.08 |
| Network Bonding vs. Team features (지원 기능 비교) (0) | 2023.09.08 |