Network Namespaceとvethでルーターのあるネットワークを作ってみる

Posted at 2025-02-26

Network Namespaceの作成とvethの接続

# nsの作成
sudo ip netns add ns1
sudo ip netns add router
sudo ip netns add ns2

# vethの作成
sudo ip link add ns1-veth0 type veth peer name gw-veth0
sudo ip link add ns2-veth0 type veth peer name gw-veth1

# ns1とrouterを接続
sudo ip link set ns1-veth0 netns ns1
sudo ip link set gw-veth0 netns router
# ns2とrouterを接続
sudo ip link set gw-veth1 netns router
sudo ip link set ns2-veth0 netns ns2

# ns1のIPアドレス設定 (192.0.2.1/24)
sudo ip netns exec ns1 ip address add 192.0.2.1/24 dev ns1-veth0
# ns2のIPアドレス設定 (198.51.100.1/24)
sudo ip netns exec ns2 ip address add 198.51.100.1/24 dev ns2-veth0
# routerのIPアドレス設定 (192.0.2.254/24, 198.51.100.254/24)
sudo ip netns exec router ip address add 192.0.2.254/24 dev gw-veth0
sudo ip netns exec router ip address add 198.51.100.254/24 dev gw-veth1

# ns1のMACアドレスの設定
sudo ip netns exec ns1 ip link set dev ns1-veth0 address 00:00:5E:00:53:11
# ns2のMACアドレス設定
sudo ip netns exec ns2 ip link set dev ns2-veth0 address 00:00:5E:00:53:22
# routerのMACアドレス設定
sudo ip netns exec router ip link set dev gw-veth0 address 00:00:5E:00:53:12
sudo ip netns exec router ip link set dev gw-veth1 address 00:00:5E:00:53:21

確認

Network Namespaceの確認

sudo ip netns list
# ns1 (id: 1)
# router (id: 2)
# ns2 (id: 3)

ns1のネットワークインターフェースを確認

sudo ip netns exec ns1 ip link show
# 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
#     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
# 180: ns1-veth0@if179: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
#     link/ether 00:00:5e:00:53:11 brd ff:ff:ff:ff:ff:ff link-netns router

ns2 のネットワークインターフェースを確認

sudo ip netns exec ns2 ip link show
# 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
#     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
# 182: ns2-veth0@if181: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
#     link/ether 00:00:5e:00:53:22 brd ff:ff:ff:ff:ff:ff link-netns router

routerのネットワークインターフェースを確認

sudo ip netns exec router ip link show
# 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
#     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
# 179: gw-veth0@if180: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
#     link/ether 00:00:5e:00:53:12 brd ff:ff:ff:ff:ff:ff link-netns ns1
# 181: gw-veth1@if182: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
#     link/ether 00:00:5e:00:53:21 brd ff:ff:ff:ff:ff:ff link-netns ns2

ルーティング設定

# ns1にns1 -> ns2 へのルートを追加
sudo ip netns exec ns1 ip route add default via 192.0.2.254
# ns2にns2 -> ns1 へのルートを追加
sudo ip netns exec ns2 ip route add default via 198.51.100.254

# 複数のネットワークインターフェース間でパケットを転送する設定。(ルーターとして動かすための設定)
sudo ip netns exec router sysctl net.ipv4.ip_forward=1

ns1 のルーティング設定

sudo ip netns exec ns1 ip route show
# default via 192.0.2.254 dev ns1-veth0
# 192.0.2.0/24 dev ns1-veth0 proto kernel scope link src 192.0.2.1

ns2 のルーティング設定

sudo ip netns exec ns2 ip route show
# default via 198.51.100.254 dev ns2-veth0
# 198.51.100.0/24 dev ns2-veth0 proto kernel scope link src 198.51.100.1

router のルーティング設定

sudo ip netns exec router ip route show
# 192.0.2.0/24 dev gw-veth0 proto kernel scope link src 192.0.2.254
# 198.51.100.0/24 dev gw-veth1 proto kernel scope link src 198.51.100.254

vethのUP

sudo ip netns exec ns1 ip link set ns1-veth0 up
sudo ip netns exec router ip link set gw-veth0 up
sudo ip netns exec router ip link set gw-veth1 up
sudo ip netns exec ns2 ip link set ns2-veth0 up

疎通確認

ns1 -> ns2

sudo ip netns exec ns1 ping -c 3 198.51.100.1 -I 192.0.2.1

ns1 のtcpdump

sudo ip netns exec ns1 tcpdump -tnel -i any icmp
# tcpdump: data link type LINUX_SLL2
# tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
# listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
# ns1-veth0 Out ifindex 180 00:00:5e:00:53:11 ethertype IPv4 (0x0800), length 104: 192.0.2.1 > 198.51.100.1: ICMP echo request, id 5097, seq 1, length 64
# ns1-veth0 In  ifindex 180 00:00:5e:00:53:12 ethertype IPv4 (0x0800), length 104: 198.51.100.1 > 192.0.2.1: ICMP echo reply, id 5097, seq 1, length 64
# ns1-veth0 Out ifindex 180 00:00:5e:00:53:11 ethertype IPv4 (0x0800), length 104: 192.0.2.1 > 198.51.100.1: ICMP echo request, id 5097, seq 2, length 64
# ns1-veth0 In  ifindex 180 00:00:5e:00:53:12 ethertype IPv4 (0x0800), length 104: 198.51.100.1 > 192.0.2.1: ICMP echo reply, id 5097, seq 2, length 64
# ns1-veth0 Out ifindex 180 00:00:5e:00:53:11 ethertype IPv4 (0x0800), length 104: 192.0.2.1 > 198.51.100.1: ICMP echo request, id 5097, seq 3, length 64
# ns1-veth0 In  ifindex 180 00:00:5e:00:53:12 ethertype IPv4 (0x0800), length 104: 198.51.100.1 > 192.0.2.1: ICMP echo reply, id 5097, seq 3, length 64

ns2 のtcpダンプ

sudo ip netns exec ns2 tcpdump -tnel -i any icmp
# tcpdump: data link type LINUX_SLL2
# tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
# listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
# ns2-veth0 In  ifindex 182 00:00:5e:00:53:21 ethertype IPv4 (0x0800), length 104: 192.0.2.1 > 198.51.100.1: ICMP echo request, id 5097, seq 1, length 64
# ns2-veth0 Out ifindex 182 00:00:5e:00:53:22 ethertype IPv4 (0x0800), length 104: 198.51.100.1 > 192.0.2.1: ICMP echo reply, id 5097, seq 1, length 64
#ns2-veth0 In  ifindex 182 00:00:5e:00:53:21 ethertype IPv4 (0x0800), length 104: 192.0.2.1 > 198.51.100.1: ICMP echo request, id 5097, seq 2, length 64
# ns2-veth0 Out ifindex 182 00:00:5e:00:53:22 ethertype IPv4 (0x0800), length 104: 198.51.100.1 > 192.0.2.1: ICMP echo reply, id 5097, seq 2, length 64
# ns2-veth0 In  ifindex 182 00:00:5e:00:53:21 ethertype IPv4 (0x0800), length 104: 192.0.2.1 > 198.51.100.1: ICMP echo request, id 5097, seq 3, length 64
# ns2-veth0 Out ifindex 182 00:00:5e:00:53:22 ethertype IPv4 (0x0800), length 104: 198.51.100.1 > 192.0.2.1: ICMP echo reply, id 5097, seq 3, length 64

ns2 -> ns1

sudo ip netns exec ns2 ping -c 3 192.0.2.1 -I 198.51.100.1

削除

# nsの削除
sudo ip --all netns delete

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up