tunctl , bridge , sub interface 在multi-network环境中的使用, 无需路由打通不同主机的不同网段
背景
通常,不同网段要打通,不是路由就是转发。
但是有些时候环境限制,可能无法使用路由来打通。
而使用转发,又会损失一定的性能,那么怎么办呢?
本文将描述一下,在不同主机内的虚拟机,如何通过配置tap设备来打通不同网段的例子。
在使用了网桥的情况下, 虚拟机配置的网段和主机不同, 同时主机又没有trunk口,也没有路由器的情况下, 虚拟机和主机之间通讯的方法.
tunctl的使用
安装tunctl
# yum install -y tunctl
添加一个虚拟网络设备
# tunctl -u nobody -g nobody -t tap0 -p
将虚拟网络设备激活
# ifconfig tap0 up
查看链路状态
# ip link
15: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
link/ether 5a:6c:f8:ee:ad:5b brd ff:ff:ff:ff:ff:ff
用法举例
将虚拟网络设备tap0添加到网桥
# brctl addif ovirtmgmt tap0
将虚拟网络设备从网桥删除
# brctl delif ovirtmgmt tap0
删除一个虚拟网络设备
# tunctl -d tap0
当一个网桥中有多个IP段需要使用时, 并且没有路由器的情况下, 如果要通讯, 需要在主机上配置多个网段, 相同网段之间进行通讯.
配置网桥的子接口IP, 如果同一个二层中的所有主机,都配置了这个网段的话,他们之间是能够通讯的。
# cd /etc/sysconfig/network-scripts/
# brctl show
bridge name bridge id STP enabled interfaces
;vdsmdummy; 8000.000000000000 no
ovirtmgmt 8000.00221960778f no em1
vnet0
# cp ifcfg-ovirtmgmt ifcfg-ovirtmgmt:1
# vi ifcfg-ovirtmgmt:1
DEVICE=ovirtmgmt:1
BOOTPROTO=static
ONBOOT=yes
BROADCAST=172.16.13.255
IPADDR=172.16.13.150
NETMASK=255.255.255.0
NM_CONTROLLED=no
例如 :
HOSTA - if0(172.16.3.0/24, 172.16.13.0/24)
HOSTB - if0(172.16.3.0/24, 172.16.13.0/24)
VMA - if0(172.16.13.0/24)
VMB - if0(172.16.13.0/24)
以上都可以相互通讯.
参考
1. man tunctl
[root@150 network-scripts]# man tunctl
TUNCTL(8) TUNCTL(8)
NAME
tunctl - create and manage persistent TUN/TAP interfaces
SYNOPSIS
tunctl [ OPTIONS ] [ -u owner ] [ -t device-name ]
tunctl -d device-name
DESCRIPTION
tunctl allows the host sysadmin to preconfigure a TUN/TAP network interface for use by a particular user. That
user may open and use the network/write side of the interface, but may not change any aspects of the host side
of the interface.
OPTIONS
-b Brief output, prints just the interface name
-n Create a point-to-point TUN interface without Ethernet header. Automatically enabled if the desired
interface name starts with "tun".
-p Create a TAP type interface with Ethernet header. Automatically selected if the desired interface starts
with "tap" or if no interface name is given.
-f tun-clone-device
Specifies the tun clone device name. The default is /dev/net/tun, but some systems use /dev/misc/net/tun
instead.
-d interfacename
Delete the specified interfacename (set it to non-persistent)
-u user
Specifies the owner of the interface. This user is allowed to attach to the "network/wire" side.
-g group
Specifies the group of the interface. This group is allowed to attach to the "network/wire" side of the
interface.
-t interface
Specifies the desired interface name.
USAGE
To create an interface for use by a particular user, invoke tunctl without the -d option:
# tunctl -u someuser
Set ’tap0’ persistent and owned by ’someuser’
Then, configure the interface as normal:
# ifconfig tap0 192.168.0.254 up
# route add -host 192.168.0.253 dev tap0
# bash -c ’echo 1 > /proc/sys/net/ipv4/conf/tap0/proxy_arp’
# arp -Ds 192.168.0.253 eth0 pub
To delete the interface, use the -d option:
# tunctl -d tap0
Set ’tap0’ nonpersistent
SEE ALSO
The UserModeLinux-HOWTO <URL:http://user-mode-linux.sourceforge.net/old/UserModeLinux-HOWTO.html>
AUTHOR
tunctl was originally written by Jeff Dike <jdike@karaya.com> as part of the User Mode Linux tools. Current
version is maintained as a separate package by Henrik Nordstrom <henrik@henriknordstrom.net>.
This manual page was originally written by Matt Zimmerman <mdz@debian.org> for the Debian GNU/Linux system,
based on examples from Jeff Dike. Extended by Henrik Nordstrom <henrik@henriknordstrom.net> to cover all
options supported.
July 9, 2008 TUNCTL(8)