Tweet
Tweet

Slide 1

Slide 1 text

Network Namespace ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ Ճ౻ହจ 2015-11-23 Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 1 / 24

Slide 2

Slide 2 text

ࣗݾ঺հ Ճ౻ହจ http://www.ten-forward.ws/ @ten forward http://gplus.to/tenforward https://github.com/tenforward http://d.hatena.ne.jp/defiant/ (ٕज़ϒϩά) Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 2 / 24

Slide 3

Slide 3 text

ࣗݾ঺հ ϑΝʔεταʔόɹ։ൃ෦ɹॴଐ Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 3 / 24

Slide 4

Slide 4 text

ࣗݾ঺հ Plamo Linux ϝϯςφ LXC ͰֶͿίϯςφೖ໳ɹʔܰྔԾ૝Խ؀ڥΛ࣮ݱ͢Δٕज़ gihyo.jp Ͱ࿈ࡌ Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 4 / 24

Slide 5

Slide 5 text

ࣗݾ঺հ LXC ͷ։ൃʹগ͠ࢀՃ man page ͷ೔ຊޠ༁ ެࣜϖʔδ (linuxcontainers.org) ຋༁ όάϑΟοΫεͳͲগ͚ͩ͠ίʔυʹ΋ߩݙ Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 5 / 24

Slide 6

Slide 6 text

ࠓ೔ͷ໨ඪ Network Namespace (໊લۭؒ) ͷ঺հ Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 6 / 24

Slide 7

Slide 7 text

ࠓ೔ͷ಺༰ ίϯςφͷ͓͞Β͍ Network Namespace Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 7 / 24

Slide 8

Slide 8 text

ίϯςφͷ͓͞Β͍ Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 8 / 24

Slide 9

Slide 9 text

ίϯςφͱ͸ Ծ૝తͳίϯϐϡʔλɾγεςϜΛ࠶ݱ͢ΔԾ૝Ϛγϯʹର ͯ͠ɺԾ૝తͳ OS ؀ڥΛఏڙ͢Δ ˠ OS ϨϕϧͷԾ૝Խ Χʔωϧ͔ΒݟΔͱී௨ʹϓϩηε͕ىಈ͢Δ͚ͩ ىಈ͢Δࡍʹִ཭Λࢦࣔ͢Δ ΧʔωϧͷػೳͰ (ෳ਺ͷ) ಠཱۭͨؒ͠Λ࡞Γग़͠ɼϦιʔ εΛ෼ׂɾ෼഑͢Δ ϓϩηεΛάϧʔϓԽͯ͠ଞͷάϧʔϓͱϦιʔεۭؒΛִ཭ άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ Ծ૝Խͱ͍͏ΑΓʮִ཭Խʯͱݴͬͨ΄͏͕Θ͔Γ΍͍͔͢΋ Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 9 / 24

Slide 10

Slide 10 text

Linux ͰίϯςφΛ࣮ݱ͢ΔͨΊͷػೳ Linux Χʔωϧʹؚ·ΕΔ৭ʑͳػೳΛ૊Έ߹Θͤͯίϯςφ؀ ڥΛ࡞੒͢ΔɻͦΕͧΕͷػೳ͸ίϯςφઐ༻ͷػೳͱ͍͏Θ͚ Ͱ͸ͳ͍ɻ ϓϩηεΛάϧʔϓԽͯ͠ଞͷάϧʔϓͱִ཭ OS Ϧιʔεͷִ཭ ˠ Namespace (໊લۭؒ) άϧʔϓԽͨ͠ϓϩηεʹର͢ΔϦιʔε੍ݶ ϗετͷ෺ཧϦιʔεʹର͢Δ੍ݶ ˠ Cgroup (control group) ͦͷଞ ωοτϫʔΫؔ࿈ػೳ (vethɺmacvlan) pivot root bind-mount ͳͲͳͲ Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 10 / 24

Slide 11

Slide 11 text

Namespace(໊લۭؒ) ִ཭͍ͨ͠ OS Ϧιʔε͝ͱʹ Namespace ͕४උ͞ΕΔ Ұ෦ͷ Namespace ͚ͩ࢖༻ִͯ͠཭؀ڥΛ࡞Δ͜ͱ͕Ͱ͖Δ Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 11 / 24

Slide 12

Slide 12 text

৭ʑͳ Namespace Mount Namespace: 2.4.19 UTS Namespace: 2.6.19 PID Namespace: 2.6.24 IPC Namespace: 2.6.19 User Namespace: 2.6.23 ˜ 3.8 Network Namespace: 2.6.26 Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 12 / 24

Slide 13

Slide 13 text

ࠓ೔ͷ಺༰ ίϯςφͷ͓͞Β͍ Network Namespace Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 13 / 24

Slide 14

Slide 14 text

Network Namespace (໊લۭؒ) Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 14 / 24

Slide 15

Slide 15 text

Network Namespaceͱ͸ ଞͱಠཱͨ͠ωοτϫʔΫؔ࿈ͷϦιʔεΛۭ࣋ͭؒ σόΠε ΞυϨε ϙʔτ ϧʔςΟϯά ϑΝΠΞ΢Υʔϧ Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 15 / 24

Slide 16

Slide 16 text

Network Namespaceͷ࡞Γํ ௨ৗɺdocker ΍ LXC ͳͲͷίϯςφΛѻ͏ιϑτ΢ΣΞ͔Βͩ ͱɺҙࣝͤͣʹ࡞੒͞ΕΔ (ωοτϫʔΫͷઃఆΛ͢Ε͹) docker: “docker run --net="host"” Ҏ֎Ͱ࣮ߦ͢Ε͹ LXC: “lxc.network.type = none” Ҏ֎ͷઃఆͰ͋Ε͹ ͦΕҎ֎ʹ؆୯ʹࢼ͢৔߹͸ɺ util-linux ʹؚ·ΕΔ unshare ίϚϯυ iproute2 ʹؚ·ΕΔ ip ίϚϯυ Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 16 / 24

Slide 17

Slide 17 text

ίϚϯυͰ؆୯ʹNetwork Namespace ࠓ೔͸ ip ίϚϯυͰ Network Namespace Λମݧͯ͠Έ· ͠ΐ͏ɻ ɹ ίϚϯυͰ Network Namespace Λ࡞ͬͯԿͷ໾ʹཱͭͷ? ίϯςφͷ࢓૊ΈΛཧղ͢Δ ୯Ұϗετ্Ͱؾܰʹෳ਺ͷΞυϨε͔ΒͷςετΛߦ͍ ͍ͨ ωοτϫʔΫ͕ෆཁͳίϚϯυΛ҆શʹ࣮ߦ͢Δ Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 17 / 24

Slide 18

Slide 18 text

ͦͷલʹ σϞͰ࢖͏ Linux ΧʔωϧͷωοτϫʔΫػೳͷ঺հ Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 18 / 24

Slide 19

Slide 19 text

ίϯςφͰ࢖͏ωοτϫʔΫػೳ ʙ veth OpenVZ/Virtuozzo ༝དྷͷػೳ ରͱͳΔΠϯλʔϑΣʔεΛੜ੒͠ɼΠϯλʔϑΣʔεؒͰ ௨৴Λߦ͏ (Layer2 ͷτϯωϧ) ରͷยํΛϗετଆͷϒϦοδʹɼยํΛίϯςφʹ઀ଓ Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 19 / 24

Slide 20

Slide 20 text

σϞ 1 Network Namespace Λ࡞੒ 2 Network Namespace Λ֬ೝ 3 ࡞੒௚ޙͷ Network Namespace Λ֬ೝ 1 ΠϯλʔϑΣʔε 2 ϧʔςΟϯά 3 ϑΟϧλϦϯά 4 veth ϖΞͷ࡞੒ (veth0-host / veth0-ns) 5 ࡞੒௚ޙͷ veth ϖΞͷ֬ೝ 6 veth0-ns Λ Namespace netns01 ʹׂΓ͋ͯΔ 7 ϗετଆͷ veth ΠϯλʔϑΣʔεͷ֬ೝ 8 Namespace netns01 ಺ͷΠϯλʔϑΣʔεͷ֬ೝ 9 ϗετଆͷ veth0-host ʹΞυϨεΛׂΓ͋ͯΔ 10 Namespace netns01 ಺ͷ veth0-ns ʹΞυϨεΛׂΓ͋ͯΔ 11 ϗετଆͷ veth0-host Λ࡟আ 12 Namespace netns01 Λ࡟আ Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 20 / 24

Slide 21

Slide 21 text

σϞ ✓ ✏ NETNS="netns01" VETH="veth0" ip a ip netns add $NETNS ip netns list ip netns exec $NETNS ip link show ip netns exec $NETNS ip route ip netns exec $NETNS iptables -L -n -v ip link add name $VETH-host type veth peer name $VETH-ns ip link show | grep $VETH # on host ip link set $VETH-ns netns $NETNS ip link show | grep $VETH # on host ip netns exec $NETNS ip link show # in netns ip addr add 10.10.10.10/24 dev $VETH-host ip link set $VETH-host up ip addr show | grep veth ip netns exec $NETNS ip addr add 10.10.10.11/24 dev $VETH-ns ip netns exec $NETNS ip link set $VETH-ns up ip netns exec $NETNS ip addr show | grep veth ping -c 1 10.10.10.11 ip netns exec $NETNS ping -c 1 10.10.10.10 ip link delete $VETH-host ip netns delete $NETNS ✒ ✑ Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 21 / 24

Slide 22

Slide 22 text

·ͱΊ ίϯςφͷ͓͞Β͍ Network Namespace σϞ Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 22 / 24

Slide 23

Slide 23 text

ίϯςφܕԾ૝Խͷ৘ใަ׵ձ https://sites.google.com/site/containerstudy/ http://ct-study.connpass.com/ ίϯςφٕज़ʹؔ࿈͢Δ࿩୊Λѻ͏ ίϯςφʹؔ࿈͢ΔΧʔωϧͷ࣮૷ʹ͍ͭͯ ֤छπʔϧΩοτͷ঺հɼ࣮૷ʹ͍ͭͯ ίϯςφٕज़Λ࢖ͬͨπʔϧ΍ιϑτ΢ΣΞͷ঺հ΍࣮૷ʹͭ ͍ͯ ίϯςφٕज़ͷ׆༻ɾӡ༻ࣄྫ ͦͷଞʮίϯςφʯͱ͍͏Ωʔϫʔυ͕গ͠Ͱ΋ೖ͍ͬͯΔٕ ज़ʹ͍ͭͯ ͜Ε·Ͱେࡕͱ౦ژͰަޓʹ 8 ճ࣮ࢪɻୈ 9 ճ͸ 1 ݄ʹ෱Ԭ Ͱ։࠵༧ఆɻ Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 23 / 24 I

Slide 24

Slide 24 text

͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠ Ճ౻ହจ ୈ 2 ճؔ੢ IT Πϯϑϥܥษڧձ 2015-11-23 24 / 24