![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
NIC
- bridge - Ethernet Bridge device
- team
- bond
- veth - Virtual ethernet interface
- macvlan - Virtual interface base on link layer address (MAC)
- macvtap - Virtual interface based on link layer address (MAC) and TAP
VETH
Devices are created in pairs (tunnel)
(netns0) veth01 -ping-> veth10 (netns1)
i.e.
ip netns add netns0 ip netns add netns1 ip link add veth01 netns netns0 type veth peer name veth10 netns netns1 ip -n netns0 link set veth01 up ip -n netns1 link set veth10 up ip -n netns0 addr add 192.168.254.10/24 dev veth01 ip -n netns1 addr add 192.168.254.11/24 dev veth10
# Checking
ip -n netns0 link ip -n netns0 addr ip netns exec netns0 ping 192.168.254.11
# 證明是一出一入
ip -n netns1 addr del 192.168.254.11/24 dev veth10
ip -n netns1 -s link show veth10 # 依然有 package 進來
Bonding vs. Team
Team 優點
- load-balancing for LACP(802.3ad) support
- separate per-port link monitoring setup
- port priorities and stickiness
- Logic in user-space
- Very Low Performance overhead
- D-Bus interface
The teamdctl utility is available to control a running instance of teamd daemon using D-bus.
MACVLAN vs MACVTAP
MACVLAN
As subinterfaces of a main ethernet interface.
filter packages based on a VLAN tag
macvlan interface has its own MAC address
它簡化了 veth-pair + Bridge
Mode
private # never communicate to any other endpoint on the same lowerdev
vepa (DEFAULT) # virtual ethernet port aggregator. round trip through the external bridge
bridge # connecting all endpoints directly to each other
passthru # ?
i.e.
ip link add macvlan1 link eth0 type macvlan mode bridge
ip link add macvlan2 link eth0 type macvlan mode bridge
ip netns add net1
ip netns add net2
ip link set macvlan1 netns net1
ip link set macvlan2 netns net2
IPVLAN
與 MACVLAN 相似, 不同之處是 vnic 們都是使用同一 MAC
ipvlan 應用情況
(a) The Linux host that is connected to the external switch / router has policy configured that allows only one mac per port.
(b) No of virtual devices created on a master exceed the mac capacity and puts the NIC in promiscuous mode and degraded performance is a concern.
mode
L2: parent interface acts like a switch
L3: parent interface acts like a router
MACVTAP/IPVTAP
You can replace the combination of TUN/TAP and bridge drivers with a single module
Directly used by KVM/QEMU.
The difference between MACVTAP and IPVTAP is same as with MACVLAN/IPVLAN
