What is a virtual network device?

Many virtual network devices are used in the implementation of OpenStack virtualization network, which is the basis of understanding the implementation of OpenStack virtual network, this article simply introduces these virtual network devices.

TUN/TAP Equipment

The TUN/TAP device is a virtual network card implemented in the Linux kernel. The physical network card is sending and receiving packets from the physical circuit, while the TUN/TAP device is sending or receiving Ethernet frames or IP packets from the user-state application. The user-state process calls open () on the/dev/net/tun file to get a file descriptor, and invokes the IOCTL () hook on the device, and then reads and receives the packet from the TUN/TAP device by reading and writing the file descriptor. The packets sent and received are constructed by the user-state process. The difference between Tun and tap devices is that the Tun device is sending and receiving IP packets, and the TAP device is sending and receiving Ethernet frames.

You can refer to the official documentation for creating and using TUN/TAP devices in the process: Https://www.kernel.org/doc/Documentation/networking/tuntap.txt

You can use the IP commands in the IPROUTE2 Toolkit to create TUN/TAP devices, such as:

IP tuntap Add dev tap0 mode tap ip tuntap add dev tun0 mode tun

The IP link command allows you to see that the device has been created:

[[Email protected] ~]# IP link show tap0 23:tap0: <BROADCAST,MULTICAST> MTU qdisc NoOp State down mode DEFAULT Qlen link/ether a6:73:4e:90:f9:3e BRD ff:ff:ff:ff:ff:ff [[email protected] ~]# IP link show tun0 24:tun0: <pointo Point,multicast,noarp> MTU Qdisc NoOp State down mode DEFAULT Qlen Link/none

After the device is created, you can configure the tap with the same IP address as the physical device, such as:

[Email protected] ~]# IP addr Add 192.168.1.2/24 dev tap0 [[email protected] ~]# IP link set dev tap0 up [[Email protecte d] ~]# ip Addr list dev tap0 23:tap0: <NO-CARRIER,BROADCAST,MULTICAST,UP> MTU qdisc pfifo_fast State down Qlen Link/ether 36:f2:68:6a:fd:6d BRD ff:ff:ff:ff:ff:ff inet 192.168.1.2/24 scope global tap0 Valid_lft forever Preferred_ LfT Forever

To delete a device that you have created:

IP tuntap del dev tap0 mode tap ip tuntap del dev tun0 mode tun

Linux Bridge

Linux Bridge is a virtual two-layer switching device that forwards packets to and from bridge ports based on the MAC address. Virtual network devices such as the physical NIC and tap can be connected to the Linux bridge.

You can use the Brctl tool or the IP command in the IPROUTE2 Toolkit to manipulate Linux Bridge

Create Bridge

Brctl ADDBR Br0

Adding devices to bridge

Brctl addif br0 eth0

Show Bridge

Brctl Show

Start Bridge

IP link set Dev br0 up

Stop Bridge

IP link set Dev br0 down

Remove Bridge

Brctl DELBR Br0

Use the IP command to manipulate bridge:

Create Bridge and start

IP link Add name br0 type bridge IP link set Dev br0 up

Set the port to promiscuous mode and start the interface first

IP link Set dev eth0 promisc on IP link set dev eth0 up

Add an interface to bridge

IP link set dev eth0 master Br0

To delete a network bridge, you should first remove all of its associated interfaces, close the promiscuous mode of the interface, and close the interface to restore it to its original state.

IP link set dev eth0 promisc off IP link set dev eth0 down IP link set dev eth0 nomaster

Remove Bridge

IP link Delete br0 type bridge

Ovs:open VSwitch

Official website: http://openvswitch.org

OvS is a product-level open-source virtual switch. Compared to Linux bridge, it offers a number of features and automated programming support. OvS uses the OpenFlow protocol's flow table to control the forwarding logic.

Some simple things to do:

Create Bridge

Ovs-vsctl ADD-BR Ovsbr0

View Bridge

Ovs-vsctl Show

Add the port and set the VLAN ID to 2:

Ovs-vsctl add-port ovsbr0 Tap1 tag=2

Delete Port

Ovs-vsctl Del-port ovsbr0 Tap1

Remove Bridge

Ovs-vsctl DEL-BR Ovsbr0

Network namespace

In general, Linux network interfaces, routing tables, protocol stacks, iptables rules and other resources are shared by the entire process of the operating system. By using NETOWRK namespace, these network resources can be isolated and shared only by processes within the namespace.

namespace Example:

Create namespace

IP netns Add ns1

View namespace

IP Netns List

Add the device to the namespace so that the device is no longer visible in a global environment

IP link Set Dev tap1 netns ns1

View namespace Devices

IP netns exec ns1 IP Link list

Bash can be executed directly in namespace, and the device within the namespace is processed uniformly

IP netns exec ns1 bash

Delete namespace

IP netns del ns1

Veth pair

Virtual Ethernet pair, Veth pair, is a pair of logically connected ports or network interfaces. Packets entered from one of the ports will flow out from the other port. You can use the Veth pair device to connect to a Linux bridge or OvS Bridge, or you can connect two network namespace via Veth pair.

Create Veth pair:

IP link Add dev veth0 type Veth peer name Veth1

View the created Veth pair:

[[Email protected] ~]# IP Link list ... : [Email protected]: <BROADCAST,MULTICAST,M-DOWN> MTU qdisc NoOp State down mode DEFAULT Qlen-Link/ether F6:EB:23:3B:F1:5B BRD FF:FF:FF:FF:FF:FF: [email protected]: <BROADCAST,MULTICAST,M-DOWN> MTU Qdisc noop STA Te down mode DEFAULT qlen link/ether ba:8d:1c:cf:04:a0 BRD ff:ff:ff:ff:ff:ff

The name of the corresponding interface device can be seen from the output.

The following example adds the two interfaces of the Veth pair to two namespace, respectively, to connect the two namespace to each other.

IP netns add ns1 IP netns add ns2 IP link set veth0 netns ns1 IP link set veth1 netns ns2 IP netns exec ns1 IP link set de V veth0 up IP netns exec ns2 IP likn set dev veth1 up

What is a virtual network device?