Docker容器网卡eth0@ifx浅析

# 查看此时网络设备
[root@boy ~]# ip link show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33:  mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:4c:30:4e brd ff:ff:ff:ff:ff:ff

#  添加网桥设备br0
[root@boy ~]# ip link add br0 type bridge

# 添加veth设备对
[root@boy ~]# ip link add veth1 type veth peer name veth2

# 将veth1绑定到br0
[root@boy ~]# ip link set veth1 master br0

• 通过下面可以发现，在未将veth2添加到namespace时，veth1@veth2表示：veth1接口的对端接口名称为：veth2

[root@boy ~]# ip link show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33:  mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:4c:30:4e brd ff:ff:ff:ff:ff:ff
3: br0:  mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 82:65:dc:57:ed:39 brd ff:ff:ff:ff:ff:ff
4: veth2@veth1:  mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 2a:ce:91:42:45:66 brd ff:ff:ff:ff:ff:ff
5: veth1@veth2:  mtu 1500 qdisc noop master br0 state DOWN mode DEFAULT group default qlen 1000
    link/ether 82:65:dc:57:ed:39 brd ff:ff:ff:ff:ff:ff

• 通过下面可以发现，当我们把veth2加入test namespace后，veth2对主机不可见，宿主机内veth1@veth2 -> veth1@if4，test namespace内 veth2@if5

# 将veth2 添加到一个namespace
[root@boy ~]# ip netns add test
[root@boy ~]# ip link set veth2 netns test

# 查看网络设备
[root@boy ~]# ip link show type veth
5: veth1@if4:  mtu 1500 qdisc noop master br0 state DOWN mode DEFAULT group default qlen 1000
    link/ether 82:65:dc:57:ed:39 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    
# test命名空间查看网络设备
[root@boy ~]# ip netns exec test ip link show
1: lo:  mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4: veth2@if5:  mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 2a:ce:91:42:45:66 brd ff:ff:ff:ff:ff:ff link-netnsid 0

那么在容器内或者宿主机如何确定veth对端接口？

# 方法一， x: 网卡名  x表示index
	5: veth1@if4   # 表示当前网卡index为5,其对端index为4
	4: veth2@if5   # 表示当前网卡index为4，其对端index为5

# 方法二
	查看网卡index: /sys/class/net//ifindex
	查看对端网卡index：/sys/class/net//iflink

# 查看网卡设备
root@Y7000P:~# ip link show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33:  mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:c0:67:c4 brd ff:ff:ff:ff:ff:ff
    altname enp2s1
3: docker0:  mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:fd:3d:e8:0a brd ff:ff:ff:ff:ff:ff

# 运行busybox，默认使用bridge网络模式
root@Y7000P:~# docker run -d --name busybox busybox:1.28 sleep 10000
eb8ddff7153f8af7431f35d674a2047b0b7e2375161608701acccb1fef2915e0

# 宿主机查看网络设备
root@Y7000P:~# ip link show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33:  mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 00:0c:29:c0:67:c4 brd ff:ff:ff:ff:ff:ff
    altname enp2s1
3: docker0:  mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:fd:3d:e8:0a brd ff:ff:ff:ff:ff:ff
15: vethe120a64@if14:  mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default 
    link/ether d2:32:50:64:e7:bc brd ff:ff:ff:ff:ff:ff link-netnsid 0

root@Y7000P:~# docker exec busybox ip link show
1: lo:  mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
14: eth0@if15:  mtu 1500 qdisc noqueue 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff

• 可以发现在容器内只需要找到宿主机index 15的网卡（即为容器的对端网卡）