01 Introduction to Macvlan
The previous article talked about several types of Linux virtual network devices: tap/tun, veth-pair, bridge, they are essentially network virtualization solutions provided by Linux systems, and macvlan is also one of them, to be precise, this is a network card virtualization solution. Because MacVlan technology can A physical NIC is virtually transformed into multiple virtual NICs, which is equivalent to the physical network card performing the technique of multiple shadow clones, from one to many.
02 How MacVLAN works
macvlan is a new feature supported by the Linux kernel, supported versions include v3.9-3.19 and 4.0+, and 4.0+ is recommended for the more stable version. It generally exists in the form of kernel modules, and we can judge whether the current system supports it in the following ways:
If the first command gives an error, or the second command does not return, it means that the current system does not support MacVLAN and the kernel needs to be upgraded.
macvlan technology sounds a bit like VLAN, but their implementation mechanism is completely different. The macVLAN subinterface is completely independent of the original main interface and can be configured separately with MAC address and IP address, while the VLAN subinterface and the main interface share the same MAC address. VLANs are used to divide broadcast domains, while macvlans share the same broadcast domain.
Through different sub-interfaces, MacVLAN can also achieve traffic isolation. MacVLAN will determine which virtual NIC the packet needs to be handed over to based on the MAC address of the destination of the packet, and then the virtual NIC will hand over the packet to the upper layer protocol stack for processing.
03 Four modes
Depending on the communication mode between MacVLAN subinterfaces, there are four network modes for MACVLAN:
- private mode
- VEPA (Virtual Ethernet Port Aggregator) mode
- bridge mode
- passthru mode
By default, VEPA mode is used.
3.1 private
In this mode, the sub-interfaces under the same primary interface are isolated from each other and cannot communicate. Even if it is diverted from an external physical switch, it will be mercilessly discarded.
3.2 vepa
In this mode, traffic between sub-interfaces needs to be directed to an external switch that supports 802.1Qbg/VPEA (either physical or virtual), forwarded through the external switch, and then back.
Note: The 802.1Qbg/VPEA function simply means that the switch must support the hairpin function, that is, the data packet can be received from an interface and then thrown back.
3.3 bridge
In this mode, the functionality of the Linux bridge is simulated, but the better thing about the bridge is that the MAC address of each interface is known and does not need to be learned. Therefore, in this mode, the sub-interfaces can communicate directly.
3.4 passthru
This mode allows only a single sub-interface to connect to the main interface, and must be set to promiscuous mode, which is generally used for bridging sub-interfaces and creating VLAN sub-interfaces.
3.5 mactap
Another technology similar to MacVLAN is MacTap. Unlike macvlan, mactap receives the package and hands it over to the protocol stack, but to a tapX file, through which it completes direct communication with the user.
04 Practice
On Linux, the command to create a macvlan is as follows:
In general, using macVLAN alone is pointless, and it is generally a combination of VMs and containers to build a network. Let's use namespace to see how Linux uses macvlan.
The experimental topology is as follows:
In my system, using interface enp0s8 as an example, I created two macvlan subinterfaces (using bridge mode), configured the IP and hung it into two namespaces to test connectivity.
Note: The IP address of enp0s8 is 192.168.56.110/24, and the IP address of the configured subinterface must also be from the same CIDR segment.
After two sub-interfaces, ping it:
You can see that it can be pinged, but if you change the above mode to another mode, it won't work, so I'll leave this to everyone to experiment (the default is vepa mode).
In addition, in Docker, MacVLAN is a more important cross-host network model, which will be discussed in the next article.
05 Summary
MACVLAN is a network card virtualization technology that can virtualize a network card to multiple network cards.
The four communication modes of MacVLAN, the most common mode is Bridge.
Think about it:
Similarities and differences between Macvlan Bridge and Bridge
There is a similar technology where multiple virtual network cards share the same MAC address but have independent IP addresses.
Original address:The hyperlink login is visible.
|
Posted on 11/19/2022 11:01:57 AM
|
|
|
|
