root@ubuntu:~# cat /etc/network/interfaces | grep '^[^#]'
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto ens160
iface ens160 inet static
auto br0
iface br0 inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
bridge_ports ens160
address 10.12.31.211
netmask 255.255.252.0
network 10.12.28.0
broadcast 10.12.31.255
gateway 10.12.28.6
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 10.12.28.6
up route add -net 172.22.0.0 netmask 255.255.0.0 gw 10.12.28.1 br0
auto ens160.10
iface ens160.10 inet manual
vlan-raw-device ens160
auto br10
iface br10 inet manual
bridge_stp off
bridge_waitport 0
bridge_fd 0
bridge_ports ens160.10
auto ens160.20
iface ens160.20 inet manual
vlan-raw-device ens160
auto br20
iface br20 inet manual
bridge_stp off
bridge_waitport 0
bridge_fd 0
bridge_ports ens160.20
root@ubuntu:~# reboot
root@ubuntu:~# ifconfig
br0 Link encap:Ethernet HWaddr 00:50:56:87:4c:70
inet addr:10.12.31.211 Bcast:10.12.31.255 Mask:255.255.252.0
inet6 addr: fe80::250:56ff:fe87:4c70/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1268 errors:0 dropped:0 overruns:0 frame:0
TX packets:216 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:79929 (79.9 KB) TX bytes:30730 (30.7 KB)
br10 Link encap:Ethernet HWaddr 00:50:56:87:4c:70
inet6 addr: fe80::250:56ff:fe87:4c70/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:3349 (3.3 KB)
br20 Link encap:Ethernet HWaddr 00:50:56:87:4c:70
inet6 addr: fe80::250:56ff:fe87:4c70/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:1766 (1.7 KB)
ens160 Link encap:Ethernet HWaddr 00:50:56:87:4c:70
inet6 addr: fe80::250:56ff:fe87:4c70/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1658 errors:0 dropped:5 overruns:0 frame:0
TX packets:335 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:271880 (271.8 KB) TX bytes:44746 (44.7 KB)
ens160.10 Link encap:Ethernet HWaddr 00:50:56:87:4c:70
inet6 addr: fe80::250:56ff:fe87:4c70/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:6698 (6.6 KB)
ens160.20 Link encap:Ethernet HWaddr 00:50:56:87:4c:70
inet6 addr: fe80::250:56ff:fe87:4c70/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:3349 (3.3 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:88 errors:0 dropped:0 overruns:0 frame:0
TX packets:88 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:6312 (6.3 KB) TX bytes:6312 (6.3 KB)
virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
root@ubuntu:~# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.005056874c70 no ens160
br10 8000.005056874c70 no ens160.10
br20 8000.005056874c70 no ens160.20
virbr0 8000.000000000000 yes
1、VM2 向 VM1 发ping 包之前,需要知道 VM1 的IP 192.168.9.1 对应的MAC地址。VM2 会在网络中广播ARP包,其作用就是问“谁知道 192.168.9.1 的MAC 地址是多少?”
2、ARP 是二层协议,VLAN的隔离作用使得 ARP 只能在 VLAN20的范围内广播,只有 br20 和 ens160.20 能收到,VLAN 10 里的设备收不到。VM1 收不到 VM2 的请求信息,更不会回复 VM2
2、Linux 的 VLAN 设备实现的是隔离功能,但没有交换功能。一个VLAN母设备(比如eth0)不能拥有两个相同ID 的VLAN 子设备,因此也就不可能出现数据交换的情况。
总结起来,Linux Bridge 加 VLAN 在功能层面完整模拟现实世界里的二层交换机。eth0 相当于虚拟交换机上的 Trunk 口,允许 vlan10 和 vlan 20数据通过。