https://www.jianshu.com/p/9b8c370baca1
I’ve covered macvlans in the Bridge vs Macvlan post. If you are new to macvlan concept, go ahead and read it first.
在 Bridge vs Macvlan 一文中已经讲解了macvlans。如果对macvlan比较陌生,可以先阅读该文Bridge vs Macvlan 。
To recap: Macvlan allows you to configure sub-interfaces (also termed slave devices) of a parent, physical Ethernet interface (also termed upper device), each with its own unique MAC address, and consequently its own IP address.
Macvlan可以在物理网卡构成的父接口(也叫做主接口)上添加子接口(也叫做从接口),每个子接口都拥有独立的MAC地址和IP 地址。
Applications, VMs and containers can then bind to a specific sub-interface to connect directly to the physical network, using their own MAC and IP address.
应用程序,虚拟机,容器通过绑定至子接口,拥有各自的MAC,IP,并连接到物理网络上。
Macvlan is a near-ideal solution to natively connect VMs and containers to a physical network, but it has its shortcomings:
Macvlan是一个近乎理想的连接虚拟机、容器至物理网络的方案,但它仍有如下不足之处:
The switch the host is connected to may have a policy that limits the number of different MAC addresses on a physical port. Although you should really work with your network administrator to change the policy, there are times when this might not be possible (or you just need to set up a quick PoC).
服务器连接的交换机端口对支持的MAC地址会存在安全策略限制。尽管可以通过网络管理员更改这些安全策略,但并不是时时刻刻都可以这样做(比如你仅仅是要快速的建立一个PoC环境)。
Many NICs have a limit on the number of MAC addresses they support in hardware. Exceeding the limit may affect the performance.
许多网卡在硬件层面对支持的MAC地址数量存在限制。超过该限制会导致性能的下降。
IEEE 802.11 doesn’t like multiple MAC addresses on a single client. It is likely macvlan sub-interfaces will be blocked by your wireless interface driver, AP or both. There are somehow complex ways around that limitation, but why not stick to a simple solution?
IEEE 802.11并不支持一个客户端多个MAC地址。无线网卡驱动、AP不支持macvlan子接口。尽管有多种复杂的手段绕过这些限制,但为何不转向一个更简单的方案呢?
Ipvlan is very similar to macvlan, with an important difference. Ipvlan does not assign unique MAC addresses to created sub-interfaces. All sub-interfaces share parent’s interface MAC address, but use distinct IP addresses.
Ipvlan与macvlan非常相似,但又存在显著不同。Ipvlan的子接口上并不拥有独立的MAC地址。所有共享父接口MAC地址的子接口拥有各自独立的IP。
Because all VMs or containers on a single parent interface use the same MAC address, ipvlan also has some shortcomings:
由于同一个父接口上连接的虚拟机和容器使用相同的MAC地址,ipvlan也存在如下局限:
Ipvlan has two modes of operation. Only one of the two modes can be selected on a single parent interface. All sub-interfaces operate in the selected mode.
Ipvlan有2种工作模式,同一个父接口上只能使用其中的一种,所有子接口根据父接口的工作模式运转。
Ipvlan L2 or Layer 2 mode is analogue to the macvlan bridge mode.
Ipvlan L2 模式与macvlan的bridge模式类似。
Parent interface acts as a switch between the sub-interfaces and the parent interface. All VMs or containers connected to the same parent Ipvlan interface and in the same subnet can communicate with each other directly through the parent interface. Traffic destined to other subnets is sent out through the parent interface to default gateway (a physical router). Ipvlan in L2 mode distributes broadcasts/multicasts to all sub-interfaces.
父接口充当父接口与子接口之间的交换机。同一父接口下相同子网的虚拟机和容器能够通过父接口直接进行通信。去往不同子网的流量将流出父接口发送至默认网关(物理路由器)。工作在L2模式下的Ipvlan会将广播包/组播包发送至所有子接口上。
Ipvlan L2 mode acts as a bridge or switch between the sub-interfaces and parent interface. As name suggests, Ipvlan L3 or Layer 3 mode acts as a Layer 3 device (router) between the sub-interfaces and parent interface.
工作在L2模式下的Ipvlan充当了父接口与子接口之间的交换机。以此类推。工作在L3模式下的Ipvlan充当父接口和子接口之间的三层设备(路由器)。
Ipvlan L3 mode routes the packets between all sub-interfaces, thus providing full Layer 3 connectivity. Each sub-interface has to be configured with a different subnet, i.e. you cannot configure 10.10.40.0/24 on both interfaces.
L3模式下的Ipvlan在子接口之间路由报文,提供3层网络之间的全连接。每个子接口都必须配置不同的子网网段。例如不可以在多个子接口上配置相同的10.10.40.0/24网段。
Broadcasts are limited to a Layer 2 domain, so they cannot pass from one sub-interface to another. Ipvlan L3 mode does not support multicast.
因为广播报文是二层域的,所以他们不能在子接口上相互传递。Ipvlan也不支持多播。
Ipvlan L3 mode does not support routing protocols, so it cannot notify the physical network router of the subnets it connects to. You need to configure static routes on the physical router pointing to the Host’s physical interface for all subnets on the sub-interfaces.
Ipvlan L3不支持路由协议,因此也无法将连接的子网网段通知物理网络上的路由器。需要人为在物理路由器上为子接口上的子网网段配置指向父接口IP的静态路由。
Ipvlan L3 mode behaves like a router – it forwards the IP packets between different subnets, however it does not reduce the TTL value of the passing packets. Thus, you will not see the Ipvlan “router” in the path when doing traceroute.
虽然IPvlan L3想路由器一样在不同子网间传递报文,但它并不削减通过报文的TTL值。当你使用Traceroute时也无法探测到链路中充当“router”的Ipvlan L3。
Ipvlan L3 can be used in conjunction with VM or Container ran BGP, used as a service advertisement protocol to advertise service availability into the network. This advanced scenario exceeds the purpose of this post.
Ipvlan与运行BGP着虚拟机、容器联合工作的话,可以在网络上注册服务。但这种高级场景不在本文的主题范围内
Macvlan and ipvlan cannot be used on the same parent interface at the same time.
同一个父接口上无法同时使用macvlan和ipvlan。