1. 程式人生 > >基於linux下的高階網路配置

基於linux下的高階網路配置

網絡卡有一定的瓶頸,是物理硬體。

**配置網路橋接
**配置 bond 網路介面
**配置 team 網路介面

bond網路介面配置:

簡單的說,bonding就是把多個物理網路介面繫結到一起,使它們就像一個網路介面那樣執行。 通過Bonding技術,可以實現網口冗餘,負載均衡,從而達到高可用高可靠的目的。

選擇 Linux 乙太網繫結模式:

模式 0 ( 平衡輪循 ) - 輪循策略 , 所有介面都使用採用輪循方式在所有 Slave 中傳輸封包 ; 任何 Slave 都可以接收。
模式 1 ( 主動備份 ) - 容錯。一次只能使用一個 Slave 介面, 但是如果該接口出現故障 , 另一個Slave 將接替它。
模式 3 ( 廣播 ) - 容錯。所有封包都通過所有 Slave 介面廣播。

首先在真機開啟virt-manager給desktop新增兩塊網絡卡。

[[email protected] Desktop]$ su -   切換到超級使用者
Password: 
Last login: Thu May 17 10:55:36 CST 2018 on pts/2
Last failed login: Thu May 17 10:57:57 CST 2018 from 172.25.254.121 on ssh:notty
There was 1 failed login attempt since the last successful login.
ABRT has detected 2
problem(s). For more info run: abrt-cli list --since 1526525736 [[email protected] ~]# virt-manager 開啟虛擬機器管理命令

新增網絡卡:
這裡寫圖片描述
網絡卡已經新增成功:
這裡寫圖片描述

在虛擬機器的三個shell中操作:(實驗都是在desktop虛擬機器操作,只是開了三個shell)

A:配置 bond 網路介面

[root@foundation176 Desktop]# ifconfig               檢視時沒有bond0網絡卡 
eth0: flags=4163<UP
,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether 52:54:00:a3:bd:a3 txqueuelen 1000 (Ethernet) RX packets 2010 bytes 156554 (152.8 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 108 bytes 11595 (11.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether 52:54:00:af:54:5f txqueuelen 1000 (Ethernet) RX packets 1594 bytes 111905 (109.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 23 bytes 2196 (2.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 23 bytes 2196 (2.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@foundation176 Desktop]# nmcli connection add con-name bond0 type bond mode active-backup ip4 172.25.254.121/24 新增bond0 Connection 'bond0' (84d66bb7-0355-4e30-8d06-65e9e34113ba) successfully added. [root@foundation176 Desktop]# ifconfig 檢視已經成功新增 nm-bond: flags=5187<UP,BROADCAST,RUNNING,MASTER,MULTICAST> mtu 1500 inet 172.25.254.121 netmask 255.255.255.0 broadcast 172.25.254.255 ether 4e:55:dc:7f:f4:11 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@foundation176 Desktop]# nmcli connection add con-name eth0 ifname eth0 type bond-slave master bond0 新增兩塊網絡卡,因為開啟監控沒有網絡卡為其服務 Connection 'eth0' (295663a8-4d73-44df-a7de-123d2a94b49f) successfully added. [root@foundation176 Desktop]# nmcli connection add con-name eth1 ifname eth1 type bond-slave master bond0 Connection 'eth1' (9aba4da4-c36f-4667-8ddf-66dcea0d1fa3) successfully added. [root@foundation176 Desktop]# ping 172.25.254.121 ping網可以ping的通 PING 172.25.254.121 (172.25.254.121) 56(84) bytes of data. 64 bytes from 172.25.254.121: icmp_seq=1 ttl=64 time=0.043 ms [root@foundation176 Desktop]# ifconfig eth0 down 將eth0關閉,則eth1會出來頂替eth0的工作 [root@foundation176 Desktop]# ifconfig eth0 up 將etho開啟,則eth0作為備份閒置,解決了網突然壞掉的情況

新增bond介面:
這裡寫圖片描述
新增兩塊網絡卡,測試一塊網絡卡壞掉的情況
這裡寫圖片描述

B進行監控:

[[email protected] ~]# cat /proc/net/bonding/nm-bond    只有添加了bond之後才可以檢視到資訊
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: None
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
[[email protected] ~]# watch -n 1 cat /proc/net/bonding/nm-bond

檢視bond網路介面的配置開啟監控
這裡寫圖片描述
新增bond介面etho,eth1的監控呈現,以及當eth0壞掉的時候eth1出來頂替的效果。
這裡寫圖片描述

C一直佔用後臺,方便檢視一個網絡卡壞掉的情況:

[[email protected] ~]# ping 172.25.254.121
PING 172.25.254.250 (172.25.254.250) 56(84) bytes of data.
64 bytes from 172.25.254.250: icmp_seq=1 ttl=64 time=0.568 ms
64 bytes from 172.25.254.250: icmp_seq=2 ttl=64 time=0.507 ms
64 bytes from 172.25.254.250: icmp_seq=3 ttl=64 time=0.715 ms
64 bytes from 172.25.254.250: icmp_seq=4 ttl=64 time=0.406 ms

佔用後臺進行測試網絡卡的工作模式。
這裡寫圖片描述

Team 介面:

Team和 bond0 功能類似,Team不需要手動載入相應核心模組,Team有更強的拓展性,支援8塊網絡卡。

Team 的種類:

    broadcast     廣播容錯
    roundrobin    平衡輪循
    activebackup  主備
    loadbalance   負載均衡

在虛擬機器中的兩個shell下操作:

由於本虛擬機器並未設定IP,所以就不能用上一個實驗的ping命令來測試實驗效果。

A配置team介面:

[root@localhost Desktop]# nmcli connection delete bond0    刪除bond介面恢復環境
[root@localhost Desktop]# nmcli connection delete eth0     刪除eth0
[root@localhost Desktop]# nmcli connection delete eth1     刪除eth1
[root@localhost Desktop]# nmcli connection add con-name team0 ifname team0 type team config '{"runner":{"name":"activebackup"}}'  新增team介面
Connection 'team0' (826f5c34-ffdd-4c61-9723-7e1c1b831357) successfully added.
[root@localhost Desktop]# ifconfig      檢視team介面已經新增成功
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 52:54:00:a3:bd:a3  txqueuelen 1000  (Ethernet)
        RX packets 8471  bytes 628512 (613.7 KiB)
        RX errors 0  dropped 3494  overruns 0  frame 0
        TX packets 158  bytes 16489 (16.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 52:54:00:af:54:5f  txqueuelen 1000  (Ethernet)
        RX packets 9659  bytes 749027 (731.4 KiB)
        RX errors 0  dropped 270  overruns 0  frame 0
        TX packets 1642  bytes 176497 (172.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 41  bytes 3960 (3.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 41  bytes 3960 (3.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

team0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 4a:15:d5:09:87:2f  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost Desktop]# nmcli connection add con-name eth0 ifname eth0 type team-slave master team0    新增eth0
Connection 'eth0' (600f4215-9c67-4412-874d-54a57611cdbb) successfully added.
[root@localhost Desktop]# nmcli connection add con-name eth1 ifname eth1 type team-slave master team0    新增eth1
Connection 'eth1' (2232066a-715b-4a31-8db2-7a1325c3fa8e) successfully added.
[root@localhost Desktop]# ifconfig eth0 down    將eth0關閉,則eth1會出來頂替eth0
[root@localhost Desktop]# ifconfig eth0 up      將eth0開啟,則eth0會作為備份在eth1壞掉的時候出來工作

刪除bond0介面以及兩塊網絡卡,新增team0介面:
這裡寫圖片描述
用ifconfig檢視team0介面已經新增成功:
這裡寫圖片描述
新增兩塊網絡卡:
這裡寫圖片描述
測試eth0壞掉的情況,通過監控檢視:
這裡寫圖片描述

B進行監控:

[root@localhost ~]# teamdctl team0 stat  檢視team0的狀態
setup:
  runner: activebackup
runner:
  active port: 
[root@localhost ~]# watch -n 1 teamdctl team0 stat   監控team0介面

這裡寫圖片描述
監控所示,網絡卡已經新增成功,並且eth0不能工作的時候eth1出來頂替工作,當eth0好了之後進行閒置,如遇網絡卡壞掉則立即出來頂替工作。
這裡寫圖片描述

網路橋接:

網橋將兩個相似的網路連線起來,並對網路資料的流通進行管理。它工作於資料鏈層,不但能擴充套件網路的距離或範圍,而且可提高網路的效能、可靠性和安全性。網路1 和網路2 通過網橋連線後,網橋接收網路1 傳送的資料包,檢查資料包中的地址,如果地址屬於網路1 ,它就將其放棄,相反,如果是網路2 的地址,它就繼續傳送給網路2.這樣可利用網橋隔離資訊,將同一個網路號劃分成多個網段(屬於同一個網路號),隔離出安全網段,防止其他網段內的使用者非法訪問。由於網路的分段,各網段相對獨立(屬於同一個網路號),一個網段的故障不會影響到另一個網段的執行。

在真機搭建網橋:

首先搭建環境:

[kiosk@foundation84 Desktop]$ su -      切換到超級使用者
Password: 
Last login: Mon May 21 17:41:22 CST 2018 on pts/0
[root@foundation84 ~]# cd /etc/sysconfig/network-scripts/
[root@foundation84 network-scripts]# ls
ifcfg-Auto_331       ifdown-ippp      ifup-aliases  ifup-routes
ifcfg-Auto_Auto-Go   ifdown-ipv6      ifup-bnep     ifup-sit
ifcfg-Auto_Ethernet  ifdown-isdn      ifup-eth      ifup-Team
ifcfg-Auto_XUPT-ET   ifdown-post      ifup-ib       ifup-TeamPort
ifcfg-br0            ifdown-ppp       ifup-ippp     ifup-tunnel
ifcfg-lo             ifdown-routes    ifup-ipv6     ifup-wireless
ifcfg-p4p2           ifdown-sit       ifup-isdn     init.ipv6-global
ifdown               ifdown-Team      ifup-plip     keys-Auto_Auto-Go
ifdown-bnep          ifdown-TeamPort  ifup-plusb    network-functions
ifdown-eth           ifdown-tunnel    ifup-post     network-functions-ipv6
ifdown-ib            ifup             ifup-ppp
[root@foundation84 network-scripts]# mv ifcfg-br0 ifcfg-p4p2 /opt/   
移動網絡卡到檔案進行備份,之後好進行還原。這裡的p4p2指自己的網絡卡名字,
每臺主機的名字不同,我們可以通過命令nm-connection-editor來檢視自己
的網絡卡名字,以防止環境搭建出現問題。
[root@foundation84 network-scripts]# ls   檢視已經移動過去
ifcfg-Auto_331       ifdown-isdn      ifup-eth     ifup-Team
ifcfg-Auto_Auto-Go   ifdown-post      ifup-ib      ifup-TeamPort
ifcfg-Auto_Ethernet  ifdown-ppp       ifup-ippp    ifup-tunnel
ifcfg-Auto_XUPT-ET   ifdown-routes    ifup-ipv6    ifup-wireless
ifcfg-lo             ifdown-sit       ifup-isdn    init.ipv6-global
ifdown               ifdown-Team      ifup-plip    keys-Auto_Auto-Go
ifdown-bnep          ifdown-TeamPort  ifup-plusb   network-functions
ifdown-eth           ifdown-tunnel    ifup-post    network-functions-ipv6
ifdown-ib            ifup             ifup-ppp
ifdown-ippp          ifup-aliases     ifup-routes
ifdown-ipv6          ifup-bnep        ifup-sit
[root@foundation84 network-scripts]# nm-connection-editor 
刪除其餘的網路配置設定自己的IP

將多餘的網路配置移除,如下圖所示:
這裡寫圖片描述
新增自己的IP:
這裡寫圖片描述
這裡我們就可以看到自己的網絡卡是p4p2:
這裡寫圖片描述
設定主機IP:
這裡寫圖片描述
操作展示:
這裡寫圖片描述

[root@foundation84 network-scripts]# ifconfig  檢視IP已經配置成功
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 148638  bytes 51428170 (49.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 148638  bytes 51428170 (49.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

p4p2: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.25.254.84  netmask 255.255.255.0  broadcast 172.25.254.255
        inet6 fe80::9a40:bbff:fe25:7323  prefixlen 64  scopeid 0x20<link>
        ether 98:40:bb:25:73:23  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:e6:ea:d7  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp0s20f0u2: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 70:f1:1c:0c:24:6b  txqueuelen 1000  (Ethernet)
        RX packets 67487  bytes 70740271 (67.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 38283  bytes 6400838 (6.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

這裡寫圖片描述

[root@foundation84 network-scripts]# virt-manager
開啟虛擬機器管理介面進行建立虛擬機器,橋接沒有的時候只有NTA方式來建立虛擬機器。
[root@foundation84 network-scripts]# reboot   重啟主機

這裡寫圖片描述

未設定橋接建立虛擬機器:

這裡寫圖片描述
這裡寫圖片描述
這裡寫圖片描述
這裡寫圖片描述
這裡寫圖片描述

網路橋接的配置:

[kiosk@foundation84 Desktop]$ 
[kiosk@foundation84 Desktop]$ su -    切換到超級使用者
Password: 
Last login: Mon May 21 17:53:31 CST 2018 on pts/0
ABRT has detected 1 problem(s). For more info run: abrt-cli list --since 1526896411
[root@foundation84 ~]# brctl show   顯示網橋
bridge name bridge id       STP enabled interfaces
virbr0      8000.525400e6ead7   yes     virbr0-nic
[root@foundation84 ~]# cd /etc/sysconfig/network-scripts/ 
[root@foundation84 network-scripts]# ls
ifcfg-lo     ifdown-ppp       ifup-ib      ifup-Team
ifcfg-p4p2   ifdown-routes    ifup-ippp    ifup-TeamPort
ifdown       ifdown-sit       ifup-ipv6    ifup-tunnel
ifdown-bnep  ifdown-Team      ifup-isdn    ifup-wireless
ifdown-eth   ifdown-TeamPort  ifup-plip    init.ipv6-global
ifdown-ib    ifdown-tunnel    ifup-plusb   network-functions
ifdown-ippp  ifup             ifup-post    network-functions-ipv6
ifdown-ipv6  ifup-aliases     ifup-ppp
ifdown-isdn  ifup-bnep        ifup-routes
ifdown-post  ifup-eth         ifup-sit
[root@foundation84 network-scripts]# vim ifcfg-p4p2   搭建網橋
檔案內容:
DEVICE=p4p2
ONBOOT=yes
BOOTPROTO=none
BRIDGR=br0
[root@foundation84 network-scripts]# vim ifcfg-br0
檔案內容:
DEVICE=br0
ONBOOT=yes
BOOTPROTO=none
IPADDR=172.25.254.84
NETMASK=255.255.255.0
TYPE=Bridge
[root@foundation84 network-scripts]# systemctl stop NetworkManager.service 關閉網路管理服務 
[root@foundation84 network-scripts]# systemctl restart network  重啟網路
[root@foundation84 network-scripts]# brctl show  顯示網橋已經橋接成功
bridge name bridge id       STP enabled interfaces
br0     8000.000000000000   no      
virbr0      8000.525400e6ead7   yes     virbr0-nic

配置網橋:
這裡寫圖片描述
重啟網路檢視配置檔案內容:
這裡寫圖片描述

[root@foundation84 network-scripts]# virt-manager  開啟虛擬機器管理介面,就會出來用橋接的方式來建立虛擬機器。

網路橋接的方式建立虛擬機器:
這裡寫圖片描述
這裡寫圖片描述
這裡寫圖片描述
這裡寫圖片描述
這裡寫圖片描述

網路橋接的管理命令:

在虛擬機器測試網橋的管理:

brctl               橋接管理命令
brctl      show     顯示
brctl      addbr        新增網橋
brctl      delbr        刪除網橋
brctl      addif        新增網橋連線
brctl      delif        刪除網橋連線

在虛擬機器操作檢視命令效果:

[root@localhost Desktop]# brctl show   顯示網橋
bridge name bridge id       STP enabled interfaces
[root@localhost Desktop]# nmcli connection delete eth0   刪除eth0
[root@localhost Desktop]# nmcli connection delete eth1   刪除eth1
[root@localhost Desktop]# nmcli connection delete team0  刪除team介面
[root@localhost Desktop]# brctl show
bridge name bridge id       STP enabled interfaces

這裡寫圖片描述

[root@localhost Desktop]# brctl addbr br0  新增br0網橋
[root@localhost Desktop]# brctl show       顯示網橋
bridge name bridge id       STP enabled interfaces
br0     8000.000000000000   no      
[root@localhost Desktop]# ifconfig    br0網橋已經新增成功
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::184a:deff:fe3e:83a9  prefixlen 64  scopeid 0x20<link>
        ether 1a:4a:de:3e:83:a9  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 52:54:00:a3:bd:a3  txqueuelen 1000  (Ethernet)
        RX packets 1043  bytes 81899 (79.9 KiB)
        RX errors 0  dropped 2  overruns 0  frame 0
        TX packets 91  bytes 9817 (9.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 52:54:00:af:54:5f  txqueuelen 1000  (Ethernet)
        RX packets 1123  bytes 90144 (88.0 KiB)
        RX errors 0  dropped 792  overruns 0  frame 0
        TX packets 3  bytes 182 (182.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 155  bytes 13424 (13.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 155  bytes 13424 (13.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

這裡寫圖片描述

[root@localhost Desktop]# ifconfig br0 172.25.254.121/24新增IP地址
[root@localhost Desktop]# ifconfig br0    檢視IP
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.25.254.121  netmask 255.255.255.0  broadcast 172.25.254.255
        inet6 fe80::184a:deff:fe3e:83a9  prefixlen 64  scopeid 0x20<link>
        ether 1a:4a:de:3e:83:a9  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0