基於linux下的高階網路配置
網絡卡有一定的瓶頸,是物理硬體。
**配置網路橋接
**配置 bond 網路介面
**配置 team 網路介面
bond網路介面配置:
簡單的說,bonding就是把多個物理網路介面繫結到一起,使它們就像一個網路介面那樣執行。 通過Bonding技術,可以實現網口冗餘,負載均衡,從而達到高可用高可靠的目的。
選擇 Linux 乙太網繫結模式:
模式 0 ( 平衡輪循 ) - 輪循策略 , 所有介面都使用採用輪循方式在所有 Slave 中傳輸封包 ; 任何 Slave 都可以接收。
模式 1 ( 主動備份 ) - 容錯。一次只能使用一個 Slave 介面, 但是如果該接口出現故障 , 另一個Slave 將接替它。
模式 3 ( 廣播 ) - 容錯。所有封包都通過所有 Slave 介面廣播。
首先在真機開啟virt-manager給desktop新增兩塊網絡卡。
[[email protected] Desktop]$ su - 切換到超級使用者
Password:
Last login: Thu May 17 10:55:36 CST 2018 on pts/2
Last failed login: Thu May 17 10:57:57 CST 2018 from 172.25.254.121 on ssh:notty
There was 1 failed login attempt since the last successful login.
ABRT has detected 2 problem(s). For more info run: abrt-cli list --since 1526525736
[[email protected] ~]# virt-manager 開啟虛擬機器管理命令
新增網絡卡:
網絡卡已經新增成功:
在虛擬機器的三個shell中操作:(實驗都是在desktop虛擬機器操作,只是開了三個shell)
A:配置 bond 網路介面
[root@foundation176 Desktop]# ifconfig 檢視時沒有bond0網絡卡
eth0: flags=4163<UP ,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 52:54:00:a3:bd:a3 txqueuelen 1000 (Ethernet)
RX packets 2010 bytes 156554 (152.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 108 bytes 11595 (11.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 52:54:00:af:54:5f txqueuelen 1000 (Ethernet)
RX packets 1594 bytes 111905 (109.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 23 bytes 2196 (2.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 23 bytes 2196 (2.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@foundation176 Desktop]# nmcli connection add con-name bond0 type bond mode active-backup ip4 172.25.254.121/24 新增bond0
Connection 'bond0' (84d66bb7-0355-4e30-8d06-65e9e34113ba) successfully added.
[root@foundation176 Desktop]# ifconfig 檢視已經成功新增
nm-bond: flags=5187<UP,BROADCAST,RUNNING,MASTER,MULTICAST> mtu 1500
inet 172.25.254.121 netmask 255.255.255.0 broadcast 172.25.254.255
ether 4e:55:dc:7f:f4:11 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@foundation176 Desktop]# nmcli connection add con-name eth0 ifname eth0 type bond-slave master bond0 新增兩塊網絡卡,因為開啟監控沒有網絡卡為其服務
Connection 'eth0' (295663a8-4d73-44df-a7de-123d2a94b49f) successfully added.
[root@foundation176 Desktop]# nmcli connection add con-name eth1 ifname eth1 type bond-slave master bond0
Connection 'eth1' (9aba4da4-c36f-4667-8ddf-66dcea0d1fa3) successfully added.
[root@foundation176 Desktop]# ping 172.25.254.121 ping網可以ping的通
PING 172.25.254.121 (172.25.254.121) 56(84) bytes of data.
64 bytes from 172.25.254.121: icmp_seq=1 ttl=64 time=0.043 ms
[root@foundation176 Desktop]# ifconfig eth0 down 將eth0關閉,則eth1會出來頂替eth0的工作
[root@foundation176 Desktop]# ifconfig eth0 up 將etho開啟,則eth0作為備份閒置,解決了網突然壞掉的情況
新增bond介面:
新增兩塊網絡卡,測試一塊網絡卡壞掉的情況
B進行監控:
[[email protected] ~]# cat /proc/net/bonding/nm-bond 只有添加了bond之後才可以檢視到資訊
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: None
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
[[email protected] ~]# watch -n 1 cat /proc/net/bonding/nm-bond
檢視bond網路介面的配置開啟監控
新增bond介面etho,eth1的監控呈現,以及當eth0壞掉的時候eth1出來頂替的效果。
C一直佔用後臺,方便檢視一個網絡卡壞掉的情況:
[[email protected] ~]# ping 172.25.254.121
PING 172.25.254.250 (172.25.254.250) 56(84) bytes of data.
64 bytes from 172.25.254.250: icmp_seq=1 ttl=64 time=0.568 ms
64 bytes from 172.25.254.250: icmp_seq=2 ttl=64 time=0.507 ms
64 bytes from 172.25.254.250: icmp_seq=3 ttl=64 time=0.715 ms
64 bytes from 172.25.254.250: icmp_seq=4 ttl=64 time=0.406 ms
佔用後臺進行測試網絡卡的工作模式。
Team 介面:
Team和 bond0 功能類似,Team不需要手動載入相應核心模組,Team有更強的拓展性,支援8塊網絡卡。
Team 的種類:
broadcast 廣播容錯
roundrobin 平衡輪循
activebackup 主備
loadbalance 負載均衡
在虛擬機器中的兩個shell下操作:
由於本虛擬機器並未設定IP,所以就不能用上一個實驗的ping命令來測試實驗效果。
A配置team介面:
[root@localhost Desktop]# nmcli connection delete bond0 刪除bond介面恢復環境
[root@localhost Desktop]# nmcli connection delete eth0 刪除eth0
[root@localhost Desktop]# nmcli connection delete eth1 刪除eth1
[root@localhost Desktop]# nmcli connection add con-name team0 ifname team0 type team config '{"runner":{"name":"activebackup"}}' 新增team介面
Connection 'team0' (826f5c34-ffdd-4c61-9723-7e1c1b831357) successfully added.
[root@localhost Desktop]# ifconfig 檢視team介面已經新增成功
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 52:54:00:a3:bd:a3 txqueuelen 1000 (Ethernet)
RX packets 8471 bytes 628512 (613.7 KiB)
RX errors 0 dropped 3494 overruns 0 frame 0
TX packets 158 bytes 16489 (16.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 52:54:00:af:54:5f txqueuelen 1000 (Ethernet)
RX packets 9659 bytes 749027 (731.4 KiB)
RX errors 0 dropped 270 overruns 0 frame 0
TX packets 1642 bytes 176497 (172.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 41 bytes 3960 (3.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 41 bytes 3960 (3.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
team0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 4a:15:d5:09:87:2f txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost Desktop]# nmcli connection add con-name eth0 ifname eth0 type team-slave master team0 新增eth0
Connection 'eth0' (600f4215-9c67-4412-874d-54a57611cdbb) successfully added.
[root@localhost Desktop]# nmcli connection add con-name eth1 ifname eth1 type team-slave master team0 新增eth1
Connection 'eth1' (2232066a-715b-4a31-8db2-7a1325c3fa8e) successfully added.
[root@localhost Desktop]# ifconfig eth0 down 將eth0關閉,則eth1會出來頂替eth0
[root@localhost Desktop]# ifconfig eth0 up 將eth0開啟,則eth0會作為備份在eth1壞掉的時候出來工作
刪除bond0介面以及兩塊網絡卡,新增team0介面:
用ifconfig檢視team0介面已經新增成功:
新增兩塊網絡卡:
測試eth0壞掉的情況,通過監控檢視:
B進行監控:
[root@localhost ~]# teamdctl team0 stat 檢視team0的狀態
setup:
runner: activebackup
runner:
active port:
[root@localhost ~]# watch -n 1 teamdctl team0 stat 監控team0介面
監控所示,網絡卡已經新增成功,並且eth0不能工作的時候eth1出來頂替工作,當eth0好了之後進行閒置,如遇網絡卡壞掉則立即出來頂替工作。
網路橋接:
網橋將兩個相似的網路連線起來,並對網路資料的流通進行管理。它工作於資料鏈層,不但能擴充套件網路的距離或範圍,而且可提高網路的效能、可靠性和安全性。網路1 和網路2 通過網橋連線後,網橋接收網路1 傳送的資料包,檢查資料包中的地址,如果地址屬於網路1 ,它就將其放棄,相反,如果是網路2 的地址,它就繼續傳送給網路2.這樣可利用網橋隔離資訊,將同一個網路號劃分成多個網段(屬於同一個網路號),隔離出安全網段,防止其他網段內的使用者非法訪問。由於網路的分段,各網段相對獨立(屬於同一個網路號),一個網段的故障不會影響到另一個網段的執行。
在真機搭建網橋:
首先搭建環境:
[kiosk@foundation84 Desktop]$ su - 切換到超級使用者
Password:
Last login: Mon May 21 17:41:22 CST 2018 on pts/0
[root@foundation84 ~]# cd /etc/sysconfig/network-scripts/
[root@foundation84 network-scripts]# ls
ifcfg-Auto_331 ifdown-ippp ifup-aliases ifup-routes
ifcfg-Auto_Auto-Go ifdown-ipv6 ifup-bnep ifup-sit
ifcfg-Auto_Ethernet ifdown-isdn ifup-eth ifup-Team
ifcfg-Auto_XUPT-ET ifdown-post ifup-ib ifup-TeamPort
ifcfg-br0 ifdown-ppp ifup-ippp ifup-tunnel
ifcfg-lo ifdown-routes ifup-ipv6 ifup-wireless
ifcfg-p4p2 ifdown-sit ifup-isdn init.ipv6-global
ifdown ifdown-Team ifup-plip keys-Auto_Auto-Go
ifdown-bnep ifdown-TeamPort ifup-plusb network-functions
ifdown-eth ifdown-tunnel ifup-post network-functions-ipv6
ifdown-ib ifup ifup-ppp
[root@foundation84 network-scripts]# mv ifcfg-br0 ifcfg-p4p2 /opt/
移動網絡卡到檔案進行備份,之後好進行還原。這裡的p4p2指自己的網絡卡名字,
每臺主機的名字不同,我們可以通過命令nm-connection-editor來檢視自己
的網絡卡名字,以防止環境搭建出現問題。
[root@foundation84 network-scripts]# ls 檢視已經移動過去
ifcfg-Auto_331 ifdown-isdn ifup-eth ifup-Team
ifcfg-Auto_Auto-Go ifdown-post ifup-ib ifup-TeamPort
ifcfg-Auto_Ethernet ifdown-ppp ifup-ippp ifup-tunnel
ifcfg-Auto_XUPT-ET ifdown-routes ifup-ipv6 ifup-wireless
ifcfg-lo ifdown-sit ifup-isdn init.ipv6-global
ifdown ifdown-Team ifup-plip keys-Auto_Auto-Go
ifdown-bnep ifdown-TeamPort ifup-plusb network-functions
ifdown-eth ifdown-tunnel ifup-post network-functions-ipv6
ifdown-ib ifup ifup-ppp
ifdown-ippp ifup-aliases ifup-routes
ifdown-ipv6 ifup-bnep ifup-sit
[root@foundation84 network-scripts]# nm-connection-editor
刪除其餘的網路配置設定自己的IP
將多餘的網路配置移除,如下圖所示:
新增自己的IP:
這裡我們就可以看到自己的網絡卡是p4p2:
設定主機IP:
操作展示:
[root@foundation84 network-scripts]# ifconfig 檢視IP已經配置成功
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 148638 bytes 51428170 (49.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 148638 bytes 51428170 (49.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
p4p2: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.25.254.84 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::9a40:bbff:fe25:7323 prefixlen 64 scopeid 0x20<link>
ether 98:40:bb:25:73:23 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:e6:ea:d7 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp0s20f0u2: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 70:f1:1c:0c:24:6b txqueuelen 1000 (Ethernet)
RX packets 67487 bytes 70740271 (67.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 38283 bytes 6400838 (6.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@foundation84 network-scripts]# virt-manager
開啟虛擬機器管理介面進行建立虛擬機器,橋接沒有的時候只有NTA方式來建立虛擬機器。
[root@foundation84 network-scripts]# reboot 重啟主機
未設定橋接建立虛擬機器:
網路橋接的配置:
[kiosk@foundation84 Desktop]$
[kiosk@foundation84 Desktop]$ su - 切換到超級使用者
Password:
Last login: Mon May 21 17:53:31 CST 2018 on pts/0
ABRT has detected 1 problem(s). For more info run: abrt-cli list --since 1526896411
[root@foundation84 ~]# brctl show 顯示網橋
bridge name bridge id STP enabled interfaces
virbr0 8000.525400e6ead7 yes virbr0-nic
[root@foundation84 ~]# cd /etc/sysconfig/network-scripts/
[root@foundation84 network-scripts]# ls
ifcfg-lo ifdown-ppp ifup-ib ifup-Team
ifcfg-p4p2 ifdown-routes ifup-ippp ifup-TeamPort
ifdown ifdown-sit ifup-ipv6 ifup-tunnel
ifdown-bnep ifdown-Team ifup-isdn ifup-wireless
ifdown-eth ifdown-TeamPort ifup-plip init.ipv6-global
ifdown-ib ifdown-tunnel ifup-plusb network-functions
ifdown-ippp ifup ifup-post network-functions-ipv6
ifdown-ipv6 ifup-aliases ifup-ppp
ifdown-isdn ifup-bnep ifup-routes
ifdown-post ifup-eth ifup-sit
[root@foundation84 network-scripts]# vim ifcfg-p4p2 搭建網橋
檔案內容:
DEVICE=p4p2
ONBOOT=yes
BOOTPROTO=none
BRIDGR=br0
[root@foundation84 network-scripts]# vim ifcfg-br0
檔案內容:
DEVICE=br0
ONBOOT=yes
BOOTPROTO=none
IPADDR=172.25.254.84
NETMASK=255.255.255.0
TYPE=Bridge
[root@foundation84 network-scripts]# systemctl stop NetworkManager.service 關閉網路管理服務
[root@foundation84 network-scripts]# systemctl restart network 重啟網路
[root@foundation84 network-scripts]# brctl show 顯示網橋已經橋接成功
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
virbr0 8000.525400e6ead7 yes virbr0-nic
配置網橋:
重啟網路檢視配置檔案內容:
[root@foundation84 network-scripts]# virt-manager 開啟虛擬機器管理介面,就會出來用橋接的方式來建立虛擬機器。
網路橋接的方式建立虛擬機器:
網路橋接的管理命令:
在虛擬機器測試網橋的管理:
brctl 橋接管理命令
brctl show 顯示
brctl addbr 新增網橋
brctl delbr 刪除網橋
brctl addif 新增網橋連線
brctl delif 刪除網橋連線
在虛擬機器操作檢視命令效果:
[root@localhost Desktop]# brctl show 顯示網橋
bridge name bridge id STP enabled interfaces
[root@localhost Desktop]# nmcli connection delete eth0 刪除eth0
[root@localhost Desktop]# nmcli connection delete eth1 刪除eth1
[root@localhost Desktop]# nmcli connection delete team0 刪除team介面
[root@localhost Desktop]# brctl show
bridge name bridge id STP enabled interfaces
[root@localhost Desktop]# brctl addbr br0 新增br0網橋
[root@localhost Desktop]# brctl show 顯示網橋
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
[root@localhost Desktop]# ifconfig br0網橋已經新增成功
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::184a:deff:fe3e:83a9 prefixlen 64 scopeid 0x20<link>
ether 1a:4a:de:3e:83:a9 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 52:54:00:a3:bd:a3 txqueuelen 1000 (Ethernet)
RX packets 1043 bytes 81899 (79.9 KiB)
RX errors 0 dropped 2 overruns 0 frame 0
TX packets 91 bytes 9817 (9.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 52:54:00:af:54:5f txqueuelen 1000 (Ethernet)
RX packets 1123 bytes 90144 (88.0 KiB)
RX errors 0 dropped 792 overruns 0 frame 0
TX packets 3 bytes 182 (182.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 155 bytes 13424 (13.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 155 bytes 13424 (13.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost Desktop]# ifconfig br0 172.25.254.121/24新增IP地址
[root@localhost Desktop]# ifconfig br0 檢視IP
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.121 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::184a:deff:fe3e:83a9 prefixlen 64 scopeid 0x20<link>
ether 1a:4a:de:3e:83:a9 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0