linux 路由配置及其网络组配置实例
§·路由配置
网络简单拓扑图如下:
※·实例要求:主机A可以ping同主机B即可。
※·实验步骤及其要点:
1.主机A设置IP地址与默认网关;
2.配置路由器1两接口的IP地址,并开启主机的路由功能,添加172.14.16.0路由条目;
3.配置路由器1两接口的IP地址,并开启主机的路由功能,添加172.14.14.0路由条目;
4.主机B设置IP地址与默认网关
※·设备配置:
步骤一 :主机A配置说明:
[root@love681 ~]# ip addr add 172.14.14.2/24 dev eth0 #接口上配置A主机的地址为:172.14.14.2 [root@love681 ~]# ip route add default via 172.14.14.1 dev eth0 #配置默认网关为:172.14.14.1 [root@love681 ~]# ip addr show #查看其配置的IP地址 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:21:e5:b5 brd ff:ff:ff:ff:ff:ff inet 172.14.14.2/24 scope global eth0 inet6 fe80::20c:29ff:fe21:e5b5/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:21:e5:bf brd ff:ff:ff:ff:ff:ff inet6 fe80::20c:29ff:fe21:e5bf/64 scope link valid_lft forever preferred_lft forever 4: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN link/ether 96:f3:ff:51:3e:19 brd ff:ff:ff:ff:ff:ff [root@love681 ~]# ip route show #查看配置的路由条目 172.14.14.0/24 dev eth0 proto kernel scope link src 172.14.14.2 default via 172.14.14.1 dev eth0 [root@love681 ~]# iptables -F #测试环境中取消防火墙的规则 [root@love681 ~]#
步骤二 :路由器1配置说明
[root@centos68 /]# ip addr add 172.14.14.1/24 dev eth1 #配置接口eth1的地址172.14.14.1 [root@centos68 /]# ip addr add 172.14.15.1/24 dev eth0 #配置接口eth0的地址172.14.15.1 [root@centos68 /]# ip route add 172.14.16.0/24 via 172.14.15.2 dev eth0 #配置到到 172.14.16.0网段的路由,自己直连的网段不需要添加到自己的静态路由表 [root@centos68 /]# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:42:59:60 brd ff:ff:ff:ff:ff:ff inet 10.1.16.61/16 brd 10.1.255.255 scope global eth0 inet 172.14.15.1/24 scope global eth0 inet6 fe80::20c:29ff:fe42:5960/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:42:59:6a brd ff:ff:ff:ff:ff:ff inet 172.14.14.1/24 scope global eth1 inet6 fe80::20c:29ff:fe42:596a/64 scope link valid_lft forever preferred_lft forever [root@centos68 /]# ip route show #查看路由器1的路由条目 172.14.16.0/24 via 172.14.15.2 dev eth0 172.14.15.0/24 dev eth0 proto kernel scope link src 172.14.15.1 172.14.14.0/24 dev eth1 proto kernel scope link src 172.14.14.1 10.1.0.0/16 dev eth0 proto kernel scope link src 10.1.16.61 169.254.0.0/16 dev eth0 scope link metric 1002 default via 10.1.0.1 dev eth0 proto static [root@centos68 /]# echo 1 > /proc/sys/net/ipv4/ip_forward #开启主机路由功能 [root@centos68 /]#
步骤三:路由器2配置说明
[root@Centos7 ~]# ip addr add 172.14.15.2/24 dev eth1 #配置路由器2的eth1接口的IP地址 [root@Centos7 ~]# ip addr add 172.14.16.1/24 dev eth2 #配置路由器2的eth2接口的IP地址 [root@Centos7 ~]# ip route add 172.14.14.0/24 via 172.14.15.1 dev eth1 #添加到达172.14.1.0的网络静态路由,直连网段不需要添加 [root@Centos7 ~]# echo 1 > /proc/sys/net/ipv4/ip_forward #开启主机路由功能 [root@Centos7 ~]# ip addr show 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:90:ef:7d brd ff:ff:ff:ff:ff:ff inet 10.1.16.70/16 brd 10.1.255.255 scope global eno16777736 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe90:ef7d/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:90:ef:87 brd ff:ff:ff:ff:ff:ff inet 172.14.15.2/24 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe90:ef87/64 scope link valid_lft forever preferred_lft forever 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:90:ef:91 brd ff:ff:ff:ff:ff:ff inet 172.14.16.1/24 scope global eth2 valid_lft forever preferred_lft forever [root@Centos7 ~]# ip route show #查看本机静态路由表 default via 10.1.0.1 dev eno16777736 proto static metric 100 10.1.0.0/16 dev eno16777736 proto kernel scope link src 10.1.16.70 metric 100 172.14.14.0/24 via 172.14.15.1 dev eth1 172.14.15.0/24 dev eth1 proto kernel scope link src 172.14.15.2 172.14.16.0/24 dev eth2 proto kernel scope link src 172.14.16.1 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 [root@Centos7 ~]#
步骤四:主机B配置说明
[root@love721 ~]# ip addr add 172.14.16.2/24 dev eno16777736 #配置主机IP地址 [root@love721 ~]# ip route add default via 172.14.16.1 dev eno16777736 #配置主机默认路由 [root@love721 ~]# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:04:cb:7e brd ff:ff:ff:ff:ff:ff inet 172.14.16.2/24 scope global eno16777736 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe04:cb7e/64 scope link valid_lft forever preferred_lft forever [root@love721 ~]# ip route show default via 172.14.16.1 dev eno16777736 172.14.16.0/24 dev eno16777736 proto kernel scope link src 172.14.16.2 [root@love721 ~]# iptables -F [root@love721 ~]#
※·测试主机A到主机B的连通性
[root@love681 ~]# ping 172.14.16.2 #可以正常的ping通主机B PING 172.14.16.2 (172.14.16.2) 56(84) bytes of data. 64 bytes from 172.14.16.2: icmp_seq=1 ttl=62 time=2.71 ms 64 bytes from 172.14.16.2: icmp_seq=2 ttl=62 time=1.97 ms 64 bytes from 172.14.16.2: icmp_seq=3 ttl=62 time=2.50 ms 64 bytes from 172.14.16.2: icmp_seq=4 ttl=62 time=1.54 ms 64 bytes from 172.14.16.2: icmp_seq=5 ttl=62 time=0.631 ms 64 bytes from 172.14.16.2: icmp_seq=6 ttl=62 time=0.848 ms --- 172.14.16.2 ping statistics --- 6 packets transmitted, 6 received, 0% packet loss, time 5069ms rtt min/avg/max/mdev = 0.631/1.702/2.712/0.780 ms [root@love681 ~]# traceroute 172.14.16.2 #使用路由追踪到达主机B的需要经过的路由 traceroute to 172.14.16.2 (172.14.16.2), 30 hops max, 60 byte packets 1 172.14.14.1 (172.14.14.1) 0.441 ms 3.419 ms 3.355 ms #经过路由器1 2 172.14.15.2 (172.14.15.2) 3.981 ms 4.134 ms 4.191 ms #经过路由器2 3 172.14.15.2 (172.14.15.2) 4.279 ms !X 4.470 ms !X 4.482 ms !X #到达主机B [root@love681 ~]#
§· 网络组实现
※·网络组介绍:
·网络组:是将多个网卡聚合在一起方法,从而实现冗错和提高吞吐量
·网络组不同于旧版中bonding技术,提供更好的性能和扩展性
·网络组由内核驱动和teamd守护进程实现.
·多种方式runner
broadcast
roundrobin
activebackup
loadbalance
lacp(implements the 802.3ad Link Aggregation Control Protocol)
※·注意事项:
·启动网络组接口不会自动启动网络组中的port接口
·启动网络组接口中的port接口不会自动启动网络组接口
·禁用网络组接口会自动禁用网络组中的port接口
·没有port接口的网络组接口可以启动静态IP连接
·启用DHCP连接时,没有port接口的网络组会等待port接口的加入
※·网络组的配置:
[root@Centos7 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:90:ef:7d brd ff:ff:ff:ff:ff:ff
inet 10.1.16.70/16 brd 10.1.255.255 scope global eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe90:ef7d/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:90:ef:87 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe90:ef87/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:90:ef:91 brd ff:ff:ff:ff:ff:ff
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 52:54:00:55:9d:3d brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
7: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
link/ether 52:54:00:55:9d:3d brd ff:ff:ff:ff:ff:ff
[root@Centos7 ~]# nmcli connection add type team con-name team_00 ifname team_00 config '{"name":"loadbalance"}'
#添加一个team_00的网络组,网络组的模式为loadbalance
Connection 'team_00' (073bf1f6-8b9e-4bbe-8341-96faeebc3be3) successfully added.
[root@Centos7 ~]# nmcli connection modify team_00 ipv4.addresses 172.14.14.100/24
#配置team_00的ipv4地址为:172.14.14.100
[root@Centos7 ~]# nmcli connection modify team_00 ipv4.method manual
#配置team_00的ip地址为静态地址
[root@Centos7 ~]# nmcli connection add type team-slave con-name team00_eth1 ifname eth1 master team_00
#把eth1接口加入到team_00,并把端口新建一个配置文件为:team00_eth1
Connection 'team00_eth1' (57d9b226-0a8a-4136-82fd-e1e241ae0f4a) successfully added.
[root@Centos7 ~]# nmcli connection add type team-slave con-name team00_eth2 ifname eth2 master team_00
#把eth2接口加入到team_00,并把端口新建一个配置文件为:team00_eth2
Connection 'team00_eth2' (5b8947e9-782c-44a6-ae0c-8e964d2ef076) successfully added.
[root@Centos7 ~]# nmcli connection show #查看添加的配置文件
NAME UUID TYPE DEVICE
team00_eth2 5b8947e9-782c-44a6-ae0c-8e964d2ef076 802-3-ethernet --
team_00 073bf1f6-8b9e-4bbe-8341-96faeebc3be3 team team_00
eth1 16375bd9-73c1-447f-bb76-a21b5d23d6a3 802-3-ethernet eth1
virbr0-nic d9876d68-76d6-4744-bc1d-5d950f41834c generic virbr0-nic
virbr0 0e013aae-2fc9-4e46-83a1-a25f00335e1d bridge virbr0
eno16777736 5a5f89ce-e54a-4f22-b843-3d438b093fbb 802-3-ethernet eno16777736
eth2 3a73717e-65ab-93e8-b518-24f5af32dc0d 802-3-ethernet eth2
team00_eth1 57d9b226-0a8a-4136-82fd-e1e241ae0f4a 802-3-ethernet --
[root@Centos7 ~]# nmcli connection up team_00
#开启网络组 team_00
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/13)
[root@Centos7 ~]# nmcli connection up team00_eth1
#开启端口:team00_eth1 eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/14)
[root@Centos7 ~]# nmcli connection up team00_eth2
#开启端口:team00_eth2 eth2
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/15)
[root@Centos7 ~]# nmcli connection show #查看以上操作生效情况
NAME UUID TYPE DEVICE
team00_eth2 5b8947e9-782c-44a6-ae0c-8e964d2ef076 802-3-ethernet eth2
team_00 073bf1f6-8b9e-4bbe-8341-96faeebc3be3 team team_00
virbr0-nic d9876d68-76d6-4744-bc1d-5d950f41834c generic virbr0-nic
virbr0 0e013aae-2fc9-4e46-83a1-a25f00335e1d bridge virbr0
eno16777736 5a5f89ce-e54a-4f22-b843-3d438b093fbb 802-3-ethernet eno16777736
eth2 3a73717e-65ab-93e8-b518-24f5af32dc0d 802-3-ethernet --
team00_eth1 57d9b226-0a8a-4136-82fd-e1e241ae0f4a 802-3-ethernet eth1
[root@Centos7 ~]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.1.16.70 netmask 255.255.0.0 broadcast 10.1.255.255
inet6 fe80::20c:29ff:fe90:ef7d prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:90:ef:7d txqueuelen 1000 (Ethernet)
RX packets 139768 bytes 16052186 (15.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6473 bytes 1466854 (1.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:0c:29:90:ef:87 txqueuelen 1000 (Ethernet)
RX packets 128192 bytes 10403568 (9.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 89 bytes 11498 (11.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:0c:29:90:ef:87 txqueuelen 1000 (Ethernet)
RX packets 128311 bytes 10419999 (9.9 MiB)
RX errors 0 dropped 91600 overruns 0 frame 0
TX packets 89 bytes 12365 (12.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 764 bytes 64000 (62.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 764 bytes 64000 (62.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
team_00: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.14.14.100 netmask 255.255.255.0 broadcast 172.14.14.255
inet6 fe80::20c:29ff:fe90:ef87 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:90:ef:87 txqueuelen 0 (Ethernet)
RX packets 286 bytes 16228 (15.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14 bytes 1746 (1.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:55:9d:3d txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@Centos7 ~]# teamdctl team_00 state #查看team_00的状态情况
setup:
runner: roundrobin #网络组模式
ports:
eth1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up #网卡eth1 链路情况
down count: 0
eth2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up #网卡eth2 链路情况
down count: 0
※·网络组的配置测试:
·在测试主机上使用:ping 172.14.14.100 -t -l 60000 (不停的ping 使用大的数据包)
C:\Users\hasee>ping 172.14.14.100 -t -l 60000 #测试ping情况 正在 Ping 172.14.14.100 具有 60000 字节的数据: 来自 172.14.14.100 的回复: 字节=60000 时间=1ms TTL=64 来自 172.14.14.100 的回复: 字节=60000 时间=3ms TTL=64 来自 172.14.14.100 的回复: 字节=60000 时间=6ms TTL=64 请求超时。 #由于测试down了eth2接口 来自 172.14.14.100 的回复: 字节=60000 时间=5ms TTL=64 来自 172.14.14.100 的回复: 字节=60000 时间=3ms TTL=64 来自 172.14.14.100 的回复: 字节=60000 时间=3ms TTL=64 172.14.14.100 的 Ping 统计信息: 数据包: 已发送 = 62,已接收 = 48,丢失 = 14 (22% 丢失), 往返行程的估计时间(以毫秒为单位): 最短 = 1ms,最长 = 7ms,平均 = 3ms C:\Users\hasee>
·down eth2后,有几个数据包的丢失,实验测试完成
[root@Centos7 ~]# teamdctl team_00 state #down eth2后,查看team_00情况 setup: runner: roundrobin ports: eth1 link watches: link summary: up instance[link_watch_0]: name: ethtool link: up down count: 1 eth2 link watches: link summary: down instance[link_watch_0]: name: ethtool link: down down count: 1 [root@Centos7 ~]#
小结:网络组实现的功能与bonding效果差不多,也可以实现网络线路的备份。
原创文章,作者:linux_root,如若转载,请注明出处:http://www.178linux.com/43830
