网络进阶管理

1. 链路聚合

网卡的链路聚合就是将多块网卡连接起来,当一块网卡损坏,网络依旧可以正常运行,可以有效的防止因为网卡损坏带来的损失,同时也可以提高网络访问速度。

网卡的链路聚合方式:

  • bond:最多可以添加两块网卡
  • team:最多可以添加八块网卡

bond的常用的2种模式:

  • bond0(balance-rr)

    bond0用于负载轮询(2个网单独都是100MB,聚合为1个网络传输带宽为200MB)

  • bond1(active-backup)
    bond1用于高可用,其中一条线若断线,其他线路将会自动备援

                               --> eth0  ----\
    app  --发送数据到--> bond0          <---> switch 
                               --> eth1  ----/
    

2. 桥接网络

桥接网络也即网桥,可基于MAC地址在网络间转发流量。网桥识别哪些主机连接到每个网络,构建MAC地址表,然后根据该表做出包转发决策。

软件网桥的最常见应用是在虚拟化应用程序中,用于在一个或多个虚拟NIC中共享一个硬件NIC。

3. 链路聚合配置

3.1 Centos7/RHEL7配置bond聚合链路

3.1.1 Centos7/RHEL7配置bond0

[root@wangqing ~]# nmcli device
DEVICE  TYPE      STATE         CONNECTION
eth0    ethernet  connected     eth0
eth1    ethernet  disconnected  --
lo      loopback  unmanaged     -- 

//创建bond0, 模式为balance-rr
[root@wangqing ~]# nmcli connection add type bond mode balance-rr con-name bond0 ifname bond0 ipv4.method manual ipv4.addresses 172.16.12.250/24 ipv4.gateway 172.16.12.2 ipv4.dns 172.16.12.2
Connection 'bond0' (83b7b2c9-fd9f-45e4-b6aa-512774cc6808) successfully added.

//添加物理网卡连接至bond0
[root@wangqing ~]# nmcli connection add type bond-slave con-name bond-slave0 ifname eth0 master bond0
Connection 'bond-slave0' (5642affa-217d-4e48-ac6c-6043f1657361) successfully added.
[root@wantqing ~]# nmcli connection add type bond-slave con-name bond-slave1 ifname eth1 master bond0
Connection 'bond-slave1' (1ef9017f-4b0d-46bf-95a1-f31be9353234) successfully added.

//查看bond配置信息
[root@wangqing ~]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: load balancing (round-robin)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:73:01:1a
Slave queue ID: 0

//关闭eth0网卡, 测试bond0是否正常
[root@wangqing ~]# nmcli device disconnect eth0

3.1.2 Centos7/RHEL7配置bond1

[root@wangqing ~]# nmcli device
DEVICE  TYPE      STATE         CONNECTION
eth0    ethernet  connected     eth0
eth1    ethernet  disconnected  --
lo      loopback  unmanaged     --

//创建bond1,模式为active-backup
[root@wangqing ~]# nmcli connection add type bond con-name bond1 ifname bond1 mode active-backup ipv4.method manual ipv4.addresses 172.16.12.250/24 ipv4.gateway 172.16.12.2 ipv4.dns 172.16.12.2
Connection 'bond1' (d1074330-476c-46d6-a378-f3efe73c0660) successfully added.

//添加物理网卡连接至bond1
[root@wangqing ~]# nmcli connection add type bond-slave con-name bond-slave0 ifname eth0 master bond1
Connection 'bond-slave0' (be356c6f-f5d0-4231-a541-b1bfad60617b) successfully added.
[root@wangqing ~]# nmcli connection add type bond-slave con-name bond-slave1 ifname eth1 master bond1
Connection 'bond-slave1' (c04a43ca-d8f1-4899-b2b5-ca7a4095c262) successfully added.

//启用连接
[root@wangqing ~]# nmcli connection up bond1
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
[root@wangqing ~]# nmcli connection up bond-slave0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8)
[root@wangqing ~]# nmcli connection up bond-slave1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/9)

//验证
[root@wangqing ~]# cat /proc/net/bonding/bond1
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: eth0
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:73:01:10
Slave queue ID: 0

Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:73:01:1a
Slave queue ID: 0

//停止eth0物理网卡设备
[root@wangqing ~]# nmcli device disconnect eth0
Device 'eth0' successfully disconnected.

//eth1物理网卡设备会进行自动切换
[root@wangqing ~]# grep "Currently Active Slave" /proc/net/bonding/bond1
Currently Active Slave: eth1

3.2 Centos6/RHEL6配置bond聚合链路

适用于RedHat6以及CentOS6

系统 网卡 bond地址 bond模式 bond功能
Centos6.5 eth0: 172.16.12.128 eth1: 172.16.12.129 172.16.12.250 模式0 负载均衡
//1.创建绑定网卡配置文件
[root@wangqing ~]# cat /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
TYPE=Ethernet
ONBOOT=yes
USERCTL=no
BOOTPROTO=static
IPADDR=172.16.12.250
NETMASK=255.255.255.0
GATEWAY=172.16.12.2
DNS1=172.16.12.2
BONDING_OPTS="mode=0 miimon=50" //如果使用模式1将mode修改为1即可

//2.修改eth0和eth1网卡配置文件
[root@wangqing ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
USERCTL=no
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
[root@wangqing ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
USERCTL=no
BOOTPROTO=none
MASTER=bond0
SLAVE=yes

//3.添加驱动支持bond0
[root@wangqing ~]# vim /etc/modprobe.d/bonding.conf
alias bond0 bonding

3.3 Centos7/RHEL7配置team聚合链路

centos/rhce7使用teaming实现聚合链路,能够提供网卡绑定之后的网络吞吐性能,并且提供网卡的故障切换处理能力。
Team是基于一个小型内核驱动实现聚合链路,在用户层提供teamd命令实现链路管理。

teamd可以实现以下模式的聚合链路

  • broadcast 广播容错
  • roundrobin 负载轮询
  • activebackup 主备(必考)
  • loadbalance 负载均衡
  • lacp 需要交换机支持lacp协议
//请使用命令行配置,图形界面配置不稳定

[root@wangqing ~]# nmcli connection add type team con-name team0 ifname team0 config '{"runner":{"name":"activebackup"}}' ipv4.addresses 172.16.12.250/24 ipv4.gateway 172.16.12.2 ipv4.dns 172.16.12.2 ipv4.method manual
Connection 'team0' (cd90d0ee-b65e-488c-8fd2-85facb1d6868) successfully added.

//添加物理网卡连接至team0
[root@wangqing ~]# nmcli connection add type team-slave con-name team0-port1 ifname eth1 master team0
Connection 'team-slave0' (34873b23-60ff-42cf-bf65-77479bcd7369) successfully added.
[root@wangqing ~]# nmcli connection add type team-slave con-name team0-port2 ifname eth2 master team0
Connection 'team-slave1' (3cfc524f-cbf8-4039-b511-830b90a23726) successfully added.

//检查team0状态
[root@wangqing ~]# ping -I team0 172.16.12.128
[root@wangqing ~]# teamdctl team0 state

//断掉后检测
[root@wangqing ~]# nmcli dev disconnect eth1
[root@wangqing ~]# teamdctl team0 state

动态修改team模式

// 导出配置进行修改 (man teamd.conf)
[root@wangqing ~]# teamdctl team0 config dump > /tmp/team.conf
[root@wangqing ~]# vim /tmp/team.conf

//以最新修改的配置选项修改team0属性
[root@wangqing ~]# nmcli con mod team0 team.config /tmp/team.conf

//修改之后需要重启team0
[root@wangqing ~]# nmcli connection down team0;nmcli connection up team0 
[root@wangqing ~]# nmcli connection up team0-port1
[root@wangqing ~]# nmcli connection up team0-port2

4. 桥接网络配置

创建桥接网络br1
[root@wangqing ~]# nmcli connection add type bridge con-name br1 ifname br1 ipv4.addresses 192.168.56.222/24 ipv4.method manual

桥接至eth1
[root@wangqing ~]# nmcli connection add type bridge-slave con-name br1-port1 ifname eth1 master br1

[root@wangqing ~]# ping -I br1 192.168.56.1
[root@wangqing ~]# brctl show