1.链路聚合

网卡的链路聚合就是将多块网卡连接起来，当一块网卡损坏，网络依旧可以正常运行，可以有效的防止因为网卡损坏带来的损失，同时也可以提高网络访问速度。

网卡的链路聚合方式：

bond：最多可以添加两块网卡
team：最多可以添加八块网卡

bond的常用的2种模式：

bond0(balance-rr)
- bond0用于负载轮询（2个网单独都是100MB，聚合为1个网络传输带宽为200MB）
bond1(active-backup)
- bond1用于高可用，其中一条线若断线，其他线路将会自动备援

1
2
3


                            --> eth0  ----\
    app  --发送数据到--> bond0          <---> switch 
                            --> eth1  ----/

2.桥接网络

桥接网络也即网桥，可基于MAC地址在网络间转发流量。网桥识别哪些主机连接到每个网络，构建MAC地址表，然后根据该表做出包转发决策。

软件网桥的最常见应用是在虚拟化应用程序中，用于在一个或多个虚拟NIC中共享一个硬件网卡。

3.链路聚合配置

3.1 Centos7 / RHEL7配置bond聚合链路

3.1.1 Centos7 / RHEL7配置bond0

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65


[root@wenhs5479 network-scripts]# nmcli device 
DEVICE      TYPE      STATE   CONNECTION 
eth1        ethernet  连接的  eth1       
virbr0      bridge    连接的  virbr0     
eth0        ethernet  不可用  --         
lo          loopback  未托管  --         
virbr0-nic  tun       未托管  --

创建bond0, 模式为balance-rr
[root@wenhs5479 ~]# nmcli connection add type bond mode balance-rr con-name bond0 ifname bond0 ipv4.method manual ipv4.addresses 192.168.131.103/24 ipv4.gateway 192.168.131.1 ipv4.dns 192.168.131.1
连接“bond0”(e3ff9b6e-4343-4733-a3ff-32c0c623589f) 已成功添加。
[root@wenhs5479 ~]#

添加物理网卡连接至bond0
[root@wenhs5479 ~]# nmcli connection add type bond-slave con-name bond-slave0 ifname eth0 master bond0 
连接“bond-slave0”(4afe392d-2646-4125-a61d-4c52a7ea1056) 已成功添加。
[root@wenhs5479 ~]# nmcli connection add type bond-slave con-name bond-slave1 ifname eth1 master bond0 
连接“bond-slave1”(2f2046de-0be5-4ce9-86f8-8c9a22324f1b) 已成功添加。

查看bond配置信息(一开始是down状态,重启了一下网络服务,都up了)
[root@wenhs5479 ~]# cat /proc/net/bonding/bond0 
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: load balancing (round-robin)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:8a:2a:2e
Slave queue ID: 0

Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:8a:2a:38
Slave queue ID: 0

关闭eth0网卡, 测试bond0是否正常
[root@wenhs5479 ~]# nmcli device disconnect eth0
成功断开设备 'eth0'。
[root@wenhs5479 ~]# cat /proc/net/bonding/bond0 
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: load balancing (round-robin)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:8a:2a:38
Slave queue ID: 0
[root@wenhs5479 ~]#

3.1.2 Centos7 / RHEL7配置bond1

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66


[root@wenhs5479 ~]# nmcli device 
DEVICE      TYPE      STATE   CONNECTION 
eth0        ethernet  连接的  eth0       
eth1        ethernet  连接的  eth1       
virbr0      bridge    连接的  virbr0     
lo          loopback  未托管  --         
virbr0-nic  tun       未托管  --         
[root@wenhs5479 ~]#

创建bond1，模式为active-backup
[root@wenhs5479 ~]# nmcli connection add type bond con-name bond1 mode active-backup ipv4.method manual ipv4.addresses 192.168.131.103/24 ipv4.gateway 192.168.131.1 ipv4.dns 192.168.131.1
连接“bond1”(33a2f495-f178-408e-ad68-e2530d4cb76f) 已成功添加。

添加物理网卡连接至bond1
[root@wenhs5479 ~]# nmcli connection add type bond-slave con-name bond-slave0 ifname eth0 master bond1
连接“bond-slave0”(016a15fa-d189-4afa-b66d-02cb6b07f4a4) 已成功添加。
[root@wenhs5479 ~]# nmcli connection add type bond-slave con-name bond-slave1 ifname eth1 master bond1
连接“bond-slave1”(10bfb1bb-87aa-4a12-bc65-b473282957c5) 已成功添加。
[root@wenhs5479 ~]# 

启用连接
[root@wenhs5479 ~]# nmcli connection up bond1
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8)
[root@wenhs5479 ~]# nmcli connection up bond-slave0
连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/9）
[root@wenhs5479 ~]# nmcli connection up bond-slave1
连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/10）
[root@wenhs5479 ~]# 

验证
[root@wenhs5479 ~]# cat /proc/net/bonding/nm-bond 
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: eth0
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:8a:2a:2e
Slave queue ID: 0

Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:8a:2a:38
Slave queue ID: 0
[root@wenhs5479 ~]#

停止eth0物理网卡设备
[root@wenhs5479 ~]# nmcli device disconnect eth0
成功断开设备 'eth0'。

eth1物理网卡设备会进行自动切换
[root@wenhs5479 ~]# grep 'Currently Active Slave' /proc/net/bonding/nm-bond
Currently Active Slave: eth1
[root@wenhs5479 ~]#

3.2 Centos6 / RHEL6配置bond聚合链路

适用于RedHat6以及CentOS6

系统	网卡	bond地址	bond模式	bond功能
Centos6.5	eth0:172.16.12.128 eth1: 172.16.12.129	172.16.12.250	模式0	负载均衡

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34


1.创建绑定网卡配置文件
[root@wenhs5479 ~]# cat /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
TYPE=Ethernet
ONBOOT=yes
USERCTL=no
BOOTPROTO=static
IPADDR=192.168.131.102
NETMASK=255.255.255.0
GATEWAY=192.168.131.1
DNS1=192.168.131.1
BONDING_OPTS="mode=0 miimon=50" 		#如果使用模式1将mode修改为1即可

2.修改eth0和eth1网卡配置文件
[root@wenhs5479 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
USERCTL=no
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
[root@wenhs5479 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
USERCTL=no
BOOTPROTO=none
MASTER=bond0
SLAVE=yes

3.添加驱动支持bond0
[root@wenhs5479 ~]# vim /etc/modprobe.d/bonding.conf
alias bond0 bonding

3.3 Centos7 / RHEL7配置团队聚合链路

centos/rhce7使用teaming实现聚合链路，能够提供网卡绑定之后的网络吞吐性能，并且提供网卡的故障切换处理能力。 Team是基于一个小型内核驱动实现聚合链路，用户在层提供teamd命令实现链路管理。

teamd可以实现以下模式的聚合链路

broadcast 广播容错

roundrobin 负载轮询

activebackup 主备(必考)

loadbalance 负载均衡

lacp 需要交换机支持lacp协议

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64


请使用命令行配置，图形界面配置不稳定

[root@wenhs5479 ~]# nmcli connection add type team con-name team0 config '{"runner":{"name":"activebackup"}}' ipv4.addresses 192.168.131.103/24 ipv4.gateway 192.168.131.1 ipv4.dns 192.168.131.1 ipv4.method manual 
连接“team0”(1cbeceec-a88b-4cc1-8c01-26197ea78f68) 已成功添加。
[root@wenhs5479 ~]#

添加物理网卡连接至team0
[root@wenhs5479 ~]#nmcli connection add type team-slave con-name team0-port1 ifname eth0 master team0
连接“team0-port1”(f34da831-b7d7-45b7-9ed7-19e3ba563283) 已成功添加。

[root@wenhs5479 ~]# nmcli connection add type team-slave con-name team0-port2 ifname eth1 master team0
连接“team0-port2”(a6f6b515-87c8-4ea9-84a0-24aef28e2d37) 已成功添加。
[root@wenhs5479 ~]# 

检查team0状态
[root@wenhs5479 ~]# ping -I nm-team 192.168.131.1
PING 192.168.131.1 (192.168.131.1) from 192.168.131.103 nm-team: 56(84) bytes of data.
64 bytes from 192.168.131.1: icmp_seq=1 ttl=255 time=0.440 ms
64 bytes from 192.168.131.1: icmp_seq=2 ttl=255 time=0.430 ms
64 bytes from 192.168.131.1: icmp_seq=3 ttl=255 time=0.470 ms
^C
--- 192.168.131.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.430/0.446/0.470/0.029 ms
[root@wenhs5479 ~]#
[root@wenhs5479 ~]# teamdctl nm-team state
setup:
  runner: activebackup
ports:
  eth0
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 0
  eth1
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 0
runner:
  active port: eth0
[root@wenhs5479 ~]#

断掉后检测
[root@wenhs5479 ~]# nmcli device disconnect eth1
成功断开设备 'eth1'。
[root@wenhs5479 ~]# teamdctl nm-team state
setup:
  runner: activebackup
ports:
  eth0
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 0
runner:
  active port: eth0
[root@wenhs5479 ~]#

动态修改团队模式

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36


导出配置进行修改 (man teamd.conf)
[root@wenhs5479 ~]# teamdctl nm-team config dump > /root/team.conf
[root@wenhs5479 ~]# vim team.conf

以最新修改的配置选项修改team0属性
[root@wenhs5479 ~]# nmcli connection modify team0 team.config /root/team.conf

修改之后需要重启team0
[root@wenhs5479 ~]# nmcli connection down team0
成功取消激活连接 'team0'（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/5）

[root@wenhs5479 ~]# nmcli connection up team0
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8)
[root@wenhs5479 ~]# nmcli connection up team0-port1
连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/10）
[root@wenhs5479 ~]# nmcli connection up team0-port2
连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/11）
[root@wenhs5479 ~]# teamdctl nm-team state
setup:
  runner: roundrobin
ports:
  eth0
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 0
  eth1
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 0
[root@wenhs5479 ~]#

1

做team实验注意:一开始配置都正确,而且无报错,查状态却显示网卡没有组成team,然后就把所有网卡连接断开,再把设备断开,重新做,即可成功

4.桥接网络配置

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25


创建桥接网络br1
[root@wenhs5479 ~]# nmcli connection add type bridge con-name br1 ifname br1 ipv4.addresses 192.168.131.103/24 ipv4.gateway 192.168.131.1 ipv4.method manual 
连接“br1”(d702846f-63e9-4cc8-b20c-282733775dbc) 已成功添加。

桥接至eth1
[root@wenhs5479 ~]# nmcli connection add type bridge-slave con-name br1-prot1 ifname eth0 master br1
连接“br1-prot1”(2d0a79d7-763d-482e-ba72-e04330a1f099) 已成功添加。

[root@wenhs5479 ~]# ping -I br1 192.168.131.1
PING 192.168.131.1 (192.168.131.1) from 192.168.131.103 br1: 56(84) bytes of data.
64 bytes from 192.168.131.1: icmp_seq=1 ttl=255 time=0.679 ms
64 bytes from 192.168.131.1: icmp_seq=2 ttl=255 time=0.431 ms
64 bytes from 192.168.131.1: icmp_seq=3 ttl=255 time=0.479 ms
^C
--- 192.168.131.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.431/0.529/0.679/0.110 ms
[root@wenhs5479 ~]#
[root@wenhs5479 ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
br1		8000.000c298a2a2e	yes		eth0
virbr0		8000.525400dcbd60	yes		virbr0-nic
[root@wenhs5479 ~]#

也可以再用一个网卡桥接到br1,断开eth0,工作的是eth1,不过真实环境中没什么用,实验玩玩就好

网络进阶管理

文章目录