Shulou(Shulou.com)06/01 Report--

Basics of Linux Network Management

Dynamic routing

Bonding

Network Teaming

Static routing experiment

Linux network management, understanding the basic network knowledge is the foundation, in addition to this, to master the ifconig command, ip command, nmcli command (CentOS 7), as well as the configuration files related to the network.

Configure dynamic routing:

Obtain dynamic routing through the daemon, install the quagga package, support RIP, OSPF, BGP, and configure through the command vtysh.

[root@centos6 ~] # yum-y install quagga

Change to the directory of service startup scripts or start directly with servifce:

Check to see if OSPF is started

[root@centos6 / etc/rc.d/init.d] #. / ospfd statusospfd is stopped [root@centos6 / etc/rc.d/init.d] #. / ospfd start # launch [root@centos6 / etc/rc.d/init.d] #. / ospfd statusospfd is stopped # failed to launch [root@centos6 / etc/rc.d/init.d] # at this time: [root@centos6 / etc/ Rc.d/init.d] # cd / etc/quagga [root@centos6 / etc/quagga] # lsbgpd.conf.sample ospf6d.conf.sample ripd.conf.sample vtysh.conf zebra.confbgpd.conf.sample2 ospfd.conf.sample ripngd.conf.sample vtysh.conf.sample zebra.conf.sample [root@centos6 / etc/quagga] # mv ospfd.conf.sample ospfd.conf # rename Remove .sample [root@centos6 / etc/quagga] # start OSPF again: [root @ centos6 ~] # service ospfd startStarting ospfd: [OK] [root@centos6 ~] # service ospfd statusospfd (pid 2420) is running... [root@centos6 ~] #

Let's run OSPF:

Bonding

The so-called Bonding is to bind multiple network cards to the same IP address to provide services, so as to achieve high availability or load balancing. its implementation idea is similar to the link aggregation of layer 2 or layer 3 in the Cisco network. Two different router interfaces cannot set the same IP, and the same two different network cards cannot set the same IP. Therefore, Bonding virtualizes two network cards into one network card to provide services. The physical Nic will be modified to the same MAC address

There are three different modes for Bonding Mode:

Mode 0 (balance-rr) Round Robin (Round-robin) policy: packets are sent on each slave interface sequentially from beginning to end. This model provides load balancing and fault tolerance capabilities Mode 1 (active-backup) activity-backup (active / standby) strategy: in the binding, only one slave is activated. Other slave is activated when and only if the active slave interface fails. To avoid switch confusion, the Mode 3 (broadcast) broadcast policy is visible on only one external port of the bound MAC address: all messages are sent on all slave interfaces. This model provides fault tolerance.

Before conducting the Bonding experiment, we need to know the udev-related configuration files of network card aliases and device aliases and network interface identification and commands!

Nic alias: binds multiple IP addresses to a NIC, similar to the concept of subinterfaces in a network.

Eth0:1, eth0:2, eth0:3 [root@centos6 ~] # ifconfig eth0:0 10.1.250.11 root@centos6 24 [root@centos6 ~] # ifconfig eth0:1 10.1.251.11 Compact 14 [root@centos6 ~] #

If you have a network card, you can avoid switching back and forth between multiple IP addresses!

Try the ip command again:

[root@centos6 ~] # ip addr add 10.1.251.55 ip addr add 24 dev eth2 label eth2:0 [root@centos6 ~] # ip addr add 10.1.250.66 ip addr add 16 dev eth2 label eth2:1 [root@centos6 ~] # ip addr add 192.168.10.1 ip addr add 24 dev eth2 label eth2:1

The above configuration is invalid after restarting the network service!

Device aliases: generate a separate interface profile for each device alias

Don't get dizzy first, whether it's a network card alias or a device alias, they are all aliases, and the network card is also a device, so they essentially refer to the same "implementation", but not in different ways. The former is a direct command line implementation, temporarily valid, while the latter is to directly write the configuration file to make it permanent. Note that when writing the configuration file for the device alias, turn off the NetworkManager service! And must be statically connected! Restart works!

[root@centos6 ~] # service NetworkManager stop Stopping NetworkManager daemon: [OK] [root@centos6 ~] # [root@centos6 ~] # chkconfig NetworkManager off # permanently disable this service [root@centos6 ~] #

Create directly in the network profile directory

[root@centos6 / etc/sysconfig/network-scripts] # cat ifcfg-eth0:0DEVICE=eth0:0IPADDR=192.168.10.1PREFIX=24ONPARENT=yes [root@centos6 / etc/sysconfig/network-scripts] #

Udev profile

The network interface identifies and names the relevant udev profile:

/ etc/udev/rules.d

Install and uninstall the network card

Dmesg, ethtoolmodprobe, rmmod

The dmesg command is used to check and control the kernel's ring buffer. Kernel stores boot information in ring buffer. If you don't have time to check the information when you boot, you can use dmesg to check it. Boot information is saved in / var/log/dmesg file.

The ethtool command is used to get configuration information for the Ethernet card, or to modify these configurations. This command is more complex and has many functions. Its information comes from the network card driver layer, that is, the link layer of the TCP/IP protocol.

The modprobe command is used to intelligently load or remove modules from the kernel.

Check the network card: dmesg | grep-i eth ethtool-I eth0 uninstall the network card driver: modprobe-r e1000 rmmod e1000 load the network card driver: modprobe e1000

OK, let's load the network card again.

Through the above examples, we also have a certain sense of the basic configuration of the Internet and the network, now let's do a Bonding!

Create a bonding device profile

Bonding is a logical concept, that is, a virtual network card, so after setting up the bonding configuration file, it must be supported by a physical network card. That is, MASTER and SLAVE,MASTER are specified as bonding devices, and SLAVE is the physical network card.

This bonding configuration file is roughly the same as the ordinary network card configuration file, except that there is a unique option of bonding: BONDING_OPTS, the sub-option miimong represents the link detection interval, in milliseconds, if miimon=100, then the system monitors the link connection status every 100ms, and if one line fails, it goes into the mode that mode represents Bonding on another line.

[root@centos6 / etc/sysconfig/network-scripts] # cat ifcfg-bond0 DEVICE=bond0BOOTPROTO=staticIPADDR=10.1.255.11PERFIX=16DNS1=114.114.114.114DNS2=8.8.8.8GATEWAY=10.1.0.1BONDING_OPTS= "miimon=100 mode=1" [root@centos6 / etc/sysconfig/network-scripts] # [root@centos6 / etc/sysconfig/network-scripts] # cat ifcfg-eth0DEVICE=eth0ONBOOT=yesSLAVE=yesMASTER=bond0 [root@centos6 / etc/sysconfig/network-scripts] # cat ifcfg-eth2DEVICE=eth2ONBOOT=yesSLAVE=yesMASTER=bond0 [root@centos6 / etc/sysconfig/network-scripts] #

Restart the network service to make bonding effective:

View bonding status

Test Bonding

Down drops the active network card eth0 of the current bond0.

See if bond0's IP is still continuing ping.

View the network cards that are currently active in bond0

As a result, the mode1 active / standby mode of bonding has been successfully switched!

At this point, we restart the network card eth0 to see if it can seize the active interface again. If not, we restart the network service to see if it can preempt the active network card.

We found that eth0 did not preempt the active interface again after restart, which also made the network relatively stable. All right, let's restart the network service again.

After restarting the network service, eth0 successfully preempted as the active interface.

Delete bonding:Down, delete bond interface, delete its configuration file, and restart network service.

At this point, we summarize the main formats of the network configuration file:

ONBOOT: whether to activate this device during system boot TYPE: interface type Common Ethernet, BridgeUUID: unique identification of the device IPADDR: indicate IP address NETMASK: subnet mask GATEWAY: default gateway DNS1: the first DNS server points to DNS2: the second DNS server points to USERCTL: whether ordinary users can control this device PEERDNS: if the value of BOOTPROTO is "dhcp", whether the dns server assigned by dhcp server is allowed to overwrite the pointing information directly to the Network Teaming in the / etc/resolv.conf file

Netgroup Network Teaming, in fact, is the advanced version of Bonding, the so-called netgroup, which aggregates multiple network cards together to achieve redundancy and improve throughput. It provides better performance and scalability than bonding, and netgroups are implemented by kernel drivers and teamd daemons. The network group function is mainly realized by nmcli commands. Nmcli is a command set, which is well supported on CentOS 7.

There are several ways to runner:

Multiple ways of runner broadcast roundrobin activebackup loadbalance lacp (implements the 802.3ad Link Aggregation Control Protocol)

Characteristics of netgroups:

Starting the netgroup interface will not automatically start the port interface in the netgroup. Starting the port interface in the netgroup interface will not automatically start the netgroup interface. Disabling the netgroup interface will automatically disable the port interface in the netgroup. The netgroup interface without the port interface can start a static IP connection. When the DHCP connection is enabled, the netgroup without the port interface will wait for the port interface to join.

Nmcli command

NAME nmcli-command-line tool for controlling NetworkManagerSYNOPSIS nmcli [OPTIONS] OBJECT {COMMAND | help} OBJECT: = {general | networking | radio | connection | device | agent} OPTIONS: = {- t [erse] concise-p [retty] output humans-m [mode] tabular | multiline-f [ields] | all | common-e [scape] yes | no escape: to escape': 'and'\'- n [ocheck]- A [sk]-w [ait]-v [ersion]-h [elp]} connection-start Stop, and manage network connectionsCOMMAND: = {show | up | down | add | edit | modify | delete | load} device-show and manage network interfacesCOMMAND: = {status | show | connect | disconnect | delete | wifi | wimax}

Use the example

Nmcli-t-f RUNNING general tells you whether NetworkManager is running or not.nmcli-t-f STATE general shows the overall status of NetworkManager. Nmcli connection show lists all connections NetworkManager has. Nmcli connection show-- active lists all currently active connections.nmcli device status shows the status for all devices.

The nmcli command set supports abbreviations!

[root@centos7 ~] # nmcli-t-f RUNNING generalrunning [root@centos7 ~] # nmcli-t-f STATE general connected [root@centos7 ~] # [root@centos7 ~] # nmcli con show-actNAME UUID TYPE DEVICE Wired connection 1 a7925ed3-dc18-44d6-9ff4-fed0a3b3ea49 802-3-ethernet eth2 virbr0 94c2eaa2-c9d1-4960-a3d3-34e7f785a194 bridge Virbr0 eth0 3e132822-6672-45f2-8863-b0e905a4d58b 802-3-ethernet eth0 [root@centos7] # nmcli device statusDEVICE TYPE STATE CONNECTION virbr0 bridge connected virbr0 eth0 ethernet connected eth0 eth2 ethernet connected Wired connection 1 virbr0-nic ethernet unavailable-- lo loopback unmanaged-- [root@centos7 ~] #

Next, let's create a netgroup. The main steps for creating a netgroup are as follows:

Create a netgroup interface

Nmcli con add type team con-name CNAME ifname INAME [config JSON] CNAME connection name, INAME API name JSON specifies the runner format:'{"runner": {"name": "METHOD"}} 'METHOD can be broadcast, roundrobin, activebackup, loadbalance, lacp

Create a port interface

Nmcli con add type team-slave con-name CNAME ifname INAME master TEAM CNAME connection name INAME network interface name TEAM network group interface name if not specified, default is team-slave-IFACE nmcli dev dis INAME nmcli con up CNAME INAME device name CNAME network group interface name or port interface

Activate the netgroup and port interface

Note:

After modifying the connection configuration, you need to reload the configuration nmcli con reload nmcli con down "system eth0" can be automatically activated nmcli con up "system eth0" nmcli dev dis eth0 disable the network card, access to be automatically activated graphics tool nm-connection-editor

The experiment begins:

Create netgroup interface and port interface, keyword: nmcli con add

[root@centos7 ~] # nmcli con add type team con-name team0 ifname team0 config'{"runner": {"name": "activebackup"}'# create the netgroup interface team0Connection 'team0' (b831a407-ec7d-4424-a918-c8e1a48ab1c6) successfully added. [root@centos7 ~] # [root@centos7 ~] # nmcli con add type team-slave con-name team0-port0 ifname eth0 master team0 # create the port interface eth0Connection' team0-port0' (9e4984aaafue 585aMel 465c- 9534-e0660be4eca0) successfully added. [root@centos7 ~] # [root@centos7 ~] # nmcli con add type team-slave con-name team0-port1 ifname eth2 master team0 # create port interface eth2Connection 'team0-port1' (e4c70974-97a0-4ab2-867c-16dd70798b20) successfully added. [root@centos7 ~] #

Configure the IP address for the netgroup, keyword: nmcli con mod

[root@centos7 ~] # nmcli con mod team0 ipv4.addresses 10.1.252.100 Compact 24 [root@centos7 ~] # nmcli con mod team0 ipv4.method manual [root@centos7 ~] #

Activate netgroup interface and port interface, keyword: nmcli con up

We also found that the following files were automatically added under the network configuration file directory:

Open ifcfg-team0

Open ifcfg-team0-port0

Of course, the content of ifcfg-team0-port1 is similar!

Test:

View the IP of team0 and its status:

It is obvious that the active interface of team0 is eth0.

Down without team0-port0

View active Interfac

Successfully switched to eth2!

But at this time, but ping does not have access to team0, we try to activate team0-port1 again, only to find that it can be normal ping!

There may be a large delay here, so simply reactivate the currently active interface team0-port1. It depends on some character here!

Down without team0-port1

UPteam0-port0 again

Eth0 successfully became an active interface, and automatically ping team0, the test is successful!

+ + +

Note that during the network group experiment, do not restart the network service, otherwise, the status of team0 will be abnormal! Of course, there is no team0 for ping at this time! If you inadvertently restart the network service, you need to restart the activation group interface and the port interface, and the status of the team0 will be normal, and accordingly you will be able to ping team0!

+

Static routing experiment

Experimental environment:

R1,R2

PC1,PC2

The topology diagram is as follows:

IP Planning:

PC1: 192.168.10.1/24PC2: 172.16.10.1/16R1 、 R2: 10.1.1.0/32

Preparation for the experiment:

The routing function should be turned on when the host simulates the router

The router is going to shut down the NetworkManager service

Turn off the firewall: iptables-F

Configuration:

Configure IP

PC1:

PC2:

R1:

R2:

Configure routin

PC1 Gateway

PC2 Gateway

R1 rout

R2 rout

Test:

Respective gateways of PC1 and PC2ping

PC1 and PC2 ping each other

Route tracking:

This paper mainly introduces the basic knowledge related to the network in Linux, including how to configure IP and routing, how to create a Bonding and Network Teaming, and the last static route experiment is to experience how the data passes through the next hop and how it is routed to the destination.

Stop the war

2016.9.9

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.