Shulou(Shulou.com)06/01 Report--

Network Management of Linux (3) small case of static routing

In the daily network, there is always a situation in which there are only a few routers and switches linked to the network will produce many different network segments, but each interface does not all point to the same, at least in one line. Similar to different company departments, network segments are different, but connected together, resulting in different network segments of each host. In order to solve this problem, some hosts connected in the middle can be simulated as routers to realize the communication between ip hosts of different network segments.

Simulation test:

Here, three host devices are simulated to build a network across nodes.

Preparatory work:

1. Use the vm virtual machine to simulate the linux system environment of three hosts. Here I prepare three hosts, and mark the three hosts as lab1, lab2 and lab4 respectively.

2. Plan some VPCs and ip to use

3. The network card connection mode of the three hosts must be the same. Here, because the physical host has only two network cards and only two gateways, so to use multiple gateways, I set up three virtual LAN zones: xx, yy, and zz.

4. Plan the network ip

5. Test whether the network card device of the host can be used normally.

Introduction to LAN regional network segment:

Xx network segment: 10.0.0.0amp 8 network segment

Yy network segment: 172.0.0.0and16 network segment

Zz network segment: 192.168.0.0According 24 network segment

Host network card network segment assignment:

The LAN host uses the network card IP address

Xx: lab1 eth0 10.0.0.10

Lab2 eth2 10.0.0.20

Yy: lab2 eth3 172.0.0.10

Lab4 eth0 172.0.0.20

Zz: lab4 eth2 192.168.0.10

The experimental phase:

View the ip of each network card

Lab1 eth0

Lab2 eth2

Lab2 eth3

Lab4 eth0

Lab4 eth2

Regulatory gateway routing:

Because there are only three LAN areas, the network segment is fixed, so you can directly set a default route for lab1.

Set the eth0 network card of the lab1 host:

1. Test the same network:

Lab1 accesses interface 10.0.0.10 of lab2 on xx network-- > 10.0.0.20

2. Set the lab1 gateway

1. Use the ip command to add a default gateway:

Ip roue add default via 10.0.0.20 dev eth0

Parsing: where default means default, that is, 0.0.0.0 network, via indicates the address of the next line, and dev indicates which network card device is configured, because lab1 has only one eth0 network card in the xx network, and the eth2 network card in lab2 is also in the xx network and in the same network segment, so the two kinds of ping can be connected directly, but if you want to access the eth3 network card in the lab2, that is, the yy network, you need to give the data to the eth2 network card of lab2. The lab2 then forwards the data.

2. View the route table of the lab1 host

Ip route show

Parsing: the last line here shows the default route entry you just added

3. Let's test whether lab1's eth0 interface can access eth3 through lab2's eth2 (172.0.0.10).

Parsing: being able to ping indicates that you can already access it

Set the network card of the lab2 host:

1. Test the network

# restart the lab2 network process test below

Note: the startup failed here because the process of this network service conflicts with the NetworkManager service process. Here we check whether NetworkManager is running:

# check the lab2NM service process below

Service NetworkManager status

# now that you have found that the NM service has really been started, turn off the service below:

Service NetworkManager stop

# lab2 start the network service again

Parsing: this shows that eth2 and eth3 have regained the ip address. Of course, it is still the same as the configuration just now. Test ping.

# ping name Test Communication (lab2 Test)

1. Lab2 accesses lab1's eth0 network card.

2. Lab2 visits lab4's eth0 network card.

3. Lab2 visits lab4's eth2 network card.

Parsing: why the ping is different here, because lab2 does not set up the network to 192.168.0.0, that is, the zz network, while the eth0 of lab4 can be accessed because the eth2 of lalb2 is in the same network (yy) network 172.0.0.0 network segment, so it is necessary to set a gateway for the eth3 of lab2.

2. Set up the gateway

# add a route entry to the eth3 of lab2 that can access the 192.168.0.0 network segment

Ip route add 192.168.0.0/24 via 172.0.0.20 dev eth3

Parsing: this is also similar to adding the default route for lab1, and lab1 needs to transfer data to the eth2 interface of lab2 in the network segment. Therefore, if lab2 wants to access the 192.168.0.0 network segment of lab4, it needs to send the data to the interface connected to the lab4 network interface, that is, the eth3 interface of lab2, and 172.0.0.20 is the eth0 interface of lab4, and then establish access.

# check the routing table of lab2 and confirm that it has been added successfully

Ip route show

Description: on the second line and showing the newly added routes, test the eth2 interface that accesses lab4

3. Access the test again

Lab2 test

# lab2 accesses the 192.168.0.0 network segment

Parsing: you can also communicate with ping, so let's think about whether lab1 can access lab2 instead of lab4 indirectly. Let's test it:

Lab1 test

# lab1 visits lab4 eth0 172.0.0.20

Parsing: it seems that it cannot be accessed through this. Although the gateway is set up here, packets of lab1 are not forwarded to lab4 through the eth3 API of lab2 by default in the linux kernel.

4. Set to enable forwarding function.

1. View and enable the ip forwarding function of lab2

Cat / proc/sys/net/ipv4/ip_forward # is turned off for 0 and enabled for 1

Parsing: / proc files generated for the system process of the system kernel module cannot be modified directly, so you can use redirection. Note that only one parameter is received here.

Parsing: think of lab2 receiving data from lab1, going through eth2, and then forwarding it to eth3, but lab4 does not recognize it, so you need to turn on lab4 forwarding to receive data.

Set the network card of lab4:

1. Set up lab4 routing and forwarding

# enable lab4 forwarding feature

Echo 1 > / proc/sys/net/ipv4/ip_forward

# lab1 visits lab4's 172.0.0.20 again

The discovery still fails because lab4 does not have a routing table for the 10.0.0.0 network segment. Add the route for the xx network segment to lab4 below.

# add a routing entry to lab4 to access the 10.0.0.0 network segment

Ip route add 10.0.0.0/8 via 172.0.0.10 dev eth0

# use lab1 to access 172.0.0.20 of lab4 again

# use lab1 to access 192.0.0.10 of lab4 again

Parsing: it is also accessible, because according to the forwarding function of the linux kernel and the ability to forward data at will

2. Test lab4 to access lab1

# then lab4 can also access the address of the 10.0.0.0 network segment at the same time

Optimize

When we add routes are temporary, restart the host or network service will fail, so you can write the routing configuration to the configuration file

Lab1 settings:

1. Set routing configuration

Cd / etc/sysconfig/network-scripts/ # switch to the network footsteps directory vim route-eth0 # to create and edit files

2. Start the service again and test whether to read the data from the configuration file to set the

Resolution: 0.0.0.0 indicates all network segments, and read configuration and success are indicated here.

Lab2 settings:

1. Set routing configuration

2. Set ip forwarding to take effect permanently

Of course, there are also modified linux kernel parameters, which need to be modified in the / etc/sysctl.conf file.

# set the value of ip_forward = here to 1 to enable, and default to 0 to disable

Vim / etc/sysctl.conf

# after you modify and save it, it cannot take effect directly. You need to use the command to reread the system parameter configuration file

Sysctl-p

Lab4 configuration:

1. Lab4 routing configuration

Note: after setting up, of course, modify the value of ip_forward in the / etc/sysctl.conf file under its system. Here, the process is the same as lab2 configuration. You can refer to the process of configuring system kernel parameters by lab2.

Additional note: here I disable the firewall function by default. By default, if there is an entry in the firewall, if you start ip_forward forwarding again, you can still not ping the same, you can use to disable the service or clear the firewall.

Iptables-F # clear firewall service iptables stop # turn off firewall service

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.