Linux_ Advanced Network Management

Linux

1. Link Aggregation

NIC link aggregation is to connect multiple network cards when a card is damaged, the network can still function properly, it can effectively prevent damage caused by the loss because the card, but also can improve network access speed.

Link aggregation card:

• bond: you can add up to two network cards
• team: you can add up to eight card

common bond of two modes:

bond0(balance-rr)

• bond0 polling for a load (two separate networks are 100MB, the polymerization of a network transmission bandwidth is 200MB)

bond1(active-backup)

• bond1 for high availability, wherein if a line break, the other line will be automatically backup

                            --> eth0  ----\
    app  --发送数据到--> bond0          <---> switch 
                            --> eth1  ----/

2. bridged network

That bridge network bridge, may be based on the MAC address forwarding traffic between networks. Identifying which host bridges connected to each network, to build the MAC address table, and then make packet forwarding decisions based on the table.

The most common application is to bridge virtualized applications, hardware used to share a NIC in one or more virtual NIC in.

3. Link Aggregation Configuration

3.1 Centos7 / RHEL7 polymerization bond arranged link

3.1.1 Centos7 / RHEL7 configuration bond0

[root@wangqing ~]# nmcli device
DEVICE  TYPE      STATE         CONNECTION
eth0    ethernet  connected     eth0
eth1    ethernet  disconnected  --
lo      loopback  unmanaged     -- 

//创建bond0, 模式为balance-rr
[root@wangqing ~]# nmcli connection add type bond mode balance-rr con-name bond0 ifname bond0 ipv4.method manual ipv4.addresses 172.16.12.250/24 ipv4.gateway 172.16.12.2 ipv4.dns 172.16.12.2
Connection 'bond0' (83b7b2c9-fd9f-45e4-b6aa-512774cc6808) successfully added.

//添加物理网卡连接至bond0
[root@wangqing ~]# nmcli connection add type bond-slave con-name bond-slave0 ifname eth0 master bond0
Connection 'bond-slave0' (5642affa-217d-4e48-ac6c-6043f1657361) successfully added.
[root@wantqing ~]# nmcli connection add type bond-slave con-name bond-slave1 ifname eth1 master bond0
Connection 'bond-slave1' (1ef9017f-4b0d-46bf-95a1-f31be9353234) successfully added.

//查看bond配置信息
[root@wangqing ~]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: load balancing (round-robin)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:73:01:1a
Slave queue ID: 0

//关闭eth0网卡, 测试bond0是否正常
[root@wangqing ~]# nmcli device disconnect eth0

3.1.2 Centos7 / RHEL7 configuration bond1

[root@wangqing ~]# nmcli device
DEVICE  TYPE      STATE         CONNECTION
eth0    ethernet  connected     eth0
eth1    ethernet  disconnected  --
lo      loopback  unmanaged     --

//创建bond1，模式为active-backup
[root@wangqing ~]# nmcli connection add type bond con-name bond1 ifname bond1 mode active-backup ipv4.method manual ipv4.addresses 172.16.12.250/24 ipv4.gateway 172.16.12.2 ipv4.dns 172.16.12.2
Connection 'bond1' (d1074330-476c-46d6-a378-f3efe73c0660) successfully added.

//添加物理网卡连接至bond1
[root@wangqing ~]# nmcli connection add type bond-slave con-name bond-slave0 ifname eth0 master bond1
Connection 'bond-slave0' (be356c6f-f5d0-4231-a541-b1bfad60617b) successfully added.
[root@wangqing ~]# nmcli connection add type bond-slave con-name bond-slave1 ifname eth1 master bond1
Connection 'bond-slave1' (c04a43ca-d8f1-4899-b2b5-ca7a4095c262) successfully added.

//启用连接
[root@wangqing ~]# nmcli connection up bond1
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
[root@wangqing ~]# nmcli connection up bond-slave0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8)
[root@wangqing ~]# nmcli connection up bond-slave1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/9)

//验证
[root@wangqing ~]# cat /proc/net/bonding/bond1
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: eth0
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:73:01:10
Slave queue ID: 0

Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:73:01:1a
Slave queue ID: 0

//停止eth0物理网卡设备
[root@wangqing ~]# nmcli device disconnect eth0
Device 'eth0' successfully disconnected.

//eth1物理网卡设备会进行自动切换
[root@wangqing ~]# grep "Currently Active Slave" /proc/net/bonding/bond1
Currently Active Slave: eth1

3.2 Centos6 / RHEL6 polymerization bond arranged link

Suitable for RedHat6 and CentOS6

system	NIC	Address bond	bond mode	bond function
Centos6.5	eth0: 172.16.12.128 .eth1: 172.16.12.129	172.16.12.250	Mode 0	Load Balancing

//1.创建绑定网卡配置文件
[root@wangqing ~]# cat /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
TYPE=Ethernet
ONBOOT=yes
USERCTL=no
BOOTPROTO=static
IPADDR=172.16.12.250
NETMASK=255.255.255.0
GATEWAY=172.16.12.2
DNS1=172.16.12.2
BONDING_OPTS="mode=0 miimon=50" //如果使用模式1将mode修改为1即可

//2.修改eth0和eth1网卡配置文件
[root@wangqing ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
USERCTL=no
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
[root@wangqing ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
USERCTL=no
BOOTPROTO=none
MASTER=bond0
SLAVE=yes

//3.添加驱动支持bond0
[root@wangqing ~]# vim /etc/modprobe.d/bonding.conf
alias bond0 bonding

3.3 Centos7 / RHEL7 aggregated links arranged team

centos / rhce7 teaming implemented using aggregated links, network throughput performance can be provided after the binding card, and the card provides fault switching processing capability.
Team kernel driver is a small effect polymerization link provided teamd user command is implemented in the link management layer is based.

teamd polymerization mode can achieve the following link

Fault Tolerance for broadcast
roundrobin load polling
activebackup standby (compulsory)
loadbalance load balancing
lacp lacp protocol needs to support switch

//请使用命令行配置，图形界面配置不稳定

[root@wangqing ~]# nmcli connection add type team con-name team0 ifname team0 config '{"runner":{"name":"activebackup"}}' ipv4.addresses 172.16.12.250/24 ipv4.gateway 172.16.12.2 ipv4.dns 172.16.12.2 ipv4.method manual
Connection 'team0' (cd90d0ee-b65e-488c-8fd2-85facb1d6868) successfully added.

//添加物理网卡连接至team0
[root@wangqing ~]# nmcli connection add type team-slave con-name team0-port1 ifname eth1 master team0
Connection 'team-slave0' (34873b23-60ff-42cf-bf65-77479bcd7369) successfully added.
[root@wangqing ~]# nmcli connection add type team-slave con-name team0-port2 ifname eth2 master team0
Connection 'team-slave1' (3cfc524f-cbf8-4039-b511-830b90a23726) successfully added.

//检查team0状态
[root@wangqing ~]# ping -I team0 172.16.12.128
[root@wangqing ~]# teamdctl team0 state

//断掉后检测
[root@wangqing ~]# nmcli dev disconnect eth1
[root@wangqing ~]# teamdctl team0 state

4. bridged network configuration

创建桥接网络br1
[root@wangqing ~]# nmcli connection add type bridge con-name br1 ifname br1 ipv4.addresses 192.168.56.222/24 ipv4.method manual

桥接至eth1
[root@wangqing ~]# nmcli connection add type bridge-slave con-name br1-port1 ifname eth1 master br1

[root@wangqing ~]# ping -I br1 192.168.56.1
[root@wangqing ~]# brctl show