48.第十章 网络协议和管理配置(九)

4.6 多网卡 bonding

将多块网卡绑定同一IP地址对外提供服务,可以实现高可用或者负载均衡。直接给两块网卡设置同一IP地址是不可以的。通过 bonding,虚拟一块网卡对外提供连接,物理网卡的被修改为相同的MAC地址

4.6.1 Bonding 工作模式

共7种模式:0-6 Mode

  • Mode 0 (balance-rr): 轮询(Round-robin)策略,从头到尾顺序的在每一个slave接口上面发送数据包。本模式提供负载均衡和容错的能力
  • Mode 1 (active-backup): 活动-备份(主备)策略,只有一个slave被激活,当且仅当活动的slave接口失败时才会激活其他slave.为了避免交换机发生混乱此时绑定的MAC地址只有一个外部端口上可见
  • Mode 3 (broadcast):广播策略,在所有的slave接口上传送所有的报文,提供容错能力

说明:

active-backup、balance-tlb 和 balance-alb 模式不需要交换机的任何特殊配置。其他绑定模式需要配置交换机以便整合链接。如:Cisco 交换机需要在模式 0、2 和 3 中使用 EtherChannel,但在模式4中需要 LACP和 EtherChannel

4.6.2 Bonding 配置

详细帮助:

/usr/share/doc/kernel-doc-<version>/Documentation/networking/bonding.txt
https://www.kernel.org/doc/Documentation/networking/bonding.txt

创建bonding设备的配置文件

/etc/sysconfig/network-scripts/ifcfg-bond0
NAME=bond0
TYPE=bond
DEVICE=bond0
BOOTPROTO=none
IPADDR=10.0.0.100
PREFIX=8
#miimon指定链路监测时间间隔。如果miimon=100,那么系统每100ms 监测一次链路连接状态,如果有一条线路不通就转入另一条线路
BONDING_OPTS="mode=1 miimon=100 fail_over_mac=1"

/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
NAME=eth0
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
ONBOOT=yes

/etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
NAME=eth1
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
ONBOOT=yes

查看bond0状态:

/proc/net/bonding/bond0

删除bond0

ifconfig bond0 down
rmmod bonding

范例:

[root@rocky8 ~]# yum -y install kernel-doc

[root@rocky8 ~]# rpm -ql kernel-doc |grep bond
/usr/share/doc/kernel-doc-4.18.0/Documentation/networking/bonding.txt

[root@rocky8 ~]# cat /usr/share/doc/kernel-doc-4.18.0/Documentation/networking/bonding.txt

[root@rocky8 network-scripts]# vim ifcfg-bond0
NAME=bond0
TYPE=bond
DEVICE=bond0
BOOTPROTO=none
IPADDR=172.31.0.100
PREFIX=8
BONDING_OPTS="mode=1 miimon=100 fail_over_mac=1"
#miimon指定链路检测时间间隔,如果miimon=100,那么系统每100ms监测一次链路连接状态,如果有一条线路不通就转入另一条线路
#生产中不加fail_over_mac=1,这里因为是vmware环境,不加可能有问题

[root@rocky8 network-scripts]# vim ifcfg-eth0
DEVICE=eth0
NAME=eth0 
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
ONBOOT=yes

[root@rocky8 network-scripts]# vim ifcfg-eth1
DEVICE=eth1
NAME=eth1
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
ONBOOT=yes

[root@rocky8 network-scripts]# nmcli connection
NAME                UUID                                  TYPE      DEVICE 
eth0                5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
eth1-home           a078d608-526b-f5ed-ca54-5ff3b8105fe7  ethernet  eth1   
eth1-home           9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04  ethernet  --     
Wired connection 1  8f66d694-494f-31db-99a6-97673f8ece0b  ethernet  --     
[root@rocky8 network-scripts]# nmcli connection reload
[root@rocky8 network-scripts]# nmcli connection
NAME                UUID                                  TYPE      DEVICE 
eth0                5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
eth1-home           a078d608-526b-f5ed-ca54-5ff3b8105fe7  ethernet  eth1   
bond0               ad33d8b0-1f7b-cab9-9447-ba07f855b143  bond      bond0  
eth1                9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04  ethernet  --     
Wired connection 1  8f66d694-494f-31db-99a6-97673f8ece0b  ethernet  -- 

[root@rocky8 network-scripts]# nmcli connection up bond0
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/10)
[root@rocky8 network-scripts]# nmcli connection up eth0

48.第十章 网络协议和管理配置(九)

现在就设置成功了

[root@centos7 network-scripts]# ping 172.31.0.100
PING 172.31.0.100 (172.31.0.100) 56(84) bytes of data.
64 bytes from 172.31.0.100: icmp_seq=1 ttl=64 time=0.934 ms
64 bytes from 172.31.0.100: icmp_seq=2 ttl=64 time=0.333 ms
64 bytes from 172.31.0.100: icmp_seq=3 ttl=64 time=0.355 ms
^C
--- 172.31.0.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.333/0.540/0.934/0.279 ms

[root@rocky8 ~]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v4.18.0-305.3.1.el8_4.x86_64

Bonding Mode: fault-tolerance (active-backup) (fail_over_mac active)
Primary Slave: None
Currently Active Slave: eth0 #现在eth0是主
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0

Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:f9:6a:d1
Slave queue ID: 0

Slave Interface: eth1 #eth1是从
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:f9:6a:db
Slave queue ID: 0

#现在把eth0断开连接

[root@rocky8 ~]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v4.18.0-305.3.1.el8_4.x86_64

Bonding Mode: fault-tolerance (active-backup) (fail_over_mac active)
Primary Slave: None
Currently Active Slave: eth1 #eth1就自动切上去了
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0

Slave Interface: eth0
MII Status: down
Speed: Unknown
Duplex: Unknown
Link Failure Count: 1
Permanent HW addr: 00:0c:29:f9:6a:d1
Slave queue ID: 0

Slave Interface: eth1
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:f9:6a:db
Slave queue ID: 0

[root@rocky8 network-scripts]# vim ifcfg-bond0
NAME=bond0
TYPE=bond
DEVICE=bond0
BOOTPROTO=none
IPADDR=172.31.0.100
PREFIX=8
BONDING_OPTS="mode=0 miimon=100 fail_over_mac=1"
#改成0模式

[root@rocky8 network-scripts]# nmcli connection reload
[root@rocky8 network-scripts]# nmcli connection up bond0
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/13)

[root@rocky8 network-scripts]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v4.18.0-305.3.1.el8_4.x86_64

Bonding Mode: load balancing (round-robin) #改成轮询模式
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0

Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:f9:6a:d1
Slave queue ID: 0

Slave Interface: eth1
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:f9:6a:db
Slave queue ID: 0

4.7 CentOS 7 以上版网络配置

参考文档

https://access.redhat.com/documentation/enus/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/consistent-network-interface-device-naming_configuring-and-managing-networking

CentOS 6之前,网络接口使用连续号码命名:eth0、eth1等,当增加或删除网卡时,名称可能会发生变化,CentOS 7以上版使用基于硬件,设备拓扑和设置类型命名

CentOS 8 中已弃用network.service,采用NetworkManager(NM)为网卡启用命令。CentOS 8 仍可以安装network.service作为网卡服务,只是默认没有安装,具体方法为: dnf install networkscripts,不过官方已明确在下一个大版本中,将彻底放弃network.service,不建议继续使用network.service管理网络。

4.7.1 网卡命名机制

systemd对网络设备的命名方式

  1. 如果Firmware或BIOS为主板上集成的设备提供的索引信息可用,且可预测则根据此索引进行命名,如:eno1
  2. 如果Firmware或BIOS为PCI-E扩展槽所提供的索引信息可用,且可预测,则根据此索引进行命名,如:ens1
  3. 如果硬件接口的物理位置信息可用,则根据此信息命名,如:enp2s0
  4. 如果用户显式启动,也可根据MAC地址进行命名,如:enx2387a1dc56
  5. 上述均不可用时,则使用传统命名机制

基于BIOS支持启用biosdevname软件

内置网卡:em1,em2
pci卡:pYpX Y:slot ,X:port

网卡组成格式

en: Ethernet 有线局域网
wl: wlan 无线局域网
ww: wwan无线广域网
o<index>: 集成设备的设备索引号
s<slot>: 扩展槽的索引号
x<MAC>: 基于MAC地址的命名
p<bus>s<slot>: enp2s1

使用传统命名方式:
(1) 编辑/etc/default/grub配置文件

GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"

(2) 为grub2生成其配置文件

On a system with UEFI boot mode:
# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg

On a system with legacy boot mode:
# grub2-mkconfig -o /boot/grub2/grub.cfg
# grub2-mkconfig -o /etc/grub2.cfg

(3) 重启系统

# reboot

4.7.2 主机名

配置文件:

/etc/hostname

默认没有此文件,通过DNS反向解析获取主机名,主机名默认为:localhost.localdomain

设置主机名

hostnamectl set-hostname centos7.raymond.com

删除文件/etc/hostname,恢复主机名localhost.localdomain

显示主机名信息

hostname
hostnamectl status

范例:

[root@rocky8 network-scripts]# cat /etc/hostname
rocky8

[root@centos6 ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=centos6

[root@rocky8 network-scripts]# hostnamectl set-hostname rocky8.raymond.com
[root@rocky8 network-scripts]# cat /etc/hostname
rocky8.raymond.com

4.7.3 网络配置工具 nmcli

图形工具:nm-connection-editor

字符配置 tui工具:

  • nmtui
  • nmtui-connect
  • nmtui-edit
  • nmtui-hostname

命令行工具:nmcli

以上工具都依赖NetworkManager服务,此服务是管理和监控网络设置的守护进程

nmcli命令

nmcli命令相关术语

  • 设备即网络接口
  • 连接是对网络接口的配置,一个网络接口可有多个连接配置,但同时只有一个连接配置生效

格式:

nmcli [ OPTIONS ] OBJECT { COMMAND | help }
	device - show and manage network interfaces
	nmcli device help
	connection - start, stop, and manage network connections
	nmcli connection help

修改IP地址等属性:

nmcli connection modify IFACE [+|-]setting.property value
setting.property: ipv4.addresses ipv4.gateway ipv4.dns1 ipv4.method manual | auto

修改配置文件执行生效:

nmcli con reload
nmcli con up con-name
nmcli con mod ifcfg**-*** 文件
ipv4.method manual BOOTPROTO=none
ipv4.method auto BOOTPROTO=dhcp
ipv4.addresses 192.168.2.1/24 IPADDR=192.168.2.1 PREFIX=24
ipv4.gateway 172.16.0.200 GATEWAY=192.0.2.254
ipv4.dns 8.8.8.8 DNS0=8.8.8.8
ipv4.dns-search example.com DOMAIN=example.com
ipv4.ignore-auto-dns true PEERDNS=no
connection.autoconnect yes ONBOOT=yes
connection.id eth0 NAME=eth0
connection.interface-name eth0 DEVICE=eth0
802-3-ethernet.mac-address . . . HWADDR= . . .

范例:

#查看帮助
nmcli con add help

#使用nmcli配置网络
nmcli con show

#显示所有活动连接
nmcli con show --active

#显示网络连接配置
nmcli con show "System eth0“

#显示设备状态
nmcli dev status

#显示网络接口属性
nmcli dev show eth0

#创建新连接default,IP自动通过dhcp获取
nmcli con add con-name default type Ethernet ifname eth0

#删除连接
nmcli con del default

#创建新连接static ,指定静态IP,不自动连接
nmcli con add con-name static ifname eth0 autoconnect no type Ethernet ipv4.addresses 172.25.X.10/24 ipv4.gateway 172.25.X.254

#启用static连接配置
nmcli con up static

#启用default连接配置
nmcli con up default

#修改连接设置
nmcli con mod “static” connection.autoconnect no
nmcli con mod “static” ipv4.dns 172.25.X.254
nmcli con mod “static” +ipv4.dns 8.8.8.8
nmcli con mod “static” -ipv4.dns 8.8.8.8
nmcli con mod “static” ipv4.addresses “172.16.X.10/24 172.16.X.254”
nmcli con mod “static” +ipv4.addresses 10.10.10.10/16

#DNS设置存放在/etc/resolv.conf,PEERDNS=no 表示当IP通过dhcp自动获取时,dns仍是手动设置,不自动获取等价于下面命令
nmcli con mod “system eth0” ipv4.ignore-auto-dns yes

范例:

[root@rocky8 ~]# nmcli connection #查看连接
NAME                UUID                                  TYPE      DEVICE 
eth0                5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
con-eth1            a078d608-526b-f5ed-ca54-5ff3b8105fe7  ethernet  eth1   
con-eth1            9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04  ethernet  --     
Wired connection 1  8f66d694-494f-31db-99a6-97673f8ece0b  ethernet  --  

[root@rocky8 ~]# nmcli device #查看设备
DEVICE  TYPE      STATE      CONNECTION 
eth0    ethernet  connected  eth0       
eth1    ethernet  connected  con-eth1   
lo      loopback  unmanaged  --  

[root@rocky8 ~]# nmcli device show eth1 #查看网卡信息
GENERAL.DEVICE:                         eth1
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         00:0C:29:F9:6A:DB
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     con-eth1
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/4
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         172.16.0.8/16
IP4.GATEWAY:                            172.16.0.254
IP4.ROUTE[1]:                           dst = 172.16.0.0/16, nh = 0.0.0.0, mt = 101
IP4.ROUTE[2]:                           dst = 0.0.0.0/0, nh = 172.16.0.254, mt = 101
IP4.DNS[1]:                             180.76.76.76
IP4.DNS[2]:                             223.5.5.5
IP6.ADDRESS[1]:                         fe80::20c:29ff:fef9:6adb/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = ff00::/8, nh = ::, mt = 256, table=255
IP6.ROUTE[2]:                           dst = fe80::/64, nh = ::, mt = 256

[root@rocky8 ~]# nmcli connection
NAME                UUID                                  TYPE      DEVICE 
eth0                5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
con-eth1            a078d608-526b-f5ed-ca54-5ff3b8105fe7  ethernet  eth1   
con-eth1            9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04  ethernet  --     
Wired connection 1  8f66d694-494f-31db-99a6-97673f8ece0b  ethernet  --     
[root@rocky8 ~]# nmcli connection show con-eth1
connection.id:                          con-eth1
connection.uuid:                        a078d608-526b-f5ed-ca54-5ff3b8105fe7
connection.stable-id:                   --
connection.type:                        802-3-ethernet
connection.interface-name:              eth1
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
connection.autoconnect-retries:         -1 (default)
connection.multi-connect:               0 (default)
connection.auth-retries:                -1
connection.timestamp:                   1635164219
connection.read-only:                   no
connection.permissions:                 --
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (default)
connection.secondaries:                 --
connection.gateway-ping-timeout:        0
connection.metered:                     unknown
connection.lldp:                        default
connection.mdns:                        -1 (default)
connection.llmnr:                       -1 (default)
connection.wait-device-timeout:         -1
802-3-ethernet.port:                    --
802-3-ethernet.speed:                   0
...


[root@rocky8 ~]# nmcli connection modify con-eth1 con-name eth1-home #改NAME名
[root@rocky8 ~]# nmcli connection
NAME                UUID                                  TYPE      DEVICE 
eth0                5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
eth1-home           a078d608-526b-f5ed-ca54-5ff3b8105fe7  ethernet  eth1   
con-eth1            9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04  ethernet  --     
Wired connection 1  8f66d694-494f-31db-99a6-97673f8ece0b  ethernet  -- 

[root@rocky8 ~]# nmcli connection modify eth1-home ipv4.addresses 1.1.1.1/24 #修改IP地址
[root@rocky8 ~]# nmcli connection
NAME                UUID                                  TYPE      DEVICE 
eth0                5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
eth1-home           a078d608-526b-f5ed-ca54-5ff3b8105fe7  ethernet  eth1   
con-eth1            9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04  ethernet  --     
Wired connection 1  8f66d694-494f-31db-99a6-97673f8ece0b  ethernet  --     
[root@rocky8 ~]# nmcli connection reload
[root@rocky8 ~]# nmcli connection up eth1-home
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[root@rocky8 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
    inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 172.31.1.100/8 brd 172.255.255.255 scope global noprefixroute eth0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fef9:6ad1/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
    inet 1.1.1.1/24 brd 1.1.1.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fef9:6adb/64 scope link 
       valid_lft forever preferred_lft forever

[root@rocky8 ~]# cdnet
[root@rocky8 network-scripts]# vim ifcfg-eth1 
DEVICE=eth1
NAME=eth1-home
BOOTPROTO=dhcp
IPADDR=1.1.1.1
PREFIX=24
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
ONBOOT=yes

[root@rocky8 network-scripts]# nmcli connection reload;nmcli connection up eth1-home
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)

[root@rocky8 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
    inet 172.31.1.8/21 brd 172.31.7.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet 172.31.1.100/8 brd 172.255.255.255 scope global noprefixroute eth0:1
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fef9:6ad1/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
    inet 1.1.1.1/24 brd 1.1.1.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet 172.31.7.6/21 brd 172.31.7.255 scope global dynamic noprefixroute eth1
       valid_lft 1787sec preferred_lft 1787sec
    inet6 fe80::20c:29ff:fef9:6adb/64 scope link 
       valid_lft forever preferred_lft forever

[root@rocky8 network-scripts]# nmcli connection modify eth1-home -ipv4.addresses 1.1.1.1/24		#删除IP地址
[root@rocky8 network-scripts]# cat ifcfg-eth1
DEVICE=eth1
NAME=eth1-home
BOOTPROTO=dhcp
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
UUID=9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04
ONBOOT=yes

[root@rocky8 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:9a:ff:0e brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe9a:ff0e/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:9a:ff:18 brd ff:ff:ff:ff:ff:ff
    inet 1.1.1.1/24 brd 1.1.1.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet 10.0.0.161/24 brd 10.0.0.255 scope global dynamic noprefixroute eth1
       valid_lft 1622sec preferred_lft 1622sec
    inet6 fe80::20c:29ff:fe9a:ff18/64 scope link 
       valid_lft forever preferred_lft forever
[root@rocky8 network-scripts]# nmcli connection reload;nmcli connection up eth1-home
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8)
[root@rocky8 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:9a:ff:0e brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe9a:ff0e/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:9a:ff:18 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.161/24 brd 10.0.0.255 scope global dynamic noprefixroute eth1
       valid_lft 1798sec preferred_lft 1798sec
    inet6 fe80::20c:29ff:fe9a:ff18/64 scope link 
       valid_lft forever preferred_lft forever

[root@rocky8 network-scripts]# nmcli connection modify eth1-home ipv4.addresses 2.2.2.2/24
[root@rocky8 network-scripts]# cat ifcfg-eth1
DEVICE=eth1
NAME=eth1-home
BOOTPROTO=dhcp
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
UUID=9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04
ONBOOT=yes
IPADDR=2.2.2.2
PREFIX=24
[root@rocky8 network-scripts]# nmcli connection reload;nmcli connection up eth1-home
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/9)
[root@rocky8 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:9a:ff:0e brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe9a:ff0e/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:9a:ff:18 brd ff:ff:ff:ff:ff:ff
    inet 2.2.2.2/24 brd 2.2.2.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet 10.0.0.161/24 brd 10.0.0.255 scope global dynamic noprefixroute eth1
       valid_lft 1798sec preferred_lft 1798sec
    inet6 fe80::20c:29ff:fe9a:ff18/64 scope link 
       valid_lft forever preferred_lft forever

#这样添加的IP dhcp获取的和手动改的都在,这样是不对的
[root@rocky8 network-scripts]# nmcli connection modify eth1-home ipv4.method manual ipv4.addresses 3.3.3.3/24
[root@rocky8 network-scripts]# cat ifcfg-eth1
DEVICE=eth1
NAME=eth1-home
BOOTPROTO=none
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
UUID=9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04
ONBOOT=yes
IPADDR=3.3.3.3
PREFIX=24

[root@rocky8 network-scripts]# nmcli connection 
NAME       UUID                                  TYPE      DEVICE 
eth0       5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
eth1-home  9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04  ethernet  eth1   
[root@rocky8 network-scripts]# nmcli connection add con-name eth1-office ipv4.method manual ipv4.addresses 6.6.6.6/24 ifname eth1 type ethernet
Connection 'eth1-office' (357f4b42-9033-4ff5-9ee8-9735f027bf89) successfully added.
[root@rocky8 network-scripts]# nmcli connection 
NAME         UUID                                  TYPE      DEVICE 
eth0         5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
eth1-home    9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04  ethernet  eth1   
eth1-office  357f4b42-9033-4ff5-9ee8-9735f027bf89  ethernet  --

[root@rocky8 network-scripts]# nmcli connection reload
[root@rocky8 network-scripts]# nmcli connection up eth1-office
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/10)
[root@rocky8 network-scripts]# nmcli connection 
NAME         UUID                                  TYPE      DEVICE 
eth0         5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
eth1-office  357f4b42-9033-4ff5-9ee8-9735f027bf89  ethernet  eth1   
eth1-home    9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04  ethernet  --     

[root@rocky8 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:9a:ff:0e brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe9a:ff0e/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:9a:ff:18 brd ff:ff:ff:ff:ff:ff
    inet 6.6.6.6/24 brd 6.6.6.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::7dde:8d37:a478:8411/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

[root@rocky8 network-scripts]# nmcli connection 
NAME         UUID                                  TYPE      DEVICE 
eth0         5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
eth1-office  357f4b42-9033-4ff5-9ee8-9735f027bf89  ethernet  eth1   
eth1-home    9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04  ethernet  --     
[root@rocky8 network-scripts]# nmcli connection delete eth1-office
Connection 'eth1-office' (357f4b42-9033-4ff5-9ee8-9735f027bf89) successfully deleted.
[root@rocky8 network-scripts]# ls
ifcfg-eth0  ifcfg-eth0.bak  ifcfg-eth1
[root@rocky8 network-scripts]# nmcli connection 
NAME       UUID                                  TYPE      DEVICE 
eth0       5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
eth1-home  9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04  ethernet  eth1   

[root@rocky8 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:9a:ff:0e brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe9a:ff0e/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:9a:ff:18 brd ff:ff:ff:ff:ff:ff
    inet 3.3.3.3/24 brd 3.3.3.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe9a:ff18/64 scope link 
       valid_lft forever preferred_lft forever
#删了一个后面的会自动补上

[root@rocky8 network-scripts]# nmcli connection 
NAME       UUID                                  TYPE      DEVICE 
eth0       5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
eth1-home  9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04  ethernet  eth1   
[root@centos8 network-scripts]# nmcli connection delete eth1-home
Connection 'eth1-home' (9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04) successfully deleted.
[root@rocky8 network-scripts]# nmcli connection 
NAME                UUID                                  TYPE      DEVICE 
eth0                5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
Wired connection 1  c4a28af1-0cbc-3fd8-84af-5d891444e362  ethernet  eth1 
#删了最后一个,系统会自动生成一个配置

[root@centos6 ~]# system-config-network
-bash: system-config-network: command not found

[root@centos6 ~]# yum provides */system-config-network
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.sohu.com
 * centosplus: mirrors.sohu.com
 * extras: mirrors.sohu.com
 * updates: mirrors.sohu.com
base/filelists_db                                                                       | 6.4 MB     00:25     
centosplus/filelists_db                                                                 | 2.3 MB     00:09     
epel/filelists_db                                                                       | 7.9 MB     00:07     
extras/filelists_db                                                                     |  24 kB     00:00     
updates/filelists_db                                                                    | 8.3 MB     00:33     
system-config-network-tui-1.6.0.el6.3-4.el6.noarch : The Network Adminstration Tool
Repo        : base
Matched from:
Filename    : /usr/sbin/system-config-network
Filename    : /usr/share/system-config-network
Filename    : /etc/security/console.apps/system-config-network
Filename    : /etc/pam.d/system-config-network
Filename    : /usr/bin/system-config-network

[root@centos6 ~]# yum -y install system-config-network-tui


[root@centos6 ~]# system-config-network
#setup  直接进去配置网络

4.7.4 nmcli实现 bonding

#添加bonding接口
nmcli con add type bond con-name mybond0 ifname bond0 mode active-backup
#添加从属接口
nmcli con add type bond-slave ifname ens7 master bond0
nmcli con add type bond-slave ifname ens3 master bond0
#注:如无为从属接口提供连接名,则该名称是接口名称加类型构成

#要启动绑定,则必须首先启动从属接口
nmcli con up bond-slave-eth0
nmcli con up bond-slave-eth1

#启动绑定
nmcli con up mybond0

范例:

[root@rocky8 ~]# nmcli connection add con-name mybond0 type bond ifname bond0 ipv4.addresses 172.31.0.200/21 mode active-backup
Connection 'mybond0' (edf91d79-e2fe-45f9-a0c0-d0b0c8f65cb7) successfully added.
[root@rocky8 ~]# nmcli connection
NAME                UUID                                  TYPE      DEVICE 
mybond0             edf91d79-e2fe-45f9-a0c0-d0b0c8f65cb7  bond      bond0  
eth0                5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
Wired connection 1  8f66d694-494f-31db-99a6-97673f8ece0b  ethernet  eth1   
[root@rocky8 ~]# nmcli connection add type bond-slave ifname eth1 master bond0
Connection 'bond-slave-eth1' (186dc8de-a75c-4eb5-8c77-bdf67065bde0) successfully added.
[root@rocky8 ~]# nmcli connection
NAME                UUID                                  TYPE      DEVICE 
mybond0             edf91d79-e2fe-45f9-a0c0-d0b0c8f65cb7  bond      bond0  
eth0                5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
Wired connection 1  8f66d694-494f-31db-99a6-97673f8ece0b  ethernet  eth1   
bond-slave-eth1     186dc8de-a75c-4eb5-8c77-bdf67065bde0  ethernet  --     
[root@rocky8 ~]# nmcli connection add type bond-slave ifname eth0 master bond0
Connection 'bond-slave-eth0' (7fd0bba9-748c-4191-9660-4f93f3db454a) successfully added.
[root@rocky8 ~]# nmcli connection
NAME                UUID                                  TYPE      DEVICE 
mybond0             edf91d79-e2fe-45f9-a0c0-d0b0c8f65cb7  bond      bond0  
eth0                5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
Wired connection 1  8f66d694-494f-31db-99a6-97673f8ece0b  ethernet  eth1   
bond-slave-eth0     7fd0bba9-748c-4191-9660-4f93f3db454a  ethernet  --     
bond-slave-eth1     186dc8de-a75c-4eb5-8c77-bdf67065bde0  ethernet  --     

[root@rocky8 ~]# nmcli connection up bond-slave-eth1
[root@rocky8 ~]# nmcli connection up bond-slave-eth0

[root@rocky8 ~]# nmcli connection
NAME                UUID                                  TYPE      DEVICE 
mybond0             edf91d79-e2fe-45f9-a0c0-d0b0c8f65cb7  bond      bond0  
bond-slave-eth0     7fd0bba9-748c-4191-9660-4f93f3db454a  ethernet  eth0   
bond-slave-eth1     186dc8de-a75c-4eb5-8c77-bdf67065bde0  ethernet  eth1   
eth0                5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  --     
Wired connection 1  8f66d694-494f-31db-99a6-97673f8ece0b  ethernet  --     


[root@rocky8 network-scripts]# cat ifcfg-bond-slave-eth0
TYPE=Ethernet
NAME=bond-slave-eth0
UUID=7fd0bba9-748c-4191-9660-4f93f3db454a
DEVICE=eth0
ONBOOT=yes
MASTER=bond0
SLAVE=yes
[root@rocky8 network-scripts]# cat ifcfg-bond-slave-eth1
TYPE=Ethernet
NAME=bond-slave-eth1
UUID=186dc8de-a75c-4eb5-8c77-bdf67065bde0
DEVICE=eth1
ONBOOT=yes
MASTER=bond0
SLAVE=yes

[root@rocky8 network-scripts]# cat ifcfg-mybond0
BONDING_OPTS=mode=active-backup
TYPE=Bond
BONDING_MASTER=yes
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
IPADDR=172.31.0.200
PREFIX=21
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=mybond0
UUID=edf91d79-e2fe-45f9-a0c0-d0b0c8f65cb7
DEVICE=bond0
ONBOOT=yes

[root@rocky8 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
    link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff permaddr 00:0c:29:f9:6a:d1
3: eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
    link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
4: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
    inet 172.31.7.6/21 brd 172.31.7.255 scope global dynamic noprefixroute bond0
       valid_lft 1725sec preferred_lft 1725sec
    inet 172.31.0.200/21 brd 172.31.7.255 scope global secondary noprefixroute bond0
       valid_lft forever preferred_lft forever
    inet6 fe80::b04f:6431:2831:3c34/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

[root@rocky8 network-scripts]# nmcli connection modify mybond0 ipv4.method manual

[root@rocky8 network-scripts]# nmcli connection reload
[root@rocky8 network-scripts]# nmcli connection
NAME                UUID                                  TYPE      DEVICE 
mybond0             edf91d79-e2fe-45f9-a0c0-d0b0c8f65cb7  bond      bond0  
bond-slave-eth0     7fd0bba9-748c-4191-9660-4f93f3db454a  ethernet  eth0   
bond-slave-eth1     186dc8de-a75c-4eb5-8c77-bdf67065bde0  ethernet  eth1   
eth0                5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  --     
Wired connection 1  8f66d694-494f-31db-99a6-97673f8ece0b  ethernet  --     
[root@rocky8 network-scripts]# nmcli connection up mybond0
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
[root@rocky8 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
    link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff permaddr 00:0c:29:f9:6a:d1
3: eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
    link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
4: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
    inet 172.31.0.200/21 brd 172.31.7.255 scope global noprefixroute bond0
       valid_lft forever preferred_lft forever
    inet6 fe80::b04f:6431:2831:3c34/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

[root@rocky8 network-scripts]# cat /proc/net/bonding/bond0 
Ethernet Channel Bonding Driver: v4.18.0-305.3.1.el8_4.x86_64

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: eth1 #当前活动的是eth1
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0

Slave Interface: eth1
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:f9:6a:db
Slave queue ID: 0

Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:f9:6a:d1
Slave queue ID: 0

[root@centos7 ~]# ping 172.31.0.200
PING 172.31.0.200 (172.31.0.200) 56(84) bytes of data.
64 bytes from 172.31.0.200: icmp_seq=1 ttl=64 time=0.485 ms
64 bytes from 172.31.0.200: icmp_seq=2 ttl=64 time=0.376 ms
64 bytes from 172.31.0.200: icmp_seq=3 ttl=64 time=0.231 ms
64 bytes from 172.31.0.200: icmp_seq=4 ttl=64 time=0.372 ms

#断开eth1连接
[root@centos7 ~]# ping 172.31.0.200
PING 172.31.0.200 (172.31.0.200) 56(84) bytes of data.
64 bytes from 172.31.0.200: icmp_seq=1 ttl=64 time=0.219 ms
64 bytes from 172.31.0.200: icmp_seq=2 ttl=64 time=0.428 ms
64 bytes from 172.31.0.200: icmp_seq=3 ttl=64 time=0.558 ms
64 bytes from 172.31.0.200: icmp_seq=4 ttl=64 time=0.491 ms
64 bytes from 172.31.0.200: icmp_seq=5 ttl=64 time=0.441 ms
64 bytes from 172.31.0.200: icmp_seq=6 ttl=64 time=0.357 ms
64 bytes from 172.31.0.200: icmp_seq=7 ttl=64 time=0.449 ms
64 bytes from 172.31.0.200: icmp_seq=8 ttl=64 time=0.493 ms
64 bytes from 172.31.0.200: icmp_seq=9 ttl=64 time=0.398 ms
64 bytes from 172.31.0.200: icmp_seq=10 ttl=64 time=0.378 ms
64 bytes from 172.31.0.200: icmp_seq=11 ttl=64 time=0.425 ms
64 bytes from 172.31.0.200: icmp_seq=12 ttl=64 time=0.476 ms
64 bytes from 172.31.0.200: icmp_seq=13 ttl=64 time=0.412 ms
64 bytes from 172.31.0.200: icmp_seq=14 ttl=64 time=0.418 ms
64 bytes from 172.31.0.200: icmp_seq=15 ttl=64 time=1.30 ms
64 bytes from 172.31.0.200: icmp_seq=16 ttl=64 time=0.416 ms
64 bytes from 172.31.0.200: icmp_seq=17 ttl=64 time=0.510 ms
64 bytes from 172.31.0.200: icmp_seq=18 ttl=64 time=0.418 ms
64 bytes from 172.31.0.200: icmp_seq=19 ttl=64 time=0.256 ms
64 bytes from 172.31.0.200: icmp_seq=20 ttl=64 time=0.339 ms
64 bytes from 172.31.0.200: icmp_seq=21 ttl=64 time=0.308 ms
64 bytes from 172.31.0.200: icmp_seq=22 ttl=64 time=0.299 ms
64 bytes from 172.31.0.200: icmp_seq=23 ttl=64 time=0.312 ms
64 bytes from 172.31.0.200: icmp_seq=24 ttl=64 time=0.282 ms
64 bytes from 172.31.0.200: icmp_seq=25 ttl=64 time=0.300 ms
^C64 bytes from 172.31.0.200: icmp_seq=26 ttl=64 time=0.276 ms

--- 172.31.0.200 ping statistics ---
26 packets transmitted, 26 received, 0% packet loss, time 25011ms
rtt min/avg/max/mdev = 0.219/0.421/1.307/0.197 ms
#不会丢包

[root@rocky8 network-scripts]# cat /proc/net/bonding/bond0 
Ethernet Channel Bonding Driver: v4.18.0-305.3.1.el8_4.x86_64

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: eth0 #活动网卡切到eth0
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0

Slave Interface: eth1
MII Status: down
Speed: Unknown
Duplex: Unknown
Link Failure Count: 2
Permanent HW addr: 00:0c:29:f9:6a:db
Slave queue ID: 0

Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 1
Permanent HW addr: 00:0c:29:f9:6a:d1
Slave queue ID: 0

4.7.5 网络组 Network Teaming

网络组:是将多个网卡聚合在一起方法,从而实现冗错和提高吞吐量

网络组不同于旧版中bonding技术,提供更好的性能和扩展性

网络组由内核驱动和teamd守护进程实现

多种方式 runner

  • broadcast
  • roundrobin
  • activebackup
  • loadbalance
  • lacp (implements the 802.3ad Link Aggregation Control Protocol)

网络组特点

  • 启动网络组接口不会自动启动网络组中的port接口
  • 启动网络组接口中的port接口总会自动启动网络组接口
  • 禁用网络组接口会自动禁用网络组中的port接口
  • 没有port接口的网络组接口可以启动静态IP连接
  • 启用DHCP连接时,没有port接口的网络组会等待port接口的加入
#创建网络组接口
nmcli con add type team con-name CNAME ifname INAME [config JSON]

CNAME 连接名
INAME 接口名
JSON 指定runner方式,格式:'{"runner": {"name": "METHOD"}}'
METHOD 可以是broadcast, roundrobin, activebackup, loadbalance, lacp

#创建port接口
nmcli con add type team-slave con-name CNAME ifname INAME master TEAM

CNAME 连接名,连接名若不指定,默认为team-slave-IFACE
INAME 网络接口名
TEAM 网络组接口名

#断开和启动
nmcli dev dis INAME
nmcli con up CNAME

INAME 设备名 CNAME 网络组接口名或port接口

网络组示例

nmcli con add type team con-name myteam0 ifname team0 config '{"runner":
{"name": "loadbalance"}}' ipv4.addresses 192.168.1.100/24 ipv4.method manual
nmcli con add con-name team0-eth1 type team-slave ifname eth1 master team0
nmcli con add con-name team0-eth2 type team-slave ifname eth2 master team0
nmcli con up myteam0
nmcli con up team0-eth1
nmcli con up team0-eth2

teamdctl team0 state
ping -I team0 192.168.0.254
nmcli dev dis eth1
teamdctl team0 state
nmcli con up team0-port1
nmcli dev dis eth2
teamdctl team0 state
nmcli con up team0-port2
teamdctl team0 state

管理网络组配置文件

/etc/sysconfig/network-scripts/ifcfg-team0
DEVICE=team0
DEVICETYPE=Team
TEAM_CONFIG="{\"runner\": {\"name\": \"broadcast\"}}"
BOOTPROTO=none
IPADDR0=172.16.0.100
PREFIX0=24
NAME=team0
ONBOOT=yes

管理网络组配置文件

/etc/sysconfig/network-scripts/ifcfg-team0-eth1
DEVICE=eth1
DEVICETYPE=TeamPort
TEAM_MASTER=team0
NAME=team0-eth1
ONBOOT=yes

删除网络组

nmcli connection down team0
teamdctl team0 state
nmcli connection show
nmcli connectioni delete team0-eth0
nmcli connectioni delete team0-eth1
nmcli connection show

范例:

[root@rocky8 network-scripts]# ls
ifcfg-bond0  ifcfg-eth0  ifcfg-eth0:1  ifcfg-eth1  ifcfg-xxx
[root@rocky8 network-scripts]# rm -f *
[root@rocky8 network-scripts]# ls
[root@rocky8 network-scripts]# reboot

[root@rocky8 ~]# cdnet
[root@rocky8 network-scripts]# ls
[root@rocky8 network-scripts]# nmcli connection
NAME                UUID                                  TYPE      DEVICE 
Wired connection 1  798896a0-2e46-3a48-a542-59cf2700c991  ethernet  eth0   
Wired connection 2  6b1820e5-9f20-37a8-89cc-59e76ecc99f6  ethernet  eth1   
[root@rocky8 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
    inet 172.31.7.8/21 brd 172.31.7.255 scope global dynamic noprefixroute eth0
       valid_lft 1724sec preferred_lft 1724sec
    inet6 fe80::3b46:2190:c778:c0da/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
    inet 172.31.7.6/21 brd 172.31.7.255 scope global dynamic noprefixroute eth1
       valid_lft 1724sec preferred_lft 1724sec
    inet6 fe80::34de:1842:6352:7cc2/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

[root@rocky8 network-scripts]# nmcli con add type team con-name myteam0 ifname team0 config '{"runner": {"name": "broadcast"}}'
Connection 'myteam0' (7b770e28-1c12-4349-95b0-9a64f9f59b07) successfully added.
[root@rocky8 network-scripts]# nmcli connection
NAME                UUID                                  TYPE      DEVICE 
myteam0             7b770e28-1c12-4349-95b0-9a64f9f59b07  team      team0  
Wired connection 1  798896a0-2e46-3a48-a542-59cf2700c991  ethernet  eth0   
Wired connection 2  6b1820e5-9f20-37a8-89cc-59e76ecc99f6  ethernet  eth1   
[root@rocky8 network-scripts]# ls
ifcfg-myteam0

[root@rocky8 network-scripts]# cat ifcfg-myteam0
TEAM_CONFIG="{\"runner\": {\"name\": \"broadcast\"}}"
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=myteam0
UUID=7b770e28-1c12-4349-95b0-9a64f9f59b07
DEVICE=team0
ONBOOT=yes
DEVICETYPE=Team

[root@rocky8 network-scripts]# nmcli connection delete myteam0
Connection 'myteam0' (7b770e28-1c12-4349-95b0-9a64f9f59b07) successfully deleted.
[root@rocky8 network-scripts]# nmcli connection
NAME                UUID                                  TYPE      DEVICE 
Wired connection 1  798896a0-2e46-3a48-a542-59cf2700c991  ethernet  eth0   
Wired connection 2  6b1820e5-9f20-37a8-89cc-59e76ecc99f6  ethernet  eth1 

[root@rocky8 network-scripts]# nmcli con add type team con-name myteam0 ifname team0 config '{"runner": {"name": "broadcast"}}' ipv4.addresses 172.31.0.100/21 ipv4.method manual
Connection 'myteam0' (214caa3c-eaf3-4933-8d5b-f644c150f0e5) successfully added.

[root@rocky8 network-scripts]# nmcli connection
NAME                UUID                                  TYPE      DEVICE 
Wired connection 1  798896a0-2e46-3a48-a542-59cf2700c991  ethernet  eth0   
Wired connection 2  6b1820e5-9f20-37a8-89cc-59e76ecc99f6  ethernet  eth1   
myteam0             214caa3c-eaf3-4933-8d5b-f644c150f0e5  team      team0  
[root@rocky8 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:f9:6a:d1 brd ff:ff:ff:ff:ff:ff
    inet 172.31.7.8/21 brd 172.31.7.255 scope global dynamic noprefixroute eth0
       valid_lft 1540sec preferred_lft 1540sec
    inet6 fe80::3b46:2190:c778:c0da/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:f9:6a:db brd ff:ff:ff:ff:ff:ff
    inet 172.31.7.6/21 brd 172.31.7.255 scope global dynamic noprefixroute eth1
       valid_lft 1540sec preferred_lft 1540sec
    inet6 fe80::34de:1842:6352:7cc2/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
5: team0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether e2:ce:2f:d3:cd:fc brd ff:ff:ff:ff:ff:ff
    inet 172.31.0.100/21 brd 172.31.7.255 scope global noprefixroute team0
       valid_lft forever preferred_lft forever

[root@rocky8 network-scripts]# nmcli con add con-name team0-eth0 type team-slave ifname eth0 master team0
Connection 'team0-eth0' (07933a54-9be7-4301-b5f3-06db7eefdc78) successfully added.
[root@rocky8 network-scripts]# nmcli con add con-name team0-eth1 type team-slave ifname eth1 master team0
Connection 'team0-eth1' (f466044d-e144-4ed8-8e63-c27641e50d54) successfully added.

[root@rocky8 network-scripts]# nmcli connection
NAME                UUID                                  TYPE      DEVICE 
Wired connection 1  798896a0-2e46-3a48-a542-59cf2700c991  ethernet  eth0   
Wired connection 2  6b1820e5-9f20-37a8-89cc-59e76ecc99f6  ethernet  eth1   
myteam0             214caa3c-eaf3-4933-8d5b-f644c150f0e5  team      team0  
team0-eth0          07933a54-9be7-4301-b5f3-06db7eefdc78  ethernet  --     
team0-eth1          f466044d-e144-4ed8-8e63-c27641e50d54  ethernet  --

[root@rocky8 network-scripts]#  nmcli connection delete Wired\ connection\ 1
Connection 'Wired connection 1' (798896a0-2e46-3a48-a542-59cf2700c991) successfully deleted.
[root@rocky8 ~]# nmcli connect delete Wired\ connection\ 2
Connection 'Wired connection 2' (6b1820e5-9f20-37a8-89cc-59e76ecc99f6) successfully deleted.

[root@rocky8 ~]# nmcli connection
NAME        UUID                                  TYPE      DEVICE 
myteam0     214caa3c-eaf3-4933-8d5b-f644c150f0e5  team      team0  
team0-eth0  07933a54-9be7-4301-b5f3-06db7eefdc78  ethernet  eth0   
team0-eth1  f466044d-e144-4ed8-8e63-c27641e50d54  ethernet  eth1  

[root@centos7 network-scripts]# ping 172.31.0.100
PING 172.31.0.100 (172.31.0.100) 56(84) bytes of data.
64 bytes from 172.31.0.100: icmp_seq=10 ttl=64 time=0.561 ms
64 bytes from 172.31.0.100: icmp_seq=10 ttl=64 time=0.568 ms (DUP!)
64 bytes from 172.31.0.100: icmp_seq=11 ttl=64 time=0.286 ms
64 bytes from 172.31.0.100: icmp_seq=11 ttl=64 time=0.298 ms (DUP!)
64 bytes from 172.31.0.100: icmp_seq=12 ttl=64 time=0.423 ms
64 bytes from 172.31.0.100: icmp_seq=12 ttl=64 time=0.433 ms (DUP!)
64 bytes from 172.31.0.100: icmp_seq=13 ttl=64 time=0.500 ms
64 bytes from 172.31.0.100: icmp_seq=13 ttl=64 time=0.513 ms (DUP!)
64 bytes from 172.31.0.100: icmp_seq=14 ttl=64 time=0.403 ms
64 bytes from 172.31.0.100: icmp_seq=14 ttl=64 time=0.420 ms (DUP!)
64 bytes from 172.31.0.100: icmp_seq=15 ttl=64 time=0.429 ms
64 bytes from 172.31.0.100: icmp_seq=15 ttl=64 time=0.445 ms (DUP!)
64 bytes from 172.31.0.100: icmp_seq=16 ttl=64 time=0.292 ms
64 bytes from 172.31.0.100: icmp_seq=16 ttl=64 time=0.304 ms (DUP!)
64 bytes from 172.31.0.100: icmp_seq=17 ttl=64 time=0.454 ms
64 bytes from 172.31.0.100: icmp_seq=17 ttl=64 time=0.467 ms (DUP!)
64 bytes from 172.31.0.100: icmp_seq=18 ttl=64 time=0.421 ms
64 bytes from 172.31.0.100: icmp_seq=18 ttl=64 time=0.443 ms (DUP!)
^C
--- 172.31.0.100 ping statistics ---
18 packets transmitted, 9 received, +9 duplicates, 50% packet loss, time 17005ms
rtt min/avg/max/mdev = 0.286/0.425/0.568/0.085 ms
##出现DUP  ,j设置的是broadcast 广播模式

[root@centos6 ~]# tcpdump  -i eth0 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
21:15:21.585325 IP 172.31.0.7 > 172.31.0.100: ICMP echo request, id 1699, seq 1, length 64
#172.31.0.7 发给172.31.0.100 ,下面收到两条回复,这就是DUP
21:15:21.585438 IP 172.31.0.100 > 172.31.0.7: ICMP echo reply, id 1699, seq 1, length 64
21:15:21.585439 IP 172.31.0.100 > 172.31.0.7: ICMP echo reply, id 1699, seq 1, length 64
21:15:22.585245 IP 172.31.0.7 > 172.31.0.100: ICMP echo request, id 1699, seq 2, length 64
...

#断开第二个网卡
64 bytes from 172.31.0.100: icmp_seq=298 ttl=64 time=0.333 ms
64 bytes from 172.31.0.100: icmp_seq=299 ttl=64 time=0.592 ms
64 bytes from 172.31.0.100: icmp_seq=300 ttl=64 time=0.368 ms
64 bytes from 172.31.0.100: icmp_seq=301 ttl=64 time=0.961 ms
64 bytes from 172.31.0.100: icmp_seq=302 ttl=64 time=0.429 ms
64 bytes from 172.31.0.100: icmp_seq=303 ttl=64 time=0.342 ms
64 bytes from 172.31.0.100: icmp_seq=304 ttl=64 time=0.254 ms
64 bytes from 172.31.0.100: icmp_seq=305 ttl=64 time=0.401 ms
#这里就没有重复包

[root@rocky8 ~]#  teamdctl team0 state #查看状态
setup:
  runner: broadcast
ports:
  eth0
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 2
  eth1
    link watches:
      link summary: down
      instance[link_watch_0]:
        name: ethtool
        link: down
        down count: 1

[root@rocky8 network-scripts]# vim ifcfg-myteam0
TEAM_CONFIG="{\"runner\": {\"name\": \"activebackup\"}}" #把这里改成activebackup模式
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=172.31.0.100
PREFIX=21
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=myteam0
UUID=214caa3c-eaf3-4933-8d5b-f644c150f0e5
DEVICE=team0
ONBOOT=yes
DEVICETYPE=Team

[root@rocky8 network-scripts]# nmcli connection reload
[root@rocky8 network-scripts]# nmcli connection up myteam0
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7)

[root@rocky8 network-scripts]# teamdctl team0 state
setup:
  runner: activebackup #变成了activebackup模式
ports:
  eth0
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 0
  eth1
    link watches:
      link summary: down
      instance[link_watch_0]:
        name: ethtool
        link: down
        down count: 0
runner:
  active port: eth0

4.8 网桥

4.8.1 桥接原理

桥接:把一台机器上的若干个网络接口“连接”起来。其结果是,其中一个网口收到的报文会被复制给其他网口并发送出去。以使得网口之间的报文能够互相转发。网桥就是这样一个设备,它有若干个网口,并且这些网口是桥接起来的。与网桥相连的主机就能通过交换机的报文转发而互相通信。
48.第十章 网络协议和管理配置(九)
主机A发送的报文被送到交换机S1的eth0口,由于eth0与eth1、eth2桥接在一起,故而报文被复制到eth1和eth2,并且发送出去,然后被主机B和交换机S2接收到。而S2又会将报文转发给主机C、D

4.8.2 配置实现网桥

工具包:bridge-utils,目前 CentOS 8 无此包
48.第十章 网络协议和管理配置(九)

yum install bridge-utils

#查看网桥
brctl show

#查看CAM(content addressable memory内容可寻址存储器)表
brctl showmacs br0

#添加和删除网桥
brctl addbr | delbr br0

#添加和删除网桥中网卡
brctl addif | delif br0 eth0

#默认br0 是down,必须启用
ifconfig br0 up

#启用STP
[root@centos7 ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.000c29500f03	no		eth0
							eth1

[root@centos7 ~]# brctl stp br0 on #开启生成树协议
[root@centos7 ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.000c29500f03	yes		eth0
							eth1

注意:NetworkManager只支持以太网接口连接到网桥,不支持聚合接口

nmcli命令创建软件网桥

nmcli con add con-name mybr0 type bridge ifname br0
nmcli con modify mybr0 ipv4.addresses 192.168.0.100/24 ipv4.method manual
nmcli con add con-name br0-port0 type bridge-slave ifname eth0 master br0

查看配置文件

cat /etc/sysconfig/network-scripts/ifcfg-br0
cat /etc/sysconfig/network-scripts/ifcfg-br0-port0

范例:

#1创建网桥
nmcli con add type bridge con-name br0 ifname br0
nmcli connection modify br0 ipv4.addresses 192.168.0.100/24 ipv4.method manual
nmcli con up br0

#2加入物理网卡
nmcli con add type bridge-slave con-name br0-port0 ifname eth0 master br0
nmcli con add type bridge-slave con-name br0-port1 ifname eth1 master br0
nmcli con up br0-port0
nmcli con up br0-port1

#3查看网桥配置文件
cat /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
STP=yes
TYPE=Bridge
BOOTPROTO=static
IPADDR=192.168.0.100
PREFIX=24

cat /etc/sysconfig/network-scripts/ifcfg-br0-port0
TYPE=Ethernet
NAME=br0-port0
DEVICE=eth0
ONBOOT=yes
BRIDGE=br0
UUID=23f41d3b-b57c-4e26-9b17-d5f02dafd12d

#4安装管理软件包:
yum install bridge-utils
brctl show

#5删除br0
nmcli con down br0
rm /etc/sysconfig/network-scripts/ifcfg-br0*
nmcli con reload

范例:

Centos 7
48.第十章 网络协议和管理配置(九)
Ubuntu 1804
48.第十章 网络协议和管理配置(九)

[root@centos7 ~]# yum -y install net-tools
[root@centos7 ~]# yum -y install bridge-utils
[root@centos7 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:50:0f:03 brd ff:ff:ff:ff:ff:ff
    inet 172.31.0.7/21 brd 172.31.7.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe50:f03/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:50:0f:0d brd ff:ff:ff:ff:ff:ff
    inet 10.0.7.2/21 brd 10.0.7.255 scope global noprefixroute dynamic eth1
       valid_lft 1707sec preferred_lft 1707sec
    inet6 fe80::3041:9fc9:ac33:a4e6/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

[root@centos7 ~]# ifconfig eth1 0
[root@centos7 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:50:0f:03 brd ff:ff:ff:ff:ff:ff
    inet 172.31.0.7/21 brd 172.31.7.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe50:f03/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:50:0f:0d brd ff:ff:ff:ff:ff:ff
    inet6 fe80::3041:9fc9:ac33:a4e6/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

[root@centos7 ~]# rpm -ql bridge-utils
/usr/sbin/brctl
/usr/share/doc/bridge-utils-1.5
/usr/share/doc/bridge-utils-1.5/AUTHORS
/usr/share/doc/bridge-utils-1.5/COPYING
/usr/share/doc/bridge-utils-1.5/FAQ
/usr/share/doc/bridge-utils-1.5/HOWTO
/usr/share/man/man8/brctl.8.gz

[root@centos7 ~]# brctl show
bridge name	bridge id		STP enabled	interfaces

[root@centos7 ~]# brctl addbr br0 #添加网桥br0
[root@centos7 ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.000000000000	no	

[root@centos7 ~]# brctl addif br0 eth1 #把eth1加入br0网桥
[root@centos7 ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.000c29500f0d	no		eth1

[root@centos7 ~]# brctl addif br0 eth0

[root@rocky8 ~]# ping 172.31.2.18
PING 172.31.2.18 (172.31.2.18) 56(84) bytes of data.
From 172.31.1.8 icmp_seq=1 Destination Host Unreachable
#现在还ping不通

48.第十章 网络协议和管理配置(九)
#上图显示eth0和eth1已经加入到br0网桥

#现在还不通因为br0还是down状态

48.第十章 网络协议和管理配置(九)

[root@centos7 ~]# ip link set br0 up #开启br0网卡
[root@centos7 ~]# ip a del 172.31.0.7/21 dev eth0 #删除eth0上的IP地址

[root@rocky8 ~]# ping 172.31.2.18
PING 172.31.2.18 (172.31.2.18) 56(84) bytes of data.
From 172.31.1.8 icmp_seq=1 Destination Host Unreachable
From 172.31.1.8 icmp_seq=2 Destination Host Unreachable
From 172.31.1.8 icmp_seq=3 Destination Host Unreachable
...
From 172.31.1.8 icmp_seq=247 Destination Host Unreachable
From 172.31.1.8 icmp_seq=248 Destination Host Unreachable
From 172.31.1.8 icmp_seq=249 Destination Host Unreachable
From 172.31.1.8 icmp_seq=250 Destination Host Unreachable
64 bytes from 172.31.2.18: icmp_seq=251 ttl=64 time=1677 ms
64 bytes from 172.31.2.18: icmp_seq=252 ttl=64 time=652 ms
64 bytes from 172.31.2.18: icmp_seq=253 ttl=64 time=0.697 ms
64 bytes from 172.31.2.18: icmp_seq=254 ttl=64 time=0.713 ms
64 bytes from 172.31.2.18: icmp_seq=255 ttl=64 time=0.450 ms
64 bytes from 172.31.2.18: icmp_seq=256 ttl=64 time=0.785 ms
64 bytes from 172.31.2.18: icmp_seq=257 ttl=64 time=0.758 ms
^C
--- 172.31.2.18 ping statistics ---
257 packets transmitted, 7 received, +250 errors, 97.2763% packet loss, time 262129ms
rtt min/avg/max/mdev = 0.450/333.166/1676.569/592.723 ms, pipe 4
#开启br0马上就能ping通

48.第十章 网络协议和管理配置(九)

[root@centos7 ~]# brctl showmacs br0  #查看mac表

48.第十章 网络协议和管理配置(九)

[root@centos7 ~]# ip a a 172.31.0.7/21 dev bro #给网桥添加管理地址

[root@centos7 ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.000c29500f03	no		eth0
							eth1
#开启STP,生成树协议,防止交换机产生环路
#生成树协议,如果发现网络中有回环,会禁用掉此接口,避免网络中出现回环造成网络风暴

[root@centos7 ~]# brctl stp br0 on #开启生成树协议
[root@centos7 ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.000c29500f03	yes		eth0
							eth1

[root@centos7 ~]# brctl delif br0 eth0
[root@centos7 ~]# brctl delif br0 eth1

[root@centos7 ~]# brctl delbr br0
bridge br0 is still up; can't delete it
[root@centos7 ~]# ip link set br0 down
[root@centos7 ~]# brctl delbr br0		#删除网桥
[root@centos7 ~]# brctl show
bridge name	bridge id		STP enabled	interfaces

nmcli 创建网桥

[root@centos7 ~]# nmcli connection add con-name mybr0 type bridge ifname br0
Connection 'mybr0' (ba4585f3-561b-4bc5-8132-dc033e306393) successfully added.
[root@centos7 ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.000000000000	yes	

[root@centos7 ~]#  nmcli connection add con-name mybr0-port0 ifname eth0 type bridge-slave master br0
Connection 'mybr0-port0' (4a4c1bdb-9780-4573-89e9-59f93d3b2c35) successfully added.
[root@centos7 ~]# nmcli connection add con-name mybr0-port1 ifname eth1 type bridge-slave master br0
Connection 'mybr0-port1' (5cd21af0-aa36-42d8-a3df-17464beb23d6) successfully added.

[root@centos7 ~]# nmcli connection reload
[root@centos7 ~]# nmcli connection
NAME                UUID                                  TYPE      DEVICE 
mybr0               ba4585f3-561b-4bc5-8132-dc033e306393  bridge    br0    
eth0                5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
Wired connection 1  d205e209-94ce-3310-8607-af38411ce07d  ethernet  eth1   
mybr0-port0         4a4c1bdb-9780-4573-89e9-59f93d3b2c35  ethernet  --     
mybr0-port1         5cd21af0-aa36-42d8-a3df-17464beb23d6  ethernet  --     
[root@centos7 ~]# nmcli connection up mybr0-port0
[root@centos7 ~]# nmcli connection up mybr0-port1

[root@centos7 ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.000c29500f03	yes		eth0
							eth1

[root@rocky8 ~]# ping 172.31.2.18
PING 172.31.2.18 (172.31.2.18) 56(84) bytes of data.
64 bytes from 172.31.2.18: icmp_seq=3 ttl=64 time=0.682 ms
64 bytes from 172.31.2.18: icmp_seq=4 ttl=64 time=0.861 ms
64 bytes from 172.31.2.18: icmp_seq=5 ttl=64 time=1.08 ms
64 bytes from 172.31.2.18: icmp_seq=6 ttl=64 time=0.782 ms
^C
--- 172.31.2.18 ping statistics ---
6 packets transmitted, 4 received, 33.3333% packet loss, time 5126ms
rtt min/avg/max/mdev = 0.682/0.850/1.076/0.146 ms
#现在就通了

[root@centos7 ~]# cdnet
[root@centos7 network-scripts]# ls
ifcfg-eth0         ifdown       ifdown-isdn    ifdown-Team      ifup-bnep  ifup-plip    ifup-sit       init.ipv6-global
ifcfg-lo           ifdown-bnep  ifdown-post    ifdown-TeamPort  ifup-eth   ifup-plusb   ifup-Team      network-functions
ifcfg-mybr0        ifdown-eth   ifdown-ppp     ifdown-tunnel    ifup-ippp  ifup-post    ifup-TeamPort  network-functions-ipv6
ifcfg-mybr0-port0  ifdown-ippp  ifdown-routes  ifup             ifup-ipv6  ifup-ppp     ifup-tunnel
ifcfg-mybr0-port1  ifdown-ipv6  ifdown-sit     ifup-aliases     ifup-isdn  ifup-routes  ifup-wireless
[root@centos7 network-scripts]# cat ifcfg-mybr0
STP=yes
BRIDGING_OPTS=priority=32768
TYPE=Bridge
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=mybr0
UUID=ba4585f3-561b-4bc5-8132-dc033e306393
DEVICE=br0
ONBOOT=yes
[root@centos7 network-scripts]# cat ifcfg-mybr0-port0
TYPE=Ethernet
NAME=mybr0-port0
UUID=4a4c1bdb-9780-4573-89e9-59f93d3b2c35
DEVICE=eth0
ONBOOT=yes
BRIDGE=br0
[root@centos7 network-scripts]# cat ifcfg-mybr0-port1
TYPE=Ethernet
NAME=mybr0-port1
UUID=5cd21af0-aa36-42d8-a3df-17464beb23d6
DEVICE=eth1
ONBOOT=yes
BRIDGE=br0

4.9 网络测试诊断工具

  • 测试网络连通性

    ping

  • 显示正确的路由表
    ip route

  • 跟踪路由
    traceroute
    tracepath
    mtr

  • 确定名称服务器使用
    nslookup
    host
    dig

  • 抓包工具
    tcpdump
    wireshark

  • 安全扫描工具
    nmap
    netcat :网络界的瑞士军刀,即nc

  • 流量控制工具
    tc

范例:

tc qdisc add dev eth0 root netem loss 50%
tc qdisc add dev eth0 root netem delay 1000ms
tc qdisc show dev eth0
tc qdisc del

范例:

[root@rocky8 ~]# mtr
-bash: mtr: command not found
[root@rocky8 ~]# dnf -y install mtr

[root@10-9-24-182 ~]# mtr 1.1.1.1		#mtr  跟踪路由
                                            My traceroute  [v0.85]
10-9-24-182 (0.0.0.0)                                                                 Thu Dec 10 17:21:08 2020
Resolver error: No error returned but no answers given. of fields   quit
                                                                      Packets               Pings
 Host                                                               Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. ???
 2. ???
 3. 172.31.145.153                                                   0.0%    13    0.8   0.8   0.6   1.4   0.0
 4. 172.31.144.217                                                   0.0%    13    1.6   2.4   1.5   7.9   1.7
 5. 10.1.251.5                                                       0.0%    13    1.4   1.4   1.3   1.8   0.0
 6. ???
 7. ???
 8. 218.30.28.13                                                    83.3%    13    2.4   2.7   2.4   2.9   0.0
 9. 218.30.25.37                                                     0.0%    13    3.0   3.1   2.9   3.7   0.0
10. 202.97.53.26                                                     7.7%    13    4.1  12.8   4.1  20.0   6.1
11. 202.97.12.98                                                    23.1%    13   23.8  21.9  18.3  25.0   2.0
12. 202.97.59.142                                                    0.0%    12  173.7 173.1 169.0 179.3   2.6
13. 202.97.92.45                                                     9.1%    12  159.9 160.3 156.4 163.3   2.3
14. 218.30.54.214                                                    9.1%    11  181.4 182.4 181.1 186.5   1.7
15. one.one.one.one                                                  0.0%    11  161.0 161.4 160.3 166.1   1.5


[root@10-9-24-182 ~]# mtr 8.8.8.8
                                            My traceroute  [v0.85]
10-9-24-182 (0.0.0.0)                                                                 Thu Dec 10 17:21:54 2020
Resolver: Received error response 2. (server failure)er of fields   quit
                                                                      Packets               Pings
 Host                                                               Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. ???
 2. ???
 3. 172.31.145.153                                                   0.0%     7    0.8   0.9   0.7   1.3   0.0
 4. 172.31.144.217                                                   0.0%     7    1.5  10.0   1.5  53.7  19.4
 5. 10.1.251.5                                                       0.0%     7    1.6   1.6   1.4   1.9   0.0
 6. ???
 7. ???
 8. ???
 9. 218.30.25.161                                                    0.0%     7    3.3   3.4   3.2   3.7   0.0
10. 202.97.48.250                                                    0.0%     7   20.8  19.5  18.1  21.1   1.0
11. 202.97.53.242                                                    0.0%     7   21.7  20.1  18.3  21.7   1.2
12. 202.97.37.242                                                    0.0%     7   50.2  54.1  50.2  57.7   2.4
13. 202.97.122.70                                                    0.0%     7   37.0  37.3  36.7  38.6   0.4
14. 108.170.241.65                                                  14.3%     7   36.4  36.7  36.3  38.2   0.4
15. 108.170.226.115                                                 16.7%     7   39.5  38.0  36.4  40.6   1.8
16. dns.google                                                      16.7%     6   44.8  44.7  44.5  44.9   0.0

[root@10-9-24-182 ~]# tracepath -n 8.8.8.8
 1?: [LOCALHOST]                                         pmtu 1454
 1:  no reply
 2:  no reply
 3:  172.31.145.153                                        1.422ms 
 4:  172.31.144.217                                        1.927ms asymm  5 
 5:  10.1.251.5                                            1.637ms asymm  6 
 6:  172.31.147.130                                       10.347ms asymm  7 
 7:  no reply
 8:  no reply
 9:  218.30.25.225                                         4.494ms asymm 10 
10:  202.97.34.74                                          4.326ms asymm 11 
11:  202.97.53.242                                        19.861ms asymm 13 
12:  202.97.37.242                                        54.048ms asymm 13 
13:  no reply
14:  no reply
15:  no reply
16:  no reply
17:  no reply
18:  no reply
19:  no reply
20:  no reply
21:  no reply
22:  no reply
23:  no reply
24:  no reply
25:  no reply
26:  no reply
27:  no reply
28:  no reply
29:  no reply
30:  no reply
     Too many hops: pmtu 1454
     Resume: pmtu 1454 

[root@centos8 ~]# traceroute
-bash: traceroute: command not found
[root@centos8 ~]# dnf -y install traceroute

[root@10-9-24-182 ~]# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  172.31.145.153 (172.31.145.153)  1.705 ms  1.720 ms  1.731 ms
 4  172.31.144.217 (172.31.144.217)  64.504 ms  64.471 ms  2.853 ms
 5  10.1.251.5 (10.1.251.5)  4.212 ms  4.383 ms  75.150 ms
 6  172.31.147.130 (172.31.147.130)  11.396 ms  9.667 ms  9.622 ms
 7  * * *
 8  218.30.28.13 (218.30.28.13)  2.836 ms 218.30.28.17 (218.30.28.17)  2.331 ms  2.287 ms
 9  218.30.28.49 (218.30.28.49)  7.135 ms 218.30.28.53 (218.30.28.53)  5.675 ms 218.30.28.25 (218.30.28.25)  10.767 ms
10  202.97.94.190 (202.97.94.190)  17.901 ms 202.97.53.30 (202.97.53.30)  9.422 ms 202.97.34.90 (202.97.34.90)  4.088 ms
11  202.97.12.62 (202.97.12.62)  22.761 ms 202.97.53.242 (202.97.53.242)  20.027 ms 202.97.12.54 (202.97.12.54)  21.568 ms
12  202.97.37.242 (202.97.37.242)  54.917 ms  57.975 ms  55.765 ms
13  202.97.122.70 (202.97.122.70)  38.088 ms  37.035 ms  37.581 ms
14  108.170.241.1 (108.170.241.1)  65.798 ms 108.170.241.65 (108.170.241.65)  66.145 ms  66.929 ms
15  209.85.243.21 (209.85.243.21)  40.585 ms 209.85.243.247 (209.85.243.247)  66.246 ms 72.14.239.49 (72.14.239.49)  42.438 ms
16  dns.google (8.8.8.8)  38.814 ms *  37.740 ms

4.9.1 tcpdump

网络数据包截获分析工具。支持针对网络层、协议、主机、网络或端口的过滤。并提供and、or、not等逻辑语句帮助去除无用的信息。

语法:

tcpdump [-adeflnNOpqStvx][-c<数据包数目>][-dd][-ddd][-F<表达文件>][-i<网络界面>][-r<数据包文件>][-s<数据包大小>][-tt][-T<数据包类型>][-vv][-w<数据包文件>][输出数据栏位]

参数说明:
-a 尝试将网络和广播地址转换成名称。
-c<数据包数目> 收到指定的数据包数目后,就停止进行倾倒操作。
-d 把编译过的数据包编码转换成可阅读的格式,并倾倒到标准输出。
-dd 把编译过的数据包编码转换成C语言的格式,并倾倒到标准输出。
-ddd 把编译过的数据包编码转换成十进制数字的格式,并倾倒到标准输出。
-e 在每列倾倒资料上显示连接层级的文件头。
-f 用数字显示网际网络地址。
-F<表达文件> 指定内含表达方式的文件。
-i<网络界面> 使用指定的网络截面送出数据包。
-l 使用标准输出列的缓冲区。
-n 不把主机的网络地址转换成名字。
-N 不列出域名。
-O 不将数据包编码最佳化。
-p 不让网络界面进入混杂模式。
-q 快速输出,仅列出少数的传输协议信息。
-r<数据包文件> 从指定的文件读取数据包数据。
-s<数据包大小> 设置每个数据包的大小。
-S 用绝对而非相对数值列出TCP关联数。
-t 在每列倾倒资料上不显示时间戳记。
-tt 在每列倾倒资料上显示未经格式化的时间戳记。
-T<数据包类型> 强制将表达方式所指定的数据包转译成设置的数据包类型。
-v 详细显示指令执行过程。
-vv 更详细显示指令执行过程。
-x 用十六进制字码列出数据包资料。
-w<数据包文件> 把数据包数据写入指定的文件。

范例:

[root@rocky8 ~]# tcpdump
-bash: tcpdump: command not found
[root@rocky8 ~]# dnf -y install tcpdump

#列出网卡
[root@rocky8 ~]# tcpdump -D
1.eth0 [Up, Running]
2.lo [Up, Running, Loopback]
3.any (Pseudo-device that captures on all interfaces) [Up, Running]
4.bluetooth-monitor (Bluetooth Linux Monitor) [none]
5.nflog (Linux netfilter log (NFLOG) interface) [none]
6.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none]
7.bluetooth0 (Bluetooth adapter number 0) [none]
8.usbmon0 (Raw USB traffic, all USB buses) [none]
9.usbmon1 (Raw USB traffic, bus number 1)
10.usbmon2 (Raw USB traffic, bus number 2)

#不指定任何参数,监听第一块网卡上经过的数据包。主机上可能有不止一块网卡,所以经常需要指定网卡。
[root@rocky8 ~]# tcpdump
...
14:13:11.727214 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 264308:264568, ack 1, win 284, length 260
14:13:11.727410 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 264308, win 4098, length 0
14:13:11.727418 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 264568:264732, ack 1, win 284, length 164
14:13:11.727527 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 264732, win 4097, length 0
14:13:11.727571 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 264732:265088, ack 1, win 284, length 356
14:13:11.730911 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 265088:265252, ack 1, win 284, length 164
14:13:11.732414 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 265252:265416, ack 1, win 284, length 164
14:13:11.732736 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 265252, win 4095, length 0
14:13:11.732755 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 265416:265580, ack 1, win 284, length 164
14:13:11.732827 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 265580:265840, ack 1, win 284, length 260
14:13:11.732943 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 265580, win 4100, length 0
14:13:11.732951 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 265840:266004, ack 1, win 284, length 164
14:13:11.733025 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 266004:266264, ack 1, win 284, length 260
14:13:11.733122 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 266004, win 4098, length 0
14:13:11.733129 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 266264:266428, ack 1, win 284, length 164
14:13:11.733194 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 266428:266688, ack 1, win 284, length 260
14:13:11.733273 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 266428, win 4097, length 0
14:13:11.733281 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 266688:266852, ack 1, win 284, length 164
14:13:11.733344 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 266852, win 4095, length 0
14:13:11.733383 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 266852:267208, ack 1, win 284, length 356
14:13:11.733728 IP 172.31.0.1.51011 > rocky8.ssh: Flags [P.], seq 1:53, ack 266852, win 4095, length 52
^C
1843 packets captured
1843 packets received by filter
0 packets dropped by kernel

#监听特定网卡
[root@rocky8 ~]# tcpdump -i eth0
...
14:14:14.719568 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 368724:368888, ack 53, win 284, length 164
14:14:14.719630 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 368888:369148, ack 53, win 284, length 260
14:14:14.719733 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 368888, win 4052, length 0
14:14:14.719740 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 369148:369312, ack 53, win 284, length 164
14:14:14.719803 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 369312:369572, ack 53, win 284, length 260
14:14:14.719958 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 369312, win 4050, length 0
14:14:14.719965 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 369572:369736, ack 53, win 284, length 164
14:14:14.720030 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 369736:369996, ack 53, win 284, length 260
14:14:14.720151 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 369736, win 4049, length 0
14:14:14.720158 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 369996:370160, ack 53, win 284, length 164
14:14:14.720240 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 370160, win 4047, length 0
14:14:14.720266 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 370160:370516, ack 53, win 284, length 356
14:14:14.722843 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 370516:370680, ack 53, win 284, length 164
14:14:14.724935 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 370680:370844, ack 53, win 284, length 164
14:14:14.725332 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 370680, win 4045, length 0
14:14:14.725366 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 370844:371008, ack 53, win 284, length 164
14:14:14.725511 IP 172.31.0.1.51011 > rocky8.ssh: Flags [P.], seq 53:105, ack 370680, win 4045, length 52
^C
2581 packets captured
2582 packets received by filter
0 packets dropped by kernel

#监听特定主机,监听主机172.31.0.7 的通信包,注意:出、入的包都会被监听。
[root@rocky8 ~]# tcpdump host 172.31.0.7
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:14:58.320490 IP 172.31.0.1.51015 > 172.31.0.7.ssh: Flags [P.], seq 904268328:904268380, ack 2808264443, win 4100, length 52
14:14:58.320571 IP 172.31.0.7.ssh > 172.31.0.1.51015: Flags [.], ack 52, win 284, length 0
14:14:58.320730 IP 172.31.0.7.ssh > 172.31.0.1.51015: Flags [P.], seq 1:53, ack 52, win 284, length 52
14:14:58.372980 IP 172.31.0.1.51015 > 172.31.0.7.ssh: Flags [.], ack 53, win 4100, length 0
14:14:58.579763 IP 172.31.0.1.51015 > 172.31.0.7.ssh: Flags [P.], seq 52:104, ack 53, win 4100, length 52
14:14:58.580064 IP 172.31.0.7.ssh > 172.31.0.1.51015: Flags [P.], seq 53:105, ack 104, win 284, length 52
14:14:58.621887 IP 172.31.0.1.51015 > 172.31.0.7.ssh: Flags [.], ack 105, win 4100, length 0
...

#特定来源、目标地址的通信
#特定来源
tcpdump src host hostname

[root@rocky8 ~]# tcpdump src host 172.31.0.7
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:17:10.702744 IP 172.31.0.7 > rocky8: ICMP echo request, id 1087, seq 129, length 64
14:17:10.703246 IP 172.31.0.7.ssh > 172.31.0.1.51015: Flags [P.], seq 2808280239:2808280355, ack 904269264, win 284, length 116
14:17:11.703294 IP 172.31.0.7 > rocky8: ICMP echo request, id 1087, seq 130, length 64
14:17:11.703691 IP 172.31.0.7.ssh > 172.31.0.1.51015: Flags [P.], seq 116:232, ack 1, win 284, length 116
^C
4 packets captured
4 packets received by filter
0 packets dropped by kernel

#特定目标地址
tcpdump dst host hostname

[root@rocky8 ~]# tcpdump dst host 172.31.0.7
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:17:46.715742 IP rocky8 > 172.31.0.7: ICMP echo reply, id 1087, seq 165, length 64
14:17:46.767001 IP 172.31.0.1.51015 > 172.31.0.7.ssh: Flags [.], ack 2808284531, win 4098, length 0
14:17:47.715601 IP rocky8 > 172.31.0.7: ICMP echo reply, id 1087, seq 166, length 64
14:17:47.764450 IP 172.31.0.1.51015 > 172.31.0.7.ssh: Flags [.], ack 117, win 4098, length 0
14:17:48.716576 IP rocky8 > 172.31.0.7: ICMP echo reply, id 1087, seq 167, length 64
14:17:48.770113 IP 172.31.0.1.51015 > 172.31.0.7.ssh: Flags [.], ack 233, win 4097, length 0
14:17:48.923264 ARP, Request who-has 172.31.0.7 tell rocky8, length 28
^C
7 packets captured
7 packets received by filter
0 packets dropped by kernel

#如果不指定src跟dst,那么来源或者目标是hostname的通信都会被监听
tcpdump host hostname

[root@rocky8 ~]# tcpdump host 172.31.0.7
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:18:15.726721 IP 172.31.0.7 > rocky8: ICMP echo request, id 1087, seq 194, length 64
14:18:15.726745 IP rocky8 > 172.31.0.7: ICMP echo reply, id 1087, seq 194, length 64
14:18:15.727123 IP 172.31.0.7.ssh > 172.31.0.1.51015: Flags [P.], seq 2808287779:2808287895, ack 904269316, win 284, length 116
14:18:15.768359 IP 172.31.0.1.51015 > 172.31.0.7.ssh: Flags [.], ack 116, win 4097, length 0
14:18:16.059897 ARP, Request who-has 172.31.0.7 tell rocky8, length 28
14:18:16.060285 ARP, Reply 172.31.0.7 is-at 00:0c:29:50:0f:03 (oui Unknown), length 46
14:18:16.726772 IP 172.31.0.7 > rocky8: ICMP echo request, id 1087, seq 195, length 64
14:18:16.726805 IP rocky8 > 172.31.0.7: ICMP echo reply, id 1087, seq 195, length 64
14:18:16.727058 IP 172.31.0.7.ssh > 172.31.0.1.51015: Flags [P.], seq 116:232, ack 1, win 284, length 116
14:18:16.779208 IP 172.31.0.1.51015 > 172.31.0.7.ssh: Flags [.], ack 232, win 4096, length 0
^C
10 packets captured
10 packets received by filter
0 packets dropped by kernel

#面试题
[root@rocky8 ~]# tcpdump -i eth0 -nn icmp and src host 172.31.0.6 and dst host 172.31.0.7
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

[root@centos6 ~]# ping 172.31.0.7
PING 172.31.0.7 (172.31.0.7) 56(84) bytes of data.
64 bytes from 172.31.0.7: icmp_seq=1 ttl=64 time=0.332 ms
64 bytes from 172.31.0.7: icmp_seq=2 ttl=64 time=0.468 ms
64 bytes from 172.31.0.7: icmp_seq=3 ttl=64 time=0.275 ms
64 bytes from 172.31.0.7: icmp_seq=4 ttl=64 time=0.417 ms

[root@rocky8 ~]# tcpdump -i eth0 -nn icmp and src host 172.31.0.6 and dst host 172.31.0.7
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:28:44.908461 IP 172.31.0.6 > 172.31.0.7: ICMP echo request, id 44549, seq 1, length 64
14:28:45.909583 IP 172.31.0.6 > 172.31.0.7: ICMP echo request, id 44549, seq 2, length 64
14:28:46.910616 IP 172.31.0.6 > 172.31.0.7: ICMP echo request, id 44549, seq 3, length 64
14:28:47.911774 IP 172.31.0.6 > 172.31.0.7: ICMP echo request, id 44549, seq 4, length 64
14:28:48.912210 IP 172.31.0.6 > 172.31.0.7: ICMP echo request, id 44549, seq 5, length 64
14:28:49.913383 IP 172.31.0.6 > 172.31.0.7: ICMP echo request, id 44549, seq 6, length 64
14:28:50.914714 IP 172.31.0.6 > 172.31.0.7: ICMP echo request, id 44549, seq 7, length 64
14:28:51.915455 IP 172.31.0.6 > 172.31.0.7: ICMP echo request, id 44549, seq 8, length 64
14:28:52.916538 IP 172.31.0.6 > 172.31.0.7: ICMP echo request, id 44549, seq 9, length 64
14:28:53.917307 IP 172.31.0.6 > 172.31.0.7: ICMP echo request, id 44549, seq 10, length 64
14:28:54.918172 IP 172.31.0.6 > 172.31.0.7: ICMP echo request, id 44549, seq 11, length 64
14:28:55.920162 IP 172.31.0.6 > 172.31.0.7: ICMP echo request, id 44549, seq 12, length 64
14:28:56.920756 IP 172.31.0.6 > 172.31.0.7: ICMP echo request, id 44549, seq 13, length 64
14:28:57.921694 IP 172.31.0.6 > 172.31.0.7: ICMP echo request, id 44549, seq 14, length 64
14:28:58.922302 IP 172.31.0.6 > 172.31.0.7: ICMP echo request, id 44549, seq 15, length 64
^C
15 packets captured
15 packets received by filter
0 packets dropped by kernel

#特定端口
tcpdump port 3000

[root@rocky8 ~]# tcpdump port 22
...
14:29:37.092881 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 67604:67768, ack 1, win 307, length 164
14:29:37.092920 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 67768:67932, ack 1, win 307, length 164
14:29:37.092958 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 67932:68096, ack 1, win 307, length 164
14:29:37.092996 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 68096:68260, ack 1, win 307, length 164
14:29:37.093035 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 68260:68424, ack 1, win 307, length 164
14:29:37.093074 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 68424:68588, ack 1, win 307, length 164
14:29:37.093112 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 68588:68752, ack 1, win 307, length 164
14:29:37.093151 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 68752:68916, ack 1, win 307, length 164
14:29:37.093189 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 68916:69080, ack 1, win 307, length 164
14:29:37.093229 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 69080:69212, ack 1, win 307, length 132
14:29:37.093410 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 63832, win 4100, length 0
14:29:37.093431 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 65472, win 4100, length 0
14:29:37.093436 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 67112, win 4100, length 0
14:29:37.093439 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 68752, win 4100, length 0
14:29:37.093443 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 69212, win 4098, length 0
14:29:37.095698 IP 172.31.0.1.51011 > rocky8.ssh: Flags [P.], seq 1:53, ack 69212, win 4098, length 52
^C
445 packets captured
445 packets received by filter
0 packets dropped by kernel

#监听TCP/UDP,服务器上不同服务分别用了TCP、UDP作为传输层,假如只想监听TCP的数据包
tcpdump tcp

[root@rocky8 ~]# tcpdump tcp
...
14:30:17.833504 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 245016:245276, ack 53, win 307, length 260
14:30:17.833611 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 245016, win 4095, length 0
14:30:17.833619 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 245276:245440, ack 53, win 307, length 164
14:30:17.833688 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 245440:245700, ack 53, win 307, length 260
14:30:17.833768 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 245440, win 4100, length 0
14:30:17.833776 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 245700:245864, ack 53, win 307, length 164
14:30:17.833839 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 245864:246124, ack 53, win 307, length 260
14:30:17.833967 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 245864, win 4098, length 0
14:30:17.833976 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 246124:246288, ack 53, win 307, length 164
14:30:17.834048 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 246288:246548, ack 53, win 307, length 260
14:30:17.834135 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 246288, win 4097, length 0
14:30:17.834143 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 246548:246712, ack 53, win 307, length 164
^C
1695 packets captured
1697 packets received by filter
0 packets dropped by kernel

#来源主机+端口+TCP,监听来自主机172.31.0.70在端口22上的TCP数据包
tcpdump tcp port 22 and src host 172.31.0.7

[root@rocky8 ~]# tcpdump tcp port 22 and src host 172.31.0.7
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

[root@centos7 ~]# ssh 172.31.1.8
root@172.31.1.8's password: 

[root@rocky8 ~]# tcpdump tcp port 22 and src host 172.31.0.7
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:31:48.283548 IP 172.31.0.7.ssh > 172.31.0.1.51015: Flags [.], ack 904274756, win 284, length 0
14:31:48.283647 IP 172.31.0.7.ssh > 172.31.0.1.51015: Flags [P.], seq 0:52, ack 1, win 284, length 52
14:31:48.284011 IP 172.31.0.7.44350 > rocky8.ssh: Flags [F.], seq 3142726821, ack 724245496, win 261, options [nop,nop,TS val 933341 ecr 494932143], length 0
14:31:48.284216 IP 172.31.0.7.ssh > 172.31.0.1.51015: Flags [P.], seq 52:136, ack 1, win 284, length 84
14:31:48.285794 IP 172.31.0.7.44350 > rocky8.ssh: Flags [.], ack 2, win 261, options [nop,nop,TS val 933343 ecr 494968377], length 0
14:31:48.751227 IP 172.31.0.7.ssh > 172.31.0.1.51015: Flags [P.], seq 136:204, ack 69, win 284, length 68
14:31:49.123155 IP 172.31.0.7.ssh > 172.31.0.1.51015: Flags [P.], seq 204:256, ack 121, win 284, length 52
14:31:49.127100 IP 172.31.0.7.44352 > rocky8.ssh: Flags [S], seq 2468153160, win 29200, options [mss 1460,sackOK,TS val 934183 ecr 0,nop,wscale 7], length 0
14:31:49.127982 IP 172.31.0.7.44352 > rocky8.ssh: Flags [.], ack 3133224819, win 229, options [nop,nop,TS val 934184 ecr 494969219], length 0
14:31:49.128021 IP 172.31.0.7.44352 > rocky8.ssh: Flags [P.], seq 0:21, ack 1, win 229, options [nop,nop,TS val 934184 ecr 494969219], length 21
...

#监听特定主机之间的通信
tcpdump ip host 172.31.0.7 and 172.31.0.6

[root@rocky8 ~]# tcpdump ip host 172.31.0.7 and 172.31.0.6
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

[root@centos7 ~]# ping 172.31.0.6
PING 172.31.0.6 (172.31.0.6) 56(84) bytes of data.
64 bytes from 172.31.0.6: icmp_seq=1 ttl=64 time=0.243 ms
64 bytes from 172.31.0.6: icmp_seq=2 ttl=64 time=0.784 ms
64 bytes from 172.31.0.6: icmp_seq=3 ttl=64 time=0.351 ms
64 bytes from 172.31.0.6: icmp_seq=4 ttl=64 time=0.439 ms
64 bytes from 172.31.0.6: icmp_seq=5 ttl=64 time=0.444 ms
64 bytes from 172.31.0.6: icmp_seq=6 ttl=64 time=0.229 ms
64 bytes from 172.31.0.6: icmp_seq=7 ttl=64 time=0.333 ms
64 bytes from 172.31.0.6: icmp_seq=8 ttl=64 time=0.497 ms
64 bytes from 172.31.0.6: icmp_seq=9 ttl=64 time=0.301 ms

[root@rocky8 ~]# tcpdump ip host 172.31.0.7 and 172.31.0.6
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:33:09.135934 IP 172.31.0.7 > 172.31.0.6: ICMP echo request, id 1126, seq 1, length 64
14:33:09.136018 IP 172.31.0.6 > 172.31.0.7: ICMP echo reply, id 1126, seq 1, length 64
14:33:10.136590 IP 172.31.0.7 > 172.31.0.6: ICMP echo request, id 1126, seq 2, length 64
14:33:10.136905 IP 172.31.0.6 > 172.31.0.7: ICMP echo reply, id 1126, seq 2, length 64
14:33:11.137613 IP 172.31.0.7 > 172.31.0.6: ICMP echo request, id 1126, seq 3, length 64
14:33:11.137735 IP 172.31.0.6 > 172.31.0.7: ICMP echo reply, id 1126, seq 3, length 64
14:33:12.138693 IP 172.31.0.7 > 172.31.0.6: ICMP echo request, id 1126, seq 4, length 64
14:33:12.138872 IP 172.31.0.6 > 172.31.0.7: ICMP echo reply, id 1126, seq 4, length 64
^C
8 packets captured
8 packets received by filter
0 packets dropped by kernel

#172.31.0.7和除了172.31.0.1之外的主机之间的通信
tcpdump ip host 172.31.0.7 and ! 172.31.0.1

[root@rocky8 ~]# tcpdump ip host 172.31.0.7 and ! 172.31.0.1
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:34:56.378967 IP rocky8 > 172.31.0.7: ICMP echo request, id 1683, seq 439, length 64
14:34:56.379357 IP 172.31.0.7 > rocky8: ICMP echo reply, id 1683, seq 439, length 64
14:34:57.403221 IP rocky8 > 172.31.0.7: ICMP echo request, id 1683, seq 440, length 64
14:34:57.403709 IP 172.31.0.7 > rocky8: ICMP echo reply, id 1683, seq 440, length 64
14:34:58.427890 IP rocky8 > 172.31.0.7: ICMP echo request, id 1683, seq 441, length 64
14:34:58.428111 IP 172.31.0.7 > rocky8: ICMP echo reply, id 1683, seq 441, length 64
14:34:59.451646 IP rocky8 > 172.31.0.7: ICMP echo request, id 1683, seq 442, length 64
14:34:59.452009 IP 172.31.0.7 > rocky8: ICMP echo reply, id 1683, seq 442, length 64
^C
8 packets captured
11 packets received by filter
0 packets dropped by kernel

#详细示例
[root@rocky8 ~]# tcpdump tcp -i eth0 -t -s 0 -c 100 and dst port ! 22 and src net 172.31.0.0/21 -w ./target.cap
dropped privs to tcpdump
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
100 packets captured
102 packets received by filter
0 packets dropped by kernel

(1)tcp: ip icmp arp rarp 和 tcp、udp、icmp这些选项等都要放到第一个参数的位置,用来过滤数据报的类型
(2)-i eth1 : 只抓经过接口eth1的包
(3)-t : 不显示时间戳
(4)-s 0 : 设置为0表示使用默认值262144字节抓取每个包,以便与tcpdump的旧版本兼容
(5)-c 100 : 只抓取100个数据包
(6)dst port ! 22 : 不抓取目标端口是22的数据包
(7)src net 172.31.0.0/21 : 数据包的源网络地址为172.31.0.0/21
(8)-w ./target.cap : 保存成cap文件,方便用wireshark分析

#限制抓包的数量,如下,抓到1000个包后,自动退出
tcpdump -c 1000
[root@rocky8 ~]# tcpdump -c 1000
...
14:43:20.516939 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 146196:146456, ack 1, win 329, length 260
14:43:20.517009 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 146196, win 4050, length 0
14:43:20.517017 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 146456:146620, ack 1, win 329, length 164
14:43:20.517081 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 146620:146880, ack 1, win 329, length 260
14:43:20.517151 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 146620, win 4049, length 0
14:43:20.517159 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 146880:147044, ack 1, win 329, length 164
14:43:20.517223 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 147044:147304, ack 1, win 329, length 260
14:43:20.517293 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 147044, win 4047, length 0
14:43:20.517301 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 147304:147468, ack 1, win 329, length 164
14:43:20.517366 IP rocky8.ssh > 172.31.0.1.51011: Flags [P.], seq 147468:147728, ack 1, win 329, length 260
14:43:20.517436 IP 172.31.0.1.51011 > rocky8.ssh: Flags [.], ack 147468, win 4045, length 0
1000 packets captured
1001 packets received by filter
0 packets dropped by kernel

#保存到本地,tcpdump默认会将输出写到缓冲区,只有缓冲区内容达到一定的大小,或者tcpdump退出时,才会将输出写到本地磁盘,可以加上-U强制立即写到本地磁盘(一般不建议,性能相对较差)
[root@rocky8 ~]# tcpdump -n -vvv -c 1000 -w /tmp/tcpdump_save.cap
dropped privs to tcpdump
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
1000 packets captured
1000 packets received by filter
0 packets dropped by kernel

4.9.2 nmap

扫描远程主机工具,比发送 ICMP 报文的 ping 命令的功能要强大很多

官方帮助:https://nmap.org/book/man.html

格式:

nmap [Scan Type(s)] [Options] {target specification}

命令选项
-sT TCP connect() 扫描,这是最基本的 TCP 扫描方式。这种扫描很容易被检测到,在目标主机的日志中会记录大批的连接请求以及错误信息
-sS TCP 同步扫描 (TCP SYN),因为不必全部打开一个 TCP 连接,所以这项技术通常称为半开扫描(half-open)。这项技术最大的好处是,很少有系统能够把这记入系统日志
-sF,-sX,-sN 秘密 FIN 数据包扫描、圣诞树 (Xmas Tree)、空 (Null) 扫描模式。这些扫描方式的理论依据是:关闭的端口需要对你的探测包回应 RST 包,而打开的端口必需忽略有问题的包
-sP ping 扫描,用 ping 方式检查网络上哪些主机正在运行。当主机阻塞 ICMP echo 请求包是
ping 扫描是无效的。nmap 在任何情况下都会进行 ping 扫描,只有目标主机处于运行状态,才会进行后续的扫描
-sU UDP 的数据包进行扫描,想知道在某台主机上提供哪些 UDP 服务,可以使用此选项
-sA ACK 扫描,这项高级的扫描方法通常可以用来穿过防火墙。
-sW 滑动窗口扫描,非常类似于 ACK 的扫描
-sR RPC 扫描,和其它不同的端口扫描方法结合使用。
-b FTP 反弹攻击 (bounce attack),连接到防火墙后面的一台 FTP 服务器做代理,接着进行端口扫描。
-P0 在扫描之前,不 ping 主机。
-PT 扫描之前,使用 TCP ping 确定哪些主机正在运行
-PS 对于 root 用户,这个选项让 nmap 使用 SYN 包而不是 ACK 包来对目标主机进行扫描。
-PI 设置这个选项,让 nmap 使用真正的 ping(ICMP echo 请求)来扫描目标主机是否正在运行。

-PB 这是默认的 ping 扫描选项。它使用 ACK(-PT) 和 ICMP(-PI) 两种扫描类型并行扫描。如果防火墙能够过滤其中一种包,使用这种方法,你就能够穿过防火墙。
-O 这个选项激活对 TCP/IP 指纹特征 (fingerprinting) 的扫描,获得远程主机的标志,也就是操作系统类型
-I 打开 nmap 的反向标志扫描功能。
-f 使用碎片 IP 数据包发送 SYN、FIN、XMAS、NULL。包增加包过滤、入侵检测系统的难度,使其无法知道你的企图
-v 冗余模式。强烈推荐使用这个选项,它会给出扫描过程中的详细信息。
-S <IP> 在一些情况下,nmap 可能无法确定你的源地址 。在这种情况使用这个选项给出指定 IP 地址
-g port 设置扫描的源端口
-oN 把扫描结果重定向到一个可读的文件 logfilename 中
-oS 扫描结果输出到标准输出。
--host_timeout 设置扫描一台主机的时间,以毫秒为单位。默认的情况下,没有超时限制
--max_rtt_timeout 设置对每次探测的等待时间,以毫秒为单位。如果超过这个时间限制就重传或者超时。默认值是大约 9000 毫秒
--min_rtt_timeout 设置 nmap 对每次探测至少等待你指定的时间,以毫秒为单位
-M count 置进行 TCP connect() 扫描时,最多使用多少个套接字进行并行的扫描

范例:

[root@rocky8 ~]# nmap -v -sP 172.31.0.0/21
-bash: nmap: command not found
[root@rocky8 ~]# dnf -y install nmap

#探测主机开启哪些服务
[root@rocky8 ~]#  nmap -v -A 172.31.0.7
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 14:50 CST
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 14:50
Completed NSE at 14:50, 0.00s elapsed
Initiating NSE at 14:50
Completed NSE at 14:50, 0.00s elapsed
Initiating ARP Ping Scan at 14:50
Scanning 172.31.0.7 [1 port]
Completed ARP Ping Scan at 14:50, 0.20s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 14:50
Completed Parallel DNS resolution of 1 host. at 14:50, 0.27s elapsed
Initiating SYN Stealth Scan at 14:50
Scanning 172.31.0.7 [1000 ports]
Discovered open port 22/tcp on 172.31.0.7
Completed SYN Stealth Scan at 14:50, 1.25s elapsed (1000 total ports)
Initiating Service scan at 14:50
Scanning 1 service on 172.31.0.7
Completed Service scan at 14:50, 0.01s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against 172.31.0.7
NSE: Script scanning 172.31.0.7.
Initiating NSE at 14:50
Completed NSE at 14:50, 0.06s elapsed
Initiating NSE at 14:50
Completed NSE at 14:50, 0.00s elapsed
Nmap scan report for 172.31.0.7
Host is up (0.00045s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.4 (protocol 2.0)
| ssh-hostkey: 
|   2048 48:b9:6e:b2:f6:f0:90:1d:92:2b:d3:54:87:a1:f5:ee (RSA)
|   256 f1:ee:83:81:26:e8:ed:a5:39:d5:fd:41:bc:a8:23:38 (ECDSA)
|_  256 2f:ae:24:4d:ae:d6:a6:89:eb:e3:d6:fd:08:5c:0d:ca (ED25519)
MAC Address: 00:0C:29:50:0F:03 (VMware)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Uptime guess: 0.024 days (since Tue Oct 26 14:16:15 2021)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=255 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE
HOP RTT     ADDRESS
1   0.45 ms 172.31.0.7

NSE: Script Post-scanning.
Initiating NSE at 14:50
Completed NSE at 14:50, 0.00s elapsed
Initiating NSE at 14:50
Completed NSE at 14:50, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 4.09 seconds
           Raw packets sent: 1040 (47.042KB) | Rcvd: 1033 (42.470KB)

#Tcp ack 扫描,并发2000,速度快
[root@rocky8 ~]# nmap -n -PA --min-parallelism 2000 172.31.0.0/21
Warning: Your --min-parallelism option is pretty high!  This can hurt reliability.
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 14:51 CST
Nmap scan report for 172.31.0.1
Host is up (0.00012s latency).
All 1000 scanned ports on 172.31.0.1 are filtered
MAC Address: 00:50:56:C0:00:08 (VMware)

Nmap scan report for 172.31.0.2
Host is up (0.00024s latency).
All 1000 scanned ports on 172.31.0.2 are closed
MAC Address: 00:50:56:EA:AB:89 (VMware)

Nmap scan report for 172.31.0.6
Host is up (0.00030s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:8E:46:7A (VMware)

Nmap scan report for 172.31.0.7
Host is up (0.00028s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:50:0F:03 (VMware)

Nmap scan report for 172.31.2.18
Host is up (0.00025s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:5D:DE:53 (VMware)

Nmap scan report for 172.31.2.20
Host is up (0.00025s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:C1:04:61 (VMware)

Nmap scan report for 172.31.7.254
Host is up (0.00010s latency).
All 1000 scanned ports on 172.31.7.254 are filtered
MAC Address: 00:50:56:F1:C5:B1 (VMware)

Nmap scan report for 172.31.1.8
Host is up (0.0000050s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http

Nmap done: 2048 IP addresses (8 hosts up) scanned in 4.05 seconds


#仅列出指定网段上的每台主机,不发送任何报文到目标主机.
[root@rocky8 ~]# nmap -sL 172.31.0.0/21
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 14:53 CST
...
Nmap scan report for 172.31.7.248
Nmap scan report for 172.31.7.249
Nmap scan report for 172.31.7.250
Nmap scan report for 172.31.7.251
Nmap scan report for 172.31.7.252
Nmap scan report for 172.31.7.253
Nmap scan report for 172.31.7.254
Nmap scan report for 172.31.7.255
Nmap done: 2048 IP addresses (0 hosts up) scanned in 3.06 seconds


#可以指定一个IP地址范围
[root@rocky8 ~]# nmap -sP 172.31.0.1-10
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 14:54 CST
Nmap scan report for 172.31.0.1
Host is up (0.00010s latency).
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 172.31.0.2
Host is up (-0.20s latency).
MAC Address: 00:50:56:EA:AB:89 (VMware)
Nmap scan report for 172.31.0.6
Host is up (0.00015s latency).
MAC Address: 00:0C:29:8E:46:7A (VMware)
Nmap scan report for 172.31.0.7
Host is up (0.00012s latency).
MAC Address: 00:0C:29:50:0F:03 (VMware)
Nmap done: 10 IP addresses (4 hosts up) scanned in 0.68 seconds

#批量扫描一个网段的主机存活数
nmap -sP -v 192.168.1.0/24
nmap –v –sn ip/24

[root@rocky8 ~]# nmap -v -sP 172.31.0.0/21
Warning: The -sP option is deprecated. Please use -sn
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 14:48 CST
Initiating ARP Ping Scan at 14:48
Scanning 2047 hosts [1 port/host]
Stats: 0:00:21 elapsed; 0 hosts completed (0 up), 2047 undergoing ARP Ping Scan
ARP Ping Scan Timing: About 59.62% done; ETC: 14:49 (0:00:14 remaining)
...
Nmap scan report for 172.31.7.247 [host down]
Nmap scan report for 172.31.7.248 [host down]
Nmap scan report for 172.31.7.249 [host down]
Nmap scan report for 172.31.7.250 [host down]
Nmap scan report for 172.31.7.251 [host down]
Nmap scan report for 172.31.7.252 [host down]
Nmap scan report for 172.31.7.253 [host down]
Nmap scan report for 172.31.7.254
Host is up (0.00033s latency).
MAC Address: 00:50:56:F1:C5:B1 (VMware)
Nmap scan report for 172.31.7.255 [host down]
Initiating Parallel DNS resolution of 1 host. at 14:49
Completed Parallel DNS resolution of 1 host. at 14:49, 0.28s elapsed
Nmap scan report for 172.31.1.8
Host is up.
Read data files from: /usr/bin/../share/nmap
Nmap done: 2048 IP addresses (8 hosts up) scanned in 29.46 seconds
           Raw packets sent: 4107 (114.996KB) | Rcvd: 28 (784B)

#有些主机关闭了ping检测,所以可以使用-P0跳过ping的探测,可以加快扫描速度.
nmap -P0 172.31.0.7

[root@rocky8 ~]# nmap -P0 172.31.0.7
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 14:55 CST
Nmap scan report for 172.31.0.7
Host is up (0.00061s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:50:0F:03 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 1.83 seconds


#扫描主机
nmap –v –A IP

[root@rocky8 ~]# nmap -v -A 172.31.0.6
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 14:57 CST
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 14:57
Completed NSE at 14:57, 0.00s elapsed
Initiating NSE at 14:57
Completed NSE at 14:57, 0.00s elapsed
Initiating ARP Ping Scan at 14:57
Scanning 172.31.0.6 [1 port]
Completed ARP Ping Scan at 14:57, 0.20s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 14:57
Completed Parallel DNS resolution of 1 host. at 14:57, 0.31s elapsed
Initiating SYN Stealth Scan at 14:57
Scanning 172.31.0.6 [1000 ports]
Discovered open port 22/tcp on 172.31.0.6
Completed SYN Stealth Scan at 14:57, 1.25s elapsed (1000 total ports)
Initiating Service scan at 14:57
Scanning 1 service on 172.31.0.6
Completed Service scan at 14:57, 0.01s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against 172.31.0.6
NSE: Script scanning 172.31.0.6.
Initiating NSE at 14:57
Completed NSE at 14:57, 0.05s elapsed
Initiating NSE at 14:57
Completed NSE at 14:57, 0.00s elapsed
Nmap scan report for 172.31.0.6
Host is up (0.00037s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 5.3 (protocol 2.0)
| ssh-hostkey: 
|   1024 03:94:78:07:4d:d4:45:c5:e7:ec:3c:b6:40:6c:fb:4e (DSA)
|_  2048 16:50:94:e5:6b:92:2b:e0:ce:af:71:5e:11:40:5c:f0 (RSA)
MAC Address: 00:0C:29:8E:46:7A (VMware)
Device type: general purpose
Running: Linux 2.6.X|3.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3
OS details: Linux 2.6.32 - 3.10
Uptime guess: 0.028 days (since Tue Oct 26 14:16:16 2021)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=265 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE
HOP RTT     ADDRESS
1   0.37 ms 172.31.0.6

NSE: Script Post-scanning.
Initiating NSE at 14:57
Completed NSE at 14:57, 0.00s elapsed
Initiating NSE at 14:57
Completed NSE at 14:57, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 3.97 seconds
           Raw packets sent: 1040 (47.042KB) | Rcvd: 1035 (42.562KB)

#一次性扫描多台目标主机
[root@rocky8 ~]# nmap 172.31.0.6 172.31.0.7
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 14:59 CST
Nmap scan report for 172.31.0.6
Host is up (0.00043s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:8E:46:7A (VMware)

Nmap scan report for 172.31.0.7
Host is up (0.00041s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:50:0F:03 (VMware)

Nmap done: 2 IP addresses (2 hosts up) scanned in 99.40 seconds

#从一个文件中导入IP地址,并进行扫描
[root@rocky8 ~]# cat > hostip.txt
172.31.0.6            
172.31.0.7
223.6.6.6
^C

[root@rocky8 ~]# nmap -iL hostip.txt 
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 15:02 CST
Nmap scan report for 172.31.0.6
Host is up (0.00040s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:8E:46:7A (VMware)

Nmap scan report for 172.31.0.7
Host is up (0.00046s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:50:0F:03 (VMware)

Nmap scan report for public2.alidns.com (223.6.6.6)
Host is up (0.0020s latency).
Not shown: 997 filtered ports
PORT    STATE SERVICE
53/tcp  open  domain
80/tcp  open  http
443/tcp open  https

Nmap done: 3 IP addresses (3 hosts up) scanned in 169.71 seconds


#探测目标主机开放的端口,可指定一个以逗号分隔的端口列表(如-PS22,443,80)
[root@rocky8 ~]# nmap -PS22,80,443 172.31.0.7
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 15:23 CST
Nmap scan report for 172.31.0.7
Host is up (0.00061s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:50:0F:03 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 1.58 seconds

#使用SYN半开放扫描
[root@rocky8 ~]# nmap -sS 172.31.0.7
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 15:23 CST
Nmap scan report for 172.31.0.7
Host is up (0.00069s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:50:0F:03 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 4.02 seconds

#扫描开放了TCP端口的设备
[root@rocky8 ~]# nmap -sT 172.31.0.6
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 15:24 CST
Nmap scan report for 172.31.0.6
Host is up (0.00060s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:8E:46:7A (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds

#扫描开放了UDP端口的设备
[root@rocky8 ~]# nmap -sU 172.31.0.1
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 15:14 CST
Nmap scan report for 172.31.0.1
Host is up (-0.20s latency).
All 1000 scanned ports on 172.31.0.1 are open|filtered
MAC Address: 00:50:56:C0:00:08 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 21.44 seconds

#只扫描UDP端口
[root@rocky8 ~]# nmap -e eth0 -sU -O 172.31.0.1
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 15:15 CST
Nmap scan report for 172.31.0.1
Host is up (-0.20s latency).
All 1000 scanned ports on 172.31.0.1 are open|filtered
MAC Address: 00:50:56:C0:00:08 (VMware)
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 24.40 seconds

#扫描TCP和UDP端口
[root@rocky8 ~]# nmap -sTU -O 172.31.0.1
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 15:16 CST
Nmap scan report for 172.31.0.1
Host is up (-0.20s latency).
All 2000 scanned ports on 172.31.0.1 are filtered (1000) or open|filtered (1000)
MAC Address: 00:50:56:C0:00:08 (VMware)
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 45.70 seconds

#用于扫描目标主机服务版本号
[root@rocky8 ~]# nmap -sV 172.31.0.7
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 15:17 CST
Nmap scan report for 172.31.0.7
Host is up (0.0010s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.4 (protocol 2.0)
MAC Address: 00:0C:29:50:0F:03 (VMware)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.05 seconds

#查看主机当前开放的端口
nmap localhost

[root@rocky8 ~]# nmap localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 15:18 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000020s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 998 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 1.59 seconds

#查看主机端口(1024-65535)中开放的端口
nmap -p 1024-65535 localhost

[root@rocky8 ~]# nmap -p 1024-65535 localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 15:18 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000060s latency).
Other addresses for localhost (not scanned): ::1
All 64512 scanned ports on localhost (127.0.0.1) are closed

Nmap done: 1 IP address (1 host up) scanned in 5.61 seconds

#探测目标主机开放的端口
[root@rocky8 ~]# nmap -PS 172.31.0.1
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 15:19 CST
Nmap scan report for 172.31.0.1
Host is up (-0.20s latency).
All 1000 scanned ports on 172.31.0.1 are filtered
MAC Address: 00:50:56:C0:00:08 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 21.47 seconds


#探测所列出的目标主机端口
[root@rocky8 ~]# nmap -PS22,80,3306 172.31.0.7
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 15:20 CST
Nmap scan report for 172.31.0.7
Host is up (0.00082s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:50:0F:03 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 1.82 seconds

#探测目标主机操作系统类型
root@rocky8 ~]# nmap -O 172.31.0.7
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 15:21 CST
Nmap scan report for 172.31.0.7
Host is up (0.00066s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:50:0F:03 (VMware)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 3.71 seconds

#探测目标主机操作系统类型
[root@rocky8 ~]# nmap -A 172.31.2.18
Starting Nmap 7.70 ( https://nmap.org ) at 2021-10-26 15:22 CST
Nmap scan report for 172.31.2.18
Host is up (0.00042s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 60:85:2d:8d:62:ee:f6:dd:c9:92:4c:f7:0b:0a:84:61 (RSA)
|   256 c6:31:b0:a9:a4:b6:75:f2:53:4e:a6:a2:ab:04:71:f6 (ECDSA)
|_  256 c0:21:7a:09:a9:1f:fb:22:bd:2d:21:60:be:d8:89:93 (ED25519)
MAC Address: 00:0C:29:5D:DE:53 (VMware)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.70%E=4%D=10/26%OT=22%CT=1%CU=30781%PV=Y%DS=1%DC=D%G=Y%M=000C29%
OS:TM=6177ACB5%P=x86_64-redhat-linux-gnu)SEQ(SP=106%GCD=1%ISR=10C%TI=Z%CI=Z
OS:%TS=A)SEQ(SP=106%GCD=1%ISR=10C%TI=Z%CI=Z%II=I%TS=A)OPS(O1=M5B4ST11NW7%O2
OS:=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST11NW7%O6=M5B4ST11)W
OS:IN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)ECN(R=Y%DF=Y%T=40%W=F
OS:AF0%O=M5B4NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T
OS:3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S
OS:=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R
OS:=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%
OS:RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)

Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE
HOP RTT     ADDRESS
1   0.42 ms 172.31.2.18

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 16.18 seconds

5.Ubuntu 网络配置

5.1 主机名

修改主机名

root@ubuntu1804:~# hostnamectl set-hostname ubuntu1804.raymond.org
root@ubuntu1804:~# cat /etc/hostname
ubuntu1804.raymond.org
root@ubuntu1804:~# hostname
ubuntu1804.raymond.org
root@ubuntu1804:~# echo $HOSTNAME
ubuntu1804
root@ubuntu1804:~# exit
logout
raymond@ubuntu1804:~$ sudo -i
root@ubuntu1804:~# echo $HOSTNAME
ubuntu1804.raymond.org

5.2 网卡名称

默认ubuntu的网卡名称和 CentOS 7 类似,如:ens33,ens38等

修改网卡名称为传统命名方式:

#修改配置文件为下面形式
root@ubuntu1804:~# vim /etc/default/grub
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
#或者sed修改
root@ubuntu1804:~# sed -i.bak '/^GRUB_CMDLINE_LINUX=/s#"$#net.ifnames=0 biosdevname=0"#' /etc/default/grub

#生效新的grub.cfg文件
root@ubuntu1804:~# grub-mkconfig -o /boot/grub/grub.cfg
#或者
root@ubuntu1804:~# update-grub

root@ubuntu1804:~# grep net.ifnames /boot/grub/grub.cfg
        linux	/vmlinuz-4.15.0-156-generic root=UUID=c6645190-9f94-4ae7-b5ef-b16dcb96ed4c ro  net.ifnames=0 biosdevname=0 
	        linux	/vmlinuz-4.15.0-156-generic root=UUID=c6645190-9f94-4ae7-b5ef-b16dcb96ed4c ro  net.ifnames=0 biosdevname=0 
	        linux	/vmlinuz-4.15.0-156-generic root=UUID=c6645190-9f94-4ae7-b5ef-b16dcb96ed4c ro recovery nomodeset dis_ucode_ldr  net.ifnames=0 biosdevname=0

#重启生效
root@ubuntu1804:~# reboot

5.3 Ubuntu网卡配置

官网文档:

https://help.ubuntu.com/

https://ubuntu.com/server/docs/network-configuration

https://help.ubuntu.com/lts/serverguide/network-configuration.html.zh-CN

https://ubuntu.com/server/docs/network-configuration

5.3.1 配置自动获取IP

范例:

raymond@ubuntu1804:~$ cat /etc/netplan/01-netcfg.yaml 
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: yes

修改网卡配置文件后需执行命令生效:

root@ubuntu1804:~# netplan apply

5.2.2 配置静态IP

范例:

root@ubuntu1804:~# cat /etc/netplan/01-netcfg.yaml 
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses: [172.31.2.18/21]
      - 172.31.2.18/21 #或者使用这种格式,两种格式不能混用
      gateway4: 172.31.0.2
      nameservers:
        search: [raymond.com, raymond.org]
        addresses: [223.5.5.5, 180.76.76.76]

root@ubuntu1804:/etc/netplan# netplan apply     
root@ubuntu1804:/etc/netplan# ping www
PING www.raymond.com (206.188.192.206) 56(84) bytes of data.
64 bytes from 206.188.192.206: icmp_seq=1 ttl=128 time=359 ms
64 bytes from 206.188.192.206: icmp_seq=2 ttl=128 time=337 ms
64 bytes from 206.188.192.206: icmp_seq=3 ttl=128 time=306 ms
^C
--- www.raymond.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2288ms
rtt min/avg/max/mdev = 306.332/334.361/359.223/21.718 ms
#search  是你ping网络只写了www,他会自动搜索里边添加的域名

查看ip和gateway

root@ubuntu1804:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:5d:de:53 brd ff:ff:ff:ff:ff:ff
    inet 172.31.2.18/21 brd 172.31.7.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe5d:de53/64 scope link 
       valid_lft forever preferred_lft forever
root@ubuntu1804:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.31.0.2      0.0.0.0         UG    0      0        0 eth0
172.31.0.0      0.0.0.0         255.255.248.0   U     0      0        0 eth0

查看DNS

root@ubuntu1804:~# ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 39 Sep 29 00:07 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf

root@ubuntu1804:~# systemd-resolve --status
Global
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 2 (eth0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 223.5.5.5
                      180.76.76.76
          DNS Domain: raymond.com
                      raymond.org

5.3.3 配置多⽹卡静态IP和静态路由

root@ubuntu1804:~# vim /etc/netplan/01-netcfg.yaml 
root@ubuntu1804:/etc/netplan# cat 01-netcfg.yaml 
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses: [172.31.2.18/21] 
      gateway4: 172.31.0.2
      nameservers:
        addresses: [223.5.5.5, 180.76.76.76]
    eth1:
      addresses:
      - 172.31.2.28/21
      routes:
      - to: 10.30.0.0/16
        via: 172.31.0.2
      - to: 10.40.0.0/16
        via: 172.31.0.2

root@ubuntu1804:/etc/netplan# netplan apply 
root@ubuntu1804:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:5d:de:53 brd ff:ff:ff:ff:ff:ff
    inet 172.31.2.18/21 brd 172.31.7.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe5d:de53/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:5d:de:5d brd ff:ff:ff:ff:ff:ff
    inet 172.31.2.28/21 brd 172.31.7.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe5d:de5d/64 scope link 
       valid_lft forever preferred_lft forever
root@ubuntu1804:/etc/netplan# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.31.0.2      0.0.0.0         UG    0      0        0 eth0
10.30.0.0       172.31.0.2      255.255.0.0     UG    0      0        0 eth1
10.40.0.0       172.31.0.2      255.255.0.0     UG    0      0        0 eth1
172.31.0.0      0.0.0.0         255.255.248.0   U     0      0        0 eth0
172.31.0.0      0.0.0.0         255.255.248.0   U     0      0        0 eth1

#或者每个网卡各自一个配置文件
root@ubuntu1804:~# cd /etc/netplan/
root@ubuntu1804:/etc/netplan# ls
01-netcfg.yaml  02-eth1.yaml

root@ubuntu1804:/etc/netplan# cat 01-netcfg.yaml 
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      addresses: [172.31.2.18/21] 
      gateway4: 172.31.0.2
      nameservers:
        addresses: [223.5.5.5, 180.76.76.76]

root@ubuntu1804:/etc/netplan# cat 02-eth1.yaml
network:
  version: 2
  renderer: networkd
  ethernets:
    eth1:
      addresses: 
      - 172.31.2.28/21
      routes:
      - to: 10.30.0.0/16
        via: 172.31.0.2
      - to: 10.40.0.0/16
        via: 172.31.0.2

root@ubuntu1804:/etc/netplan# netplan apply 
root@ubuntu1804:/etc/netplan# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:5d:de:53 brd ff:ff:ff:ff:ff:ff
    inet 172.31.2.18/21 brd 172.31.7.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe5d:de53/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:5d:de:5d brd ff:ff:ff:ff:ff:ff
    inet 172.31.2.28/21 brd 172.31.7.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe5d:de5d/64 scope link 
       valid_lft forever preferred_lft forever
root@ubuntu1804:/etc/netplan# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.31.0.2      0.0.0.0         UG    0      0        0 eth0
10.30.0.0       172.31.0.2      255.255.0.0     UG    0      0        0 eth1
10.40.0.0       172.31.0.2      255.255.0.0     UG    0      0        0 eth1
172.31.0.0      0.0.0.0         255.255.248.0   U     0      0        0 eth0
172.31.0.0      0.0.0.0         255.255.248.0   U     0      0        0 eth1

5.3.4 多⽹卡桥接

root@ubuntu1804:~# apt install -y bridge-utils

root@ubuntu1804:~# dpkg -L bridge-utils
/.
/etc
/etc/default
/etc/default/bridge-utils
/etc/network
/etc/network/if-post-down.d
/etc/network/if-pre-up.d
/lib
/lib/bridge-utils
/lib/bridge-utils/bridge-utils.sh
/lib/bridge-utils/ifupdown.sh
/lib/udev
/lib/udev/bridge-network-interface
/lib/udev/rules.d
/lib/udev/rules.d/60-bridge-network-interface.rules
/sbin
/sbin/brctl
/usr
/usr/share
/usr/share/doc
/usr/share/doc/bridge-utils
/usr/share/doc/bridge-utils/FAQ
/usr/share/doc/bridge-utils/FIREWALL
/usr/share/doc/bridge-utils/HOWTO
/usr/share/doc/bridge-utils/NEWS.Debian.gz
/usr/share/doc/bridge-utils/PROJECTS
/usr/share/doc/bridge-utils/README
/usr/share/doc/bridge-utils/README.Debian
/usr/share/doc/bridge-utils/THANKS
/usr/share/doc/bridge-utils/TODO
/usr/share/doc/bridge-utils/WISHLIST
/usr/share/doc/bridge-utils/changelog.Debian.gz
/usr/share/doc/bridge-utils/copyright
/usr/share/doc/bridge-utils/examples
/usr/share/doc/bridge-utils/examples/hibernate
/usr/share/doc/bridge-utils/examples/pm-utils
/usr/share/man
/usr/share/man/man5
/usr/share/man/man5/bridge-utils-interfaces.5.gz
/usr/share/man/man8
/usr/share/man/man8/brctl.8.gz
/etc/network/if-post-down.d/bridge
/etc/network/if-pre-up.d/bridge


#所有网卡都在一个文件里
root@ubuntu1804:~# cat /etc/netplan/01-netcfg.yaml 
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: yes
      dhcp6: no
    eth1:
      dhcp4: no
      dhcp6: no
    eth2:
      dhcp4: no
      dhcp6: no
  bridges:
    br0:
      dhcp4: no
      dhcp6: no
      addresses: [172.31.2.18/21]
      gateway4: 172.31.0.2
      nameservers:
        addresses: [223.5.5.5, 180.76.76.76]
      interfaces:
      - eth1
      - eth2
root@ubuntu1804:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:5d:de:53 brd ff:ff:ff:ff:ff:ff
    inet 172.31.7.3/21 brd 172.31.7.255 scope global dynamic eth0
       valid_lft 1599sec preferred_lft 1599sec
    inet6 fe80::20c:29ff:fe5d:de53/64 scope link 
       valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether f6:55:66:4e:75:4c brd ff:ff:ff:ff:ff:ff
    inet 172.31.2.18/21 brd 172.31.7.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::f455:66ff:fe4e:754c/64 scope link 
       valid_lft forever preferred_lft forever
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
    link/ether 00:0c:29:5d:de:5d brd ff:ff:ff:ff:ff:ff
5: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
    link/ether 00:0c:29:5d:de:67 brd ff:ff:ff:ff:ff:ff

#单独一个文件
root@ubuntu1804:~# cat /etc/netplan/br0.yaml 
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: yes
      dhcp6: no
    eth1:
      dhcp4: no
      dhcp6: no
    eth2:
      dhcp4: no
      dhcp6: no
  bridges:
    br0:
      dhcp4: no
      dhcp6: no
      addresses: [172.31.2.18/21]
      gateway4: 172.31.0.2
      nameservers:
        addresses: [223.5.5.5, 180.76.76.76]
      interfaces:
      - eth1
      - eth2

root@ubuntu1804:~# netplan apply 
root@ubuntu1804:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:5d:de:53 brd ff:ff:ff:ff:ff:ff
    inet 172.31.7.3/21 brd 172.31.7.255 scope global dynamic eth0
       valid_lft 1799sec preferred_lft 1799sec
    inet6 fe80::20c:29ff:fe5d:de53/64 scope link 
       valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether f6:55:66:4e:75:4c brd ff:ff:ff:ff:ff:ff
    inet 172.31.2.18/21 brd 172.31.7.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::f455:66ff:fe4e:754c/64 scope link 
       valid_lft forever preferred_lft forever
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
    link/ether 00:0c:29:5d:de:5d brd ff:ff:ff:ff:ff:ff
5: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
    link/ether 00:0c:29:5d:de:67 brd ff:ff:ff:ff:ff:ff
root@ubuntu1804:~# ifconfig br0
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.31.2.18  netmask 255.255.248.0  broadcast 172.31.7.255
        inet6 fe80::f455:66ff:fe4e:754c  prefixlen 64  scopeid 0x20<link>
        ether f6:55:66:4e:75:4c  txqueuelen 1000  (Ethernet)
        RX packets 18340955  bytes 2329021527 (2.3 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 652894  bytes 27475826 (27.4 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

root@ubuntu1804:~# brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.f655664e754c	no		eth1
							eth2

5.3.5 双⽹卡绑定

支持多网卡绑定七种模式
第一种模式:mod=0,即:(balance-rr) Round-robin policy(平衡抡循环策略)
特点:传输数据包顺序是依次传输(即:第1个包走eth0,下一个包就走eth1...一直循环下去,直到最后一个传输完毕),此模式提供负载平衡和容错能力。

第二种模式:mod=1,即: (active-backup) Active-backup policy(主-备份策略)
特点:只有一个设备处于活动状态,当一个宕掉另一个马上由备份转换为主设备。mac地址是外部可见得,从外面看来,bond的MAC地址是唯一的,以避免switch(交换机)发生混乱。此模式只提供了容错能力;由此可见此算法的优点是可以提供网络连接的可用性,但是它的资源利用率较低,只有一个接口处于工作状态,在有N 个网络接⼝的情况下,资源利用率为1/N。

第三种模式:mod=2,即:(balance-xor) XOR policy(平衡策略)
特点:基于指定的传输HASH策略传输数据包。缺省的策略是:(源MAC地址 XOR 目标MAC地址) % slave数量。其他的传输策略可以通过xmit_hash_policy选项指定,此模式提供负载平衡和容错能力。

第四种模式:mod=3,即:broadcast(广播策略)
特点:在每个slave接口上传输每个数据包,此模式提供了容错能力。

第五种模式:mod=4,即:(802.3ad) IEEE 802.3ad Dynamic link aggregation(IEEE 802.3ad 动态链接聚合)
特点:创建一个聚合组,它们共享同样的速率和双工设定。根据802.3ad规范将多个slave工作在同一个激活的聚合体下。
必要条件:
条件1:ethtool持获取每个slave的速率和双工设定。
条件2:switch(交换机)支持IEEE 802.3ad Dynamic link aggregation。
条件3:多数switch(交换机)需要经过特定配置才能支持802.3ad模式。

第六种模式:mod=5,即:(balance-tlb) Adaptive transmit load balancing(适配器传输负载均衡)
特点:不需要任何特别的switch(交换机)支持的通道bonding。在每个slave上根据当前的负载(根据速度计算)分配外出流量。如果正在接受数据的slave出故障了,另一个slave接管失败的slave的MAC地址。
该模式的必要条件:
ethtool支持获取每个slave的速率

第七种模式:mod=6,即:(balance-alb) Adaptive load balancing(适配器适应性负载均衡)
特点:该模式包含了balance-tlb模式,同时加上针对IPV4流量的接收负载均衡(receive load balance,rlb),而且不需要任何switch(交换机)的支持。

范例:

root@ubuntu1804:~# vim /etc/netplan/01-netcfg.yaml 
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
      dhcp6: no
    eth1:
      dhcp4: no
      dhcp6: no

  bonds:
    bond0:
      interfaces:
        - eth0
        - eth1
      addresses: [172.31.2.18/21] 
      gateway4: 172.31.0.2
      nameservers:
        addresses: [223.5.5.5, 180.76.76.76]
      parameters:
        mode: active-backup
        mii-monitor-interval: 100

root@ubuntu1804:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
    link/ether 4a:59:76:09:c4:6c brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
    link/ether 4a:59:76:09:c4:6c brd ff:ff:ff:ff:ff:ff
4: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4a:59:76:09:c4:6c brd ff:ff:ff:ff:ff:ff
    inet 172.31.2.18/21 brd 172.31.7.255 scope global bond0
       valid_lft forever preferred_lft forever
    inet6 fe80::4859:76ff:fe09:c46c/64 scope link 
       valid_lft forever preferred_lft forever
root@ubuntu1804:~# ifconfig bond0
bond0: flags=5187<UP,BROADCAST,RUNNING,MASTER,MULTICAST>  mtu 1500
        inet 172.31.2.18  netmask 255.255.248.0  broadcast 172.31.7.255
        inet6 fe80::4859:76ff:fe09:c46c  prefixlen 64  scopeid 0x20<link>
        ether 4a:59:76:09:c4:6c  txqueuelen 1000  (Ethernet)
        RX packets 23  bytes 1814 (1.8 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 24  bytes 3252 (3.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

root@ubuntu1804:~# ifconfig eth0
eth0: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST>  mtu 1500
        ether 4a:59:76:09:c4:6c  txqueuelen 1000  (Ethernet)
        RX packets 12437  bytes 17845721 (17.8 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1305  bytes 138677 (138.6 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

root@ubuntu1804:~# ifconfig eth1
eth1: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST>  mtu 1500
        ether 4a:59:76:09:c4:6c  txqueuelen 1000  (Ethernet)
        RX packets 61  bytes 4908 (4.9 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 59  bytes 7880 (7.8 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

root@ubuntu1804:~# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: eth1
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:5d:de:5d
Slave queue ID: 0

Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:5d:de:53
Slave queue ID: 0
上一篇:牛客挑战赛48 E 速度即转发(树套树)


下一篇:在swt中获取jar包中的文件 uri is not hierarchical