1、IP分类以及每个分类可以分配的IP数量
1.1 IP地址组成
唯一标识 IP 网络中的每台设备 ,每台主机(计算机、网络设备、外围设备)必须具有唯一的地址
IP地址由两部分组成
网络ID:标识网络,每个网段分配一个网络ID,处于高位
主机 ID:标识单个主机,由组织分配给各设备,处于低位
IPv4地址格式:点分十进制记法
IP地址是一个32位二进制数,如:10101100 00010000 10000000 00010001
| 可将此32位二进制数划分为四组8位二进制数 | 10101100 | 00010000 | 10000000 | 00010001 |
|---|---|---|---|---|
| 每组二进制八位数(或字节)均可转换成十进制数 | 172 | 16 | 128 | 17 |
| 地址可使用点分十进制记法记录 | 172. | 16. | 128. | 17 |
1.2 IP地址分类
| A类 | B类 | C类 | D类 | E类 | |
|---|---|---|---|---|---|
| 二进制表示 | 0 0000000 - 0 1111111.X.Y.Z | 10 000000 - 10 111111.X.Y.Z | 110 00000 - 110 1 1111.X.Y.Z | 1110 0000 - 1110 1111.X.Y.Z | 保留未使用 |
| 十进制表示法 | 0-127.X.Y.Z | 128-191.X.Y.Z | 192-223.X.Y.Z | 224-239.X.Y.Z | 240-255 |
| 网络ID | 网络ID位是最高8位 | 网络ID位是最高16位 | 网络ID位是最高24位 | 组(多)播 | |
| 主机ID | 主机ID是24位低位 | 主机ID是16位低位 | 主机ID是8位低位 | ||
| 网络数 | 126=2^7(可变是的网络ID位数)-2 | 2^14=16384 | 2^21=2097152 | ||
| 每个网络中的主机数 | 2^24-2=16777214 | 2^16-2=65534 | 2^8-2=254 | ||
| 默认子网掩码 | 255.0.0.0 | 255.255.0.0 | 255.255.255.0 | ||
| 私网地址 | 10.0.0.0 | 172.16.0.0-172.31.0.0 | 192.168.0.0-192.168.255.0 | ||
| 范例 | 114.114.114.114,1.1.1.1,58.87.87.99119.29.29.29 | 180.76.76.76,172.16.0.1 | 223.6.6.6 |
1.3 公共和私有IP地址
私有IP地址:不直接用于互联网,通常在局域网中使用
- A类:10.0.0.0到10.255.255.255 (一个网段)
- B类:172.16.0.0到172.31.255.255 (16个网段)
- C类:192.168.0.0到192.168.255.255 (256个网段)
公共IP地址:互联网上设备拥有的唯一地址
A类:1.0.0.0到9.255.255.255 11.0.0.0到126.255.255.255
B类:128.0.0.0到172.15.255.255 172.32.0.0到191.255.255.255
C类:192.0.0.0到192.167.255.255 192.169.0.0到223.255.255.255
1.4 特殊地址
-
0.0.0.0:
不是一个真正意义上的IP地址。它表示所有不清楚的主机和目的网络。
-
255.255.255.255:
限制广播地址。对本机来说,这个地址指本网段内(同一广播域)的所有主机。
-
127.0.0.1~127.255.255.254:
本机回环地址,主要用于测试。在传输介质上永远不应该出现目的地址为“127.0.0.1”的 数据包。
-
224.0.0.0到239.255.255.255:
组播地址,224.0.0.1特指所有主机,224.0.0.2特指所有路由器。224.0.0.5指OSPF 路由器,地址多用于一些特定的程序以及多媒体程序。
-
169.254.x.x:
如果Windows主机使用了DHCP自动分配IP地址,而又无法从DHCP服务器获取地址,系统会为主机分配这样地址。
1.5 保留地址
主机位是全0或全1
范例:
172.16.0.0 网络中的两个地址:172.16.0.0和172.16.255.2551.6 子网掩码
CIDR:无类域间路由,目前的网络已不再按A,B,C类划分网段,可以任意指定网段的范围。
CIDR 无类域间路由表示法:IP/网络ID位数,如:172.16.0.100/16
netmask子网掩码:32位或128位(IPv6)的数字,和IP成对使用,用来确认IP地址中的网络ID和主机ID,对应网络ID的位为1,对应主机ID的位为0。
范例:255.255.255.0 ,表现为连续的高位为1,连续的低位为0
子网掩码的八位
相关公式:
- 一个网络的最多的主机数=2^主机ID位数-2
- 网络(段)数=2^网络ID中可变的位数
- 网络ID=IP与netmask
范例:
netmask: 255.255.224.0,即网络ID位是19,那么主机ID位是13,主机数=2^13-2=8190判断对方主机是否在同一个网段
用自已的子网掩码分别和自已的IP及对方的IP相与,比较结果,相同则同一网络,不同则不同网段。
范例:判断A和B是否在网一个网段
A: 192.168.1.100 netmask:255.255.255.0
B: 192.168.2.100 netmask:255.255.0.0
1)用A主机子网掩码分别与A及B的IP与
A主机网络地址11000000.10101000.00000001.01100100与
A主机子网掩码11111111.11111111.11111111.00000000得
11000000.10101000.00000001.00000000即
192.168.1.0
B主机网络地址11000000.10101000.00000010.01100100与
A主机子网掩码11111111.11111111.11111111.00000000得
11000000.10101000.00000010.00000000即
192.168.2.0
192.168.1.0<>192.168.2.0,所以A和B不在同一网段
2)用B主机子网掩码分别与A及B的IP与
A主机网络地址11000000.10101000.00000001.01100100与
B主机子网掩码11111111.11111111.00000000.00000000得
11000000.10101000.00000000.00000000即
192.168.0.0
B主机网络地址11000000.10101000.00000010.01100100与
B主机子网掩码11111111.11111111.00000000.00000000得
11000000.10101000.00000000.00000000即
192.168.0.0
192.168.0.0<>192.168.0.0,所以A和B在同一网段
通过以上比较判断,两次的结果不一致,A和B是无法通讯的。范例:计算网络ID、主机数
1)主机IP:172.16.1.100/28
#此主机所在的网段最多有多少主机?
#主机数=2^主机ID位数-2,即2^(32-28)-2=14
#网络ID? IP和子网掩码相与,172.16.1.96
#即IP地址和子网掩码都转换成二进制后相与的结果
172.16.1.100转换成二进制是:10101100.00010000.00000001.01100100
28位子网掩码转换成二进制是: 11111111.11111111.11111111.11110000
相与的结果是: 10101100.00010000.00000001.01100000
即: 172.16.1.96
#此网段的主机中最小的IP:主机位是0001,即172.16.1.0110 0001,转换成十进制是:172.16.1.97
#此网段的主机中最大的IP:主机位是1110,即172.16.1.0110 1110,转换成十进制是:172.16.1.110
2)主机IP:203.110.228.200/26
#主机数:2^(32-26)-2=62
#网络ID:因26=24+2,所以前3位不变203.110.228,最后一位11001000和掩码11000000相与,即11000000=192,所以网络ID就是203.110.228.192
#此网段的主机中最小的IP:主机位是00 0001,即203.110.228.1100 0001,转换成十进制是:203.110.228.193
#此网段的主机中最大的IP:主机位是00 1110,即203.110.228.1111 1110,转换成十进制是:203.110.228.254
1.7 划分子网
划分子网:将一个大的网络(主机数多)划分成多个小的网络(主机数少),主机ID位数变少,网络ID位数变多,网络ID位向主机ID位借位。
范例:
1、把10.0.0.0/8网段划分为2个子网
#首先需要向主机ID借位,因为是2个子网,所以借1位就可以了
10.0 0000000.0.0/8 10.0.0.1~10.255.255.254
#网络ID向主机ID借1位,划分了2^1=2个子网
10.0 0000000.0.0
10.1 0000000.0.0
第一个子网:10.0.0.0/9 主机数:2^23-2
第二个子网:10.128.0.0/9 主机数:2^23-2
2、把10.0.0.0/8网段划分为4个子网
#网络ID需向主机ID借2位,划分2^2=4个子网
10.00 000000.0.0
10.01 000000.0.0
10.10 000000.0.0
10.11 000000.0.0
第一个子网:10.0.0.0/10 主机数:2^22-2
第二个子网:10.64.0.0/10 主机数:都同上
第三个子网:10.128.0.0/10
第四个子网:10.192.0.0/10范例:
中国移动10.0.0.0/8 给32个各省公司划分对应的子网
1)每个省公司的子网的netmask?
32个分公司,需要至少32个子网,因为2^5=32,所以需要借5位主机的ID。
即网络位就是8+5=13
子网掩码就是:11111111.11111000.0.0即255.248.0.0
2)每个省公司的子网的主机数有多少?
2^(32-13)-2=524286
3)河南省得到第10个子网,网络ID是多少?
因为10.00000 000.0.0/13是第1个子网,所以第10个子网就是10.01001 000.0.0/13,
转换成二进制就是10.72.0.0/13
4)河南省得到第10个子网的最小IP和最大的IP?
最小IP地址:10.01001 000.0.1,即10.72.0.1
最大IP地址:10.01001 111.11111111.11111110,即10.79.255.254
5)所有子网中最小和最大的子网的netid?
最小的网络ID:10.00000 000.0.0/13,即10.0.0.0/13
最大的网络ID:10.11111 000.0.0/13,即10.248.0.0/13
范例:
中国移动10.0.0.0/8 给32个各省公司划分对应的子网,河南省得到第10个子网,再给省内的16个地市划分子
网。
#由上例得知,河南省得到的第10个子网的网络ID是10.01001 000.0.0/13,即10.72.0.0/13
#省内需再划分16个子网,即再从主机ID借4位,那网络ID就是17
1)每个市公司的子网的netmask?
#网络ID是17,所以子网掩码是255.255.128.0
2)每个市公司的子网的主机数有多少?
2^(32-17)-2=32766
3)各地市的最小netid和最大的netid?
最小的网络ID:10.01001 000.0 0000000.0,即10.72.0.0/17
最大的网络ID:10.01001 111.1 0000000.0,即10.79.128.0/17
4)洛阳市第2个子网,最小IP和最大IP?
第一个子网是10.01001 000.0 0000000.0,即10.72.0.0/17
第二个子网是10.01001 000.1 0000000.0,即10.72.128.0/17
第3~16个子网是:
10.73.0.0/17
10.73.128.0
10.74.0.0
10.74.128.0
10.75.0.0
10.75.128.0
10.76.0.0
10.76.128.0
10.77.0.0
10.77.128.0
10.78.0.0
10.78.128.0
10.79.0.0
10.79.128.0
洛阳第二个子网,最小IP和最大IP
最小IP:10.01001 000.1 0000000.00000001,即10.72.128.1/17
最大IP:10.01001 000.1 1111111.11111110,即10.72.255.254/17
1.8 优化IP地址分配
合并超网:将多个小网络合并成一个大网,主机ID位向网络ID位借位,实现路由表的优化,可以一条命令覆盖几个小网段。
范例:
有8条路由记录,分别是
220.78.168.0/24
220.78.169.0/24
220.78.170.0/24
220.78.171.0/24
220.78.172.0/24
220.78.173.0/24
220.78.174.0/24
220.78.175.0/24
合并成一个大网,主机ID向网络ID借位,需要转换成二进制
220.78.10101 000.0
220.78.10101 001.0
220.78.10101 010.0
220.78.10101 011.0
202.78.10101 100.0
202.78.10101 101.0
202.78.10101 110.0
202.78.10101 111.0
可以看到168~175的前5位二进制相同,所以需要借5位给网络ID
网络ID:202.78.10101 000.0/21,即202.78.168.0/212、IP配置方法
2.1 网络配置方式
静态IP地址配置方法:
- ifconfig命令
- ip命令
- system-config-network-tui,setup
-
添加配置文件
- 动态分配:DHCP: Dynamic Host Configuration Protocol
2.2 ifconfig命令
来自于net-tools包,建议使用 ip 代替
[root@repo-client ~]# rpm -qi net-tools
Name : net-tools
Version : 2.0
Release : 0.25.20131004git.el7
Architecture: x86_64
Install Date: Sat 19 Dec 2020 08:05:53 PM CST
Group : System Environment/Base
Size : 938978
License : GPLv2+
Signature : RSA/SHA256, Fri 23 Aug 2019 05:36:04 AM CST, Key ID 24c6a8a7f4a80eb5
Source RPM : net-tools-2.0-0.25.20131004git.el7.src.rpm
Build Date : Fri 09 Aug 2019 09:10:26 AM CST
Build Host : x86-02.bsys.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem <http://bugs.centos.org>
Vendor : CentOS
URL : http://sourceforge.net/projects/net-tools/
Summary : Basic networking tools
Description :
The net-tools package contains basic networking tools,
including ifconfig, netstat, route, and others.
Most of them are obsolete. For replacement check iproute package.
常用选项:
ifconfig [interface]
ifconfig -a
ifconfig IFACE [up|down]
ifconfig interface [aftype] options | address ...
ifconfig IFACE IP/netmask [up]
ifconfig IFACE IP netmask NETMASK范例:
[root@repo-client ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.11 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::20c:29ff:feca:8ca2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ca:8c:a2 txqueuelen 1000 (Ethernet)
RX packets 207 bytes 20062 (19.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 165 bytes 24380 (23.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@repo-client ~]# ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.11 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::20c:29ff:feca:8ca2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ca:8c:a2 txqueuelen 1000 (Ethernet)
RX packets 257 bytes 24070 (23.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 192 bytes 27358 (26.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:50:56:22:6f:2a txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 59 bytes 9494 (9.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#添加ip地址
[root@repo-client ~]# ifconfig eth1 172.16.0.11 netmask 255.255.0.0
[root@repo-client ~]# ifconfig eth1
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.0.11 netmask 255.255.0.0 broadcast 172.16.255.255
ether 00:50:56:22:6f:2a txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 59 bytes 9494 (9.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#清除eth1上的ip地址
[root@repo-client ~]# ifconfig eth1 0.0.0.0
[root@repo-client ~]# ifconfig eth1
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:50:56:22:6f:2a txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 59 bytes 9494 (9.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#禁用eth1
[root@repo-client ~]# ifconfig eth1 172.16.0.11/16
[root@repo-client ~]# ifconfig eth1
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ##UP状态
inet 172.16.0.11 netmask 255.255.0.0 broadcast 172.16.255.255
ether 00:50:56:22:6f:2a txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 59 bytes 9494 (9.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@repo-client ~]# ifconfig eth1 down
[root@repo-client ~]# ifconfig eth1
eth1: flags=4098<BROADCAST,MULTICAST> mtu 1500 #禁用,无UP
inet 172.16.0.11 netmask 255.255.0.0 broadcast 172.16.255.255
ether 00:50:56:22:6f:2a txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 59 bytes 9494 (9.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#启用
[root@repo-client ~]# ifconfig eth1 up
[root@repo-client ~]# ifconfig eth1
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.0.11 netmask 255.255.0.0 broadcast 172.16.255.255
ether 00:50:56:22:6f:2a txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 59 bytes 9494 (9.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#对一个网卡设置多个IP地址
[root@repo-client ~]# ifconfig eth1:1 192.168.0.11/24
[root@repo-client ~]# ifconfig eth1:1
eth1:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.11 netmask 255.255.255.0 broadcast 192.168.0.255
ether 00:50:56:22:6f:2a txqueuelen 1000 (Ethernet)
[root@repo-client ~]# ifconfig eth1:aaa 192.168.0.111/24 #可以用字符,一般用数字表示
[root@repo-client ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.11 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::20c:29ff:feca:8ca2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ca:8c:a2 txqueuelen 1000 (Ethernet)
RX packets 1054 bytes 90065 (87.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 649 bytes 73792 (72.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.0.11 netmask 255.255.0.0 broadcast 172.16.255.255
ether 00:50:56:22:6f:2a txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 59 bytes 9494 (9.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.11 netmask 255.255.255.0 broadcast 192.168.0.255
ether 00:50:56:22:6f:2a txqueuelen 1000 (Ethernet)
eth1:aaa: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.111 netmask 255.255.255.0 broadcast 192.168.0.255
ether 00:50:56:22:6f:2a txqueuelen 1000 (Ethernet)
[root@repo-client ~]# ifconfig eth1:aaa down
[root@repo-client ~]# ifconfig eth1:1 down
范例:
#统计当前网卡的流量
[root@repo-client ~]# ifconfig -s
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 1255 0 0 0 766 0 0 0 BMRU
eth1 1500 0 0 0 0 59 0 0 0 BMRU
lo 65536 0 0 0 0 0 0 0 0 LRU
#监控当前网卡流量的变化(每秒)
[root@repo-client ~]# watch -n1 ifconfig -s
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 1331 0 0 0 818 0 0 0 BMRU
eth1 1500 0 0 0 0 59 0 0 0 BMRU
lo 65536 0 0 0 0 0 0 0 0 LRU
2.3 ip命令
来自于iproute包,可用于代替ifconfig
2.3.1 配置Linux网络属性
ip命令格式:
ip [ OPTIONS ] OBJECT { COMMAND | help }ip 命令说明:
OBJECT := { link | addr | route }
ip link - network device configuration
ip link set [dev IFACE] [up|down] #可设置属性,激活或禁用指定接口,相当于 ifup/ifdown
ip link show [dev IFACE] [up] #指定接口,up仅显示处于激活状态的接口ip 地址管理:
ip addr { add | del } IFADDR dev STRING [label LABEL] [scope {global|link|host}]
[broadcast ADDRESS]
[label LABEL] #添加地址时指明网卡别名
[scope {global|link|host}] #指明作用域,global全局可用;link仅链接可用;host本机可用
[broadcast ADDRESS] #指明广播地址
ip address show #同 ip a
ip addr flush #清除网络地址范例:
#禁用网卡
[root@repo-client ~]# ip link set eth1 down
[root@repo-client ~]# ip a |grep eth1
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
inet 172.16.0.11/16 brd 172.16.255.255 scope global eth1
#网卡改名并启用
[root@repo-client ~]# ip link set eth1 up
[root@repo-client ~]# ip link set eth1 name wangnet #网卡使用时不能改名
RTNETLINK answers: Device or resource busy
[root@repo-client ~]# ip link set eth1 down
[root@repo-client ~]# ip link set eth1 name wangnet #eth1 down后,就能修改名字了
[root@repo-client ~]# ip link set eth1 up
Cannot find device "eth1"
[root@repo-client ~]# ip link set wangnet up #使用修改后的名字
[root@repo-client ~]# ip a |grep wangnet
3: wangnet: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 172.16.0.11/16 brd 172.16.255.255 scope global wangnet
#网卡别名
#添加网卡别名
[root@repo-client ~]# ip addr add 172.16.100.100/16 dev eth0 label eth0:0
[root@repo-client ~]# ip a |grep eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.100.11/24 brd 192.168.100.255 scope global noprefixroute eth0
inet 172.16.100.100/16 scope global eth0:0
#删除网卡别名
[root@repo-client ~]# ip addr del 172.16.100.100/16
Not enough information: "dev" argument is required.
[root@repo-client ~]# ip addr del 172.16.100.100/16 dev eth0
[root@repo-client ~]# ip a |grep eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.100.11/24 brd 192.168.100.255 scope global noprefixroute eth0
[root@repo-client ~]#
#清除网络地址
[root@repo-client ~]# ip a|grep wangnet
3: wangnet: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 172.16.0.11/16 brd 172.16.255.255 scope global wangnet
[root@repo-client ~]# ip a flush dev wangnet
[root@repo-client ~]# ip a|grep wangnet
3: wangnet: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
[root@repo-client ~]#
ip route:
常用选项:
ip route { list | flush } SELECTOR
ip route { add | del | change | append | replace } ROUTE
ip route add TARGET via GW dev IFACE src SOURCE_IP
TARGET:主机路由:IP网络路由:NETWORK/MASK
范例:
#添加ip地址
[root@repo-client ~]# ip a a 172.16.0.11/16 dev wangnet
[root@repo-client ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:ca:8c:a2 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.11/24 brd 192.168.100.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
3: wangnet: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:22:6f:2a brd ff:ff:ff:ff:ff:ff
inet 172.16.0.11/16 scope global wangnet
valid_lft forever preferred_lft forever
#查看路由
[root@repo-client ~]# ip route
default via 192.168.100.2 dev eth0 proto static metric 100
172.16.0.0/16 dev wangnet proto kernel scope link src 172.16.0.11
192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.11 metric 100
#增加一条路由
[root@repo-client ~]# ip route add default via 172.16.0.1 dev wangnet
[root@repo-client ~]# ip route
default via 172.16.0.1 dev wangnet
default via 192.168.100.2 dev eth0 proto static metric 100
172.16.0.0/16 dev wangnet proto kernel scope link src 172.16.0.11
192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.11 metric 100
[root@repo-client ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.16.0.1 0.0.0.0 UG 0 0 0 wangnet
0.0.0.0 192.168.100.2 0.0.0.0 UG 100 0 0 eth0
172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wangnet
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
#删除路由
[root@repo-client ~]# ip route del default via 172.16.0.1
[root@repo-client ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.100.2 0.0.0.0 UG 100 0 0 eth0
172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wangnet
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@repo-client ~]# ip route show
default via 192.168.100.2 dev eth0 proto static metric 100
172.16.0.0/16 dev wangnet proto kernel scope link src 172.16.0.11
192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.11 metric 100
#清空wangnet的路由表
[root@repo-client ~]# ip route flush dev wangnet
[root@repo-client ~]# ip route show
default via 192.168.100.2 dev eth0 proto static metric 100
192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.11 metric 100
[root@repo-client ~]#
#添加路由
[root@repo-client ~]# ip route add 1.1.1.0/24 via 172.16.0.11 dev wangnet proto static metric 100
[root@repo-client ~]# ip route show
default via 192.168.100.2 dev eth0 proto static metric 100
1.1.1.0/24 via 172.16.0.11 dev wangnet proto static metric 100
192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.11 metric 100
[root@repo-client ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.100.2 0.0.0.0 UG 100 0 0 eth0
1.1.1.0 172.16.0.11 255.255.255.0 UG 100 0 0 wangnet
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@repo-client ~]# ip route del 1.1.1.0/24
[root@repo-client ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.100.2 0.0.0.0 UG 100 0 0 eth0
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@repo-client ~]# ip route show
default via 192.168.100.2 dev eth0 proto static metric 100
192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.11 metric 100
[root@repo-client ~]#
2.4 网络配置文件
2.4.1 网络基本配置文件
IP、MASK、GW、DNS相关的配置文件路径:
/etc/sysconfig/network-scripts/ifcfg-IFACE说明参考:
/usr/share/doc/initcripts-*/sysconfig.txt常用配置:
| 设置 | 说明 |
|---|---|
| ***TYPE | 接口类型常见有的Ethernet, Bridge |
| ***NAME | 此配置文件应用到的设备,nmcli c中显示的name名称 |
| ***DEVICE | 设备名 |
| HWADDR | 对应的设备的MAC地址 |
| UUID | 设备的惟一标识 |
| ***BOOTPROTO | 激活此设备时使用的地址配置协议,常用的dhcp, static, none, bootp |
| ***IPADDR | 指明IP地址 |
| ***NETMASK | 子网掩码,如:255.255.255.0 |
| ***PREFIX | 网络ID的位数, 如:24 |
| ***GATEWAY | 默认网关 |
| ***DNS1 | 第一个DNS服务器地址 |
| DNS2 | 第二个DNS服务器地址 |
| DOMAIN | 主机不完整时,自动搜索的域名后缀 |
| ***ONBOOT | 在系统引导时是否激活此设备 |
| USERCTL | 普通用户是否可控制此设备 |
| PEERDNS | 如果BOOTPROTO的值为“dhcp”,YES将允许dhcp server分配的<br>dns服务器信息直接覆盖至/etc/resolv.conf文件,NO不允许修改resolv.conf |
| NM_CONTROLLED | NM是NetworkManager的简写,此网卡是否接受NM控制 |
2.4.2 配置当前主机的主机名
#centos6系统之前版本
/etc/sysconfig/network
HOSTNAME=
#centos7系统以后版本
/etc/hostname
HOSTNAME
hostnamectl set-hostname centos7.magedu.com #直接修改主机名并生效2.4.3 本地主机名数据库和IP地址的映射
优先于使用DNS前检查
getent hosts #查看/etc/hosts 内容
[root@repo-client ~]# getent hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
127.0.0.1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.12 repo-server
172.16.100.11 moban
172.16.100.21 lb01
172.16.100.22 lb02
172.16.100.31 web01
172.16.100.32 web02
172.16.100.33 web03
172.16.100.41 db01 db01.etiantian.org
172.16.100.51 backup
172.16.100.61 nfs01
172.16.100.10 m01
2.4.4 DNS域名解析
/etc/resolv.conf
nameserver DNS_SERVER_IP1
nameserver DNS_SERVER_IP2
nameserver DNS_SERVER_IP3
search DOMAIN
[root@repo-client ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.100.2
2.4.5 修改 /etc/hosts和DNS的优先级
[root@repo-client ~]# cat /etc/nsswitch.conf |grep host
#hosts: db files nisplus nis dns
hosts: files dns myhostname
2.4.6 路由相关的配置文件
/etc/sysconfig/network-scripts/route-IFACE #需手动创建这个文件,配置好后,重启能保存
#两种风格:
1) TARGET via GW
10.0.0.0/8 via 172.16.0.1
2) 每三行定义一条路由,比较繁琐,建议使用第一种
ADDRESS#=TARGET
NETMASK#=mask
GATEWAY#=GW2.5 网卡别名
将多个IP地址绑定到一个NIC上
每个IP绑定到独立逻辑网卡,即网络别名,命名格式: ethX:Y,如:eth0:1 、eth0:2、eth0:3
范例:ifconfig命令
ifconfig eth0:0 192.168.1.100/24 up
ifconfig eth0:0 down
[root@repo-client ~]# ifconfig|grep eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
[root@repo-client ~]# ifconfig eth0:0 176.16.100.11/16
[root@repo-client ~]# ifconfig|grep eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
[root@repo-client ~]# ifconfig eth0:0 down
[root@repo-client ~]# ifconfig|grep eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
范例:ip 命令
ip addr add 172.16.1.1/16 dev eth0
ip addr add 172.16.1.2/16 dev eth0 label eth0:0
ip addr del 172.16.1.2/16 dev eth0 label eth0:0
ip addr flush dev eth0 label eth0:0
[root@repo-client ~]# ip addr add 172.16.1.100/16 dev eth0 label eth0:0
[root@repo-client ~]# ifconfig|grep eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
[root@repo-client ~]# ip a|grep eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.100.11/24 brd 192.168.100.255 scope global noprefixroute eth0
inet 172.16.1.100/16 scope global eth0:0
[root@repo-client ~]# ip addr del 172.16.1.100/16
Not enough information: "dev" argument is required.
[root@repo-client ~]# ip addr del 172.16.1.100/16 dev eth0
[root@repo-client ~]# ip a|grep eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.100.11/24 brd 192.168.100.255 scope global noprefixroute eth0
[root@repo-client ~]# ip addr flush dev eth0 #清除eth0的ip地址
注:ip和ifconfig都是临时生效,重启后无法保存配置。
为每个设备别名生成独立的接口配置文件,格式为:ifcfg-ethX:xxx,保存后,重启也不丢失。
范例:配置eth0:1网卡别名的格式文件,别名中的IP地址只能是静态IP地址,不能使用DHCP服务器分配。
#配置文件
[root@repo-client ~]# cd /etc/sysconfig/network-scripts/
[root@repo-client network-scripts]# cat ifcfg-eth0:1
DEVICE=eth0:1
IPADDR=172.16.100.11
PREFIX=16
[root@repo-client network-scripts]# ls
ifcfg-eth0 ifcfg-eth0:1
#配置后不会立即生效
[root@repo-client network-scripts]# ip a|grep eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.100.11/24 brd 192.168.100.255 scope global noprefixroute eth0
#需要重新挂载eth0,才能生效
[root@repo-client network-scripts]# nmcli c reload
[root@repo-client network-scripts]# nmcli c up eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
[root@repo-client network-scripts]# ip a|grep eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.100.11/24 brd 192.168.100.255 scope global noprefixroute eth0
inet 172.16.100.11/16 brd 172.16.255.255 scope global noprefixroute eth0:1
注意:
- 建议 CentOS 6 关闭 NetworkManager 服务
- 网卡别名必须使用静态地址
3、使用配置文件实现bonding
3.1 多网卡 bonding
将多块网卡绑定同一IP地址对外提供服务,可以实现高可用或者负载均衡。直接给两块网卡设置同一IP地址是不可以的。通过 bonding,虚拟一块网卡对外提供连接,物理网卡的被修改为相同的MAC地址。
3.1.1 Bonding 工作模式
==Bonding共7种模式:0-6 Mode==
- Mode 0 (balance-rr): 轮询(Round-robin)策略,从头到尾顺序的在每一个slave接口上面发送数据包。本模式提供负载均衡和容错的能力
- Mode 1 (active-backup): 活动-备份(主备)策略,只有一个slave被激活,当且仅当活动的slave接口失败时才会激活其他slave.为了避免交换机发生混乱此时绑定的MAC地址只有一个外部端口上可见。
- Mode 3 (broadcast):广播策略,在所有的slave接口上传送所有的报文,提供容错能力。
说明:
active-backup、balance-tlb 和 balance-alb 模式不需要交换机的任何特殊配置。
其他绑定模式需要配置交换机以便整合链接。如:Cisco 交换机需要在模式 0、2 和 3 中使用 EtherChannel,但在模式4中需要 LACP和 EtherChannel。
3.1.2 创建bonding设备的配置文件
/etc/sysconfig/network-scripts/ifcfg-bond0
TYPE=bond
DEVICE=bond0
BOOTPROTO=none
IPADDR=10.0.0.100
PREFIX=8
#miimon指定链路监测时间间隔。如果miimon=100,那么系统每100ms 监测一次链路连接状态,如果有一条线路不通就转入另一条线路
BONDING_OPTS="mode=1 miimon=100"
查看bond0状态:
/proc/net/bonding/bond03.2 实例:bond mode=1模式
1、配置bond和其他两块网卡
[root@centos8 network-scripts]# cat ifcfg-bond0 ifcfg-ens33 ifcfg-ens37
TYPE=bond
DEVICE=bond0
BOOTPROTO=none
IPADDR=192.168.100.222
PREFIX=24
BONDING_OPTS="mode=1 miimon=100"
DEVICE=ens33
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
ONBOOT=yes
DEVICE=ens37
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
ONBOOT=yes
[root@centos8 network-scripts]# reboot
2、重启后,重新连接
[root@centos8 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
link/ether 00:0c:29:f9:bb:44 brd ff:ff:ff:ff:ff:ff
3: ens37: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
link/ether 00:0c:29:f9:bb:44 brd ff:ff:ff:ff:ff:ff
4: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0c:29:f9:bb:44 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.222/24 brd 192.168.100.255 scope global noprefixroute bond0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef9:bb44/64 scope link
valid_lft forever preferred_lft forever
[root@centos8 ~]# nmcli c
NAME UUID TYPE DEVICE
Bond bond0 ad33d8b0-1f7b-cab9-9447-ba07f855b143 bond bond0
System ens33 c96bc909-188e-ec64-3a96-6a90982b08ad ethernet ens33
System ens37 4a5516a4-dfa4-24af-b1c4-e843e312e2fd ethernet ens37
3、查看bond0状态
[root@centos8 ~]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: ens33 #当前使用ens33
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0
Slave Interface: ens33
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:f9:bb:44
Slave queue ID: 0
Slave Interface: ens37
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:f9:bb:4e
Slave queue ID: 0
#查看使用的mac地址
[root@centos7 ~]# ping 192.168.100.222
PING 192.168.100.222 (192.168.100.222) 56(84) bytes of data.
64 bytes from 192.168.100.222: icmp_seq=1 ttl=64 time=0.321 ms
64 bytes from 192.168.100.222: icmp_seq=2 ttl=64 time=0.610 ms
64 bytes from 192.168.100.222: icmp_seq=3 ttl=64 time=0.371 ms
64 bytes from 192.168.100.222: icmp_seq=4 ttl=64 time=0.454 ms
64 bytes from 192.168.100.222: icmp_seq=5 ttl=64 time=1.29 ms
[root@centos7 ~]# arp -n
Address HWtype HWaddress Flags Mask Iface
192.168.100.222 ether 00:0c:29:f9:bb:44 C eth0
4、拔掉ens33网线
[root@centos8 ~]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: ens37 #使用第二块网卡
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0
Slave Interface: ens33 #ens33网卡down
MII Status: down
Speed: Unknown
Duplex: Unknown
Link Failure Count: 1
Permanent HW addr: 00:0c:29:f9:bb:44
Slave queue ID: 0
Slave Interface: ens37
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:f9:bb:4e
Slave queue ID: 0
#查看网卡的状态,ethtool命令或mii-tool命令
[root@centos8 ~]# ethtool ens33
Settings for ens33:
Link detected: no
[root@centos8 ~]# ethtool ens37
Settings for ens37:
Link detected: yes
实例:mode=3模式
1、修改mode=3,即broadcast广播模式
[root@centos8 network-scripts]# cat ifcfg-bond0
TYPE=bond
DEVICE=bond0
BOOTPROTO=none
IPADDR=192.168.100.222
PREFIX=24
BONDING_OPTS="mode=3 miimon=100"
#查看bond
[root@centos8 ~]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: fault-tolerance (broadcast)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0
Slave Interface: ens33
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:f9:bb:44
Slave queue ID: 0
Slave Interface: ens37
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:f9:bb:4e
Slave queue ID: 0
[root@centos8 ~]#
2、测试,DUP,会收到2个一样的答复。好处是容错能力强。
这两块网卡同时工作,提供一模一样的数据
[root@repo-client ~]# ping 192.168.100.222
PING 192.168.100.222 (192.168.100.222) 56(84) bytes of data.
64 bytes from 192.168.100.222: icmp_seq=1 ttl=64 time=0.524 ms
64 bytes from 192.168.100.222: icmp_seq=1 ttl=64 time=0.637 ms (DUP!)
64 bytes from 192.168.100.222: icmp_seq=2 ttl=64 time=0.431 ms
64 bytes from 192.168.100.222: icmp_seq=2 ttl=64 time=0.447 ms (DUP!)
64 bytes from 192.168.100.222: icmp_seq=3 ttl=64 time=0.307 ms
64 bytes from 192.168.100.222: icmp_seq=3 ttl=64 time=0.324 ms (DUP!)
实例:删除bond0
1)卸载bond0
ifconfig bond0 down
rmmod bonding #同modprobe -r bonding
2)删除ifcfg-bond0配置文件
3)恢复eth0和eth1等的配置文件
4)重启网络服务
centos6:service network restart
centos7以上:nmcli c reload
nmcli c up eth0 eth14、使用nmcli实现bonding
4.1 nmcli命令
nmcli命令相关术语
- 设备即网络接口
- 连接是对网络接口的配置,一个网络接口可有多个连接配置,但同时只有一个连接配置生效
格式:
nmcli [ OPTIONS ] OBJECT { COMMAND | help }
device - show and manage network interfaces
nmcli device help
connection - start, stop, and manage network connections
nmcli connection help修改IP地址等属性
nmcli connection modify IFACE [+|-]setting.property value
setting.property: ipv4.addresses ipv4.gateway ipv4.dns1 ipv4.method manual |auto修改配置文件执行生效
nmcli con reload
nmcli con up con-namenmcli命令对应ifcfg-*文件
| nmcli con mod | ifcfg**-*** 文件 |
|---|---|
| ipv4.method manual | BOOTPROTO=none |
| ipv4.method auto | BOOTPROTO=dhcp |
| ipv4.addresses 192.168.2.1/24 | IPADDR=192.168.2.1 PREFIX=24 |
| ipv4.gateway 172.16.0.200 | GATEWAY=172.16.0.200 |
| ipv4.dns 8.8.8.8 | DNS0=8.8.8.8 |
| ipv4.dns-search example.com | DOMAIN=example.com |
| ipv4.ignore-auto-dns true | PEERDNS=no |
| connection.autoconnect yes | ONBOOT=yes |
| connection.id eth0 | NAME=eth0 |
| connection.interface-name eth0 | DEVICE=eth0 |
| 802-3-ethernet.mac-address . . . | HWADDR= . . . |
范例:
#查看帮助
nmcli con add help
#使用nmcli配置网络
nmcli con show
#显示所有活动连接
nmcli con show --active
[root@centos7 ~]# nmcli c show
NAME UUID TYPE DEVICE
ens33 a91ee66a-f9e5-49f3-9be2-ec3d509b0e69 ethernet ens33
ens37 4a5516a4-dfa4-24af-b1c4-e843e312e2fd ethernet ens37
[root@centos7 ~]# nmcli c down ens37 #down掉ens37
Connection 'ens37' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
[root@centos7 ~]# nmcli c
NAME UUID TYPE DEVICE
ens33 a91ee66a-f9e5-49f3-9be2-ec3d509b0e69 ethernet ens33
ens37 4a5516a4-dfa4-24af-b1c4-e843e312e2fd ethernet --
[root@centos7 ~]# nmcli c show --active #只显示活动的网卡
NAME UUID TYPE DEVICE
ens33 a91ee66a-f9e5-49f3-9be2-ec3d509b0e69 ethernet ens33
#显示网络连接配置的详细信息
nmcli con show eth0
#显示设备状态
nmcli dev status
[root@centos7 ~]# nmcli dev
DEVICE TYPE STATE CONNECTION
ens33 ethernet connected ens33
ens37 ethernet disconnected --
lo loopback unmanaged --
[root@centos7 ~]# nmcli dev status
DEVICE TYPE STATE CONNECTION
ens33 ethernet connected ens33
ens37 ethernet disconnected --
lo loopback unmanaged --
#显示网络接口属性
nmcli dev show eth0
[root@centos7 ~]# nmcli dev show ens33
GENERAL.DEVICE: ens33
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:21:F8:76
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: ens33
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/1
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 192.168.209.11/24
IP4.GATEWAY: 192.168.209.2
IP4.ROUTE[1]: dst = 192.168.209.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 192.168.209.2, mt = 100
IP4.DNS[1]: 192.168.209.2
IP6.ADDRESS[1]: fe80::9ed9:d4db:e410:64dd/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 100
IP6.ROUTE[2]: dst = ff00::/8, nh = ::, mt = 256, table=255
[root@centos7 ~]#
#创建新连接default,IP自动通过dhcp获取
nmcli con add con-name default type Ethernet ifname eth0
#删除指定的连接
nmcli con del default
[root@centos7 ~]# nmcli c del ens37
Connection 'ens37' (4a5516a4-dfa4-24af-b1c4-e843e312e2fd) successfully deleted.
[root@centos7 ~]# nmcli c
NAME UUID TYPE DEVICE
ens33 a91ee66a-f9e5-49f3-9be2-ec3d509b0e69 ethernet ens33
[root@centos7 ~]# ll /etc/sysconfig/network-scripts/ifcfg-
ifcfg-ens33 ifcfg-lo ##ens37的配置文件也没有了
#创建新连接static ,指定静态IP,不自动连接
nmcti con add con-name static ifname eth0 autoconnect no type Ethernet
ipv4.addresses 172.25.X.10/24 ipv4.gateway 172.25.X.254
#启用static连接配置
nmcli con up static
#启用default连接配置
nmcli con up default
#修改连接设置
nmcli con mod “static” connection.autoconnect no
nmcli con mod “static” ipv4.dns 172.25.X.254
nmcli con mod “static” +ipv4.dns 8.8.8.8
nmcli con mod “static” -ipv4.dns 8.8.8.8
nmcli con mod “static” ipv4.addresses “172.16.X.10/24 172.16.X.254”
nmcli con mod “static” +ipv4.addresses 10.10.10.10/16
#DNS设置存放在/etc/resolv.conf,PEERDNS=no 表示当IP通过dhcp自动获取时,dns仍是手动设置,
不自动获取等价于下面命令
nmcli con mod “system eth0” ipv4.ignore-auto-dns yes4.2 nmcli实现bonding
常用命令:
#添加bonding接口
nmcli con add type bond con-name mybond0 ifname bond0 mode active-backup
#添加从属接口
nmcli con add type bond-slave ifname ens7 master bond0
nmcli con add type bond-slave ifname ens3 master bond0
#注:如无为从属接口提供连接名,则该名称是接口名称加类型构成
#要启动绑定,则必须首先启动从属接口
nmcli con up bond-slave-eth0
nmcli con up bond-slave-eth1
#启动绑定
nmcli con up mybond0实例:使用nmcli实现bonding
#1)初始化两块网卡及原ip地址信息
[root@centos7 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:21:f8:76 brd ff:ff:ff:ff:ff:ff
inet 192.168.209.11/24 brd 192.168.209.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::9ed9:d4db:e410:64dd/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:21:f8:80 brd ff:ff:ff:ff:ff:ff
[root@centos7 network-scripts]# nmcli c
NAME UUID TYPE DEVICE
ens33 a91ee66a-f9e5-49f3-9be2-ec3d509b0e69 ethernet ens33
#2)添加bond0接口,bond模式为mode1(active-backup)
[root@centos7 network-scripts]# nmcli con add type bond con-name mybond0 ifname bond0 mode active-backup
Connection 'mybond0' (0240cad5-db79-4832-96f1-398cf3a9633c) successfully added.
[root@centos7 network-scripts]# ls ifcfg*
ifcfg-ens33 ifcfg-lo ifcfg-mybond0
#3)添加ens33和ens37为bond0的从属接口
[root@centos7 network-scripts]# nmcli con add type bond-slave ifname ens37 master bond0
Connection 'bond-slave-ens37' (60e13f31-5f0d-45b5-93ac-18a1e24ec175) successfully added.
[root@centos7 network-scripts]# nmcli con add type bond-slave ifname ens33 master bond0
Connection 'bond-slave-ens33' (069c01fc-d7cb-44a9-8ea7-5ae3a5e14d69) successfully added.
[root@centos7 network-scripts]# nmcli c
NAME UUID TYPE DEVICE
mybond0 0240cad5-db79-4832-96f1-398cf3a9633c bond bond0
ens33 a91ee66a-f9e5-49f3-9be2-ec3d509b0e69 ethernet ens33
bond-slave-ens37 60e13f31-5f0d-45b5-93ac-18a1e24ec175 ethernet ens37
bond-slave-ens33 069c01fc-d7cb-44a9-8ea7-5ae3a5e14d69 ethernet --
#4)启用从属接口
[root@centos7 network-scripts]# nmcli con up bond-slave-ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/11)
[root@centos7 network-scripts]# nmcli con up bond-slave-ens37
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/15)
[root@centos7 network-scripts]# ip a
6: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0c:29:21:f8:80 brd ff:ff:ff:ff:ff:ff
inet6 fe80::6147:711:da31:1859/64 scope link noprefixroute
valid_lft forever preferred_lft forever
#5)bond0设置ip地址等信息
[root@centos7 network-scripts]# nmcli con mod mybond0 ipv4.addresses 192.168.209.12/24 ipv4.gateway 192.168.209.2 ipv4.dns 223.6.6.6 ipv4.method manual
[root@centos7 network-scripts]# cat ifcfg-mybond0
BONDING_OPTS=mode=active-backup
TYPE=Bond
BONDING_MASTER=yes
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=mybond0
UUID=0240cad5-db79-4832-96f1-398cf3a9633c
DEVICE=bond0
ONBOOT=yes
IPADDR=192.168.209.12
PREFIX=24
GATEWAY=192.168.209.2
DNS1=223.6.6.6
[root@centos7 network-scripts]# nmcli c
NAME UUID TYPE DEVICE
ens33 a91ee66a-f9e5-49f3-9be2-ec3d509b0e69 ethernet ens33
mybond0 0240cad5-db79-4832-96f1-398cf3a9633c bond bond0
bond-slave-ens37 60e13f31-5f0d-45b5-93ac-18a1e24ec175 ethernet ens37
bond-slave-ens33 069c01fc-d7cb-44a9-8ea7-5ae3a5e14d69 ethernet --
#6)启用bond-slave-ens33,并删除ens33接口
[root@centos7 network-scripts]# nmcli c up bond-slave-ens33
[root@centos7 ~]# nmcli c del ens33
[root@centos7 ~]# nmcli c
NAME UUID TYPE DEVICE
mybond0 0240cad5-db79-4832-96f1-398cf3a9633c bond bond0
bond-slave-ens33 069c01fc-d7cb-44a9-8ea7-5ae3a5e14d69 ethernet ens33
bond-slave-ens37 60e13f31-5f0d-45b5-93ac-18a1e24ec175 ethernet ens37
[root@centos7 ~]# reboot
[root@centos7 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP group default qlen 1000
link/ether 00:0c:29:21:f8:76 brd ff:ff:ff:ff:ff:ff
3: ens37: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master bond0 state UP group default qlen 1000
link/ether 00:0c:29:21:f8:76 brd ff:ff:ff:ff:ff:ff
4: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0c:29:21:f8:76 brd ff:ff:ff:ff:ff:ff
inet 192.168.209.12/24 brd 192.168.209.255 scope global noprefixroute bond0
valid_lft forever preferred_lft forever
inet6 fe80::6147:711:da31:1859/64 scope link noprefixroute
valid_lft forever preferred_lft forever
#7)查看bond0状态,首选是ens33网卡,ens37备用
[root@centos7 ~]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: ens33
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Slave Interface: ens33
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:21:f8:76
Slave queue ID: 0
Slave Interface: ens37
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:21:f8:80
Slave queue ID: 0
#8)测试,断掉ens33网卡,就使用第二块网卡
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: ens37 #使用第二块网卡
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0
Slave Interface: ens33 #ens33网卡down
MII Status: down
Speed: Unknown
Duplex: Unknown
Link Failure Count: 1
Permanent HW addr: 00:0c:29:f9:bb:44
Slave queue ID: 0
Slave Interface: ens37
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:f9:bb:4e
Slave queue ID: 0