2. it
  3. vmwaer虚拟网桥实现

vmwaer虚拟网桥实现

mac2022-06-30  25

    1.什么是网桥

    2.brctl临时实现虚拟网桥介绍

    3.nmcli永久实现虚拟网桥介绍

网桥(network bridge)

    负责网络桥接,负责将网络中的多个网段,在数据链路层(osi参考模型第二层)连接起来(即桥接),用来分隔冲突域的设备。

实验环境

OSNetworkNameIProuteDevCentos8NAT10.0.0.8route add -net 10.0.0.0 netmask 255.0.0.0 dev ens160(ens160)Centos7NAT(ens33) Birdge)192.168.146.135默认即可(ens33 ens37)Centos6Birdge(eth0)10.0.0.6route add -net 10.0.0.0 netmask 255.0.0.0(eth0)

实验说明: 现在8和6上分别取消原有ip地址和网络配置,设置新的通信ip地址,实现同网段ip在不同网段通信,注:因为ip本来就在同一网段,如果使用配置路由表的方法配置,打开核心转发后,容易造成广播回环,仅在当前网段寻找,不会通过路由查找,因为ip地址在同一网段。

(一)临时brctl实现虚拟网桥搭建

配置Centos8网络环境

[Centos8@localhost ~]# ifconfig ens160 10.0.0.8 netmask 255.255.255.0 [Centos8@localhost ~]#route -n 查看到达10.0.0.0网段路由是否存在,不在添加下面的命令 [Centos8@localhost ~]#route add -net 10.0.0.0 netmask 255.0.0.0 dev ens160

配置Centos6网络环境

[Centos6@localhost ~]# ifconfig eth0 10.0.0.6 netmask 255.255.255.0 #route -n 查看到达10.0.0.0网段路由是否存在,不在添加下面的命令 #route add -net 10.0.0.0 netmask 255.0.0.0 dev eth0

配置网桥设置

清空原ip地址配置 [Centos7@localhost ~]# ifconfig ens33 0.0.0.0 [Centos7@localhost ~]# ifconfig ens37 0.0.0.0 检查bridge-utils包是否存在 [Centos7@localhost ~]# rpm -q bridge-utils bridge-utils-1.5-9.el7.x86_64 存在继续下面否则yum安装bridge-utils包 [Centos7@localhost ~]# yum install bridge-utils [Centos7@localhost ~]# brctl addr|delbr mybr0 #添加网桥 [Centos7@localhost ~]# brctl addif|delif mybr0 ens33 #添加网卡 [Centos7@localhost ~]# brctl addif|delif mybr0 ens37 #添加网卡 [Centos7@localhost ~]# brctl stp mybr0 on|off #是否开启不影响当前实验,建议开启 [Centos7@localhost ~]# brctl show #查看网桥配置 [Centos7@localhost ~]# ifconfig mybr0 up #一定记得开启网卡,默认是down [Centos7@localhost ~]# ifconfig mybr0 192.168.146.124 #连接可以和物理主机交互的IP实现ssh管理

测试

[Centos7@localhost ~]# ip show mybr0 mybr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether 00:0c:29:fe:5d:93 brd ff:ff:ff:ff:ff:ff inet 192.168.146.135/24 brd 192.168.146.255 scope global mybr0 inet6 fe80::20c:29ff:fefe:5d93/64 scope link valid_lft forever preferred_lft forever tcpdump抓包测试 [root@CentOS6 hjq]# tcpdump -i eth1 -nn icmp 09:40:44.145479 IP 10.0.0.7 > 10.0.0.8: ICMP echo request, id 35236, seq 6, length 64 09:40:44.145765 IP 10.0.0.8> 10.0.0.7: ICMP echo reply, id 35236, seq 6, length 64 09:40:45.145778 IP 10.0.0.7 > 10.0.0.8: ICMP echo request, id 35236, seq 7, length 64 09:40:45.145949 IP 10.0.0.8 > 10.0.0.7: ICMP echo reply, id 35236, seq 7, length 64 09:40:46.147141 IP 10.0.0.7 > 10.0.0.8: ICMP echo request, id 35236, seq 8, length 64 09:40:46.147454 IP 10.0.0.8 > 10.0.0.7: ICMP echo reply, id 35236, seq 8, length 64

注: 因为交换机闭环连接后容易造成网络风暴,为了避免。所以有了stp生成树协议;由交换机管控,在逻辑上断开某一端口,避免风暴产生,如有线路断开,再自动启用,避免网络故障。 Centos6和Centos7需要安装bridge-utils工具包;(Centos8取消该包了)

nmcli实现永久虚拟网桥实现

配置Centos8网络环境

[Centos8@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160 TYPE=Ethernet BOOTPROTO=static IPADDR=10.0.0.8 GATEWAY=255.255.255.0 DNS1=114.114.114.114 NAME=ens160 ONBOOT=yes [Centos8@localhost ~]# nmcli c reload #重新读取网络配置文件 [Centos8@localhost ~]# route -n 查看到达10.0.0.0网段路由是否存在,不在添加下面的命令 [Centos8@localhost ~]# route add -net 10.0.0.0 netmask 255.0.0.0 dev ens160

Centos8经测试重启网卡命令不再延续7的systemctl restart network.service,而是采用nmcli connection reload (connection简写为c)

配置Centos6网络环境

[Centos6@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE=Ethernet BOOTPROTO=static IPADDR=10.0.0.7 GATEWAY=255.255.255.0 DNS1=114.114.114.114 NAME=eth0 ONBOOT=yes [Centos6@localhost ~]# service network.service restart [Centos6@localhost ~]# route -n 查看到达10.0.0.0网段路由是否存在,不在添加下面的命令 [Centos6@localhost ~]# route add -net 10.0.0.0 netmask 255.0.0.0 dev eth0

配置网桥设置

清空原ip地址配置 [Centos7@localhost ~]# ifconfig ens33 0.0.0.0 [Centos7@localhost ~]# ifconfig ens37 0.0.0.0

2、先删除开始添加的临时mybr0

[Centos7@localhost ~]# ipconfig mybr0 downm #关闭时需要先关闭网卡,才可以删除brctl的网桥配置 [Centos7@localhost ~]# brctl delbr mybr0 #或重启host

3、添加nmcli配置设置

[Centos7@localhost ~]# mcli c add type birdge con-name mybr1 ifname mybr1 #添加网桥设备 [Centos7@localhost ~]# nmcli c modify mybr1 ipv4.addressese 192.168.146.135/24 ipv4.method manual 添加IP地址 [Centos7@localhost ~]# nmcli c add type birdge-slave con-name mybr1-port0 ifname ens33 master mybr1 添加网卡 [Centos7@localhost ~]# nmcli c add type birdge-slave con-name mybr1-port1 ifname ens37 master mybr1 添加网卡 依次从到主启动该网桥设备 [Centos7@localhost ~]# nmcli c up mybr1-port0 [Centos7@localhost ~]# nmcli c up mybr1-port1 [Centos7@localhost ~]# nmcli c up mybr1

测试

查看配置状态 [root@centos7 ~]# nmcli c show #至此处配置成功 NAME UUID TYPE DEVICE mybr1 94a01525-a591-4139-be84-82475befc01a bridge mybr1 mybr1-port0 fead9cf4-7265-4ff1-8980-870aa65c6357 ethernet ens33 mybr1-port1 a6a2838c-0de8-4fbe-ba3c-602214ddba95 ethernet ens37 virbr0 8f1425a8-f175-40c7-994d-3db840dd8f27 bridge virbr0 ens33 a4a959b5-8004-4d36-859f-79d7ccda3355 ethernet -- System ens37 4a5516a4-dfa4-24af-b1c4-e843e312e2fd ethernet -- tcpdum抓包测试 [root@centos7 ~]# tcpdump -i ens33 -nn icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 19:01:34.628152 IP 10.0.0.8 > 10.0.0.6: ICMP echo reply, id 57907, seq 58, length 64 19:01:34.628174 IP 10.0.0.8 > 10.0.0.6: ICMP echo reply, id 57907, seq 59, length 64 19:01:35.628751 IP 10.0.0.6 > 10.0.0.8: ICMP echo request, id 57907, seq 60, length 64 19:01:35.628949 IP 10.0.0.8 > 10.0.0.6: ICMP echo reply, id 57907, seq 60, length 64 19:01:36.628981 IP 10.0.0.6 > 10.0.0.8: ICMP echo request, id 57907, seq 61, length 64 19:01:36.629224 IP 10.0.0.8 > 10.0.0.6: ICMP echo reply, id 57907, seq 61, length 64 19:01:37.629652 IP 10.0.0.6 > 10.0.0.8: ICMP echo request, id 57907, seq 62, length 64 19:01:37.630735 IP 10.0.0.8 > 10.0.0.6: ICMP echo reply, id 57907, seq 62, length 64 19:01:38.631437 IP 10.0.0.6 > 10.0.0.8: ICMP echo request, id 57907, seq 63, length 64

.0.8 > 10.0.0.6: ICMP echo reply, id 57907, seq 62, length 64 19:01:38.631437 IP 10.0.0.6 > 10.0.0.8: ICMP echo request, id 57907, seq 63, length 64

注: nmcli修改网络后永久有效,因为该执行写入了配置文件中,只要不删除配置文件或命令行取消配置,就是有效的(着重建议学习numcli网络管理工具,异常强大)
最新回复(0)