1.什么是网桥
2.brctl临时实现虚拟网桥介绍
3.nmcli永久实现虚拟网桥介绍
网桥(network bridge)
负责网络桥接,负责将网络中的多个网段,在数据链路层(osi参考模型第二层)连接起来(即桥接),用来分隔冲突域的设备。
实验环境
| OS | NetworkName | IP | route | Dev | |
|---|---|---|---|---|---|
| Centos8 | NAT | 10.0.0.8 | route add -net 10.0.0.0 netmask 255.0.0.0 dev ens160 | (ens160) | |
| Centos7 | NAT(ens33) Birdge) | 192.168.146.135 | 默认即可 | (ens33 ens37) | |
| Centos6 | Birdge(eth0) | 10.0.0.6 | route add -net 10.0.0.0 netmask 255.0.0.0 | (eth0) |
实验说明:
现在8和6上分别取消原有ip地址和网络配置,设置新的通信ip地址,实现同网段ip在不同网段通信,注:因为ip本来就在同一网段,如果使用配置路由表的方法配置,打开核心转发后,容易造成广播回环,仅在当前网段寻找,不会通过路由查找,因为ip地址在同一网段。
(一)临时brctl实现虚拟网桥搭建
配置Centos8网络环境
[Centos8@localhost ~]# ifconfig ens160 10.0.0.8 netmask 255.255.255.0
[Centos8@localhost ~]#route -n 查看到达10.0.0.0网段路由是否存在,不在添加下面的命令
[Centos8@localhost ~]#route add -net 10.0.0.0 netmask 255.0.0.0 dev ens160
配置Centos6网络环境
[Centos6@localhost ~]# ifconfig eth0 10.0.0.6 netmask 255.255.255.0
#route -n 查看到达10.0.0.0网段路由是否存在,不在添加下面的命令
#route add -net 10.0.0.0 netmask 255.0.0.0 dev eth0
配置网桥设置
清空原ip地址配置
[Centos7@localhost ~]# ifconfig ens33 0.0.0.0
[Centos7@localhost ~]# ifconfig ens37 0.0.0.0
检查bridge-utils包是否存在
[Centos7@localhost ~]# rpm -q bridge-utils
bridge-utils-1.5-9.el7.x86_64
存在继续下面否则yum安装bridge-utils包
[Centos7@localhost ~]# yum install bridge-utils
[Centos7@localhost ~]# brctl addr|delbr mybr0 #添加网桥
[Centos7@localhost ~]# brctl addif|delif mybr0 ens33 #添加网卡
[Centos7@localhost ~]# brctl addif|delif mybr0 ens37 #添加网卡
[Centos7@localhost ~]# brctl stp mybr0 on|off #是否开启不影响当前实验,建议开启
[Centos7@localhost ~]# brctl show #查看网桥配置
[Centos7@localhost ~]# ifconfig mybr0 up #一定记得开启网卡,默认是down
[Centos7@localhost ~]# ifconfig mybr0 192.168.146.124 #连接可以和物理主机交互的IP实现ssh管理
测试
[Centos7@localhost ~]# ip show mybr0
mybr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 00:0c:29:fe:5d:93 brd ff:ff:ff:ff:ff:ff
inet 192.168.146.135/24 brd 192.168.146.255 scope global mybr0
inet6 fe80::20c:29ff:fefe:5d93/64 scope link
valid_lft forever preferred_lft forever
tcpdump抓包测试
[root@CentOS6 hjq]# tcpdump -i eth1 -nn icmp
09:40:44.145479 IP 10.0.0.7 > 10.0.0.8: ICMP echo request, id 35236, seq 6, length 64
09:40:44.145765 IP 10.0.0.8> 10.0.0.7: ICMP echo reply, id 35236, seq 6, length 64
09:40:45.145778 IP 10.0.0.7 > 10.0.0.8: ICMP echo request, id 35236, seq 7, length 64
09:40:45.145949 IP 10.0.0.8 > 10.0.0.7: ICMP echo reply, id 35236, seq 7, length 64
09:40:46.147141 IP 10.0.0.7 > 10.0.0.8: ICMP echo request, id 35236, seq 8, length 64
09:40:46.147454 IP 10.0.0.8 > 10.0.0.7: ICMP echo reply, id 35236, seq 8, length 64
注: 因为交换机闭环连接后容易造成网络风暴,为了避免。所以有了stp生成树协议;由交换机管控,在逻辑上断开某一端口,避免风暴产生,如有线路断开,再自动启用,避免网络故障。
Centos6和Centos7需要安装bridge-utils工具包;(Centos8取消该包了)
nmcli实现永久虚拟网桥实现
配置Centos8网络环境
[Centos8@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE=Ethernet
BOOTPROTO=static
IPADDR=10.0.0.8
GATEWAY=255.255.255.0
DNS1=114.114.114.114
NAME=ens160
ONBOOT=yes
[Centos8@localhost ~]# nmcli c reload #重新读取网络配置文件
[Centos8@localhost ~]# route -n 查看到达10.0.0.0网段路由是否存在,不在添加下面的命令
[Centos8@localhost ~]# route add -net 10.0.0.0 netmask 255.0.0.0 dev ens160
Centos8经测试重启网卡命令不再延续7的systemctl restart network.service,而是采用nmcli connection reload (connection简写为c)
配置Centos6网络环境
[Centos6@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
IPADDR=10.0.0.7
GATEWAY=255.255.255.0
DNS1=114.114.114.114
NAME=eth0
ONBOOT=yes
[Centos6@localhost ~]# service network.service restart
[Centos6@localhost ~]# route -n 查看到达10.0.0.0网段路由是否存在,不在添加下面的命令
[Centos6@localhost ~]# route add -net 10.0.0.0 netmask 255.0.0.0 dev eth0
配置网桥设置
清空原ip地址配置
[Centos7@localhost ~]# ifconfig ens33 0.0.0.0
[Centos7@localhost ~]# ifconfig ens37 0.0.0.0
2、先删除开始添加的临时mybr0
[Centos7@localhost ~]# ipconfig mybr0 downm #关闭时需要先关闭网卡,才可以删除brctl的网桥配置
[Centos7@localhost ~]# brctl delbr mybr0 #或重启host
3、添加nmcli配置设置
[Centos7@localhost ~]# mcli c add type birdge con-name mybr1 ifname mybr1 #添加网桥设备
[Centos7@localhost ~]# nmcli c modify mybr1 ipv4.addressese 192.168.146.135/24 ipv4.method manual 添加IP地址
[Centos7@localhost ~]# nmcli c add type birdge-slave con-name mybr1-port0 ifname ens33 master mybr1 添加网卡
[Centos7@localhost ~]# nmcli c add type birdge-slave con-name mybr1-port1 ifname ens37 master mybr1 添加网卡
依次从到主启动该网桥设备
[Centos7@localhost ~]# nmcli c up mybr1-port0
[Centos7@localhost ~]# nmcli c up mybr1-port1
[Centos7@localhost ~]# nmcli c up mybr1
测试
查看配置状态
[root@centos7 ~]# nmcli c show #至此处配置成功
NAME UUID TYPE DEVICE
mybr1 94a01525-a591-4139-be84-82475befc01a bridge mybr1
mybr1-port0 fead9cf4-7265-4ff1-8980-870aa65c6357 ethernet ens33
mybr1-port1 a6a2838c-0de8-4fbe-ba3c-602214ddba95 ethernet ens37
virbr0 8f1425a8-f175-40c7-994d-3db840dd8f27 bridge virbr0
ens33 a4a959b5-8004-4d36-859f-79d7ccda3355 ethernet --
System ens37 4a5516a4-dfa4-24af-b1c4-e843e312e2fd ethernet --
tcpdum抓包测试
[root@centos7 ~]# tcpdump -i ens33 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
19:01:34.628152 IP 10.0.0.8 > 10.0.0.6: ICMP echo reply, id 57907, seq 58, length 64
19:01:34.628174 IP 10.0.0.8 > 10.0.0.6: ICMP echo reply, id 57907, seq 59, length 64
19:01:35.628751 IP 10.0.0.6 > 10.0.0.8: ICMP echo request, id 57907, seq 60, length 64
19:01:35.628949 IP 10.0.0.8 > 10.0.0.6: ICMP echo reply, id 57907, seq 60, length 64
19:01:36.628981 IP 10.0.0.6 > 10.0.0.8: ICMP echo request, id 57907, seq 61, length 64
19:01:36.629224 IP 10.0.0.8 > 10.0.0.6: ICMP echo reply, id 57907, seq 61, length 64
19:01:37.629652 IP 10.0.0.6 > 10.0.0.8: ICMP echo request, id 57907, seq 62, length 64
19:01:37.630735 IP 10.0.0.8 > 10.0.0.6: ICMP echo reply, id 57907, seq 62, length 64
19:01:38.631437 IP 10.0.0.6 > 10.0.0.8: ICMP echo request, id 57907, seq 63, length 64
.0.8 > 10.0.0.6: ICMP echo reply, id 57907, seq 62, length 64
19:01:38.631437 IP 10.0.0.6 > 10.0.0.8: ICMP echo request, id 57907, seq 63, length 64
注: nmcli修改网络后永久有效,因为该执行写入了配置文件中,只要不删除配置文件或命令行取消配置,就是有效的(着重建议学习numcli网络管理工具,异常强大)
版权声明:本文为weixin_42352759原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。