文章目录
本章节目标
网卡命名
网络管理常用命令
网络相关配置文件
NetworkManager管理网络
使用原生network管理网络
网络检测工具与故障排查
作业
网卡命名
传统网卡命名机制
传统命名:
以太网eth[0,1,2,…]
wlan[0,1,2,…]
redhat7网卡命名机制
systemd对网络设备的命名方式:
- 如果Firmware或BIOS为主板上集成的设备提供的索引信息可用,且可预测,则根据此索引进行命名,例如eno1
- 如果Firmware或BIOS为PCI-E扩展槽所提供的索引信息可用,且可预测,则根据此索引进行命名,例如ens1
- 如果硬件接口的物理位置信息可用,则根据此信息进行命名,例如enp2s0
- 如果用户显式启动,也可根据MAC地址进行命名,例如enx2387a1dc56
5.上述均不可用时,则使用传统命名机制
上述命名机制中,有的需要biosdevname程序的参与。所以必须安装biosdevname程序且启用它。
网络接口名称组成格式
基于固件、设备结构、设备类型
- 由两个字母开头标示固件
- 以太网网卡以 en 开头
- 无线网卡以 wl 开头
- 设备结构
- o:主板上集成的设备的设备索引号
- s:扩展槽的索引号
- x:基于MAC地址的命名
- ps:基于物理位置拓扑的命名。如enp2s1,表示PCI总线上第2个总线的第1个插槽的设备索引号
网卡设备命名过程
- udev,辅助工具程序/lib/udev/rename_device会根据/usr/lib/udev/rules.d/60-net.rules中的信息设定网卡名称
- biosdevname会根据/usr/lib/udev/rules.d/71-biosdevname.rules中的信息设定网卡名称
- 通过udev检测网络接口设备,根据/usr/lib/udev/rules.d/75-net-description中的变量信息设定网卡名称
回归传统命名
[root@localhost network-scripts]# mv ifcfg-ens33 ifcfg-eth0
[root@localhost network-scripts]#
[root@localhost network-scripts]# vim ifcfg-eth0
[root@localhost network-scripts]#
[root@localhost network-scripts]# vim /etc/default/grub
[root@localhost network-scripts]# grub2-mkconfig -o /etc/grub
grub2.cfg grub.d/
[root@localhost network-scripts]# grub2-mkconfig -o /etc/grub2.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-693.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-693.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-73b4f40b6a374f9ebbce8aebd8922881
Found initrd image: /boot/initramfs-0-rescue-73b4f40b6a374f9ebbce8aebd8922881.img
done
[root@localhost network-scripts]# cat ifcfg-eth0
NAME=eth0
BOOTPROTO=static
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.194.129
NETMASK=255.255.255.0
GATEWAY=192.168.194.2
DNS1=8.8.8.8
[root@localhost network-scripts]# cat /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap net.ifnames=0 biosdevname=0 rhgb quiet"
GRUB_DISABLE_RECOVERY="true"
[root@localhost ~]# reboot
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:54:90:66 brd ff:ff:ff:ff:ff:ff
inet 192.168.194.129/24 brd 192.168.194.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe54:9066/64 scope link
valid_lft forever preferred_lft forever
网络管理常用命令
ifconfig
//查看当前处于活动状态的所有网络接口
[root@localhost ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.194.129 netmask 255.255.255.0 broadcast 192.168.194.255
ether 00:0c:29:54:90:66 txqueuelen 1000 (Ethernet)
RX packets 401 bytes 32086 (31.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 260 bytes 26118 (25.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 52 bytes 4432 (4.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 52 bytes 4432 (4.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
//查看eth0网卡状态
[root@localhost ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.194.129 netmask 255.255.255.0 broadcast 192.168.194.255
ether 00:0c:29:54:90:66 txqueuelen 1000 (Ethernet)
RX packets 456 bytes 36306 (35.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 282 bytes 29378 (28.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
//查看所有网卡状态信息,包括禁用和启用
[root@localhost ~]# ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.194.129 netmask 255.255.255.0 broadcast 192.168.194.255
ether 00:0c:29:54:90:66 txqueuelen 1000 (Ethernet)
RX packets 513 bytes 40368 (39.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 298 bytes 31490 (30.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 52 bytes 4432 (4.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 52 bytes 4432 (4.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
//网卡配置信息含义如下
UP: 网卡处于活动状态
BROADCAST: 支持广播
RUNNING: 网线已接入
MULTICAST: 支持组播
MTU: 最大传输单元(字节),即此接口一次所能传输的最大封包
inet: 显示IPv4地址行
inet6: 显示IPv6地址行
link/enther: 指设备硬件(MAC)地址
txqueuelen: 传输缓存区长度大小
RX packets: 接收的数据包
TX packets: 发送的数据包
errors: 总的收包的错误数量
dropped: 由于各种原因, 导致拷贝在内存过程中被丢弃
collisions: 网络信号冲突情况, 值不为0则可能存在网络故障
ip
//语法: ip [OPTIONS] OBJECT {COMMAND | help}
OBJECT:
link:网络接口属性
addr:协议地址
route:路由
//查看网络接口所有地址
[root@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:54:90:66 brd ff:ff:ff:ff:ff:ff
//显示报文统计信息
[root@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:54:90:66 brd ff:ff:ff:ff:ff:ff
//启用或禁用网络接口ip link set DEV
[root@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:54:90:66 brd ff:ff:ff:ff:ff:ff
[root@localhost ~]# ip link set lo down
[root@localhost ~]# ip link show
1: lo: <LOOPBACK> mtu 65536 qdisc noqueue state DOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:54:90:66 brd ff:ff:ff:ff:ff:ff
[root@localhost ~]# ip link set lo up
[root@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:54:90:66 brd ff:ff:ff:ff:ff:ff
// ip addr add/del ADDRESS dev DEV : 添加/删除IP地址
[root@localhost ~]# ip add show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:54:90:66 brd ff:ff:ff:ff:ff:ff
inet 192.168.194.129/24 brd 192.168.194.255 scope global eth0
valid_lft forever preferred_lft forever
[root@localhost ~]# ip addr add 192.168.1.1/24 dev eth0
[root@localhost ~]# ip add show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:54:90:66 brd ff:ff:ff:ff:ff:ff
inet 192.168.194.129/24 brd 192.168.194.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.1.1/24 scope global eth0
valid_lft forever preferred_lft forever
[root@localhost ~]# ip addr del 192.168.1.1/24 dev eth0
[root@localhost ~]# ip add show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:54:90:66 brd ff:ff:ff:ff:ff:ff
inet 192.168.194.129/24 brd 192.168.194.255 scope global eth0
valid_lft forever preferred_lft forever
//ip addr show DEV : 查看网络接口地址
[root@localhost ~]# ip add show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:54:90:66 brd ff:ff:ff:ff:ff:ff
inet 192.168.194.129/24 brd 192.168.194.255 scope global eth0
valid_lft forever preferred_lft forever
[root@localhost ~]# ip addr add 192.168.1.1/24 dev eth0
[root@localhost ~]# ip add show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:54:90:66 brd ff:ff:ff:ff:ff:ff
inet 192.168.194.129/24 brd 192.168.194.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.1.1/24 scope global eth0
valid_lft forever preferred_lft forever
[root@localhost ~]# ip del add 192.168.1.1/24 dev eth0
Object "del" is unknown, try "ip help".
[root@localhost ~]# ip addr del 192.168.1.1/24 dev eth0
[root@localhost ~]# ip add show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:54:90:66 brd ff:ff:ff:ff:ff:ff
inet 192.168.194.129/24 brd 192.168.194.255 scope global eth0
valid_lft forever preferred_lft forever
route
Linux主机之间是使用IP进行通信, 假设A主机和B主机同在一个网段内且网卡都处于激活状态, 则A具备和B直接通信的能力, 但如果A主机和B主机处于两个不同的网段, 则A必须通过路由器才能和B通信, 路由器属于IT设备的基础设施, 每一个网段都应该至少有一个网关
//查看当前路由表
[root@localhost ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 100 0 0 eth0
192.168.194.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
//以数字的方式显示各主机或端口的相关信息
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.194.2 0.0.0.0 UG 100 0 0 eth0
192.168.194.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
//添加路由
//语法:route add [-net|-host] target [netmask-Nm] [gw Gw] [[dev]If]
//添加网络路由
[root@localhost ~]# route add -net 192.168.194.0/24 gw 192.168.194.1 dev eth0
[root@localhost ~]#
[root@localhost ~]# route add -net 0.0.0.0/0 gw 192.168.194.1 dev eth0
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.194.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.194.2 0.0.0.0 UG 100 0 0 eth0
192.168.194.0 192.168.194.1 255.255.255.0 UG 0 0 0 eth0
192.168.194.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
//添加主机路由
[root@localhost ~]# route add -host 192.168.194.128 gw 192.168.194.1
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.194.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.194.2 0.0.0.0 UG 100 0 0 eth0
192.168.194.0 192.168.194.1 255.255.255.0 UG 0 0 0 eth0
192.168.194.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
192.168.194.128 192.168.194.1 255.255.255.255 UGH 0 0 0 eth0
//删除路由
[root@localhost ~]# route del -host 192.168.194.128 gw 192.168.194.1
[root@localhost ~]# route del -net 0.0.0.0/0 gw 192.168.194.1 dev eth0
[root@localhost ~]# route del -net 192.168.194.0/24 gw 192.168.194.1 dev eth0
[root@localhost ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.194.2 0.0.0.0 UG 100 0 0 eth0
192.168.194.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
hostname与hostnamectl
生产环境中必须配置主机名,同时主机名也需要遵循一定的规范, 比如:
公有云: 地区-项目-业务-服务-节点-地址
wh-shop-register-nginx-node1-192.168.56.13
wh-med-pay-mysql-master01-192.168.56.11
wh-med-pay-mysql-slave01-192.168.56.12
//hostname查看主机名
[root@localhost ~]# hostname
localhost.localdomain
//hostname临时修改主机名
[root@localhost ~]# hostname lalala
[root@localhost ~]# bash
[root@lalala ~]# hostname
lalala
[root@lalala ~]# cat /etc/hostname
localhost
//设定永久名称
[root@localhost ~]# hostnamectl set-hostname sh
[root@localhost ~]# cat /etc/hostname
sh
[root@localhost ~]# hostname
sh
网络相关配置文件
网络接口配置文件
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
NAME=eth0
BOOTPROTO=static
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.194.129
NETMASK=255.255.255.0
GATEWAY=192.168.194.2
DNS1=8.8.8.8
//网卡配置说明
//参数 说明
BOOTPROTO=none //引导协议,可选值有{static|none|dhcp|bootp}。如果要使用静态地址,使用static或none都可以
NM_CONTROLLED //NM是NetworkManager的简写,NM是由RHEL研发的在RHEL6中取代network脚本来实现网络管理、配置的服务脚本
//可选值有{ yes | no }
//此项是设定此网卡是否接受NM控制。CentOS6建议设为“no”
TYPE //接口类型。常见的接口类型有:Ethernet,Bridge
UUID //设备的惟一标识
HWADDR //硬件地址,要与硬件中的地址保持一致,可省
IPADDR=172.16.12.130 //固定IP地址
PREFIX=24 //子网掩码
NETMASK=255.255.255.0 //子网掩码
GATEWAY=172.16.12.2 //默认网关
DNS1=172.16.12.2 //第一个DNS服务器指向
DNS2 //第二个DNS服务器指向
DNS3 //第三个DNS服务器指向
DEVICE=eth1 //关联的设备名称,要与文件名的后半部"INTERFACE_NAME"保持一致
NAME="eth1" //连接名称
ONBOOT=yes //在系统引导时是否自动激活此网络接口,可选值有{ yes | no }
DEFROUTE=yes //将接口设定为默认路由[yes|no]
USERCTL={yes|no} //是否允许普通用户控制此接口的启用与禁用
PEERDNS={yes|no} //是否在BOOTPROTO为dhcp时接受由dhcp服务器指定的DNS地址,此项设为yes时获得的DNS地址将直接覆盖至/etc/resolv.conf文件中
路由配置文件
路由配置文件的路径是/etc/sysconfig/network-scripts/route-INTERFACE_NAME
//添加格式一:DEST via NEXTHOP
[root@localhost ~]# vi /etc/sysconfig/network-scripts/route-ens33
172.16.12.0/24 via 172.16.12.2
//添加格式二:
[root@localhost ~]# vi /etc/sysconfig/network-scripts/route-ens33
ADDRESS0=172.16.12.0
NETMASK0=255.255.255.0
GATEWAY0=172.16.12.2
DNS配置文件
DNS配置文件的路径是/etc/resolv.conf
[root@localhost ~]# vi /etc/resolv.conf
nameserver DNS_IP_1
nameserver DNS_IP_2
nameserver DNS_IP_3
NetworkManager管理网络
RHEL/CentOS7系统默认使用NetworkManager来提供网络服务,这是一种动态管理网络配置的守护进程,能够让网络设备保持连接状态。
NetworkManager提供的命令行和图形配置工具对网络进行设定, 设定保存的配置文件在/etc/sysconfig/network-scripts目录下, 工具有 nmcli, nmtui, nm-connect-editor
device物理设备, 例如 ens33,enp2s0,virbr0,team0
connection连接设置, 具体网络配置方案
1.不同的网络连接配置可以应用到相同的物理设备,但物理设备同一时间只能应用其中某个网络连接
2.针对物理网络接口, 设定不同的网络连接, 在不同的使用环境中激活相应的网络连接,就可以实现网络配置信息的自动切换了
使用nmcli命令查看设备以及连接情况
//查看设备状态
[root@localhost ~]# nmcli device
设备 类型 状态 连接
eth0 ethernet 连接的 eth0
lo loopback 未托管 --
//查看指定设备的详细状态
[root@localhost ~]# nmcli device show eth0
GENERAL.设备: eth0
GENERAL.类型: ethernet
GENERAL.硬盘: 00:0C:29:54:90:66
GENERAL.MTU: 1500
GENERAL.状态: 100 (连接的)
GENERAL.连接: eth0
GENERAL.连接路径: /org/freedesktop/NetworkManager/ActiveConnection/2
WIRED-PROPERTIES.载波: 开
IP4.地址[1]: 192.168.194.129/24
IP4.网关: --
IP4.DNS[1]: 8.8.8.8
IP6.网关: --
//查看连接状态
[root@localhost ~]# nmcli connection
名称 UUID 类型 设备
eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
//查看指令设备连接详细情况
[root@localhost ~]# nmcli connection show eth0
connection.id: eth0
connection.uuid: 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
connection.stable-id: --
connection.interface-name: eth0
connection.type: 802-3-ethernet
connection.autoconnect: yes
connection.autoconnect-priority: 0
connection.autoconnect-retries: -1 (默认)
connection.timestamp: 1570520020
connection.read-only: no
connection.permissions: --
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1 (默认)
connection.secondaries: --
connection.gateway-ping-timeout: 0
connection.metered: 未知
connection.lldp: -1 (default)
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: no
802-3-ethernet.mac-address: --
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist: --
802-3-ethernet.mtu: 自动
802-3-ethernet.s390-subchannels: --
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options: --
802-3-ethernet.wake-on-lan: 1 (default)
使用原生network管理网络
CentOS/RHEL的网络配置文件默认目录为/etc/sysconfig/network-scripts
默认第一块物理网卡配置文件为ifcfg-eth0, 如果有第二块物理网卡, 配置文件则为ifcfg-eth1以此类推。 注意: 如果新增物理网卡没有配置文件,可选择复制系统默认的进行修改。
//设置NetworkManger开机不启动, 同时停止NetworkManger服务
[root@localhost ~]# systemctl disable NetworkManager
[root@localhost ~]# systemctl stop NetworkManager
//添加一块物理网卡, 然后新增网络连接配置文件
//复制配置eth0配置文件为eth1
[root@localhost ~]# cp /etc/sysconfig/network-scripts/{ifcfg-eth0,ifcfg-eth1}
//编辑网卡配置文件
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=static
NAME=eth1
UUID=03be31f5-a3c1-4f8d-88b3-aea6e85c869f
DEVICE=eth1
NM_CONTROLLED=no
ONBOOT=yes
IPADDR=172.16.12.130
NETMASK=255.255.255.0
GATEWAY=172.16.12.2
DNS1=172.16.12.2
//重启network网络服务加载网络并设置开机启动
[root@localhost ~]# systemctl restart network
[root@localhost ~]# systemctl enable network
网络检测工具与故障排查
ping
ping命令的目的在于测试另一台主机是否可达, 如果ping不到某台主机,就说明对方主机已经出现了问题, 但是不排除由于链路中的防火墙、ping被丢弃等原因造成ping不通的情
//ping命令常用选项:
-c 指定ping的次数
-i 指定ping包的发送间隔
-w 如果ping没有回应, 则在指定超时时间后退出
[root@localhost ~]# ping www.baidu.com
PING www.baidu.com (14.215.177.38) 56(84) bytes of data.
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=1 ttl=128 time=63.7 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=2 ttl=128 time=62.8 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=3 ttl=128 time=198 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=4 ttl=128 time=114 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=5 ttl=128 time=130 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=6 ttl=128 time=81.8 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=7 ttl=128 time=191 ms
^C
--- www.baidu.com ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6011ms
rtt min/avg/max/mdev = 62.878/120.411/198.043/52.483 ms
[root@localhost ~]# ping -c 3 www.baidu.con
ping: www.baidu.con: 未知的名称或服务
[root@localhost ~]# ping -c 3 www.baidu.com
PING www.baidu.com (14.215.177.38) 56(84) bytes of data.
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=1 ttl=128 time=79.1 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=2 ttl=128 time=95.0 ms
64 bytes from 14.215.177.38 (14.215.177.38): icmp_seq=3 ttl=128 time=67.4 ms
--- www.baidu.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 6266ms
rtt min/avg/max/mdev = 67.465/80.542/95.054/11.313 ms
[root@localhost ~]# ping -i 2 www.baidu.com
PING www.baidu.com (103.235.46.39) 56(84) bytes of data.
64 bytes from 103.235.46.39 (103.235.46.39): icmp_seq=2 ttl=128 time=418 ms
64 bytes from 103.235.46.39 (103.235.46.39): icmp_seq=3 ttl=128 time=266 ms
64 bytes from 103.235.46.39 (103.235.46.39): icmp_seq=4 ttl=128 time=280 ms
64 bytes from 103.235.46.39 (103.235.46.39): icmp_seq=5 ttl=128 time=267 ms
^C
--- www.baidu.com ping statistics ---
5 packets transmitted, 4 received, 20% packet loss, time 8010ms
rtt min/avg/max/mdev = 266.601/308.238/418.116/63.670 ms
host与nslookup
host/nslookup命令用于查询DNS记录
[root@localhost ~]# host www.baidu,com
Host www.baidu,com not found: 3(NXDOMAIN)
[root@localhost ~]# nslookup www.baidu.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 14.215.177.38
Name: www.a.shifen.com
Address: 14.215.177.39
traceroute
traceroute命令用于路由跟踪, 检测网络故障出现在ISP运营商或是对端服务无法响应
[root@localhost ~]# traceroute www.baidu.com
traceroute to www.baidu.com (14.215.177.38), 30 hops max, 60 byte packets
1 gateway (192.168.194.2) 0.231 ms 0.139 ms 0.152 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 *^C
netstat
netstat用于查看网络状态
//查看路由表
[root@localhost ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default gateway 0.0.0.0 UG 0 0 0 eth0
192.168.194.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
//以数字方式显示路由表
[root@localhost ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.194.2 0.0.0.0 UG 0 0 0 eth0
192.168.194.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
//显示建立的tcp连接
[root@localhost ~]# netstat -t
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 sh:ssh 192.168.194.1:52799 ESTABLISHED
tcp 0 52 sh:ssh 192.168.194.1:53490 ESTABLISHED
//显示建立的udp连接
[root@localhost ~]# netstat -u
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
//显示监听状态的连接
[root@localhost ~]# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
udp 0 0 localhost:323 0.0.0.0:*
udp6 0 0 localhost:323 [::]:*
//显示监听指定的套接字的进程的进程号以及进程名
[root@localhost ~]# netstat -p
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 sh:ssh 192.168.194.1:52799 ESTABLISHED 1411/sshd: root@pts
tcp 0 0 sh:ssh 192.168.194.1:53490 ESTABLISHED 1991/sshd: root@pts
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node PID/Program nam
//显示所有状态的连接
[root@localhost ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN
tcp 0 0 sh:ssh 192.168.194.1:52799 ESTABLISHED
tcp 0 52 sh:ssh 192.168.194.1:53490 ESTABLISHED
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:smtp [::]:* LISTEN
udp 0 0 localhost:323 0.0.0.0:*
udp6 0 0 localhost:323 [::]:*
常用选项
-antlp
[root@localhost ~]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1119/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1356/master
tcp 0 0 192.168.194.129:22 192.168.194.1:52799 ESTABLISHED 1411/sshd: root@pts
tcp 0 52 192.168.194.129:22 192.168.194.1:53490 ESTABLISHED 1991/sshd: root@pts
tcp6 0 0 :::22 :::* LISTEN 1119/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1356/master
ss
ss是一种网络状态查看工具,取代netsta
//语法:ss [options] [ FILTER ]
//常用的options:
-t:tcp协议相关
-u:udp协议相关
-w:裸套接字相关
-x:unix套接字相关
-l:listen状态的连接
-a:所有
-n:数字格式
-p:相关的程序及pid
-e:扩展的信息
-m:内存用量
-o:显示计时器信息
//常见的FILTER:
FILTER := [ state TCP-STATE ] [ EXPRESSION ]
如:ss -tan state ESTABLISHED
//常见的state:
//tcp finite state machine:有限状态机
LISTEN:监听
ESTABLISHED:已建立的连接
//EXPRESSION:
dport =
sport =
示例:'( dport = :ssh or sport = :ssh)',此处的ssh也即服
//常见组合
[root@localhost ~]# ss -tan
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
ESTAB 0 0 192.168.194.129:22 192.168.194.1:52799
ESTAB 0 0 192.168.194.129:22 192.168.194.1:53490
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@localhost ~]# ss -tanl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@localhost ~]# ss -antlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:* users:(("sshd",pid=1119,fd=3))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=1356,fd=13))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=1119,fd=4))
LISTEN 0 100 ::1:25 :::* users:(("master",pid=1356,fd=14))
[root@localhost ~]# ss -anu
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 127.0.0.1:323 *:*
UNCONN 0 0 ::1:323 :::*
//常见端口
http 80/tcp
https 443/tcp
ssh 22/tcp
ftp 20,21/tcp
mysql 3306/tcp
rsync 873/rsync
redis 6379/tcp
网络故障排查
- 网络故障分为硬件/软件故障
- 网卡损坏
- 链路故障
- 网卡驱动不兼容
- 网络排查思路
- ping本地回环口, 确定本机TCP/IP协议栈是否正常
- ping本机IP地址, 确定本地设备以及驱动是否正常
- ping同网段主机, 确定二层网络是否正常工作
- ping网关地址, 确定本地与网络是否正常
- ping公网地址, 确定本地路由是否正常
- ping公网域名, 确定DNS客户端是否正常
- 服务故障排查思路
- 使用telnet检测端口是否开放
- 检查服务端防火墙以及SElinux
- 检查相应的权限是否配置正常
- 检查日志是否有异常
- 检查完毕后持续测试
1.如何查看系统中每个ip的连接数
[root@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:7d:c1:2e brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 00:0c:29:7d:c1:38 brd ff:ff:ff:ff:ff:ff
2.请列出下列服务使用的端口,http,ftp,ssh,telnet,mysql,dns
http:80 ftp:20,21 ssh:22 telnet:83 mysql:3306 dns:53
3.如何在虚拟机上新增加一块网卡,并配置IP为172.16.0.10,指定网关为172.16.0.1
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=static
NAME=eth1
UUID=03be31f5-a3c1-4f8d-88b3-aea6e85c869f
DEVICE=eth1
NM_CONTROLLED=no
ONBOOT=yes
IPADDR=172.16.0.10
NETMASK=255.255.255.0
GATEWAY=172.16.0.1
DNS1=172.16.12.2
[root@localhost ~]# systemctl restart network
[root@localhost ~]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:7d:c1:38 brd ff:ff:ff:ff:ff:ff
inet 172.16.0.10/24 brd 172.16.0.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe7d:c138/64 scope link
valid_lft forever preferred_lft forever
4.详细描述dns解析过程,以访问www.baidu.com为例
5.如何查看系统中运行了多少个进程
[root@localhost ~]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 1 20:35 ? 00:00:08 /usr/lib/system
root 2 0 0 20:35 ? 00:00:00 [kthreadd]
root 3 2 0 20:35 ? 00:00:00 [ksoftirqd/0]
root 5 2 0 20:35 ? 00:00:00 [kworker/0:0H]
root 7 2 0 20:35 ? 00:00:00 [migration/0]
root 8 2 0 20:35 ? 00:00:00 [rcu_bh]
root 9 2 0 20:35 ? 00:00:04 [rcu_sched]
root 10 2 0 20:35 ? 00:00:00 [watchdog/0]
root 12 2 0 20:35 ? 00:00:00 [kdevtmpfs]
6.如何查看系统中启动了哪些端口
[root@localhost ~]# ss -antlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:* users:(("sshd",pid=1274,fd=3))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=1509,fd=13))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=1274,fd=4))
LISTEN 0 100 ::1:25 :::* users:(("master",pid=1509,fd=14))
7.如何查看是否开启80端口,及查看sshd进程是否存在
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# ss -antlp | grep 80
LISTEN 0 128 :::80 :::* users:(("httpd",pid=2920,fd=4),("httpd",pid=2919,fd=4),("httpd",pid=2918,fd=4),("httpd",pid=2917,fd=4),("httpd",pid=2916,fd=4),("httpd",pid=2915,fd=4))
[root@localhost ~]# ss -antlp | grep sshd
LISTEN 0 128 *:22 *:* users:(("sshd",pid=1274,fd=3))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=1274,fd=4))
8.列出所有处于监听状态的tcp端口
[root@localhost ~]# ss -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 52 192.168.91.142:ssh 192.168.91.1:52548
9.查看所有的端口信息, 包括 PID 和进程名称
[root@localhost ~]# ss -antlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:* users:(("sshd",pid=1274,fd=3))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=1509,fd=13))
LISTEN 0 128 :::80 :::* users:(("httpd",pid=2920,fd=4),("httpd",pid=2919,fd=4),("httpd",pid=2918,fd=4),("httpd",pid=2917,fd=4),("httpd",pid=2916,fd=4),("httpd",pid=2915,fd=4))
LISTEN 0 32 :::21 :::* users:(("vsftpd",pid=2862,fd=3))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=1274,fd=4))
LISTEN 0 100 ::1:25 :::* users:(("mast
6万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
