linux网络管理

网络常用配置文件

网卡配置文件

[root@docker1 ~]# vim /usr/share/doc/initscripts-9.49.46/sysconfig.txt #网卡配置文件帮助文档
[root@docker1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"		#此配置文件应用到的设备
HWADDR="00:0c:29:ff:d5:19"	#对应的设备的MAC地址
NM_CONTROLLED="no"	#NM是NetworkManager的简写，此网卡是否接受NM控制；建议CentOS6为“no”
TYPE="Ethernet"       #常见有的Ethernet, Bridge
BOOTPROTO="static"		#激活此设备时使用的地址配置协议，常用的dhcp, static,none, bootp
DEFROUTE="yes"
DNS1=8.8.8.8		#配置dns地址到resolv.conf
DNS2=114.114.114.114
NAME="eth0"
ONBOOT="yes"		#系统引导时是否激活此设备
IPADDR=192.168.1.14
PREFIX=24
GATEWAY=192.168.1.254
PEERDNS="no"		#如果BOOTPROTO的值为“dhcp”，YES将允许dhcp server分配的dns服务器信息直接覆盖至/etc/resolv.conf文件，NO不允许修改resolv.conf

DNS配置文件

# Generated by NetworkManager
search baidu.com   #搜索域
nameserver 192.168.1.254	#dns服务器地址，一般配置主备dns服务器地址，配置多行无效
[root@docker1 ~]# ping -c1 www		#会自动在末尾补上搜索域设置
PING www.a.shifen.com (180.101.50.188) 56(84) bytes of data.
64 bytes from 180.101.50.188 (180.101.50.188): icmp_seq=1 ttl=128 time=21.4 ms

--- www.a.shifen.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 21.471/21.471/21.471/0.000 ms
[root@docker1 ~]# 

路由配置文件

[root@han network-scripts]# route -n 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.254   0.0.0.0         UG    100    0        0 eth0
10.0.0.0        127.0.0.1       255.0.0.0       UG    0      0        0 lo
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 eth0
[root@han network-scripts]# cat /etc/sysconfig/network-scripts/route-lo #手动创建此文件，lo为接口名称
10.0.0.0/8 via 127.0.0.1	#格式：TARGET  via  GW
[root@han network-scripts]# 

bond配置文件

Mode 0 (balance-rr)
轮转（Round-robin）策略：从头到尾顺序的在每一个slave接口上面发送数据包。本模式提供负载均衡和容错的能力。
Mode 1 (active-backup)
活动-备份（主备）策略：只有一个slave被激活，当且仅当活动的slave接口失败时才会激活其他slave.为了避免交换机发生混乱此时绑定的MAC地址只有一个外部端口上可见。
Mode 3 (broadcast)
广播策略：在所有的slave接口上传送所有的报文,提供容错能力。
mode4
active-backup、balance-tlb 和balance-alb 模式不需要交换机的任何特殊配置。其他绑定模式需要配置交换机以便整合链接。如：Cisco 交换机需要在模式0、2 和3 中使用EtherChannel，但在模式4中需要LACP和EtherChannel
MAC地址
网卡绑定后，绑定网卡的mac地址为其中一个网卡的mac。

[root@han ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth{0,1}
#eth0配置文件
TYPE="Ethernet"
BOOTPROTO="dhcp"
NAME="eth0"
DEVICE="eth0"
MASTER=bond0
SLAVE=yes
ONBOOT="yes"
#eth1配置文件
TYPE="Ethernet"
BOOTPROTO="dhcp"
MASTER=bond0
SLAVE=yes
NAME="eth1"
DEVICE="eth1"
ONBOOT="yes"
[root@han ~]# cat /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
BOOTPROTO=dhcp
BONDING_OPTS="miimon=100 mode=0"	#miimon设置心跳检测时间，mode设置绑定模式
[root@han ~]# cat /proc/net/bonding/bond0 	#查看网卡绑定状态
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: load balancing (round-robin)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:d3:01:0d
Slave queue ID: 0

Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:d3:01:17
Slave queue ID: 0
[root@han ~]# ll /usr/share/doc/kernel-doc-version/Documentation/networking/bonding.txt	#网卡绑定帮助文档

常用命令管理

ping

[root@han ~]# ping -c 1 192.168.1.254	#指定ping的次数
[root@han ~]# ping -s 2000 192.168.1.254	#指定包的大小
[root@han ~]# ping -I 192.168.1.1  192.168.1.254		#指定源地址
[root@han ~]# ping -i 0.5 192.168.1.254		#指定两个包的时间间隔，默认为1s
[root@han ~]# ping -w 3 192.168.1.254		#指定ping的超时时间

arping

[root@han ~]# arping -I eth0 192.168.1.17	#本地有多个网卡需要指定网卡
ARPING 192.168.1.17 from 192.168.1.14 eth0
Unicast reply from 192.168.1.17 [00:0C:29:A5:AC:1C]  1.375ms	#返回两个mac，说明地址冲突,需要在同网段进行测试
Unicast reply from 192.168.1.17 [00:0C:29:B8:9A:DC]  1.648ms
Unicast reply from 192.168.1.17 [00:0C:29:B8:9A:DC]  1.999ms
Unicast reply from 192.168.1.17 [00:0C:29:B8:9A:DC]  1.748ms
^CSent 3 probes (1 broadcast(s))
Received 4 response(s)
[root@han ~]# 

traceroute

[root@han ~]# traceroute  8.8.8.8		#默认使用UDP进行路由追踪
[root@han ~]# traceroute  -I 8.8.8.8	#指定使用ICMP进行路由追踪
[root@han ~]# traceroute  -T 8.8.8.8	#指定使用TCP方式进行路由追踪

modprobe

[root@han ~]# ethtool -i eth0
driver: e1000		#网卡驱动名称
version: 7.3.21-k8-NAPI
firmware-version: 
expansion-rom-version: 
bus-info: 0000:02:01.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: no
[root@han ~]# modprobe -r e1000		#卸载网卡驱动
[root@han ~]# rmmod e1000		#卸载网卡驱动
[root@han ~]# modprobe e1000	#加载网卡驱动

ethtool

[root@han ~]# ethtool  eth0 	#查看网卡链路连接情况，逻辑或物理端口连接状态均为no
[root@han ~]# ethtool -p eth0	#查看主机网卡位置，指定网卡指示灯会快速闪烁
[root@han ~]# ethtool -i eth0	#查看网卡驱动信息
[root@han ~]# ethtool -S eth0	#查看网卡收发情况

ifconfig

[root@han ~]# ifconfig 	#查看在线网卡地址
[root@han ~]# ifconfig -a	#查看所有网卡信息，包括离线网卡
[root@han ~]# ifconfig -s	#查看数据包发送情况，与netstat  -i类似
[root@han ~]# ifconfig eth0 up/down		#启动和关闭网卡
[root@han ~]# ifconfig eth0 mtu 1200	#设置网卡MTU值
[root@han ~]# ifconfig eth0:1 1.1.1.1/24	#设置网卡地址，包括网卡子接口

ip

ip address

[root@han ~]# ip address show	#查询所有接口地址
[root@han ~]# ip address add/del 1.1.1.1/32 dev eth0  label eth0:1 [scope {global|link|host}]	#创建/删除子接口，scope为作用域，global：全局作用域，默认；link：仅链接可以；host：本机可用，lo口为此作用域

ip link

[root@han ~]# ip link	#显示链路层信息，不显示IP地址
[root@han ~]# ip link set down/up dev eth1		#down/up网卡
[root@han ~]# ip link set mtu 1300 dev eth1		#设置网卡MTU值

ip route

# ip route add TARGET via GW dev IFACE src  SOURCE_IP
[root@han ~]# ip route add  192.168.1.0/24 via 172.16.1.1
[root@han ~]# ip route add default via 192.168.1.1 dev eth0
[root@han ~]# ip route del 192.168.1.0/24
[root@han ~]# ip route show|list
[root@han ~]# ip route flush dev eth0 	#清空对应接口的路由，不指定接口，清空所有路由
[root@han ~]# ip route show table 100	#100为策略路由的ID

ip rule

[root@han ~]# ip rule list 	#查看主机策略路由，默认只有3条策略路由
0:	from all lookup local 			#ID 255；优先级：0
32766:	from all lookup main 		#ID 254；优先级：32766
32767:	from all lookup default 	#ID 253；优先级：32767
[root@han ~]# ip rule add fwmark 3 table 3 
[root@han ~]# iptables -A PREROUTING -t mangle -i eth0 -s 192.168.3.0/24 -j MARK --set-mark 3   #创建mark规则
[root@han ~]# ip route add 192.168.3.0/24  via 192.168.1.254 dev eth0 table 3 	#在策略路由3中添加路由
[root@han ~]# ip rule list		#查看新添加的策略路由
0:	from all lookup local 
32765:	from all fwmark 0x3 lookup 3 
32766:	from all lookup main 
32767:	from all lookup default 
[root@han ~]# ip route show tables 3 	#查看策略路由3中的路由
192.168.3.0/24 via 192.168.1.254 dev eth0

ss

#格式：ss [OPTION]…… [FILTER]
#ss使用netlink与tcp_diag模块通信获取socket信息，FILTER:[state TCP-STATE] [EXPRESSION];EXPRESSION: dport = ,sport = ,示例：‘（dport = :ssh or sport = :ssh）’
[root@han ~]# ss -ntl 	#查看端口监听状态
[root@han ~]# ss -ntlp	#查看端口监听对应的进行信息
[root@han ~]# ss -n -o state established '( sport = :22 )'
Netid  Recv-Q Send-Q                                Local Address:Port     Peer Address:Port                                                        
tcp    0      36                                    192.168.1.14:22       192.168.1.100:5687                                             timer:(on,240ms,0)
[root@han ~]# 

nmcli

#创建bond端口
[root@han ~]# nmcli con add type bond con-name bond0 ifname bond0 mode active-backup	#创建主备bond，名称为bond0
[root@han ~]# nmcli con add type bond-slave ifname eth0 master bond0	#把eth0加入bond0
[root@han ~]# nmcli con add type bond-slave ifname eth1 master bond0	#把eth1加入bond0
[root@han ~]# nmcli con up bond-slave-eth0		#启动bond从属接口
[root@han ~]# nmcli con up bond-slave-eth1
[root@han ~]# nmcli con up bond0				#启动bond口
[root@han ~]# nmcli dev show bond0				#显示bond0接口属性

最佳实践

测试端口连通性

• telnet

[root@han ~]# telnet 192.168.1.17 22
Trying 192.168.1.17...
Connected to 192.168.1.17.		#表示端口被监听
Escape character is '^]'.
SSH-2.0-OpenSSH_7.4
^Cx^H^Hexit
Connection closed by foreign host.
[root@han ~]# 

• ssh

[root@han ~]# ssh -v -p 22 192.168.1.17
OpenSSH_7.9p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.17 [192.168.1.17] port 22.
debug1: Connection established.			#表示端口被监听
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9

• curl

[root@han ~]# curl -v 192.168.1.17:22
 - About to connect() to 192.168.1.17 port 22 (#0)
 -   Trying 192.168.1.17...
 - Connected to 192.168.1.17 (192.168.1.17) port 22 (#0)		#表示端口被监听
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.1.17:22
> Accept: */*
> 
SSH-2.0-OpenSSH_7.4
 - Recv failure: Connection reset by peer
 - Closing connection 0
curl: (56) Recv failure: Connection reset by peer
[root@han ~]# 

• wget

[root@han ~]# wget 192.168.1.17:22
--2023-08-01 13:53:32--  http://192.168.1.17:22/
Connecting to 192.168.1.17:22... connected.		#表示端口被监听
HTTP request sent, awaiting response... 200 No headers, assuming HTTP/0.9

• nc

[root@docker1 ~]# nc -vuz 192.168.1.4 514  #测试udp端口连通性
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.1.4:514.
Ncat: UDP packet sent successfully   #successfully表示连接成功
Ncat: 1 bytes sent, 0 bytes received in 2.02 seconds.