摘要:
mode6:两张网卡均衡工作,且自动备援,无需交换机设备提供辅助支持。
1. 前言
关于双网卡绑定,前前后后踩过不少的坑,虽然这是 RHCE 中的一道题,但是在实践中碰到问题也够喝一壶的。
在实践中,虚拟机、物理机都做过,但是不尽相同,大部分的坑也集中在这里,本文长期更新关于网卡绑定中遇到的问题及处理方法。
现在的服务器默认都配备 4 张 千兆网卡,在生产环境中,无论遇到多大的困难,都必须做到双网卡绑定(至少要实现主备模式),最基本的主备这是基本原则。因此在前期的规划,网络设备(交换机)是必须要考虑到的。
2. 概念
概念性的东西的最容易遗忘的,这里得反复强调:
链路聚合最常见的三种模式:
- mode0(平衡负载模式):两张网卡同时均衡工作,且自动备援,但是需要在与服务器本地网卡相连的交换机设备上进行端口聚合来支持绑定技术。
- mode1(自动备援模式):1张网卡工作,在工作网卡故障时,第二张网卡替换故障网卡,单纯的主备模式。
- mode6(平衡负载模式):两张网卡均衡工作,且自动备援,无需交换机设备提供辅助支持。
以上三种模式,最推荐的当然是 mode6 技能负载均衡又能主备切换,最最重要的是不用浪费时间去联系网络工程师。记住上面三种常见模式就够用了。
3. 实践
3.1 虚拟机网卡绑定
环境介绍:
虚拟化软件:VMware® Workstation 15 Pro
虚拟机操作系统:CentOS Linux release 7.7.1908 (Core)
在 Centos 7 中有两种技术来实现网卡绑定:teaming 和 bonding ,下面通过三种方式来实现网卡绑定:
3.1.1 手动配置,使用 bond 技术
查看物理网卡及连接状态
[root@192.168.118.11 ~]#nmcli dev DEVICE TYPE STATE CONNECTION eth0 ethernet connected System eth0 eth1 ethernet connected Wired connection 1 eth2 ethernet connected Wired connection 2 lo loopback unmanaged -- [root@192.168.118.11 ~]#nmcli con NAME UUID TYPE DEVICE System eth0 078df8ff-b848-4c23-b212-3213a74bc5d5 ethernet eth0 Wired connection 1 24d053c5-d908-3e0d-9e61-4d92efcd6f3b ethernet eth1 Wired connection 2 b4cea59c-59ea-3b6c-a343-e2578ede5034 ethernet eth2
通过上面的命令得知:该主机有3张网卡,1张本地回环lo 且 三张物理网卡都处于连接中,查看网卡配置文件:
[root@192.168.118.11 ~]#ll /etc/sysconfig/network-scripts/ifcfg-*
-rw-r--r-- 1 root root 259 Mar 30 19:21 /etc/sysconfig/network-scripts/ifcfg-eth0
-rw-r--r--. 1 root root 254 Mar 29 2019 /etc/sysconfig/network-scripts/ifcfg-lo
查看配置网卡配置文件却只有 eth0 的, eth1 和 eth2 没有。这里可以通过新建连接来生成配置文件,比自己手动编写方便太多了,建议使用。
首先通过连接名 ‘Wired connection 1’ ‘Wired connection 2’ 删除连接
[root@192.168.118.11 ~]#nmcli con NAME UUID TYPE DEVICE System eth0 078df8ff-b848-4c23-b212-3213a74bc5d5 ethernet eth0 Wired connection 1 24d053c5-d908-3e0d-9e61-4d92efcd6f3b ethernet eth1 Wired connection 2 b4cea59c-59ea-3b6c-a343-e2578ede5034 ethernet eth2 [root@192.168.118.11 ~]#nmcli con del 'Wired connection 1' 'Wired connection 2' Connection 'Wired connection 1' (24d053c5-d908-3e0d-9e61-4d92efcd6f3b) successfully deleted. Connection 'Wired connection 2' (b4cea59c-59ea-3b6c-a343-e2578ede5034) successfully deleted. [root@192.168.118.11 ~]#nmcli con NAME UUID TYPE DEVICE System eth0 078df8ff-b848-4c23-b212-3213a74bc5d5 ethernet eth0
然后在通过物理网卡 eth1 和 eth2 重建连接
[root@192.168.118.11 ~]#nmcli con NAME UUID TYPE DEVICE System eth0 078df8ff-b848-4c23-b212-3213a74bc5d5 ethernet eth0 [root@192.168.118.11 ~]#nmcli con add type ethernet ifname eth1 con-name eth1 Connection 'eth1' (8c47d2f2-1373-425e-b6e2-fa5e6b9eb8f6) successfully added. [root@192.168.118.11 ~]#nmcli con add type ethernet ifname eth2 con-name eth2 Connection 'eth2' (5d8dc9b0-3b4f-4c6d-919b-a7754d86b1f8) successfully added. [root@192.168.118.11 ~]#nmcli con NAME UUID TYPE DEVICE System eth0 078df8ff-b848-4c23-b212-3213a74bc5d5 ethernet eth0 eth1 8c47d2f2-1373-425e-b6e2-fa5e6b9eb8f6 ethernet eth1 eth2 5d8dc9b0-3b4f-4c6d-919b-a7754d86b1f8 ethernet eth2 [root@192.168.118.11 ~]#ll /etc/sysconfig/network-scripts/ifcfg-* -rw-r--r-- 1 root root 259 Mar 30 19:21 /etc/sysconfig/network-scripts/ifcfg-eth0 -rw-r--r-- 1 root root 278 May 21 22:58 /etc/sysconfig/network-scripts/ifcfg-eth1 -rw-r--r-- 1 root root 278 May 21 22:58 /etc/sysconfig/network-scripts/ifcfg-eth2 -rw-r--r--. 1 root root 254 Mar 29 2019 /etc/sysconfig/network-scripts/ifcfg-lo
新建网卡连接命令:
nmcli con add type ethernet ifname eth2 con-name eth2
ifname : 物理网卡名,通过 nmcli dev 查看
con-name:网卡配置文件名,逻辑网卡名
通过上面的配置已得到三张网卡的配置文件,接下来进行配置文件的修改实现网卡绑定
----------------------eth1---------------------- [root@192.168.118.11 /etc/sysconfig/network-scripts]#vim ifcfg-eth1 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no NAME=eth1 UUID=8c47d2f2-1373-425e-b6e2-fa5e6b9eb8f6 DEVICE=eth1 ONBOOT=yes MASTER=bond6 SLAVE=yes ----------------------eth2---------------------- [root@192.168.118.11 /etc/sysconfig/network-scripts]#vim ifcfg-eth2 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no NAME=eth2 UUID=5d8dc9b0-3b4f-4c6d-919b-a7754d86b1f8 DEVICE=eth2 ONBOOT=yes MASTER=bond6 SLAVE=yes
修改及添加的部分用黄(和谐)色标注,新增 ifcfg-bond6 配置文件如下:
[root@192.168.118.11 /etc/sysconfig/network-scripts]#vim ifcfg-bond6
TYPE=Bond
BOOTPROTO=none
DEVICE=bond6
ONBOOT=yes
IPADDR=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=114.114.114.114
BONDING_OPTS='miimon=100 mode=6 fail_over_mac=1'
这里需要特别注意的地方:BONDING_OPTS='miimon=100 mode=6 fail_over_mac=1' ,如果是虚拟机,fail_over_mac=1 是必须要带上的,否则vmware会出现告警信息,配置起来能正常用,但是在进行准备切换时,是无法进行的。切记!
vmware 出现这样的提示基本可以确定 fail_over_mac 没有生效,所配置的网卡也无法做到故障切换。
注意:在vmware 虚拟机环境中,常用的三种方式(mode-0 mode-1 mode-6) 只有 mode 1 实现了故障切换。
mode 1 - ifcfg-bond6 配置如下:
[root@192.168.118.11 /etc/sysconfig/network-scripts]#vim ifcfg-bond6 TYPE=Bond BOOTPROTO=none DEVICE=bond6 ONBOOT=yes IPADDR=192.168.1.100 NETMASK=255.255.255.0 GATEWAY=192.168.1.1 DNS1=114.114.114.114 BONDING_OPTS="miimon=100 mode=1 fail_over_mac=1"
bond 配置文件中可以通过 mode = 模式号 来进行切换,这里修改为 mode-1 模式,查看配置信息:
[root@192.168.118.11 /etc/sysconfig/network-scripts]#cat /proc/net/bonding/bond6 Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011) Bonding Mode: fault-tolerance (active-backup) (fail_over_mac active) Primary Slave: None Currently Active Slave: eth1 MII Status: up MII Polling Interval (ms): 100 Up Delay (ms): 0 Down Delay (ms): 0 Slave Interface: eth1 MII Status: up Speed: 1000 Mbps Duplex: full Link Failure Count: 0 Permanent HW addr: 00:0c:29:f4:f4:0f Slave queue ID: 0 Slave Interface: eth2 MII Status: up Speed: 1000 Mbps Duplex: full Link Failure Count: 0 Permanent HW addr: 00:0c:29:f4:f4:19 Slave queue ID: 0
[root@192.168.118.11 /etc/sysconfig/network-scripts]#ethtool bond6
Settings for bond6:
Supported ports: [ ]
Supported link modes: Not reported
Supported pause frame use: No
Supports auto-negotiation: No
Supported FEC modes: Not reported
Advertised link modes: Not reported
Advertised pause frame use: No
Advertised auto-negotiation: No
Advertised FEC modes: Not reported
Speed: 1000Mb/s
Duplex: Full
Port: Other
PHYAD: 0
Transceiver: internal
Auto-negotiation: off
Link detected: yes
可以看到橙色部分:
Bonding Mode: fault-tolerance (active-backup) (fail_over_mac active) 说明这里 fail_over_mac 生效了。Currently Active Slave: eth1 当前活动的网卡是第一张网卡,也就是当第一张网卡 down,就会切换到 eth2进行网卡故障切换,虚拟机可以通过 ifdown / ifup 来实现
3.1.2 通过 nmcli 命令实现网卡绑定,使用技术:bonding
网卡信息及连接状态如下:
[root@192.168.118.11 ~]#nmcli dev DEVICE TYPE STATE CONNECTION eth0 ethernet connected System eth0 eth1 ethernet disconnected -- eth2 ethernet disconnected -- lo loopback unmanaged -- [root@192.168.118.11 ~]#nmcli con NAME UUID TYPE DEVICE System eth0 078df8ff-b848-4c23-b212-3213a74bc5d5 ethernet eth0
目前只有 eth0 网卡连接网络
通过nmcli 创建 bond1
[root@192.168.118.11 ~]#nmcli con add type bond ifname bond1 con-name bond1 mode 1 ipv4.method manual ipv4.address 192.168.1.100/24 ipv4.gateway 192.168.1.1 ipv4.dns 114.114.114.114 Connection 'bond1' (f922008c-75b1-4f5e-a27d-d3e054acde0d) successfully added. [root@192.168.118.11 ~]#nmcli con add type bond-slave ifname eth1 con-name bond1-port1 master bond1 Connection 'bond1-port1' (06489850-82d7-4827-bb16-13d5abb84c58) successfully added. [root@192.168.118.11 ~]#nmcli con add type bond-slave ifname eth2 con-name bond1-port2 master bond1 Connection 'bond1-port2' (80f43a85-32cc-4302-b0f1-8cb87e9e3e17) successfully added. [root@192.168.118.11 ~]#ll /etc/sysconfig/network-scripts/ifcfg-* -rw-r--r-- 1 root root 399 May 21 23:50 /etc/sysconfig/network-scripts/ifcfg-bond1 -rw-r--r-- 1 root root 119 May 21 23:50 /etc/sysconfig/network-scripts/ifcfg-bond1-port1 -rw-r--r-- 1 root root 119 May 21 23:50 /etc/sysconfig/network-scripts/ifcfg-bond1-port2 -rw-r--r-- 1 root root 259 Mar 30 19:21 /etc/sysconfig/network-scripts/ifcfg-eth0 -rw-r--r--. 1 root root 254 Mar 29 2019 /etc/sysconfig/network-scripts/ifcfg-lo [root@192.168.118.11 ~]#nmcli con NAME UUID TYPE DEVICE System eth0 078df8ff-b848-4c23-b212-3213a74bc5d5 ethernet eth0 bond1 f922008c-75b1-4f5e-a27d-d3e054acde0d bond bond1 bond1-port2 80f43a85-32cc-4302-b0f1-8cb87e9e3e17 ethernet eth2 bond1-port1 06489850-82d7-4827-bb16-13d5abb84c58 ethernet --
创建 bond1 并将 两张物理网卡添加到 bond1 , 查看配置文件已经生成。
注意:在虚拟机环境中一定要加上 fail_over_mac = 1
sed -i '/BONDING_OPTS/d' ifcfg-bond1 echo 'BONDING_OPTS="miimon=100 mode=1 fail_over_mac=1"' >> ifcfg-bond1
重启网络
[root@192.168.118.11 /etc/sysconfig/network-scripts]#systemctl restart network [root@192.168.118.11 /etc/sysconfig/network-scripts]#cat /proc/net/bonding/bond1 Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011) Bonding Mode: fault-tolerance (active-backup) (fail_over_mac active) Primary Slave: None Currently Active Slave: eth1 MII Status: up MII Polling Interval (ms): 100 Up Delay (ms): 0 Down Delay (ms): 0 Slave Interface: eth1 MII Status: up Speed: 1000 Mbps Duplex: full Link Failure Count: 0 Permanent HW addr: 00:0c:29:f4:f4:0f Slave queue ID: 0 Slave Interface: eth2 MII Status: up Speed: 1000 Mbps Duplex: full Link Failure Count: 0 Permanent HW addr: 00:0c:29:f4:f4:19 Slave queue ID: 0
成功实现了虚拟机装网卡绑定,测试和前一种方式一样。
3.1.3 通过 nmcli 命令实现网卡绑定,使用技术:team [ 在Centos 7 之后的版本推荐使用这种方式 ]
网卡信息及连接状态如下:
[root@192.168.118.11 ~]#nmcli dev DEVICE TYPE STATE CONNECTION eth0 ethernet connected System eth0 eth1 ethernet disconnected -- eth2 ethernet disconnected -- lo loopback unmanaged -- [root@192.168.118.11 ~]#nmcli con NAME UUID TYPE DEVICE System eth0 078df8ff-b848-4c23-b212-3213a74bc5d5 ethernet eth0
目前只有eth0 建立连接,通过nmcli 添加 team1
[root@192.168.118.11 ~]#nmcli con add type team ifname team1 con-name team1 config '{"runner":{"name":"activebackup", "hwaddr_policy":"by_active"}}'
ipv4.method manual ipv4.address 192.168.1.100/24 ipv4.gateway 192.168.1.1 ipv4.dns 114.114.114.114 Connection 'team1' (25434d73-0224-47e1-80f4-bbb3faae53fe) successfully added. [root@192.168.118.11 ~]#nmcli con add type team-slave ifname eth1 con-name team1-port1 master team1 Connection 'team1-port1' (c9e216c2-7668-487b-b6cd-e67631b8a3f9) successfully added. [root@192.168.118.11 ~]#nmcli con add type team-slave ifname eth2 con-name team1-port2 master team1 Connection 'team1-port2' (cf8d3150-b3e0-433c-8c4e-ba4feaa4bd6d) successfully added.
配置完毕,在虚拟机环境中一定要注意:"hwaddr_policy":"by_active" 这个参数意义和 fail_over_mac =1 是一致的,在虚拟机环境中必须添加上,否则网卡高可用失败。
查看网卡连接状态和绑定状态:
[root@192.168.118.11 ~]#nmcli con NAME UUID TYPE DEVICE System eth0 078df8ff-b848-4c23-b212-3213a74bc5d5 ethernet eth0 team1 25434d73-0224-47e1-80f4-bbb3faae53fe team team1 team1-port1 c9e216c2-7668-487b-b6cd-e67631b8a3f9 ethernet eth1 team1-port2 cf8d3150-b3e0-433c-8c4e-ba4feaa4bd6d ethernet eth2 [root@192.168.118.11 ~]#teamdctl team1 st setup: runner: activebackup ports: eth1 link watches: link summary: up instance[link_watch_0]: name: ethtool link: up down count: 0 eth2 link watches: link summary: up instance[link_watch_0]: name: ethtool link: up down count: 0 runner: active port: eth1
本次创建, 网卡直接建立了连接如果没有建立连接,也就是 nmcli con 查看 DEVICE 项没有物理网卡连接,则执行如下:
[root@192.168.118.11 ~]#nmcli con up team1-port1 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/74) [root@192.168.118.11 ~]#nmcli con up team1-port2 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/75) [root@192.168.118.11 ~]#nmcli con up team1 Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/76)
做完了如上配置,建议直接重启网卡查看是否有报错,或者无法连接的情况:
测试
直接通过 ifdown 掉正在使用的 eth1 网络仅仅延迟了不到1ms的时间就恢复了正常,现在查看网络绑定状态:
[root@192.168.118.11 ~]#teamdctl team1 st
setup:
runner: activebackup
ports:
eth2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
runner:
active port: eth2
活动网卡已经切换到 eth2 ,重启 eth1
[root@192.168.118.11 ~]#ifup eth1 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/87) [root@192.168.118.11 ~]#teamdctl team1 st setup: runner: activebackup ports: eth1 link watches: link summary: up instance[link_watch_0]: name: ethtool link: up down count: 0 eth2 link watches: link summary: up instance[link_watch_0]: name: ethtool link: up down count: 0 runner: active port: eth2
启动 eth1 以后,活动网卡依然是 eth2 ,而 eth1 则成为备用网卡。
3.1.4 总结
三种方式:
- 手动配置 - bonding
- nmcli 配置 - bonding
- nmcli 配置 - team
在 Centos 7 以后的版本建议使用 nmcli - team 的方式,简便,更易管理和查看。
在虚拟机的环境中,使用 bond 和 team 都只能实现 mode-1模式的故障切换。
- bond 虚拟机中必要参数: fail_over_mac=1
- team 虚拟机中必要参数:"hwaddr_policy":"by_active"
3.2 物理机网卡绑定
[此部分在真机测试后补充...]