虚拟机Linux设置网卡配置优先级(设置让第二块网卡优先通信)
linux设置让第二块网卡优先通信
在搭建Openstack的时候,设置双网卡通信,一块管理内部网络,一块用来访问外网,eno16777736第一块网卡是仅主机模式,eno33554984第二块网卡是nat模式,那么我在做实验的时候,希望虚拟机通过第二块网卡访问外网,去获取官网上的yum源。
这里可以看到,我们用CRT链接上两块网卡都配置了IP地址。
接着我们用ping命令ping外网进行测试,ping -I 参数(大写的i)是使用指定的网络接口送出数据包。
[root@controller ~]# ping -I eno16777736 www.baidu.com
PING www.a.shifen.com (14.215.177.38) from 192.168.100.10 eno16777736: 56(84) bytes of data.
From controller (192.168.100.10) icmp_seq=1 Destination Host Unreachable
From controller (192.168.100.10) icmp_seq=2 Destination Host Unreachable
From controller (192.168.100.10) icmp_seq=3 Destination Host Unreachable
From controller (192.168.100.10) icmp_seq=4 Destination Host Unreachable
^C
--- www.a.shifen.com ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3001ms
pipe 4
[root@controller ~]# ping -I eno33554984 www.baidu.com
PING www.a.shifen.com (14.215.177.38) from 192.168.200.137 eno33554984: 56(84) bytes of data.
^C
--- www.a.shifen.com ping statistics ---
20 packets transmitted, 0 received, 100% packet loss, time 19001ms
[root@controller ~]# ping -I 192.168.100.10 www.baidu.com
PING www.a.shifen.com (14.215.177.39) from 192.168.100.10 : 56(84) bytes of data.
From controller (192.168.100.10) icmp_seq=1 Destination Host Unreachable
From controller (192.168.100.10) icmp_seq=2 Destination Host Unreachable
From controller (192.168.100.10) icmp_seq=3 Destination Host Unreachable
From controller (192.168.100.10) icmp_seq=4 Destination Host Unreachable
^C
--- www.a.shifen.com ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 2999ms
pipe 4
[root@controller ~]# ping -I 192.168.200.137 www.baidu.com
PING www.a.shifen.com (14.215.177.38) from 192.168.200.137 : 56(84) bytes of data.
From 192.168.200.137 icmp_seq=1 Destination Host Unreachable
From 192.168.200.137 icmp_seq=2 Destination Host Unreachable
From 192.168.200.137 icmp_seq=3 Destination Host Unreachable
From 192.168.200.137 icmp_seq=4 Destination Host Unreachable
^C
--- www.a.shifen.com ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 23133ms
pipe 4
可以看到,我们结果返回是(Destination Host Unreachable)目的主机不可达。接着我们分析一下主机路由信息。注意:如果没有相关命令的可能需要安装相应的包, yum -y install net-tools,没有网络可以尝试用本地yum源。可以看到第一块网卡eno16777736,Metric值是100,第二块网卡eno33554984,Metric值是101,metric值是同种路由协议用于选择最优路由的参数,一般值越小越优 ,所以无论我们用哪块网卡发送出数据包,路由匹配都会有优先匹配第一块网卡,而第一块网卡是仅主机,是无法实现对外界通信的。
[root@controller ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.100.2 0.0.0.0 UG 100 0 0 eno16777736
0.0.0.0 192.168.200.2 0.0.0.0 UG 101 0 0 eno33554984
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777736
192.168.200.0 0.0.0.0 255.255.255.0 U 100 0 0 eno33554984
[root@controller ~]# ip route
default via 192.168.100.2 dev eno16777736 proto static metric 100
default via 192.168.200.2 dev eno33554984 proto static metric 101
192.168.100.0/24 dev eno16777736 proto kernel scope link src 192.168.100.10 metric 100
192.168.200.0/24 dev eno33554984 proto kernel scope link src 192.168.200.137 metric 100
那么我们可以通过修改网卡配置文件的优先级参数或者修改路由条目的优先级参数来调整优先级,使得虚拟机通过第二块网卡nat对外界进行通信。我们在第一块网卡中添加IPV4_ROUTE_METRIC=102参数来调整优先级。
第一种方法
[root@controller ~]# vi /etc/sysconfig/network-scripts/ifcfg-eno16777736
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_ROUTE_METRIC=102
IPV4_FAILURE_FATAL=no
NAME=eno16777736
UUID=27c297ad-4af8-498d-beb8-489ce31ee11a
DEVICE=eno16777736
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0
GATEWAY=192.168.100.2
DNS1=114.114.114.114
[root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno33554984
TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
NAME=eno33554984
UUID=972007d4-6831-4d5f-be0e-b6e3f7b13cc7
DEVICE=eno33554984
ONBOOT=yes
DNS1=114.114.114.114
[root@controller ~]# systemctl restart network
[root@controller ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.100.2 0.0.0.0 UG 102 0 0 eno16777736
0.0.0.0 192.168.200.2 0.0.0.0 UG 101 0 0 eno33554984
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777736
192.168.200.0 0.0.0.0 255.255.255.0 U 100 0 0 eno33554984
第二种方法(需要注意的是这种方法在重启网卡后会失效)
[root@controller ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.100.2 0.0.0.0 UG 100 0 0 eno16777736
0.0.0.0 192.168.200.2 0.0.0.0 UG 101 0 0 eno33554984
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777736
192.168.200.0 0.0.0.0 255.255.255.0 U 100 0 0 eno33554984
[root@controller ~]# ip route del default via 192.168.100.2 dev eno16777736
[root@controller ~]# ip route add default via 192.168.100.2 dev eno16777736 metric 102
[root@controller ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.200.2 0.0.0.0 UG 101 0 0 eno33554984
0.0.0.0 192.168.100.2 0.0.0.0 UG 102 0 0 eno16777736
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777736
192.168.200.0 0.0.0.0 255.255.255.0 U 100 0 0 eno33554984
[root@controller ~]# ping www.baidu.com
PING www.a.shifen.com (14.215.177.38) 56(84) bytes of data.
64 bytes from 14.215.177.38: icmp_seq=1 ttl=128 time=9.20 ms
64 bytes from 14.215.177.38: icmp_seq=2 ttl=128 time=9.37 ms
64 bytes from 14.215.177.38: icmp_seq=3 ttl=128 time=9.53 ms
64 bytes from 14.215.177.38: icmp_seq=4 ttl=128 time=9.05 ms
^C
--- www.a.shifen.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 9.056/9.293/9.537/0.216 ms
这里我们再用ping命令测试一下,发现可以进行外网的通信了
[root@controller ~]# ping -I 192.168.100.10 www.baidu.com
PING www.a.shifen.com (14.215.177.38) from 192.168.100.10 : 56(84) bytes of data.
64 bytes from 14.215.177.38: icmp_seq=1 ttl=128 time=9.86 ms
64 bytes from 14.215.177.38: icmp_seq=2 ttl=128 time=10.3 ms
64 bytes from 14.215.177.38: icmp_seq=3 ttl=128 time=9.87 ms
^C
--- www.a.shifen.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 9.863/10.038/10.379/0.241 ms
[root@controller ~]# ping -I 192.168.200.137 www.baidu.com
PING www.a.shifen.com (14.215.177.38) from 192.168.200.137 : 56(84) bytes of data.
64 bytes from 14.215.177.38: icmp_seq=1 ttl=128 time=10.0 ms
64 bytes from 14.215.177.38: icmp_seq=2 ttl=128 time=10.2 ms
64 bytes from 14.215.177.38: icmp_seq=3 ttl=128 time=9.84 ms
64 bytes from 14.215.177.38: icmp_seq=4 ttl=128 time=10.0 ms
^C
--- www.a.shifen.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 9.844/10.039/10.209/0.166 ms
[root@controller ~]# ping -I eno16777736 www.baidu.com
PING www.a.shifen.com (14.215.177.38) from 192.168.100.10 eno16777736: 56(84) bytes of data.
From controller (192.168.100.10) icmp_seq=1 Destination Host Unreachable
From controller (192.168.100.10) icmp_seq=2 Destination Host Unreachable
From controller (192.168.100.10) icmp_seq=3 Destination Host Unreachable
From controller (192.168.100.10) icmp_seq=4 Destination Host Unreachable
^C
--- www.a.shifen.com ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3000ms
pipe 4
[root@controller ~]# ping -I eno33554984 www.baidu.com
PING www.a.shifen.com (14.215.177.38) from 192.168.200.137 eno33554984: 56(84) bytes of data.
64 bytes from 14.215.177.38: icmp_seq=1 ttl=128 time=9.53 ms
64 bytes from 14.215.177.38: icmp_seq=2 ttl=128 time=9.70 ms
64 bytes from 14.215.177.38: icmp_seq=3 ttl=128 time=10.3 ms
64 bytes from 14.215.177.38: icmp_seq=4 ttl=128 time=9.19 ms
^C
--- www.a.shifen.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 9.194/9.689/10.323/0.426 ms
补充说明,在实验环境中其实仅主机模式可以不用配置网关,这样的话直接默认只有第二块网卡的路由对外界进行通信,但是在实际生产环境中,管理网络和业务网络都是需要网关的。
[root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno16777736
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
#IPV4_ROUTE_METRIC=102
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777736
UUID=27c297ad-4af8-498d-beb8-489ce31ee11a
DEVICE=eno16777736
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0
#GATEWAY=192.168.100.2
#DNS1=114.114.114.114
[root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno33554984
TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno33554984
UUID=972007d4-6831-4d5f-be0e-b6e3f7b13cc7
DEVICE=eno33554984
ONBOOT=yes
DNS1=114.114.114.114
[root@controller ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.200.2 0.0.0.0 UG 100 0 0 eno33554984
192.168.100.0 0.0.0.0 255.255.255.0 U 100 0 0 eno16777736
192.168.200.0 0.0.0.0 255.255.255.0 U 100 0 0 eno33554984
[root@controller ~]# ping www.baidu.com
PING www.a.shifen.com (14.215.177.39) 56(84) bytes of data.
64 bytes from 14.215.177.39: icmp_seq=1 ttl=128 time=8.20 ms
64 bytes from 14.215.177.39: icmp_seq=2 ttl=128 time=8.25 ms
64 bytes from 14.215.177.39: icmp_seq=3 ttl=128 time=8.12 ms
64 bytes from 14.215.177.39: icmp_seq=4 ttl=128 time=8.08 ms
^C
--- www.a.shifen.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 8.081/8.165/8.252/0.129 ms
- 写在最后的疑问,ping命令-I 参数,为什么用ping -I 192.168.100.10 www.baidu.com 可以ping通外网?在未配置优先级之前ping -I eno33554984 www.baidu.com ,为什么一直得不到回显请求的参数?
更多推荐
所有评论(0)