linux 网卡配置 vlan/bond/bridge/macvlan/ipvlan/macvtap 模式

linux 网卡模式

linux网卡支持非vlan模式、vlan模式、bond模式、bridge模式，macvlan模式、ipvlan模式等，下面介绍互换机端及服务器端配置示例。
前置要求：

• 预备一台物理互换机，以 H3C S5130 三层互换机为例
  
• 预备一台物理服务器，以 Ubuntu 22.04 LTS 操作体系为例
  

互换机创建2个示例VLAN，vlan10和vlan20，及VLAN接口。

1. <H3C>system-view
3. [H3C]vlan 10 20
5. [H3C]interface Vlan-interface 10
6. [H3C-Vlan-interface10]ip address 172.16.10.1 24
7. [H3C-Vlan-interface10]undo shutdown
8. [H3C-Vlan-interface10]exit
9. [H3C]
11. [H3C]interface Vlan-interface 20
12. [H3C-Vlan-interface20]ip address 172.16.20.1 24
13. [H3C-Vlan-interface20]undo  shutdown
14. [H3C-Vlan-interface20]exit
15. [H3C]

复制代码

网卡非vlan模式

网卡非vlan模式，一样平常直接配置IP地点，对端上连互换机配置为access口，access口一样平常用于连接纯物理服务器或办公终端设备。
示意图如下

互换机配置，互换机接口配置为access模式，并参加对应vlan

1. <H3C>system-view
2. [H3C]interface GigabitEthernet 1/0/1
3. [H3C-GigabitEthernet1/0/1]port link-type access
4. [H3C-GigabitEthernet1/0/1]port access vlan 10
5. [H3C-GigabitEthernet1/0/1]exit
6. [H3C]
7. [H3C]interface GigabitEthernet 1/0/2
8. [H3C-GigabitEthernet1/0/2]port link-type access
9. [H3C-GigabitEthernet1/0/2]port access vlan 20
10. [H3C-GigabitEthernet1/0/2]exit
11. [H3C]

复制代码

服务器1配置，服务器网卡直接配置IP地点

1. root@server1:~# cat /etc/netplan/00-installer-config.yaml
2. network:
3.   ethernets:
4.     enp1s0:
5.       dhcp4: false
6.       addresses:
7.         - 172.16.10.10/24
8.       nameservers:
9.         addresses:
10.           - 223.5.5.5
11.           - 223.6.6.6
12.       routes:
13.         - to: default
14.           via: 172.16.10.1
15.   version: 2

复制代码

服务器2配置，服务器网卡直接配置IP地点

1. root@server2:~# cat /etc/netplan/00-installer-config.yaml
2. network:
3.   ethernets:
4.     enp1s0:
5.       dhcp4: false
6.       addresses:
7.         - 172.16.20.10/24
8.       nameservers:
9.         addresses:
10.           - 223.5.5.5
11.           - 223.6.6.6
12.       routes:
13.         - to: default
14.           via: 172.16.20.1
15.   version: 2

复制代码

应用网卡配置

1. netplan apply

复制代码

查看服务器接口信息

1. root@server1:~# ip a
2. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
3.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4.     inet 127.0.0.1/8 scope host lo
5.        valid_lft forever preferred_lft forever
6.     inet6 ::1/128 scope host
7.        valid_lft forever preferred_lft forever
8. 2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
9.     link/ether 7c:b5:9b:59:0a:71 brd ff:ff:ff:ff:ff:ff
10.     inet 172.16.10.10/24 brd 172.16.10.255 scope global enp1s0
11.        valid_lft forever preferred_lft forever
12.     inet6 fe80::7eb5:9bff:fe59:a71/64 scope link
13.        valid_lft forever preferred_lft forever

复制代码

通过server1 ping server2测试连通性，三层互换机支持路由功能，可以或许打通二层隔离的vlan网段。

1. root@server1:~# ping 172.16.20.10 -c 4
2. PING 172.16.20.10 (172.16.20.10) 56(84) bytes of data.
3. 64 bytes from 172.16.20.10: icmp_seq=1 ttl=64 time=0.033 ms
4. 64 bytes from 172.16.20.10: icmp_seq=2 ttl=64 time=0.048 ms
5. 64 bytes from 172.16.20.10: icmp_seq=3 ttl=64 time=0.048 ms
6. 64 bytes from 172.16.20.10: icmp_seq=4 ttl=64 time=0.047 ms
8. --- 172.16.20.10 ping statistics ---
9. 4 packets transmitted, 4 received, 0% packet loss, time 3061ms
10. rtt min/avg/max/mdev = 0.033/0.044/0.048/0.006 ms

复制代码

网卡vlan模式

vlan模式下，对端上连互换机须要配置为trunk口，允许多个vlan通过。
示意图如下

互换机配置，互换机须要配置为trunk口，允许多个vlan通过

1. H3C>system-view
2. [H3C]interface GigabitEthernet 1/0/1
3. [H3C-GigabitEthernet1/0/1]port link-type trunk
4. [H3C-GigabitEthernet1/0/1]port trunk permit vlan 10 20
5. [H3C-GigabitEthernet1/0/1]exit
6. [H3C]

复制代码

服务器配置，服务器须要配置vlan子接口

1. root@server1:~# cat /etc/netplan/00-installer-config.yaml
2. network:
3.   ethernets:
4.     enp1s0:
5.       dhcp4: true
6.   vlans:
7.     vlan10:
8.       id: 10
9.       link: enp1s0
10.       addresses: [ "172.16.10.10/24" ]
11.       routes:
12.         - to: default
13.           via: 172.16.10.1
14.           metric: 200
15.     vlan20:
16.       id: 20
17.       link: enp1s0
18.       addresses: [ "172.16.20.10/24" ]
19.       routes:
20.         - to: default
21.           via: 172.16.20.1
22.           metric: 300
23.   version: 2

复制代码

查看接口信息，新建了两个vlan子接口vlan10和vlan20

1. root@server1:~# ip a
2. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
3.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4.     inet 127.0.0.1/8 scope host lo
5.        valid_lft forever preferred_lft forever
6.     inet6 ::1/128 scope host
7.        valid_lft forever preferred_lft forever
8. 2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
9.     link/ether 7c:b5:9b:59:0a:71 brd ff:ff:ff:ff:ff:ff
10.     inet6 fe80::7eb5:9bff:fe59:a71/64 scope link
11.        valid_lft forever preferred_lft forever
12. 10: vlan10@enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
13.     link/ether 7c:b5:9b:59:0a:71 brd ff:ff:ff:ff:ff:ff
14.     inet 172.16.10.10/24 brd 172.16.10.255 scope global vlan10
15.        valid_lft forever preferred_lft forever
16.     inet6 fe80::7eb5:9bff:fe59:a71/64 scope link
17.        valid_lft forever preferred_lft forever
18. 11: vlan20@enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
19.     link/ether 7c:b5:9b:59:0a:71 brd ff:ff:ff:ff:ff:ff
20.     inet 172.16.20.10/24 brd 172.16.20.255 scope global vlan20
21.        valid_lft forever preferred_lft forever
22.     inet6 fe80::7eb5:9bff:fe59:a71/64 scope link
23.        valid_lft forever preferred_lft forever

复制代码

通过vlan10 和 vlan20测试与网关连通性

1. root@server1:~# ping 172.16.10.1 -c 4
2. PING 172.16.10.1 (172.16.10.1) 56(84) bytes of data.
3. 64 bytes from 172.16.10.1: icmp_seq=1 ttl=64 time=0.033 ms
4. 64 bytes from 172.16.10.1: icmp_seq=2 ttl=64 time=0.048 ms
5. 64 bytes from 172.16.10.1: icmp_seq=3 ttl=64 time=0.048 ms
6. 64 bytes from 172.16.10.1: icmp_seq=4 ttl=64 time=0.047 ms
8. --- 172.16.10.1 ping statistics ---
9. 4 packets transmitted, 4 received, 0% packet loss, time 3061ms
10. rtt min/avg/max/mdev = 0.033/0.044/0.048/0.006 ms
11. root@server1:~#
12. root@server1:~# ping 172.16.20.1 -c 4
13. PING 172.16.20.1 (172.16.20.1) 56(84) bytes of data.
14. 64 bytes from 172.16.20.1: icmp_seq=1 ttl=64 time=0.033 ms
15. 64 bytes from 172.16.20.1: icmp_seq=2 ttl=64 time=0.048 ms
16. 64 bytes from 172.16.20.1: icmp_seq=3 ttl=64 time=0.048 ms
17. 64 bytes from 172.16.20.1: icmp_seq=4 ttl=64 time=0.047 ms
19. --- 172.16.20.1 ping statistics ---
20. 4 packets transmitted, 4 received, 0% packet loss, time 3061ms
21. rtt min/avg/max/mdev = 0.033/0.044/0.048/0.006 ms

复制代码

网卡bond模式

bond模式下，对端互换机须要配置bond聚合口。
示意图如下

互换机配置，配置动态链路聚合，将端口g1/0/1和g1/0/3参加聚合组。然后将bond口配置为trunk模式。

1. <H3C>system-view
2. [H3C]interface Bridge-Aggregation 1
3. [H3C-Bridge-Aggregation1]link-aggregation mode dynamic
4. [H3C-Bridge-Aggregation1]quit
6. [H3C]interface GigabitEthernet 1/0/1
7. [H3C-GigabitEthernet1/0/1]port link-aggregation group 1
8. [H3C-GigabitEthernet1/0/1]exit
10. [H3C]interface GigabitEthernet 1/0/3
11. [H3C-GigabitEthernet1/0/3]port link-aggregation group 1
12. [H3C-GigabitEthernet1/0/3]exit
14. [H3C]interface Bridge-Aggregation 1
15. [H3C-Bridge-Aggregation1]port link-type trunk
16. [H3C-Bridge-Aggregation1]port trunk permit vlan 10 20
17. [H3C-Bridge-Aggregation1]exit

复制代码

服务器配置

1. root@server1:~# cat /etc/netplan/00-installer-config.yaml
2. network:
3.   version: 2
4.   ethernets:
5.     enp1s0:
6.       dhcp4: no
7.     enp2s0:
8.       dhcp4: no
9.   bonds:
10.     bond0:
11.       interfaces:
12.         - enp1s0
13.         - enp2s0
14.       parameters:
15.         mode: 802.3ad
16.         lacp-rate: fast
17.         mii-monitor-interval: 100
18.         transmit-hash-policy: layer2+3
19.   vlans:
20.     vlan10:
21.       id: 10
22.       link: bond0
23.       addresses: [ "172.16.10.10/24" ]
24.       routes:
25.         - to: default
26.           via: 172.16.10.1
27.           metric: 200
28.     vlan20:
29.       id: 20
30.       link: bond0
31.       addresses: [ "172.16.20.10/24" ]
32.       routes:
33.         - to: default
34.           via: 172.16.20.1
35.           metric: 300

复制代码

查看网卡信息，新建了bond0网口，而且基于bond0网口创建了两个vlan子接口vlan10和vlan20，enp1s0和enp2s0体现master bond0，阐明两个网卡属于bond0成员接口。

1. root@server1:~# ip a
2. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
3.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4.     inet 127.0.0.1/8 scope host lo
5.        valid_lft forever preferred_lft forever
6.     inet6 ::1/128 scope host
7.        valid_lft forever preferred_lft forever
8. 2: enp1s0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
9.     link/ether ae:fd:60:48:84:1a brd ff:ff:ff:ff:ff:ff permaddr 7c:b5:9b:59:0a:71
10. 3: enp2s0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
11.     link/ether ae:fd:60:48:84:1a brd ff:ff:ff:ff:ff:ff permaddr e4:54:e8:dc:e5:88
12. 7: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
13.     link/ether ae:fd:60:48:84:1a brd ff:ff:ff:ff:ff:ff
14.     inet6 fe80::acfd:60ff:fe48:841a/64 scope link
15.        valid_lft forever preferred_lft forever
16. 8: vlan10@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
17.     link/ether ae:fd:60:48:84:1a brd ff:ff:ff:ff:ff:ff
18.     inet 172.16.10.10/24 brd 172.16.10.255 scope global vlan10
19.        valid_lft forever preferred_lft forever
20.     inet6 fe80::acfd:60ff:fe48:841a/64 scope link
21.        valid_lft forever preferred_lft forever
22. 9: vlan20@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
23.     link/ether ae:fd:60:48:84:1a brd ff:ff:ff:ff:ff:ff
24.     inet 172.16.20.10/24 brd 172.16.20.255 scope global vlan20
25.        valid_lft forever preferred_lft forever
26.     inet6 fe80::acfd:60ff:fe48:841a/64 scope link
27.        valid_lft forever preferred_lft forever

复制代码

查看bond状态，Bonding Mode体现为IEEE 802.3ad Dynamic link aggregation，而且下面Slave Interface体现了两个成员接口的信息。

1. root@server1:~# cat /proc/net/bonding/bond0
2. Ethernet Channel Bonding Driver: v5.15.0-60-generic
4. Bonding Mode: IEEE 802.3ad Dynamic link aggregation
5. Transmit Hash Policy: layer2+3 (2)
6. MII Status: up
7. MII Polling Interval (ms): 100
8. Up Delay (ms): 0
9. Down Delay (ms): 0
10. Peer Notification Delay (ms): 0
12. 802.3ad info
13. LACP active: on
14. LACP rate: fast
15. Min links: 0
16. Aggregator selection policy (ad_select): stable
17. System priority: 65535
18. System MAC address: ae:fd:60:48:84:1a
19. Active Aggregator Info:
20.         Aggregator ID: 1
21.         Number of ports: 2
22.         Actor Key: 9
23.         Partner Key: 1
24.         Partner Mac Address: fc:60:9b:35:ad:18
26. Slave Interface: enp1s0
27. MII Status: up
28. Speed: 1000 Mbps
29. Duplex: full
30. Link Failure Count: 2
31. Permanent HW addr: 7c:b5:9b:59:0a:71
32. Slave queue ID: 0
33. Aggregator ID: 1
34. Actor Churn State: none
35. Partner Churn State: none
36. Actor Churned Count: 0
37. Partner Churned Count: 0
38. details actor lacp pdu:
39.     system priority: 65535
40.     system mac address: ae:fd:60:48:84:1a
41.     port key: 9
42.     port priority: 255
43.     port number: 1
44.     port state: 63
45. details partner lacp pdu:
46.     system priority: 32768
47.     system mac address: fc:60:9b:35:ad:18
48.     oper key: 1
49.     port priority: 32768
50.     port number: 2
51.     port state: 61
53. Slave Interface: enp2s0
54. MII Status: up
55. Speed: 1000 Mbps
56. Duplex: full
57. Link Failure Count: 3
58. Permanent HW addr: e4:54:e8:dc:e5:88
59. Slave queue ID: 0
60. Aggregator ID: 1
61. Actor Churn State: none
62. Partner Churn State: none
63. Actor Churned Count: 0
64. Partner Churned Count: 0
65. details actor lacp pdu:
66.     system priority: 65535
67.     system mac address: ae:fd:60:48:84:1a
68.     port key: 9
69.     port priority: 255
70.     port number: 2
71.     port state: 63
72. details partner lacp pdu:
73.     system priority: 32768
74.     system mac address: fc:60:9b:35:ad:18
75.     oper key: 1
76.     port priority: 32768
77.     port number: 1
78.     port state: 61

复制代码

测试连通性，测试与互换机网关地点的连通性：

1. root@server1:~# ping 172.16.10.1 -c 4
2. PING 172.16.10.1 (172.16.10.1) 56(84) bytes of data.
3. 64 bytes from 172.16.10.1: icmp_seq=1 ttl=255 time=1.64 ms
4. 64 bytes from 172.16.10.1: icmp_seq=2 ttl=255 time=1.59 ms
5. 64 bytes from 172.16.10.1: icmp_seq=3 ttl=255 time=1.95 ms
6. 64 bytes from 172.16.10.1: icmp_seq=4 ttl=255 time=1.93 ms
8. --- 172.16.10.1 ping statistics ---
9. 4 packets transmitted, 4 received, 0% packet loss, time 3006ms
10. rtt min/avg/max/mdev = 1.589/1.776/1.953/0.165 ms
11. root@server1:~#

复制代码

关闭一个接口，再次测试连通性，依然可以或许ping通

1. root@server1:~# ip link set dev enp2s0 down
2. root@server1:~# ip link show enp2s0
3. 3: enp2s0: <BROADCAST,MULTICAST,SLAVE> mtu 1500 qdisc fq_codel master bond0 state DOWN mode DEFAULT group default qlen 1000
4.     link/ether ae:fd:60:48:84:1a brd ff:ff:ff:ff:ff:ff permaddr e4:54:e8:dc:e5:88
5. root@server1:~#
6. root@server1:~# ping 172.16.10.1 -c 4
7. PING 172.16.10.1 (172.16.10.1) 56(84) bytes of data.
8. 64 bytes from 172.16.10.1: icmp_seq=1 ttl=255 time=1.54 ms
9. 64 bytes from 172.16.10.1: icmp_seq=2 ttl=255 time=1.64 ms
10. 64 bytes from 172.16.10.1: icmp_seq=3 ttl=255 time=2.73 ms
11. 64 bytes from 172.16.10.1: icmp_seq=4 ttl=255 time=1.47 ms
13. --- 172.16.10.1 ping statistics ---
14. 4 packets transmitted, 4 received, 0% packet loss, time 3006ms
15. rtt min/avg/max/mdev = 1.470/1.844/2.732/0.516 ms

复制代码

网卡桥接模式

桥接模式下，对端互换机可配置access模式或trunk模式。
示意图如下

互换机配置，互换机接口配置为access模式为例，并参加对应vlan

1. <H3C>system-view
2. [H3C]interface GigabitEthernet 1/0/1
3. [H3C-GigabitEthernet1/0/1]port link-type access
4. [H3C-GigabitEthernet1/0/1]port access vlan 10
5. [H3C-GigabitEthernet1/0/1]exit
6. [H3C]

复制代码

服务器配置，物理网卡参加到网桥中，IP地点配置到网桥接口br0上。

1. root@server1:~# cat /etc/netplan/00-installer-config.yaml
2. network:
3.   version: 2
4.   ethernets:
5.     enp1s0:
6.       dhcp4: no
7.       dhcp6: no
8.   bridges:
9.     br0:
10.       interfaces: [enp1s0]
11.       addresses: [172.16.10.10/24]
12.       routes:
13.       - to: default
14.         via: 172.16.10.1
15.         metric: 100
16.         on-link: true
17.       mtu: 1500
18.       nameservers:
19.         addresses:
20.           - 223.5.5.5
21.           - 223.6.6.6
22.       parameters:
23.         stp: true
24.         forward-delay: 4

复制代码

查看网卡信息

1. root@server1:~# ip a
2. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
3.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4.     inet 127.0.0.1/8 scope host lo
5.        valid_lft forever preferred_lft forever
6.     inet6 ::1/128 scope host
7.        valid_lft forever preferred_lft forever
8. 2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
9.     link/ether 7c:b5:9b:59:0a:71 brd ff:ff:ff:ff:ff:ff
10. 12: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
11.     link/ether 0e:d0:7e:31:9c:74 brd ff:ff:ff:ff:ff:ff
12.     inet 172.16.10.10/24 brd 172.16.10.255 scope global br0
13.        valid_lft forever preferred_lft forever
14.     inet6 fe80::cd0:7eff:fe31:9c74/64 scope link
15.        valid_lft forever preferred_lft forever

复制代码

查看网桥及接口，当前网桥上只有一个物理接口enp1s0。

1. root@server1:~# apt install -y bridge-utils
2. root@ubuntu:~# brctl show
3. bridge name     bridge id               STP enabled     interfaces
4. br0             8000.0ed07e319c74       yes             enp1s0
5. root@server1:~#

复制代码

这样在KVM捏造化情况，捏造机实例连接到网桥后，捏造机可以配置与物理网卡类似网段的IP地点。访问捏造机可以像访问物理机一样方便。
网卡macvlan模式

macvlan(MAC Virtual LAN)是Linux内核提供的一种网络捏造化技术，它允许在一个物理网卡接口上创建多个捏造网卡接口，每个捏造接口都有自己独立的MAC地点，也可以配置上 IP 地点进行通信。Macvlan 下的捏造机或者容器网络和主机在同一个网段中，共享同一个广播域。
macvlan模式下，对端互换机可配置access模式或trunk模式，trunk模式下macvlan可以或许与vlan很好的结合使用。
示意图如下：

macvlan IP模式

该模式下，上连互换机接口配置为access模式，服务器macvlan主网卡和子接口直接配置类似网段的IP地点。
互换机配置

1. <H3C>system-view
2. [H3C]interface GigabitEthernet 1/0/1
3. [H3C-GigabitEthernet1/0/1]port link-type access
4. [H3C-GigabitEthernet1/0/1]port access vlan 10
5. [H3C-GigabitEthernet1/0/1]exit

复制代码

服务器配置，macvlan支持多种模式，这里使用bridge模式，并长期化配置

1. cat >/etc/networkd-dispatcher/routable.d/10-macvlan-interfaces.sh<<EOF
2. #! /bin/bash
3. ip link add macvlan0 link enp1s0 type macvlan mode bridge
4. ip link add macvlan1 link enp1s0 type macvlan mode bridge
5. EOF
7. chmod o+x,g+x,u+x /etc/networkd-dispatcher/routable.d/10-macvlan-interfaces.sh

复制代码

配置netplan

1. root@server1:~# cat /etc/netplan/00-installer-config.yaml
2. network:
3.   ethernets:
4.     enp1s0:
5.       dhcp4: false
6.       addresses:
7.         - 172.16.10.10/24
8.       nameservers:
9.         addresses:
10.           - 223.5.5.5
11.           - 223.6.6.6
12.       routes:
13.         - to: default
14.           via: 172.16.10.1
15.     macvlan0:
16.       addresses:
17.         - 172.16.10.11/24
18.     macvlan1:
19.       addresses:
20.         - 172.16.10.12/24
21.   version: 2

复制代码

应用网卡配置

1. netplan apply

复制代码

查看网卡信息，新建了两个macvlan接口，IP地点与主网卡位于同一网段，而且每个接口都有独立的MAC地点。

1. root@server1:~# ip a
2. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
3.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4.     inet 127.0.0.1/8 scope host lo
5.        valid_lft forever preferred_lft forever
6.     inet6 ::1/128 scope host
7.        valid_lft forever preferred_lft forever
8. 2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
9.     link/ether 7c:b5:9b:59:0a:71 brd ff:ff:ff:ff:ff:ff
10.     inet 172.16.10.10/24 brd 172.16.10.255 scope global enp1s0
11.        valid_lft forever preferred_lft forever
12. 13: macvlan0@enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
13.     link/ether 32:e8:b4:0a:47:62 brd ff:ff:ff:ff:ff:ff
14.     inet 172.16.10.11/24 brd 172.16.10.255 scope global macvlan0
15.        valid_lft forever preferred_lft forever
16.     inet6 fe80::30e8:b4ff:fe0a:4762/64 scope link
17.        valid_lft forever preferred_lft forever
18. 14: macvlan1@enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
19.     link/ether d2:73:75:14:b2:04 brd ff:ff:ff:ff:ff:ff
20.     inet 172.16.10.12/24 brd 172.16.10.255 scope global macvlan1
21.        valid_lft forever preferred_lft forever
22.     inet6 fe80::d073:75ff:fe14:b204/64 scope link
23.        valid_lft forever preferred_lft forever

复制代码

测试与网关的连通性

1. root@server1:~# ping -c 3 172.16.10.1
2. PING 172.16.10.1 (172.16.10.1) 56(84) bytes of data.
3. 64 bytes from 172.16.10.1: icmp_seq=1 ttl=255 time=3.60 ms
4. 64 bytes from 172.16.10.1: icmp_seq=2 ttl=255 time=1.45 ms
5. 64 bytes from 172.16.10.1: icmp_seq=3 ttl=255 time=1.44 ms
7. --- 172.16.10.1 ping statistics ---
8. 3 packets transmitted, 3 received, 0% packet loss, time 2004ms
9. rtt min/avg/max/mdev = 1.441/2.163/3.602/1.017 ms
10. root@server1:~#

复制代码

macvlan vlan模式

该模式下，上连互换机接口配置为trunk模式，服务器macvlan主网卡不配置IP地点，每个macvlan子接口配置为差别的vlan子接口。
互换机配置

1. <H3C>system-view
2. [H3C]interface GigabitEthernet 1/0/1
3. [H3C-GigabitEthernet1/0/3]port link-type trunk
4. [H3C-GigabitEthernet1/0/3]port trunk permit vlan 10 20
5. [H3C-GigabitEthernet1/0/1]exit
6. [H3C]

复制代码

服务器配置，macvlan支持多种模式，这里使用bridge模式，并长期化配置

1. cat >/etc/networkd-dispatcher/routable.d/10-macvlan-interfaces.sh<<EOF
2. #! /bin/bash
3. ip link add macvlan0 link enp1s0 type macvlan mode bridge
4. ip link add macvlan1 link enp1s0 type macvlan mode bridge
5. EOF
7. chmod o+x,g+x,u+x /etc/networkd-dispatcher/routable.d/10-macvlan-interfaces.sh

复制代码

配置netplan，两个macvlan接口macvlan0和macvlan1分别配置vlan子接口vlan10和vlan20。

1. root@ubuntu:~# cat /etc/netplan/00-installer-config.yaml
2. network:
3.   ethernets:
4.     enp1s0:
5.       dhcp4: false
6.     macvlan0:
7.       dhcp4: false
8.     macvlan1:
9.       dhcp4: false
10.   vlans:
11.     vlan10:
12.       id: 10
13.       link: macvlan0
14.       addresses: [ "172.16.10.10/24" ]
15.       routes:
16.         - to: default
17.           via: 172.16.10.1
18.           metric: 200
19.     vlan20:
20.       id: 20
21.       link: macvlan1
22.       addresses: [ "172.16.20.10/24" ]
23.       routes:
24.         - to: default
25.           via: 172.16.20.1
26.           metric: 300
27.   version: 2

复制代码

应用网卡配置

1. netplan apply

复制代码

查看网卡信息，新建了两个macvlan接口，以及对应的两个vlan子接口。

1. root@server1:~# ip a
2. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
3.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4.     inet 127.0.0.1/8 scope host lo
5.        valid_lft forever preferred_lft forever
6.     inet6 ::1/128 scope host
7.        valid_lft forever preferred_lft forever
8. 2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
9.     link/ether 7c:b5:9b:59:0a:71 brd ff:ff:ff:ff:ff:ff
10.     inet6 fe80::7eb5:9bff:fe59:a71/64 scope link
11.        valid_lft forever preferred_lft forever
12. 11: macvlan0@enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
13.     link/ether 32:e8:b4:0a:47:62 brd ff:ff:ff:ff:ff:ff
14.     inet6 fe80::30e8:b4ff:fe0a:4762/64 scope link
15.        valid_lft forever preferred_lft forever
16. 12: macvlan1@enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
17.     link/ether d2:73:75:14:b2:04 brd ff:ff:ff:ff:ff:ff
18.     inet6 fe80::d073:75ff:fe14:b204/64 scope link
19.        valid_lft forever preferred_lft forever
20. 13: vlan10@macvlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
21.     link/ether 32:e8:b4:0a:47:62 brd ff:ff:ff:ff:ff:ff
22.     inet 172.16.10.10/24 brd 172.16.10.255 scope global vlan10
23.        valid_lft forever preferred_lft forever
24.     inet6 fe80::30e8:b4ff:fe0a:4762/64 scope link
25.        valid_lft forever preferred_lft forever
26. 14: vlan20@macvlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
27.     link/ether d2:73:75:14:b2:04 brd ff:ff:ff:ff:ff:ff
28.     inet 172.16.20.10/24 brd 172.16.20.255 scope global vlan20
29.        valid_lft forever preferred_lft forever
30.     inet6 fe80::d073:75ff:fe14:b204/64 scope link
31.        valid_lft forever preferred_lft forever

复制代码

测试两个VLAN接口与外部网关的连通性

1. root@server1:~# ping -c 3 172.16.10.1
2. PING 172.16.10.1 (172.16.10.1) 56(84) bytes of data.
3. 64 bytes from 172.16.10.1: icmp_seq=1 ttl=255 time=3.60 ms
4. 64 bytes from 172.16.10.1: icmp_seq=2 ttl=255 time=1.45 ms
5. 64 bytes from 172.16.10.1: icmp_seq=3 ttl=255 time=1.44 ms
7. --- 172.16.10.1 ping statistics ---
8. 3 packets transmitted, 3 received, 0% packet loss, time 2004ms
9. rtt min/avg/max/mdev = 1.441/2.163/3.602/1.017 ms
10. root@server1:~#
11. root@server1:~# ping -c 3 172.16.20.1 PING 172.16.20.1 (172.16.20.1) 56(84) bytes of data.64 bytes from 172.16.20.1: icmp_seq=1 ttl=255 time=1.35 ms64 bytes from 172.16.20.1: icmp_seq=2 ttl=255 time=1.48 ms64 bytes from 172.16.20.1: icmp_seq=3 ttl=255 time=1.46 ms--- 172.16.20.1 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2004msrtt min/avg/max/mdev = 1.353/1.429/1.477/0.054 msroot@server1:~#

复制代码

网卡ipvlan模式

IPVLAN(IP Virtual LAN)是Linux内核提供的一种网络捏造化技术，它可以在一个物理网卡上创建多个捏造网卡接口，每个捏造接口都有自己独立的IP地点。
IPVLAN和macvlan类似，都是从一个主机接口捏造出多个捏造网络接口。唯一比较大的区别就是ipvlan捏造出的子接口都有类似的mac地点（与物理接口共用同个mac地点），但可配置差别的ip地点。
ipvlan模式下，对端互换机也可以配置access模式或trunk模式，trunk模式下ipvlan可以或许与vlan很好的结合使用。
示意图如下

互换机配置

1. <H3C>system-view
2. [H3C]interface GigabitEthernet 1/0/1
3. [H3C-GigabitEthernet1/0/1]port link-type access
4. [H3C-GigabitEthernet1/0/1]port access vlan 10
5. [H3C-GigabitEthernet1/0/1]exit
6. [H3C]

复制代码

服务器配置，ipvlan支持三种模式(l2、l3、l3s)，这里使用l3模式，并长期化配置

1. cat >/etc/networkd-dispatcher/routable.d/10-ipvlan-interfaces.sh<<EOF
2. #! /bin/bash
3. ip link add ipvlan0 link enp1s0 type ipvlan mode l3
4. ip link add ipvlan1 link enp1s0 type ipvlan mode l3
5. EOF
6. chmod o+x,g+x,u+x /etc/networkd-dispatcher/routable.d/10-ipvlan-interfaces.sh

复制代码

配置netplan

1. root@server1:~# cat /etc/netplan/00-installer-config.yaml
2. network:
3.   ethernets:
4.     enp1s0:
5.       dhcp4: false
6.       addresses:
7.         - 172.16.10.10/24
8.       nameservers:
9.         addresses:
10.           - 223.5.5.5
11.           - 223.6.6.6
12.       routes:
13.         - to: default
14.           via: 172.16.10.1
15.     ipvlan0:
16.       addresses:
17.         - 172.16.10.11/24
18.     ipvlan1:
19.       addresses:
20.         - 172.16.10.12/24
21.   version: 2

复制代码

应用网卡配置

1. netplan apply

复制代码

查看网卡信息，新建了两ipvlan接口，IP地点与主网卡位于同一网段，而且每个接口都有与主网卡类似的MAC地点。

1. root@server1:~# ip a
2. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
3.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4.     inet 127.0.0.1/8 scope host lo
5.        valid_lft forever preferred_lft forever
6.     inet6 ::1/128 scope host
7.        valid_lft forever preferred_lft forever
8. 2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
9.     link/ether 7c:b5:9b:59:0a:71 brd ff:ff:ff:ff:ff:ff
10.     inet 172.16.10.10/24 brd 172.16.10.255 scope global enp1s0
11.        valid_lft forever preferred_lft forever
12.     inet6 fe80::7eb5:9bff:fe59:a71/64 scope link
13.        valid_lft forever preferred_lft forever
14. 9: ipvlan0@enp1s0: <BROADCAST,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000    link/ether 7c:b5:9b:59:0a:71 brd ff:ff:ff:ff:ff:ff    inet 172.16.10.11/24 brd 172.16.10.255 scope global ipvlan0       valid_lft forever preferred_lft forever    inet6 fe80::7cb5:9b00:159:a71/64 scope link        valid_lft forever preferred_lft forever10: ipvlan1@enp1s0: <BROADCAST,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000    link/ether 7c:b5:9b:59:0a:71 brd ff:ff:ff:ff:ff:ff    inet 172.16.10.12/24 brd 172.16.10.255 scope global ipvlan1       valid_lft forever preferred_lft forever    inet6 fe80::7cb5:9b00:259:a71/64 scope link        valid_lft forever preferred_lft forever

复制代码

测试与网关的连通性

1. root@server1:~# ping -c 3 172.16.10.1
2. PING 172.16.10.1 (172.16.10.1) 56(84) bytes of data.
3. 64 bytes from 172.16.10.1: icmp_seq=1 ttl=255 time=3.60 ms
4. 64 bytes from 172.16.10.1: icmp_seq=2 ttl=255 time=1.45 ms
5. 64 bytes from 172.16.10.1: icmp_seq=3 ttl=255 time=1.44 ms
7. --- 172.16.10.1 ping statistics ---
8. 3 packets transmitted, 3 received, 0% packet loss, time 2004ms
9. rtt min/avg/max/mdev = 1.441/2.163/3.602/1.017 ms
10. root@server1:~#

复制代码

网卡 macvtap 模式

使用 bridge 使 KVM 捏造机可以或许进行外部通信的另一种替代方法是使用 Linux MacVTap 驱动步伐。当不想创建平常网桥，但希望本地网络中的用户访问捏造机时，可以使用 MacVTap。
与使用bridge 的一个主要区别是 MacVTap 直接连接到 KVM 主机中的网络接口。这种直接连接绕过了 KVM 主机中与连接和使用软件bridge 相关的大部门代码和组件，有效地缩短了代码路径。这种较短的代码路径通常会提高吞吐量并减少外部体系的耽误。
示意图如下：

互换机配置

1. <H3C>system-view
2. [H3C]interface GigabitEthernet 1/0/1
3. [H3C-GigabitEthernet1/0/1]port link-type access
4. [H3C-GigabitEthernet1/0/1]port access vlan 10
5. [H3C-GigabitEthernet1/0/1]exit

复制代码

主机网卡配置

1. root@server1:~# cat /etc/netplan/00-installer-config.yaml
2. # This is the network config written by 'subiquity'
3. network:
4.   ethernets:
5.     enp1s0:
6.       dhcp4: false
7.       addresses:
8.         - 172.16.10.10/24
9.       nameservers:
10.         addresses:
11.           - 223.5.5.5
12.           - 223.6.6.6
13.       routes:
14.         - to: default
15.           via: 192.168.137.2
16.   version: 2

复制代码

安装kvm捏造化情况，创建两个捏造机，指定从enp1s0主网卡分配mavtap子接口。

1. virt-install \
2.   --name vm1 \
3.   --vcpus 1 \
4.   --memory 2048 \
5.   --disk path=/var/lib/libvirt/images/vm1/jammy-server-cloudimg-amd64.img \
6.   --os-variant ubuntu22.04 \
7.   --noautoconsole \
8.   --import \
9.   --autostart \
10.   --network type=direct,source=enp1s0,source_mode=bridge,model=virtio
12. virt-install \
13.   --name vm2 \
14.   --vcpus 1 \
15.   --memory 2048 \
16.   --disk path=/var/lib/libvirt/images/vm2/jammy-server-cloudimg-amd64.img \
17.   --os-variant ubuntu22.04 \
18.   --noautoconsole \
19.   --import \
20.   --autostart \
21.   --network type=direct,source=enp1s0,source_mode=bridge,model=virtio

复制代码

查看网卡信息，新创建了两个macvtap接口

1. root@server1:~# ip a
2. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
3.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4.     inet 127.0.0.1/8 scope host lo
5.        valid_lft forever preferred_lft forever
6.     inet6 ::1/128 scope host
7.        valid_lft forever preferred_lft forever
8. 2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
9.     link/ether 7c:b5:9b:59:0a:71 brd ff:ff:ff:ff:ff:ff
10.     inet 172.16.10.10/24 brd 172.16.10.255 scope global enp1s0
11.        valid_lft forever preferred_lft forever
12.     inet6 fe80::7eb5:9bff:fe59:a71/64 scope link
13.        valid_lft forever preferred_lft forever
14. 5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000    link/ether 52:54:00:bb:15:22 brd ff:ff:ff:ff:ff:ff    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0       valid_lft forever preferred_lft forever6: macvtap0@enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 500    link/ether 52:54:00:41:8f:a3 brd ff:ff:ff:ff:ff:ff    inet6 fe80::5054:ff:fe41:8fa3/64 scope link        valid_lft forever preferred_lft forever7: macvtap1@enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 500    link/ether 52:54:00:93:2c:4a brd ff:ff:ff:ff:ff:ff    inet6 fe80::5054:ff:fe93:2c4a/64 scope link        valid_lft forever preferred_lft forever

复制代码

捏造机1配置IP地点

1. root@vm1:~# cat /etc/netplan/00-installer-config.yaml
2. network:
3.   ethernets:
4.     enp1s0:
5.       dhcp4: false
6.       addresses:
7.         - 172.16.10.11/24
8.       nameservers:
9.         addresses:
10.           - 223.5.5.5
11.           - 223.6.6.6
12.       routes:
13.         - to: default
14.           via: 172.16.10.1
15.   version: 2

复制代码

捏造机2配置IP地点

1. root@vm2:~# cat /etc/netplan/00-installer-config.yaml
2. network:
3.   ethernets:
4.     enp1s0:
5.       dhcp4: false
6.       addresses:
7.         - 172.16.10.12/24
8.       nameservers:
9.         addresses:
10.           - 223.5.5.5
11.           - 223.6.6.6
12.       routes:
13.         - to: default
14.           via: 172.16.10.1
15.   version: 2

复制代码

测试与网关的连通性

1. root@vm1:~# ping 172.16.10.1 -c 3
2. PING 172.16.10.1 (172.16.10.1) 56(84) bytes of data.
3. 64 bytes from 172.16.10.1: icmp_seq=1 ttl=255 time=1.38 ms
4. 64 bytes from 172.16.10.1: icmp_seq=2 ttl=255 time=1.75 ms
5. 64 bytes from 172.16.10.1: icmp_seq=3 ttl=255 time=4.34 ms
7. --- 172.16.10.1 ping statistics ---
8. 3 packets transmitted, 3 received, 0% packet loss, time 2004ms
9. rtt min/avg/max/mdev = 1.382/2.491/4.344/1.318 ms

复制代码

bond、vlan与桥接混合配置

将服务器两块网卡构成bond口，在bond口之上创建两个vlan子接口，分别参加两个linux bridge中，然后在差别bridge下创建捏造机，捏造机将属于差别vlan。
示意图如下：

互换机配置，配置动态链路聚合，将端口g1/0/1和g1/0/3参加聚合组。将聚合口配置为trunk模式，允许vlan 8 10 20通过，而且将vlan8 配置为聚合口的native vlan，作为管理使用。

1. <H3C>system-view
2. [H3C]interface Vlan-interface 8
3. [H3C-Vlan-interface8]ip address 172.16.8.1 24
4. [H3C-Vlan-interface8]exit
5. [H3C]
7. [H3C]interface Bridge-Aggregation 1
8. [H3C-Bridge-Aggregation1]link-aggregation mode dynamic
9. [H3C-Bridge-Aggregation1]quit
11. [H3C]interface GigabitEthernet 1/0/1
12. [H3C-GigabitEthernet1/0/1]port link-aggregation group 1
13. [H3C-GigabitEthernet1/0/1]exit
15. [H3C]interface GigabitEthernet 1/0/3
16. [H3C-GigabitEthernet1/0/3]port link-aggregation group 1
17. [H3C-GigabitEthernet1/0/3]exit
19. [H3C]interface Bridge-Aggregation 1
20. [H3C-Bridge-Aggregation1]port link-type trunk
21. [H3C-Bridge-Aggregation1]port trunk permit vlan 8 10 20
22. [H3C-Bridge-Aggregation1]port trunk pvid vlan 8
23. [H3C-Bridge-Aggregation1]undo port trunk permit vlan 1
24. [H3C-Bridge-Aggregation1]exit
25. [H3C]

复制代码

服务器网卡配置，注意bond0配置了管理IP地点，匹配互换机native vlan 8。

1. root@server1:~# cat /etc/netplan/00-installer-config.yaml
2. network:
3.   version: 2
4.   ethernets:
5.     enp1s0:
6.       dhcp4: false
7.     enp2s0:
8.       dhcp4: false
9.   bonds:
10.     bond0:
11.       dhcp4: false
12.       dhcp6: false
13.       interfaces:
14.         - enp1s0
15.         - enp2s0
16.       addresses:
17.         - 172.16.8.10/24
18.       nameservers:
19.         addresses:
20.           - 223.5.5.5
21.           - 223.6.6.6
22.       routes:
23.         - to: default
24.           via: 172.16.8.1
25.       parameters:
26.         mode: 802.3ad
27.         lacp-rate: fast
28.         mii-monitor-interval: 100
29.         transmit-hash-policy: layer2+3
30.   bridges:
31.     br10:
32.       interfaces: [ vlan10 ]
33.     br20:
34.       interfaces: [ vlan20 ]
35.   vlans:
36.     vlan10:
37.       id: 10
38.       link: bond0
39.     vlan20:
40.       id: 20
41.       link: bond0

复制代码

查看网卡信息，新建了bond0网口，而且基于bond0网口创建了两个vlan子接口vlan10和vlan20。

1. root@server1:~# ip a
2. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
3.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4.     inet 127.0.0.1/8 scope host lo
5.        valid_lft forever preferred_lft forever
6.     inet6 ::1/128 scope host
7.        valid_lft forever preferred_lft forever
8. 2: enp1s0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
9.     link/ether ae:fd:60:48:84:1a brd ff:ff:ff:ff:ff:ff permaddr 7c:b5:9b:59:0a:71
10. 3: enp2s0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
11.     link/ether ae:fd:60:48:84:1a brd ff:ff:ff:ff:ff:ff permaddr e4:54:e8:dc:e5:88
12. 15: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
13.     link/ether ae:fd:60:48:84:1a brd ff:ff:ff:ff:ff:ff
14.     inet 172.16.8.10/24 brd 172.16.8.255 scope global bond0
15.        valid_lft forever preferred_lft forever
16.     inet6 fe80::acfd:60ff:fe48:841a/64 scope link
17.        valid_lft forever preferred_lft forever
18. 16: br10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
19.     link/ether ee:df:66:ab:c2:4b brd ff:ff:ff:ff:ff:ff
20.     inet6 fe80::ecdf:66ff:feab:c24b/64 scope link
21.        valid_lft forever preferred_lft forever
22. 17: br20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
23.     link/ether 9e:4d:f4:0a:6d:13 brd ff:ff:ff:ff:ff:ff
24.     inet6 fe80::9c4d:f4ff:fe0a:6d13/64 scope link
25.        valid_lft forever preferred_lft forever
26. 18: vlan10@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br10 state UP group default qlen 1000
27.     link/ether ae:fd:60:48:84:1a brd ff:ff:ff:ff:ff:ff
28. 19: vlan20@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br20 state UP group default qlen 1000
29.     link/ether ae:fd:60:48:84:1a brd ff:ff:ff:ff:ff:ff

复制代码

查看创建的网桥

1. root@server1:~# brctl show
2. bridge name     bridge id               STP enabled     interfaces
3. br10            8000.eedf66abc24b       no              vlan10
4. br20            8000.9e4df40a6d13       no              vlan20

复制代码

测试bond0 IP与外部网关连通性

1. root@server1:~# ping 172.16.8.1 -c 3
2. PING 172.16.8.1 (172.16.8.1) 56(84) bytes of data.
3. 64 bytes from 172.16.8.1: icmp_seq=1 ttl=255 time=1.55 ms
4. 64 bytes from 172.16.8.1: icmp_seq=2 ttl=255 time=1.61 ms
5. 64 bytes from 172.16.8.1: icmp_seq=3 ttl=255 time=1.62 ms
7. --- 172.16.8.1 ping statistics ---
8. 3 packets transmitted, 3 received, 0% packet loss, time 2004ms
9. rtt min/avg/max/mdev = 1.550/1.593/1.620/0.030 ms
10. root@server1:~#

复制代码

在server1安装kvm捏造化情况，然后创建两个新的kvm网络，分别绑定到差别网桥

1. cat >br10-network.xml<<EOF
2. <network>
3.   <name>br10-net</name>
4.   <forward mode="bridge"/>
5.   <bridge name="br10"/>
6. </network>
7. EOF
8. cat >br20-network.xml<<EOF
9. <network>
10.   <name>br20-net</name>
11.   <forward mode="bridge"/>
12.   <bridge name="br20"/>
13. </network>
14. EOF
16. virsh net-define br10-network.xml
17. virsh net-define br20-network.xml
18. virsh net-start br10-net
19. virsh net-start br20-net
20. virsh net-autostart br10-net
21. virsh net-autostart br20-net

复制代码

查看新建的网络

1. root@server1:~# virsh net-list
2. Name       State    Autostart   Persistent
3. ---------------------------------------------
4. br10-net   active   yes         yes
5. br20-net   active   yes         yes
6. default    active   yes         yes

复制代码

创建两个捏造机，指定使用差别网络

1. virt-install \
2.   --name vm1 \
3.   --vcpus 1 \
4.   --memory 2048 \
5.   --disk path=/var/lib/libvirt/images/vm1/jammy-server-cloudimg-amd64.img \
6.   --os-variant ubuntu22.04 \
7.   --import \
8.   --autostart \
9.   --noautoconsole \
10.   --network network=br10-net
12. virt-install \
13.   --name vm2 \
14.   --vcpus 1 \
15.   --memory 2048 \
16.   --disk path=/var/lib/libvirt/images/vm2/jammy-server-cloudimg-amd64.img \
17.   --os-variant ubuntu22.04 \
18.   --import \
19.   --autostart \
20.   --noautoconsole \
21.   --network network=br20-net

复制代码

查看创建的捏造机

1. root@server1:~# virsh list
2. Id   Name   State
3. ----------------------
4. 13   vm1    running
5. 14   vm2    running

复制代码

为vm1配置vlan10的IP地点

1. virsh console vm1
2. cat >/etc/netplan/00-installer-config.yaml<<EOF
3. network:
4.   ethernets:
5.     enp1s0:
6.       addresses:
7.       - 172.16.10.10/24
8.       nameservers:
9.         addresses:
10.         - 223.5.5.5
11.       routes:
12.       - to: default
13.         via: 172.16.10.1
14.   version: 2
15. EOF
16. netplan apply

复制代码

为vm2配置vlan20的IP地点

1. virsh console vm2
2. cat >/etc/netplan/00-installer-config.yaml<<EOF
3. network:
4.   ethernets:
5.     enp1s0:
6.       addresses:
7.       - 172.16.20.10/24
8.       nameservers:
9.         addresses:
10.         - 223.5.5.5
11.       routes:
12.       - to: default
13.         via: 172.16.20.1
14.   version: 2
15. EOF
16. netplan apply

复制代码

登录到vm1，测试vm1与外部网关连通性

1. root@vm1:~# ip a
2. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
3.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4.     inet 127.0.0.1/8 scope host lo
5.        valid_lft forever preferred_lft forever
6.     inet6 ::1/128 scope host
7.        valid_lft forever preferred_lft forever
8. 2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
9.     link/ether 52:54:00:a4:aa:9d brd ff:ff:ff:ff:ff:ff
10.     inet 172.16.10.10/24 brd 172.16.10.255 scope global enp1s0
11.        valid_lft forever preferred_lft forever
12.     inet6 fe80::5054:ff:fea4:aa9d/64 scope link
13.        valid_lft forever preferred_lft forever
14. root@vm1:~#
15. root@vm1:~# ping 172.16.10.1 -c 3
16. PING 172.16.10.1 (172.16.10.1) 56(84) bytes of data.
17. 64 bytes from 172.16.10.1: icmp_seq=1 ttl=255 time=1.51 ms
18. 64 bytes from 172.16.10.1: icmp_seq=2 ttl=255 time=7.10 ms
19. 64 bytes from 172.16.10.1: icmp_seq=3 ttl=255 time=2.10 ms
21. --- 172.16.10.1 ping statistics ---
22. 3 packets transmitted, 3 received, 0% packet loss, time 2003ms
23. rtt min/avg/max/mdev = 1.505/3.568/7.101/2.509 ms
24. root@vm1:~#

复制代码

登录到vm2，测试vm2与外部网关连通性

1. root@vm2:~# ip a
2. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
3.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4.     inet 127.0.0.1/8 scope host lo
5.        valid_lft forever preferred_lft forever
6.     inet6 ::1/128 scope host
7.        valid_lft forever preferred_lft forever
8. 2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
9.     link/ether 52:54:00:89:61:da brd ff:ff:ff:ff:ff:ff
10.     inet 172.16.20.10/24 brd 172.16.20.255 scope global enp1s0
11.        valid_lft forever preferred_lft forever
12.     inet6 fe80::5054:ff:fe89:61da/64 scope link
13.        valid_lft forever preferred_lft forever
14. root@vm2:~#
15. root@vm2:~# ping 172.16.20.1 -c 3
16. PING 172.16.20.1 (172.16.20.1) 56(84) bytes of data.
17. 64 bytes from 172.16.20.1: icmp_seq=1 ttl=255 time=1.73 ms
18. 64 bytes from 172.16.20.1: icmp_seq=2 ttl=255 time=2.00 ms
19. 64 bytes from 172.16.20.1: icmp_seq=3 ttl=255 time=2.00 ms
21. --- 172.16.20.1 ping statistics ---
22. 3 packets transmitted, 3 received, 0% packet loss, time 2003ms
23. rtt min/avg/max/mdev = 1.732/1.911/2.003/0.126 ms
24. root@vm2:~#

复制代码

免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！更多信息从访问主页：qidao123.com:ToB企服之家，中国第一个企服评测及商务社交产业平台。