在RHEL 7上的成组设备上设置软件网桥
时间:2020-03-21 11:47:14 来源:igfitidea点击:
我们将在一组连接上设置桥接网络接口。
准备工作
我们使用RHEL 7.1虚拟机,该虚拟机具有我们之前配置的成组接口。
# nmcli c NAME UUID TYPE DEVICE slave2 eabb15cc-2bb7-4fc1-a52f-47268137cb09 802-3-ethernet enp0s8 slave1 6d420cc6-cba4-4561-b9ae-17af025987ce 802-3-ethernet enp0s17 myteam0 9691a92f-03dc-48b2-951d-a2b73721f8bc team myteam0
# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s8: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master myteam0 state UP qlen 1000
link/ether 08:00:27:ff:72:02 brd ff:ff:ff:ff:ff:ff
3: enp0s17: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master myteam0 state UP qlen 1000
link/ether 08:00:27:ff:72:02 brd ff:ff:ff:ff:ff:ff
4: myteam0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 08:00:27:ff:72:02 brd ff:ff:ff:ff:ff:ff
inet 10.8.8.72/24 brd 10.8.8.255 scope global myteam0
valid_lft forever preferred_lft forever
inet6 fc00::a:b:c:72/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:feff:7202/64 scope link
valid_lft forever preferred_lft forever
配置软件桥
请注意,我们使用控制台而不是安全shell(SSH)。
如果我们配置不正确,则网络连接可能并且很可能会被丢弃。
安装bridge-utils软件包:
# yum install -y bridge-utils
添加一个新的mybr0连接:
# nmcli c add type bridge con-name mybr0 ifname mybr0
修改新创建的mybr0连接以匹配我们的配置(请参阅成组的IP等配置):
# nmcli c mod mybr0 ipv4.method manual ipv6.method manual \ ipv4.addresses 10.8.8.72/24 ipv4.gateway 10.8.8.70 \ ipv4.dns 10.8.8.70 ipv6.addresses fc00::a:b:c:72/64 \ bridge.stp no
检查确认:
# nmcli c NAME UUID TYPE DEVICE slave2 eabb15cc-2bb7-4fc1-a52f-47268137cb09 802-3-ethernet enp0s8 slave1 6d420cc6-cba4-4561-b9ae-17af025987ce 802-3-ethernet enp0s17 myteam0 9691a92f-03dc-48b2-951d-a2b73721f8bc team myteam0 mybr0 558eb416-de58-4b44-a545-8959cdc81e66 bridge mybr0
改成:
# cd /etc/sysconfig/network-scripts/
打开“ ifcfg-myteam0”进行编辑。
在文件末尾添加以下行:
BRIDGE=mybr0
还要删除IP地址配置,因为它已经在网桥上设置了。
我们可以使用sed:
# sed -i '/IPADDR/d;/PREFIX/d;/GATEWAY/d;/DNS/d;/IPV6ADDR/d' ./ifcfg-myteam0
在桥接接口上禁用DAD:
# echo "net.ipv6.conf.mybr0.accept_dad=0" >>/etc/sysctl.d/dad.conf # sysctl -w net.ipv6.conf.mybr0.accept_dad=0
网络管理器不支持绑定或者成组的接口上的网桥:
# systemctl disable NetworkManager && systemctl stop NetworkManager
网络服务应启动并启用:
# systemctl enable network && systemctl restart network
检查确认:
# brctl show bridge name bridge id STP enabled interfaces mybr0 8000.080027ff7201 no myteam0
# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s8: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master myteam0 state UP qlen 1000
link/ether 08:00:27:ff:72:01 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a00:27ff:feff:7201/64 scope link
valid_lft forever preferred_lft forever
3: enp0s17: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master myteam0 state UP qlen 1000
link/ether 08:00:27:ff:72:01 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a00:27ff:feff:7201/64 scope link
valid_lft forever preferred_lft forever
6: myteam0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master mybr0 state UP
link/ether 08:00:27:ff:72:01 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a00:27ff:feff:7201/64 scope link
valid_lft forever preferred_lft forever
7: mybr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 08:00:27:ff:72:01 brd ff:ff:ff:ff:ff:ff
inet 10.8.8.72/24 brd 10.8.8.255 scope global mybr0
valid_lft forever preferred_lft forever
inet6 fc00::a:b:c:72/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:feff:7201/64 scope link
valid_lft forever preferred_lft forever
