brctl創建虛擬網卡詳解
作者:尹正傑
版權聲明:原創作品,謝絕轉載!否則將追究法律責任。
很久之前我分享過一篇關於搭建Openvpn的筆記,在筆記的最后我分享了一個腳本,是用來創建虛擬網卡的,今天我們就來聊一聊如何用Linux命令創建虛擬網卡,在學習命令之前,我們先了解一下Linux比較重要的2個模式:TUN和TAP。
在計算機網絡中,TUN與TAP是操作系統內核中的虛擬網絡設備。不同於普通靠硬件網絡板卡實現的設備,這些虛擬的網絡設備全部用軟件實現,並向運行於操作系統上的軟件提供與硬件的網絡設備完全相同的功能。
TAP等同於一個以太網設備,它操作第二層數據包如以太網數據幀。TUN模擬了網絡層設備,操作第三層數據包比如IP數據封包。
操作系統通過TUN/TAP設備向綁定該設備的用戶空間的程序發送數據,反之,用戶空間的程序也可以像操作硬件網絡那樣,通過TUN/TAP設備發送數據。在后種情況下,TUN/TAP設備向操作系統的網絡棧投遞(或"注入")數據包,從而模擬從外部接收數據的過程。
要注意的是在Linux操作系統中,橋接模式不支持“NetworkManager”,因此在創建橋接網卡之前,建議提前將其關閉掉。
一.使用命令行創建橋接模式網卡
1.關閉“NetworkManager”服務:
2.安裝“brctl”軟件包:
3.查看幫助:
1 #!/usr/bin/env gorun 2 #@author :yinzhengjie 3 #Blog:http://www.cnblogs.com/yinzhengjie/tag/GO%E8%AF%AD%E8%A8%80%E7%9A%84%E8%BF%9B%E9%98%B6%E4%B9%8B%E8%B7%AF/ 4 #EMAIL:y1053419035@qq.com 5 6 [root@yinzhengjie ~]# brctl --help 7 Usage: brctl [commands] 8 commands: 9 addbr <bridge> add bridge #添加一個橋 10 delbr <bridge> delete bridge #創建一個橋 11 addif <bridge> <device> add interface to bridge #將某個接口添加到這個橋上來 12 delif <bridge> <device> delete interface from bridge #將某個接口從這個橋上刪除 13 setageing <bridge> <time> set ageing time 14 setbridgeprio <bridge> <prio> set bridge priority 15 setfd <bridge> <time> set bridge forward delay 16 sethello <bridge> <time> set hello time 17 setmaxage <bridge> <time> set max message age 18 sethashel <bridge> <int> set hash elasticity 19 sethashmax <bridge> <int> set hash max 20 setmclmc <bridge> <int> set multicast last member count 21 setmcrouter <bridge> <int> set multicast router 22 setmcsnoop <bridge> <int> set multicast snooping 23 setmcsqc <bridge> <int> set multicast startup query count 24 setmclmi <bridge> <time> set multicast last member interval 25 setmcmi <bridge> <time> set multicast membership interval 26 setmcqpi <bridge> <time> set multicast querier interval 27 setmcqi <bridge> <time> set multicast query interval 28 setmcqri <bridge> <time> set multicast query response interval 29 setmcqri <bridge> <time> set multicast startup query interval 30 setpathcost <bridge> <port> <cost> set path cost 31 setportprio <bridge> <port> <prio> set port priority 32 setportmcrouter <bridge> <port> <int> set port multicast router 33 show [ <bridge> ] show a list of bridges #查看當前是否有橋設備 34 showmacs <bridge> show a list of mac addrs 35 showstp <bridge> show bridge stp info 36 stp <bridge> {on|off} turn stp on/off 37 [root@yinzhengjie ~]#
4.創建橋接網卡配置流程:
1 #!/usr/bin/env gorun 2 #@author :yinzhengjie 3 #Blog:http://www.cnblogs.com/yinzhengjie/tag/GO%E8%AF%AD%E8%A8%80%E7%9A%84%E8%BF%9B%E9%98%B6%E4%B9%8B%E8%B7%AF/ 4 #EMAIL:y1053419035@qq.com 5 6 7 8 [root@yinzhengjie ~]# brctl addbr br0 #創建一個名稱為"br0"的網卡 9 [root@yinzhengjie ~]# ifconfig eth0 0 up #將需要橋接的網卡IP清空 10 [root@yinzhengjie ~]# ifconfig 11 eth0 Link encap:Ethernet HWaddr 00:0C:29:32:86:A9 12 inet6 addr: fe80::20c:29ff:fe32:86a9/64 Scope:Link 13 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 14 RX packets:5137 errors:0 dropped:0 overruns:0 frame:0 15 TX packets:2329 errors:0 dropped:0 overruns:0 carrier:0 16 collisions:0 txqueuelen:1000 17 RX bytes:4930215 (4.7 MiB) TX bytes:222313 (217.1 KiB) 18 19 lo Link encap:Local Loopback 20 inet addr:127.0.0.1 Mask:255.0.0.0 21 inet6 addr: ::1/128 Scope:Host 22 UP LOOPBACK RUNNING MTU:65536 Metric:1 23 RX packets:16 errors:0 dropped:0 overruns:0 frame:0 24 TX packets:16 errors:0 dropped:0 overruns:0 carrier:0 25 collisions:0 txqueuelen:0 26 RX bytes:960 (960.0 b) TX bytes:960 (960.0 b) 27 28 [root@yinzhengjie ~]# 29 [root@yinzhengjie ~]# brctl addif br0 eth0 #在"br0"上添加"eth0"; 30 [root@yinzhengjie ~]# ifconfig br0 192.168.16.107/24 up #給"br0"配置IP; 31 [root@yinzhengjie ~]# route add default gw 192.168.16.1 #設置默認的網關地址; 32 [root@yinzhengjie ~]# 33 [root@yinzhengjie ~]# ifconfig 34 br0 Link encap:Ethernet HWaddr 00:0C:29:32:86:A9 35 inet addr:192.168.16.107 Bcast:192.168.16.255 Mask:255.255.255.0 36 inet6 addr: fe80::20c:29ff:fe32:86a9/64 Scope:Link 37 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 38 RX packets:27 errors:0 dropped:0 overruns:0 frame:0 39 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 40 collisions:0 txqueuelen:0 41 RX bytes:4245 (4.1 KiB) TX bytes:780 (780.0 b) 42 43 eth0 Link encap:Ethernet HWaddr 00:0C:29:32:86:A9 44 inet6 addr: fe80::20c:29ff:fe32:86a9/64 Scope:Link 45 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 46 RX packets:5815 errors:0 dropped:0 overruns:0 frame:0 47 TX packets:2339 errors:0 dropped:0 overruns:0 carrier:0 48 collisions:0 txqueuelen:1000 49 RX bytes:5223651 (4.9 MiB) TX bytes:223093 (217.8 KiB) 50 51 lo Link encap:Local Loopback 52 inet addr:127.0.0.1 Mask:255.0.0.0 53 inet6 addr: ::1/128 Scope:Host 54 UP LOOPBACK RUNNING MTU:65536 Metric:1 55 RX packets:16 errors:0 dropped:0 overruns:0 frame:0 56 TX packets:16 errors:0 dropped:0 overruns:0 carrier:0 57 collisions:0 txqueuelen:0 58 RX bytes:960 (960.0 b) TX bytes:960 (960.0 b) 59 60 [root@yinzhengjie ~]#
5.開啟stp服務(根據你自己的需求,覺得是否開啟)
1 #!/usr/bin/env gorun 2 #@author :yinzhengjie 3 #Blog:http://www.cnblogs.com/yinzhengjie/tag/GO%E8%AF%AD%E8%A8%80%E7%9A%84%E8%BF%9B%E9%98%B6%E4%B9%8B%E8%B7%AF/ 4 #EMAIL:y1053419035@qq.com 5 6 7 [root@yinzhengjie ~]# brctl show 8 bridge name bridge id STP enabled interfaces 9 br0 8000.000c293286a9 no eth0 10 [root@yinzhengjie ~]# 11 [root@yinzhengjie ~]# brctl stp br0 on 12 [root@yinzhengjie ~]# 13 [root@yinzhengjie ~]# brctl show 14 bridge name bridge id STP enabled interfaces 15 br0 8000.000c293286a9 yes eth0 16 [root@yinzhengjie ~]#
以上方式配置是在命令行上配置的,是臨時存在的,只要重啟網絡服務可能配置就不存在的,是不長久的,不過一般運維人員都是寫shell腳本,根據自己的需求編寫相應的腳本,可以根據自己的需要去相應的橋接網卡。不過接下來,還要給大家推薦的是一種永久配置生效的,需要我們手動修改,估計大家也猜到了,那就是修改配置文件。
二.手動配置橋接網卡
剛剛我們介紹了用"brctl"命令來創建橋接網卡,其實這個命令存在與否都是沒有關系的,因為真正的橋功能實現是內核中的網絡模塊(TUN/TAP)來實現的,所以它用的是橋驅動功能。因此我們可以通過編輯配置文件就可以配置橋接網卡了,
1.修改橋接配置文件
1 #!/usr/bin/env gorun 2 #@author :yinzhengjie 3 #Blog:http://www.cnblogs.com/yinzhengjie/tag/GO%E8%AF%AD%E8%A8%80%E7%9A%84%E8%BF%9B%E9%98%B6%E4%B9%8B%E8%B7%AF/ 4 #EMAIL:y1053419035@qq.com 5 6 7 [root@yinzhengjie ~]# 8 [root@yinzhengjie ~]# cd /etc/sysconfig/network-scripts/ 9 [root@yinzhengjie network-scripts]# cp ifcfg-eth0 ifcfg-br100 10 [root@yinzhengjie network-scripts]# more ifcfg-eth0 #注意,需要將原來的網卡(eth0)上的地址和DNS都刪除掉. 11 DEVICE="eth0" #定義當前設備名稱 12 BOOTPROTO="none" 13 ONBOOT="yes" 14 TYPE="Ethernet" 15 BRIDGE="br100" #定義被橋接到的某塊具體的網卡 16 [root@yinzhengjie network-scripts]# 17 [root@yinzhengjie network-scripts]# more ifcfg-br100 18 DEVICE="br100" #這個地方需要改一下,其他的地方可以不動 19 BOOTPROTO="none" 20 ONBOOT="yes" 21 TYPE="Bridge" #這個地方需要改一下 22 IPADDR="192.168.16.107" 23 NETMAST="255.255.255.0" 24 GATEWAY="192.168.16.1" 25 DNS1="219.141.136.10" 26 DNS2="219.141.140.10" 27 [root@yinzhengjie network-scripts]#
2.重新加載配置文件
1 #!/usr/bin/env gorun 2 #@author :yinzhengjie 3 #Blog:http://www.cnblogs.com/yinzhengjie/tag/GO%E8%AF%AD%E8%A8%80%E7%9A%84%E8%BF%9B%E9%98%B6%E4%B9%8B%E8%B7%AF/ 4 #EMAIL:y1053419035@qq.com 5 6 7 [root@yinzhengjie ~]# chkconfig --list NetworkManager 8 NetworkManager 0:off 1:off 2:on 3:on 4:on 5:on 6:off 9 [root@yinzhengjie ~]# 10 [root@yinzhengjie ~]# chkconfig NetworkManager off #將NetworkManager開機自啟的功能關閉 11 [root@yinzhengjie ~]# 12 [root@yinzhengjie ~]# chkconfig --list NetworkManager 13 NetworkManager 0:off 1:off 2:off 3:off 4:off 5:off 6:off 14 [root@yinzhengjie ~]# 15 [root@yinzhengjie network-scripts]# /etc/init.d/NetworkManager status 16 NetworkManager (pid 6920) is running... 17 [root@yinzhengjie network-scripts]# /etc/init.d/NetworkManager stop #必須要關閉此服務,不然會可能會報錯! 18 Stopping NetworkManager daemon: [ OK ] 19 [root@yinzhengjie network-scripts]# 20 [root@yinzhengjie network-scripts]# /etc/init.d/network restart 21 Shutting down loopback interface: [ OK ] 22 Bringing up loopback interface: [ OK ] 23 Bringing up interface eth0: [ OK ] 24 Bringing up interface br0: Determining if ip address 192.168.16.107 is already in use for device br0... 25 [ OK ] 26 [root@yinzhengjie network-scripts]# 27 [root@yinzhengjie network-scripts]# ifconfig #下面就可以看出創建虛擬網卡很輕松就實現了 28 br100 Link encap:Ethernet HWaddr 00:0C:29:32:86:A9 29 inet addr:192.168.16.107 Bcast:192.168.16.255 Mask:255.255.255.0 30 inet6 addr: fe80::20c:29ff:fe32:86a9/64 Scope:Link 31 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 32 RX packets:5 errors:0 dropped:0 overruns:0 frame:0 33 TX packets:11 errors:0 dropped:0 overruns:0 carrier:0 34 collisions:0 txqueuelen:0 35 RX bytes:736 (736.0 b) TX bytes:695 (695.0 b) 36 37 eth0 Link encap:Ethernet HWaddr 00:0C:29:32:86:A9 38 inet6 addr: fe80::20c:29ff:fe32:86a9/64 Scope:Link 39 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 40 RX packets:77928 errors:0 dropped:0 overruns:0 frame:0 41 TX packets:38572 errors:0 dropped:0 overruns:0 carrier:0 42 collisions:0 txqueuelen:1000 43 RX bytes:94147895 (89.7 MiB) TX bytes:4135913 (3.9 MiB) 44 45 lo Link encap:Local Loopback 46 inet addr:127.0.0.1 Mask:255.0.0.0 47 inet6 addr: ::1/128 Scope:Host 48 UP LOOPBACK RUNNING MTU:65536 Metric:1 49 RX packets:238 errors:0 dropped:0 overruns:0 frame:0 50 TX packets:238 errors:0 dropped:0 overruns:0 carrier:0 51 collisions:0 txqueuelen:0 52 RX bytes:17712 (17.2 KiB) TX bytes:17712 (17.2 KiB) 53 54 [root@yinzhengjie network-scripts]#