RHEL7 Teaming网卡绑定实践

前言

为了提高网络容错或吞吐量，一般服务器都会采取多网卡绑定的策略，在RHEL6中使用的是Bonding，而RHEL7提供了一项新的实现技术Teaming，具体原理和对比列表大家可以参考扩展阅读中的RedHat官方博客。配置Teaming有两种方式，第一种是使用nmclii命令，第二种是直接修改配置文件，如果大家有更好的方法也欢迎分享。

使用teaming替换bonding实现链路聚合网卡绑定

---

更新记录

2015年12月01日 - 补充firewall替换iptables防火墙部分
2015年11月30日 - 初稿

阅读原文 - https://wsgzao.github.io/post/teaming/

扩展阅读

If You Like Bonding, You Will Love Teaming - http://rhelblog.redhat.com/2014/06/23/team-driver/
Configure Network Teaming - https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/ch-Configure_Network_Teaming.html

---

firewall

RHEL 7默认使用的是firewall作为防火墙，如果不习惯可以改为iptables防火墙

#停止firewall
systemctl stop firewalld.service
#禁止firewall开机启动
systemctl disable firewalld.service 

#安装iptables
yum install iptables-services  
#编辑防火墙配置文件
vi /etc/sysconfig/iptables

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

#保存退出
:wq! 

#启动防火墙
systemctl start iptables.service
#停止防火墙
systemctl stop iptables.service
#重启防火墙
systemctl restart iptables.service
#查看防火墙状态
systemctl status iptables.service
#设置开机启动
systemctl enable iptables.service

如果需要了解iptables的用法可以参考我以前的文章

iptables配置实践 - https://wsgzao.github.io/post/iptables/

teaming

实践方法采取直接编辑ifcfg配置activebackup主备模式，其它方法原理类似比如 nmcli/nmtui

#查看LOWER_UP网卡，准备双网卡teaming测试
ip link show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
    link/ether 52:54:00:d5:f7:d4 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
  link/ether 52:54:00:d8:04:70 brd ff:ff:ff:ff:ff:ff

#Creating a Network Team Using ifcfg Files
cd /etc/sysconfig/network-scripts/
vi ifcfg-team0

DEVICE=team0
DEVICETYPE=Team
ONBOOT=yes
BOOTPROTO=none
IPADDR=192.168.11.1
PREFIX=24
#GATEWAY=192.168.11.254
TEAM_CONFIG='{"runner": {"name": "activebackup"}, "link_watch": {"name": "ethtool"}}'

#做好备份继续编辑需要绑定的网卡信息，调整prio优先级

vi ifcfg-eth0

DEVICE=eth0
#HWADDR=D4:85:64:01:46:9E
DEVICETYPE=TeamPort
ONBOOT=yes
TEAM_MASTER=team0
TEAM_PORT_CONFIG='{"prio": 100}'

vi ifcfg-eth1

DEVICE=eth1
#HWADDR=D4:85:64:01:46:9F
DEVICETYPE=TeamPort
ONBOOT=yes
TEAM_MASTER=team0
TEAM_PORT_CONFIG='{"prio": 99}'

#重启网络
systemctl restart network

#检查端口状态
teamnl team0 ports

1: eth0: up 1000Mbit FD
2: eth1: up 1000Mbit FD

#检查teaming状态
teamdctl team0 state

setup:
     runner: activebackup
ports:
     eth0
          link watches:
          link summary: up
          instance[link_watch_0]:
               name: ethtool
               link: up
     eth1
          link watches:
          link summary: up
          instance[link_watch_0]:
               name: ethtool
               link: up
runner:
     active port: eth0


#手动断开其中一条链路验证主备模式切换是否正常
ip link set eth1 down

teamdctl team0 state

setup:
     runner: activebackup
ports:
     eth0
          link watches:
          link summary: down
          instance[link_watch_0]:
               name: ethtool
               link: down
     eth1
          link watches:
          link summary: up
          instance[link_watch_0]:
               name: ethtool
               link: up
runner:
     active port: eth1

bonding

传统的bonding配置和测试结果可以参考我之前的文章

Linux双网卡绑定实践 - https://wsgzao.github.io/post/bonding/