如何为我的简单 Ubuntu 路由器构建配置链路聚合/绑定 LAN?

网络工程 转变 路由器 局域网 linux IEEE-802.1ax
2022-02-18 19:15:58

我正在为这个旋转...!有人请帮忙!

我按照下面的这个 fab 教程制作了我自己的基于 Ubuntu 的路由器:

如何搭建一个简单的路由器 Ubuntu Server 18.04

仅使用我的硬件上可用的四个端口中的两个端口,哪个工作得很好:

- 带有旧4 端口 HP 千兆适配器 NC364T
的旧联想台式机- 接口 1(WAN):DHCP 连接到 BT HomeHub 路由器(192.168.1.? /24)
- 接口 2 (LAN):静态 10.1.0.1,在子网 10.1.0.0/24 上设置 DHCP 服务器
- 然后接口 2 连接到新的 Cisco SG220-26 交换机,嘿,我的所有 LAN 设备都准备好了!

但是......因为我在盒子里也有一些存储空间,并且交换机/网卡都支持链路聚合。我想我可以在 netplan 中创建一个绑定并增加带宽(例如,将 1 个端口用于 WAN,3 个用于 LAN 聚合到交换机的链接)加上它的学习练习吧....?!

我似乎无法让它工作..作为绑定或将静态/dhcp 接口添加到我的 netplan yaml

这是两个端口版本的工作netplan yaml :

network:
ethernets:
    enp3s0f0:
        dhcp4: true
    enp3s0f1:
        addresses:
        - 10.1.0.1/24
        dhcp4: false
        nameservers:
            addresses:
            - 8.8.8.8
            - 8.8.4.4
            search: []
version: 2

工作/etc/rc.local iptables 配置:

#!/bin/bash

# /etc/rc.local

# Default policy to drop all incoming packets.
iptables -P INPUT DROP
iptables -P FORWARD DROP

# Accept incoming packets from localhost and the LAN interface.
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i enp3s0f1 -j ACCEPT

# Accept incoming packets from the WAN if the router initiated the connection.
iptables -A INPUT -i enp3s0f0 -m conntrack \
--ctstate ESTABLISHED,RELATED -j ACCEPT

# Forward LAN packets to the WAN.
iptables -A FORWARD -i enp3s0f1 -o enp3s0f0 -j ACCEPT

# Forward WAN packets to the LAN if the LAN initiated the connection.
iptables -A FORWARD -i enp3s0f0 -o enp3s0f1 -m conntrack \
--ctstate ESTABLISHED,RELATED -j ACCEPT

# NAT traffic going out the WAN interface.
iptables -t nat -A POSTROUTING -o enp3s0f0 -j MASQUERADE

# rc.local needs to exit with 0
exit 0

使用绑定路由器的 netplan 示例作为起点,我不工作的绑定 netplan yaml看起来像:

network:
version: 2
ethernets:
    enp3s0f0:
        dhcp4: yes
    enp3s0f1:
        dhcp4: false
    enp4s0f0:
        dhcp4: false
        optional: true
    enp4s0f1:
        dhcp4: false
        optional: true
bonds:
  pigeon-lan:
    interfaces: [enp3s0f1, enp4s0f0, enp4s0f1]
    addresses: [10.1.0.1/24]
    nameservers:
      addresses: [8.8.8.8, 8.8.4.4]
      search: []
    parameters:
      mode: 802.3ad
      mii-monitor-interval: 1

与我不工作的绑定/etc/rc.local iptables 配置相同,除了我为绑定接口(pigeon-lan)切换了 LAN 接口(enp3s0f1):

#!/bin/bash

# /etc/rc.local

# Default policy to drop all incoming packets.
iptables -P INPUT DROP
iptables -P FORWARD DROP

# Accept incoming packets from localhost and the LAN interface.
#iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i pigeon-lan -j ACCEPT

# Accept incoming packets from the WAN if the router initiated the connection.
iptables -A INPUT -i enp3s0f0 -m conntrack \
--ctstate ESTABLISHED,RELATED -j ACCEPT

# Forward LAN packets to the WAN.
iptables -A FORWARD -i pigeon-lan -o enp3s0f0 -j ACCEPT

# Forward WAN packets to the LAN if the LAN initiated the connection.
iptables -A FORWARD -i enp3s0f0 -o pigeon-lan -m conntrack \
--ctstate ESTABLISHED,RELATED -j ACCEPT

# NAT traffic going out the WAN interface.
iptables -t nat -A POSTROUTING -o enp3s0f0 -j MASQUERADE

# rc.local needs to exit with 0
exit 0

此外,我还更改了 /etc/default/dhcpd.conf 中的 DHCP 接口以命中绑定。

应用此功能后(netplan/dhcp/reboot 等),我根本无法通过交换机访问 WAN/LAN,但可以从盒子中 ping 出到 google 等,因此 WAN 看起来没问题。

在这个问题上摸不着头脑,所以任何帮助都将不胜感激!

仅供参考 - 我的 ifconfig 显示:

docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:7eff:feab:7e59  prefixlen 64  scopeid 0x20<link>
        ether 02:42:7e:ab:7e:59  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 72  bytes 11027 (11.0 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp3s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.117  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::224:81ff:fe81:8d4d  prefixlen 64  scopeid 0x20<link>
        ether 00:24:81:81:8d:4d  txqueuelen 1000  (Ethernet)
        RX packets 1563  bytes 521441 (521.4 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 921  bytes 137509 (137.5 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 39  memory 0xfe720000-fe740000  

enp3s0f1: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST>  mtu 1500
        ether d6:a1:38:bd:13:bc  txqueuelen 1000  (Ethernet)
        RX packets 2306  bytes 171452 (171.4 KB)
        RX errors 0  dropped 3  overruns 0  frame 0
        TX packets 128  bytes 16384 (16.3 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 26  memory 0xfe700000-fe720000  

enp4s0f0: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST>  mtu 1500
        ether d6:a1:38:bd:13:bc  txqueuelen 1000  (Ethernet)
        RX packets 245  bytes 23278 (23.2 KB)
        RX errors 0  dropped 3  overruns 0  frame 0
        TX packets 133  bytes 16830 (16.8 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 44  memory 0xfe520000-fe540000  

enp4s0f1: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST>  mtu 1500
        ether d6:a1:38:bd:13:bc  txqueuelen 1000  (Ethernet)
        RX packets 177  bytes 15554 (15.5 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 128  bytes 16384 (16.3 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 24  memory 0xfe500000-fe520000  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 46  bytes 3032 (3.0 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 46  bytes 3032 (3.0 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

pigeon-lan: flags=5187<UP,BROADCAST,RUNNING,MASTER,MULTICAST>  mtu 1500
        inet 10.1.0.1  netmask 255.255.255.0  broadcast 10.1.0.255
        inet6 fe80::d4a1:38ff:febd:13bc  prefixlen 64  scopeid 0x20<link>
        ether d6:a1:38:bd:13:bc  txqueuelen 1000  (Ethernet)
        RX packets 2728  bytes 210284 (210.2 KB)
        RX errors 0  dropped 6  overruns 0  frame 0
        TX packets 389  bytes 49598 (49.5 KB)
        TX errors 0  dropped 69 overruns 0  carrier 0  collisions 0

veth0b52c2b: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::bc0d:62ff:fe4c:8c7b  prefixlen 64  scopeid 0x20<link>
        ether be:0d:62:4c:8c:7b  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 656 (656.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth6ab4d9d: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::ccbe:f5ff:fed8:ae7a  prefixlen 64  scopeid 0x20<link>
        ether ce:be:f5:d8:ae:7a  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 87  bytes 12173 (12.1 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
1个回答

解决方案是:

首先使用适当的 LAG 组等在交换机上完全配置/启用 LACP。

(掌心)

其它你可能感兴趣的问题
上一篇保护 Cisco C3560CX 交换机免受远程位置的未经授权访问 下一篇网络交换机的速度实际上意味着什么?