在同一台机器上为不同的网络配置两个网卡
问题
如何正确配置不同网络上的两个 NIC?目标是让所有流量从接收它的接口返回。如果有人可以提供路由表应该是什么样子的示例,我可以从那里获取创建的 Netplan 配置。
更新 1
- 添加了硬件图
- 简化了 config.yaml,
ping从 eno2 中解析出来 - 仍然无法正确返回流量
iperf
更新 #2
- 目标中的小说明(两个网卡,两个子网)
- 请求
ip r s输出的示例作为目标。
问题
两个 NIC 均可访问,但返回流量仅通过其中一个路由。尝试在 netplan 中指定表格没有奏效,但我可能弄乱了配置 yaml 中的路由策略。
目标配置
我希望所有流量都在 NIC 之间隔离。它们不需要被隔离,但如果流量在 LAB LAN 上,则停留在绑定的 NIC 上,如果在 MGMT LAN 上,则停留在 eno2 设备上。
┌─────────────────┐ ┌──────────────────────┐
│ y.y.y.0/24 │ │ x.x.x.0/24 │
│ mgmt network │ │ lab network │
└─┬───────────────┘ └─┬──┬─────────┬──┬────┘
│ │┼┼│ │┼┼│
│ │┼┼│ │┼┼│
│ │┼┼│ ┌─=┴==┴=─────┐
│ │┼┼│ | file server|
│ │┼┼│ └────────────┘
┌─=───────────────────────=┴==┴=─────────────────┐
│ y.y.y.105 x.x.x.71 │
│ │
│ GPU Server │
└────────────────────────────────────────────────┘
硬件图
这是堆栈中相关硬件的拓扑。
Netplan 配置 YAML
#50-netplan-config.yaml
network:
version: 2
ethernets:
# management network y.y.y.0/24
eno2:
dhcp4: no
dhcp6: no
addresses: [y.y.y.105/24]
routes:
- to: default
via: y.y.y.1
nameservers:
addresses: [y.y.y.1, 1.1.1.1, 1.0.0.1]
search: [local, lab]
bridges:
# lab network x.x.x.0/24
br0:
dhcp4: no
dhcp6: no
interfaces: [bond0]
addresses: [x.x.x.71/24]
nameservers:
addresses: [x.x.x.1, 1.1.1.1, 1.0.0.1]
search: [local, lab]
bonds:
bond0:
interfaces: [enp129s0f0, enp129s0f1, enp129s0f2, enp129s0f3]
parameters:
lacp-rate: fast
mode: 802.3ad
transmit-hash-policy: layer3+4
mii-monitor-interval: 100
ad-select: bandwidth
# interfaces for bond0
enp129s0f0:
dhcp4: no
dhcp6: no
enp129s0f1:
dhcp4: no
dhcp6: no
enp129s0f2:
dhcp4: no
dhcp6: no
enp129s0f3:
dhcp4: no
dhcp6: no
测试
尝试从服务器 ping 出去
适用于eno2
PING 1.1.1.1 (1.1.1.1) from y.y.y.105 eno2: 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=52 time=10.3 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=52 time=10.4 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=52 time=10.3 ms
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 10.309/10.324/10.353/0.020 ms
适用于br0
$ ping -c 3 -I br0 1.1.1.1
PING 1.1.1.1 (1.1.1.1) from x.x.x.71 br0: 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=52 time=10.1 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=52 time=10.3 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=52 time=10.6 ms
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 10.102/10.339/10.573/0.192 ms
检查路由表
$ ip route show
default via y.y.y.1 dev eno2 proto static
blackhole 10.1.228.192/26 proto 80
x.x.x.0/24 dev br0 proto kernel scope link src x.x.x.71
y.y.y.0/24 dev eno2 proto kernel scope link src y.y.y.105
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
测试 MGMT 网络
使用和测试eno2接口。结果显示到 GPU 服务器的流量在正确的接口上接收,但返回流量是通过( )。iperfnloadbond0br0
❯ iperf -c y.y.y.105 -r -f G
------------------------------------------------------------
Client connecting to y.y.y.105, TCP port 5001
TCP window size: 128 KByte (default)
------------------------------------------------------------
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 128 KByte (default)
------------------------------------------------------------
[ 1] local 172.30.30.229 port 60716 connected with y.y.y.105 port 5001 (icwnd/mss/irtt=14/1448/5000)
[ ID] Interval Transfer Bandwidth
[ 1] 0.00-10.31 sec 0.150 GBytes 0.015 GBytes/sec
[ 2] local 172.30.30.229 port 5001 connected with x.x.x.71 port 53436
[ ID] Interval Transfer Bandwidth
[ 2] 0.00-10.12 sec 0.171 GBytes 0.017 GBytes/sec
$ iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 128 KByte (default)
------------------------------------------------------------
[ 1] local y.y.y.105 port 5001 connected with 172.30.30.229 port 58370
[ ID] Interval Transfer Bandwidth
[ 1] 0.0000-10.2382 sec 161 MBytes 132 Mbits/sec
------------------------------------------------------------
Client connecting to 172.30.30.229, TCP port 5001
TCP window size: 85.0 KByte (default)
------------------------------------------------------------
[ *2] local x.x.x.71 port 36346 connected with 172.30.30.229 port 5001 (reverse)
[ ID] Interval Transfer Bandwidth
[ *2] 0.0000-10.2344 sec 151 MBytes 124 Mbits/sec
$ nload eno2
Device eno2 [y.y.y.105] (1/1):
=============================================================================================================
Incoming:
######################
######################
######################
###################### Curr: 1.49 kBit/s
###################### Avg: 20.73 MBit/s
###################### Min: 1.02 kBit/s
###################### Max: 190.57 MBit/s
###################### Ttl: 676.95 MByte
Outgoing:
Curr: 0.00 Bit/s
Avg: 0.00 Bit/s
Min: 0.00 Bit/s
Max: 0.00 Bit/s
Ttl: 9.99 MByte
注意:在窗口中nload br0打开nload bond0同一设备nload
$ nload br0
Device bond0 (1/15):
==============================================================================================================
Incoming:
Curr: 3.84 kBit/s
Avg: 192.22 kBit/s
Min: 952.00 Bit/s
.|. Max: 1.81 MBit/s
.###################|. Ttl: 7.30 MByte
Outgoing:
######################
######################
######################
######################
######################
###################### Curr: 21.80 kBit/s
###################### Avg: 21.51 MBit/s
. ###################### Min: 4.16 kBit/s
|.|###||#####|.....###################### Max: 162.19 MBit/s
|######################################### Ttl: 694.43 MByte
测试实验室网络
同时,接口上的网络流量符合预期br0。
❯ iperf -c x.x.x.71 -r -f G
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 128 KByte (default)
------------------------------------------------------------
------------------------------------------------------------
Client connecting to x.x.x.71, TCP port 5001
TCP window size: 128 KByte (default)
------------------------------------------------------------
[ 1] local 172.30.30.229 port 59950 connected with x.x.x.71 port 5001 (icwnd/mss/irtt=14/1448/3000)
[ ID] Interval Transfer Bandwidth
[ 1] 0.00-10.12 sec 0.159 GBytes 0.016 GBytes/sec
[ 2] local 172.30.30.229 port 5001 connected with x.x.x.71 port 33270
[ ID] Interval Transfer Bandwidth
[ 2] 0.00-10.20 sec 0.167 GBytes 0.016 GBytes/sec
$ iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 128 KByte (default)
------------------------------------------------------------
[ 1] local x.x.x.71 port 5001 connected with 172.30.30.229 port 59950
[ ID] Interval Transfer Bandwidth
[ 1] 0.0000-10.1135 sec 163 MBytes 135 Mbits/sec
------------------------------------------------------------
Client connecting to 172.30.30.229, TCP port 5001
TCP window size: 85.0 KByte (default)
------------------------------------------------------------
[ *2] local x.x.x.71 port 33270 connected with 172.30.30.229 port 5001 (reverse)
[ ID] Interval Transfer Bandwidth
[ *2] 0.0000-10.2124 sec 171 MBytes 140 Mbits/sec
$ nload br0
Device bond0 (1/12):
=============================================================================================================
Incoming:
######################
######################
######################
###################### Curr: 3.85 kBit/s
###################### Avg: 44.04 MBit/s
###################### Min: 3.85 kBit/s
###################### . Max: 174.40 MBit/s
######################.|#||##.|###|||||||. Ttl: 3.35 GByte
Outgoing:
######################
######################
######################
######################
###################### Curr: 13.89 kBit/s
###################### Avg: 47.11 MBit/s
. .... . .. ###################### Min: 4.16 kBit/s
.##########||####||######################. Max: 165.06 MBit/s
.########################################## Ttl: 2.86 GByte
答案1
如果我正确理解了您的图表,GPU 和文件服务器位于同一个 L2 网络上,因此实际上并不涉及任何路由。
交换机上的 LACP 策略必须配置为将 L4 也考虑在哈希中,以便不同的传输流将针对不同的绑定成员。我假设您这里有多个 TCP/UDP 会话,否则它根本不会分配负载。