在一个子网上具有绑定接口的主机,为虚拟机设置具有不同公共子网的桥接

tag-icon tag-icon ubuntu networking kvm-virtualization bridge bonding
在一个子网上具有绑定接口的主机,为虚拟机设置具有不同公共子网的桥接

笔记: 我仍然无法使这个配置工作,但一旦我弄清楚了,我就会发布我的解决方案。

我正在设置一台 Ubuntu 主机服务器 (16.04),上面运行着许多 KVM。主机服务器有 4 个物理网卡,它们成对绑定以访问面向公众的网络和私有网络。主机分配有一个主公共子网(只有一个可用的外部 IP)和一个主私有子网(有一个可用的内部 IP)。此外,我还获得了两个额外的 8 IP 子网,一个是公共子网,一个是私有子网,用于此主机上的虚拟机。例如,这是我的 IP 布局:

对于主持人:

  • 公共主子网:200.0.0.72/29 - 可用公共 IP:200.0.0.75
  • 私有主子网:10.0.0.128/26 - 可用私有 IP:10.0.0.138

对于 VMS

  • 公共可移植子网:200.0.1.240/29,5 个可用公共 IP
  • 私有可移植子网:10.0.1.216/29,5 个可用私有 IP

我在让主机拥有与虚拟机桥接接口不同的子网时遇到了很多麻烦。当我指定桥接时,似乎无法让主机正确联网,而且只有当我没有在绑定接口上的主机区域中指定网络时,桥接才会起作用。我的接口文件如下。您在这里看到的是我“期望的”结果,但实际上并没有起作用。我已经能够通过注释不同部分并重新启动网络来使各个部分正常工作。我还根据 ISP 的指示添加了路由命令(route add),但它们无法帮助解决桥接方面和虚拟机的问题。

############################################
#For more information, see interfaces(5).
############################################
##Loopback
auto lo
iface lo inet loopback

## Setup bond0 interface - INTERNAL CONNECTIONS
auto bond0
iface bond0 inet static
bond-lacp-rate 1
#pre-up /sbin/ethtool -s bond0 speed 100 duplex full autoneg off
post-up ifenslave bond0 eth0 eth2
pre-down ifenslave -d bond0 eth0 eth2
address 10.0.0.138
netmask 255.255.255.192
gateway 10.0.0.129
bond-slaves none
bond-mode 4
bond-lacp-rate fast
bond-miimon 100
bond-downdelay 0
bond-updelay 0
bond-xmit_hash_policy 1
up route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.0.0.129

auto eth0
iface eth0 inet manual
bond-master bond0
#pre-up /sbin/ethtool -s eth0 speed 100 duplex full autoneg off

auto eth2
iface eth2 inet manual
bond-master bond0
#pre-up /sbin/ethtool -s eth2 speed 100 duplex full autoneg off

auto br0
iface br0 inet static
address 10.0.1.218
netmask 255.255.255.192
gateway 10.0.1.217
bridge_ports bond0
bridge_stp off
bridge_fd 9
bridge_hello 2
bridge_maxage 12

## Setup bond1 interface - EXTERNAL CONNECTIONS
auto bond1
iface bond1 inet static
bond-lacp-rate 1
post-up ifenslave bond1 eth1 eth3
pre-down ifenslave -d bond1 eth1 eth3
bond-slaves none
bond-mode 4
bond-lacp-rate fast
bond-miimon 100
bond-downdelay 0
bond-updelay 0
bond-xmit_hash_policy 1
address 200.0.0.75
netmask 255.255.255.248
gateway 200.0.0.73
up route add -net 0.0.0.0 netmask 0.0.0.0 gw 200.0.0.73

auto eth1
iface eth1 inet manual
bond-master bond1

auto eth3
iface eth3 inet manual
bond-master bond1

auto br1
iface br1 inet static
address 200.0.1.242
netmask 255.255.255.248
gateway 200.0.1.241
#up iptables-restore < /etc/iptables.rules
post-up echo 0 > /sys/devices/virtual/net/br1/bridge/multicast_snooping
bridge_ports bond1
bridge_stp off
bridge_fd 9
bridge_hello 2
bridge_maxage 12

如果我的主机上已经有子网(在绑定接口上),那么我在桥接接口上指定特定地址时可能会出错,但如果不这样做,我不确定如何为 VMS(在桥上)指定单独的子网。提前感谢任何关于我在这里做错什么的评论/建议。

#附加内容 1:VLAN

以下是我的 ISP 为我提供的 VLAN 子网。“仅用于未来服务器的主 IP”是分配给另一个客户/主机的主 IP,我无法访问。此外,还有两个主私有 IP,一个可供我的主机操作系统访问,另一个是用于控制台访问的管理接口(看起来像是通过 BIOS)。

有两个 VLAN,一个是公用 VLAN,另一个是专用 VLAN,每个 VLAN 都有编号并有一个与之关联的路由器。例如,VLAN 编号 1200 路由器 zzz02a.bbb03 用于公用网络,而专用网络也有类似的 VLAN。

公共主子网

200.0.0.72  Reserved    Network
200.0.0.73  Reserved    Gateway
200.0.0.74  Reserved    Primary IP for future server only
200.0.0.75  In Use  host.mydomain.com
200.0.0.76  Reserved    Primary IP for future server only
200.0.0.77  Reserved    Primary IP for future server only
200.0.0.78  Reserved    Primary IP for future server only
200.0.0.79  Reserved    Broadcast

公共可移植子网

200.0.1.240 Reserved    Network
200.0.1.241 Reserved    Gateway
200.0.1.242 Available   vm1.mydomain.com
200.0.1.243 Available   <<available for vm>>
200.0.1.244 Available   <<available for vm>>
200.0.1.245 Available   <<available for vm>>
200.0.1.246 Available   <<available for vm>>
200.0.1.247 Reserved    Broadcast

私有主子网

10.0.0.128  Reserved    Network
10.0.0.129  Reserved    Gateway
10.0.0.130  Reserved    Primary IP for future server only
10.0.0.131  Reserved    Primary IP for future server only
10.0.0.132  Reserved    Primary IP for future server only
10.0.0.133  Reserved    Primary IP for future server only
10.0.0.134  Reserved    Primary IP for future server only
10.0.0.135  Reserved    Primary IP for future server only
10.0.0.136  Reserved    Primary IP for future server only
10.0.0.137  Reserved    Primary IP for future server only
10.0.0.138  In Use  host.mydomain.com
10.0.0.139  Reserved    Primary IP for future server only
10.0.0.140  Reserved    Primary IP for future server only
10.0.0.141  Reserved    Primary IP for future server only
10.0.0.142  Reserved    Primary IP for future server only
10.0.0.143  Reserved    Primary IP for future server only
10.0.0.144  Reserved    Primary IP for future server only
10.0.0.145  Reserved    Primary IP for future server only
10.0.0.146  Reserved    Primary IP for future server only
10.0.0.147  Reserved    Primary IP for future server only
10.0.0.148  Reserved    Primary IP for future server only
10.0.0.149  In Use  host.mydomain.com
10.0.0.150  Reserved    Primary IP for future server only
10.0.0.151  Reserved    Primary IP for future server only
10.0.0.152  Reserved    Primary IP for future server only

私有可移植子网

10.0.1.216  Reserved    Network
10.0.1.217  Reserved    Gateway
10.0.1.218  Available   vm1.mydomain.com
10.0.1.219  Available   <<available for vm>>
10.0.1.220  Available   <<available for vm>>
10.0.1.221  Available   <<available for vm>>
10.0.1.222  Available   <<available for vm>>
10.0.1.223  Reserved    Broadcast

答案1

我认为没有 VLAN。如果您想将所有 4 个子网共享给虚拟机,则应在网桥上分配它们。接口文件应该是:

############################################
#For more information, see interfaces(5).
############################################
##Loopback
auto lo
iface lo inet loopback

## Setup bond0 interface - INTERNAL CONNECTIONS
auto bond0
iface bond0 inet manual
bond-slaves eth0 eth2
bond-mode 4
bond-lacp-rate fast
bond-miimon 100
bond-downdelay 0
bond-updelay 0
bond-xmit_hash_policy 1

auto eth0
iface eth0 inet manual
bond-master bond0

auto eth2
iface eth2 inet manual
bond-master bond0

## Setup VLAN ID 1201 on bond0 interface
auto bond0.1201
iface bond0.1201 inet manual
vlan_raw_device bond0

auto br0
iface br0 inet static
address 10.0.0.138
netmask 255.255.255.192
bridge_ports bond0.1201
bridge_stp off
up route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.0.0.129

auto br0:1
iface br0:1 inet static
address 10.0.1.218
netmask 255.255.255.192

## Setup bond1 interface - EXTERNAL CONNECTIONS
auto bond1
iface bond1 inet manual
bond-slaves eth1 eth3
bond-mode 4
bond-lacp-rate fast
bond-miimon 100
bond-downdelay 0
bond-updelay 0
bond-xmit_hash_policy 1

auto eth1
iface eth1 inet manual
bond-master bond1

auto eth3
iface eth3 inet manual
bond-master bond1

## Setup VLAN ID 1200 on bond1 interface
auto bond1.1200
iface bond1.1200 inet manual
vlan_raw_device bond1

auto br1
iface br1 inet static
address 200.0.0.75
netmask 255.255.255.248
gateway 200.0.0.73
post-up echo 0 > /sys/devices/virtual/net/br1/bridge/multicast_snooping
bridge_ports bond1.1200
bridge_stp off

auto br1:1
iface br1:1 inet static
address 200.0.1.242
netmask 255.255.255.248

相关内容