配置拓撲
這裡使用ens33接口位址來建立隧道,使用ens37接口位址做隧道接口辨別,使用ens38接口位址來模拟私網業務位址。實際場景中,用于建立隧道的位址是公網位址,而業務位址是私網位址,GRE隧道使得私網位址空間不會暴露于公網。
具體配置
1. node02
- 開啟路由轉發,加載GRE協定子產品。
# 開啟ipv4路由轉發
echo 1 > /proc/sys/net/ipv4/ip_forward
# 檢視GRE核心子產品資訊
modinfo ip_gre
# 檢視GRE核心子產品是否安裝
lsmod | grep ip_gre
# 加載GRE核心子產品 - 建立隧道虛接口tunnel2并配置隧道接口ip(隧道辨別)。
# 配置GRE隧道的source和destination ip(外部,公網位址)
ip tunnel add tunnel2 mode gre local 192.168.91.129 remote 192.168.91.130 ttl 255 dev ens33
# 配置GRE tunnel接口的隧道辨別(在數通裝置上可以通過ip unnumber借用其他接口的primary ip)
ip addr add 172.16.18.10 dev tunnel2 peer 172.16.20.20/24
# 開啟tunnel2接口
ip link set dev tunnel2 up
# 檢視tunnel接口
ifconfig - 添加指向隧道接口的路由以引導流量進入隧道。
# 添加私網路由指向隧道口 2. node03
- 開啟路由轉發,加載GRE協定子產品。
# 開啟ipv4路由轉發
echo 1 > /proc/sys/net/ipv4/ip_forward
# 加載GRE核心子產品 - 建立隧道虛接口tunnel2并配置隧道接口ip(隧道辨別)。
# 配置GRE隧道的source和destination ip(外部,公網位址)
ip tunnel add tunnel2 mode gre local 192.168.91.130 remote 192.168.91.129 ttl 255 dev ens33
# 配置GRE tunnel接口的隧道辨別(在數通裝置上可以通過ip unnumber借用其他接口的primary ip)
ip addr add 172.16.20.20 dev tunnel2 peer 172.16.18.10/24
# 開啟tunnel2接口
ip link set - 添加指向隧道接口的路由以引導流量進入隧道。
# 添加私網路由指向隧道口 3. 檢視路由表
route -n # 推薦此法
或者
netstat 4. 驗證
- 隧道建立
[root@node02 ~]# ping -c3 -I 10.10.10.10 10.10.20.20
PING 10.10.20.20 (10.10.20.20) from 10.10.10.10 : 56(84) bytes of data.
64 bytes from 10.10.20.20: icmp_seq=1 ttl=64 time=0.708 ms
64 bytes from 10.10.20.20: icmp_seq=2 ttl=64 time=0.523 ms
64 bytes from 10.10.20.20: icmp_seq=3 ttl=64 time=0.555 ms
--- 10.10.20.20 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.523/0.595/0.708/0.083 ms
[root@node02 ~]# ping -c3 -I 172.16.18.10 172.16.20.20
PING 172.16.20.20 (172.16.20.20) from 172.16.18.10 : 56(84) bytes of data.
64 bytes from 172.16.20.20: icmp_seq=1 ttl=64 time=1.12 ms
64 bytes from 172.16.20.20: icmp_seq=2 ttl=64 time=0.509 ms
64 bytes from 172.16.20.20: icmp_seq=3 ttl=64 time=0.469 ms
--- 172.16.20.20 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2006ms
rtt min/avg/max/mdev = - 隧道拆除
将tunnel2接口shutdown
ip link set 再進行ping測試
[root@node02 ~]# ping -c3 -I 10.10.10.10 10.10.20.20
PING 10.10.20.20 (10.10.20.20) from 10.10.10.10 : 56(84) bytes of data.
--- 10.10.20.20 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2017ms
[root@node02 ~]# ping -c3 -I 172.16.18.10 172.16.20.20
PING 172.16.20.20 (172.16.20.20) from 172.16.18.10 : 56(84) bytes of data.
--- 172.16.20.20 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 5. 配置多個環回位址
在上述的配置中可以發現啟用了多個實體網卡來提供本地IP,但在實際應用中可能不具備這樣的條件。配置多個環回口位址是一個解決思路。
操作步驟如下:
cd /etc/sysconfig/network-scripts/
cp ifcfg-lo ifcfg-lo:1
vim ifcfg-lo:1
----------------------------------------------------
DEVICE=lo:1
IPADDR=10.199.18.16
NETMASK=255.255.255.255
ONBOOT=yes
NAME=loopback1
----------------------------------------------------
systemctl restart network
ifconfig
----------------------------------------------------
lo:1: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 10.199.18.16 netmask 255.255.255.255
loop txqueuelen 1000 (Local Loopback)
----------------------------------------------------
ip a
----------------------------------------------------
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 10.199.18.16/32 brd 10.199.18.16 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
----------------------------------------------------
[root@node01 network-scripts]# ping -c3 10.199.18.16
PING 10.199.18.16 (10.199.18.16) 56(84) bytes of data.
64 bytes from 10.199.18.16: icmp_seq=1 ttl=64 time=0.045 ms
64 bytes from 10.199.18.16: icmp_seq=2 ttl=64 time=0.050 ms
64 bytes from 10.199.18.16: icmp_seq=3 ttl=64 time=0.053 ms ip addr add 10.199.18.16/32 dev lo:1 ![關鍵字提取算法[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)