Best practices for using multiple network interfaces (interfaces)

I recently tested the server with five NICs. Some exceptions were found during the test. Due to lack of understanding about the working mode of multiple NICs, therefore, I tried to translate an article that is interesting for multi-nic network connections. Although it is a product description and a solution to the problem, I still feel that it is helpful to understand network transmission;

Some words are translated according to your own understanding, and may not meet the standards. This is the second time I translated a complete English Technical Document.

Address: http://www.ni.com/white-paper/12558/en

Http://download.csdn.net/detail/julius_lee/5599489 (csdn)

First, we will introduce:

NI Labview real-time module

NI Labview real-time module is a complete solution for creating reliable and independent embedded systems through graphical programming. As an additional software for the LabVIEW development environment, the LabVIEW real-time module helps develop and debug graphical applications that can be downloaded to embedded hardware devices (such: ni compactrio, ni single-board Rio, PXI, visual systems, and even third-party PCs) are executed on these devices.

Best practices for using multiple network interfaces (response) with Ni Products

Overview:

At present, it is very common for PCs or embedded devices to have more than one network card, especially in systems with both wired and wireless networks. However, if a single Nic parameter is set improperly in the network layout, the network connection problem may occur when multiple NICs are connected. This document outlines the basic concepts of the network, explains why improper operations under multiple NICs cause problems, and provides some effective methods to configure the network under multiple NICs. In addition, several common application scenarios are explored, including the complex network configuration functions of Ni products in the real-time monitoring system (Ni real-time hypervisor.

Directory: 1. Background: World Wide Web basics 2. Multi-nic configuration method 3. Application Scenario 4. Other resources

1-1 Background: World Wide Web Basics

Before explaining the actual configuration scheme for multiple NICs, it is necessary to first understand the basic network knowledge. The following section describes how to confirm the IP address of a single network adapter, the network packet transmission path, and the typical network data transmission mode.

If you are very familiar with this concept, or do not care about the reasons behind the configuration of multiple NICs, you can skip this section and directly read the method for configuring multiple NICs in directory 2.

Data link layer: physical address

Just like a home address or company address, you must use an ordered arrangement to receive emails. Each network interface on the World Wide Web is assigned a unique address, that is, the address of the specified Media Access Controller (MAC. A mac address consists of 48 bits, usually composed of two hexadecimal numbers in a group, such as: (e.g. 01: 23: 45: 67: 89: AB ). The MAC address or other specified NIC address is generally identified on the device and tag, and can be set through the operating system software.

When network data is transmitted between two computers, the data is divided into many so-called "packets" for transmission. These packets contain the MAC address of the acceptor interface, each port maintains the packet sent by the listener to this unique address.

Figure 1: Each Nic has a unique MAC address. If one machine has multiple NICs, the addresses of each Nic must be different.

Network Address Layer

If every computer in the world is connected together and the MAC addresses of all other computers are known, no other address protocols are needed. However, there are several reasons to prove that this is obviously impractical.

First, if such a large public connection is formed, frequent packet conflicts will inevitably lead to unreliable communication. Second, saving the MAC addresses of all computer devices in the world requires a huge amount of memory capacity, and this method is not an optimal strategy in response to the increasing access to devices.

IP address (IPv4)

Obviously, in order to allow all computers to communicate over the Internet, it is necessary to have a special address allocation scheme. In practice, you can specify one or more IP addresses for each MAC address, so that some IP addresses are enabled when most of the network is blocked through the "small pool", rather than starting these IP addresses through mass machine transmission. In fact, the IP address is limited by 32-bit values, which are usually expressed by four groups of three-digit decimal numbers, such as 192.168.100.100. Assume that 10 computers in the network are configured as follows, and their IP addresses are from 192.168.100.0 to 192.168.100.9. If all the Machine Communication rules are as follows: the IP address must be 192.168.100.xxx to authorize access to the switch network, it is easier to determine whether to access other networks to communicate with a specified IP address.

Rule example: All NICs with IP addresses 192.168.100.0 to 192.168.100.255 are connected to the local LAN, and NICs with other IP addresses are not in the local network.

Table 1: Since IP addresses can be set to any network adapter, some IP addresses may be set for a group of network adapters in the LAN, it is also easy to distinguish whether these IP addresses are in the local network or outside the network.

Using this simple principle to consider the problem has obvious advantages. Since MAC addresses are not distributed regularly on a series of machines (they are generally randomly allocated by the supplier), and the IP addresses can be configured by users themselves, therefore, IP addresses can be allocated by logic or in hierarchical mode. In this way, computers in a small LAN can communicate with each other through local connections, thus reducing data conflicts in large network connections. In addition, although there are more than 2 ^ 32 network interfaces connecting to Ethernet in the world, these machines can still access Ethernet, mainly through network address translation (NAT ), IP address reuse is achieved through a small network. However, more discussions about Nat are beyond the scope of this tutorial.

Generally, IP addresses in 10. x, 192.168.x.x, or 172. x. x format are used. The main reason is that the changed IP address has been specified as used in the private network by default. Therefore, if you use one of the IP addresses, it is certain that no other public server (such as Google.com) will use the same IP address as you.

In this case, information exchange usually uses the IPv4 protocol. The next version of the network protocol IPv6 will use a 128-bit address, but it does not seem to be widely used yet (although it is expected to be gradually used in the next few years ).

Subnet Mask

When I want to send a message to a specified IP address, how does this computer determine that it is in a local network connection? Or what can I access external networks? In other words, if we want the computer to follow certain rules to complete the example mentioned above, how should we specify this rule?

One of the key parts is the subnet mask, which is a 32-bit numeric string (for example, 255.255.255.255.192) composed of four numbers in a row similar to the IP address ). When one of the 32 bits is 1, it means that the IP address of the sender is different from the IP address of the receiver, and the packets must be routed to other external networks. On the contrary, if this bit is 0, it does not have much impact on whether the IP addresses are different. If all the other bits are the same between the addresses of the receiving and sending terminals, the acceptor is considered to be in the same local connection network.

Figure 2: Subnet Mask provides a rule to distinguish which addresses belong to the local connection network and which are connected to the external network.

Gateway and default gateway

How does a network packet transmit between a local network and an external network? This process is generally completed by the so-called routing, that is, the gateway that is often implicitly referred to (in this tutorial, these two terms are often used in an equivalent way ). For each Nic connected to a computer, you usually specify an IP address, subnet mask, and default gateway. The default gateway is the address of the route to be used when data must be transferred to a local network.

ARP request

Here, we need to note that at the bottom layer, the transmission of each packet must go through the MAC address. Although the IP address provides some advantages in subnet connection, it is important to note that only knowing the IP address information of the remote computer Nic is far from enough to ensure that the data can be completely reached by the computer. For example, two computers exchange data over a remote network, and the transmission process may go through several routes. That is to say, a data packet must be transmitted to the first route through the computer at the sending end, then from the first route to the next route, and so on until the last data packet reaches the destination computer. Therefore, determining the MAC address of the acceptor route and the MAC address of the computer interface is very important for the transmission of data packets in the interconnected network.

Suppose we now know the IP address of a target computer in the local network: How does the source computer obtain the correct MAC address for packet sending? This requires ARP (Address Resolution Protocol) protocol. In the above case, the sender's computer will send a special so-called ARP request broadcast information to the local network (request the MAC address with a fixed IP address ). All devices in the Network will continue to listen for this type of special requests. If their IP addresses match, they will immediately respond with the MAC address. Once the sender's computer receives the MAC address information, the computer usually stores the MAC address and IP address information in the cache table for later use. This method avoids sending ARP requests to the same target interface.

Figure 3: when a computer sends data to a remote network interface, the MAC address of the interface must be known. If you do not know the MAC address, the computer will use the ARP Protocol to request the specified IP address, and then the target machine will return its MAC address.

Information

If the route on the Network identifies that the IP request comes from outside the local network, it can also use its own MAC address for ARP response. This is the so-called "ARP proxy"

Summary: Ethernet packet transmission analysis

Let's briefly review how the next network packet is transmitted between the source and target computers. Assume that the source computer contains multiple Nic interfaces.

1. network data packets are prepared and sent by the source computer (this action is done by the application or operating system ). The information contained in the packet includes the IP address of the receiving end (which may have been obtained through the DNS server );

2. If the cached ARP entry information already contains the Mac information of the IP address consistent with the acceptor, you can directly jump to step 4;

3. The sender checks whether the IP address of the packet matches the subnet mask of its Nic device:

A. If the IP address does not match the subnet of the corresponding Nic, the ARP request will be sent by the NIC;

B. If the IP address does not match the subnet of any Nic, the sender checks the default gateway of each Nic interface;

I. If all the network ports have only one default gateway, it adds its MAC address to the ARP request or resends the ARP request to obtain the MAC address of the gateway;

II. If multiple Default Gateway entries are included, a minimum gateway entry is selected (determined by the actual operating system usage ). Obtain the MAC address information from the ARP table or resend the ARP request to obtain the MAC address of the gateway.

Iii. If there is no default gateway entry, an ARP request is sent to one or more network ports to check whether its MAC (ARP proxy) is used to respond to the gateway.

4. Use the MAC address to send Ethernet packets from ARP requests or ARP caches. If the ARP request does not produce a result, the packet is not transmitted successfully. If the receiving end is in a remote subnet connection, the data packet is sent to the router, and then the router sends the data packet to the next connection, so that the data will eventually arrive at the receiving end.

1-2 how to configure multiple NICs

When using a computer with multiple NICs, You must be more careful with network settings to avoid debugging problems after connection problems occur. Follow these steps to ensure that your multi-nic system works properly. This includes any PC or embedded device that runs the desktop operating system and LabVIEW, and any NI Labview real-time with multi-nic interface targets.

Principle 1: Be careful when Automatically Obtaining IP addresses (using DHCP or connecting to a local address)

Most operating systems automatically obtain the default TCP/IP Settings (IP address, subnet mask, default gateway) through the DHCP service ). If the DHCP service is not found, it is often used to configure a local connection address for it through the operating system, generally 169.154.x.x change type.

Make sure that you are familiar with the DHCP service in your network and know which IP address and subnet it uses. Similarly, you need to know which computer NICs in your network are using DHCP or are not using DHCP to configure IP addresses in the 169.254.x.x segment. If you are not clear about the situation of Automatically Obtaining IP addresses on your network, you may be able to break down Principle 2 or principle 3 below.

If possible, manually set an IP address for each network adapter on your computer to fix your network configuration. However, if other DHCP client services are not provided on your network, DHCP may become unavailable.

Principle 2: Avoid configuring the same subnet to multiple NICs on the same computer

If the same subnet is used in the System Configuration of multiple NICs, the connection problem in #1 may occur. Although some operating systems can flexibly process the use of the same subnet under multiple NICs, other systems may try to send packets abnormally from incorrect interfaces. You can also configure a static IP address in the range of 192.168.x.x and subnet mask 255.255.255.0.0 for a network card (which requires that other networks are connected to the computer's network card, the IP address 10.0.x.x and subnet mask 255.255.0.0 are set for the other network adapter. However, this is only one of the configuration methods. The other two or more different subnet configuration methods can also be effective. However, we strongly recommend that you use an IP address within the change range of the private IP address for network configuration. Otherwise, it is difficult to avoid IP conflicts with the public network.

In actual use, there is almost no reason to configure multiple NICs in one subnet at the same time. A more advanced configuration that is contrary to this setting method is a network adapter combination, which can increase the bandwidth under multiple network adapters. However, the detailed method of this configuration is beyond the scope of this article.

Figure 4: When a controller with multiple NICS is configured, each Nic should communicate with different subnets. If two or more NICs are configured with the same subnet, communication problems may occur.

Multiple NICs are configured with the same subnet. One of the most common scenarios is that when both wired and wireless networks are connected to the same network. Although some systems can handle this situation flexibly, check whether the wired and wireless networks exist in different subnets at the same time, or it is best to disable another network card when one network card is used.

Principle 3: Avoid setting different default gateways for multiple NICs

When the destination IP address does not belong to any Nic subnet, the default gateway is enabled to transfer packets to the external network. If multiple default gateways exist, data packets may be incorrectly routed to the external network, resulting in network unavailability.

In most cases, you should configure a fixed address for all computer NICs connected to the network using the same subnet, and set the default gateway of this interface to null. Typically, only one network card with a gateway configured can connect to the network or the enterprise network connection should have a specified default gateway.

Table 2: When you use the TCP/IP protocol to configure multiple network card systems, configuring the default gateway for only one network card is the best choice. It is also possible to automatically obtain one of the default gateway addresses through the DHCP service.

In other cases, for example, when a gateway is bound to a subnet and connected to a different Nic, You can manually specify a network route (this is a more advanced configuration method ), you can also leave the default gateway blank for all NICs.

Although it is more efficient to specify the default gateway on one of the Network Ports (this method avoids the need for many packets during ARP external transmission ), leave all default gateways blank to avoid network problems caused by multiple gateways. However, this policy takes effect only when the gateway supports ARP proxy.

1-3 Use Cases

Case 1: one connection to the public network and one Nic to connect to the LAN

In this case, the two Nic interfaces of a PC host are connected to the enterprise network that can connect to the Ethernet (through Nic 1) and several local networks connected to NI Labview real-time (through network port 2 ). The network in the enterprise network is set to: the DHCP address of network port 1 changes within the range of 10.0.x.x, The subnet mask is 255.0.0, and the default gateway route address is 10.0.0.1.

Figure 5: In this case, the multi-nic controller (Computer) is connected to the Ethernet Enterprise Network and the local LAN.

From the above steps, we can see that Nic 2 uses a static IP Address outside the range of 10.0.x.x for local LAN connection. Although the IP address may not be in the range of 10.1.x.x in a subnet, it may be 10. x. x. some other IP addresses in segment X are already used in additional public network servers and other networks. Therefore, it is relatively reliable and secure to use IP addresses within the range of 192.168.x.x in the LAN.

Because we work in a small number of NI Labview real-time system LAN environments, we can use the subnet mask 255.255.255.0 and a static IP address in the range of 192.168.0.x; in this way, you can connect up to 255 network ports to this subnet. Simply put, the IP address of the network port (NIC 2) of the Computer Host should be set to 192.168.0.1.

It is very important to set the default gateway of NIC 2 of the host to null. In this way, just as we expected, the host will only enable the default gateway of NIC 1 to connect to Ethernet. In addition, the default gateways of devices on NI Labview real-time can also be set to null, because they only need to communicate between local subnets (because there is no gateway at all)

Table 3: This table shows a possible IP Address Configuration method in Figure 5 above. Note that the two network ports are connected to different subnets, and only the default gateway address of one network card is specified.

Scenario 2: Use a virtual network (local development) to configure a real-time monitoring system for Ni Products

Ni real-time monitoring systems run on Windows or Linux operating systems and run together with NI Labview real-time. Each physical network card in the operating system or NI Labview real-time system can be allocated and the virtual network card (implemented by software simulation) it can also be allocated to various operating systems to simplify information exchange within the system.

Figure 6: In this scenario, the real-time monitoring controller runs independently on Windows XP and NI Labview real-time systems. Another system is connected to each other through a set of virtual NICs, and each system is connected with a physical network cartoon public network and Ethernet.

In this case, two physical NICs are available and the internal virtual network is connected to an available real-time monitoring system. One physical Nic is assigned to the Windows XP system, and the other is used in the NI Labview real-time system. In addition, each system can have two NICs (one virtual network connection and one physical connection ). In this way, Windows XP in the monitoring system can be called and developed by NI Labview real-time applications.

In another case, a physical connection can be connected to a public network through any system for Ethernet communication, the virtual network card is only used for communication between the NI Labview Real-Time System and Windows XP system. The IP addresses of the two physical network card controllers must be listened through DHCP to connect to the public network, in this way, the IP address range is 10.0.0.x, The subnet mask is 255.255.255.0, And the gateway address is 10.0.0.1.

From the above situation, we can see that we should set static IP addresses in different subnets for each virtual network card, instead of using physical network cards in each system. Although 10. x. x. some IP addresses within the range of X may have been used, but for the sake of security, we can separately set the IP addresses of Windows XP or NI Labview Real-Time System NICs to 192.168.0.1 and 192.168.0.2, respectively, the subnet mask is set to 255.255.255.0.

Because we want both Windows XP and NI Labview real-time systems to be connected to the network through the physical Nic adapter, only one adapter can be set to the default gateway, the default gateway entry for the two virtual NICs must also be set to null. Note that each operating system can have only one specified default gateway.

Table 4: This table shows one of the six system IP Address Configuration methods. Because a dual-system is running in this single-monitor controller environment, it is important to ensure that each Nic of each system is connected to a separate subnet, and there is only one default gateway.

Case 3: Use Virtual Network (Remote development) to configure the real-time monitoring system of Ni Products

In this scenario, two physical NICs are also applied in a real-time monitoring system that includes virtual network connections, as in Case 2 above. However, the physical NIC will not be used for Ethernet connections, but will be called after the NI Labview Real-Time is connected to the PC host.

Figure 7: In this case, NI Labview real-time in the Ni real-time monitoring system is connected to a remote Windows PC to provide R & D support for NI Labview real-time development applications.

The physical network adapter in Windows still uses the DHCP service to set the IP address and subnet mask 255.255.255.0 in the range of 10.0.0.x. The virtual network connection in Windows XP and NI Labview real-time systems will use 192.168.0.1 and 192.168.0.2 static IP addresses separately. The corresponding subnet mask is 255.255.0.0 and the default gateway is empty.

To ensure that it is a physical Nic rather than a virtual NIC that uses different subnets In the NI Labview real-time system, you are advised to use the IP address in the range of 192.168.1.x and the subnet mask of 255.255.255.0. Therefore, the remote PC Nic and the NI Labview real-time Nic can communicate independently by setting the subnet mask to 255.255.255.0 and the static IP addresses to 192.168.1.1 and 192.168.1.2 respectively. Still the same, because it is not connected with the Internet (there is no gateway in this subnet), neither of the two NICs needs to set the default gateway.

Table 5: In this case, a remote NI Labview real-time R & D device is added. The IP address must be set to a remote PC and can be connected to the NI Labview real-time in the monitoring system.

In addition to the above, there are more configuration information to be aware of, including remote PC development machine and NI Labview real-time target machine (can be connected to Ethernet) How to Use the DHCP service, or how other NICs of the NI Labview real-time target machine and remote computer are connected to Ethernet.

Case 4: connect to two inaccessible networks (advanced)

Sometimes there is a more advanced application scenario, that is, the computer that needs to configure a dual Nic and communicate with different local connections (this time there is only one operating system ). Each Nic is equipped with a gateway to forward data packets to different external networks.

Figure 8: In this complex scenario, a dual-nic computer is connected to two networks in different paths. Especially when the external network is not a local network subnet, this TCP/IP configuration will be more complex.

Assume that local connection a uses an IP address in the form of 10.0.0.x, subnet mask in the form of 255.255.255.0, Local Connection B uses an IP address in the form of 10.0.1.x, and subnet mask in the form of 255.255.255.0. Local Connection A is connected to an external network C with the IP address 192.168.0.x and subnet mask 255.255.0 through the gateway. Similarly, local connection B is connected to an external network C with the IP address 192.168.1.x through the gateway, the subnet mask 255.255.255.0 external network D is connected ..

Our goal is to connect both NICs of the PC to any network. Therefore, we can set the IP address to 10.0.0.5 and the subnet mask to 255.255.255.0 to connect a NIC to a local connection, set the IP address of the second network adapter to 10.0.1.5 and the subnet mask to 255.255.255.0 to connect to local connection B. If the default gateway is left blank, packets sent to the outside are destined to be transmitted from the wrong gateway. This is what we do not want to see.

To solve this problem, we can set the default gateway entry of the two NICs to null and manually configure the transmission path of the data packets in the system. Although the configurations of different systems vary greatly, most users can configure other designated transmission paths on their own. The configuration of these paths takes effect only after the system is restarted. In particular, in order to use the IP address between the network connection A and the C (such as 10.0.0.1) gateway, we need to add a path with the IP address 192.168.0.x and subnet mask 255.255.255.0. You also need to add a gateway with the IP address 192.168.1.x and subnet mask 255.255.0 between the network connection B and D (such as 10.0.1.1.

Table 6: although only one Nic controller can communicate with the gateway (public network or Ethernet ), however, other complicated 8-way configuration methods may require a special system access path to run properly.

As the subnet increases significantly, more routes need to be added. In reality, most network connection settings avoid this complicated configuration by ensuring that each computer has only one gateway for network connection.

1-4 Other Resources

Guidance: a preliminary understanding of Dual-nic Real-Time Controller

Software Configuration and hardware firewall for Ni Products

For reprint or reference, enter the address http://blog.csdn.net/julius_lee/article/details/9057563,thank you!