Network Fundamentals
Attention:
High cost of leased line, corresponding security is also high
Lower cost for ordinary networks, but less security
Web application:
Web browser: Chrome, IE, Firefox, 360 ...
Instant message: QQ, nail nail ...
E-mail: Outlook, Foxmail ...
Collaboration: Video conferencing, VNC, Netmeeting, WebEx ...
Web services: Apache, Nginx, IIS ...
File Sharing: FTP, NFS, Samba ...
Database: MySQL, MariaDB, MongoDB ...
Middleware services: Tomcat, JBoss
Security services: NetFilter
The needs of the user application for the network
Batch processing applications:
FTP, TFTP, inventory update
No direct human interaction required
Bandwidth is important, but not a key factor
Interactive applications:
Inventory inquiries, database updates
Interactive
The user needs to wait for a response, so the response time is important, but not a critical factor, unless you wait a long time
Real-time applications:
Voice, video
People interacting with people
End-to-end latency is critical
Network features
Bandwidth (speed) (usually said bandwidth is in MB (bit) units, to be in megabytes (byte) to divide 8)
Cost
Security
Availability (normal time/total time, higher percentage of availability)
Scalability (leveraging device modularity, increased redundancy, increased scalability)
Reliability
Topology
Topology Description:
Total line (coaxial cable)
Ring: Signal surround transmission with single point of failure
Dual ring Type: FDDI (optical digital Distributed Interface) for urban networks
Star: Common, but there is a single point of failure problem, with redundant technology to solve, but cost-consuming
Extended star: Stronger resilience than star type
Full mesh: Fault-tolerant, high-cost
Network Model tiering
Note: Easy to mix concept
OSI: Open Systems Interconnection (network GB)
ISO: International Organization for Standardization
IOS: Apple OS, Cisco device operating system
IEEE: International organization of Electrical and electronic Engineers
OSI model (layer 7):
7-Application layer: Providing network services for application processes
6-Presentation layer: Formatted data (binary conversion to readability data), providing encryption capabilities
5-Session Layer: Establish, manage, and terminate sessions between applications
4-Transport Layer: Data Segment (segment), TCP protocol reliable, UDP protocol unreliable
3-Network layer: Packet (packet), identification of logical address (IP address), with routing capability
2-Data Link layer: Format data, form data frame (frame), support check (CRC), identify physical (MAC) address
, MTU Max transmission Unit
1-Physical layer: interconnection between hardware devices, data (102 binary) transmitted in bit units
Hierarchical relationship:
The lower layer provides services for the adjacent upper layer
Data encapsulation
Top-down layer encapsulation (in addition to the physical layer), the data link layer not only encapsulates the header but also adds an FCS (frame check sequence)
Data unpacking
Bottom-up layer-by-layer solution
Realize:
Layers 1 and 2: implemented by network card
Layers 3 and 4: implemented by the operating system
5/6/7 layer: implemented by the application
Pdu
Protocol data Uint, Protocol data unit, refers to the unit of units passed between peer levels
1-bit
2-frame
3-packet
4-segment
5, 6, 7-message
Three modes of communication
1, Unicast (unicast): Communication target is single, all can receive, but only the target will not be discarded
Attached: The network card is set to promiscuous mode, it can receive all (Hub hub scenario)
2. Broadcasting (broadcast): Communication target is all
3, Multicast (multicast): Communication target is within the group, applicable to the cluster environment
Wan
Wan,wide area Network with maximum coverage
Metropolitan Area Network
Man,metropolitan area Netwrk, a computer communication network established in the city
Lan
Lan,local Area Network
Composition
Computers:
Pcs
Server
Interconnection (Mutual contact):
NICs (network card)
Media (Network cable)
Network devices (Networking device):
Hubs
Switches
Routers
Protocol (protocol):
Ethernet
Ip
Arp
Dhcp
...
Physical layer and Data link layer
Network cable
Coaxial (coaxial cable)
Fiber-optic (fiber optics, being popularized)
Twisted-pair (twisted pair, now still the most common)
UTP (unshielded, unshielded twisted pair, commonly used)
STP (shielded, shielded twisted pair, strong anti-jamming, high cost)
UTP
Line order:
T568A (OBSOLETE): Green white, green, orange white, blue, blue white, orange, brown white, brown
T568B: Orange-white, orange, green-white, blue, blue-white, green, brown-white, brown
Attention:
100M, the line sequence can be randomly ordered, as long as one by one corresponding (only 1236 to get)
More than 100M, if not in line order, will cause serious electromagnetic interference, resulting in data loss
Straight line (Straight-through):
Use the same line sequence at both ends, i.e. straight line (for different devices connected)
Crossover Line (Crossover):
One end with a, b at one end, i.e. a crossover line (for the same device, special case: switch (non-household type) and computer phase
Even
LAN Standard
Early IEEE 802.3 (WiFi Protocol IEEE 802.11)
Now Ethernet2
The ETHERNET2 protocol has been superseded by IEEE 802.3
Frame structure
Ethernet2: (72-1526byte)
8byte-Preamble Information
6byte-Destination Address (Destination Address,mac address)
6byte-Source Address
2byte-types (type, upper-level protocol types)
46--1500byte-(data)
4byte-fcs (Checksum information)
MAC address composition
48-bit binary composition
Accounted for 6 bytes
The first three bytes represent the factory number (OUI)
The second three bytes are specified by the manufacturer
Mac World Unique
Early transfer Mode
Physical Layer Concept:
Simplex: Unidirectional transmission (radio, horn, Radio, early TV)
Duplex:
Half Duplex (half): Turns bidirectional (walkie-talkie)
Full Duplex: Simultaneous bidirectional (mobile)
Csma/cd
Carrier-Monitored multi-access/collision detection
With a total linetype topology, coaxial cable links
Communication mechanism:
Before sending data to listen to the dry channel has no data transmission, no transmission to send data, but it is possible that two clients simultaneously send the number
It causes a conflict, just wait for a random time to resend
Early mode of communication, working in 10M environment, low efficiency
Communication equipment
Hubs (hub, working on physical layer)
Multi-port relays (signals are attenuated during transmission and the role of the repeater is to amplify the signal halfway)
Characteristics:
Cannot remember source Mac and Destination Mac
Shared bandwidth
Half Duplex
Bridge (works on data link layer)
Function:
Extended Network bandwidth (share population one bandwidth per end)
The network conflict domain is separated so that the network conflict domain is limited to the smallest extent
(Conflict domain: Two hosts simultaneously sends the data, if in the network conflict, is called these two hosts in the same conflict domain, if
There is no conflict, it is said that the two hosts in different conflicts, the smaller the conflict area, the better.
But the bridge cannot partition the broadcast domain
(Broadcast domain: A host sends out broadcasts, the hosts received are all in the broadcast domain, the smaller the broadcast domain, the better)
Working principle:
Learn source Mac, build Mac table
For unknown MAC addresses, the bridge is forwarded to all ports except the port that receives the frame
When the bridge is connected to a data frame, the frame is filtered out of the data frame if its purpose is on the segment of the receiving port;
If the destination MAC address is on a different port, the bridge forwards the frame to that port
The bridge works similarly to the switch, which is equivalent to the upgraded version of the bridge
switch (switch, data link layer)
Characteristics:
Each interface, even if a conflict domain
Full Duplex
Good performance
But we can't cut the broadcast.
Report:
1, the network card may negotiate the communication method, but only according to the lower device communication way carries on the communication
2, network card is the physical layer and data link layer equipment
Routers (Router, network layer)
Function:
Separating broadcast domains
Select the optimal path to the destination in the routing table (routing function)
Can maintain and inspect routing information
Link Wan
Link different network segments
Note: Routing tables are not only available on routers, but on devices such as PCs and servers that need to communicate with the network.
Vlan
Virtual local area network, VPN
Function:
Separate broadcast domains (a partition broadcast in a switch that cannot be accessed between VLANs)
Provides network security (separates different department hosts from confidential leaks between different departments)
Flexible management
Trunk (trunk road): Not belonging to any VLAN, different VLANs can be passed through the Trunk Protocol (IEEE 802.1Q) to identify
Which VLAN the data is passed into (VLAN tags before data)
Hierarchical architecture of the network
Tiering from the Planning network:
Core layer: Enterprise Application Express forwarding, high-speed access server, core switch implementation
Distribution layer (distribution layer): Broadcast domain, routing, security, remote access, access layer aggregation, router implementation
Access layer: Terminal access, common switch implementation
Tcp / ip
Transmission Control Protocol/internet Protocol, Transmission Protocol/Internet Interconnection Protocol
TCP/IP is a protocol stack (protocol stack) that includes TCP, IP, UDP (User Datagram Protocol), ICMP (control
Message protocol), RIP (Routing Information Protocol), Telnet (Telnet protocol), FTP (File Transfer Protocol), SMTP (
Simple Mail Transfer Protocol), ARP (Address Resolution Protocol), and many other protocols
Defines a four-tier model that corresponds to the layering of the OSI reference Model
TCP/IP model (four tiers):
Application Layer-->5,6,7
3-Transport Layer-->4
2-internet Layer-->3
1-Network access Layer-->1,2
The protocols that are owned by each layer:
4:ftp, TFTP, NFS (Network File System), HTTP, HTTPS, SMTP, DNS, POP3, IMAP, SSH,
Telnet...
3:TCP, UDP
2:ip, ICMP, ARP, RARP (reverse address Translation protocol)
1:ethernet
Transport Layer
Function:
Multiple sessions
Data slicing
Flow control (when required, under specific protocol)
File-oriented (depending on protocol)
Reliable transmission (depending on protocol)
Tcp
Transmission Control Protocol, the most widely used protocols
Reliable transmission, but poor performance
The packet has a transmission sequence (the packet is numbered)
For: E-mail, File sharing (shared), downloading
Characteristics:
Working in the Transport layer
Connection oriented (negotiated, stable and then transmitted)
Full Duplex
Semi-closed (supports one end closed)
Error checking
Data is packaged into segments, sorted
Acknowledgement mechanism (receive data send acknowledgement)
Data Recovery (retransmission)
Flow control (host performance is different, can negotiate transfer speed, sliding window)
Congestion control (wait on network busy, slow start and congestion algorithm)
TCP Header
First 32 bits, 0-15: Source port number, 16-31: Destination port number
Port number (identifies the upper-level application address):
2^16=65535, can represent 65,535 applications (each with a corresponding port number for each sequence)
0-1023: System port or privileged port (only available to administrators), such as (SSH), (HTTP), 443 (HTTPS),
(FTP), (TFTP), + (DNS), (SMTP), (POP3), (telnet)
1024-49151: User port or registration port, not strict requirements, can be assigned to program use, such as 1433 (SQL Server
), 1521 (Oracle), 3306 (mSQL), 11211 (memcached)
49152-65535: Dynamic port or private port, client randomly used port (server port fixed)
32-bit, package serial number, 2^32=42 billion, when the serial number is used up, the serial number will be re-numbered (the same serial number is distinguished by time stamp)
32-bit, confirmation number (send-side seq, receive-side ACK), send the end of a confirmation number (SEQ), the receiving end and then send a
Identification number (SEQ) and send a confirmation receipt (ack=seq+1)
4-bit, data offset, TCP header size variable, header length determined by offset
6-bit, reserved
6-bit, 1-urg emergency pointer bit, determine if the following emergency pointer is useful (0 invalid, 1 valid); 2-ack, confirm the previous
Confirmation number is valid (0 invalid, 1 valid); 3-psh, confirm the data received directly to the user or to buffer first
(0 cache, 1 through balls); 4-rst resets the bit to confirm transmission error (0 normal, 1 error); 5-syn, when the connection is established, the
Used to synchronize the serial number (only 1 in the first two handshakes); 6-fin, notify the other to close the connection (1)
16-bit, window, send data size, rely on sliding window technology to control the sending data size (number of data segments)
16-bit, checksum, provides additional reliability
16-bit, emergency pointer, marking the location of the emergency data in the data field
Not must have:
24-bit, option (variable length), Common options: Maximum message length, window enlargement, timestamp
8-bit, filled
TCP Three-time handshake (connection)
Client--syn=1,seq=x-->server (first time)
Client<--syn=1,ack=1,seq=y,ack=x+1--server (second time)
Client--ack=1,seq=x+1,ack=y+1--server (third time)
TCP four times Wave
Normal negotiation Disconnect Condition:
Both client and server may proactively send a disconnect request
--fin=1,seq=u--> (first time)
<--ack=1,seq=v,ack=u+1--(second time)
The passive side enters the off-waiting state and passes the remaining data out
<--fin=1,ack=1,seq=w,ack=u+1--(third time)
--ack=1,seq=u+1,ack=w+1--> (fourth time)
Active end enters time wait state (twice times MSL message lifetime), waiting for residual data to be collected
These are the ideal conditions.
Finite state machine FSM
Finite state machine,tcp The status of the client and server when shaking hands and waving
SYN attack
Using a forged IP to send a SYN request to the server, the server defaults accordingly and saves the packet state into memory waiting for the third time
Handshake, which consumes the server memory space, and when sending a SYN request to the server with a large number of forged IP will cause memory consumption to be exhausted
, causing the server to crash
Masking SYN Attacks with firewalls or related services
TC Timeout Retransmission
In the event of a network exception, a timeout or packet loss occurs, and the TCP service must be able to retransmit a TCP segment that has not received an acknowledgement.
To ensure its reliable service
Minimum retransmission: Default 3 times
Max retransmission: Default 15 times
Udp
User Datagram Protocol
Unreliable transmission, but good performance
No data packet number (in case of file corruption due to disorderly ordering)
For: Voice streaming (audio streaming), video streaming (streaming)
Characteristics:
Working in the Transport layer
Provides unreliable network access
Non-oriented connection
Limited Error checking
High Transmission performance
Countless data recovery
UDP header
First 32-bit, 16-bit source port number, 16-bit destination port number
16-bit, UDP length (long)
16-bit, UDP checksum (checksum)
Internet tier
ICMP protocol:
Internet Control Message Protocol, controlling message Protocol
Role:
Detect network connectivity and determine network status
The ping command is implemented based on the protocol (Tcpdump Icmp-nn can be tracked in real time, equivalent to the capture tool)
Principle: Sends ICMP packets to the target host, the other party receives the ICMP packet to indicate that the network is through;
Problem
Ping ip-s Specifies the packet size (up to 65507), which allows you to test the stability of the network (increasing the package to increase the network
Load, if the network is not stable, there will be packet loss phenomenon)
Dos attacks
Denial of services, denial of service attacks
Ping Ip-s 65507-f (flood, flooding), the sending end can send packets to the receiving end, without waiting for the receiving end
Response, so that the receiving end of the load increased sharply, resulting in the receiver terminal paralysis, which is an ICMP-based attack means
DDoS attacks
Distributed denial of Service attacks
Unite multiple hosts as attack platforms to launch Dos attacks
ARP protocol
Address Resolution Protocol, addresses resolution Protocol
Role:
Resolve IP address to MAC address
Principle:
Send a broadcast to the network to inquire who is the host of the IP address to be accessed, the corresponding host receives an inquiry, responds to the IP of the native
Address and MAC address to respond, the query receives a response to record the IP and Mac mappings in the native ARP table
Attention:
ARP is based on broadcast implementation, so he can not be implemented across the network segment, to cross the network segment, you need to first send the package to the gateway (connected routing
IP address of the interface), routing the corresponding network segment according to the routing table to realize the ARP function across the network segment
Linux View ARP table:
IP neigh
Arp-n
ARP attack
ARP spoofing is achieved by forging a mapping of IP addresses and MAC addresses to obtain the data sent by the target host
RARP protocol
Reverse Address Translation Protocol
Instance:
Diskless workstations (only cups, memory, no hard drives, no system on the host)
Request IP from the DHCP server at startup (provide your own MAC address request to assign an IP address)
The DHCP server assigns a fixed IP to the host based on the MAC-IP correspondence of the bindings
IP protocol
Internet protocol,internet protocol, the most important protocol
Characteristics
Run at the network layer
For no connection
Processing data packets independently
Hierarchical addressing (IP address divided into two parts, network bit and host bit)
Best effort transfer
Countless data recovery
IP header
4-bit, version (Ipv4,ipv6)
4 Bits, header length (IP header Length)
8-bit, differentiated services
16 Bits, total length (including the total length of the data, cannot exceed the MTU)
16 Bits, identification (after splitting the package, determine the Shard belongs to the package)
3-bit, flag (to determine whether the package is complete or split)
13 Bits, slice offset (slice is the first block of the package)
8-bit, time-to-Live (TTL, in number of routers, through a router-1, default 64)
8-bit, protocol (upper-level protocol type, TCP-6,UDP-17)
16-bit, header checksum
32-bit, source address (IP)
32-bit, destination address
32-bit, optional field (variable length) and padding
IP Address
The two parts are composed of:
Network bit: Identifies the network, assigning a network ID to each network segment
Host bit: Identifies a single host, assigned to the device by the manager
Mainstream Ipv4,ipv6 are not yet popular
IP address format:
Dotted decimal
The IP address is a 32-bit binary number that divides it into four sets of eight-bit binary numbers, making it readable, and each set of binaries can be converted into
Decimal
IP Calculation formula:
Network segment number =2^ variable network bit
Number of hosts in a network segment =2^ host bit-2
There are class IP address classifications:
Class A:
0XXXXXXX. x.x.x,1-126.x.x.x (10.0.0.0-10.255.255.255 as private IP address)
8-bit network bit, 24-bit main camera, 126 network segment, one network segment 16 million hosts
Class B:
10XXXXXX. x.x.x,128-191.x.x.x (172.16.0.0-172.31.255.255 as private IP address)
16-bit network bit, 16-bit main camera, 16,384 network segment, one network segment 65534 hosts
Class C:
110XXXXX. x.x.x,192-223.x.x.x (192.168.0.0-192.168.255.255 as private IP address)
24-bit network bit, 8-bit main camera, 2 million network segment, one network segment 254 hosts
Class D:
1110XXXX. x.x.x,224-239.x.x.x
Multicast address
Class E:
11110XXX. x.x.x,240-254.x.x.x
reserved, used as an experiment
Private Address:
a:10.0.0.0-10.255.255.255
b:172.16.0.0-172.31.255.255
c:192.168.0.0-192.168.255.255
Private addresses are more secure and the Internet does not have routing information for such addresses and is therefore inaccessible, but private addresses can be accessed through routing
Internet
Special Address:
0.0.0.0: Unknown network, commonly used as default (default) route
127.0.0.1: Local loopback (loop) address for testing
169.254.x.x: When the host uses DHCP to obtain IP automatically, once DHCP fails, the Windows system automatically assigns a
This address to the host.
255.255.255.255: Restricting broadcast addresses
Reserved address:
Two addresses in a network segment are reserved for non-use
Network address: 0 of all main seats
Broadcast address: 1 of all main seats
No class IP Address
CIDR (Classless Inter-domain routing):
x.x.x.x/n
Subnet Mask (netmask):
Specifies the IP address of the network bit (netmask=1), the host bit (netmask=0)
Determine if no class IP is in a network segment:
Compute Network Address (NETID,IP address vs. subnet mask), compare the same
Divide subnets (divide large networks into small networks):
Network bit unchanged, to the host bit borrow, borrow n bits can be more divided into 2^n network (the corresponding subnet mask will also change)
Merging networks (merging multiple small nets into one large network):
Premise: Network address of multiple small nets (NetID) to be the same
The host bit is unchanged, to the network bit borrow, has been borrowed to all small network bit the same, the same bit as the network bit of the large network
Cross-network segment communication
Multi-segment interconnect communication via routing
Each row in the routing table represents a path
Routing classifications:
Host routing: Path to a host (used in special cases)
Network routing: The path to a network segment (most used)
Default route (Default): Provides routing capabilities for targets not in the routing table, and routes that are typically at the boundary
Priority level:
Higher precision, higher priority (Host > Network > Default)
Routing table composition (simple):
1. Target: Destination path of packet sending
2. Subnet mask (netmask): Subnet mask for destination IP
3. Interface (interface): Egress of router
4, Gateway: direct and non-direct connection
(1) Direct connect: Do not need to match
(2) Non-direct connect: A port near this route that can reach the path of the network
Linux Basic Network Configuration
Host Name
Ip/netmask
Routing (default gateway)
DNS server (can be multiple)
CentOS6 Network Properties Configuration
Interface Naming method:
Ethernet: eth[0,1,2 ...]
ppp:ppp[0,1,2 ...]
The network interface identifies and names the associated udev configuration files:
/etc/udev/rules.d/70-persistent-net.rules
You can modify the NIC name in this file
To view the network card:
Dmesg|grep-i ETH
Ethtool-i eth0
To uninstall the NIC driver:
Modprobe-r e1000
Rmmod e1000
Load NIC driver:
Modprobe e1000
Network configuration mode
Statically specified:
Old (OBSOLETE) command: Ifconfig,route,netstat
New command: IP,SS,TC
Character Interface: System-config-network-tui,setup
Modify configuration file:/etc/sysconfig/network-scripts/ifcfg-nic Name
Restart Network Service: Service network restart
Dynamic acquisition:
DHCP (Dynamic Host configuration Protocol. dll)
Ifconfig command
Ifconfig displaying the active NIC information
-A displays all network card information
Nic name Up|down disabled | Enable NIC
Similar command: Ifup|ifdown network card name (network card must have a profile to be disabled)
Nic name ip/n configures the IP address and subnet mask (CIDR notation) of the network card, temporarily configured for testing
Promisc enable promiscuous mode,-promisc turn off promiscuous mode
Route command
Routing Management Commands
Route-n Viewing routing information
Route add to add a route
-host|-net|default Host Routing | Network routing | default route
ip/n| IP netmask Target Address
GW Gateway Address
Dev sends out interface (can not add, automatic judgment)
Attached: Two ways to do the default route:
1. Route add default GW x.x.x.x
2. Route add-net 0.0.0.0 netmask 0.0.0.0 GW x.x.x.x
Route del Delete route
To configure dynamic routing:
Get dynamic routing through the daemon process
Installing the Quagga Package
Routing protocols: RIP (Routing Information Protocol), OSPF (Open Shortest Path First), BGP (Border Gateway Protocol)
RIP: Select the least path of the router based on the number of routers on the path (regardless of the bandwidth factor)
OSPF: Consider more comprehensive and better (enterprise Common)
BGP: Commonly used on the internet
Configuring with the Vtysh command
Netstat command
Show Network links
-T (--TCP): TCP protocol related
-U (--UDP): UDP protocol related
-W (--raw): socket-related (socket file for local communication, native two network-related program communication)
-L (--listening): in Listening state
-A (--all): all States
-N (--numeric): Digital display of IP and ports
-E (--extend): Extended format
-P (--program): Show related processes and PID
Show route table:
-R (--route): Show kernel routing table (-rn equivalent to route-n)
Display Interface Statistics:
-I (--interfaces): Display of all interface information (NOTE: Rx receive packets, TX packets)
-i= NIC Name: Display specified interface information
IP command
To replace Ifconfig and even the route.
Full of functions, there are many sub-tools (with tab can be displayed all, CENTOS6 need to install bash-completion feasible)
Usage:
IP [Options] Object (you can choose which objects to manipulate, such as: Link, addr, route ...) )
IP Link: Display data link layer information
Set NIC name Up|down: Activate | disable NIC
IP addr: Displaying network layer information
Add ip/n Dev Nic name: Set IP for NIC
Label NIC name: N: Indicates the NIC alias (used with multiple IPs on the same NIC)
To set the network card mode:
Global: Globally available (all IP information in the kernel is known by default and most commonly used)
Link: only links available (only know this network card IP information)
Host: This machine is available (the address is only valid in this machine)
Del ip/n NIC name: Remove the IP address specified on the NIC
Flush NIC Name: Remove all addresses on the NIC
IP route: Show routing information
Add ip/n via IP (via equivalent GW): Write Routing information
Del (followed by the information can be copied directly from the routing table information): Delete the route
Flush: Emptying the routing table
SS command
The usage is similar to the netstat, the performance is superior
More options:
-M: Display memory usage
-O: Timer information
Filtering Information Features:
' (Dport (destination port) =: Program | port number or sport (source port) =: Program | port number) '
Filtering information for a specified program
Common usage:
Ss-l: Show all ports that are open locally
SS-PL: Displays the specific open sockets for each process
Ss-t|-u-a: Show All TCP|UDP sockets
Ss-o state Establish ' (DPORT=:SSH or Sport=:ssh) ': Show all established SSH connections
Ss-s: List Current socket details
Modifying a configuration file
IP-related configuration files:
/etc/sysconfig/network-scripts/ifcfg-NIC Name
Key configuration:
Device= NIC Name
Bootproto=dhcp/static|none (Specify IP acquisition mode)
ipaddr=x.x.x.x (IP address)
netmask=x.x.x.x (Subnet mask traditional format)
Prefix=n (subnet mask CIPR format)
gateway=x.x.x.x (Gateway)
dns1=114.114.114.114 (Domain name resolution server address, can be set multiple, to prevent a failure)
dns2=8.8.8.8
dns3=1.1.1.1
Note: The native DNS configuration is in/etc/resolv.conf, but the DNS priority configured in/etc/host is higher,
All configurations:
HWADDR (MAC address)
Onboot (Power-on self-booting)
Type (interface type)
UUID (Device unique identification)
Userctl (normal user can control)
Nm_controlled (whether to receive Netmanager control)
Routing-related configuration files:
/etc/sysconfig/network-scripts/route-NIC Name
Note: You need to restart the network service for the modified configuration to take effect
Two types of formats:
1. Destination Address via gateway address (e.g. 10.0.0.0/8 via 172.16.0.1)
2. Define one route per three lines
address#=
netmask#=
gateway#=
Report:
1. Change the hostname: vim/etc/sysconfig/network
Changes to the configuration file also need to execute hostname new hostname, so that the configuration takes effect
Nic Aliases (real: multiple IPs configured on a single NIC)
Ifconfig nic name: N ip/n
IP addr Add ip/n dev NIC name label nic Name: N
To write a configuration file permanently: vim/etc/sysconfig/network-scripts/nic name: N
Equivalent to configuring an alias for the physical NIC
Ping-i: Can specify the NIC interface (in the case of a network card with multiple IPs, you can determine which IP has a problem)
Application: Single-arm routing (one network adapter for routers two network segments)
NOTE: The standard NIC can also specify IP with DHCP, and the alias card only uses the specified IP
Multi-NIC binding technology (in essence: one IP binding multiple network cards)
Bonding Working mode (7 types)
Mode0 (BALANCE-RR):
Rotation (Round-robin) policy, which binds the NIC to handle the packet in turn, this mode provides load balancing and fault tolerance
Mode1 (active-backup):
Master Standby (Active-backup) policy, one network card running, another monitoring, running network card failure to enable the standby network card
Mode2 (Balance-xor):
Balanced strategy, providing load balancing and fault tolerance
MODE3 (broadcast):
Broadcast policy, all network cards transmit all packets, providing fault tolerance
MODE4 (IEEE802.3ad Dynamic link aggregation):
IEEE802.3AD Dynamic Link Aggregation
MODE5 (balance-tlb):
Adapter Transport Load Balancing
Mode6 (BALANCE-ALB):
Adapter Adaptive Load Balancing
1,5,6 mode does not require any special configuration of the switch, other modes need to configure the switch
Note: Running bonding requires stopping the Netmanager service
Bonding configuration
To create a configuration file for a bonding device:
/etc/sysconfig/network-scripts/ifcfg-bond0
Device=bond0
Bootproto=none
Ipaddr=
prefix=
Bonding_opts= "mode=1 (BONDING mode) miimom=100 (monitoring interval =100ms)"
Add the NIC to the bonding:
/etc/sysconfig/network-scripts/ifcfg-eth0
Device=eth0
Bootproto=none
Master=bond0
Slave=yes
Userctl=no
View bond0 Status:
/proc/net/bonding/bond0
Delete bonding:
Ifconfig bond0 Down
Modprobe-r Bonding/rmmod Bonding
CentOS7 Network Properties Configuration
Description of network card naming:
CENTOS6 and before, the network interface uses serial number name: Eth0, eth1 ..., this way when the hardware changes (increase
Add or Remove NIC), the name may change, causing a configuration error
CENTOS7 is named using hardware-based (standby topology and set type), for example:
1, integrated the network card on the motherboard, Eno1 (en:ethernet)
2, PCI-E expansion slots on the network card, ens1
3, can be named according to the physical interface (slot) location information
4, can be named according to the MAC address information
5. None of the above is available, use the traditional naming mechanism
This naming mechanism, the name will not change due to physical hardware changes, but not easy to unified management
For ease of management, CENTOS7 modified to adopt the traditional way of life:
Indirect modification:
Edit/etc/default/grub configuration file
1) grub_cmdlink_linux= "... rhgb quiet" and finally add net.ifnames=0
2) Generate configuration file for Grub2
Grub2-mkconfig-o/etc/grub2.cfg
3) Rebooting the system
Direct modification:
1) Edit/boot/grub2/grub.cfg, in the menuentry beginning of the paragraph linux16 beginning of the end of the line plus net.ifnames=0
2) Rebooting the system
Report:
Host name Profile/etc/hostname, this file is not in default
Set host Name:
Method 1: Modify the configuration file/etc/hostname, run the hostname hostname, and make the changes effective
Method 2: Modify directly with the tool: Hostnamectl set-hostname host Name
Powerful tool NMCLI
Network Manager Command line tool
Usage:
NMCLI Device: Managing Network Appliance interfaces
Disconnect: Disconnect Network link (remove address)/connect: Link
... More Options available tab view
NMCLI Connection: Manage network links
Show: View configuration (Add device name to view detailed device information)
Add: Adding Configuration, basic configuration: Con-name configuration name, ifname device name, type network types, Ipv4.method
Auto (auto Get IP) |manual (specify IP manually), connection.autoconnect (boot) ... More with
TAB key to view
Up: Enable configuration (one NIC can have multiple configurations, switch with this option)
Modify: Modify the configuration, +ipv4.ipaddress (can write multiple IP addresses in the network card configuration file, the effect is similar to the alias)
Delete: Remove
Reload: Reload Configuration
...
Support for bonding operation, but there is a replacement technology on the CENTOS7
Networking Group Network Teaming:
Aggregation of multiple network cards for redundant fault tolerance and increased throughput
Provides better performance and scalability than bonding technology
Implemented by kernel-driven and TEAMD daemons
Support Multiple ways runner
To create a method:
NMCLI con Add type team con-name Group name ifname interface name (logical device) [config ' {"Runner":
{"Name": "METHOD"}} ')
To add a network card:
Nmcli con Add type team-slave con-name connection name ifname NIC name Master Group name
Network Bridge
Bridging: Link Several NICs of multiple hosts to form a bridge or switch.
Example: Two hosts have three network cards (eth0, eth1, eth2), a host eth2 and B host eth0 do bridge, so
No matter which terminal is broadcast, all the ports can receive
Test Network Tools
Display host Name: hostname
Test network connectivity: Ping, mtr
Display the correct routing table: IP route
Determine Domain name resolution server (DNS) usage: nslookup, host, dig
Trace routes: traceroute, Tracepath
Network Client Tools
Ftp
Sub-command:
Get (Download a single file), Mget (multiple files can be downloaded), put (upload), mput, LS, help
Lftp
Instead of FTP, it's more convenient to use
Lftpget: Can be downloaded directly, no interaction required
The above command can only download FTP files
Wget
Various types of files can be downloaded
-Q: Silent mode
-C: Breakpoint continued to pass
-P: Saved in the specified directory
-O: Save as specified file name
--limit-rate=: Specify the transfer rate, unit k,m, etc.
Links
Testing Web Services
--dump: Display Text Only
--source: Support to view the source code
Linux Notes 6.0
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
