目标:
给一台EC2增加一块新的网卡,并让所有Internet出口都从这块网卡走。
环境:
AWS 北京区,AMI:suse-sles-11-sp4-v20180104-hvm-ssd-x86_64 (ami-66dc010b)
问题:
1. 添加网络接口(Network Interface)之后,系统找不到新的网卡
具体添加一个网络接口的步骤可以参考:
http://docs.amazonaws.cn/en_us/AWSEC2/latest/UserGuide/using-eni.html#create_eni
添加完之后,由于SUSE无法使用AWS的ec2-net-utils
,所以没有办法直接scan到新的网卡,必须要重启。
2. 新网卡名字变成 rename3
重启完之后,系统里面会把新网卡识别为 rename3
ip-172-31-188-206:~ # ifconfig -aeth0 Link encap:Ethernet HWaddr 02:28:1C:C2:71:92 inet addr:172.31.188.206 Bcast:172.31.188.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:9000 Metric:1 RX packets:262 errors:0 dropped:0 overruns:0 frame:0 TX packets:272 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:30586 (29.8 Kb) TX bytes:29102 (28.4 Kb)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:2 errors:0 dropped:0 overruns:0 frame:0 TX packets:2 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:100 (100.0 b) TX bytes:100 (100.0 b)rename3 Link encap:Ethernet HWaddr 02:AA:54:AC:B2:E4 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)ip-172-31-188-206:~ #
可以通过编辑 /etc/udev/rules.d70-persistent-net.rules 来修改,具体修改成如下:
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="ixgbevf", ATTR{dev_id}=="0x0", KERNELS=="0000:00:03.0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"SUBSYSTEM=="net", ACTION=="add", DRIVERS=="ixgbevf", ATTR{dev_id}=="0x0", KERNELS=="0000:00:04.0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"
保持后重启。起来后就可以看到新的eth1
ip-172-31-188-206:~ # ifconfig -aeth0 Link encap:Ethernet HWaddr 02:28:1C:C2:71:92 inet addr:172.31.188.206 Bcast:172.31.188.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:9000 Metric:1 RX packets:239 errors:0 dropped:0 overruns:0 frame:0 TX packets:270 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:28436 (27.7 Kb) TX bytes:29150 (28.4 Kb)eth1 Link encap:Ethernet HWaddr 02:AA:54:AC:B2:E4 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:2 errors:0 dropped:0 overruns:0 frame:0 TX packets:2 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:100 (100.0 b) TX bytes:100 (100.0 b)
3. 给新网卡配置IP
因为EC2默认都是DHCP,所以这里就直接参照eth0的配置:
ip-172-31-188-206:~ # cd /etc/sysconfig/networkip-172-31-188-206:/etc/sysconfig/network # cat ifcfg-eth0BOOTPROTO='dhcp'MTU="9000"REMOTE_IPADDR=''STARTMODE='hotplug'ip-172-31-188-206:/etc/sysconfig/network # cp ifcfg-eth0 ifcfg-eth1
然后重启网络服务:
ip-172-31-188-206:/etc/sysconfig/network # service network restart &[1] 3666ip-172-31-188-206:/etc/sysconfig/network # Shutting down network interfaces: eth0 device: Intel Corporation 82599 Ethernet Controller V done eth1 device: Intel Corporation 82599 Ethernet Controller V doneShutting down service network . . . . . . . . . doneHint: you may set mandatory devices in /etc/sysconfig/network/configSetting up network interfaces: eth0 device: Intel Corporation 82599 Ethernet Controller V eth0 Starting DHCP4 client. eth0 IP address: 172.31.188.206/24 (ip-172-31-188-206) done eth1 device: Intel Corporation 82599 Ethernet Controller V eth1 Starting DHCP4 client. eth1 IP address: 172.31.189.38/24 (ip-172-31-189-38) doneSetting up service network . . . . . . . . . . done[1]+ Done service network restart
接下来就可以看到新的网卡得到了IP:
ip-172-31-188-206:/etc/sysconfig/network # ifconfigeth0 Link encap:Ethernet HWaddr 02:28:1C:C2:71:92 inet addr:172.31.188.206 Bcast:172.31.188.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:9000 Metric:1 RX packets:645 errors:0 dropped:0 overruns:0 frame:0 TX packets:517 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:62966 (61.4 Kb) TX bytes:59731 (58.3 Kb)eth1 Link encap:Ethernet HWaddr 02:AA:54:AC:B2:E4 inet addr:172.31.189.38 Bcast:172.31.189.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:9000 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:783 (783.0 b) TX bytes:963 (963.0 b)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:2 errors:0 dropped:0 overruns:0 frame:0 TX packets:2 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:100 (100.0 b) TX bytes:100 (100.0 b)
4. 最后一步就是完成新的路由
新的网卡默认是没有public IP,就算它是放在public subnet里面。所以这里可以分配一个EIP,然后assign到这个新的网络接口上。
我们先看当前的route表是:
ip-172-31-188-206:/etc/sysconfig/network # netstat -rnKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Iface0.0.0.0 172.31.188.1 0.0.0.0 UG 0 0 0 eth0127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0172.31.188.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0172.31.189.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
我们的目标是内部网络走eth0, 外部走eth1,所以安装下面方式修改 /etc/sysconfig/network/routes
ip-172-31-188-206:/etc/sysconfig/network # cat routes172.31.0.0/16 172.31.188.1 - eth0default 172.31.189.1 - eth1
然后需要再次重启一下network服务:
ip-172-31-188-206:/etc/sysconfig/network # service network restart &[1] 3666ip-172-31-188-206:/etc/sysconfig/network # Shutting down network interfaces: eth0 device: Intel Corporation 82599 Ethernet Controller V done eth1 device: Intel Corporation 82599 Ethernet Controller V doneShutting down service network . . . . . . . . . doneHint: you may set mandatory devices in /etc/sysconfig/network/configSetting up network interfaces: eth0 device: Intel Corporation 82599 Ethernet Controller V eth0 Starting DHCP4 client. eth0 IP address: 172.31.188.206/24 (ip-172-31-188-206) done eth1 device: Intel Corporation 82599 Ethernet Controller V eth1 Starting DHCP4 client. eth1 IP address: 172.31.189.38/24 (ip-172-31-189-38) doneSetting up service network . . . . . . . . . . done[1]+ Done service network restart
新的route表就变成如下:
ip-172-31-188-206:/etc/sysconfig/network # netstat -rnKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Iface0.0.0.0 172.31.189.1 0.0.0.0 UG 0 0 0 eth1127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0172.31.0.0 172.31.188.1 255.255.0.0 UG 0 0 0 eth0172.31.188.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0172.31.189.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
备注:
以上操作步骤均通过本人测试,但并非官方解决方案,请勿直接在生产系统上操作。