Have you learned how to configure multiple public IP addresses?

background

For some customers working on video and website business scenarios, some machines will have too much traffic, causing the single network card to be fully utilized. Therefore, multiple network cards need to be configured, and each network card is configured with a public IP address. Generally speaking, eth0 is configured with a public IP, and eth1 is configured with a public IP + an intranet IP.

Statement: Since the business needs to bind dual network cards, and the first network card also has an ipv6 address, the centos8 system can be configured using the nmcli command line; centos6 and 7 are incompatible due to version bugs and are processed using configuration files.

Network topology diagram:

1. CentOS 8 system

01 View the connected network card information

 nmcli con show enp1s0f0 xxx ethernet enp1s0f0 enp1s0f1 xxx ethernet enp1s0f1

 nmcli network #查看networkmanager是否接入网络配置，如返回结果为enabled则表示接入nmcli n #缩写接入networkmanager命令nmcli n on取消接入nmcli n off显示networkmanager状态nmcli gs #这里直接用缩写比较方便查看当前网卡连接状态（简单来说就是你配置了几块在运行的网卡） nmcli con show删除网卡nmcli con del xxx(网卡名称或uuid)添加网卡nmcli connection add ifname 网卡名autoconnect yes type ethernet ipv4.addresses ip地址/子网掩码ipv4.gateway 网关重启网络配置文件nmcli con reload重启网卡nmcli con up 网卡名修改网卡配置信息： # 修改指定网卡的ip地址和子网掩码nmcli connection modify 网卡名ipv4.addresses ip地址/子网掩码# 修改指定网卡的ip地址和子网掩码以及网关nmcli connection modify 网卡名ipv4.addresses ip地址/子网掩码ipv4.gateway 网关# 修改指定网卡的ip地址和子网掩码、网关以及DNS nmcli connection modify 网卡名ipv4.addresses ip地址/子网掩码ipv4.gateway 网关ipv4.dns dns地址# 添加第二个ip nmcli connection modify eth1 +ipv4.addresses ip地址/子网掩码# 删除第二个ip nmcli connection modify eth1 -ipv4.addresses ip地址/子网掩码# 添加第二个DNS nmcli connection modify eth1 +ipv4.dns dns地址# 删除第二个DNS nmcli connection modify eth1 +ipv4.dns dns地址# 修改为静态配置，默认是auto nmcli cm eth1 ipv4.method manual # 将IPv6 禁用nmcli cm ens22 ipv6.method disabled # 开机启动nmcli cm ens22 connection.autoconnect yes

02Delete all configurations

(Note that the network will be disconnected here, so operate on the two network cards separately, or operate on the remote console)

 nmcli con del xxx #第一块网卡nmcli con del xxx #第二块网卡

Note: Confirm which network card is bound to the OSS external network address on the cloud. If it is the first network card, it is recommended to delete the second network card first. After the second network card is successfully bound, you can log in remotely and delete the next network card.

03 Create two new network cards, of which network card 2 contains two IP

(ipv4)

 nmcli con add type ethernet con-name xxx ifname xxx ipv4.method manual ipv4.address 198.xxx/24 ipv4.gateway 198.xxx ipv4.dns 1.1.1.1 nmcli con add type ethernet con-name xxx ifname xxx ipv4.method manual ipv4.addresses 51.xxx/27,192.xxx/24 ipv4.dns 8.8.8.8

Note: The network card names before and after ifname are different. Do not make a mistake. Use the command ip a to check the specific network card information before operation according to the actual situation.

04Add routing table and corresponding policy routing to network card 2

(+ means adding new configuration, - means reducing configuration, and no sign means replacement)

 nmcli con modify 网卡名+ipv4.routes "192.168.0.0/16 192.168.xxx.1,0.0.0.0/0 网卡2ip地址table=100 src=xxx" nmcli con modify 网卡名+ipv4.routing-rules "priority 100 from 51.xxx/27 table 100"

Note: table 100 here refers to the (table_id) routing table. If not specified, it will be added to the default routing table.

05 Load Configuration

 nmcli con reload

06Reactivate the corresponding network card

 nmcli con up 网卡1名称nmcli con up 网卡2名称

07 View the default routing information

 ip route show 192.168.0.0/16 via 192.168.xxx.1 dev xxx proto static metric 104

08 View the routing information of routing table 100

 ip route show table 100 default via 51.xxx dev 网卡2名称proto static src 网卡2ip地址metric 104 51.xxx dev 网卡2名称proto static scope link src 网卡2ip地址metric 104

09 View policy routing information

 ip rule show 100: from 51.xxx/27 lookup 100

10Configure the ipv6 address of the first network card

 [root@xxx network-scripts]# cat ifcfg-ethxx TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none IPADDR=198.xxx PREFIX=24 GATEWAY=198.xxx DNS1=1.1.1.1 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=xxx UUID=xxx DEVICE=xxx ONBOOT=yes NS1=2001:xxx IPV6ADDR=xxx/64 IPV6INIT=yes IPV6_DEFAULTGW=2001:xxx:00ff

11Restart network card 1

 nmcli con reload nmcli con up 网卡1名称

12 Test whether the ipv6 address is effective

 [root@xxx network-scripts]# ping6 2001:xxx:00ff PING 2001:xxx:00ff(2001:xxx:ff) 56 data bytes 64 bytes from 2001:xxx:ff: icmp_seq=1 ttl=64 time=0.577 ms 64 bytes from 2001:xxx:ff: icmp_seq=2 ttl=64 time=0.534 ms 64 bytes from 2001:xxx:ff: icmp_seq=3 ttl=64 time=0.747 ms ^C --- 2001:xxx:00ff ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2070ms rtt min/avg/max/mdev = 0.534/0.619/0.747/0.094 ms

2. CentOS 6 and 7 systems

Intranet IP: 192.168.xxx

Intranet gateway: 192.168.xxx.1

Public network IP: 15.xxx

Public network subnet: 255.255.255.192

Public network gateway: 15.xxx

01Configure multiple ip addresses for eth1, public network + intranet ip address (ipv4)

 cat /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 BOOTPROTO=static IPADDR=192.168.xxx IPADDR1=15.xxx NETMASK=255.255.255.0 NETMASK1=255.255.255.192 ONBOOT=yes

02Configure routing (ipv4)

 cat /etc/sysconfig/network-scripts/route-eth1 default via 15.xxx dev eth1 src 15.xxx table wan1 192.168.0.0/16 via 192.168.xxx.1

03Configure routing policy (ipv4)

 cat /etc/sysconfig/network-scripts/rule-eth1 from 15.xxx table wan1 pref 100

04eth0 network card adds IPv6 configuration

 [root@xxx network-scripts]# cat ifcfg-eth0 # Created by cloud-init on instance boot automatically, do not edit. # BOOTPROTO=static DEVICE=eth0 HWADDR=0C:xxx:44 ONBOOT=yes STARTMODE=auto TYPE=Ethernet USERCTL=no PROXY_METHOD=none BROWSER_ONLY=no DEFROUTE=yes IPV4_FAILURE_FATAL=no NAME=eth0 UUID=xxx IPADDR=145.xxx NETMASK=255.255.255.0 GATEWAY=145.xxx DNS1=1.1.1.1 NS1=2001:41d0:xxx::1 IPV6ADDR=2001:xxx::/64 IPV6INIT=yes #IPV6_DEFAULTGW=2001:xxxx:00ff #注释掉ipv6网关

05Configure eth0 ipv6 routing

 [root@xxx network-scripts]# cat route6-eth0 2001:xxxx:00ff dev eth0 default via 2001:xxxx:00ff

06 Close NetworkManager and restart the network

Because there is a bug in the default gateway 0.0.0.0/0 address configured using the nmcli command in centos6 and 7 systems and centos8 systems, and the /0 mask is not supported, NetworkManager is turned off and network is used.

 systemctl stop NetworkManager systemctl disable NetworkManager systemctl restart network

07Test whether the network card configuration is effective

 [root@xxx network-scripts]# ping6 2001:xxx:00ff PING 2001:xxx:00ff (2001:xxx:00ff ) 56 data bytes 64 bytes from 2001:xxx:00ff： icmp_seq=1 ttl=64 time=0.904 ms 64 bytes from 2001:xxx:00ff： icmp_seq=2 ttl=64 time=1.24 ms 64 bytes from 2001:xxx:00ff： icmp_seq=3 ttl=64 time=0.670 ms ^C --- 2001:xxx:00ff ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 0.670/0.940/1.246/0.236 ms使用测试工具测试IPV6地址是否有效：https://ipw.cn/ipv6ping/

Conclusion

The advantages of multiple public IP addresses mainly include:

Improved network security: Multiple public IPs can allow different network devices to use different public IPs, thereby enhancing network security and preventing hacker attacks and network intrusions.

Ensure business continuity: Especially in business scenarios such as websites or videos, multiple public IP addresses can greatly avoid the situation when a certain IP fails. You can use the backup public IP address to ensure business continuity.

Improve network quality: Multiple public IP addresses can more fully distribute network traffic, thereby reducing network congestion and improving users' viewing experience.

Easy to manage: Resources can be allocated and managed according to different business needs. For example, IP1 is used for video services and IP2 is used for audio services. This also facilitates subsequent monitoring and maintenance by operation and maintenance personnel.