漏洞程式碼除錯(一):Strtus2-048程式碼分析除錯-(CVE-2017-9791)
阿新 • • 發佈:2020-11-30
網路進階管理
1. 鏈路聚合
- 異地災備(在另外的地方進行災備,防止全部報廢不能及時災備)
- 負載均衡(提升寬頻) //一個失效全部失效
- 高可用(提升可用性)//當一個失效可以用另外一個
網絡卡的鏈路聚合就是將多塊網絡卡連線起來,當一塊網絡卡損壞,網路依舊可以正常執行,可以有效的防止因為網絡卡損壞帶來的損失,同時也可以提高網路訪問速度。
網絡卡的鏈路聚合方式:
- bond :最多新增兩塊網絡卡
- team :最多新增八塊網絡卡
band的常用的2種模式:
- bond0(balance-rr)
- bond0用於負載輪詢(2個網單獨都是100MB,聚合為1個網路傳輸頻寬為200MB
- band1(active-backup)
- bond1用於高可用,其中一條線若斷線,其他線路將會自動備援
- bond1用於高可用
2. 鏈路聚合配置
2.1 Centos7/RHEL7配置bond聚合鏈路
2.1.1 Centos7/RHEL7配置bond0(至 少兩塊網絡卡)
bond0配置歩驟:
- nmcli con add type bond mode ba lance -rr con-name bond0ifname bond0 ipv4 . method manual
ipv4. addresses 192.168.153.250/24
ipv4. gateway 192.168.153.2
ipv4. dns 114.114.114.114 - nmcli con addtype bond slave con-name s lave1 ifname eth1 master bond0
- nmcli conadd type bond slave con-name slave2 ifname eth2 master bond0
- 檢視網路介面
[root@localhost ~]# nmcli dev DEVICE TYPE STATE CONNECTION eth0 ethernet connected eth0 eth1 ethernet disconnected -- eth2 ethernet disconnected -- lo loopback unmanaged -- [root@localhost ~]#
- 建立bond0,模式為balance-rr
[root@localhost ~]# nmcli con add type bond mode balance-rr con-name bond0 ifname bond0 ipv4.method manual ipv4.addresses 192.168.153.250/24 ipv4.gateway 192.168.153.2 ipv4.dns 114.114.114.114
Connection 'bond0' (845e3359-0477-4e66-aa40-ceaf4f66a796) successfully added.
[root@localhost ~]#
- 新增物理網絡卡連線至bond0
[root@localhost ~]# nmcli con add type bond-slave con-name slave1 ifname eth1 master bond0
Connection 'slave1' (a142de94-39d4-471a-9e93-e1e363e42e9a) successfully added.
[root@localhost ~]# nmcli con add type bond-slave con-name slave2 ifname eth2 master bond0
Connection 'slave2' (12975294-2e89-464a-81bc-25803dc4c491) successfully added.
[root@localhost ~]#
- 檢視是否配置成功
[root@localhost ~]# nmcli dev
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected eth0
bond0 bond connected bond0
eth1 ethernet connected slave1
eth2 ethernet connected slave2
lo loopback unmanaged --
[root@localhost ~]# nmcli con
NAME UUID TYPE DEVICE
eth0 3bcf613b-a0c4-43f4-bdd1-39b51c3c6a3f ethernet eth0
bond0 845e3359-0477-4e66-aa40-ceaf4f66a796 bond bond0
slave1 a142de94-39d4-471a-9e93-e1e363e42e9a ethernet eth1
slave2 12975294-2e89-464a-81bc-25803dc4c491 ethernet eth2
[root@localhost ~]#
顯示配置成功
5. 檢視bond配置資訊
[root@localhost ~]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: load balancing (round-robin) //負載均衡模式
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0
Slave Interface: eth1 //第一個網絡卡
MII Status: up
Speed: 10000 Mbps //千兆網
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:b1:eb:1d
Slave queue ID: 0
Slave Interface: eth2 //第二個網絡卡
MII Status: up
Speed: 10000 Mbps //千兆網
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:b1:eb:27
Slave queue ID: 0
[root@localhost ~]#
- 停掉eth2網絡卡,測試bond0是否正常
[root@localhost ~]# nmcli dev disconnect eth2 //停掉eth2
Device 'eth2' successfully disconnected.
[root@localhost ~]# nmcli dev
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected eth0
bond0 bond connected bond0
eth1 ethernet connected slave1
eth2 ethernet disconnected -- //顯示沒有連線
lo loopback unmanaged --
[root@localhost ~]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: load balancing (round-robin) //負載均衡模式
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0
Slave Interface: eth1 //第一個網絡卡
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:b1:eb:1d
Slave queue ID: 0
2.1.2 Centos7/RHEL7配置bond1
刪除剛才的配置檔案
[root@localhost ~]# nmcli dev
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected eth0
bond0 bond connected bond0
eth1 ethernet connected slave1
eth2 ethernet connected slave2
lo loopback unmanaged --
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# ls
ifcfg-bond0 ifcfg-eth0 ifcfg-slave1 ifcfg-slave2
[root@localhost network-scripts]# rm -f ifcfg-bond0 ifcfg-slave*
[root@localhost network-scripts]# ls
ifcfg-eth0
[root@localhost ~]# nmcli dev //已經刪除完成
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected eth0
eth1 ethernet disconnected --
eth2 ethernet disconnected --
lo loopback unmanaged --
[root@localhost ~]#
bond1配置歩驟:
- nmcli con add type bond mode active-backup con-name bond1 ifname bond1 ifname bond1 ipv4.method manual
ipv4.addresse 192.168.153.200/24
ipv4.gateway 192.168.153.2
ipv4.dns 114.114.114.114 - nmcli con add type bond-slave con-name slave1 ifname eth1 master bond1
- nnmcli con add type bond-slave con-name slave2 ifname eth2 master bond1
- 檢視網路介面
[root@localhost ~]# nmcli dev
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected eth0
bond1 bond connected bond1
eth1 ethernet connected slave1
eth2 ethernet connected slave2
lo loopback unmanaged --
[root@localhost ~]#
- 建立bond1,模式為active-backup
[root@localhost ~]# nmcli con add type bond mode active-backup con-name bond1 ifname bond1 ifname bond1 ipv4.method manual ipv4.addresse 192.168.153.200/24 ipv4.gateway 192.168.153.2 ipv4.dns 114.114.114.114
Connection 'bond1' (71356ca8-d2ed-46ac-bb96-5adb04fa6725) successfully added.
[root@localhost ~]#
- 新增物理網絡卡連線至bond1
[root@localhost ~]# nmcli con add type bond-slave con-name slave1 ifname eth1 master bond1
Connection 'slave1' (eb344131-6a66-404f-a86c-5af4ea1d6c6b) successfully added.
[root@localhost ~]# nmcli con add type bond-slave con-name slave2 ifname eth2 master bond1
Connection 'slave2' (2ee77d63-7388-42d3-ba0e-84824305eafd) successfully added.
[root@localhost ~]#
- 檢視是否配置成功
[root@localhost network-scripts]# nmcli con
NAME UUID TYPE DEVICE
eth0 3bcf613b-a0c4-43f4-bdd1-39b51c3c6a3f ethernet eth0
bond1 9a7e97dd-6dbb-4b08-82c1-68d9bcde3402 bond bond1
slave1 eb344131-6a66-404f-a86c-5af4ea1d6c6b ethernet eth1
slave2 2ee77d63-7388-42d3-ba0e-84824305eafd ethernet eth2
[root@localhost network-scripts]# nmcli dev
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected eth0
bond1 bond connected bond1
eth1 ethernet connected slave1
eth2 ethernet connected slave2
lo loopback unmanaged --
顯示配置成功
5. 啟用連線
[root@localhost ~]# nmcli con up bond1
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[root@localhost ~]# nmcli con up slave1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8)
[root@localhost ~]# nmcli con up slave2
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/9)
- 驗證
[root@localhost ~]# cat /proc/net/bonding/bond1
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: fault-tolerance (active-backup) //高可用模式
Primary Slave: None
Currently Active Slave: eth1 //當前活躍的是eth1
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0
Slave Interface: eth1 //第一張網絡卡
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:b1:eb:1d
Slave queue ID: 0
Slave Interface: eth2 //第二張網絡卡
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:b1:eb:27
Slave queue ID: 0
[root@localhost ~]#
- 停掉eth1物理網絡卡
[root@localhost ~]# nmcli dev disconnect eth1
Device 'eth1' successfully disconnected.
[root@localhost ~]# cat /proc/net/bonding/bond1
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: eth2 //eth2物理網絡卡在活躍
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0
Slave Interface: eth2 //只有eth2物理網絡卡
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:b1:eb:27
Slave queue ID: 0
[root@localhost ~]#
2.2 Centos6/RHEL6配置bond聚合鏈路 //rhel8的配置檔案在後面
| 系統 | 網絡卡 | bond地址 | bond模式 | bond功能 |
|---|---|---|---|---|
| Centos6.5 | eth0: 172.16.12.128eth1: 172.16.12.129 | 172.16.12.250 | 模式0 | 負載均衡 |
//1.建立繫結網絡卡配置檔案
[root@wangqing ~]# cat /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
TYPE=Ethernet
ONBOOT=yes
USERCTL=no
BOOTPROTO=static
IPADDR=172.16.12.250
NETMASK=255.255.255.0
GATEWAY=172.16.12.2
DNS1=172.16.12.2
BONDING_OPTS="mode=0 miimon=50" //如果使用模式1將mode修改為1即可
//2.修改eth0和eth1網絡卡配置檔案
[root@wangqing ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
USERCTL=no
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
[root@wangqing ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
USERCTL=no
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
//3.新增驅動支援bond0
[root@wangqing ~]# vim /etc/modprobe.d/bonding.conf
alias bond0 bonding
rhel8的配置檔案
[root@localhost network-scripts]# cat ifcfg-bond1
BONDING_OPTS=mode=active-backup
TYPE=Bond
BONDING_MASTER=yes
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=192.168.153.200
PREFIX=24
GATEWAY=192.168.153.2
DNS1=114.114.114.114
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=bond1
UUID=9a7e97dd-6dbb-4b08-82c1-68d9bcde3402
DEVICE=bond1
ONBOOT=yes
[root@localhost network-scripts]# cat ifcfg-slave2
TYPE=Ethernet
NAME=slave2
UUID=2ee77d63-7388-42d3-ba0e-84824305eafd
DEVICE=eth2
ONBOOT=yes
MASTER=bond1
SLAVE=yes
[root@localhost network-scripts]# cat ifcfg-slave1
TYPE=Ethernet
NAME=slave1
UUID=eb344131-6a66-404f-a86c-5af4ea1d6c6b
DEVICE=eth1
ONBOOT=yes
MASTER=bond1
SLAVE=yes
[root@localhost network-scripts]#
2.3 Centos7/RHEL7配置team聚合鏈路
team可以實現一下模式的聚合電路
- broadcast 廣播容錯
- roundrobin 負載輪詢
- activebackup 主備(必考) 高可用
- loadbalance 負載均衡
- lacp 需要交換機支援lacp協議
- 使用命令配置,圖形化配置不穩定
[root@localhost ~]# nmcli con add type team con-name team0 ifname team0 config '{"runner":{"name":"activebackup"}}' ipv4.address 192.168.153.245/24 ipv4.gateway 192.168.153.2 ipv4.dns 114.114.114.114 ipv4.method manual
Connection 'team0' (bd18e120-8687-4450-88b1-846cf69b6fd5) successfully added.
- 新增物理網絡卡到team0
[root@localhost ~]# nmcli con add type team-slave con-name slave1 ifname eth1 master team0
Connection 'slave1' (cd68ccd8-e2c0-45e4-a8f6-50c35689e8fd) successfully added.
[root@localhost ~]# nmcli con add type team-slave con-name slave2 ifname eth2 master team0
Connection 'slave2' (9709b871-b52a-4afe-a449-8dd5f43b9457) successfully added.
[root@localhost ~]#
- 檢視連線情況
[root@localhost ~]# nmcli dev
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected eth0
team0 team connected team0
eth1 ethernet connected slave1
eth2 ethernet connected slave2
lo loopback unmanaged --
[root@localhost ~]# nmcli con
NAME UUID TYPE DEVICE
eth0 3bcf613b-a0c4-43f4-bdd1-39b51c3c6a3f ethernet eth0
team0 bd18e120-8687-4450-88b1-846cf69b6fd5 team team0
slave1 cd68ccd8-e2c0-45e4-a8f6-50c35689e8fd ethernet eth1
slave2 9709b871-b52a-4afe-a449-8dd5f43b9457 ethernet eth2
[root@localhost ~]#
- 檢查team0狀態
[root@localhost ~]# teamdctl team0 state
setup:
runner: activebackup
ports:
eth1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
eth2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
runner:
active port: eth1
[root@localhost ~]#
- 關閉eth1檢視team0狀態
[root@localhost ~]# nmcli dev
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected eth0
team0 team connected team0
eth1 ethernet connected slave1
eth2 ethernet connected slave2
lo loopback unmanaged --
[root@localhost ~]# nmcli dev disconnect eth1
Device 'eth1' successfully disconnected.
[root@localhost ~]# teamdctl team0 state
setup:
runner: activebackup
ports:
eth2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
runner:
active port: eth2 //物理網絡卡eth2在執行,沒有顯示eth1物理網絡卡
- 重啟eth1檢視team0狀態
[root@localhost ~]# nmcli dev connect eth1
Device 'eth1' successfully activated with 'cd68ccd8-e2c0-45e4-a8f6-50c35689e8fd'.
[root@localhost ~]# teamdctl team0 state
setup:
runner: activebackup
ports:
eth1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
eth2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
runner:
active port: eth2 //依然是物理網絡卡eth2在執行,但是可以看到eth1物理網絡卡
[root@localhost ~]#
動態修改team聚合的模式
- 匯出配置進行修改(man teamd.conf)
[root@localhost ~]# teamdctl team0 config dump > /tmp/team.conf
[root@localhost ~]# vi /tmp/team.cof
{
"device": "team0",
"mcast_rejoin": {
"count": 1
},
"notify_peers": {
"count": 1
},
"ports": {
"eth1": {
"link_watch": {
"name": "ethtool"
}
},
"eth2": {
"link_watch": {
"name": "ethtool"
}
}
},
"runner": {
"name": "roundrobin" //在此處修改為roudrobin
}
}
- 以最新修改的配置選項修改team0屬性
[root@localhost ~]# nmcli con mod team0 team.config /tmp/team.conf
[root@localhost ~]#
- 修改之後需要重啟team0
[root@localhost ~]# nmcli con mod team0 team.config /tmp/team.conf //匯入修改的配置檔案
[root@localhost ~]# nmcli con down team0;nmcli con up team0 //先down再up
Connection 'team0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
[root@localhost ~]# nmcli con up slave1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/9)
[root@localhost ~]# nmcli con up slave2
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/10)
[root@localhost ~]# teamdctl team0 state
setup:
runner: roundrobin
ports:
eth1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
eth2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
[root@localhost ~]#