Solaris 指定通讯接口方法----分享
大家在工作中有可能遇到这样的问题,一台服务器存在两个及两个以上IP地址(物理IP和业务IP),那么如何控制业务程序使用业务IP进行通讯呢。下面将通过两个实例来讲解如何根据自己需要限制接口通信。希望对大家有所帮助:一、环境
root@e5kd6 # more /etc/defaultrouter
192.168.0.129
root@e5kd6 # more /etc/netmasks
192.168.0.0 255.255.255.0
root@e5kd6 # netstat -rn
Routing Table: IPv4
Destination Gateway FlagsRef Use Interface
-------------------- -------------------- ----- ----- ------ ---------
192.168.0.0 192.168.0.59 U 1 0ge0
default 192.168.0.129 UG 1 194
127.0.0.1 127.0.0.1 UH 101964416lo0
root@e5kd6 # ifconfig -a
ge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 6
inet 192.168.0.59 netmask ffffff00 broadcast 192.168.0.255
ether 8:0:20:ff:1b:5c 添加子接口地址,用于业务IP:root@e5kd6 # ifconfig ge0 addif 192.168.0.57 netmask + broadcast + up
Created new logical interface ge0:1
Setting netmask of ge0:1 to 255.255.255.0
root@e5kd6 # ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
ge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 6
inet 192.168.0.59 netmask ffffff00 broadcast 192.168.0.255
ether 8:0:20:ff:1b:5c
ge0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 6
inet 192.168.0.57 netmask ffffff00 broadcast 192.168.0.255
root@e5kd6 # netstat -rn
Routing Table: IPv4
Destination Gateway FlagsRef Use Interface
-------------------- -------------------- ----- ----- ------ ---------
192.168.0.0 192.168.0.59 U 1 0ge0
192.168.0.0 192.168.0.57 U 1 0ge0:1
default 192.168.0.129 UG 1 196
127.0.0.1 127.0.0.1 UH 101964707lo0
root@e5kd6 # traceroute 10.109.109.33
traceroute: Warning: Multiple interfaces found; using 192.168.0.59 @ ge0
traceroute to 10.109.109.33 (10.109.109.33), 30 hops max, 40 byte packets
1192.168.0.2 (192.168.0.2)1.321 ms0.397 ms0.365 ms
210.109.109.33 (10.109.109.33)0.358 ms0.333 ms0.315 ms
本帖最后由 rusty_rui 于 2010-06-25 11:25 编辑
配置1、期望使用192.168.0.57用于服务器间通信,配置过Sun Cluster的同仁对此应该不陌生。那就是使用deprecated参数:
deprecated
Marks the address as a deprecatedaddress.Addresses
markedasdeprecatedwillnotbeusedas source
address for outbound packets unless eitherthereare
noother addresses available on this interface or the
application has bound to this address explicitly.The
statusdisplay shows DEPRECATED as part of flags. See
INTERFACE FLAGS for information on the flags supported
by ifconfig.
对需要进行限制通信的接口使用此参数,使用此参数的接口地址原则上不参与主动通信,仅当没有其他可用的接口地址用于通信时才承担主动通信任务。可以使用 "-deprecated"参数取消此限制。注:使用deprecated参数的地址,被动访问还是要提供服务的。
此测试中计划使用192.168.0.57作为业务地址,那么我们需要限制ge0端口地址192.168.0.59:root@e5kd6 # ifconfig ge0 deprecated
root@e5kd6 # ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
ge0: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4> mtu 1500 index 6
inet 192.168.0.59 netmask ffffff00 broadcast 192.168.0.255
ether 8:0:20:ff:1b:5c
ge0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 6
inet 192.168.0.57 netmask ffffff00 broadcast 192.168.0.255
root@e5kd6 # traceroute 10.109.109.33
traceroute: Warning: Multiple interfaces found; using 192.168.0.57 @ ge0:1
traceroute to 10.109.109.33 (10.109.109.33), 30 hops max, 40 byte packets
1192.168.0.3 (192.168.0.3)1.780 ms0.385 ms0.344 ms
210.109.109.33 (10.109.109.33)0.398 ms0.310 ms0.308 ms
已经按照预定端口ge0:1进行通讯
root@e5kd6 # netstat -rn
Routing Table: IPv4
Destination Gateway FlagsRef Use Interface
-------------------- -------------------- ----- ----- ------ ---------
192.168.0.0 192.168.0.57 U 1 1ge0:1
192.168.0.0 192.168.0.57 U 1 0ge0
default 192.168.0.129 UG 1 201
127.0.0.1 127.0.0.1 UH 101967996lo0
配置2、设置接口point-to-point通信,在主机上设置用于专项针对某一个地址通信的。此方法虽然我们可以采用设置路由的方式实现。
此测试计划在ge0:1接口专项用于通讯至10.109.109.33地址:
环境:root@e5kd6 # ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
ge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 6
inet 192.168.0.59 netmask ffffff00 broadcast 192.168.0.255
ether 8:0:20:ff:1b:5c
ge0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 6
inet 192.168.0.57 netmask ffffff00 broadcast 192.168.0.255
root@e5kd6 # netstat -rn
Routing Table: IPv4
Destination Gateway FlagsRef Use Interface
-------------------- -------------------- ----- ----- ------ ---------
192.168.0.0 192.168.0.59 U 1 0ge0
192.168.0.0 192.168.0.57 U 1 0ge0:1
default 192.168.0.129 UG 1 196
127.0.0.1 127.0.0.1 UH 101964707lo0
root@e5kd6 # traceroute 10.109.109.33
traceroute: Warning: Multiple interfaces found; using 192.168.0.59 @ ge0
traceroute to 10.109.109.33 (10.109.109.33), 30 hops max, 40 byte packets
1192.168.0.2 (192.168.0.2)1.321 ms0.397 ms0.365 ms
210.109.109.33 (10.109.109.33)0.358 ms0.333 ms0.315 ms
本帖最后由 rusty_rui 于 2010-06-25 11:26 编辑
在此测试中需要用到destination 参数。
修改配置:root@e5kd6 # ifconfig ge0:1 destination 10.109.109.33
root@e5kd6 # ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
ge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 6
inet 192.168.0.59 netmask ffffff00 broadcast 192.168.0.255
ether 8:0:20:ff:1b:5c
ge0:1: flags=1000851<UP,POINTOPOINT,RUNNING,MULTICAST,IPv4> mtu 1500 index 6
inet 192.168.0.57 --> 10.109.109.33 netmask ffffff00
root@e5kd6 # traceroute 10.109.109.33
traceroute: Warning: Multiple interfaces found; using 192.168.0.57 @ ge0:1
traceroute to 10.109.109.33 (10.109.109.33), 30 hops max, 40 byte packets
1192.168.0.2 (192.168.0.2)1.855 ms0.413 ms0.359 ms
210.109.109.33 (10.109.109.33)0.352 ms0.521 ms0.327 ms
已经按照既定端口ge0:1 通信
root@e5kd6 # netstat -rn
Routing Table: IPv4
Destination Gateway FlagsRef Use Interface
-------------------- -------------------- ----- ----- ------ ---------
10.109.109.33 192.168.0.57 UH 1 1ge0:1
192.168.00 192.168.0.57 U 1 0ge0
default 192.168.0.129 UG 1 194
127.0.0.1 127.0.0.1 UH 101964070lo0 自己搞个沙发坐坐。{:3_202:}{:3_202:} 谢谢分享 这个很不错的,顶! 本帖最后由 cwnlinux 于 2010-06-25 11:51 编辑
谢谢分享。非常不错。 谢谢楼主分享。。非常不错。。