Differences

This shows you the differences between two versions of the page.

zh-cn:doc:networking:network.interfaces [2014/03/04 09:47] (current)
Line 1: Line 1:
 +====== Linux 网络接口(Network Interfaces) ======
 +===== 网络接口类型 =====
 +[[wp>Linux kernel]] 内核通常区分为两种软件的网络接口
 +
 +==== 物理网络接口 ====
 +''eth0'', ''eth8'', ''radio0'', ''wlan19'', .. 这些符号总是代表着真实存在的网络设备。 例如: [[wp>Network interface controller|NIC]], [[wp>Wireless network interface controller|WNIC]] 或 其他一些 [[wp>Modem]]. 当[[wp>device driver]]被作为物理网络接口的驱动加载进内核,这些网络接口就可用了。
 +
 +
 +任何物理网络接口是由操作系统为用户命名的软件的网络接口,以使得操作系统配置物理网络设备并且将其集成到程序和脚本中。
 +
 +
 +==== 虚拟网络接口 ====
 +''lo'', ''eth0:1'', ''eth0.1'', ''vlan2'', ''br0'', ''pppoe-dsl'', ''gre0'', ''sit0'' ''tun0'', ''imq0'', ''teql0'', .. 这些都是不真实存在物理网络设备的虚拟的网络接口,但是linked(不知道如何翻译)到一个物理设备(否则他们是没有价值的)。发明虚拟网络接口是为了给予系统管理员配置基于linux的操作系统的最大的灵活性。一个虚拟的网络接口是一般联合一个物理网络接口(eth6)或其他的虚拟网络接口(eth6.9)或是独立的,例如:[[wp>Loopback#Virtual_network_interface|loopback interface]] ''lo''.
 +
 +=== 虚拟网络接口的类型 ===
 +  * <color maroon>**//别名(aliases)//**</color>: ''eth4:5'', ''eth4:6'', ..\\  IP-aliases是一个已经被废弃的管理单网卡多IP的方法。新的工具例如iproute2支持单个接口对应多个网络地址/配置,但是aliases依旧因为向后兼容的原因而支持。 [[https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/Documentation/networking/alias.txt|Documentation/networking/alias.txt]]
 +  * <color maroon>**//VLANs//**</color>: ''eth4.0'', ''eth4.1'', ''eth4.3'', ''vlan0'', ..\\ VLANs 用来将单独的第二层网络(数据链路层)分割成多个虚拟的。所有参与的网卡都必须支持[[wp>IEEE 802.1Q]],并又相应正确的配置。这一标准允许最多4096个VLANs (12Bits)
 +  * <color maroon>**//栈式VLANs(Stacked VLANs)//**</color>: [[wp>IEEE 802.1ad]]-support was mainlined in [[http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ad227ff89a7e6f05d07cd0acfd95ed3a24450ca|2013-04-19: net: vlan: add 802.1ad support]] Configuration is done using ''ip link'':<code bash>
 +ip link add link eth0 eth0.1000 type vlan proto 802.1ad id 1000
 +ip link add link eth0.1000 eth0.1000.1000 type vlan proto 802.1q id 1000
 +</code>
 +  * <color maroon>**//bridgeds//**</color>: ''br0'', ''br-lan'' \\ bridgeds用来使得多个虚拟或物理网络接口的行为好像他们仅有一个网络接口一样。(如同VLANs的反面一样)同样可以用在VPN 和 bridged接口上。 linux的以太网桥(linux ethernet bridge) 可以用来一起连接多个以太网设备。这些连接是完全透明的。连接到一个以太网设备的主机(hosts)看到直接连接到其他以太网设备的主机。[[https://forum.openwrt.org/viewtopic.php?id=45783|understanding how bridge-interfaces work]]
 +  * <color maroon>**//tunnel interfaces//**</color>: ''pppoe-dsl'', ''pppoa-dsl'', ''tun0'', ''vpn1'',\\ used to send packets over a [[wp>tunneling protocol]] such as [[wp>Generic Routing Encapsulation|GRE]], [[wp>IPsec]]  [[wp>Point-to-point protocol over Ethernet|PPPoE]], etc.
 +  * <color maroon>**//special purpose//**</color>: ''[[http://www.linuximq.net/|imq0]], [[http://lartc.org/howto/lartc.loadshare.html|teql3]]''\\ used to change the order of outgoing network packets, or incoming network packet
 +  * <color maroon>**//wireless operating mode virtual interfaces//**</color>: ''wlan0'', ''wlan0_1'', ''ath3'', ''ath_monitor'', ..\\ [[doc:howto:wireless.overview|Linux wireless subsystem]]:针对每个WNIC总是一个成为主要接口的物理网络接口相对应。这个主要接口是不可见的。 Then, depending on the wireless operating mode the master interface is configured to, //ad-hoc (IBSS), managed , AP , WDS, mesh point, monitor//, //wireless virtual network interfaces// with different properties are created. This is done automatically by default. When the WNIC driver is loaded, there always will be the master interface __and__ (at least) one virtual interface!
 +
 +
 +
 +Two network interfaces can also be bonded together (please see [[wp>Link aggregation]] and [[wp>Channel bonding]] and [[http://wiki.ubuntuusers.de/Netzwerkkarten_b%C3%BCndeln|Ubuntu Wiki]]), [[http://lxr.free-electrons.com/source/Documentation/networking/bonding.txt|Documentation/networking/bonding.txt]]
 +
 +| {{:meta:icons:tango:dialog-information.png?nolink}} |[[doc:techref:UCI]] is a small C utility designed to centralize configuration in OpenWrt.\\ ''[[doc:uci:network|/etc/config/network]]'' is the network configuration file.\\ ''[[doc:uci:wireless|/etc/config/wireless]]'' is the wireless configuration file.\\ <color maroon>**UCI creates an abstraction layer for configuring network interfaces**</color>:\\ In ''[[doc/uci/network|/etc/config/network]]'' you allocate a name like //lan// or //internet_wire// or //whatever// to each ''ifname''-variable for every device and then this name is consistently used through the entire UCI configuration. But this can only be used in conjunction with UCI!|
 +
 +===== OpenWrt default configuration =====
 +The OpenWrt default configuration is explained in ...
 +
 +
 +===== Current Utilities for Networking and Traffic Control =====
 +Most GNU/Linux distributions offer various software packages in their repositories which contain standard Unix networking tools for controlling the network subsystem of the Linux kernel; they serve the task of configuring network interfaces, routing tables, managing the ARP table, and so on. In Debian multiple such tools are combined into packages, e.g. [[http://packages.debian.org/jessie/net-tools|net-tools]], [[http://packages.debian.org/jessie/iproute2|iproute2]], [[http://packages.debian.org/wheezy/vlan|vlan]], [[http://packages.debian.org/jessie/bridge-utils|bridge-utils]], [[http://packages.debian.org/jessie/wireless-tools|wireless-tools]], [[http://packages.debian.org/jessie/iw|iw]] and some more.
 +
 +The utilities contained in the “net-tools”-suite are old and deprecated. The ones contained in the "iproute2"-suite communicate with the Linux kernel via the (rt)netlink interface, providing advanced features not available through the legacy "net-tools"- commands ''ifconfig'' and ''route''. See e.g. [[wp>iproute2]] or [[http://albanianwizard.org/linux-network-configuration-for-home-users.albanianwizard|net-tools VS iproute2]]) for a comparison.
 +
 +| {{:meta:icons:tango:dialog-information.png?nolink}}| In the OpenWrt software package repositories networking utilities are available as **separate ''[[doc:techref:opkg]]''-packages** while core utilities like ''ifconfig'', ''route'', ''netstat'' and ''vconfig'' are also contained in ''busybox'' as applets: ''busybox-ifconfig'', ''busybox-route'', etc. |
 +
 +
 +^ ''utility''            ^ ''invocation'' ^ Purpose  ^
 +| ''[[man>ip(8)|ip]]''    | ''ip link''      | network device configuration  |
 +| :::                    | ''ip addr''      | protocol IPv4 or IPv6 address management on a device  |
 +| :::                    | ''ip addrlabel''  | protocol address label management, label configuration for protocol address selection  |
 +| :::                    | ''ip l2tp''      | establish static (aka unmanaged) L2TPv3 Ethernet tunnels.\\ For unmanaged tunnels, there is no L2TP control protocol so no userspace daemon is required - tunnels are manually created by issuing commands at a local system and at a remote peer.\\ L2TPv3 is suitable for Layer-2 tunneling. Static tunnels are useful to establish network links across IP networks when the tunnels are fixed. L2TPv3 tunnels can carry data of more than one session. Each session is identified by a session_id and its parent tunnel's tunnel_id. A tunnel must be created before a session can be created in the tunnel. \\ When creating an L2TP tunnel, the IP address of the remote peer is specified, which can be either an IPv4 or IPv6 address. The local IP address to be used to reach the peer must also be specified. This is the address on which the local system will listen for and accept received L2TP data packets from the peer.\\ L2TPv3 defines two packet encapsulation formats: UDP or IP. UDP encapsulation is most common. IP encapsulation uses a dedicated IP protocol value to carry L2TP data without the overhead of UDP. Use IP encapsulation only when there are no NAT devices or firewalls in the network path.\\ When an L2TPv3 Ethernet session is created, a virtual network interface is created for the session, which must then be configured and brought up, just like any other network interface. When data is passed through the interface, it is carried over the L2TP tunnel to the peer. By configuring the system's routing tables or adding the interface to a bridge, the L2TP interface is like a virtual wire ([[doc/howto/pseudowire]]) connected to the peer.\\ Establishing an unmanaged L2TPv3 Ethernet pseudowire involves manually creating L2TP contexts on the local system and at the peer. Parameters used at each site must correspond or no data will be passed. No consistency checks are possible since there is no control protocol used to establish unmanaged L2TP tunnels. Once the virtual network interface of a given L2TP session is configured and enabled, data can be transmitted, even if the peer isn't yet configured. If the peer isn't configured, the L2TP data packets will be discarded by the peer.\\ To establish an unmanaged L2TP tunnel, use\\ ''ip l2tp add tunnel'' and ''l2tp add session'' commands described in this document. Then configure and enable the tunnel's virtual network interface, as required.\\ Note that unmanaged tunnels carry only Ethernet frames. If you need to carry PPP traffic (L2TPv2) or your peer doesn't support unmanaged L2TPv3 tunnels, you will need an L2TP server which implements the L2TP control protocol. The L2TP control protocol allows dynamic L2TP tunnels and sessions to be established and provides for detecting and acting upon network failures.\\ See [[https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/Documentation/networking/l2tp.txt|Documentation/networking/l2tp.txt]]  |
 +| :::                    | ''ip neigh''      | neighbour/arp tables management, ARP or NDISC cache entry |
 +| :::                    | ''ip netconf''    |network configuration monitoring\\ utility can monitor IPv4 and IPv6 parameters (see ''/proc/sys/net/ipv[4|6]/conf/[all|DEV]/'') like forwarding, rp_filter or mc_forwarding status. \\ ''ip netconf show''  |
 +| :::                    | ''ip netns''      | process network namespace management\\ A network namespace is logically another copy of the network stack, with its own routes, firewall rules, and network devices.  |
 +| :::                    | ''ip ntable''      | neighbour table configuration\\ controls the parameters for the neighbour tables |
 +| :::                    | ''ip route''      | routing table management. Configuration files are:\\ ''/etc/iproute2/ematch_map''\\ ''/etc/iproute2/group''\\ ''/etc/iproute2/rt_dsfield''\\ ''/etc/iproute2/rt_protos''\\ ''/etc/iproute2/rt_realms''\\ ''/etc/iproute2/rt_scopes''\\ ''[[doc/howto/notuci.config#etciproute2rt_tables|/etc/iproute2/rt_tables]]'' |
 +| :::                    | ''ip rule''      | routing policy database management |
 +| :::                    | ''ip maddr''      | multicast addresses management |
 +| :::                    | ''ip mroute''    | multicast routing cache management |
 +| :::                    | ''ip tunnel''    | tunnel over IP configuration  |
 +| :::                    | ''ip monitor''    | state monitoring, see ''rtmon''  |
 +| :::                    | ''ip xfrm''      | setting xfrm, framework for IPsec protocol |
 +| :::                    | ''ip tcp_metrics''  | used to manipulate entries in the Linux kernel that keep TCP information for IPv4 and IPv6 destinations. The entries are created when TCP sockets want to share information for destinations and are stored in a cache keyed by the destination address. The saved information may include values for metrics (initially obtained from routes), recent TSVAL for TIME-WAIT recycling purposes, state for the Fast Open feature, etc. For performance reasons the cache can not grow above configured limit and the older entries are replaced with fresh information, sometimes reclaimed and used for new destinations. The kernel never removes entries, they can be flushed only with this tool.\\ Type ''ip tcp_metrics show'' to show cached entries  |
 +| ''[[man>rtmon(8)|rtmon]]''  | | Listens to and monitors RTnetlink  |
 +| ''[[man>nstat(8)|nstat]]''  | | ''nstat'' and ''rtacct'' are simple tools to monitor kernel snmp counters and network interface statistics. |
 +| ''[[man>rtacct(8)|rtacct]]'' | | ::: |
 +| ''[[man>routel(8)|routel]]'' | | Set of helper //scripts// you can use instead of ''ip''-commands.\\ The ''routel'' script will list routes in a format that some might consider easier to interpret then the ip route list equivalent.\\ The ''routef'' script does not take any arguments and will simply flush the routing table down the drain. Beware! This means deleting all routes which will make your network unusable! |
 +| ''[[man>routef(8)|routef]]'' | | ::: |
 +| ''[[man>ss(8)|ss]]''    |  | utility to dump socket statistics. It allows showing information similar to the deprecated ''netstat''. ss can display more TCP and state informations than other tools. |
 +| ''[[man>tc(8)|tc]]''    |  | show / manipulate traffic control settings. tc is used to configure the [[doc/howto/packet.scheduler/packet.scheduler|Network packet scheduler]] of the Linux kernel  |
 +| ''[[man>lnstat(8)|lnstat]]''\\ ''[[man>ctstat(8)|ctstat]]''\\ ''[[man>rtstat(8)|rtstat]]''  | | Unified Linux network statistics\\ A generalized and more feature-complete replacement for the old ''rtstat''-utility. In addition to routing cache statistics, it supports any kind of statistics the Linux kernel exports via a file in ''/proc/net/stat/''.  |
 +| ''[[man>arpd(8)|arpd]]''  | | userspace arp daemon  |
 +| ''[[man>vconfig(8)|vconfig]]''  |  | VLAN (IEEE 802.1q) configuration program. Allows you to create and remove VLAN−devices on a VLAN enabled Linux kernel. VLAN−devices are virtual Ethernet devices which represents the virtual lans on the physical lan  |
 +| ''[[man>brctl(8)|brctl]]''  | | Linux Ethernet bridge administration  |
 +| ''[[man>bridge(8)|bridge]]'' | | show / manipulate bridge addresses and devices; ''bridge'' uses facilities added in Linux 3.0. Although the forwarding table is maintained on a per-bridge device basis the bridge device is not part of the syntax. This is a limitation of the underlying netlink neighbour message protocol. When displaying the forwarding table, entries for all bridges are displayed. Add/delete/modify commands determine the underlying bridge device based on the bridge to which the corresponding ethernet device is attached.  |
 +^  [[doc:howto/wireless.utilities|wireless utilities]]  ^^^
 +| ''[[man>iw(8)|iw]]'' | | show / manipulate wireless devices and their configuration  |
 +| ''[[doc:techref:iwinfo]]'' | | iwinfo is a CLI frontend to the library ''libinfo'', which assembles information from various places  |
 +
 +
 +===== Old and deprecated Utilities for Networking and Traffic Control =====
 +^ Purpose                                    ^ ''utility''                    ^ replaced with  ^
 +| IPv4/IPv6 address\\ and link configuration  | ''[[man>ifconfig(8)|ifconfig]]''  | ''ip addr'' and ''ip link''  |
 +| Routing tables                              | ''[[man>route(8)|route]]''          | ''ip route''  |
 +| Manipulate the kernel's [[wp>Address Resolution Protocol|ARP]] table. Add, delete an entry, or to dump the entire cache  | ''[[man>arp(8)|arp]]''              | ''ip neigh''  |
 +| Adds, changes, deletes and shows an interface's tunnels | ''iptunnel''  | ''ip tunnel''  |
 +| Adds, deletes and shows an interface's multicast addresses | ''ipmaddr'' | ''ip maddr''  |
 +| Report network connections, routing tables, and interface statistics | ''[[man>netstat(8)|netstat]]''      | ''ss''  |
 +| Manipulate the kernel's [[wp>Reverse Address Resolution Protocol|RARP]] table  | ''[[man>rarp(8)|rarp]]''  |  |
 +| Name network interfaces based on MAC addresses  | ''[[man>nameif(8)|nameif]]''        |  |
 +| Fine tune the PLIP device parameters, to improve its performance  | ''[[man>plipconfig(8)|plipconfig]]'' |  |
 +| Attaches a network interface to a serial line. This allows to use normal terminal lines for point-to-point links to other computers.  | ''[[man>slattach(8)|slattach]]''    |  |
 +| Checks or sets the status of a network interface's Media Independent Interface (MII) unit | ''[[man>mii-tool(8)|mii-tool]]''    |  |
 +| configure a wireless network interface | ''[[man>iwconfig(8)|iwconfig]]'' | ''iw'' |
 +| Display Wireless Events generated by drivers and setting changes | ''[[man>iwevent(8)|iwevent]]'' | ''iw'' |
 +| Report ESSID, NWID or AP/Cell Address of wireless network | ''[[man>iwgetid(8)|iwgetid]]'' | ''iw'' |
 +| Get more detailed wireless information from a wireless interface | ''[[man>iwlist(8)|iwlist]]''  | ''iw'' |
 +| configure optionals (private) parameters of a wireless network interface | ''[[man>iwpriv(8)|iwpriv]]''  | ''iw'' |
 +| Get wireless statistics from specific nodes  | ''[[man>iwspy(8)|iwspy]]''    | ''iw'' |

Back to top

zh-cn/doc/networking/network.interfaces.txt · Last modified: 2014/03/04 09:47 (external edit)