自己用的VMware Fusion并不像云计算里的虚拟机有一些防止注入和篡改网络信息的措施,主要是通过DHCP来进行分配,那么只要有物理网络变更,极有可能虚拟机会重新从IP池子里获取一个新的IP地址,像我自己部署的K8S集群,如果IP地址变更,可能部署后写入到配置当中的变更前网络信息就没用了,因此最好都设置一下静态IP地址,保证我的集群环境网络不发生变化
想要配置网络,首先得知道一些具体的网络信息,比如Gateway,DHCP Server,DNS等,这个得具体从VMware Fusion来查看
假如这里用的是NAT网络,那么对应的就是宿主机的vmnet8网卡,在MAC上具体配置目录为:/Library/Preferences/VMware Fusion/vmnet8
既然是要设置静态IP地址,那么首先必须知道池子,因此可以查看dhcp配置,在dhcpd.conf里
subnet 172.16.247.0 netmask 255.255.255.0 {
range 172.16.247.128 172.16.247.254;
option broadcast-address 172.16.247.255;
option domain-name-servers 172.16.247.2;
option domain-name localdomain;
default-lease-time 1800; # default is 30 minutes
max-lease-time 7200; # default is 2 hours
option netbios-name-servers 172.16.247.2;
option routers 172.16.247.2;
}
host vmnet8 {
hardware ethernet 00:50:56:C0:00:08;
fixed-address 172.16.247.1;
option domain-name-servers 0.0.0.0;
option domain-name "";
option routers 0.0.0.0;
}
####### VMNET DHCP Configuration. End of "DO NOT MODIFY SECTION" #######
可以看到子网网段172.16.247.0/24,掩码虽然是255.255.255.0,可是范围已经限定128-254,因此IP地址只能在这个范围里取,其它的广播地址,DNS等等,包括网关,需要的信息有:
IP:172.16.247.128~172.16.247.254
Gateway:172.16.247.2
DNS:172.16.247.2
真正的流程就是虚拟机创建之后,初始化网络,给DHCP Server发送请求,Server会基于IP池子返回一个Offer给虚拟机,从而动态分配该IP地址
至于vmnet8,我的理解作为虚拟机出口的网关设备,宿主机上详情如下
vmnet8: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 00:50:56:c0:00:08 inet 172.16.247.1 netmask 0xffffff00 broadcast 172.16.247.255
知道了这些信息,也许你会觉得,不就是静态IP地址么,直接操作系统里配置不就行了,假如是CentOS,直接网卡配置文件里
ONBOOT="yes" BOOTPROTO="static" IPADDR=172.16.247.132 GATEWAY=172.16.247.2 NETMASK=255.255.255.0 DNS1=172.16.247.2
ONBOOT开机启动,BOOTPROTO设置静态或者DHCP,IPADDR,GATEWAY,NETMASK,DNS1没什么可说的
这样是可以的,这里相当于是客户OS里进行配置,但是如果是从控制者的角度来看,还是要从VMware Fusion来设定
具体dhcpd.conf添加下面内容
####### VMNET DHCP Configuration. End of "DO NOT MODIFY SECTION" #######
host 2020 {
hardware ethernet 00:0c:29:65:92:ce;
fixed-address 172.16.247.132;
}
这样就是对于hostname为2020的虚拟机,对于该MAC地址的网卡设定fixed-address的IP地址
接着,通过下面三步网络生效
刷新配置
lihui@2019 $ sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --configure Stopped DHCP service on vmnet1 Disabled hostonly virtual adapter on vmnet1 Stopped DHCP service on vmnet8 Stopped NAT service on vmnet8 Disabled hostonly virtual adapter on vmnet8 Stopped all configured services on all networks Backed up existing network settings to backup file "/tmp/vmware.6BBWm8" Restored network settings
先stop
lihui@2019 $ sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --stop Stopped all configured services on all networks
再启动
lihui@2019 $ sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --start Enabled hostonly virtual adapter on vmnet1 Started DHCP service on vmnet1 Started NAT service on vmnet8 Enabled hostonly virtual adapter on vmnet8 Started DHCP service on vmnet8 Started all configured services on all networks
VMwareFusion配置完之后,可以重启下虚拟机重新获取IP地址,也可以直接手动虚拟机dhclient更新
[root@2020 ~]# dhclient -v ens33 Internet Systems Consortium DHCP Client 4.2.5 Copyright 2004-2013 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Listening on LPF/ens33/00:0c:29:65:92:ce Sending on LPF/ens33/00:0c:29:65:92:ce Sending on Socket/fallback DHCPDISCOVER on ens33 to 255.255.255.255 port 67 interval 6 (xid=0x1a7227f1) DHCPREQUEST on ens33 to 255.255.255.255 port 67 (xid=0x1a7227f1) DHCPOFFER from 172.16.247.254 DHCPACK from 172.16.247.254 (xid=0x1a7227f1) bound to 172.16.247.132 -- renewal in 807 seconds.
可以宿主机简单抓个包,DHCP是UDP报文
lihui@2019 $ sudo tcpdump -i vmnet8 udp port 67 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vmnet8, link-type EN10MB (Ethernet), capture size 262144 bytes 21:58:07.680926 IP https://account.com:443.bootpc > broadcasthost.bootps: BOOTP/DHCP, Request from 00:0c:29:65:92:ce (oui Unknown), length 300 21:58:07.681022 IP 172.16.247.254.bootps > 172.16.247.132.bootpc: BOOTP/DHCP, Reply, length 300 21:58:07.681825 IP https://account.com:443.bootpc > broadcasthost.bootps: BOOTP/DHCP, Request from 00:0c:29:65:92:ce (oui Unknown), length 300 21:58:07.687301 IP 172.16.247.254.bootps > 172.16.247.132.bootpc: BOOTP/DHCP, Reply, length 300
最后做一个简单的测试,在虚拟机里发送ICMP报文
[root@2020 ~]# ping 114.114.114.114 PING 114.114.114.114 (114.114.114.114) 56(84) bytes of data. 64 bytes from 114.114.114.114: icmp_seq=1 ttl=128 time=16.3 ms 64 bytes from 114.114.114.114: icmp_seq=2 ttl=128 time=21.0 ms 64 bytes from 114.114.114.114: icmp_seq=3 ttl=128 time=42.3 ms 64 bytes from 114.114.114.114: icmp_seq=4 ttl=128 time=21.9 ms 64 bytes from 114.114.114.114: icmp_seq=5 ttl=128 time=17.0 ms 64 bytes from 114.114.114.114: icmp_seq=6 ttl=128 time=19.1 ms
宿主机vmnet8网卡抓包
lihui@2019 $ sudo tcpdump -i vmnet8 icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vmnet8, link-type EN10MB (Ethernet), capture size 262144 bytes 22:05:24.890599 IP 172.16.247.132 > public1.114dns.com: ICMP echo request, id 30659, seq 1, length 64 22:05:24.906781 IP public1.114dns.com > 172.16.247.132: ICMP echo reply, id 30659, seq 1, length 64 22:05:25.889922 IP 172.16.247.132 > public1.114dns.com: ICMP echo request, id 30659, seq 2, length 64 22:05:25.910666 IP public1.114dns.com > 172.16.247.132: ICMP echo reply, id 30659, seq 2, length 64 22:05:26.890586 IP 172.16.247.132 > public1.114dns.com: ICMP echo request, id 30659, seq 3, length 64 22:05:26.932837 IP public1.114dns.com > 172.16.247.132: ICMP echo reply, id 30659, seq 3, length 64 22:05:27.891736 IP 172.16.247.132 > public1.114dns.com: ICMP echo request, id 30659, seq 4, length 64 22:05:27.913392 IP public1.114dns.com > 172.16.247.132: ICMP echo reply, id 30659, seq 4, length 64 22:05:28.892437 IP 172.16.247.132 > public1.114dns.com: ICMP echo request, id 30659, seq 5, length 64 22:05:28.909233 IP public1.114dns.com > 172.16.247.132: ICMP echo reply, id 30659, seq 5, length 64
看下虚拟机里路由走向
[root@2020 ~]# ip r get 114.114.114.114
114.114.114.114 via 172.16.247.2 dev ens33 src 172.16.247.132
cache
吓一跳为172.16.247.2
[root@2020 ~]# arp -a gateway (172.16.247.2) at 00:50:56:e0:fa:3b [ether] on ens33 ? (172.16.247.1) at 00:50:56:c0:00:08 [ether] on ens33 ? (172.16.247.137) at on ens33
也就是说,虚拟机报文直接通过网关进行转发,vmnet8和网关同一网段因此直接跳到网关
