Add to collection(s) Add to saved
  1. No category
Uploaded by Phương Nguyễn Thế

Linux Networking: Routing & Advanced Configuration

advertisement 
Computer Hardware & Network Institute
LINUX-II
CHAPTER 30
Configuring Routing and Advanced
Networking
Module: …………….....................
1
Computer Hardware & Network Institute
Chapter Objectives
• Configuring Aggregated Network Interfaces
• Configuring IPv6 Addresses
• Routing IP Traffic
Module: …………….....................
2
Computer Hardware & Network Institute
Recall
1. Which rsyslogd module should you use to enable
reception of journald log messages?
2. What is the name of the deprecated module that can be
used to enable receiving journald messages in rsyslogd?
3. To make sure that the legacy method for receiving
messages from journald in rsyslogd is not used, which
additional parameter should be used?
4. Which configuration file contains settings that allow you
to further tune the working of journald?
5. Which parameter takes care of forwarding messages
from journald to rsyslogd?
Module: …………….....................
3
Computer Hardware & Network Institute
Recall (cont.)
6. Which rsyslogd module can you use to include messages
from a specific non-rsyslog generated log file?
7. Which rsyslogd module do you need to use to forward
messages to a MariaDB database?
8. Which two lines do you need to include in rsyslog.conf
to allow the current log server to receive messages over
TCP?
9. How do you configure the local firewalld firewall to allow
for log message reception over TCP port 514?
10. Which line do you include on a server where you want
to forward rsyslog messages to logserver.example.com,
which is configured to receive messages using UDP and the
default port?
Module: …………….....................
4
Computer Hardware & Network Institute
Configuring Aggregated Network
Interfaces
• On network servers, it is an important requirement to
ensure that the network interface is available at all times
• On RHEL 7, you can create aggregated network interfaces.
Use network teaming or network bonding to
accomplish this goal.
• In earlier versions of RHEL, network bonding was the
default method for creating aggregated network
interfaces.
• In RHEL 7, network teaming has been added as a
solution.
Module: …………….....................
5
Computer Hardware & Network Institute
Using Teaming
• Network teaming is new in RHEL 7.
• The solution consists of a small kernel driver and a
daemon that is available in userspace: teamd
• The kernel takes care of handling network packets, while
the teamd driver handles logic and interface processing.
• To determine how exactly this is happening, different
runners are used.
• Runners in teaming are equivalent to the bonding modes.
• They are used to define the logic of traffic handling between
the interfaces that are involved in the configuration.
Module: …………….....................
12
Computer Hardware & Network Institute
Using Teaming (2)
• Teaming Runners Overview:
Module: …………….....................
13
Computer Hardware & Network Institute
Configuring Network Teams
• A team interface can be created with either the nmcli or
the nmtui utilities.
• Creating a team interface involves a couple of steps:
1. Create the team interface.
2. Add IP address configuration.
3. Assign the port interfaces.
4. Bring the team and port interfaces up.
Module: …………….....................
14
Computer Hardware & Network Institute
Looking Behind the Teaming
Configuration
• The teaming configuration is stored in three different
levels of files.
• You can modify the contents of the configuration files in
/etc/sysconfig/network-scripts directly.
• After modifying, use nmcli con reload so that NetworkManager reads the configuration changes.
Module: …………….....................
19
Computer Hardware & Network Institute
Looking Behind the Teaming
Configuration (2)
• On top of the hierarchy is the team interface file:
cat ifcfg-team0
DEVICE=nm-team
TEAM_CONFIG="{ \"runner\": {\"name\": \"loadbalance\"}}"
DEVICETYPE=Team
BOOTPROTO=dhcp
…
NAME=team0
UUID=679b70f9-1445-4e25-9f66-93b358974627
ONBOOT=yes
IPADDR0=192.168.4.220
PREFIX0=24
…
Module: …………….....................
20
Computer Hardware & Network Institute
Looking Behind the Teaming
Configuration (3)
• The second level of configuration file is for the teaming
slave:
cat ifcfg-team-slave-eno16777736
BOOTPROTO=none
…
NAME=team-slave-eno16777736
UUID=6ffc4eff-adde-474b-8ddc-1e6de1c5b3b5
DEVICE=eno16777736
ONBOOT=yes
TEAM_MASTER=679b70f9-1445-4e25-9f66-93b358974627
DEVICETYPE=TeamPort
Module: …………….....................
21
Computer Hardware & Network Institute
Looking Behind the Teaming
Configuration (4)
• The third tier consists of the device file:
cat ifcfg-eno16777736
HWADDR=00:0C:29:88:D5:53
TYPE=Ethernet
BOOTPROTO=dhcp
…
NAME=eno16777736
UUID=e94fe839-6fdf-4fc5-bf33-3c2a1cfbb90e
ONBOOT=no
Module: …………….....................
22
Computer Hardware & Network Institute
Looking Behind the Teaming
Configuration (5)
• Teaming Configuration Files Parameter Overview:
Module: …………….....................
23
Computer Hardware & Network Institute
Looking Behind the Teaming
Configuration (6)
• Five essential steps that should be applied in that
specific order:
• Note the local device names.
• Set local interfaces to not start automatically.
• Set IP configuration to be disabled on local interfaces and
enable it on the team connection.
• Create the team device, specify a name.
• Add device types based on their names.
Module: …………….....................
24
Computer Hardware & Network Institute
Troubleshooting Network Teaming
• When troubleshooting network team interfaces, you
must keep the following particularities in mind:
• The team interface is started when one of its port
interfaces is started, but this does not start all other port
interfaces as well.
• Starting a team interface does not automatically start all
port interfaces.
• Stopping a team interface does stop all involved port
interfaces.
• Static IP connections can be started on a team interface
that does not have any ports currently active.
• DHCP connections can only be started when ports are
available.
Module: …………….....................
25
Computer Hardware & Network Institute
Troubleshooting Network Teaming (2)
• A useful utility to debug network teaming is teamnl
• teamnl team0 ports to see the ports in the team device
and their current state.
• teamnl team0 options dumps the options that are
currently set for the teaming interface.
• teamdctl team0 config dump dumps the configuration
in the JSON format that is used by the teaming driver (can
redirect the output of this command to a file).
Module: …………….....................
26
Computer Hardware & Network Institute
Understanding IPv6 Addresses
• As the number of available IPv4 addresses currently is
exhausted, when IPv6 was designed a total of 128 bits
was reserved for creating IPv6 addresses.
• To make it easier to manage IPv6 addresses, the
standard notation of an IPv6 address is as a
hexadecimal number.
• Because hexadecimal numbers are not easy to read, the
IPv6 address is noted as 8 groups of 16 bits:
fe80:0000:0000:0010:29ff:fee4:714a:0001
Module: …………….....................
27
Computer Hardware & Network Institute
Understanding IPv6 Addresses (2)
• To make it a bit easier to read, leading 0s do not have to
be written, and long strings of all 0s can be summarized
as ::
fe80::10:29ff:fee4:714a:1
• As the available range of IPv6 addresses is so large,
IPv6 uses a standard subnet mask of /64.
• If an organization needs to assign a specific subnet, it
should request a shorter network prefix, like /48 instead
of /64, which would leave 16 bits for subnet allocation.
Module: …………….....................
28
Computer Hardware & Network Institute
Understanding IPv6 Addresses (3)
• In IPv6, a few specific IP addresses and address ranges
are reserved:
Module: …………….....................
29
Computer Hardware & Network Institute
Understanding IPv6 Addresses (4)
• In IPv6, a few specific IP addresses and address ranges
are reserved (2):
Module: …………….....................
30
Computer Hardware & Network Institute
Understanding IPv6 Addresses (5)
• A specific IPv6 address is the link-local address. This
is an unroutable address what is assigned to IPv6
interfaces automatically.
• The link-local address is created automatically based on
the network prefix fe80::/64 followed by the MAC
address on the network card, where fffe is inserted in
the middle of the MAC address part.
• If the MAC address were 02:0c:29:04:71:4a, the linklocal address would be:
fe80::20c:29ff:fe04:714a/64
Module: …………….....................
31
Computer Hardware & Network Institute
Understanding IPv6 Addresses (6)
• If you need IPv6 addresses for internal use only, and
want to make sure that these addresses cannot be
reached on an external network, consider using unique
local addresses.
• Like the private addresses in IPv4, these addresses can
be used to connect to nodes on the Internet only if NAT
is used.
Module: …………….....................
32
Computer Hardware & Network Institute
Understanding IPv6 Addresses (7)
• In IPv6, there is no broadcast anymore
• Multicast plays a much larger role in IPv6 than it did in
IPv4.
• An important multicast address is ff02::1, which is the allnodes link-local address.
• You need to add the interface you want to use while using
this address, so you use ping6 ff02::1%eth0 to ping all
nodes on the local network connected to the eth0
interface.
Module: …………….....................
33
Computer Hardware & Network Institute
Managing IPv6 Address Configurations
• IPv6 addresses can be assigned manually or through
DHCP (1):
• When you use DHCP:
• An IPv6 host uses the multicast address ff02::1:2 to port
547/UDP, which belongs to the all-dhcp-servers link-local
multicast group.
• The DHCPv6 server sends an answer to port 546 on the
client to provide it with an IPv6 address.
Module: …………….....................
34
Computer Hardware & Network Institute
Managing IPv6 Address Configurations (2)
• IPv6 addresses can be assigned manually or through
DHCP (2):
• As an alternative to using DHCP, IPv6 supports SLAAC
(stateless address autoconfiguration):
• The host brings up its interface with a link-local fe80::/64
address.
• Then it sends a router solicitation request to ff02::2, which
is the all-routers link-local multicast group.
• An IPv6 router on that link then replies on the link-local
address with a network prefix.
• The host then appends its MAC address with the fffe
padding to create a unique IPv6 address.
Module: …………….....................
35
Computer Hardware & Network Institute
Managing IPv6 Address Configurations (3)
• IPv6 addresses can be assigned manually or through
DHCP (3):
• A third option to provide IPv6 addresses is through
manual configuration, the following node parts cannot be
used:
• The all-0s identifier 0000:0000:0000:0000, which is used
as the subnet router anycast address by all routers on the
link
• The identifiers fdff:ffff:ffff:ff80 through fdff:ffff:ffff:ffff
Module: …………….....................
36
Computer Hardware & Network Institute
Managing IPv6 Address Configurations (4)
• To assign IPv6 addresses, the nmtui and the nmcli
utilities can be used.
• Most commands work just like how IPv4 is configured:
• Adds IPv4 and IPv6 address configuration to the interface
at the same time :
nmcli con add con-name eno16777736 type ethernet
ifname eno16777736 ip6 2001:db8:0:1::100/64 gw6
2001:db8:0:1::1 ip4 192.168.4.122/24 gw4
192.168.4.1
• Filtering out only the IPv6-related information on
eno16777736:
nmcli con show eno1 | grep ipv6
Module: …………….....................
37
Computer Hardware & Network Institute
Managing IPv6 Address Configurations (5)
• Most commands work just like how IPv4 is configured:
• Modifies the statically assigned IPv6 address:
nmcli con mod eno16777736 ipv6.address
“2001:db8:0:1::1”
• Adds the Google DNS server to the current list of DNS
servers:
nmcli con mod eno16777736 +ipv6.dns
2001:4860:4860::8888
• Notice the use of the +, which adds a value to the current
configuration.
Module: …………….....................
38
Computer Hardware & Network Institute
Managing IPv6 Address Configurations (6)
• After setting IP address configuration, you can verify it
using common tools:
• ip addr show
• ip route show
• To monitor IPv6 configuration only, you can use the -6
argument to the ip command:
• Shows IPv6 addresses only: ip -6 addr show
• Shows IPv6 routing configuration only: ip -6 router
show
Module: …………….....................
39
Computer Hardware & Network Institute
Troubleshooting IPv6
• To ping a specific address: ping6 2001:db8:0:1::1
• To ping all multicast addresses on the link connected to
eth0: ping6 ff02::%eth0
• To analyze routing information in an IPv6 network, use
the tracepath6 command.
• For information about ports and services that are in use,
you can use either the ss or the netstat command,
which by default show IPv6-related information.
Module: …………….....................
40
Computer Hardware & Network Institute
Enabling Routing
• Every RHEL 7 system can be configured as a router:
• The only requirement is that multiple network devices
are available to route network traffic through.
• Set the value in the /proc/sys/net/ipv4/ip_forward
to 1:
echo 1 > /proc/sys/net/ipv4/ip_forward
• To make the configuration persistent:
• Create a file in the /etc/sysctl.d directory
• Free to select a name for the file you want to create, but
the filename must have .conf in the end of it.
• Make sure it contains the following contents:
net.ipv4.ip_forward = 1
• When you restart your server, this command makes the
setting persistent.
Module: …………….....................
41
Computer Hardware & Network Institute
Configuring Custom Routes
• On most servers, the only route that is set is the default
gateway. The ip route show command shows to which
IP address the default route is currently set.
• To set a custom route, a few parameters need to be
specified:
• The network IP address.
• The netmask that should be used.
• The IP address of the router that is addressed to reach the
specific network.
• The metric, which indicates the relative price of a route.
The lower the metric, the more likely that a specific route
is used if multiple paths exist to the same destination.
Module: …………….....................
42
Computer Hardware & Network Institute
Configuring Custom Routes (2)
• The easiest way to configure custom routes is to use:
• The graphical NetworkManager utility
• The nmtui text-driven utility
• Using this utility, you can specify custom routes by
entering the network address, the associated netmask, the
gateway that needs to be addressed, and the metric
associated with that route.
• The results are written to a file with the name
/etc/sysconfig/network-scripts/route-interface
Module: …………….....................
43
Computer Hardware & Network Institute
Configuring Custom Routes (3)
• Sample Contents of the Route Configuration File:
cat /etc/sysconfig/network-scripts/route-eno16777736
ADDRESS0=10.0.0.0
NETMASK0=255.255.255.0
GATEWAY0=192.168.4.1
METRIC0=10
Module: …………….....................
44
Computer Hardware & Network Institute
Summary
• In this chapter, you learnt:
• How to configure advanced networking features
• Enable network link aggregation.
• Using teaming and bonding.
• How to configure IPv6 addresses.
• How to configure custom routes on RHEL 7.
Module: …………….....................
45
Computer Hardware & Network Institute
Review Questions
1. Which runner do you use if you want to use the 802.3ad
link aggregation protocol on a teamed link?
2. Which command enables you to see current states in a
teamed network interface?
3. Which man page would you consult to get an overview
of nmcli examples that include examples on how to create
a teamed interface?
4. Which parameter is used in the team port configuration
file to indicate which team this interface is a part of?
5. Which command enables you to see the current state of
ports in a team interface?
Module: …………….....................
46
Computer Hardware & Network Institute
Review Questions (cont.)
6. Which IP address is used by default for link local IP
addresses?
7. Which command shows all nodes configured with an
IPv6 address that are reachable through the network
device eth0?
8. Which four elements are required in a routing
configuration file?
9. Which file would you expect to contain the routing
configuration for the eno1 interface?
10. How can you configure your server’s kernel for packet
forwarding?
Module: …………….....................
47
Computer Hardware & Network Institute
Quiz
1. Which runner should you use if you want a simple
solution that balances load across different interfaces,
where no additional protocol support is needed on the
switches that are involved?
a. roundrobin
b. activebackup
c. loadbalance
d. lacp
Module: …………….....................
48
Computer Hardware & Network Institute
Quiz
2. Which of the following approaches cannot be used to
create a teaming configuration?
a. Edit the configuration files in /etc/sysconfig/networkscripts manually
b. The graphical NetworkManager applet
c. nmtui
d. nmcli
3. Which configuration file contains the IP configuration
that is used by a team device?
a. ifcfg-team
b. ifcfg-team-slave
c. ifcfg-device-interface
d. ifcfg-device
Module: …………….....................
49
Computer Hardware & Network Institute
Quiz
4. Different configuration files are used in setting up a
teaming configuration. Which of the following is not a part
of them?
a. ifcfg-team
b. ifcfg-team-slave
c. ifcfg-device-interface
d. ifcfg-device
Module: …………….....................
50
Computer Hardware & Network Institute
Quiz
5. Which of the following statements about the network
team interface is not true?
a. Starting a team interface automatically starts all port
interfaces.
b. Starting a port interface will start the team interface.
c. A team interface without any associated ports can start
static IP connections.
d. A team interface without any associated ports cannot start
DHCP connections.
Module: …………….....................
51
Computer Hardware & Network Institute
Quiz
6. What would be the IPv6 link local address for an
interface that has the MAC address 02:0c:29:e4:71:4a?
a. 20c:29ff:fee4:714a
b. fe80::20c:29ff:fee4:714a
c. 2000::20c:29ff:fee4:714a
d. 2000:fffe:20c:29e4:714a
7. Which command enables you to ping all IPv6 nodes that
are on the local network that is connected through the eth0
interface?
a. ping6 fe80::1%eth0
b. ping6 fe80::1 eth0
c. ping6 ff02::1%eth0
d. ping6 ff02::1 eth0
Module: …………….....................
52
Computer Hardware & Network Institute
Quiz
8. Which items are wrong in the following command
(choose multiple)?
nmcli con add con-name eno16777736 type
ethernet ifname eno16777736 ipv6
2002:db:0:1::100/64 gw6 2002:db:0:1::1 ipv4
192.16 8.4. 122/24 gw4 192.16 8.4. 1 ?
a. gw6 should be gwv6 .
b. gw4 should be gwv4 .
c. ipv6 should be ip6 .
d. ipv4 should be ip4 .
Module: …………….....................
53
Computer Hardware & Network Institute
Quiz
9. After setting an IPv6 address, which command enables
you to make sure that the interface does not try to get an
address using DHCP anymore?
a. nmcli con mod ifname method manual
b. nmcli mod ifname manual
c. nmcli con ifname method manual
d. nmcli con mod ifname ipv6.method manual
Module: …………….....................
54
Computer Hardware & Network Institute
Quiz
10. How do you enable packet forwarding on interfaces on
an RHEL 7 host?
a. There need to be static entries for all routes that packets
have to be forwarded to.
b. Use echo 1 > /proc/sys/net/ipv4/ip_forward to enable
kernel-level IP forwarding.
c. Make sure that the radvd service is started to route
packets.
d. Use echo 1 > /proc/sys/net/routing .
Module: …………….....................
55
Related documents
ITU-T IPv6 Workshop Abstract Speaker: Session:
ITU-T IPv6 Workshop Abstract Speaker: Session:
ITU-T IPv6 Workshop Abstract Speaker: Session:
ITU-T IPv6 Workshop Abstract Speaker: Session:
Understanding IP Addresses: IPv4, IPv6, and Network Basics
Understanding IP Addresses: IPv4, IPv6, and Network Basics
ITU-T IPv6 Workshop Abstract Speaker: Session: 1.4
ITU-T IPv6 Workshop Abstract Speaker: Session: 1.4
Download
advertisement