Computer Hardware & Network Institute LINUX-II CHAPTER 30 Configuring Routing and Advanced Networking Module: ……………..................... 1 Computer Hardware & Network Institute Chapter Objectives • Configuring Aggregated Network Interfaces • Configuring IPv6 Addresses • Routing IP Traffic Module: ……………..................... 2 Computer Hardware & Network Institute Recall 1. Which rsyslogd module should you use to enable reception of journald log messages? 2. What is the name of the deprecated module that can be used to enable receiving journald messages in rsyslogd? 3. To make sure that the legacy method for receiving messages from journald in rsyslogd is not used, which additional parameter should be used? 4. Which configuration file contains settings that allow you to further tune the working of journald? 5. Which parameter takes care of forwarding messages from journald to rsyslogd? Module: ……………..................... 3 Computer Hardware & Network Institute Recall (cont.) 6. Which rsyslogd module can you use to include messages from a specific non-rsyslog generated log file? 7. Which rsyslogd module do you need to use to forward messages to a MariaDB database? 8. Which two lines do you need to include in rsyslog.conf to allow the current log server to receive messages over TCP? 9. How do you configure the local firewalld firewall to allow for log message reception over TCP port 514? 10. Which line do you include on a server where you want to forward rsyslog messages to logserver.example.com, which is configured to receive messages using UDP and the default port? Module: ……………..................... 4 Computer Hardware & Network Institute Configuring Aggregated Network Interfaces • On network servers, it is an important requirement to ensure that the network interface is available at all times • On RHEL 7, you can create aggregated network interfaces. Use network teaming or network bonding to accomplish this goal. • In earlier versions of RHEL, network bonding was the default method for creating aggregated network interfaces. • In RHEL 7, network teaming has been added as a solution. Module: ……………..................... 5 Computer Hardware & Network Institute Using Teaming • Network teaming is new in RHEL 7. • The solution consists of a small kernel driver and a daemon that is available in userspace: teamd • The kernel takes care of handling network packets, while the teamd driver handles logic and interface processing. • To determine how exactly this is happening, different runners are used. • Runners in teaming are equivalent to the bonding modes. • They are used to define the logic of traffic handling between the interfaces that are involved in the configuration. Module: ……………..................... 12 Computer Hardware & Network Institute Using Teaming (2) • Teaming Runners Overview: Module: ……………..................... 13 Computer Hardware & Network Institute Configuring Network Teams • A team interface can be created with either the nmcli or the nmtui utilities. • Creating a team interface involves a couple of steps: 1. Create the team interface. 2. Add IP address configuration. 3. Assign the port interfaces. 4. Bring the team and port interfaces up. Module: ……………..................... 14 Computer Hardware & Network Institute Looking Behind the Teaming Configuration • The teaming configuration is stored in three different levels of files. • You can modify the contents of the configuration files in /etc/sysconfig/network-scripts directly. • After modifying, use nmcli con reload so that NetworkManager reads the configuration changes. Module: ……………..................... 19 Computer Hardware & Network Institute Looking Behind the Teaming Configuration (2) • On top of the hierarchy is the team interface file: cat ifcfg-team0 DEVICE=nm-team TEAM_CONFIG="{ \"runner\": {\"name\": \"loadbalance\"}}" DEVICETYPE=Team BOOTPROTO=dhcp … NAME=team0 UUID=679b70f9-1445-4e25-9f66-93b358974627 ONBOOT=yes IPADDR0=192.168.4.220 PREFIX0=24 … Module: ……………..................... 20 Computer Hardware & Network Institute Looking Behind the Teaming Configuration (3) • The second level of configuration file is for the teaming slave: cat ifcfg-team-slave-eno16777736 BOOTPROTO=none … NAME=team-slave-eno16777736 UUID=6ffc4eff-adde-474b-8ddc-1e6de1c5b3b5 DEVICE=eno16777736 ONBOOT=yes TEAM_MASTER=679b70f9-1445-4e25-9f66-93b358974627 DEVICETYPE=TeamPort Module: ……………..................... 21 Computer Hardware & Network Institute Looking Behind the Teaming Configuration (4) • The third tier consists of the device file: cat ifcfg-eno16777736 HWADDR=00:0C:29:88:D5:53 TYPE=Ethernet BOOTPROTO=dhcp … NAME=eno16777736 UUID=e94fe839-6fdf-4fc5-bf33-3c2a1cfbb90e ONBOOT=no Module: ……………..................... 22 Computer Hardware & Network Institute Looking Behind the Teaming Configuration (5) • Teaming Configuration Files Parameter Overview: Module: ……………..................... 23 Computer Hardware & Network Institute Looking Behind the Teaming Configuration (6) • Five essential steps that should be applied in that specific order: • Note the local device names. • Set local interfaces to not start automatically. • Set IP configuration to be disabled on local interfaces and enable it on the team connection. • Create the team device, specify a name. • Add device types based on their names. Module: ……………..................... 24 Computer Hardware & Network Institute Troubleshooting Network Teaming • When troubleshooting network team interfaces, you must keep the following particularities in mind: • The team interface is started when one of its port interfaces is started, but this does not start all other port interfaces as well. • Starting a team interface does not automatically start all port interfaces. • Stopping a team interface does stop all involved port interfaces. • Static IP connections can be started on a team interface that does not have any ports currently active. • DHCP connections can only be started when ports are available. Module: ……………..................... 25 Computer Hardware & Network Institute Troubleshooting Network Teaming (2) • A useful utility to debug network teaming is teamnl • teamnl team0 ports to see the ports in the team device and their current state. • teamnl team0 options dumps the options that are currently set for the teaming interface. • teamdctl team0 config dump dumps the configuration in the JSON format that is used by the teaming driver (can redirect the output of this command to a file). Module: ……………..................... 26 Computer Hardware & Network Institute Understanding IPv6 Addresses • As the number of available IPv4 addresses currently is exhausted, when IPv6 was designed a total of 128 bits was reserved for creating IPv6 addresses. • To make it easier to manage IPv6 addresses, the standard notation of an IPv6 address is as a hexadecimal number. • Because hexadecimal numbers are not easy to read, the IPv6 address is noted as 8 groups of 16 bits: fe80:0000:0000:0010:29ff:fee4:714a:0001 Module: ……………..................... 27 Computer Hardware & Network Institute Understanding IPv6 Addresses (2) • To make it a bit easier to read, leading 0s do not have to be written, and long strings of all 0s can be summarized as :: fe80::10:29ff:fee4:714a:1 • As the available range of IPv6 addresses is so large, IPv6 uses a standard subnet mask of /64. • If an organization needs to assign a specific subnet, it should request a shorter network prefix, like /48 instead of /64, which would leave 16 bits for subnet allocation. Module: ……………..................... 28 Computer Hardware & Network Institute Understanding IPv6 Addresses (3) • In IPv6, a few specific IP addresses and address ranges are reserved: Module: ……………..................... 29 Computer Hardware & Network Institute Understanding IPv6 Addresses (4) • In IPv6, a few specific IP addresses and address ranges are reserved (2): Module: ……………..................... 30 Computer Hardware & Network Institute Understanding IPv6 Addresses (5) • A specific IPv6 address is the link-local address. This is an unroutable address what is assigned to IPv6 interfaces automatically. • The link-local address is created automatically based on the network prefix fe80::/64 followed by the MAC address on the network card, where fffe is inserted in the middle of the MAC address part. • If the MAC address were 02:0c:29:04:71:4a, the linklocal address would be: fe80::20c:29ff:fe04:714a/64 Module: ……………..................... 31 Computer Hardware & Network Institute Understanding IPv6 Addresses (6) • If you need IPv6 addresses for internal use only, and want to make sure that these addresses cannot be reached on an external network, consider using unique local addresses. • Like the private addresses in IPv4, these addresses can be used to connect to nodes on the Internet only if NAT is used. Module: ……………..................... 32 Computer Hardware & Network Institute Understanding IPv6 Addresses (7) • In IPv6, there is no broadcast anymore • Multicast plays a much larger role in IPv6 than it did in IPv4. • An important multicast address is ff02::1, which is the allnodes link-local address. • You need to add the interface you want to use while using this address, so you use ping6 ff02::1%eth0 to ping all nodes on the local network connected to the eth0 interface. Module: ……………..................... 33 Computer Hardware & Network Institute Managing IPv6 Address Configurations • IPv6 addresses can be assigned manually or through DHCP (1): • When you use DHCP: • An IPv6 host uses the multicast address ff02::1:2 to port 547/UDP, which belongs to the all-dhcp-servers link-local multicast group. • The DHCPv6 server sends an answer to port 546 on the client to provide it with an IPv6 address. Module: ……………..................... 34 Computer Hardware & Network Institute Managing IPv6 Address Configurations (2) • IPv6 addresses can be assigned manually or through DHCP (2): • As an alternative to using DHCP, IPv6 supports SLAAC (stateless address autoconfiguration): • The host brings up its interface with a link-local fe80::/64 address. • Then it sends a router solicitation request to ff02::2, which is the all-routers link-local multicast group. • An IPv6 router on that link then replies on the link-local address with a network prefix. • The host then appends its MAC address with the fffe padding to create a unique IPv6 address. Module: ……………..................... 35 Computer Hardware & Network Institute Managing IPv6 Address Configurations (3) • IPv6 addresses can be assigned manually or through DHCP (3): • A third option to provide IPv6 addresses is through manual configuration, the following node parts cannot be used: • The all-0s identifier 0000:0000:0000:0000, which is used as the subnet router anycast address by all routers on the link • The identifiers fdff:ffff:ffff:ff80 through fdff:ffff:ffff:ffff Module: ……………..................... 36 Computer Hardware & Network Institute Managing IPv6 Address Configurations (4) • To assign IPv6 addresses, the nmtui and the nmcli utilities can be used. • Most commands work just like how IPv4 is configured: • Adds IPv4 and IPv6 address configuration to the interface at the same time : nmcli con add con-name eno16777736 type ethernet ifname eno16777736 ip6 2001:db8:0:1::100/64 gw6 2001:db8:0:1::1 ip4 192.168.4.122/24 gw4 192.168.4.1 • Filtering out only the IPv6-related information on eno16777736: nmcli con show eno1 | grep ipv6 Module: ……………..................... 37 Computer Hardware & Network Institute Managing IPv6 Address Configurations (5) • Most commands work just like how IPv4 is configured: • Modifies the statically assigned IPv6 address: nmcli con mod eno16777736 ipv6.address “2001:db8:0:1::1” • Adds the Google DNS server to the current list of DNS servers: nmcli con mod eno16777736 +ipv6.dns 2001:4860:4860::8888 • Notice the use of the +, which adds a value to the current configuration. Module: ……………..................... 38 Computer Hardware & Network Institute Managing IPv6 Address Configurations (6) • After setting IP address configuration, you can verify it using common tools: • ip addr show • ip route show • To monitor IPv6 configuration only, you can use the -6 argument to the ip command: • Shows IPv6 addresses only: ip -6 addr show • Shows IPv6 routing configuration only: ip -6 router show Module: ……………..................... 39 Computer Hardware & Network Institute Troubleshooting IPv6 • To ping a specific address: ping6 2001:db8:0:1::1 • To ping all multicast addresses on the link connected to eth0: ping6 ff02::%eth0 • To analyze routing information in an IPv6 network, use the tracepath6 command. • For information about ports and services that are in use, you can use either the ss or the netstat command, which by default show IPv6-related information. Module: ……………..................... 40 Computer Hardware & Network Institute Enabling Routing • Every RHEL 7 system can be configured as a router: • The only requirement is that multiple network devices are available to route network traffic through. • Set the value in the /proc/sys/net/ipv4/ip_forward to 1: echo 1 > /proc/sys/net/ipv4/ip_forward • To make the configuration persistent: • Create a file in the /etc/sysctl.d directory • Free to select a name for the file you want to create, but the filename must have .conf in the end of it. • Make sure it contains the following contents: net.ipv4.ip_forward = 1 • When you restart your server, this command makes the setting persistent. Module: ……………..................... 41 Computer Hardware & Network Institute Configuring Custom Routes • On most servers, the only route that is set is the default gateway. The ip route show command shows to which IP address the default route is currently set. • To set a custom route, a few parameters need to be specified: • The network IP address. • The netmask that should be used. • The IP address of the router that is addressed to reach the specific network. • The metric, which indicates the relative price of a route. The lower the metric, the more likely that a specific route is used if multiple paths exist to the same destination. Module: ……………..................... 42 Computer Hardware & Network Institute Configuring Custom Routes (2) • The easiest way to configure custom routes is to use: • The graphical NetworkManager utility • The nmtui text-driven utility • Using this utility, you can specify custom routes by entering the network address, the associated netmask, the gateway that needs to be addressed, and the metric associated with that route. • The results are written to a file with the name /etc/sysconfig/network-scripts/route-interface Module: ……………..................... 43 Computer Hardware & Network Institute Configuring Custom Routes (3) • Sample Contents of the Route Configuration File: cat /etc/sysconfig/network-scripts/route-eno16777736 ADDRESS0=10.0.0.0 NETMASK0=255.255.255.0 GATEWAY0=192.168.4.1 METRIC0=10 Module: ……………..................... 44 Computer Hardware & Network Institute Summary • In this chapter, you learnt: • How to configure advanced networking features • Enable network link aggregation. • Using teaming and bonding. • How to configure IPv6 addresses. • How to configure custom routes on RHEL 7. Module: ……………..................... 45 Computer Hardware & Network Institute Review Questions 1. Which runner do you use if you want to use the 802.3ad link aggregation protocol on a teamed link? 2. Which command enables you to see current states in a teamed network interface? 3. Which man page would you consult to get an overview of nmcli examples that include examples on how to create a teamed interface? 4. Which parameter is used in the team port configuration file to indicate which team this interface is a part of? 5. Which command enables you to see the current state of ports in a team interface? Module: ……………..................... 46 Computer Hardware & Network Institute Review Questions (cont.) 6. Which IP address is used by default for link local IP addresses? 7. Which command shows all nodes configured with an IPv6 address that are reachable through the network device eth0? 8. Which four elements are required in a routing configuration file? 9. Which file would you expect to contain the routing configuration for the eno1 interface? 10. How can you configure your server’s kernel for packet forwarding? Module: ……………..................... 47 Computer Hardware & Network Institute Quiz 1. Which runner should you use if you want a simple solution that balances load across different interfaces, where no additional protocol support is needed on the switches that are involved? a. roundrobin b. activebackup c. loadbalance d. lacp Module: ……………..................... 48 Computer Hardware & Network Institute Quiz 2. Which of the following approaches cannot be used to create a teaming configuration? a. Edit the configuration files in /etc/sysconfig/networkscripts manually b. The graphical NetworkManager applet c. nmtui d. nmcli 3. Which configuration file contains the IP configuration that is used by a team device? a. ifcfg-team b. ifcfg-team-slave c. ifcfg-device-interface d. ifcfg-device Module: ……………..................... 49 Computer Hardware & Network Institute Quiz 4. Different configuration files are used in setting up a teaming configuration. Which of the following is not a part of them? a. ifcfg-team b. ifcfg-team-slave c. ifcfg-device-interface d. ifcfg-device Module: ……………..................... 50 Computer Hardware & Network Institute Quiz 5. Which of the following statements about the network team interface is not true? a. Starting a team interface automatically starts all port interfaces. b. Starting a port interface will start the team interface. c. A team interface without any associated ports can start static IP connections. d. A team interface without any associated ports cannot start DHCP connections. Module: ……………..................... 51 Computer Hardware & Network Institute Quiz 6. What would be the IPv6 link local address for an interface that has the MAC address 02:0c:29:e4:71:4a? a. 20c:29ff:fee4:714a b. fe80::20c:29ff:fee4:714a c. 2000::20c:29ff:fee4:714a d. 2000:fffe:20c:29e4:714a 7. Which command enables you to ping all IPv6 nodes that are on the local network that is connected through the eth0 interface? a. ping6 fe80::1%eth0 b. ping6 fe80::1 eth0 c. ping6 ff02::1%eth0 d. ping6 ff02::1 eth0 Module: ……………..................... 52 Computer Hardware & Network Institute Quiz 8. Which items are wrong in the following command (choose multiple)? nmcli con add con-name eno16777736 type ethernet ifname eno16777736 ipv6 2002:db:0:1::100/64 gw6 2002:db:0:1::1 ipv4 192.16 8.4. 122/24 gw4 192.16 8.4. 1 ? a. gw6 should be gwv6 . b. gw4 should be gwv4 . c. ipv6 should be ip6 . d. ipv4 should be ip4 . Module: ……………..................... 53 Computer Hardware & Network Institute Quiz 9. After setting an IPv6 address, which command enables you to make sure that the interface does not try to get an address using DHCP anymore? a. nmcli con mod ifname method manual b. nmcli mod ifname manual c. nmcli con ifname method manual d. nmcli con mod ifname ipv6.method manual Module: ……………..................... 54 Computer Hardware & Network Institute Quiz 10. How do you enable packet forwarding on interfaces on an RHEL 7 host? a. There need to be static entries for all routes that packets have to be forwarded to. b. Use echo 1 > /proc/sys/net/ipv4/ip_forward to enable kernel-level IP forwarding. c. Make sure that the radvd service is started to route packets. d. Use echo 1 > /proc/sys/net/routing . Module: ……………..................... 55