cn:ccr:formazione:centos7:2018-11:networking
Table of Contents
networking
suggested exercises. some suggestions are bare suggestions - no explanation at all 
show general status
# nmcli
... enp0s3: disconnected "Intel 82540EM Gigabit Ethernet Controller (PRO/1000 MT Desktop Adapter)" ethernet (e1000), 08:00:27:B8:24:87, hw, mtu 1500 enp0s8: disconnected "Intel 82540EM Gigabit Ethernet Controller (PRO/1000 MT Desktop Adapter)" ethernet (e1000), 08:00:27:98:53:C9, hw, mtu 1500 ...
show device status
# nmcli device
DEVICE TYPE STATE CONNECTION virbr0 bridge connected virbr0 enp0s3 ethernet disconnected -- enp0s8 ethernet disconnected -- lo loopback unmanaged -- virbr0-nic tun unmanaged --
show connection status
# nmcli connection
NAME UUID TYPE DEVICE virbr0 9cc3711a-d802-49e8-a116-a2cab474fb91 bridge virbr0
disable automatic connection creation
add an auto-configuring ethernet connection
# nmcli connection add type ethernet con-name enp0s3 ifname enp0s3
Connection 'enp0s3' (88b5a114-4258-48a9-b9ea-499b74a04add) successfully added.
# nmcli connection
NAME UUID TYPE DEVICE enp0s3 88b5a114-4258-48a9-b9ea-499b74a04add 802-3-ethernet enp0s3 virbr0 9cc3711a-d802-49e8-a116-a2cab474fb91 bridge virbr0
# nmcli device
DEVICE TYPE STATE CONNECTION virbr0 bridge connected virbr0 enp0s3 ethernet connected enp0s3 enp0s8 ethernet disconnected -- lo loopback unmanaged -- virbr0-nic tun unmanaged --
# cat /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=dhcp DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=enp0s3 UUID=88b5a114-4258-48a9-b9ea-499b74a04add DEVICE=enp0s3 ONBOOT=yes
add an ethernet connection profile with manual IP configuration
# nmcli connection add con-name enp0s3 ifname enp0s3 type ethernet ip4 192.168.200.222/24
Connection 'enp0s3' (aff98488-05b6-4cf8-8fde-7639ee5b5968) successfully added.
# nmcli
enp0s3: connected to enp0s3 "Intel 82540EM Gigabit Ethernet Controller (PRO/1000 MT Desktop Adapter)" ethernet (e1000), 08:00:27:B8:24:87, hw, mtu 1500 inet4 192.168.200.222/24 inet6 fe80::4591:9f60:53d8:aaf2/64
add an IPv6 address to an active connection
From Wikipedia, the free encyclopedia:
Unique local address
A unique local address (ULA) is an IPv6 address in the block fc00::/7, defined in RFC 4193. It is the approximate IPv6 counterpart of the IPv4 private address. Unique local addresses are available for use in private networks, e.g. inside a single site or organization or spanning a limited number of sites or organizations. They are routable within the scope of a certain private-owned network, but not in the global IPv6 Internet. The address block fc00::/7 is divided into two /8 groups:
- The block fc00::/8 has not been defined yet. It has been proposed to be managed by an allocation authority, but this has not gained acceptance in the IETF.
- The block fd00::/8 is defined for /48 prefixes, formed by setting the 40 least-significant bits of the prefix to a randomly generated bit string. This results in the format fdxx:xxxx:xxxx:: for a prefix in this range. RFC 4193 offers a suggestion for generating the random identifier to obtain a minimum-quality result if the user does not have access to a good source of random numbers.
on host A
#nmcli connection modify enp0s3 +ipv6.addresses fd00::2/64
#nmcli connection up enp0s3
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
on host B
#nmcli connection modify enp0s3 +ipv6.addresses fd00::1/64
#nmcli connection up enp0s3
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
check if everything's working fine
[root@useven carbone]# slogin fd00::2
The authenticity of host 'fd00::2 (fd00::2)' can't be established. ECDSA key fingerprint is SHA256:apZuQzAKfE5NI4fpzgCOJ0nz3I6ysphB3X8VwfW5J3c. ECDSA key fingerprint is MD5:63:94:48:08:6b:5b:27:05:46:ef:1f:b6:c4:66:ff:79. Are you sure you want to continue connecting (yes/no)?
[root@seven carbone]# ping6 fd00::1
PING fd00::1(fd00::1) 56 data bytes 64 bytes from fd00::1: icmp_seq=1 ttl=64 time=0.567 ms 64 bytes from fd00::1: icmp_seq=2 ttl=64 time=0.711 ms 64 bytes from fd00::1: icmp_seq=3 ttl=64 time=0.696 ms 64 bytes from fd00::1: icmp_seq=4 ttl=64 time=0.716 ms 64 bytes from fd00::1: icmp_seq=5 ttl=64 time=0.603 ms ^C --- fd00::1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4031ms rtt min/avg/max/mdev = 0.567/0.658/0.716/0.067 ms
add an ethernet connection profile in interactive editor
# nmcli connection edit type ethernet ... goto ethernet ... goto ipv4.addresses ... desc ... set <ip>/<prefix> ... print ... save
the big picture
Get rid of dynamic network setup on both VMs and configure them with static (private) IPv4 & IPv6 addresses. ….
list NetworkManager polkit permissions
try from console either as a normal user or as root, then from a remote connection
$ nmcli general permissions
PERMISSION VALUE org.freedesktop.NetworkManager.enable-disable-network yes org.freedesktop.NetworkManager.enable-disable-wifi yes org.freedesktop.NetworkManager.enable-disable-wwan yes org.freedesktop.NetworkManager.enable-disable-wimax yes org.freedesktop.NetworkManager.sleep-wake no org.freedesktop.NetworkManager.network-control yes org.freedesktop.NetworkManager.wifi.share.protected yes org.freedesktop.NetworkManager.wifi.share.open yes org.freedesktop.NetworkManager.settings.modify.system yes org.freedesktop.NetworkManager.settings.modify.own yes org.freedesktop.NetworkManager.settings.modify.hostname auth org.freedesktop.NetworkManager.settings.modify.global-dns auth org.freedesktop.NetworkManager.reload auth org.freedesktop.NetworkManager.checkpoint-rollback auth org.freedesktop.NetworkManager.enable-disable-statistics yes
$ sudo bash ... # nmcli general permissions
PERMISSION VALUE org.freedesktop.NetworkManager.enable-disable-network yes org.freedesktop.NetworkManager.enable-disable-wifi yes org.freedesktop.NetworkManager.enable-disable-wwan yes org.freedesktop.NetworkManager.enable-disable-wimax yes org.freedesktop.NetworkManager.sleep-wake yes org.freedesktop.NetworkManager.network-control yes org.freedesktop.NetworkManager.wifi.share.protected yes org.freedesktop.NetworkManager.wifi.share.open yes org.freedesktop.NetworkManager.settings.modify.system yes org.freedesktop.NetworkManager.settings.modify.own yes org.freedesktop.NetworkManager.settings.modify.hostname yes org.freedesktop.NetworkManager.settings.modify.global-dns yes org.freedesktop.NetworkManager.reload yes org.freedesktop.NetworkManager.checkpoint-rollback yes org.freedesktop.NetworkManager.enable-disable-statistics yes
$ nmcli general permissions
PERMISSION VALUE org.freedesktop.NetworkManager.enable-disable-network no org.freedesktop.NetworkManager.enable-disable-wifi no org.freedesktop.NetworkManager.enable-disable-wwan no org.freedesktop.NetworkManager.enable-disable-wimax no org.freedesktop.NetworkManager.sleep-wake no org.freedesktop.NetworkManager.network-control auth org.freedesktop.NetworkManager.wifi.share.protected no org.freedesktop.NetworkManager.wifi.share.open no org.freedesktop.NetworkManager.settings.modify.system auth org.freedesktop.NetworkManager.settings.modify.own auth org.freedesktop.NetworkManager.settings.modify.hostname auth org.freedesktop.NetworkManager.settings.modify.global-dns auth org.freedesktop.NetworkManager.reload auth org.freedesktop.NetworkManager.checkpoint-rollback auth org.freedesktop.NetworkManager.enable-disable-statistics no
ok, but what the heck does it mean 'org.freedesktop.NetworkManager.sleep-wake'?
$ pkaction --verbose --action-id org.freedesktop.NetworkManager.sleep-wake
org.freedesktop.NetworkManager.sleep-wake: description: Put NetworkManager to sleep or wake it up (should only be used by system power management) message: System policy prevents putting NetworkManager to sleep or waking it up vendor: NetworkManager vendor_url: http://www.gnome.org/projects/NetworkManager icon: nm-icon implicit any: no implicit inactive: no implicit active: no
Use the same command for each and every action-id you are interested in - enjoy!
bond devices
add a bonding master and two slave connection profiles
# nmcli connection add type [TAB]
adsl bridge ethernet ip-tunnel olpc-mesh tun wifi bluetooth bridge-slave generic macsec pppoe vlan wimax bond cdma gsm macvlan team vpn bond-slave dummy infiniband no-slave team-slave vxlan
# nmcli connection add type bond con-name bond0 ifname bond0 mode active-backup
Connection 'bond0' (c63d5b90-04e3-4a19-a93f-b3e9108ad67f) successfully added.
# nmcli connection
NAME UUID TYPE DEVICE bond0 c63d5b90-04e3-4a19-a93f-b3e9108ad67f bond bond0 virbr0 9cc3711a-d802-49e8-a116-a2cab474fb91 bridge virbr0
# nmcli connection add type bond-slave con-name bond0s0 ifname enp0s3 master bond0
Connection 'bond0s0' (89f56c51-7efc-489a-a9aa-8afebf530cd7) successfully added.
# nmcli connection
NAME UUID TYPE DEVICE bond0 c63d5b90-04e3-4a19-a93f-b3e9108ad67f bond bond0 bond0s0 89f56c51-7efc-489a-a9aa-8afebf530cd7 802-3-ethernet enp0s3 virbr0 9cc3711a-d802-49e8-a116-a2cab474fb91 bridge virbr0
# nmcli connection add type bond-slave con-name bond0s1 ifname enp0s8 master bond0
Connection 'bond0s1' (7165a8a9-97ff-40fe-a810-b214833bdbdd) successfully added.
[root@seven carbone]# nmcli connection
NAME UUID TYPE DEVICE bond0 c63d5b90-04e3-4a19-a93f-b3e9108ad67f bond bond0 bond0s0 89f56c51-7efc-489a-a9aa-8afebf530cd7 802-3-ethernet enp0s3 bond0s1 7165a8a9-97ff-40fe-a810-b214833bdbdd 802-3-ethernet enp0s8 virbr0 9cc3711a-d802-49e8-a116-a2cab474fb91 bridge virbr0
beware: nmcli-examples man page is definitely wrong about adding a bond connection
Example 6. Adding a bonding master and two slave connection profiles
This example demonstrates adding a bond master connection and two slaves. The first command adds a master bond connection, naming the bonding interface mybond0 and using active-backup mode. The next two commands add slaves connections, both enslaved to mybond0. The first slave will be bound to eth1 interface, the second to eth2.
$ nmcli con add type bond ifname mybond0 mode active-backup
$ nmcli con add type ethernet ifname eth1 master mybond0
$ nmcli con add type ethernet ifname eth2 master mybond0
************* WRONG type must be bond-slave
What's going to happen if you add ethernet connections as bond slaves?
# nmcli con add type bond ifname mybond0 mode active-backup
Connection 'bond-mybond0' (895362e3-a0cc-4312-8030-4b942d991fae) successfully added.
# nmcli con add type ethernet ifname eth1 master mybond0
Connection 'bond-slave-eth1' (e485a48d-fb22-4a9f-b310-6209ed7d9a56) successfully added.
# nmcli con add type ethernet ifname eth2 master mybond0
Connection 'bond-slave-eth2' (59734527-1601-49f8-a0b2-ebeb05faba60) successfully added.
# nmcli
mybond0: connecting (getting IP configuration) to bond-mybond0 "mybond0" bond, F6:35:AB:5B:CD:BC, sw, mtu 1500 enp0s3: disconnected "Intel 82540EM Gigabit Ethernet Controller (PRO/1000 MT Desktop Adapter)" ethernet (e1000), 08:00:27:B8:24:87, hw, mtu 1500 enp0s8: disconnected "Intel 82540EM Gigabit Ethernet Controller (PRO/1000 MT Desktop Adapter)" ethernet (e1000), 08:00:27:98:53:C9, hw, mtu 1500
team devices
add a team device and two slaves
# nmcli connection add type team con-name team0 ifname team0
Connection 'team0' (67d3fa18-6918-468f-b1f4-d7d1f9852fe0) successfully added.
# nmcli connection
NAME UUID TYPE DEVICE team0 67d3fa18-6918-468f-b1f4-d7d1f9852fe0 team team0 virbr0 9cc3711a-d802-49e8-a116-a2cab474fb91 bridge virbr0
# nmcli
team0: connecting (getting IP configuration) to team0 "team0" team, A6:D3:E6:35:12:73, sw, mtu 1500 enp0s3: disconnected "Intel 82540EM Gigabit Ethernet Controller (PRO/1000 MT Desktop Adapter)" ethernet (e1000), 08:00:27:B8:24:87, hw, mtu 1500 enp0s8: disconnected "Intel 82540EM Gigabit Ethernet Controller (PRO/1000 MT Desktop Adapter)" ethernet (e1000), 08:00:27:98:53:C9, hw, mtu 1500
# nmcli connection add type team-slave con-name team0s0 ifname enp0s8 master team0
Connection 'team0s0' (8db383b2-50e1-4875-8f1f-ca9b260f4bb9) successfully added.
# nmcli connection add type team-slave con-name team0s1 ifname enp0s3 master team0
Connection 'team0s1' (d03f1aa5-e206-40dc-bdda-b1c9f0ee6f0b) successfully added.
# nmcli
enp0s3: connected to team0s1 "Intel 82540EM Gigabit Ethernet Controller (PRO/1000 MT Desktop Adapter)" ethernet (e1000), 08:00:27:98:53:C9, hw, mtu 1500 master team0 enp0s8: connected to team0s0 "Intel 82540EM Gigabit Ethernet Controller (PRO/1000 MT Desktop Adapter)" ethernet (e1000), 08:00:27:98:53:C9, hw, mtu 1500 master team0 team0: connected to team0 "team0" team, 08:00:27:98:53:C9, sw, mtu 1500 ip4 default inet4 192.168.1.7/24 inet6 fe80::762b:c440:b95d:2a65/64
# nmcli
enp0s3: connected to team0s1 "Intel 82540EM Gigabit Ethernet Controller (PRO/1000 MT Desktop Adapter)" ethernet (e1000), 08:00:27:98:53:C9, hw, mtu 1500 master team0 enp0s8: connected to team0s0 "Intel 82540EM Gigabit Ethernet Controller (PRO/1000 MT Desktop Adapter)" ethernet (e1000), 08:00:27:98:53:C9, hw, mtu 1500 master team0 team0: connected to team0 "team0" team, 08:00:27:98:53:C9, sw, mtu 1500 ip4 default inet4 192.168.1.7/24 inet6 fe80::762b:c440:b95d:2a65/64
use ping amd tcpdump to verify runner policy
# teamdctl team0 config dump
# teamdctl team0 state
change runner
# nmcli connection modify team0 team.config '{"runner": {"name":"activebackup"}}'
# nmcli connection up team0
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/34)
# teamdctl team0 config dump
{
"device": "team0",
"mcast_rejoin": {
"count": 1
},
"notify_peers": {
"count": 1
},
"ports": {
"enp0s3": {
"link_watch": {
"name": "ethtool"
}
},
"enp0s8": {
"link_watch": {
"name": "ethtool"
}
}
},
"runner": {
"name": "activebackup"
}
}
delete team device
# nmcli connection delete team0
Connection 'team0' (223414a0-8278-4222-9efd-3a953c9d6e17) successfully deleted.
# nmcli connection
NAME UUID TYPE DEVICE virbr0 9cc3711a-d802-49e8-a116-a2cab474fb91 bridge virbr0 team0s0 8db383b2-50e1-4875-8f1f-ca9b260f4bb9 802-3-ethernet -- team0s1 d03f1aa5-e206-40dc-bdda-b1c9f0ee6f0b 802-3-ethernet --
# nmcli connection add type team con-name team0 ifname team0
Connection 'team0' (75ca5761-b6ad-42c8-93c5-dc685b293ba4) successfully added.
If slave devices don't reconnect to master, then use
# nmcli device connect ...
bridge devices
create a two port bridge
# nmcli connection add type bridge con-name bridge0 ifname bridge0
Connection 'bridge0' (9efa79db-ac89-4614-b5d5-b48c56c073af) successfully added.
# nmcli connection add type bridge-slave con-name bridge0p0 ifname enp0s3 master bridge0
Connection 'bridge0p0' (de9966ac-4b4b-4f53-b1b2-254318a9ae75) successfully added.
# bridge fdb show br bridge0
64:59:f8:a0:a8:a0 dev enp0s3 master bridge0 08:00:27:b8:24:87 dev enp0s3 master bridge0 permanent 70:8b:cd:26:51:25 dev enp0s3 master bridge0 08:00:27:b8:24:87 dev enp0s3 vlan 1 master bridge0 permanent 01:00:5e:00:00:01 dev enp0s3 self permanent 33:33:00:00:00:01 dev enp0s3 self permanent 08:00:27:98:53:c9 dev enp0s8 master bridge0 permanent 08:00:27:98:53:c9 dev enp0s8 vlan 1 master bridge0 permanent 01:00:5e:00:00:01 dev enp0s8 self permanent 33:33:00:00:00:01 dev enp0s8 self permanent 01:00:5e:00:00:01 dev bridge0 self permanent 33:33:00:00:00:01 dev bridge0 self permanent 33:33:ff:b4:f3:fb dev bridge0 self permanent 01:00:5e:00:00:fb dev bridge0 self permanent
# nmcli connection add type bridge-slave con-name bridge0p1 ifname enp0s8 master bridge0
Connection 'bridge0p1' (bcfbffa7-c6fb-4049-83d4-eb4888f1d98e) successfully added.
# bridge link show
2: enp0s3 state UP : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge0 state forwarding priority 32 cost 100 3: enp0s8 state UP : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge0 state blocking priority 32 cost 100
use nmcli to recreate bifrost's bridge
try to change interfaces name from enpXsY to ethZ
change hostname
configure network/a team device/a bridge device using nmtui
configure network/a team device/a bridge device using nm-connection-editor
configure a network connection editing ifcfg- file
add an ip address using ip
cn/ccr/formazione/centos7/2018-11/networking.txt · Last modified: 2018/11/27 16:17 by carbone@infn.it