cn:ccr:formazione:centos7:2018-11:networking
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
cn:ccr:formazione:centos7:2018-11:networking [2018/11/27 16:02] – [add an ethernet connection profile in interactive editor] carbone@infn.it | cn:ccr:formazione:centos7:2018-11:networking [2018/11/27 16:17] (current) – [the big picture] carbone@infn.it | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== networking ====== | ||
+ | suggested exercises. some suggestions are bare suggestions - no explanation at all 8-) | ||
+ | ==== show general status ==== | ||
+ | |||
+ | < | ||
+ | # nmcli | ||
+ | </ | ||
+ | < | ||
+ | ... | ||
+ | enp0s3: disconnected | ||
+ | " | ||
+ | ethernet (e1000), 08: | ||
+ | |||
+ | enp0s8: disconnected | ||
+ | " | ||
+ | ethernet (e1000), 08: | ||
+ | ... | ||
+ | </ | ||
+ | ---- | ||
+ | ==== show device status ==== | ||
+ | < | ||
+ | # nmcli device | ||
+ | </ | ||
+ | < | ||
+ | DEVICE | ||
+ | virbr0 | ||
+ | enp0s3 | ||
+ | enp0s8 | ||
+ | lo loopback | ||
+ | virbr0-nic | ||
+ | </ | ||
+ | ---- | ||
+ | ==== show connection status ==== | ||
+ | < | ||
+ | # nmcli connection | ||
+ | </ | ||
+ | < | ||
+ | NAME UUID TYPE DEVICE | ||
+ | virbr0 | ||
+ | </ | ||
+ | ---- | ||
+ | ==== disable automatic connection creation ==== | ||
+ | ---- | ||
+ | ==== add an auto-configuring ethernet connection ==== | ||
+ | < | ||
+ | # nmcli connection add type ethernet con-name enp0s3 ifname enp0s3 | ||
+ | </ | ||
+ | < | ||
+ | Connection ' | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | # nmcli connection | ||
+ | </ | ||
+ | < | ||
+ | NAME UUID TYPE DEVICE | ||
+ | enp0s3 | ||
+ | virbr0 | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | # nmcli device | ||
+ | </ | ||
+ | < | ||
+ | DEVICE | ||
+ | virbr0 | ||
+ | enp0s3 | ||
+ | enp0s8 | ||
+ | lo loopback | ||
+ | virbr0-nic | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | # cat / | ||
+ | </ | ||
+ | < | ||
+ | TYPE=Ethernet | ||
+ | PROXY_METHOD=none | ||
+ | BROWSER_ONLY=no | ||
+ | BOOTPROTO=dhcp | ||
+ | DEFROUTE=yes | ||
+ | IPV4_FAILURE_FATAL=no | ||
+ | IPV6INIT=yes | ||
+ | IPV6_AUTOCONF=yes | ||
+ | IPV6_DEFROUTE=yes | ||
+ | IPV6_FAILURE_FATAL=no | ||
+ | IPV6_ADDR_GEN_MODE=stable-privacy | ||
+ | NAME=enp0s3 | ||
+ | UUID=88b5a114-4258-48a9-b9ea-499b74a04add | ||
+ | DEVICE=enp0s3 | ||
+ | ONBOOT=yes | ||
+ | </ | ||
+ | ---- | ||
+ | |||
+ | ==== add an ethernet connection profile with manual IP configuration ==== | ||
+ | |||
+ | < | ||
+ | < | ||
+ | |||
+ | < | ||
+ | < | ||
+ | enp0s3: connected to enp0s3 | ||
+ | " | ||
+ | ethernet (e1000), 08: | ||
+ | inet4 192.168.200.222/ | ||
+ | inet6 fe80:: | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | ---- | ||
+ | |||
+ | |||
+ | ==== add an IPv6 address to an active connection ==== | ||
+ | //From Wikipedia, the free encyclopedia//: | ||
+ | |||
+ | === Unique local address === | ||
+ | |||
+ | A unique local address (ULA) is an IPv6 address in the block fc00::/7, defined in [[https:// | ||
+ | The address block fc00::/7 is divided into two /8 groups: | ||
+ | |||
+ | * The block fc00::/8 has not been defined yet. It has been proposed to be managed by an allocation authority, but this has not gained acceptance in the IETF. | ||
+ | * The block fd00::/8 is defined for /48 prefixes, formed by setting the 40 least-significant bits of the prefix to a randomly generated bit string. This results in the format fdxx: | ||
+ | |||
+ | |||
+ | on host A | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | |||
+ | on host B | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | |||
+ | check if everything' | ||
+ | < | ||
+ | < | ||
+ | The authenticity of host ' | ||
+ | ECDSA key fingerprint is SHA256: | ||
+ | ECDSA key fingerprint is MD5: | ||
+ | Are you sure you want to continue connecting (yes/no)? | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | < | ||
+ | PING fd00:: | ||
+ | 64 bytes from fd00::1: icmp_seq=1 ttl=64 time=0.567 ms | ||
+ | 64 bytes from fd00::1: icmp_seq=2 ttl=64 time=0.711 ms | ||
+ | 64 bytes from fd00::1: icmp_seq=3 ttl=64 time=0.696 ms | ||
+ | 64 bytes from fd00::1: icmp_seq=4 ttl=64 time=0.716 ms | ||
+ | 64 bytes from fd00::1: icmp_seq=5 ttl=64 time=0.603 ms | ||
+ | ^C | ||
+ | --- fd00::1 ping statistics --- | ||
+ | 5 packets transmitted, | ||
+ | rtt min/ | ||
+ | </ | ||
+ | |||
+ | |||
+ | ---- | ||
+ | |||
+ | |||
+ | ==== add an ethernet connection profile in interactive editor ==== | ||
+ | |||
+ | < | ||
+ | # nmcli connection edit type ethernet | ||
+ | ... | ||
+ | goto ethernet | ||
+ | ... | ||
+ | goto ipv4.addresses | ||
+ | ... | ||
+ | desc | ||
+ | ... | ||
+ | set < | ||
+ | ... | ||
+ | |||
+ | ... | ||
+ | save | ||
+ | </ | ||
+ | |||
+ | |||
+ | ---- | ||
+ | |||
+ | ==== the big picture ==== | ||
+ | Get rid of dynamic network setup on both VMs and configure them with static (private) IPv4 & IPv6 addresses. | ||
+ | .... | ||
+ | ---- | ||
+ | ==== list NetworkManager polkit permissions ==== | ||
+ | try from console either as a normal user or as root, then from a remote connection | ||
+ | |||
+ | < | ||
+ | $ nmcli general permissions | ||
+ | </ | ||
+ | < | ||
+ | PERMISSION | ||
+ | org.freedesktop.NetworkManager.enable-disable-network | ||
+ | org.freedesktop.NetworkManager.enable-disable-wifi | ||
+ | org.freedesktop.NetworkManager.enable-disable-wwan | ||
+ | org.freedesktop.NetworkManager.enable-disable-wimax | ||
+ | org.freedesktop.NetworkManager.sleep-wake | ||
+ | org.freedesktop.NetworkManager.network-control | ||
+ | org.freedesktop.NetworkManager.wifi.share.protected | ||
+ | org.freedesktop.NetworkManager.wifi.share.open | ||
+ | org.freedesktop.NetworkManager.settings.modify.system | ||
+ | org.freedesktop.NetworkManager.settings.modify.own | ||
+ | org.freedesktop.NetworkManager.settings.modify.hostname | ||
+ | org.freedesktop.NetworkManager.settings.modify.global-dns | ||
+ | org.freedesktop.NetworkManager.reload | ||
+ | org.freedesktop.NetworkManager.checkpoint-rollback | ||
+ | org.freedesktop.NetworkManager.enable-disable-statistics | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | $ sudo bash | ||
+ | ... | ||
+ | # nmcli general permissions | ||
+ | </ | ||
+ | < | ||
+ | PERMISSION | ||
+ | org.freedesktop.NetworkManager.enable-disable-network | ||
+ | org.freedesktop.NetworkManager.enable-disable-wifi | ||
+ | org.freedesktop.NetworkManager.enable-disable-wwan | ||
+ | org.freedesktop.NetworkManager.enable-disable-wimax | ||
+ | org.freedesktop.NetworkManager.sleep-wake | ||
+ | org.freedesktop.NetworkManager.network-control | ||
+ | org.freedesktop.NetworkManager.wifi.share.protected | ||
+ | org.freedesktop.NetworkManager.wifi.share.open | ||
+ | org.freedesktop.NetworkManager.settings.modify.system | ||
+ | org.freedesktop.NetworkManager.settings.modify.own | ||
+ | org.freedesktop.NetworkManager.settings.modify.hostname | ||
+ | org.freedesktop.NetworkManager.settings.modify.global-dns | ||
+ | org.freedesktop.NetworkManager.reload | ||
+ | org.freedesktop.NetworkManager.checkpoint-rollback | ||
+ | org.freedesktop.NetworkManager.enable-disable-statistics | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | $ nmcli general permissions | ||
+ | </ | ||
+ | < | ||
+ | PERMISSION | ||
+ | org.freedesktop.NetworkManager.enable-disable-network | ||
+ | org.freedesktop.NetworkManager.enable-disable-wifi | ||
+ | org.freedesktop.NetworkManager.enable-disable-wwan | ||
+ | org.freedesktop.NetworkManager.enable-disable-wimax | ||
+ | org.freedesktop.NetworkManager.sleep-wake | ||
+ | org.freedesktop.NetworkManager.network-control | ||
+ | org.freedesktop.NetworkManager.wifi.share.protected | ||
+ | org.freedesktop.NetworkManager.wifi.share.open | ||
+ | org.freedesktop.NetworkManager.settings.modify.system | ||
+ | org.freedesktop.NetworkManager.settings.modify.own | ||
+ | org.freedesktop.NetworkManager.settings.modify.hostname | ||
+ | org.freedesktop.NetworkManager.settings.modify.global-dns | ||
+ | org.freedesktop.NetworkManager.reload | ||
+ | org.freedesktop.NetworkManager.checkpoint-rollback | ||
+ | org.freedesktop.NetworkManager.enable-disable-statistics | ||
+ | </ | ||
+ | |||
+ | |||
+ | === ok, but what the heck does it mean ' | ||
+ | |||
+ | < | ||
+ | < | ||
+ | org.freedesktop.NetworkManager.sleep-wake: | ||
+ | description: | ||
+ | message: | ||
+ | vendor: | ||
+ | vendor_url: | ||
+ | icon: nm-icon | ||
+ | implicit any: no | ||
+ | implicit inactive: no | ||
+ | implicit active: | ||
+ | |||
+ | </ | ||
+ | |||
+ | Use the same command for each and every action-id you are interested in - enjoy! | ||
+ | ---- | ||
+ | |||
+ | |||
+ | |||
+ | ==== bond devices ==== | ||
+ | |||
+ | === add a bonding master and two slave connection profiles === | ||
+ | < | ||
+ | # nmcli connection add type [TAB] | ||
+ | </ | ||
+ | < | ||
+ | adsl bridge | ||
+ | bluetooth | ||
+ | bond cdma gsm | ||
+ | bond-slave | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | # nmcli connection add type bond con-name bond0 ifname bond0 mode active-backup | ||
+ | </ | ||
+ | < | ||
+ | Connection ' | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | # nmcli connection | ||
+ | </ | ||
+ | < | ||
+ | NAME UUID TYPE DEVICE | ||
+ | bond0 | ||
+ | virbr0 | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | # nmcli connection add type bond-slave con-name bond0s0 ifname enp0s3 master bond0 | ||
+ | </ | ||
+ | < | ||
+ | Connection ' | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | # nmcli connection | ||
+ | </ | ||
+ | < | ||
+ | NAME | ||
+ | bond0 c63d5b90-04e3-4a19-a93f-b3e9108ad67f | ||
+ | bond0s0 | ||
+ | virbr0 | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | # nmcli connection add type bond-slave con-name bond0s1 ifname enp0s8 master bond0 | ||
+ | </ | ||
+ | < | ||
+ | Connection ' | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | [root@seven carbone]# nmcli connection | ||
+ | </ | ||
+ | < | ||
+ | NAME | ||
+ | bond0 c63d5b90-04e3-4a19-a93f-b3e9108ad67f | ||
+ | bond0s0 | ||
+ | bond0s1 | ||
+ | virbr0 | ||
+ | </ | ||
+ | ---- | ||
+ | |||
+ | beware: **nmcli-examples man page is definitely wrong about adding a bond connection** | ||
+ | |||
+ | **Example 6. Adding a bonding master and two slave connection profiles** | ||
+ | |||
+ | //This example demonstrates adding a bond master connection and two slaves. The first command adds a master bond | ||
+ | connection, naming the bonding interface mybond0 and using active-backup mode. The next two commands add slaves | ||
+ | connections, | ||
+ | < | ||
+ | $ nmcli con add type bond ifname mybond0 mode active-backup | ||
+ | $ nmcli con add type ethernet ifname eth1 master mybond0 | ||
+ | $ nmcli con add type ethernet ifname eth2 master mybond0 | ||
+ | ************* WRONG type must be bond-slave | ||
+ | </ | ||
+ | ---- | ||
+ | |||
+ | What's going to happen if you add ethernet connections as bond slaves? | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | |||
+ | < | ||
+ | < | ||
+ | mybond0: connecting (getting IP configuration) to bond-mybond0 | ||
+ | " | ||
+ | bond, F6: | ||
+ | |||
+ | enp0s3: disconnected | ||
+ | " | ||
+ | ethernet (e1000), 08: | ||
+ | |||
+ | enp0s8: disconnected | ||
+ | " | ||
+ | ethernet (e1000), 08: | ||
+ | </ | ||
+ | ---- | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ==== team devices ==== | ||
+ | === add a team device and two slaves === | ||
+ | |||
+ | < | ||
+ | < | ||
+ | |||
+ | < | ||
+ | < | ||
+ | NAME UUID TYPE DEVICE | ||
+ | team0 | ||
+ | virbr0 | ||
+ | </ | ||
+ | < | ||
+ | < | ||
+ | team0: connecting (getting IP configuration) to team0 | ||
+ | " | ||
+ | team, A6: | ||
+ | |||
+ | enp0s3: disconnected | ||
+ | " | ||
+ | ethernet (e1000), 08: | ||
+ | |||
+ | enp0s8: disconnected | ||
+ | " | ||
+ | ethernet (e1000), 08: | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | < | ||
+ | |||
+ | < | ||
+ | < | ||
+ | |||
+ | < | ||
+ | < | ||
+ | enp0s3: connected to team0s1 | ||
+ | " | ||
+ | ethernet (e1000), 08: | ||
+ | master team0 | ||
+ | |||
+ | enp0s8: connected to team0s0 | ||
+ | " | ||
+ | ethernet (e1000), 08: | ||
+ | master team0 | ||
+ | |||
+ | team0: connected to team0 | ||
+ | " | ||
+ | team, 08: | ||
+ | ip4 default | ||
+ | inet4 192.168.1.7/ | ||
+ | inet6 fe80:: | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | < | ||
+ | enp0s3: connected to team0s1 | ||
+ | " | ||
+ | ethernet (e1000), 08: | ||
+ | master team0 | ||
+ | |||
+ | enp0s8: connected to team0s0 | ||
+ | " | ||
+ | ethernet (e1000), 08: | ||
+ | master team0 | ||
+ | |||
+ | team0: connected to team0 | ||
+ | " | ||
+ | team, 08: | ||
+ | ip4 default | ||
+ | inet4 192.168.1.7/ | ||
+ | inet6 fe80:: | ||
+ | </ | ||
+ | use ping amd tcpdump to verify runner policy | ||
+ | |||
+ | < | ||
+ | < | ||
+ | |||
+ | === change runner === | ||
+ | |||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | } | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | } | ||
+ | } | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | } | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | === delete team device === | ||
+ | < | ||
+ | < | ||
+ | |||
+ | < | ||
+ | < | ||
+ | NAME | ||
+ | virbr0 | ||
+ | team0s0 | ||
+ | team0s1 | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | < | ||
+ | |||
+ | If slave devices don't reconnect to master, then use | ||
+ | < | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ==== bridge devices ==== | ||
+ | === create a two port bridge === | ||
+ | |||
+ | < | ||
+ | < | ||
+ | |||
+ | < | ||
+ | < | ||
+ | |||
+ | < | ||
+ | < | ||
+ | 64: | ||
+ | 08: | ||
+ | 70: | ||
+ | 08: | ||
+ | 01: | ||
+ | 33: | ||
+ | 08: | ||
+ | 08: | ||
+ | 01: | ||
+ | 33: | ||
+ | 01: | ||
+ | 33: | ||
+ | 33: | ||
+ | 01: | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | < | ||
+ | |||
+ | < | ||
+ | < | ||
+ | 2: enp0s3 state UP : < | ||
+ | 3: enp0s8 state UP : < | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ==== use nmcli to recreate bifrost' | ||
+ | {{: | ||
+ | |||
+ | |||
+ | ==== try to change interfaces name from enpXsY to ethZ ==== | ||
+ | |||
+ | ==== change hostname ==== | ||
+ | |||
+ | ==== configure network/a team device/a bridge device using nmtui ==== | ||
+ | |||
+ | |||
+ | ==== configure network/a team device/a bridge device using nm-connection-editor ==== | ||
+ | |||
+ | ==== configure a network connection editing ifcfg- file ==== | ||
+ | |||
+ | |||
+ | ==== add an ip address using ip ==== | ||