Linux – Tag VLANs and add IP addresses to Linux server

iplinuxlinux-networkingnetworkingvlan

I've been told to tag VLANs and add IP addresses to a Linux server.
It's using /etc/sysconfig/network-scripts/.

I've never tried this before.

There's multiple VLANs with different IP subnets, some VLANs has the same IP subnets announced.

The physical server has 2 ethernet in port 2 and 3, and both ethernet contains same VLANs.

My approach would be to add ifcfg-eth1.101 for my first IP address with the following inside, for VLAN 101:

DEVICE=eth1.101
BOOTPROTO=static
ONBOOT=yes
IPADDR=23.543.11.10
NETMASK=255.255.255.255
USERCTL=no
NETWORK=23.543.11.1
VLAN=yes

… then run ifup eth1.101 and systemctl restart network.service

Is this correct, and am I missing something?

Best Answer

Looks correct to me, for any RedHat-like distribution that is not using NetworkManager.

If you have two NICs with same VLANs, you might want to first bond the ports together (i.e. bond eth1 and eth2 into bond0) and then hang the VLANs onto the bond (i.e. instead of ifcfg-eth1.101 with DEVICE=eth1.101 you would use ifcfg-bond0.101 with DEVICE=bond0.101 etc.)

When using bonding, remember to select BONDING_OPTS="mode=active-backup" bonding mode unless you have confirmed with your network administrators that the default balance-rr bonding mode (or any other bonding mode) can be used. With managed switches, balance-rr may cause "MAC address flapping" warnings in switches and/or routers, which may annoy the network admins. If MAC address hijacking protection is enabled on the switches, the use of balance-rr may look like a hijacking attempt and cause a false alarm.

If you need multiple IP addresses on top of a VLAN, the syntax for extra IPs is (for a bonded interface) filename ifcfg-bond0.101 for the "main interface", ifcfg-bond0.101:0 for the first extra IP address, and so on. The number after the full stop is the VLAN number, and the number after the colon is the index number for extra IPs.

The contents of the ifcfg-bond0.101:0 file should be similar to when configuring just one IP address:

DEVICE=eth0.101:0
BOOTPROTO=static
IPADDR=xx.xx.xx.xx
NETMASK=255.255.255.0
ONBOOT=yes
VLAN=yes

Note that configuring IP aliases on top of VLANs in this way is guaranteed to be supported only on RHEL/CentOS 5 and above; it may have been added in mid-4.x release cycle, but I'm not sure about that.

With older OS versions, you would have had to write a custom script to initialize the IP aliases manually with ifconfig, as the initscripts package in 4.x did not originally have the capability to handle such a combination.

Related Solutions

Centos 6.2 Fresh ‘Basic Server’ install networking issues

Your routes and configuration look fine.

$: route -n
Destination // Gateway // Genmask // Flags // Metric // Ref // Use // Iface
66.*.*.0       0.0.0.0    255.255.255.248   U   1003      0   0     0  em2
0.0.0.0        66.*.*.1   0.0.0.0           UG     0      0   0     0  em2

The first route, 66.*.*.0/29 with gateway 0.0.0.0 tells your computer to use interface em2 and then make an arp request to find the hardware address of the host you're trying to reach. This is a "connected" route.

The second one is the default route, pointing at your default gateway through em2. If you need to send a packet in another network than 66.*.*.0/29, your computer will make an arp request to find 66.*.*.1 and then send the packets to it.

The only thing in your configuration that could be an issue is the NM_CONTROLLED=yes statement in /etc/sysconfig/network-scripts/ifcfg-em2. This tells the system that this interface is controlled by NetworkManager. This could interfere with your static configuration.

However, even without any default gateway you should be able to ping and ssh from the 66.*.*.0/29 subnet to your machine.

Check layer 1 first, and ensure that the cable is plugged on each side. Use leds on nic and switch, and check if the system sees it correctly:

# mii-tool
eth0: negotiated 1000baseT-FD flow-control, link ok

Then verify if any iptables are dropping the packets. Use iptables -L or iptables-save to check for any rules, and iptables -D <rule> to delete them. Pay attention to the default policy.

Also, on some systems, NetworkManager can configure ufw automatically, and I've had issues with static interface configuration that wasn't seen by NM and hence blocked by ufw.

Redhat – Centos multiple NICs routing issue

For any network device which is not my default gateway, I usually set the default route flag to no:

DEFROUTE="no"

This seems to work without any issues for my servers with multiple network interfaces. If you then restart your network service or interfaces, you should be able to check the routes to see that this is actually working:

/sbin/route -n

Hopefully this helps.

Best Answer

Related Solutions

Centos 6.2 Fresh ‘Basic Server’ install networking issues

Redhat – Centos multiple NICs routing issue

Related Topic