PDA

View Full Version : SLES-Other Two virtual Network Interfaces on one physical Link



v024302
01-Aug-2016, 09:44
Hello everyone,

i have a System on SLES 11 SP1 with 4 Network-Adapters.
I renamed them to eth2 (unchanged), eth3 (unchanged), ten1 (changed from eth0) and ten2 (changed from eth1).
eth2 and eth3 are used for the Internet-Connection.
The two ports ten1 and ten2 are connected to the Interface bond0 for Link-Aggreagrion.

If i assign the IP-Address 10.90.0.16/24 to bond0 and add the Alias 1 with 10.91.0.16/16 i can ping to both Subnetworks.

Now i want to create two Interfacese named eth0 and eth1.
This names are not optional!
eth0 should get the IP Address: 10.90.0.16/24.
eth1 should get the IP Address: 10.91.0.16/16.
bond0 doesn't need an IP-Address anymore. It should just forard the Traffic from eth0 and eth1 to the real LAN.
Now i want to create an internal switching between eth0, eth1 and bond0.

My first idea was to create two dummy Intefaces and connect them to a transparent bridge.
But the Interfaces just can ping their own IP.

Does anyone know how i can handle this?

If possible, i want to configure everything over Yast. But if this won't work any other solution is also fine.

ab
01-Aug-2016, 11:51
On 08/01/2016 02:54 AM, v024302 wrote:
>
> i have a System on SLES 11 SP1 with 4 Network-Adapters.
> I renamed them to eth2 (unchanged), eth3 (unchanged), ten1 (changed from
> eth0) and ten2 (changed from eth1).

That's all fine; the names do not really matter to the OS, so if you want
to share why the exciting rename, feel free to do so, particularly if it
helps better-understand what is going on down below.

> eth2 and eth3 are used for the Internet-Connection.
> The two ports ten1 and ten2 are connected to the Interface bond0 for
> Link-Aggreagrion.

The names matter even less when used as slaves in a bond, so I do not
understand the rename still, but oh well.

> If i assign the IP-Address 10.90.0.16/24 to bond0 and add the Alias 1
> with 10.91.0.16/16 i can ping to both Subnetworks.

That sounds like my experience too; the bond has the IP addresses and
exposes them to the outside world, so everything should work assuming
other protocols (ARP) and devices (switches) do their jobs properly.

> Now i want to create two Interfacese named eth0 and eth1.

Just to be clear, are you creating two new devices, or renaming the old
ones back?

> This names are not optional!

This is an interesting detail which I think should be explained. What you
name your slaves is irrelevant, so arbitrarily specifying certain names as
"not optional" raises questions such as "Why not?" which need to be
answered. There could be a valid reason, but it is much more-likely that
something is misunderstood, or other software is broken.

> eth0 should get the IP Address: 10.90.0.16/24.
> eth1 should get the IP Address: 10.91.0.16/16.

Based on these IP addresses, I presume that the ten1 and ten2 devices from
above are now gone, and these are those devices (since your machine has
four (4) total devices as you stated). If these are meant to be separate
devices (fifth and sixth for the system) then please clarify, particularly
explaining why you have the same IPs assigned to bond0 (with its slaves
ten1 and ten2) as well as to eth0 and eth1.

> bond0 doesn't need an IP-Address anymore. It should just forard the
> Traffic from eth0 and eth1 to the real LAN.

This is not, at least in my experience, how bonding works.

> Now i want to create an internal switching between eth0, eth1 and bond0.

The clarification above regarding whether or not these are new devices
(fifth and sixth) or the old ones renamed back will be relevant at this point.

> My first idea was to create two dummy Intefaces and connect them to a
> transparent bridge.
> But the Interfaces just can ping their own IP.
>
> Does anyone know how i can handle this?
>
> If possible, i want to configure everything over Yast. But if this won't
> work any other solution is also fine.

Bonding can be configured via Yast if you use Yast to put the slave noes
into ready-for-bonding mode (one of the IP address "setups" is "None
(ready for bonding)" (paraphrased heavily). Using this you can then,
appropriately, configure IPs for he bond device itself as you should,
including alias addresses. I presume this is what you did originally,
though confirmation would be appreciate.

I think it is worthwhile to step back and look at the business case for
all of this. Trying to setup as you are is, I believe, invalid, so what
business case has you trying to use specific names for devices (eth0 and
eth1), and then trying to do some internal switching among those various
devices? Switching is a network layer thing, so trying to do so with a
bond device (that has no IP address in your second scenario) does not make
much sense either. Again, knowing why you are trying this may help us
find a way to help you. My best guess is to bridge internal and external
networks, and that should be fine assuming it is done properly, but your
current requirements do not look correct (to me).

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

v024302
01-Aug-2016, 12:58
Hello ab.

i renamed eth0 and eth1 because i need their names later for two virtual interfaces.
I want to create two new interfaces eth0 and eth1. Assign IP-Addresses to them and let bond0 send theit traffic to the real network.
bond0 usese then the original interfacese eth0 (now ten1) and eth1 (now ten2) to send the traffic fom the virtual interafce to the network.

To exmplane my problem in detail:

in the moment i have the IP-Addresses assignt to eth0 (bevor renaming it to ten1) and eth1 (also bevor the renaming). eth0 is connected to the Server-Subnetwork 10.90.0.16/24. eth1 is connted to the Client-Subnet 10.91.0.16/16.
Both Networks run over the same Switch and the same VLAN, only in seperated Subnetworks.
My whole network needs both Subnetworks to work correctly.
Now i connectet eth0 and eth1 to seperated Switches. These switches are Stacked, so if one fails the other managese all. The Switches are only Core-Switches and connect my Server to the End-User-Switches.
I want the Network to work completly even if one Switch fails.

So i bonded eth0 and eth1.
Now if one Switch fails the server works fine after all.

The problem:
There are running many services on the Server that are hardendet to eth0 for the Server-Network and eth1 for the Client-Network.
To correct all the Scripts and Config-Files would take a few days.

So i want to create two virual Network-Adapters with name eth0 and eth1 that transport the whole traffic over bond0 to the Network. Therefor the existing interfaces must get another name. I simply uses ten1 and ten2, because they are 10G-SR-Addapters.

ab
02-Aug-2016, 03:33
On 08/01/2016 06:04 AM, v024302 wrote:
>
> i renamed eth0 and eth1 because i need their names later for two virtual
> interfaces.

Usually virtual interfaces have their own naming scheme, like vnet0 or
something. Still, for your reasons below, I can see why you'd avoid that.

> I want to create two new interfaces eth0 and eth1. Assign IP-Addresses
> to them and let bond0 send theit traffic to the real network.
> bond0 usese then the original interfacese eth0 (now ten1) and eth1 (now
> ten2) to send the traffic fom the virtual interafce to the network.

Okay, so more interfaces; that's better than the alternative, but it's all
still not how bonding is done. With bonds the network devices are merely
the physical part of the "bind" device, and have minimal identity otherwise.

> To exmplane my problem in detail:
>
> in the moment i have the IP-Addresses assignt to eth0 (bevor renaming it
> to ten1) and eth1 (also bevor the renaming). eth0 is connected to the
> Server-Subnetwork 10.90.0.16/24. eth1 is connted to the Client-Subnet
> 10.91.0.16/16.
> Both Networks run over the same Switch and the same VLAN, only in
> seperated Subnetworks.
> My whole network needs both Subnetworks to work correctly.
> Now i connectet eth0 and eth1 to seperated Switches. These switches are
> Stacked, so if one fails the other managese all. The Switches are only
> Core-Switches and connect my Server to the End-User-Switches.
> I want the Network to work completly even if one Switch fails.
>
> So i bonded eth0 and eth1.
> Now if one Switch fails the server works fine after all.

Yes, exactly, because everything works with the bond device which has all
IPs, statistics, etc. hooked to it, and the NICs just happen to be there
transmitting and receiving data.

> The problem:
> There are running many services on the Server that are hardendet to eth0
> for the Server-Network and eth1 for the Client-Network.
> To correct all the Scripts and Config-Files would take a few days.

Ah, so this is the real problem. What are these hundreds or thousands of
scripts and services doing with the hard-coded stuff? If you can provide
details, maybe a comprehensive set of details, we may be able to help fix
that in a way that can work to avoid you trying something impossible, or
wasting days on little changes. To do that, though, we need to know
exactly what your scripts and services are doing, and why, and how.

> So i want to create two virual Network-Adapters with name eth0 and eth1
> that transport the whole traffic over bond0 to the Network. Therefor the
> existing interfaces must get another name. I simply uses ten1 and ten2,
> because they are 10G-SR-Addapters.

Even if this could work, assigning the same IP addresses to these devices
is probably against all kinds of rules, and that's what you're trying to
do per your first post, and I really doubt you can do it and have the
system work properly.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

v024302
02-Aug-2016, 08:12
Hello ab,

we have servicese like squid, samba, bind, openldap, freeradius, openvp, opsi and so on.
Our Network consists of 10 locations in different Cities. Each Location has it's own Server- and Client-Network. The Networks are connected over VPN.
A Masterserver Syncronises all settings to all locations. So we have many self generated Configuration-Files. For example the DNS-Config is an XML-Document with over 17000 lines of code.
As you can see i would prefer to let this scripts as they are and better simulate eth0 and eth1.

You say the same IP-Address on two different Interfaces?
on my real interfaces ten1 and ten2 are no IP-Addressese defind. I removed the IP-Address from bond0. eth0 should get the IP 10.90.0.16/24 and eth1 the IP 10.91.0.16/16. So there are no dublicated Addresses.

Now i need a way to create the virtual Interfaces eth0 and eth1, then creating a virtual switch (for example a transparent bridge) an put eth0, eth1 and bond0 together in this switch.

I already now that i can create the virtual Interfaces like:
ip link add eth0 type veth peer name veth0
ip link add eth1 type veth peer name veth1
ip addr add 10.90.0.16/24 dev eth0
ip addr add 10.91.0.16/16 dev eth1
ip link set eth0 up
ip link set eth1 up

but this solution doesn't work over yast an on top of that i even need a way to bridge them with bond0.

Thanks for your work so far. I now my problem is realy troublesome.

ab
02-Aug-2016, 15:56
On 08/02/2016 01:14 AM, v024302 wrote:
>
> Hello ab,
>
> we have servicese like squid, samba, bind, openldap, freeradius, openvp,
> opsi and so on.

Yes, but why do they care about specific ethernet devices? That's layer
one (1) and layer two (2) stuff, for services that largely operate at
layer seven (7). If they are doing something interesting by looking up
certain devices rather than just letting the Linux routing handle
everything, it would be useful to know exactly what that is.

> Our Network consists of 10 locations in different Cities. Each Location
> has it's own Server- and Client-Network. The Networks are connected over
> VPN.
> A Masterserver Syncronises all settings to all locations. So we have
> many self generated Configuration-Files. For example the DNS-Config is
> an XML-Document with over 17000 lines of code.

That's a nice small file; presumably in here you have things like 'eth0'
and 'eth1', which you would need to replace with 'bond0'. If that's the
case, to do so reliably you could do something like this:



sed -i.bak -e 's/eth0/bond0/g' -e 's/eth1/bond0/g' /path/to/dns-config.xml


That may need some refinement, for example if you also have things like
eth00 or eth10 or something which you would not want converted to bond00,
but that's an easy starting point.

> As you can see i would prefer to let this scripts as they are and better
> simulate eth0 and eth1.

So far it seems like your options are either fixing the
scripts/configuration-files/etc., or else not using bonding.

> You say the same IP-Address on two different Interfaces?
> on my real interfaces ten1 and ten2 are no IP-Addressese defind. I
> removed the IP-Address from bond0. eth0 should get the IP 10.90.0.16/24
> and eth1 the IP 10.9_1_.0.16/16. So there are no dublicated Addresses.

I thought you were assigning the IPs to both the bond as well as to the
virtual NICs; I'm glad that I was mistaken.

> Now i need a way to create the virtual Interfaces eth0 and eth1, then
> creating a virtual switch (for example a transparent bridge) an put
> eth0, eth1 and bond0 together in this switch.

Perhaps you could do this, but you'll need to give the bond device an
address. Before pursuing this, I think we should still better-understand
why things are looking up devices by eth0 and eth1; presumably they are
not manipulating the devices, but instead are querying them, perhaps for
IP addresses, statistics, etc. In those cases, fixing up everything to
instead look for bond0 would be pretty easy, and if you do so by creating
a script of the various commands, it should also be very reliable and
safe. Test, of course, beforehand, but that's something you should do in
any case.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...

jmozdzen
02-Aug-2016, 16:25
Hi v024302,

> [... bond, bridges, dummy interfaces, IPs ...]
> But the [dummy] Interfaces just can ping their own IP.

one of my favorite areas of problems, which I know exists but I cannot explain (didn't yet have the time to dig into the depths): From my experience, once you've set an IP address to the bond interface, you run into trouble if you unset the IP and re-set it at a higher layer (i.e. the bridge or the dummy interface). I even had a case where only setting 0.0.0.0 for the bond interface already caused this.

Have you restarted your server after changing the config to your target setup (bond0 via the two physicals, bridge connecting to bond0, two interfaces connecting to the bridge, each with its respective IP address)? If not, I suggest to give it a try. Do not touch the IP config of bond0 or the bridge device - if you created the bond via YaST, don't give it an IP address at all. Once the dummy adapters have their IPs, try to ping again.

Regards,
J