Linux/Netzwerk/Konfiguration: Unterschied zwischen den Versionen
| Zeile 17: | Zeile 17: | ||
# Systemd: [https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_modern_network_configuration_without_gui Debian reference Doc Chapter 5] | # Systemd: [https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_modern_network_configuration_without_gui Debian reference Doc Chapter 5] | ||
== Howto use vlan (dot1q, 802.1q, trunk) | == vlan == | ||
; Howto use vlan (dot1q, 802.1q, trunk) | |||
=== Manual config === | === Manual config === | ||
modprobe 8021q | modprobe 8021q | ||
| Zeile 74: | Zeile 74: | ||
If you are using a brigded VLAN setup, which is probably useful for networking in virtualization environments, take care to only attach either a bridge device or VLAN devices to an underlying physical device - like shown above. Attaching the physical interface (eth0) to a bridge (eg. bri1) while using the same physical interface on apparently different VLANs will result in all packets to remain tagged. (Kernel newer than 2.6.37 and older than 3.2). | If you are using a brigded VLAN setup, which is probably useful for networking in virtualization environments, take care to only attach either a bridge device or VLAN devices to an underlying physical device - like shown above. Attaching the physical interface (eth0) to a bridge (eg. bri1) while using the same physical interface on apparently different VLANs will result in all packets to remain tagged. (Kernel newer than 2.6.37 and older than 3.2). | ||
== Howto create fault tolerant bonding with vlan (Etch - Stretch) == | == Howto create fault tolerant bonding with vlan (Etch - Stretch) == | ||
Version vom 16. Dezember 2024, 13:09 Uhr
Linux/Netzwerk/Konfiguration
Beschreibung
- Tipp
- Bezüglich einer aktuellen Anleitung für Debian zum Thema Netzwerk lesen Sie Debian Administratorhandbuch — Konfigurieren des Netzwerks
- Tipp
- Unter systemd kann networkd für die Netzwerkverwaltung genutzt werden
- siehe systemd-networkd(8)
/etc/network/interfaces
siehe /etc/network/interfaces
3 ways to configure the network
- The interfaces configuration file at /etc/network/interfaces (this page): for basic or simple configurations (e.g. workstation)
- NetworkManager: This is the default for Laptop configuration
- Systemd: Debian reference Doc Chapter 5
vlan
- Howto use vlan (dot1q, 802.1q, trunk)
Manual config
modprobe 8021q apt install vlan vconfig add eth0 222 # 222 is vlan number ifconfig eth0.222 up ifconfig eth0.222 mtu 1496 #optional if your network card doesn't support MTU 1504B ifconfig eth0.222 10.10.10.1 netmask 255.255.255.0
Network init script config
Into /etc/modules add line:
8021q
In /etc/network/interfaces to section iface add parameter:
vlan-raw-device eth0
The interface name should be the raw interface name (the same as specified by vlan-raw-device), then a dot, then the VLAN ID, for example eth0.100. It can instead be "vlan" then the VLAN ID, for example vlan100. In either case, the VLAN ID is on the end, and this is the only place that it is configured.
Note: If you name your VLAN interfaces ethX.YYY, then there is no need to specify the vlan-raw-device, as the raw device can be retrieved from the interface name.
Eg:
auto eth0.222 iface eth0.222 inet static address 10.10.10.1/24 vlan-raw-device eth0
Bridges and VLANs
If you create VLAN interfaces only to put them into a bridge, there is no need to define the VLAN interfaces manually. Just config the bridge, and the VLAN interface will be created automatically when creating the bridge, e.g:
auto br1 iface br1 inet manual bridge_ports eth0.99 eth1.99 up /usr/sbin/brctl stp br1 on
Caveats when using bridging and vlan
#/etc/network/interfaces auto eth0 bri0 iface eth0 inet static address 192.168.1.1/24 iface eth0.110 inet manual vlan-raw-device eth0 iface bri0 inet static address 192.168.110.1/24 bridge_ports eth0.110 bridge_stp on bridge_maxwait 10
If you are using a brigded VLAN setup, which is probably useful for networking in virtualization environments, take care to only attach either a bridge device or VLAN devices to an underlying physical device - like shown above. Attaching the physical interface (eth0) to a bridge (eg. bri1) while using the same physical interface on apparently different VLANs will result in all packets to remain tagged. (Kernel newer than 2.6.37 and older than 3.2).
Howto create fault tolerant bonding with vlan (Etch - Stretch)
How to configure one of the above server active backup bonding 3 vlan {vlan10,vlan20,vlan30} Debian networking without SPOF without native vlan.
aptitude install vlan ifenslave-2.6
Network config
Cisco switch interface example config
interface GigabitEthernet1/2 description eth1 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 10,20,30 switchport mode trunk no ip address no cdp enable spanning-tree portfast trunk
bonding with active backup
Create a file /etc/modprobe.d/bonding.conf containing:
alias bond0 bonding options bonding mode=active-backup miimon=100 downdelay=200 updelay=200 primary=eth1
/etc/network/interfaces
# The loopback network interface auto lo iface lo inet loopback # The primary network interface auto bond0 iface bond0 inet manual up ifconfig bond0 0.0.0.0 up slaves eth1 eth0 auto vlan10 iface vlan10 inet static address 10.10.10.12/24 vlan-raw-device bond0 gateway 10.10.0.1 dns-search hup.hu dns-nameservers 10.10.0.2 auto vlan20 iface vlan20 inet static address 10.20.10.12/24 vlan-raw-device bond0 auto vlan30 iface vlan30 inet static address 10.30.10.12/24 vlan-raw-device bond0
- In Debian Buster, you must use interface names for VLANs in the form of: bond0.10, bond0.20, and bond0.30 instead of vlan10, vlan20, vlan30
- https://www.kernel.org/doc/Documentation/networking/bonding.txt - Linux kernel documentation on bonding
- https://www.dm.unibo.it/~donatini/admin/rete/bonding.html - Bonding on Linux 2.6
How to set the MTU (Max transfer unit / packet size) with VLANS over a bonded interface
MTU needs to be configured on the bonding interface and slave interfaces after the reset of the configuration has been applied to the bonding interfaces. This is done using a post-up line in the bonding interface configuration.
auto bond0 iface bond0 inet manual up ifconfig lacptrunk0 0.0.0.0 up slaves eth0 eth1 # bond-mode 4 = 802.3ad bond-mode 4 bond-miimon 100 bond-downdelay 200 bond-updelay 200 bond-lacp-rate 1 bond-xmit-hash-policy layer2+3 post-up ifconfig eth0 mtu 9000 && ifconfig eth1 mtu 9000 && ifconfig bond0 mtu 9000 #vlan devices will use the MTU set on bond0 device auto vlan101 iface vlan101 inet static address 10.101.60.123/24 gateway 10.155.60.1 vlan-raw-device bond0 auto vlan151 iface vlan151 inet static address 192.168.1.1/24 vlan-raw-device bond0
Multiple IP addresses on one Interface
Interface aliasing allows one interface to have multiple IP addresses. This is useful when more than one server is to be visible via the Internet. Note that virtual hosts can support multiple Apache servers with a single IP address. Apache responds to the domain name supplied by the client in the HTTP header. In many other situations, one external IP is needed for each server using a port.
Legacy method
This /etc/network/interfaces text assigns three IP addresses to eth0.
auto eth0 allow-hotplug eth0 iface eth0 inet static address 192.168.1.42/24 gateway 192.168.1.1 auto eth0:0 allow-hotplug eth0:0 iface eth0:0 inet static address 192.168.1.43/24 auto eth0:1 allow-hotplug eth0:1 iface eth0:1 inet static address 192.168.1.44/24
An alias interface should not have "gateway" or "dns-nameservers"; dynamic IP assignment is permissible.
The above configuration is the previous traditional method that reflects the traditional use of ifconfig to configure network devices. ifconfig has introduced the concept of aliased or virtual interfaces. Those types of virtual interfaces have names of the form interface:integer and ifconfig treats them very similarly to real interfaces.
Nowadays ifupdown uses the ip utility from the iproute2 package instead of ifconfig. The newer ip utility does not use the same concept of aliases or virtual interfaces. However, it supports assigning arbitrary names to the interfaces (they're called labels). ifupdown uses this feature to support aliased interfaces while using ip.
iproute2 method
Also, ifupdown supports specifying multiple interfaces by repeating iface sections with the same interface name. The key difference from the method described above is that all such sections are treated by ifupdown as just one interface, so user can't add or remove them individually. However, up/down commands, as well as scripts, are called for every section as it used to be.
Note however that this method is dangerous! Certain driver/hardware combinations may sometimes fail to bring the link up if no labels are assigned to the alias interfaces. (Seen this on Debian Wheezy and Jessie with RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 01) auto-negotiating to 10/full. A similar warning from another person exists in the history of this page.)
This /etc/network/interfaces text assigns three IP addresses to eth0.
auto eth0 allow-hotplug eth0 iface eth0 inet static address 192.168.1.42/24 gateway 192.168.1.1
iface eth0 inet static address 192.168.1.43/24
iface eth0 inet static address 192.168.1.44/24
# adding IP addresses from different subnets is also possible iface eth0 inet static address 10.10.10.14/24
Manual approach:
auto eth0 allow-hotplug eth0 iface eth0 inet static address 192.168.1.42/24 gateway 192.168.1.1 up ip addr add 192.168.1.43/24 dev $IFACE label $IFACE:0 down ip addr del 192.168.1.43/24 dev $IFACE label $IFACE:0 up ip addr add 192.168.1.44/24 dev $IFACE label $IFACE:1 down ip addr del 192.168.1.44/24 dev $IFACE label $IFACE:1 up ip addr add 10.10.10.14/24 dev $IFACE label $IFACE:2 down ip addr del 10.10.10.14/24 dev $IFACE label $IFACE:2