iglesia - estado
2. La no identidad entre:
17 Load Balancing and High Availability Configuration ... 157 17.1 About HAProxy ... 157 17.2 Installing and Configuring HAProxy ... 157 17.2.1 About the HAProxy Configuration File ... 158 17.3 Configuring Simple Load Balancing Using HAProxy ... 158 17.3.1 Configuring HAProxy for Session Persistence ... 160 17.4 About Keepalived ... 161 17.5 Installing and Configuring Keepalived ... 161 17.5.1 About the Keepalived Configuration File ... 162 17.6 Configuring Simple Virtual IP Address Failover Using Keepalived ... 163 17.7 Configuring Load Balancing Using Keepalived in NAT Mode ... 165 17.7.1 Configuring Firewall Rules for Keepalived NAT-Mode Load Balancing ... 169 17.7.2 Configuring Back-End Server Routing for Keepalived NAT-Mode Load Balancing ... 169 17.8 Configuring Load Balancing Using Keepalived in DR Mode ... 170 17.8.1 Configuring Firewall Rules for Keepalived DR-Mode Load Balancing ... 172 17.8.2 Configuring the Back-End Servers for Keepalived DR-Mode Load Balancing ... 172 17.9 Configuring Keepalived for Session Persistence and Firewall Marks ... 173 17.10 Making HAProxy Highly Available Using Keepalived ... 174 17.11 About Keepalived Notification and Tracking Scripts ... 177 17.12 Making HAProxy Highly Available Using Oracle Clusterware ... 178
Chapter 11 Network Configuration
Table of Contents
11.1 About Network Interfaces ... 111 11.2 About Network Configuration Files ... 113 11.2.1 /etc/hosts ... 113 11.2.2 /etc/nsswitch.conf ... 113 11.2.3 /etc/resolv.conf ... 113 11.2.4 /etc/sysconfig/network ... 114 11.3 Command-line Network Configuration Interfaces ... 114 11.4 Configuring Network Interfaces Using Graphical Interfaces ... 116 11.5 Configuring Network Interface Bonding ... 117 11.5.1 Using ifenslave to Create Bonded Interfaces ... 118 11.6 Configuring VLANs with Untagged Data Frames ... 119 11.6.1 Using vconfig to Create VLAN Devices ... 120 11.7 Configuring Network Routing ... 120 This chapter describes how to configure a system's network interfaces and network routing.
11.1 About Network Interfaces
Each physical and virtual network device on an Oracle Linux system has an associated configuration file named ifcfg-interface in the /etc/sysconfig/network-scripts directory, where interface is the name of the interface. For example:
# cd /etc/sysconfig/network-scripts
# ls ifcfg-*
ifcfg-eth0 ifcfg-eth1 ifcfg-lo
In this example, there are two configuration files for Ethernet interfaces, ifcfg-eth0 and ifcfg-eth1, and one for the loopback interface, ifcfg-lo. The system reads the configuration files at boot time to configure the network interfaces.
The following are sample entries from an ifcfg-eth0 file for a network interface that obtains its IP address using the Dynamic Host Configuration Protocol (DHCP):
DEVICE="eth0" NM_CONTROLLED="yes" ONBOOT=yes USERCTL=no TYPE=Ethernet BOOTPROTO=dhcp DEFROUTE=yes IPV4_FAILURE_FATAL=yes IPV6INIT=no NAME="System eth0" UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 HWADDR=08:00:27:16:C3:33 PEERDNS=yes PEERROUTES=yes
If the interface is configured with a static IP address, the file contains entries such as the following: DEVICE="eth0"
About Network Interfaces ONBOOT=yes USERCTL=no TYPE=Ethernet BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=yes IPV6INIT=no NAME="System eth0" UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 HWADDR=08:00:27:16:C3:33 IPADDR=192.168.1.101 NETMASK=255.255.255.0 BROADCAST=192.168.1.255 PEERDNS=yes PEERROUTES=yes
The following configuration parameters are typically used in interface configuration files:
BOOTPROTO How the interface obtains its IP address:
bootp Bootstrap Protocol (BOOTP).
dhcp Dynamic Host Configuration Protocol (DHCP).
none Statically configured IP address.
BROADCAST IPv4 broadcast address.
DEFROUTE Whether this interface is the default route.
DEVICE Name of the physical network interface device (or a PPP logical device).
HWADDR Media access control (MAC) address of an Ethernet device.
IPADDR IPv4 address of the interface.
IPV4_FAILURE_FATAL Whether the device is disabled if IPv4 configuration fails.
IPV6_FAILURE_FATAL Whether the device is disabled if IPv6 configuration fails.
IPV6ADDR IPv6 address of the interface in CIDR notation. For example:
IPV6ADDR="2001:db8:1e11:115b::1/32" IPV6INIT Whether to enable IPv6 for the interface.
MASTER Specifies the name of the master bonded interface, of which this interface is slave.
NAME Name of the interface as displayed in the Network Connections GUI.
NETMASK IPv4 network mask of the interface.
NETWORK IPV4 address of the network.
NM_CONTROLLED Whether the network interface device is controlled by the network management daemon, NetworkManager.
ONBOOT Whether the interface is activated at boot time.
PEERDNS Whether the /etc/resolv.conf file used for DNS resolution contains information obtained from the DHCP server.
About Network Configuration Files
PEERROUTES Whether the information for the routing table entry that defines the default gateway for the interface is obtained from the DHCP server.
SLAVE Specifies that this interface is a component of a bonded interface.
TYPE Interface type.
USERCTL Whether users other than root can control the state of this interface.
UUID Universally unique identifier for the network interface device.
11.2 About Network Configuration Files
The following sections describe additional network configuration files that you might need to configure on a system.
11.2.1 /etc/hosts
The /etc/hosts file associates host names with IP addresses. It allows the system to look up (resolve) the IP address of a host given its name, or the name given the UP address. Most networks use DNS (Domain Name Service) to perform address or name resolution. Even if your network uses DNS, it is usual to include lines in this file that specify the IPv4 and IPv6 addresses of the loopback device, for example: 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
The first and second column contains the IP address and host name. Additional columns contain aliases for the host name.
For more information, see the hosts(5) manual page.
11.2.2 /etc/nsswitch.conf
The /etc/nsswitch.conf file configures how the system uses various databases and name resolution mechanisms. The first field of entries in this file identifies the name of the database. The second field defines a list of resolution mechanisms in the order in which the system attempts to resolve queries on the database.
The following example hosts definition from /etc/nsswitch.conf indicates that the system first attempts to resolve host names and IP addresses by querying files (that is, /etc/hosts) and, if that fails, next by querying a DNS server, and last of all, by querying NIS+ (NIS version 3) :
hosts: files dns nisplus
For more information, see the nsswitch.conf(5) manual page.
11.2.3 /etc/resolv.conf
The /etc/resolv.conf file defines how the system uses DNS to resolve host names and IP addresses. This file usually contains a line specifying the search domains and up to three lines that specify the IP addresses of DNS server. The following entries from /etc/resolv.conf configure two search domains and three DNS servers:
search us.mydomain.com mydomain.com nameserver 192.168.154.3
/etc/sysconfig/network
nameserver 192.168.154.4 nameserver 10.216.106.3
If your system obtains its IP address from a DHCP server, it is usual for the system to configure the contents of this file with information also obtained using DHCP.
For more information, see the resolv.conf(5) manual page.
11.2.4 /etc/sysconfig/network
The /etc/sysconfig/network file specifies additional information that is valid to all network interfaces on the system. The following entries from /etc/sysconfig/network define that IPv4 networking is enabled, IPv6 networking is not enabled, the host name of the system, and the IP address of the default network gateway:
NETWORKING=yes NETWORKING_IPV6=no
HOSTNAME=host20.mydomain.com GATEWAY=192.168.1.1
For more information, see /usr/share/doc/initscripts*/sysconfig.txt.
11.3 Command-line Network Configuration Interfaces
If the NetworkManager service is running, you can use the nm-tool command to display a verbose listing of the state of the system's physical network interfaces, for example:
# nm-tool
NetworkManager Tool State: connected
- Device: eth0 [System eth0] --- Type: Wired Driver: e1000 State: connected Default: yes HW Address: 08:00:27:16:C3:33 Capabilities:
Carrier Detect: yes Speed: 1000 Mb/s Wired Properties Carrier: on IPv4 Settings: Address: 10.0.2.15 Prefix: 24 (255.255.255.0) Gateway: 10.0.2.2 DNS: 192.168.249.52 DNS: 192.168.249.41
You can also use the ip command to display the status of an interface, for debugging, or for system tuning. For example, to display the status of all active interfaces:
# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
Command-line Network Configuration Interfaces
inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 08:00:27:16:c3:33 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0 inet6 fe80::a00:27ff:fe16:c333/64 scope link valid_lft forever preferred_lft forever
For each network interface, the output shows the current IP address, and the status of the interface. To display the status of a single interface such as eth0, specify its name as shown here:
# ip addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 08:00:27:16:c3:33 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0 inet6 fe80::a00:27ff:fe16:c333/64 scope link valid_lft forever preferred_lft forever
You can also use ip to set properties and activate a network interface. The following example sets the IP address of the eth1 interface and activates it:
# ip addr add 10.1.1.1/24 dev eth1
# ip link set eth1 up
Note
You might be used to using the ifconfig command to perform these operations. However, ifconfig is considered obsolete and will eventually be replaced altogether by the ip command.
Any settings that you configure for network interfaces using ip do not persist across system reboots. To make the changes permanent, set the properties in the /etc/sysconfig/network-scripts/ ifcfg-interface file.
Any changes that you make to an interface file in /etc/sysconfig/network-scripts do not take effect until you restart the network service or bring the interface down and back up again. For example, to restart the network service:
# service network restart
Shutting down interface eth0: Device state: 3 (disconnected) [ OK ] Shutting down loopback interface: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: Active connection state: activating
Active connection path: /org/freedesktop/NetworkManager/ActiveConnection/1 state: activated
Connection activated
[ OK ]
To restart an individual interface, you can use the ifup or ifdown commands, which invoke the script in / etc/sysconfig/network-scripts that corresponds to the interface type, for example:
# ifdown eth0
Device state: 3 (disconnected) # ifup eth0
Active connection state: activating
Active connection path: /org/freedesktop/NetworkManager/ActiveConnection/1 state: activated
Connection activated
Configuring Network Interfaces Using Graphical Interfaces
# ip link set eth0 down
# ip link set eth0 up
The ethtool utility is useful for diagnosing potentially mismatched settings that affect performance, and allows you to query and set the low-level properties of a network device. Any changes that you make using
ethtool do not persist across a reboot. To make the changes permanent, modify the settings in the device's ifcfg-interface file in /etc/sysconfig/network-scripts.
For more information, see the ethtool(8), ifup(8), ip(8), and nm-tool(1) manual pages.
11.4 Configuring Network Interfaces Using Graphical Interfaces
NoteThe NetworkManager service, Gnome graphical applet, and the nm-
connection-editor command are included in the NetworkManager package. The system-config-network utility is included in the system-config- network-tui package.
The NetworkManager service dynamically detects and configures network connections. It includes a GNOME Notification Area applet (nm-applet)that provides you with information about the network status and graphical configuration tools to manage network interfaces and connections.
The applet icon changes its appearance indicate the state of the network. Hover the mouse pointer over the icon to display more information as a tool tip. Clicking the icon displays a drop-down menu that allows you to restart or disconnect each named interface.
Right-clicking the icon displays a different drop-down menu:
Enable Networking Allows you to stop or start the network service.
Enable Notifications Controls whether NetworkManager notifies you of changes to the status of network connections.
Connection Information Displays the Connection Information window, which lists the connection type, hardware address, IP address, and other useful information for each interface.
Edit Connections Displays the Network Connections window, which allows you to configure wired, wireless, mobile broadband, Virtual Private Network (VPN), and Digital Subscriber Link (DSL) interfaces. You can also open this window by using the nm-connection-editor command.
Configuring Network Interface Bonding
Figure 11.1 Network Connections Window
You can also use the system-config-network command, which provides a text-based user interface that allows you to configure network interface and DNS resolver settings.
11.5 Configuring Network Interface Bonding
Network interface bonding (also known as port trunking, channel bonding, link aggregation, NIC teaming, among other names) combines multiple network connections into a single logical interface. A bonded network interface can increase data throughput by load balancing or can provide redundancy by allowing failover from one component device to another. By default, a bonded interface appears like a normal network device to the kernel, but it sends out network packets over the available slave devices by using a simple round-robin scheduler. You can configure bonding module parameters in the bonded interface's configuration file to alter the behavior of load-balancing and device failover.
Basic load-balancing modes (balance-rr and balance-xor) work with any switch that supports EtherChannel or trunking. Advanced load-balancing modes (balance-tlb and balance-alb) do not impose requirements on the switching hardware, but do require that the device driver for each component interfaces implement certain specific features such as support for ethtool or the ability to modify the hardware address while the device is active. For more information see /usr/share/doc/iputils-*/ README.bonding.
You can use the bonding driver that is provided with the Oracle Linux kernel to aggregate multiple network interfaces, such as eth0 and eth1, into a single logical interface such as bond0.
To create a bonded interface:
1. Create a file named ifcfg-bondN in the /etc/sysconfig/network-scripts directory, where N is number of the interface, such as 0.
2. Edit the contents of ifcfg-bondN to be similar to the configuration settings for an Ethernet interface except that DEVICE is set to bondN rather than ethn, for example:
Using ifenslave to Create Bonded Interfaces IPADDR=192.168.1.121 NETMASK=255.255.255.0 NETWORK=192.168.1.0 BROADCAST=192.168.1.255 ONBOOT=yes BOOTPROTO=none USERCTL=no TYPE=Ethernet
BONDING_OPTS="bonding parameters separated by spaces"
The BONDING_OPTS setting is optional, unless you need to pass parameters to the bonding module, for example, to specify the load balancing mechanism or to configure ARP link monitoring. For more information, see /usr/share/doc/iputils-*/README.bonding.
3. For each interface that you want to bond, edit its ifcfg-interface file so that it contains
MASTER=bondN and SLAVE entries, for example: DEVICE="eth0" NAME="System eth0" IPADDR=192.168.1.101 NETMASK=255.255.255.0 BROADCAST=192.0.2.255 NM_CONTROLLED="yes" ONBOOT=yes USERCTL=no TYPE=Ethernet BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=yes IPV6INIT=no PEERDNS=yes PEERROUTES=yes MASTER=bond0 SLAVE
4. Create the file /etc/modprobe.d/bonding.conf, so that it contains an entry for each bonded interface, for example:
alias bond0 bonding
The existence of this file ensures that the kernel loads the bonding module is loaded when you bring up the bonded interface. All bonded interfaces that you configure require an entry in this file.
5. If the component interfaces are up, bring them down, and then bring up the bonded interface: # ip link set eth0 down
# ip link set eth1 down
# ip link set bond0 up
11.5.1 Using ifenslave to Create Bonded Interfaces
The ifenslave command provides an alternate method of creating bonded interfaces. Only round-robin load balancing is available.
To create a bonded device by using the ifenslave command: 1. Load the bonding module:
# modprobe bonding
2. Configure the network settings for the bonded interface: # ip addr add 192.168.1.121/24 dev bond0
Configuring VLANs with Untagged Data Frames
3. Attach the component network interfaces to the bonded interface: # ifenslave bond0 eth0 eth1
4. Bring up the bonded interface: # ip link set bond0 up
For more information, see the ifenslave(8) manual page.
11.6 Configuring VLANs with Untagged Data Frames
A virtual local area network (VLAN) consists of a group of machines that can communicate as if they were attached to the same physical network. A VLAN allows you to group systems regardless of their actual physical location on a LAN. In a VLAN that uses untagged data frames, you create the broadcast domain by assigning the ports of network switches to the same permanent VLAN ID or PVID (other than 1, which is the default VLAN). All ports that you assign with this PVID are in a single broadcast domain. Broadcasts between devices in the same VLAN are not visible to other ports with a different VLAN, even if they exist on the same switch.
To create a VLAN device for a network interface or bonded interface:
1. Create a file named ifcfg-interface.pvid in the /etc/sysconfig/network-scripts
directory, by copying the ifcfg-interface configuration file for the interface that is connected to a port that implements the PVID that is identified by pvid.
For example, if the PVID of the switch port is 5 and the interface connected to it is eth0, copy the
ifcfg-eth0 file to ifcfg-eth0.5: # cd /etc/sysconfig/network-scripts
# cp ifcfg-eth0 ifcfg-eth0.5
For the bonded interface bond0, where the PVID of the connected switch ports is 10, copy the ifcfg- bond0 file to ifcfg-bond0.10:
# cd /etc/sysconfig/network-scripts
# cp ifcfg-bond0 ifcfg-bond0.10
Note
You do not need to create virtual interfaces for the component interfaces of the bonded interface. However, you must set the PVID on each switch port to which they connect.
2. Edit the ifcfg-interface.pvid file, change the DEVICE (and NAME, if specified) entries, and add a
VLAN=yes entry. For example, ifcfg-eth0.5 would appear similar to the following: DEVICE="eth0.5" NAME="System eth0.5" VLAN=yes IPADDR=192.168.1.101 NETMASK=255.255.255.0 BROADCAST=192.0.2.255 NM_CONTROLLED="yes" ONBOOT=yes USERCTL=no TYPE=Ethernet BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=yes
Using vconfig to Create VLAN Devices
IPV6INIT=no PEERDNS=yes PEERROUTES=yes
and ifcfg-bond0.10 as: DEVICE="bond0.10" VLAN=yes IPADDR=192.168.1.121 NETMASK=255.255.255.0 NETWORK=192.168.1.0 BROADCAST=192.168.1.255 ONBOOT=yes BOOTPROTO=none USERCTL=no TYPE=Ethernet
Save your changes to the file. Do not edit the original ifcfg-ethN file. 3. Restart the network:
# service network restart
In addition to the regular interface, eth0 or bond0, which uses the physical LAN, you now have a VLAN device, such as eth0.5 or bond0.10, which can use untagged frames to access the virtual LAN.
To obtain detailed information about VLAN interfaces, view the /proc/net/vlan directory.
11.6.1 Using vconfig to Create VLAN Devices
The vconfig command provides an alternate method of creating VLAN devices. To create a VLAN device by using the vconfig command:
1. Add a VLAN interface definition, eth0.5, for eth0 on PVID 5: # vconfig add eth0 5
2. Configure the network settings for the VLAN interface: # ip addr add 192.168.1.121/24 dev eth0.5
3. Bring up the VLAN interface: # ip link set eth0.5 up
If you subsequently need to delete the interface, use the following commands to bring it down and remove its definition:
# ip link set eth0.5 down
# vconfig rem eth0.5
For more information, see the vconfig(8) manual page.
11.7 Configuring Network Routing
A system uses its routing table to determine which network interface to use when sending packets to