Category Archives: Networking

HOWTO: Create an Active/Passive TEAM device in RHEL7

Let’s say you have a few spare NICs and want to put them together in a/n (active/passive) bond.  What do you do?

This write-up is VERY similar to HOWTO: Create a BOND with RHEL7 – but it’s for teaming.

This is also is pretty straight-forward.

First, connect via SSH to an IP on a NIC that WILL NOT be part of the bond.

Using ‘nmcli’ – remove references to the NICs you want IN the bond and reload nmcli:

[root@rhce ~]# nmcli con del ens224 ens256
Connection 'ens224' (92d6456d-16bd-4eae-9ecb-386cb4ce4d29) successfully deleted.
Connection 'ens256' (e52eca2f-8c84-428d-8959-93e85f4b03f3) successfully deleted.
[root@rhce ~]# nmcli con reload

Next, with nmcli, create the bond:

[root@rhce ~]# nmcli con add type team con-name team0 ifname team0 config '{"runner": {"name": "activebackup"}}'
Connection 'team0' (01567cc6-b2da-42ac-adf8-b9085c3f4309) successfully added.

Time to add the two NICs (ens224 & ens256) in:

[root@rhce ~]# nmcli con add con-name team0-ens224 ifname ens224 type team-slave master team0
[root@rhce ~]# nmcli con add con-name team0-ens256 ifname ens256 type team-slave master team0

Optional (I think, but I still do it), modify the team’d device to have an IP and DNS:

[root@rhce ~]# nmcli connection modify team0 ipv4.address "192.168.1.50/24"
[root@rhce ~]# nmcli connection modify team0 ipv4.dns "192.168.1.1,8.8.8.8"

 

Check the state of the team & see which NIC is active:

# teamdctl team0 state
setup:
  runner: activebackup
ports:
  ens224
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 0
  ens256
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 0
runner:
  active port: ens224

Looks like ens224 (first NIC) is active; let’s pull the cable, start a PING test, & see what happens:

[root@rhce ~]# ping 192.168.1.50
PING 192.168.1.50 (192.168.1.50) 56(84) bytes of data.
64 bytes from 192.168.1.50: icmp_seq=1 ttl=64 time=0.140 ms
64 bytes from 192.168.1.50: icmp_seq=2 ttl=64 time=0.167 ms
64 bytes from 192.168.1.50: icmp_seq=3 ttl=64 time=0.167 ms
64 bytes from 192.168.1.50: icmp_seq=4 ttl=64 time=0.172 ms
64 bytes from 192.168.1.50: icmp_seq=5 ttl=64 time=0.166 ms
64 bytes from 192.168.1.50: icmp_seq=6 ttl=64 time=0.171 ms
64 bytes from 192.168.1.50: icmp_seq=7 ttl=64 time=0.153 ms
64 bytes from 192.168.1.50: icmp_seq=8 ttl=64 time=0.181 ms
64 bytes from 192.168.1.50: icmp_seq=9 ttl=64 time=0.172 ms
64 bytes from 192.168.1.50: icmp_seq=10 ttl=64 time=0.194 ms
64 bytes from 192.168.1.50: icmp_seq=11 ttl=64 time=0.172 ms
64 bytes from 192.168.1.50: icmp_seq=12 ttl=64 time=0.172 ms
64 bytes from 192.168.1.50: icmp_seq=13 ttl=64 time=0.172 ms
64 bytes from 192.168.1.50: icmp_seq=14 ttl=64 time=0.191 ms
64 bytes from 192.168.1.50: icmp_seq=15 ttl=64 time=0.165 ms
64 bytes from 192.168.1.50: icmp_seq=16 ttl=64 time=0.155 ms

Nothing strange there … what about the team?

[ root@rhce ~]# teamdctl team0 state
setup:
  runner: activebackup
ports:
  ens256
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 0
  ens224
    link watches:
      link summary: down
      instance[link_watch_0]:
        name: ethtool
        link: down
        down count: 1
runner:
  active port: ens256

It switched to ens256 & didn’t drop a ping.

Looks like you got an active/passive team working successfully!

HOWTO: Create a BOND with RHEL7

Let’s say you have a few spare NICs and want to put them together in a (active/passive) bond.  What do you do?

Well, this is pretty straight-forward.

First, connect via SSH to an IP on a NIC that WILL NOT be part of the bond.

Using ‘nmcli’ – remove references to the NICs you want IN the bond and reload nmcli:

[root@rhce ~]# nmcli con del p4p1 p4p2
Connection 'p4p1' (92d6456d-16bd-4eae-9ecb-386cb4ce4d29) successfully deleted.
Connection 'p4p2' (e52eca2f-8c84-428d-8959-93e85f4b03f3) successfully deleted.
[root@rhce ~]# nmcli con reload

Next, with nmcli, create the bond:

[root@rhce ~]# nmcli con add type bond ifname bond0 con-name bond0 mode active-backup miimon 100 ip4 192.168.1.50/24
Connection 'bond0' (5886c4c3-6ed7-4785-be41-7ef4c6f29373) successfully added.

Now, the bond is just an IP at this point in time; there are no NICs associated with it.  Time to add the two NICs (p4p1 & p4p2) in:

[root@rhce ~]# nmcli connection add type bond-slave ifname p4p1 con-name p4p1 master bond0
Connection 'p4p1' (ef7fd007-af66-43f2-a769-a8916dbf09c9) successfully added.
[root@rhce ~]# nmcli connection add type bond-slave ifname p4p2 con-name p4p2 master bond0
Connection 'p4p2' (d40213dd-4fd7-4a62-ac4c-1cc2d7480284) successfully added.

Optional (I think, but I still do it), modify the bond to have DNS:

[root@rhce ~]# nmcli connection modify bond0 ipv4.dns "192.168.1.1,8.8.8.8"

Now, ‘up’ the bond:

[root@rhce ~]# nmcli con bond0 up

It’ll take about 30 seconds to configure behind the scenes, so set up a continuous ping and wait for it to reply.

The last part of this is testing the functionality.  Start a PING test, pull a cable & see what happens:

$ ping 192.168.1.50
PING 192.168.1.50 (192.168.1.50): 56 data bytes
64 bytes from 192.168.1.50: icmp_seq=52 ttl=64 time=0.357 ms
64 bytes from 192.168.1.50: icmp_seq=53 ttl=64 time=0.301 ms
64 bytes from 192.168.1.50: icmp_seq=54 ttl=64 time=0.359 ms
64 bytes from 192.168.1.50: icmp_seq=55 ttl=64 time=0.339 ms
Pull active cable
Request timeout for icmp_seq 6
<10-45 more times>
Request timeout for icmp_seq 51
64 bytes from 192.168.1.50: icmp_seq=82 ttl=64 time=0.607 ms
64 bytes from 192.168.1.50: icmp_seq=83 ttl=64 time=0.339 ms
64 bytes from 192.168.1.50: icmp_seq=84 ttl=64 time=0.361 ms
64 bytes from 192.168.1.50: icmp_seq=85 ttl=64 time=0.276 ms
64 bytes from 192.168.1.50: icmp_seq=86 ttl=64 time=0.306 ms

Looks like you got an active/backup bond working successfully!

HOWTO: Linksys – EA9500 / AC5400 & hosting your own Websites

I have an EA9500 Smart Router and when I activated this and turned my ASUS RT-N66U into an Access Point, I found myself unable to access the websites I hosted myself.

Well, for Linksys, there’s an enabled FEATURE, that just so stops this from working properly aka, breaks NAT loopback.

Here’s the symptom.

On the network at home, you can’t get to your website.

Pop over to your phone / LTE – there’s your site.
Continue reading HOWTO: Linksys – EA9500 / AC5400 & hosting your own Websites

HOWTO: APACHE – permanent redirect to another server & port

I’m using CentOS 7.2 & the corresponding layout as seen here.

So, I have a few VMs that host sites and I elected *not* to move on with AWS due to my very strained budget and it’s using Ubuntu and docker.
That being said, I kept an Ubuntu VM and it can’t share port 80 due to just a single Internet connection inbound and I was forced to make changes.

Here’s what I did to get around it (mind you, none of this is actual):

Take your /etc/httpd/sites-enabled file and make some additions:

# cat blog-toloughlin.conf

ServerName blog.toloughlin.com
ServerAlias blog.toloughlin.com
RedirectPermanent / http://www.blog.toloughlin.com:81
# optionally add an AccessLog directive for
# logging the requests and do some statistics
Next time you visit that domain, it’ll push the traffic back to port 81 (translated by your router).

Caveat: you’ll see :81 in your URL bar and some of your site may not work correctly (things coded to use the domain & no port numbers).

It’s hackey, but it works … fairly well.

HOWTO: firewalld – allowing individual host access

So, you’re rolling out a new webserver and want only certain people to take a look at the content? Here’s how you do it.
CentOS 7.2 is the OS being used.

What zone are you in?
[root@blog-test ~]# firewall-cmd --get-default-zone
public

OK, let’s make a new zone:

firewall-cmd --permanent --new-zone=blog
systemctl reload firewalld

Now, let’s add your IP & a friends IP to start testing … given you’re using apache & it’s still on port 80:

firewall-cmd --permanent --zone=blog --add-source=YOUR_IP/32
firewall-cmd --permanent --zone=blog --add-source=FRIENDS_IP/32
firewall-cmd --permanent --zone=blog --add-port=80/tcp

NOTE:  If you are using that port in another zone, remove it from that other zone first, because it can’t be in 2 zones at once.

That’s all there is. Move along now.