Red Hat Enterprise Linux 7Ÿは control-network を使って NetworkManager に指示を出す。コマンドラインはコマンドを発行できることからコマンドラインインターフェース

Red Hat Enterprise Linux 7


Last Updated: 2018-02-23



Mirek JahodaRed Hat Customer Content [email protected]

Ioanna GkiokaRed Hat Customer Content [email protected]

Jana HevesRed Hat Customer Content Services

Stephen WadeleyRed Hat Customer Content Services

Christian HuffmanRed Hat Customer Content Services

Copyright 20102017 Red Hat, Inc.

This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0Unported License. If you distribute this document, or a modified version of it, you must provideattribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hattrademarks must be removed.

Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert,Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinitylogo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and othercountries.

Linux is the registered trademark of Linus Torvalds in the United States and other countries.

Java is a registered trademark of Oracle and/or its affiliates.

XFS is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United Statesand/or other countries.

MySQL is a registered trademark of MySQL AB in the United States, the European Union andother countries.

Node.js is an official trademark of Joyent. Red Hat Software Collections is not formally related toor endorsed by the official Joyent Node.js open source or commercial project.

The OpenStack Word Mark and OpenStack logo are either registered trademarks/service marksor trademarks/service marks of the OpenStack Foundation, in the United States and other countriesand are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed orsponsored by the OpenStack Foundation, or the OpenStack community.

All other trademarks are the property of their respective owners.

Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 7 Linux Red Hat Enterprise Linux 6

http://creativecommons.org/licenses/by-sa/3.0/

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

I. IP

1 RED HAT ENTERPRISE LINUX 1.1. 1.2. IP IP 1.3. NETWORKMANAGER 1.4. NETWORKMANAGER 1.5. (NMTUI) 1.6. NETWORKMANAGER CLI (NMCLI) 1.7. (CLI) 1.8. NETWORKMANAGER 1.9. SYSCONFIG 1.10. 1.11. NETCONSOLE 1.12.

2 IP 2.1. 2.2. 2.3. GNOME NETWORKMANAGER 2.4. VPN 2.5. 2.6. DSL 2.7. 2.8.

3 3.1. 3.2. NMTUI 3.3. HOSTNAMECTL 3.4. NMCLI 3.5.

4 4.1. 4.2. NMTUI 4.3. NETWORKMANAGER NMCLI 4.4. (CLI) 4.5. 4.6. GUI 4.7.

5 5.1. 5.2. 5.3. 5.4. 5.5. 5.6. 5.7. 5.8. 5.9. NMTUI 5.10.

5

66667899

1011131315

161633405157596073

747474757677

78787883858895

100

102102102103105105105107107107112

1

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5.11. TEAMDCTL TEAMD 5.12. TEAMD 5.13. GUI 5.14.

6 6.1. NMTUI 6.2. NETWORKMANAGER NMCLI 6.3. (CLI) 6.4. GUI 6.5.

7 802.1Q VLAN 7.1. VLAN 7.2. NMTUI 802.1Q VLAN 7.3. NMCLI 802.1Q VLAN 7.4. 802.1Q VLAN 7.5. GUI 802.1Q VLAN 7.6. IP VLAN 7.7.

8 8.1. 8.2. 8.3. 8.4. SYSTEM Z LINUX 8.5. VLAN 8.6. BIOSDEVNAME 8.7. 8.8. 8.9. 8.10. 8.11.

II. INFINIBAND RDMA

9 INFINIBAND RDMA 9.1. INFINIBAND RDMA 9.2. INFINIBAND RDMA 9.3. BASE RDMA 9.4. 9.5. INFINIBAND RDMA 9.6. IPOIB 9.7. NMTUI INFINIBAND 9.8. NMCLI IPOIB 9.9. IPOIB 9.10. IPOIB RDMA 9.11. GUI IPOIB 9.12.

III.

10 DHCP 10.1. DHCP 10.2. DHCP

120121129132

134134138140144149

150151151153156157159160

161161162162163163164165165166167168

170

171171172173175177180182184186187188189

191

192192192

2

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10.3. DHCP 10.4. DHCP 10.5. IPV6 DHCP (DHCPV6)10.6. IPV6 RADVD 10.7.

11 DNS 11.1. DNS 11.2. BIND

12 SQUID12.1. SQUID 12.2. SQUID 12.3. SQUID 12.4. SQUID 12.5. SQUID 12.6.

A RED HAT CUSTOMER PORTAL LABSNETWORK BONDING HELPERPACKET CAPTURE SYNTAX GENERATOR

B

199200203204205

206206207

235235235236241245247

248248248248

249

250

3

I. IP

Red Hat Enterprise Linux

I. IP

5

1 RED HAT ENTERPRISE LINUX

1.1.

Red Hat Engineering Content Services Red Hat Enterprise Linux 6

nmtui

NetworkManager nmcli

(GUI) : nm-connection-editor control-network NetworkManager

(CLI) ip ifcfg

1.2. IP IP

2 IP IP DSL VPN

IP 1 InfiniBand () InfiniBand IP IP InfiniBand 9InfiniBand RDMA InfiniBand RDMA

ethX Red Hat Enterprise Linux 7

1.3. NETWORKMANAGER

Red Hat Enterprise Linux 7 NetworkManager

6

ifcfg NetworkManager

1.1

NetworkManager

nmtui NetworkManager curses (TUI)

nmcli NetworkManager

control-center GNOME Shell

nm-connection-editor control-center GTK+ 3

NetworkManager IP DNS VPN NetworkManager D-Bus API

NetworkManager managed NetworkManager unmanaged

1.4. NETWORKMANAGER

NetworkManager Red Hat Enterprise Linux root

~]# yum install NetworkManager


1.4.1. NetworkManager

NetworkManager root NetworkManager

~]$ systemctl status NetworkManagerNetworkManager.service - Network Manager Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled) Active: active (running) since Fri, 08 Mar 2013 12:50:04 +0100; 3 days ago


7

https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/

NetworkManager systemctl status NetworkManager Active: inactive (dead) root

~]# systemctl start NetworkManager

NetworkManager systemctl enable

~]# systemctl enable NetworkManager


1.4.2. NetworkManager

NetworkManager Red Hat Enterprise Linux 7

1. NetworkManager curses (TUI) nmtui

2. nmcli NetworkManager GUI nmcli NetworkManager GUI

3. GNOME Shell NetworkManager

4. GNOME Shell control-center Super Network

5. nm-connection-editor control-center nm-connection-editor

~]$ nm-connection-editor

1.5. (NMTUI)

NetworkManager (TUI) nmtui NetworkManager NetworkManager-tui NetworkManager NetworkManager-tui root

8


~]# yum install NetworkManager-tui

NetworkManager NetworkManager

nmtui

~]$ nmtui

Tab Shift+Tab Enter Space

nmtui edit connection-name

nmtui connect connection-name

nmtui VPN WPA Enterprise 802.1X

1.6. NETWORKMANAGER CLI (NMCLI)

NetworkManager nmcli NetworkManager NetworkManager NetworkManager NetworkManager

nmcli nmcli NetworkManager (nmcli) man nmcli-examples(7) nmcli c add nmcli c modify man nm-settings(5)

1.7. (CLI)

ip iproute2 man ip(8) Red Hat Enterprise Linux 7 iproute ip

~]$ ip -Vip utility, iproute2-ss130716


9

ip NetworkManager NetworkManager nmcli nmtuicontrol-centerD-Bus API

ip ifconfig ifconfig net-tools InfiniBand ip help OBJECTS ip link help ip addr help

ip (ifcfg )

nmtui nmcli control-center nm-connection-editor NetworkManager

1.8. NETWORKMANAGER

Red Hat Enterprise Linux /etc/init.d/network/

NetworkManager Red Hat NetworkManager Red Hat

systemctl

systemctl start|stop|restart|status network

Red Hat Enterprise Linux 7 NetworkManager /etc/init.d/network NetworkManager NetworkManager NetworkManager sysconfig /etc/init.d/network

/etc/init.d/network

1. (systemctl start|stop|restart network )

2. (systemctl enable network )

ifup ifdown

10

/sbin/ifup-localifdown-pre-local ifdown-local /etc/init.d/network ifup-local /sbin/

ifup-local initscripts NetworkManager NetworkManager dispatcher.d dispatcher dispatcher

initscripts rpm Red Hat

NetworkManager NetworkManager ifup ifdown NetworkManager NetworkManager ifcfg DEVICE=NetworkManager ifup NetworkManager

NetworkManager

NetworkManager NetworkManager NetworkManager

ifdown NetworkManager ifdown NetworkManager

NetworkManager NetworkManager NetworkManager

dispatcher NetworkManager //etc/NetworkManager/dispatcher.d NetworkManager root NetworkManager dispatcher Red Hat ethtool NetworkManager dispatcher

1.9. SYSCONFIG

/etc/sysconfig/ VPNPPPoE /etc/NetworkManager/ /etc/sysconfig/network-scripts/ ifcfg


11

https://access.redhat.com/ja/solutions/3159111

/etc/sysconfig/network VPN PPPoE /etc/NetworkManager/system-connections/

Red Hat Enterprise Linux 7 ifcfg NetworkManager NetworkManager NetworkManager NetworkManagerroot

~]# nmcli connection reload

ifcfg-ifname

~]# nmcli con load /etc/sysconfig/network-scripts/ifcfg-ifname

root Red Hat Enterprise Linux 7 su(1) sudo(8) man

nmcli

nmcli dev disconnect interface-name

nmcli con up interface-name

ifup NetworkManager NetworkManager NetworkManager NetworkManager

ifup ifup-ethX ifup-wirelessifup-ppp ifup eth0

1. ifup /etc/sysconfig/network-scripts/ifcfg-eth0

2. ifcfg ifup TYPE

3. ifup TYPE ifup-wirelessifup-eth ifup-XXX

4.

5. DHCP IP

/etc/init.d/network ifcfg ONBOOT=yes

12


NetworkManager ifcfg DEVICE NetworkManager ONBOOT=yes NetworkManager initscripts ifcfg ifup

ifcfg ONBOOT=yes NetworkManager initscripts (ISDN ) NetworkManager NetworkManager NetworkManager initscripts

ifcfg .old.orig.rpmnew.rpmorig .rpmsave ifcfg-* /etc

1.10.

Red Hat Enterprise Linux crda Central Regulatory Domain Agent udev udev udev crda Linux (IEEE-802.11) regulatory.bin

setregdomain udev /etc/sysconfig/regdomain COUNTRY

man

setregdomain(1) man :

crda(8) man : ISO IEC 3166 alpha2

regulatory.bin(5) man : Linux

iw(8) man :

1.11. NETCONSOLE

netconsole

rsyslog rsyslogd 514/udp 514/udp rsyslogd /etc/rsyslog.conf MODULES


13

$ModLoad imudp$UDPServerRun 514

rsyslogd

]# systemctl restart rsyslog

rsyslogd 514/udp

]# netstat -l | grep syslogudp 0 0 0.0.0.0:syslog 0.0.0.0:*udp6 0 0 [::]:syslog [::]:*

netstat -l 0.0.0.0:syslog [::]:syslog rsyslogd /etc/services netconsole

]$ cat /etc/services | grep syslogsyslog 514/udpsyslog-conn 601/tcp # Reliable Syslog Servicesyslog-conn 601/udp # Reliable Syslog Servicesyslog-tls 6514/tcp # Syslog over TLSsyslog-tls 6514/udp # Syslog over TLSsyslog-tls 6514/dccp # Syslog over TLS

Red Hat Enterprise Linux 7 netconsole initscripts /etc/sysconfig/netconsole netconsole

/etc/sysconfig/netconsole SYSLOGADDR syslogd IP

SYSLOGADDR=192.168.0.1

netconsole netconsole.service

]# systemctl restart netconsole.service]# systemctl enable netconsole.service

rsyslogd netconsole /var/log/messages rsyslog.conf

14

rsyslogd netconsole.service /etc/rsyslog.conf

$UDPServerRun

/etc/sysconfig/netconsole

SYSLOGPORT=514

netconsole Netconsole

1.12.

man(1) man : man

NetworkManager(8) man :

NetworkManager.conf(5) man : NetworkManager

/usr/share/doc/initscripts-version/sysconfig.txt: ifcfg

/usr/share/doc/initscripts-version/examples/networking/:


15

https://www.kernel.org/doc/Documentation/networking/netconsole.txt

2 IP

2.1.

LAN 2 Red Hat Enterprise Linux 7 OpenLMI Red Hat Enterprise Linux 7 kickstart

2.1.1.

IP DHCP DHCPDNS

IP DHCP IP

IP nmcli

2.1.2.

IP dynamic host control protocol (DHCP) DHCP

BOOTPROTO dhcp NetworkManager DHCP dhclient DHCP (IPv4 IPv6) dhclient NetworkManager dhclient

2.1.3.

NetworkManager nmtui (nmtui)

NetworkManager nmcli NetworkManager (nmcli)

16

https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/index.htmlhttps://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/index.html

GNOME NetworkManager

2.1.4. (nmtui)

nmtui

~]$ nmtui

2.1 NetworkManager


1.

2 IP

17

2.2

2.

18

2.3

3.

2 IP

19

2.4

nmtui (nmtui)

2.1.5. NetworkManager (nmcli)

nmcli (NetworkManager ) NetworkManager nm-applet nmcli

nmcli NetworkManager

GUI nmcli NetworkManager

nmcli

20

nmcli

nmcli OPTIONS OBJECT { COMMAND | help }

OBJECT generalnetworkingradioconnectiondeviceagent monitor: nmcli con help

OPTIONS

-t (terse)

()

-p (pretty)

nmcli

-h (help)

nmcli

nmcli help

nmcli object help

nmcli c help

nmcli ()nmcli-examples(5) man

NetworkManager :

nmcli general status

NetworkManager :

nmcli general logging

:

nmcli connection show

2 IP

21

--active ( -a)

nmcli connection show --active

NetworkManager :

nmcli device status

nmcli nmcli

nmcli con up id bond0nmcli con up id port0nmcli dev disconnect bond0nmcli dev disconnect ens3

nmcli connection down nmcli device disconnect

nmcli nmcli

~]$ nmcli con edit

nmcli type nmcli con edit nmcli

nmcli con edit [id | uuid | path] ID

nmcli con edit [type new-connection-type] [con-name new-connection-name]

nmcli help describe

describe setting.property

nmcli> describe team.config

22

NetworkManager

nmcli c add {ARGUMENTS}

nmcli c add 2

NetworkManager

connection.type

nmcli c add connection.type bond

connection.interface-name

nmcli c add connection.interface-name eth0

connection.id

nmcli c add connection.id "My Connection"

nm-settings(5) man

type (connection.type )

nmcli c add type bond

ifname (connection.interface-name )

nmcli c add ifname eth0

con-name (connection.id )

nmcli c add con-name "My Connection"

nmcli ifname eth0 con-name My Connection

nmcli c add type ethernet ifname eth0 con-name "My Connection"

2 IP

23

nmcli c add type ethernet ifname eth0 con-name "My Connection" ethernet.mtu 1600

nmcli c add connection.type ethernet ifname eth0 con-name "My Connection" ethernet.mtu 1600

nmcli c add connection.type ethernet connection.interface-name eth0 connection.id "My Connection" ethernet.mtu 1600

type ifname bondteambridge vlan

type (type_name)

:

nmcli c add type bond

ifname (interface_name)

:

nmcli c add ifname interface_name type ethernet

1

nmcli c modify

connection.id My Connection My favorite connectionconnection.interface-name eth1

nmcli c modify "My Connection" connection.id "My favorite connection" connection.interface-name eth1

MTU 1600

nmcli c modify "My favorite connection" ethernet.mtu 1600

nmcli

nmcli con up con-name

24

nmcli con up My-favorite-connection Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/16)

2.1.6. nmcli

nmcli nmcli(1) man

connection.type

adslbondbond-slavebridgebridge-slavebluetoothcdmaethernetgsminfinibandolpc-meshteamteam-slavevlanwifiwimax nmcli(1) man TYPE_SPECIFIC_OPTIONS

gsm apn

nmcli c add connection.type gsm apn access_point_name

wifi ssid

nmcli c add connection.type wifi ssid My identifier

connection.interface-name

nmcli con add connection.interface-name eth0 type ethernet

connection.id

connection.type -connection.interface-name

connection.id (wlan0ens3em1 ) 1 id

showupdown nmcli

id

nmcli connection Id NAME IDcon-name

uuid

2 IP

25

nmcli connection uuid

2.1.7. nmcli

~]$ nmcli con showNAME UUID TYPE DEVICEAuto Ethernet 9b7f2511-5432-40ae-b091-af2457dfd988 802-3-ethernet --ens3 fb157a65-ad32-47ed-858c-102a48e064a2 802-3-ethernet ens3MyWiFi 91451385-4eb8-4080-8b82-720aab8328dd 802-11-wireless wlan0

NAME ID () 2 NAME ens3 ens3 ID ID MyWiFi wlan0

~]$ nmcli device statusDEVICE TYPE STATE CONNECTIONens3 ethernet disconnected --ens9 ethernet disconnected --lo loopback unmanaged --

NetworkManager (unmanaged)

$ nmcli device set ifname managed no

eth2 unmanaged

$ nmcli device statusDEVICE TYPE STATE CONNECTIONbond0 bond connected bond0virbr0 bridge connected virbr0eth1 ethernet connected bond-slave-eth1eth2 ethernet connected bond-slave-eth2eth0 ethernet unmanaged --

$ nmcli device set eth2 managed no

$ nmcli device statusDEVICE TYPE STATE CONNECTIONbond0 bond connected bond0virbr0 bridge connected virbr0

26

eth1 ethernet connected bond-slave-eth1eth2 ethernet unmanaged --eth0 ethernet unmanaged --

unmanaged NetworkManager

IP DHCP

nmcli connection add type ethernet con-name connection-name ifname interface-name

my-office

~]$ nmcli con add type ethernet con-name my-office ifname ens3Connection 'my-office' (fb157a65-ad32-47ed-858c-102a48e064a2) successfully added.

NetworkManager connection.autoconnect yes NetworkManager /etc/sysconfig/network-scripts/ifcfg-my-office ONBOOT yes

ifcfg NetworkManager sysconfig

~]$ nmcli con up my-officeConnection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)

~]$ nmcli device statusDEVICE TYPE STATE CONNECTIONens3 ethernet connected my-officeens9 ethernet disconnected --lo loopback unmanaged --

DHCP dhcp-hostname

~]$ nmcli con modify my-office my-office ipv4.dhcp-hostname host-name ipv6.dhcp-hostname host-name

DHCP IPv4 ID dhcp-client-id

2 IP

27

~]$ nmcli con modify my-office my-office ipv4.dhcp-client-id client-ID-string

IPv6 dhcp-client-id dhclient IPv6 dhclient(8) man

DHCP DNS ignore-auto-dns

~]$ nmcli con modify my-office my-office ipv4.ignore-auto-dns yes ipv6.ignore-auto-dns yes

nm-settings(5) man

2.1

~]$ nmcli con edit type ethernet con-name ens3

===| nmcli interactive connection editor |===

Adding a new '802-3-ethernet' connection

Type 'help' or '?' for available commands.Type 'describe [.]' for detailed property description.

You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6, dcbnmcli> describe ipv4.method

=== [method] ===[NM property description]IPv4 configuration method. If 'auto' is specified then the appropriate automatic method (DHCP, PPP, etc) is used for the interface and most other properties can be left unset. If 'link-local' is specified, then a link-local address in the 169.254/16 range will be assigned to the interface. If 'manual' is specified, static IP addressing is used and at least one IP address must be given in the 'addresses' property. If 'shared' is specified (indicating that this connection will provide network access to other computers) then the interface is assigned an address in the 10.42.x.1/24 range and a DHCP and forwarding DNS server are started, and the interface is NAT-ed to the current default network connection. 'disabled' means IPv4 will not be used on this connection. This property must be set.

nmcli> set ipv4.method autonmcli> saveSaving the connection with 'autoconnect=yes'. That might result in an immediate activation of the connection.Do you still want to save? [yes] yesConnection 'ens3' (090b61f7-540f-4dd6-bf1f-a905831fc287) successfully

28

saved.nmcli> quit~]$

save temporary

IPv4

nmcli connection add type ethernet con-name connection-name ifname interface-name ip4 address gw4 address

ip6 gw6 IPv6

IPv4

~]$ nmcli con add type ethernet con-name test-lab ifname ens9 ip4 10.10.10.10/24 \gw4 10.10.10.254

IPv6

~]$ nmcli con add type ethernet con-name test-lab ifname ens9 ip4 10.10.10.10/24 \gw4 10.10.10.254 ip6 abbe::cafe gw6 2001:db8::1Connection 'test-lab' (05abfd5e-324e-4461-844e-8501ba704773) successfully added.

NetworkManager ipv4.method manual connection.autoconnect yes NetworkManager /etc/sysconfig/network-scripts/ifcfg-my-office BOOTPROTO none ONBOOT yes


2 IPv4 DNS

~]$ nmcli con mod test-lab ipv4.dns "8.8.8.8 8.8.4.4"

DNS 2 IPv6 DNS

~]$ nmcli con mod test-lab ipv6.dns "2001:4860:4860::8888 2001:4860:4860::8844"

2 IP

29

DNS + DNS

~]$ nmcli con mod test-lab +ipv4.dns "8.8.8.8 8.8.4.4"

~]$ nmcli con mod test-lab +ipv6.dns "2001:4860:4860::8888 2001:4860:4860::8844"

~]$ nmcli con up test-lab ifname ens9Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)

~]$ nmcli device statusDEVICE TYPE STATE CONNECTIONens3 ethernet connected my-officeens9 ethernet connected test-lablo loopback unmanaged --

~]$ nmcli -p con show test-lab=============================================================================== Connection profile details (test-lab)===============================================================================connection.id: test-labconnection.uuid: 05abfd5e-324e-4461-844e-8501ba704773connection.interface-name: ens9connection.type: 802-3-ethernetconnection.autoconnect: yesconnection.timestamp: 1410428968connection.read-only: noconnection.permissions:connection.zone: --connection.master: --connection.slave-type: --connection.secondaries:connection.gateway-ping-timeout: 0[]

-p, --pretty

2.2


30



Type 'help' or '?' for available commands.Type 'describe [>settingprop

~]$ nmcli dev wifi list SSID MODE CHAN RATE SIGNAL BARS SECURITY FedoraTest Infra 11 54 MB/s 98 WPA1 Red Hat Guest Infra 6 54 MB/s 97 WPA2 Red Hat Infra 6 54 MB/s 77 _ WPA2 802.1X* Red Hat Infra 40 54 MB/s 66 _ WPA2 802.1X VoIP Infra 1 54 MB/s 32 __ WEP MyCafe Infra 11 54 MB/s 39 __ WPA2

IP Wi-Fi DNS

~]$ nmcli con add con-name MyCafe ifname wlan0 type wifi ssid MyCafe \ip4 192.168.100.101/24 gw4 192.168.100.1

WPA2 caffeine

~]$ nmcli con modify MyCafe wifi-sec.key-mgmt wpa-psk~]$ nmcli con modify MyCafe wifi-sec.psk caffeine


Wi-Fi

~]$ nmcli radio wifi [on | off ]

mtu

~]$ nmcli connection show id 'MyCafe' | grep mtu802-11-wireless.mtu: auto

~]$ nmcli connection modify id 'MyCafe' 802-11-wireless.mtu 1350

~]$ nmcli connection show id 'MyCafe' | grep mtu802-11-wireless.mtu: 1350

NetworkManager 802-3-ethernet 802-11-wireless mtu nm-settings(5) man

2.1.8. nmcli

nmcli

2.3 nmcli

32

https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/Security_Guide/

~]# nmcli connection modify eth0 +ipv4.routes "192.168.122.0/24 10.10.10.1"

192.168.122.0/24 10.10.10.1

2.4 nmcli




Type 'help' or '?' for available commands.Type 'describe [>settingprop

ipcalc

Red Hat Enterprise Linux 7 8HWADDR MAC

ifcfg em1 /etc/sysconfig/network-scripts/ ifcfg-em1

DHCP ifcfg

DHCP_HOSTNAME=hostname

DHCP (FQDN) ifcfg

DHCP_FQDN=fully.qualified.domain.name

ifcfg DHCP_HOSTNAME DHCP_FQDN 1 DHCP_HOSTNAME DHCP_FQDN

DNS ifcfg

ip-address DNS DNS /etc/resolv.conf DNS 1

DEVICE=eth0BOOTPROTO=noneONBOOT=yesPREFIX=24IPADDR=10.0.1.27

DEVICE=em1BOOTPROTO=dhcpONBOOT=yes

PEERDNS=no DNS1=ip-address DNS2=ip-address

34

BOOTPROTO dhcp NetworkManager DHCP dhclient DHCP (IPv4 IPv6) dhclient NetworkManager dhclient

nmcli c reload

2.2.2.

iSCSI

1. dracut dracut Red Hat EnterpriseLinux 7

2. ip

ip:[]:::::{dhcp|dhcp6|auto6|on|any|none|off}

dhcp: DHCP

dhpc6: DHCP IPv6

auto6: IPv6

onany: ()

noneoff: ()

ip=192.168.180.120:192.168.180.100:192.168.180.1:255.255.255.0::eth0:off

3.

nameserver=srv1 [nameserver=srv2 [nameserver=srv3 []]]

dracut ifcfg /etc/sysconfig/network-scripts/

2.2.3. ip

ip IP

2 IP

35


ip addr [ add | del ] address dev ifname

ip IP root

~]# ip address add 10.0.0.3/24 dev eth0The address assignment of a specific device can be viewed as follows:~]# ip addr show dev eth02: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether f0:de:f1:7b:6e:5f brd ff:ff:ff:ff:ff:ff inet 10.0.0.3/24 brd 10.0.0.255 scope global global eth0 valid_lft 58682sec preferred_lft 58682sec inet6 fe80::f2de:f1ff:fe7b:6e5f/64 scope link valid_lft forever preferred_lft forever

ip-address(8) man

ip ip ip

~]# ip address add 192.168.2.223/24 dev eth1~]# ip address add 192.168.4.223/24 dev eth1~]# ip addr3: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:fb:77:9e brd ff:ff:ff:ff:ff:ff inet 192.168.2.223/24 scope global eth1 inet 192.168.4.223/24 scope global eth1

ip ip(8) man

ip

2.2.4.

()Red Hat Enterprise Linux VPN

36

Red Hat System Administration I (RH124)

ip route add ip route del ip route

ip route [ add | del | change | append | replace ] destination-address

ip-route(8) man

ip route IP

~]$ ip routedefault via 192.168.122.1 dev ens9 proto static metric 1024192.168.122.0/24 dev ens9 proto kernel scope link src 192.168.122.107192.168.122.0/24 dev eth0 proto kernel scope link src 192.168.122.126

IP root

ip route add 192.0.2.1 via 10.0.0.1 [dev ifname]

192.0.2.1 10 IP 10.0.0.1 ifname

IP IP root

ip route add 192.0.2.0/24 via 10.0.0.1 [dev ifname]

192.0.2.0 10 IP /24 classless inter-domain routing (CIDR)

/etc/sysconfig/network-scripts/route-interface eth0 /etc/sysconfig/network-scripts/route-eth0 route-interface ip /2

ip route ip-route(8) man

/etc/sysconfig/network up ifcfg ifcfg GATEWAY

2 IP

37

http://www.redhat.com/en/services/training/rh124-red-hat-system-administration-i?cr=cp|tr|pdtxt|00004

GATEWAY Red Hat Enterprise Linux /etc/sysconfig/network

NetworkManager DHCP NetworkManager ifcfg DEFROUTE=no

2.2.5. ifcfg

ip /etc/sysconfig/network-scripts/ route-ifname IP ip / Network/Netmask 2

2.2.5.1. IP

/etc/sysconfig/network-scripts/route-eth0 1 DHCP /etc/sysconfig/network

default via 192.168.1.1 dev interface

192.168.1.1 IP interface dev /etc/sysconfig/network

10.10.10.0/24 via 192.168.1.1 [dev interface]

10.10.10.0/24 192.168.1.1 IP dev interface

ip route-interface 192.168.0.1 eth0 WAN 192.168.0.10 2 10.10.10.0/24 172.16.1.10/32

38

default via 192.168.0.1 dev eth010.10.10.0/24 via 192.168.0.10 dev eth0172.16.1.10/32 via 192.168.0.10 dev eth0

192.168.0.0/24 10.10.10.0/24 172.16.1.10/32 192.168.0.10

VPN tun0

ip route

10.10.10.0/24 via 192.168.0.10 src 192.168.0.2

10.10.10.0/24 via 192.168.0.10 table 110.10.10.0/24 via 192.168.0.10 table 2

DHCP "RTNETLINK answers: File exists"

2.2.5.2. /

/ route-interface /

ADDRESS0=10.10.10.0

NETMASK0=255.255.255.0 ADDRESS0=10.10.10.0

GATEWAY0=192.168.1.1 ADDRESS0=10.10.10.0 IP

/ route-interface 192.168.0.1 WAN

ADDRESS0=10.10.10.0NETMASK0=255.255.255.0GATEWAY0=192.168.1.1

2 IP

39

192.168.0.10 2 10.10.10.0/24 172.16.1.0/24

ADDRESS0ADDRESS1ADDRESS2

(VPN)IP Red HatEnterprise Linux 7 Security GuideEnabling Packet Forwarding

2.2.6. VPN

Red Hat Enterprise Linux 7 VPN Libreswan IPsec IPsec VPN Red Hat Enterprise Linux 7

2.3. GNOME NETWORKMANAGER

Red Hat Enterprise Linux 7 NetworkManager (GUI) GNOME GNOME control-center GUI nm-connection-editor GUI GNOMEcontrol-center

2.3.1. GUI

control-center 2

Super Network

GNOME

ADDRESS0=10.10.10.0NETMASK0=255.255.255.0GATEWAY0=192.168.0.10ADDRESS1=172.16.1.10NETMASK1=255.255.255.0GATEWAY1=192.168.0.10

40

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/security_guide/#bh-Enabling_Packet_Forwardinghttps://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/Security_Guide/

2.5 GNOME

GNOME

( Wi-Fi )

NetworkManager Available Networks ()

VPN ()

2.3.2.

IP

2 IP

41

2.6

VLAN VPN

IP DNS

2.7

42

2.3.2.1.

VPN VPN VPN

Bond Bond

Bridge

VLAN VLAN VLAN

Team Team GUI

2.3.3.

NetworkManager

2.1 NetworkManager

1. Super Network

2.

3. 1

4. Identity Network identity

5. NetworkManager NetworkManager NetworkManager

2.3.4. nm-connection-editor

nm-connection-editor (Wi-FiDSL) 5

1. nm-connection-editor


2 IP

43

2.

2.8

3.

2.9 nm-connection-editor

: Network

44

: NetworkManager

: root

VPN : NetworkManager VPN VPN

: Red Hat Enterprise Linux 7

VPN 3

2.3.5.

NetworkManager NetworkManager () NetworkManager connection permissions nm-settings(5)man ifcfg USERS USERS ifcfg

USERS="joe bob alice"

nm-connection-editor GNOME control-center Identity

NetworkManager user user-em2

2

2 IP

45


polkit

2 polkit polkit(8) man

VPN Wi-Fi

2.2 control-center

root

1. Super Network

2.

3. 1

4. Identity Network identity

5. NetworkManager

2.3.6. control-center ()

Super Network


46

Identity

2.10

: Network

MAC : MAC

: MAC

MTU: (MTU) MTU 1500


: NetworkManager

: root

2 IP

47


() NetworkManager GUI

(PNAC) 802.1X 802.1X

IPv4 IPv4 IPv4

IPv6 IPv6 IPv6

2.3.7. control-center Wi-Fi

NetworkManager Wi-Fi ( 802.1a/b/g/n )

(3G )

Wi-Fi (SSID)

NetworkManager NetworkManager Wi-Fi WPA-PSK ( WPA) WPA Enterprise (802.1X) 40-bit WEP 128-bit WPA Wi-Fi

NetworkManager

Wi-Fi

48

Wi-Fi (SSID) SSID NetworkManager SSID SSID

Super Network Wi-Fi SSID Wi-Fi

Wi-Fi

Wi-Fi Wi-Fi

SSID Wi-Fi ( SSID ) SSID Wi-Fi SSID

1. Super Network

2. Wi-Fi

3. Wi-Fi

4.

Wi-Fi Wi-Fi Wi-Fi Wi-Fi Identity

2 IP

49

2.11 Wi-Fi

SSID

(AP) (SSID)

BSSID

BSSID () (BSSID) MAC BSSID SSID BSSID

mac80211 BSSID NetworkManager

MAC

MAC Wi-Fi

1 MAC ()

50

MAC

: NetworkManager

: root

() GUI

Wi-Fi

IPv4 IPv4 IPv4

IPv6 IPv6 IPv6

2.4. VPN

Red Hat Enterprise Linux 7 VPN Libreswan IPsec GNOME NetworkManager-libreswan-gnome root

~]# yum install NetworkManager-libreswan-gnome

Red Hat Enterprise Linux 7 Red HatEnterprise Linux 7

(VPN) LAN () LAN VPN VPN VPN

1.

2.

2 IP

51


3. (ESP) ESP

VPN () VPN

VPN

2.3 control-center VPN

VPN

1. Super Network

2.

2.12

3. IPsec VPN

52

2.13 IPsec VPN

4. Identity

2 IP

53

2.14

VPN IP

VPN

VPN

VPN IKEv1

54

1

2

IPsec

2.4 VPN

VPN

1. Super Network

2. VPN

3.

2.15 VPN

4. Identity

2 IP

55

2.16 VPN

() VPN NetworkManager GUI

IPv4 IPv4 IPv4

IPv6 IPv6 IPv6

56

2.5.

NetworkManager 2G 3G

2G: GPRS (General Packet Radio Service)EDGE (Enhanced Data Rates for GSMEvolution) CDMA (Code Division Multiple Access)

3G: UMTS (Universal Mobile Telecommunications System)HSPA (High Speed PacketAccess) EVDO (EVolution Data-Only)

() () PC USB




2.

3.

4.

5. 2G 3G

6.

7.

8. Access Point Name (APN)

9.

10.

2.6



2 IP

57


3.

()

PPP PPP ()

IPv4 IPv4 IPv4

IPv6 IPv6 IPv6

( 2.5nm-connection-editor ) ID (3G 2G ) NetworkManager

GSM PPP APN

APN

GSM Access Point Name (APN) APN

ID

58

ID NetworkManager

Any: Any

3G (UMTS/HSPA): 3G

2G (GPRS/EDGE): 2G

Prefer 3G (UMTS/HSPA): HSPA UMTS 3G GPRS EDGE

Prefer 2G (GPRS/EDGE): GPRS EDGE 2G HSPA UMTS


PIN

SIM (Subscriber Identity Module ()) PIN (Personal IdentificationNumber ()) PIN NetworkManager PIN NetworkManager SIM

CDMA EVDO APNNetwork ID Type

2.6. DSL

SOHO DSL DSL

2.7 nm-connection-editor DSL



2.

3.

4. DSL

5. DSL 1

2 IP

59

2.8 DSL




DSL

() DSL

MAC MTU

PPP PPP ()

IPv4 IPv4 IPv4

2.7.

802.3 NetworkManager

2.7.1. 802.3

802.3

802-3-ethernet.auto-negotiate

802-3-ethernet.speed

802-3-ethernet.duplex

802.3 3

60

speed duplex

NetworkManager

802-3-ethernet.auto-negotiate = no802-3-ethernet.speed = 0802-3-ethernet.duplex = NULL

auto-negotiate no speed duplex

NetworkManager

802-3-ethernet.auto-negotiate = yes802-3-ethernet.speed = 0802-3-ethernet.duplex = NULL

speed duplex speed duplex

speed duplex

802-3-ethernet.auto-negotiate = no 802-3-ethernet.speed = [speed in Mbit/s] 802-3-ethernet.duplex = [half |full]

speed duplex NetworkManager

802.3

nmcli

nm-connection-editor

2.9 nmcli 802.3

2 IP

61

1. eth0

2. 802.3 802.3

speed 100 Mbit/s duplex full

nmcli connection add con-name MyEthernet type ethernet ifname eth0 \ 802-3-ethernet.auto-negotiate no \ 802-3-ethernet.speed 100 \ 802-3-ethernet.duplex full

2.10 nm-connection-editor 802.3




3.

: ()

:

: Speed Duplex

62

2.17 nm-connection-editor 802.3

2.7.2. 802.1X

802.1X (PNAC) IEEE WPA Enterprise 802.1X 802.1X

802.1X (WLAN) (LAN) DHCP IP 802.1X

802.1X WLAN LAN EAP (ExtensibleAuthentication Protocol) 1 EAP

GUI 802.1X 802.1X (GUI ) Super

2 IP

63

Network 2.11 2.12

2.11

1.

2. 802.1X

3.

4. (TLS)

2.12

1. Wi-Fi

2. 802.1X

3.

4. LEAP WEP (802.1X)WPA & WPA2 Enterprise

5. extensible authentication protocol (EAP) (TLS)

nmcli 802.1X nmcli

1. key-mgmt () Wi-Fi nm-settings(5) man

2. 802-1x (TLS) (TLS) TLS

2.1 802-1x

802-1x

802-1x.identity

802-1x.ca-cert CA

802-1x.client-cert

64

802-1x.private-key

802-1x.private-key-password

802-1x

EAP-TLS WPA2 Enterprise

nmcli c add type wifi ifname wlan0 con-name 'My Wifi Network' \ 802-11-wireless.ssid 'My Wifi' \ 802-11-wireless-security.key-mgmt wpa-eap \ 802-1x.eap tls \ 802-1x.identity [email protected] \ 802-1x.ca-cert /etc/pki/my-wifi/ca.crt \ 802-1x.client-cert /etc/pki/my-wifi/client.crt \ 802-1x.private-key /etc/pki/my-wifi/client.key \ 802-1x.private-key-password s3cr3t

nmcli 802-11-wireless.ssid 802-11-wireless-security.key-mgmt

2.7.2.1. (TLS)

TLS () TLS ID TLS AESTKIPWEP

EAP-TLS TLS PKI () TLS (W)LAN

NetworkManager TLS NetworkManager wpa_supplicant OpenSSL TLS OpenSSL SSL/TLS

TLS TLS

2 IP

65

Flexible Authentication via Secure Tunneling FAST FAST

Tunneled Transport Layer Security (TTLS EAP-TTLS ) TLS TLS

Protected Extensible Authentication Protocol EAP (PEAP) EAP (PEAP)

2.7.2.2. TLS

X.509 Distinguished Encoding Rules(DER) Privacy Enhanced Mail (PEM)

CA

X.509 Distinguished Encoding Rules(DER) Privacy Enhanced Mail (PEM)

Distinguished Encoding Rules(DER)Privacy Enhanced Mail (PEM) Personal Information Exchange Syntax Standard(PKCS #12)

2.7.2.3. FAST

PAC

PAC

protected access credential (PAC)

GTC: Generic Token Card

MSCHAPv2: Microsoft 2

66

2.7.2.4. TLS

ID

CA

(CA)

PAP:

MSCHAP:


CHAP:

2.7.2.5. EAP (PEAP)

ID

CA

(CA)

PEAP

EAP Automatic01


MD5: 5

GTC: Generic Token Card

2 IP

67

2.7.3. Wi-Fi

: Wi-Fi

WEP 40/128-bit : IEEE 802.11 Wired Equivalent Privacy (WEP) (PSK)

WEP 128-bit : MD5 WEP

LEAP: Cisco Systems Lightweight Extensible Authentication Protocol

WEP (802.1X): WEP (TLS)

WPA & WPA2 Personal: IEEE 802.11i Wi-Fi Protected Access (WPA)WEP 802.11i-2004 Wi-Fi Protected Access II (WPA2) (WPA-PSK)

WPA & WPA2 Enterprise: RADUIS WPA IEEE 802.1X (TLS)

2.7.4. wpa_supplicant NetworkManager MACsec

Media Access Control Security (MACsec IEEE 802.1AE) LAN GCM-AES-128 MACsec IP (ARP) (ND) DHCP IPsec ( 3) SSL TLS ( 4) MACsec ( 2) MACsec

/CAK (CAK/CKN) MACsec

1. CAK/CKN 16 16

~]$ dd if=/dev/urandom count=16 bs=1 2> /dev/null | hexdump -e '1/2 "%02x"'

2. wpa_supplicant.conf

68

ctrl_interface=/var/run/wpa_supplicanteapol_version=3ap_scan=0fast_reauth=1

network={ key_mgmt=NONE eapol_flags=0 macsec_policy=1

mka_cak=0011... # 16 bytes hexadecimal mka_ckn=2233... # 32 bytes hexadecimal}

wpa_supplicant.conf mka_cak mka_ckn

wpa_supplicant.conf(5) man

3. eth0 wpa_supplicant

~]# wpa_supplicant -i eth0 -Dmacsec_linux -c wpa_supplicant.conf

Red Hat wpa_supplicant.conf nmcli wpa_supplicant 16 16 CAK ($MKA_CAK) 32 16 CKN ($MKA_CKN)

~]# nmcli connection add type macsec \ con-name test-macsec+ ifname macsec0 \ connection.autoconnect no \ macsec.parent eth0 macsec.mode psk \ macsec.mka-cak $MKA_CAK \ macsec.mka-cak-flags 0 \ macsec.mka-ckn $MKA_CKN

~]# nmcli connection up test-macsec+

macsec0

Whats new in MACsec: setting up MACsec using wpa_supplicant and (optionally)NetworkManagerMACsec MACsec: a different solution to encryptnetwork traffic

2.7.5. PPP ()

PPP PPP

2 IP

69

https://developers.redhat.com/blog/2017/06/28/whats-new-in-macsec-setting-up-macsec-using-wpa_supplicant-and-optionally-networkmanager/https://developers.redhat.com/blog/2016/10/14/macsec-a-different-solution-to-encrypt-network-traffic/

MPPE ()

Microsoft (RFC 3078)

BSD

PPP BSD (RFC 1977)

Deflate

PPP Deflate (RFC 1979)

TCP

TCP/IP (RFC 1144)

PPP echo

LCP Echo Echo (RFC 1661)

NetworkManager PPP PPP NetworkManager-ppp

2.7.6. IPv4

IPv4 IP DNS IPv4 VPNDSLIPv6 IPv6

DHCP DHCP IP (DHCP)

IPv4

IPv4

(DHCP): IP DHCP DHCP ID

(DHCP) : IP DHCP DNS

70

http://www.rfc-editor.org/info/rfc3078http://www.rfc-editor.org/info/rfc1977http://www.rfc-editor.org/info/rfc1979http://www.rfc-editor.org/info/rfc1144http://www.rfc-editor.org/info/rfc1661

: DHCP IP RFC 3927 169.254/16

: WAN 10.42.x.1/24 DHCP DNS (NAT)

: IPv4

DSL

: IP

(PPP): IP DNS

(PPP) : IP DNS DNS

VPN

(VPN): IP DNS

(VPN) : IP DNS DNS

DSL

(PPPoE): IP DNS

(PPPoE) : IP DNS DNS

2.7.7. IPv6

: IPv6

: SLAAC (RA)

: (RA) DNS

DHCP : RADHCPv6

2 IP

71

http://www.rfc-editor.org/info/rfc3927

: IP

: DHCP IP RFC 4862 FE80::0

DNS : DNS

:

2.7.8.

upVPN

DHCP () IP 192.168.10.1 192.168.10.254 192.168.10.0 192.168.10.255

IPv4 IPv6 GUI

: IP

: IP

: IP

:

RA DHCP

72

http://www.rfc-editor.org/info/rfc4862

VPN

2.8.

ip(8) man : ip

nmcli(1) man : NetworkManager

nmcli-examples(5) man : nmcli

nm-settings(5) man : NetworkManager

nm-settings-ifcfg-rh(5) man : ifcfg-rh


IPsec VPN DNSSEC DNS

RFC 1518: Classless Inter-Domain Routing (CIDR)

CIDR

RFC 1918: Address Allocation for Private Internets

IPv4

RFC 3330: Special-Use IPv4 Addresses

Internet Assigned Numbers Authority (IANA) IPv4

2 IP

73

https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/Security_Guide/http://www.rfc-editor.org/info/rfc1518http://www.rfc-editor.org/info/rfc1918http://www.rfc-editor.org/info/rfc3330

3

3.1.

hostname static ()prettytransient () 3

static hostname /etc/hostname transient hostname static localhost DHCP mDNS pretty hostname UTF8

64 Red Hat static transient host.example.com DNS (FQDN) static transient 7 ASCII DNS

hostnamectl static transient a-zA-Z0-9-_.2 64

3.1.1.

ICANN (The Internet Corporation for Assigned Names and Numbers) (.yourcompany ) Red Hat DNSSEC DNSSEC Name Collision Resources and Information

3.2. NMTUI

nmtui

~]$ nmtui

74

https://www.icann.org/namecollision

3.1 NetworkManager


nmtui (nmtui)

NetworkManager nmtui /etc/hostname

Red Hat Enterprise Linux 7 NetworkManager systemd-hostnamed /etc/hostname /etc/hostname NetworkManager hostnamectl /etc/sysconfig/network HOSTNAME

3.3. HOSTNAMECTL

hostnamectl 3

3.3.1.

~]$ hostnamectl status

status

3.3.2.

3

75

root

~]# hostnamectl set-hostname name

prettystatic transient static transient pretty -

3.3.3.

root

~]# hostnamectl set-hostname name [option...]

option --pretty--static --transient 1

--static --transient --pretty static transient pretty ---pretty

pretty

~]# hostnamectl set-hostname "Stephen's notebook" --pretty

3.3.4.

root

~]# hostnamectl set-hostname "" [option...]

"" option --pretty--static --transient 1

3.3.5.

hostnamectl -H, --host

~]# hostnamectl set-hostname -H [username]@hostname

hostname username hostnamectl SSH

3.4. NMCLI

NetworkManager nmcli /etc/hostname

76

~]$ nmcli general hostname

my-server root

~]# nmcli general hostname my-server

3.5.

hostnamectl(1) man : hostnamectl

hostname(1) man : hostname domainname

hostname(5) man :

hostname(7) man :

machine-info(5) man :

machine-id(5) man : ID

systemd-hostnamed.service(8) man : hostnamectl systemd-hostnamed

3

77

4 Red Hat Enterprise Linux 7 () 1

?

active-backupbalance-tlb balance-alb Cisco Modes 02 3 EtherChannel Mode 4 LACP EtherChannel https://www.kernel.org/doc/Documentation/networking/bonding.txt

4.1.

NetworkManager

1.

2.

3.

4. IP

5. DHCP

6. DHCP

7. DHCP

4.2. NMTUI

78

https://access.redhat.com/ja/solutions/1465133https://www.kernel.org/doc/Documentation/networking/bonding.txt

nmtui

~]$ nmtui


1.

4.1 NetworkManager

2.

4

79

4.2 NetworkManager

3.

80

4.3 NetworkManager

4. MAC MAC MAC OK

MAC

4

81

4.4 NetworkManager

5.

6. OK

82

4.5 NetworkManager

Bond

nmtui (nmtui)

4.3. NETWORKMANAGER NMCLI

nmcli NetworkManager (nmcli)

nmcli

~]$ nmcli con add type bond ifname mybond0Connection 'bond-mybond0' (5f739690-47e8-444b-9620-1895316a28ba) successfully added.

con-name

4

83

NetworkManager

~]$ nmcli con add type bond ifname mybond0 bond.options "mode=balance-rr,miimon=100"Connection 'bond-mybond0' (5f739690-47e8-444b-9620-1895316a28ba) successfully added.

1.

2.

~]$ nmcli con add type ethernet ifname ens3 master mybond0Connection 'bond-slave-ens3' (220f99c6-ee0a-42a1-820e-454cbabc2618) successfully added.

~]$ nmcli con add type ethernet ifname ens7 master mybond0Connection 'bond-slave-ens7' (ecc24c75-1c89-401f-90c8-9706531e0231) successfully added.

~]$ nmcli con up bond-slave-ens7Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/14)

~]$ nmcli con up bond-slave-ens3Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/15)

active_slave primary active_slave

~]$ nmcli dev mod bond0 +bond.options "active_slave=ens7"Connection successfully reapplied to device 'bond0'.

primary

~]$ nmcli dev mod bond0 +bond.options "primary=ens3"Connection successfully reapplied to device 'bond0'.

84

active_slave primary

4.4. (CLI)

4.4.1.

Red Hat Enterprise Linux 7 root

~]# modprobe --first-time bonding

Red Hat Enterprise Linux 7 BONDING_OPTS

~]$ modinfo bonding

modprobe(8) man

4.4.2.

/etc/sysconfig/network-scripts/ ifcfg-bondN N 0

DEVICE bondN N TYPE=Bond BONDING_MASTER=yes

4.1 ifcfg-bond0

DEVICE=bond0NAME=bond0TYPE=BondBONDING_MASTER=yesIPADDR=192.168.1.1PREFIX=24

4

85


NAME NetworkManager ONBOOT ()

ifcfg-bondN BONDING_OPTS="bonding parameters" /etc/modprobe.d/bonding.conf /etc/modprobe.conf

max_bonds ifcfg-bondN BONDING_OPTS

4.4.3.

MASTER SLAVE

4.2

2 eth0 eth1

N ONBOOT=yes TYPE=Ethernet

4.4.4.

ONBOOT=yesBOOTPROTO=noneBONDING_OPTS="bonding parameters separated by spaces"

DEVICE=ethNNAME=bond0-slaveTYPE=EthernetBOOTPROTO=noneONBOOT=yesMASTER=bond0SLAVE=yes

86

root

~]# ifup ifcfg-eth0Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7)

~]# ifup ifcfg-eth1Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8)

up down

ifdown ethN

(down)

NetworkManager root

~]# nmcli con load /etc/sysconfig/network-scripts/ifcfg-device

~]# nmcli con reload

NetworkManager NetworkManager.conf monitor-connection-files NetworkManager.conf(5) man

~]# ip link show1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eth0: mtu 1500 qdisc pfifo_fast master bond0 state UP mode DEFAULT qlen 1000 link/ether 52:54:00:e9:ce:d2 brd ff:ff:ff:ff:ff:ff3: eth1: mtu 1500 qdisc pfifo_fast master bond0 state UP mode DEFAULT qlen 1000 link/ether 52:54:00:38:a6:4c brd ff:ff:ff:ff:ff:ff4: bond0: mtu 1500 qdisc noqueue state UP mode DEFAULT link/ether 52:54:00:38:a6:4c brd ff:ff:ff:ff:ff:ff

4.4.5.

Red Hat Enterprise Linux 7 BONDING_OPTS

4

87

BONDING_OPTS ifcfg-bondN

SLAVE

MASTER

4.3 ifcfg-bondN

N 2 ifcfg-bond0 ifcfg-bond1 2 IP

4.2MASTER=bondN 2 2 4 2 MASTER=bond0 2 MASTER=bond1

4.5.

miimonarp_intervalarp_ip_target

4.5.1.

( ifcfg-bond0) BONDING_OPTS="bonding parameters" sysfs ()

sysfs sysfs

DEVICE=bondNNAME=bondNTYPE=BondBONDING_MASTER=yesIPADDR=192.168.1.1PREFIX=24ONBOOT=yesBOOTPROTO=noneBONDING_OPTS="bonding parameters separated by spaces"

88

sysfs /sys/ /sys/class/net/

ifcfg-bond0 bond0 SLAVE=yes MASTER=bond0

root ifup bondN

~]# ifup bond0

ifcfg-bond0 root ip link show bond0

~]# ip link show1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eth0: mtu 1500 qdisc pfifo_fast master bond0 state UP mode DEFAULT qlen 1000 link/ether 52:54:00:e9:ce:d2 brd ff:ff:ff:ff:ff:ff3: eth1: mtu 1500 qdisc pfifo_fast master bond0 state UP mode DEFAULT qlen 1000 link/ether 52:54:00:38:a6:4c brd ff:ff:ff:ff:ff:ff4: bond0: mtu 1500 qdisc noqueue state UP mode DEFAULT link/ether 52:54:00:38:a6:4c brd ff:ff:ff:ff:ff:ff

~]$ cat /sys/class/net/bonding_mastersbond0

/sys/class/net/bondN/bonding/

~]# ifdown bond0

bond0 MII 1 root

~]# echo 1000 > /sys/class/net/bond0/bonding/miimon

bond0 balance-alb

~]# echo 6 > /sys/class/net/bond0/bonding/mode

~]# echo balance-alb > /sys/class/net/bond0/bonding/mode

4

89

ifup bondN sysfs

/etc/sysconfig/network-scripts/ifcfg-bondN BONDING_OPTS= (ONBOOT=yes ) BONDING_OPTS

modinfo bonding parm https://www.kernel.org/doc/Documentation/networking/bonding.txt

ad_select=value

802.3ad

stable 0:

bandwidth 1:

802.3ad

count 2: bandwidth

bandwidth count 802.3ad

arp_interval=time_in_milliseconds

ARP ()

arp_interval arp_ip_target miimon

90

https://www.kernel.org/doc/Documentation/networking/bonding.txt

mode=0 mode=2 (2 ) NIC https://www.kernel.org/doc/Documentation/networking/bonding.txt

0 ARP

arp_ip_target=ip_address[,ip_address_2,ip_address_16]

arp_interval ARP IP 16 IP

arp_validate=value

ARP / none activebackupall

downdelay=time_in_milliseconds

()miimon 0

fail_over_mac=value

- MAC () MAC

none 0: fail_over_mac -MAC

active 1: active fail_over_mac MAC MAC MAC MAC

MAC (ARP ) MAC ARP ARP ARP

MII ARP updelay

follow 2: follow fail_over_mac MAC ( MAC )2 MAC MAC ( MAC )

MAC

4

91


lacp_rate=value

802.3ad LACPDU

slow 0: 30 LACPDU

fast 1: 1 LACPDU

miimon=time_in_milliseconds

MII ()MII NIC NIC MII root

~]# ethtool interface_name | grep "Link detected:"

interface_name eth0 MII

Link detected: yes

NIC MII 0 () 100

arp_interval arp_ip_target miimon

mode=value

value

balance-rr 0:

active-backup 1:

balance-xor 2: XOR MAC MAC

92

broadcast 3:

802.3ad 4: IEEE 802.3ad 802.3ad

balance-tlb 5: (TLB) MAC

balance-alb 6: (ALB) IPv4 ARP

primary=interface_name

eth0 primary NIC 1

active-backup https://www.kernel.org/doc/Documentation/networking/bonding.txt

primary_reselect=value

always 0 ():

better 1:

failure 2:

primary_reselect 2

4

93


sysfs primary_reselect

resend_igmp=range

IGMP 1 200ms ()

0 255 1 0 IGMP

IGMP balance-rr (mode 0)active-backup (mode 1)balance-tlb (mode 5) balance-alb (mode 6) IGMP IGMP

updelay=time_in_milliseconds

()miimon 0

use_carrier=number

miimon MII/ETHTOOL ioctls netif_carrier_ok() netif_carrier_ok() netif_carrier_on/off

MII/ETHTOOL ioctls netif_carrier_on/off

1: netif_carrier_ok()

0: MII/ETHTOOL ioctls

netif_carrier_on/off

xmit_hash_policy=value

balance-xor 802.3ad

94

0 layer2: MAC XOR

(source_MAC_address XOR destination_MAC) MODULO slave_count

802.3ad

1 layer3+4: ()

TCP UDP :

((source_port XOR dest_port) XOR ((source_IP XOR dest_IP) AND 0xffff) MODULO slave_count

TCP UDP IP IP layer2

PFC2 Cisco Foundry IBM

802.3ad

2 layer2+3: layer2 layer3

MAC IP XOR

(((source_IP XOR dest_IP) AND 0xffff) XOR ( source_MAC XOR destination_MAC )) MODULO slave_count

IP layer2

layer3 layer2

802.3ad

4.6. GUI

nm-connection-editor NetworkManager 2 InfiniBand MAC

4.6.1.

4

95




2. 1

4.6 NetworkManager Bond

3. Bond

96

4. bond0 1 MAC MAC MAC MAC MAC MAC

4.7 NetworkManager

5. Bond

6.

7. Bond

4.2



2.

4

97

3.

4.

5

: Network

: NetworkManager

: root



5. Bond

()

IPv4 IPv4 IPv4

IPv6 IPv6 IPv6

4.6.1.1. Bond

(4.1nm-connection-editor )

802.3ad

98


InfiniBand

XOR

XOR () XOR MAC MAC

802.3ad

IEEE 802.3ad 802.3ad

(TLB) MAC

(ALB) IPv4 ARP

4

99

MII (Media Independent Interface)

MII ethtool 3

MII ()

up ()up ARP

down ()

ARP

(ARP) 1

2

ARP ()

ARP

ARP IP

4.7.

nmcli(1) man : NetworkManager

nmcli-examples(5) man : nmcli

nm-settings(5) man : NetworkManager

100


https://access.redhat.com/site/node/28421/Configuring_VLAN_devices_over_a_bonded_interface

VLAN Red Hat

4

101

https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/https://access.redhat.com/site/node/28421/Configuring_VLAN_devices_over_a_bonded_interface

5

5.1.

NIC Linux Red Hat Enterprise Linux 7

() Team Netlink API (API) Netlink API libTeam Netlink RT Netlinklibteam teamd teamd 1 1 teamd teamd libteam

teamdctl D-bus teamd teamdctl teamd D-Bus API D-Bus teamd Unix Domain Sockets D-Bus D-Bus teamd teamd D-Bus teamdctl

Team Netlink API Netlink libteam API libnl teamnl API

teamd

teamd NetworkManager

5.2.

102

NetworkManager

1.

2.

3.

4. IP

5. DHCP

6. DHCP

7. DHCP

?

5.3.

5.1

Tx

Tx

Tx

LACP (802.3ad) ()

Tx

5

103

https://access.redhat.com/ja/solutions/1465133

Tx (TLB)

LACP

LACP

Ethtool

ARP

NS/NA (IPv6)

/

()

Tx/Rx (rwlock) (RCU)

VLAN

D-Bus

LLDP zero config

NetworkManager

104

5.4.

teamd libteam 1 team0 team0 team1 teamd JSON teamd teamd teamd

broadcast ()

round-robin ()

active-backup (1 )

loadbalance ( Tx BPF Tx )

lacp (802.3ad )

ethtool (Libteam lib ethtool )

arp_ping (arp_ping ARP )

nsna_ping (IPv6 )

lacp ethtool

5.5.

teamd teamdroot

~]# yum install teamd

5.6.

bond2team ifcfg ifcfg JSON

5

105

ifcfg

~]$ bond2team --examples

/tmp/bond2team.XXXXXX/ XXXXXX /etc/sysconfig/network-scripts/

5.1

bond0 ifcfg root

~]# /usr/bin/bond2team --master bond0

bond0 --rename

~]# /usr/bin/bond2team --master bond0 --rename team0

ifcfg JSON --json JSON teamd.conf(5) man

5.2

bond0 ifcfg ifcfg root

~]# /usr/bin/bond2team --master bond0 --configdir /path/to/ifcfg-file

ifcfg JSON --json

5.3 Bond2team

bond2team

~]# /usr/bin/bond2team --bonding_opts "mode=1 miimon=500"

~]# /usr/bin/bond2team --bonding_opts "mode=1 miimon=500 primary=eth1 \ primary_reselect-0" --port eth1 --port eth2 --port eth3 --port eth4

106

bond2team(1) man

5.7.

~]$ ip link show1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: em1: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 52:54:00:6a:02:8a brd ff:ff:ff:ff:ff:ff3: em2: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000link/ether 52:54:00:9b:6d:2a brd ff:ff:ff:ff:ff:ff

5.8.

NetworkManager nmtui nmtui

nmcli nmcli

teamd teamd

ifcfg

GUI

5.9. NMTUI

nmtui

~]$ nmtui


5

107

1.

5.1 NetworkManager

2. team

108

5.2 NetworkManager

3.

5

109

5.3 NetworkManager

4. MAC MAC MAC OK

MAC

110

5.4 NetworkManager

5.

6. JSON vim vim JSON JSON

7. OK

5

111

5.5 NetworkManager

JSON teamd nmtui JSON DeviceJSON deviceport JSON JSON

nmtui (nmtui)

5.10.

5.10.1. nmcli

~]$ nmcli connection showNAME UUID TYPE DEVICEeth1 0e8185a1-f0fd-4802-99fb-bedbb31c689b 802-3-ethernet --eth0 dfe1f57b-419d-4d1c-aaf5-245deab82487 802-3-ethernet --

112

~]$ nmcli device statusDEVICE TYPE STATE CONNECTIONvirbr0 bridge connected virbr0ens3 ethernet connected ens3

ServerA

~]$ nmcli connection add type team ifname ServerAConnection 'team-ServerA' (b954c62f-5fdd-4339-97b0-40efac734c50) successfully added.

NetworkManager connection.autoconnect yes IP ipv4.method auto NetworkManager /etc/sysconfig/network-scripts/ifcfg-team-ServerA ONBOOT yes BOOTPROTO dhcp


~]$ nmcli con show team-ServerAconnection.id: team-ServerAconnection.uuid: b954c62f-5fdd-4339-97b0-40efac734c50connection.interface-name: ServerAconnection.type: teamconnection.autoconnect: yesipv4.method: auto[]

JSON JSON teamd.conf(5) man con-name

~]$ nmcli connection add type team con-name Team0 ifname ServerBConnection 'Team0' (5f7160a1-09f6-4204-8ff0-6d96a91218a7) successfully added.

~]$ nmcli con showNAME UUID TYPE DEVICEteam-ServerA b954c62f-5fdd-4339-97b0-40efac734c50 team ServerAeth1 0e8185a1-f0fd-4802-99fb-bedbb31c689b 802-3-ethernet --eth0 dfe1f57b-419d-4d1c-aaf5-245deab82487 802-3-ethernet --Team0 5f7160a1-09f6-4204-8ff0-6d96a91218a7 team ServerB

5

113

nmcli con mod old-team-name connection.id new-team-name

nmcli connection modify team-name team.config JSON-config

JSON team.config JSON JSON

team.config

nmcli con show team-name | grep team.config

Team0 Team0-port1 eth0

~]$ nmcli con add type ethernet con-name Team0-port1 ifname eth0 master Team0Connection 'Team0-port1' (ccd87704-c866-459e-8fe7-01b06cf1cffc) successfully added.

Team0-port2 eth1

~]$ nmcli con add type team-slave con-name Team0-port2 ifname eth1 master Team0Connection 'Team0-port2' (a89ccff8-8202-411e-8ca6-2953b7db52dd) successfully added.

nmcli

~]$ nmcli connection up Team0-port1Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

~]$ nmcli connection up Team0-port2Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)

~]$ ip link3: Team0: mtu 1500 qdisc noqueue state UP mode DEFAULT link/ether 52:54:00:76:6f:f0 brd ff:ff:ff:ff:ff:f

114

~]$ nmcli connection up Team0Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)


5.10.2. teamd

teamd nmcli ifcfg

JSON root

~]$ ls /usr/share/doc/teamd-*/example_configs/activebackup_arp_ping_1.conf activebackup_multi_lw_1.conf loadbalance_2.confactivebackup_arp_ping_2.conf activebackup_nsna_ping_1.conf loadbalance_3.confactivebackup_ethtool_1.conf broadcast.conf random.confactivebackup_ethtool_2.conf lacp_1.conf roundrobin_2.confactivebackup_ethtool_3.conf loadbalance_1.conf roundrobin.conf

activebackup_ethtool_1.conf

~]$ cat /usr/share/doc/teamd-*/example_configs/activebackup_ethtool_1.conf{ "device": "team0", "runner": {"name": "activebackup"}, "link_watch": {"name": "ethtool"}, "ports": { "eth1": { "prio": -10, "sticky": true }, "eth2": { "prio": 100 } }}

5

115

teamd

~]$ mkdir ~/teamd_working_configs

~]$ cp /usr/share/doc/teamd-*/example_configs/activebackup_ethtool_1.conf \ ~/teamd_working_configs/activebackup_ethtool_1.conf

~]$ vi ~/teamd_working_configs/activebackup_ethtool_1.conf

vi vi(1) man

down

~]$ ip link show1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: em1: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 52:54:00:d5:f7:d4 brd ff:ff:ff:ff:ff:ff3: em2: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 52:54:00:d8:04:70 brd ff:ff:ff:ff:ff:ff

UP

root

~]# ip link set down em1

root ( teamd_working_configs )

~]# cd /home/userteamd_working_configs

~]# teamd -g -f activebackup_ethtool_1.conf -dUsing team device "team0".Using PID file "/var/run/teamd/team0.pid"Using config file "/home/user/teamd_working_configs/activebackup_ethtool_1.conf"

116

-g -f -d teamd(8) man

root

~]# teamdctl team0 statesetup: runner: activebackupports: em1 link watches: link summary: up instance[link_watch_0]: name: ethtool link: up em2 link watches: link summary: up instance[link_watch_0]: name: ethtool link: uprunner: active port: em1

team0 root

~]# ip addr add 192.168.23.2/24 dev team0

IP

~]$ ip addr show team04: team0: mtu 1500 qdisc noqueue state UP link/ether 16:38:57:60:20:6f brd ff:ff:ff:ff:ff:ff inet 192.168.23.2/24 scope global team0 valid_lft forever preferred_lft forever inet6 2620:52:0:221d:1438:57ff:fe60:206f/64 scope global dynamic valid_lft 2591880sec preferred_lft 604680sec inet6 fe80::1438:57ff:fe60:206f/64 scope link valid_lft forever preferred_lft forever

uproot

~]# ip link set dev team0 up

downroot

~]# ip link set dev team0 down

5

117

killroot

~]# teamd -t team0 -k

-k team0 killteamd(8) man

teamd

~]$ teamd -h

teamd(8) man

5.10.3. ifcfg

ifcfg /etc/sysconfig/network-scripts/

DEVICE=team0DEVICETYPE=TeamONBOOT=yesBOOTPROTO=noneIPADDR=192.168.11.1PREFIX=24TEAM_CONFIG='{"runner": {"name": "activebackup"}, "link_watch": {"name": "ethtool"}}'

team0 /etc/sysconfig/network-scripts/

DEVICE=eth1HWADDR=D4:85:64:01:46:9EDEVICETYPE=TeamPortONBOOT=yesTEAM_MASTER=team0TEAM_PORT_CONFIG='{"prio": 100}'

()DEVICE HWADDR prio 0 -32,767 +32,767 ()

HWADDR MAC 8

root

~]# ifup team0

118

~]$ ip link show

5.10.4. iputils

ip em1 team0 root

~]# ip link set dev em1 down~]# ip link set dev em1 master team0

5.10.5. teamnl

teamnl root

~]# teamnl team0 portsem2: up 100 fullduplexem1: up 100 fullduplex

5.10.6. teamnl

teamnl root

~]# teamnl team0 options

root

~]# teamnl team0 setoption mode activebackup

5.10.7. iputils

ip team0 root

~]# ip addr add 192.168.252.2/24 dev team0

5.10.8. iputils

ip team0 root

~]# ip link set team0 up

5.10.9. teamnl

5

119

teamnl activeport root

~]# teamnl team0 getoption activeport0

5.10.10. teamnl

teamnl activeport root

~]# teamnl team0 setoption activeport 5

root

~]# teamnl team0 getoption activeport5

5.11. TEAMDCTL TEAMD

teamd teamdctl

team0 root

~]# teamdctl team0 state view

~]# teamdctl team0 state view -v

team0 JSON ()

~]# teamdctl team0 state dump

team0 JSON

~]# teamdctl team0 config dump

team0 em1

~]# teamdctl team0 port config dump em1

5.11.1.

em1 team0 root

~]# teamdctl team0 port add em1

120

teamdctl down teamdctl team0 port add em1

5.11.2.

em1 team0 root

~]# teamdctl team0 port remove em1

5.11.3.

team0 em1 JSON root

~]# teamdctl team0 port config update em1 JSON-config-string

JSON-config-string JSON JSON JSON

{ "prio": -10, "sticky": true}

JSON

teamdctl(8) man

5.11.4.

team0 em1 root

~]# teamdctl team0 port config dump em1

JSON

5.12. TEAMD

teamd

5.12.1.

5

121

root JSON

{ "device": "team0", "runner": {"name": "broadcast"}, "ports": {"em1": {}, "em2": {}}}

teamd.conf(5) man

5.12.2.

root JSON

{ "device": "team0", "runner": {"name": "random"}, "ports": {"em1": {}, "em2": {}}}

teamd.conf(5) man

5.12.3.

root JSON

{ "device": "team0", "runner": {"name": "roundrobin"}, "ports": {"em1": {}, "em2": {}}}

teamd.conf(5) man

5.12.4.

JSON

{ "device": "team0", "runner": { "name": "activebackup" }, "link_watch": { "name": "ethtool" },

122

"ports": { "em1": { "prio": -10, "sticky": true }, "em2": { "prio": 100 } }}

ethtool em2 sticky em1

{ "device": "team0", "runner": { "name": "activebackup" }, "link_watch": { "name": "ethtool" }, "ports": { "em1": { "prio": -10, "sticky": true, "queue_id": 4 }, "em2": { "prio": 100 } }}

queue ID 4 ethtool em2 sticky em1

ethtool root JSON

{ "device": "team0", "runner": { "name": "activebackup" }, "link_watch": { "name": "ethtool", "delay_up": 2500, "delay_down": 1000 }, "ports": { "em1": { "prio": -10,

5

123

"sticky": true }, "em2": { "prio": 100 } }}

ethtool em2 sticky em1

teamd.conf(5) man

5.12.5.

2 teamd

(Tx) root JSON

{ "device": "team0", "runner": { "name": "loadbalance", "tx_hash": ["eth", "ipv4", "ipv6"] }, "ports": {"em1": {}, "em2": {}}}

(Tx)

(Tx) root JSON

{ "device": "team0", "runner": { "name": "loadbalance", "tx_hash": ["eth", "ipv4", "ipv6"], "tx_balancer": { "name": "basic" } }, "ports": {"em1": {}, "em2": {}}}

(Tx)

124

teamd.conf(5) man

5.12.6. LACP (802.3ad)

ethtool LACP root JSON

{ "device": "team0", "runner": { "name": "lacp", "active": true, "fast_rate": true, "tx_hash": ["eth", "ipv4", "ipv6"] }, "link_watch": {"name": "ethtool"}, "ports": {"em1": {}, "em2": {}}}

link aggregation control protocol (LACP) LACP ethtool ethtool arp_ping ARP ethtool

(Tx)

"tx_balancer": { "name": "basic"}

teamd.conf(5) man

5.12.7.

root JSON JSON

5.12.7.1. Ethtool

()

"link_watch": { "name": "ethtool", "delay_up": 2500}

()

"link_watch": {

5

125

"name": "ethtool", "delay_down": 1000}

5.12.7.2. ARP Ping

teamd ARP arping

JSON

{ "device": "team0", "runner": {"name": "activebackup"}, "link_watch":{ "name": "arp_ping", "interval": 100, "missed_max": 30, "source_host": "192.168.23.2", "target_host": "192.168.23.1" }, "ports": { "em1": { "prio": -10, "sticky": true }, "em2": { "prio": 100 } }}

arp_ping missed_max ( ARP ) interval

JSON em2 root

~]# port config update em2 JSON-config-file

teamdctl(8) man

5.12.7.3. IPv6 NA/NS

{ "device": "team0", "runner": {"name": "activebackup"}, "link_watch": { "name": "nsna_ping", "interval": 200,

126

"missed_max": 15, "target_host": "fe80::210:18ff:feaa:bbcc" }, "ports": { "em1": { "prio": -10, "sticky": true }, "em2": { "prio": 100 } }}

NS/NA

"link_watch": { "name": "nsna_ping", "interval": 200}

missed_max

NS/NA

"link_watch": { "name": "nsna_ping", "missed_max": 15}

NS/NA missed_max ( ARP ) interval

NS/NA IPv6

"link_watch": { "name": "nsna_ping", "target_host": "MyStorage"}

target_hostIPv6 NS/NA IPv6

teamd.conf(5) man

5.12.8.

5

127

(teamd ) 16Netlink tx_queues

ID queue_id

{ "queue_id": 3}

ID tc 192.168.1.100 eth1 root

~]# tc qdisc add dev team0 handle 1 root multiq~]# tc filter add dev team0 protocol ip parent 1: prio 1 u32 match ip dst \ 192.168.1.100 action skbedit queue_mapping 3

5.12.9. BPF Tx

LACP Berkeley Packet Filter (BPF) BPF 8 256 (SKB)

Tx

eth: MAC

vlan: VLAN ID

ipv4: IPv4

ipv6: IPv6

ip: IPv4 IPv6

l3: IPv4 IPv6

tcp: TCP

128

udp: UDP

sctp: SCTP

l4: TCPUDP SCTP

"tx_hash": ["eth", "ipv4", "ipv6"]

5.13. GUI

5.13.1.

nm-connection-editor NetworkManager 2 InfiniBand MAC




2. 1

5

129

5.6 NetworkManager Team

3. Team Team

4. team0 1

130

5.7 NetworkManager

5. Team JSON

6.

7. Team

8.

9.

5.2



2.

3.

4. 5

5

131

: Network

: NetworkManager

: root



5.

()

IPv4 IPv4 IPv4

IPv6 IPv6 IPv6

5.13.1.1.

JSON JSON

JSON teamd

5.1nm-connection-editor

5.14.

teamd(8) man : teamd

teamdctl(8) man : teamd

teamd.conf(5) man : teamd

132


teamnl(8) man : teamd Netlink

bond2team(1) man :

http://www.w3schools.com/js/js_json_syntax.asp

JSON

5

133

http://www.w3schools.com/js/js_json_syntax.asp

6 MAC MAC Linux NIC 1 NIC

Wi-Fi IEEE 802.11 Wi-Fi 3

6.1. NMTUI

nmtui

~]$ nmtui


1.

134

6.1 NetworkManager

2.

3.

6

135

6.2 NetworkManager

4. MAC MAC MAC OK

MAC

136

6.3 NetworkManager

5.

6. OK

6

137

6.4 NetworkManager

nmtui (nmtui)

6.2. NETWORKMANAGER NMCLI

bridge-br0 root

~]# nmcli con add type bridge ifname br0Connection 'bridge-br0' (6ad5bba6-98a0-4f20-839d-c997ba7668ad) successfully added.

bridgebridge-1bridge-2

~]$ nmcli con showNAME UUID TYPE DEVICE

138

bridge-br0 79cf6a3e-0310-4a78-b759-bda1cc3eef8d bridge br0eth0 4d5c449a-a6c5-451c-8206-3c9a4ec88bca 802-3-ethernet eth0

(STP) IEEE802.1D-1998 STP root

~]# nmcli con modify bridge-br0 bridge.stp no

802.1D STP root

~]# nmcli con modify bridge-br0 bridge.stp yes

802.1D STP 32768 root 32768 () 28672 root

~]$ nmcli con add type bridge ifname br5 stp yes priority 28672Connection 'bridge-br5' (86b83ad3-b466-4795-aeb6-4a66eb1856c7) successfully added.

0 65535

~]$ nmcli connection modify bridge-br5 bridge.priority 36864

0 65535

~]$ nmcli -f bridge con show bridge-br0

802.1D STP nmcli(1) man

eth1 bridge-br0

~]$ nmcli con add type ethernet ifname eth1 master bridge-br0Connection 'bridge-slave-eth1' (70ffae80-7428-4d9c-8cbd-2e35de72476e) successfully added.

nmcli

~]$ nmcli connection edit bridge-br0

nmcli

nmcli> set bridge.priority 4096

6

139

nmcli> saveConnection 'bridge-br0' (79cf6a3e-0310-4a78-b759-bda1cc3eef8d) successfully saved.nmcli> quit


6.3. (CLI)

6.3.1.

Red Hat Enterprise Linux 7 root

~]# modprobe --first-time bridgemodprobe: ERROR: could not insert 'bridge': Module already in kernel

~]$ modinfo bridge

modprobe(8) man

6.3.2.

/etc/sysconfig/network-scripts/ ifcfg-brN N 0

DEVICE brN N

TYPE Bridge /

IP MAC ()

DELAY=0 MAC 15

6.1 ifcfg-br0

IP

DEVICE=br0

140

6.2 ifcfg-ethX

/etc/sysconfig/network-scripts/ifcfg-ethX X

NAME NetworkManager ifcfg-rh Type Interface Bridge br0 NAME=bridge-br0 ifcfg-br0 bridge-br0

DEVICE TYPE=Ethernet TYPE ()

HWADDR MAC 8

TYPE=BridgeIPADDR=192.168.1.1PREFIX=24BOOTPROTO=noneONBOOT=y

Documents

Red Hat Enterprise Linux 7Ÿは control-network を使って NetworkManager に指示を出す。 コマンドラインはコマンドを発行できることから コマンドラインインターフェース

Red Hat Enterprise Linux 7Ÿは control-network を使って NetworkManager に指示を出す。コマンドラインはコマンドを発行できることからコマンドラインインターフェース