Upload
nguyendang
View
252
Download
10
Embed Size (px)
Citation preview
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 7
Last Updated: 2018-02-23
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 7
Mirek JahodaRed Hat Customer Content [email protected]
Ioanna GkiokaRed Hat Customer Content [email protected]
Jana HevesRed Hat Customer Content Services
Stephen WadeleyRed Hat Customer Content Services
Christian HuffmanRed Hat Customer Content Services
Copyright 20102017 Red Hat, Inc.
This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0Unported License. If you distribute this document, or a modified version of it, you must provideattribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hattrademarks must be removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert,Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinitylogo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and othercountries.
Linux is the registered trademark of Linus Torvalds in the United States and other countries.
Java is a registered trademark of Oracle and/or its affiliates.
XFS is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United Statesand/or other countries.
MySQL is a registered trademark of MySQL AB in the United States, the European Union andother countries.
Node.js is an official trademark of Joyent. Red Hat Software Collections is not formally related toor endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack Word Mark and OpenStack logo are either registered trademarks/service marksor trademarks/service marks of the OpenStack Foundation, in the United States and other countriesand are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed orsponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 7 Linux Red Hat Enterprise Linux 6
http://creativecommons.org/licenses/by-sa/3.0/
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
I. IP
1 RED HAT ENTERPRISE LINUX 1.1. 1.2. IP IP 1.3. NETWORKMANAGER 1.4. NETWORKMANAGER 1.5. (NMTUI) 1.6. NETWORKMANAGER CLI (NMCLI) 1.7. (CLI) 1.8. NETWORKMANAGER 1.9. SYSCONFIG 1.10. 1.11. NETCONSOLE 1.12.
2 IP 2.1. 2.2. 2.3. GNOME NETWORKMANAGER 2.4. VPN 2.5. 2.6. DSL 2.7. 2.8.
3 3.1. 3.2. NMTUI 3.3. HOSTNAMECTL 3.4. NMCLI 3.5.
4 4.1. 4.2. NMTUI 4.3. NETWORKMANAGER NMCLI 4.4. (CLI) 4.5. 4.6. GUI 4.7.
5 5.1. 5.2. 5.3. 5.4. 5.5. 5.6. 5.7. 5.8. 5.9. NMTUI 5.10.
5
66667899
1011131315
161633405157596073
747474757677
78787883858895
100
102102102103105105105107107107112
1
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.11. TEAMDCTL TEAMD 5.12. TEAMD 5.13. GUI 5.14.
6 6.1. NMTUI 6.2. NETWORKMANAGER NMCLI 6.3. (CLI) 6.4. GUI 6.5.
7 802.1Q VLAN 7.1. VLAN 7.2. NMTUI 802.1Q VLAN 7.3. NMCLI 802.1Q VLAN 7.4. 802.1Q VLAN 7.5. GUI 802.1Q VLAN 7.6. IP VLAN 7.7.
8 8.1. 8.2. 8.3. 8.4. SYSTEM Z LINUX 8.5. VLAN 8.6. BIOSDEVNAME 8.7. 8.8. 8.9. 8.10. 8.11.
II. INFINIBAND RDMA
9 INFINIBAND RDMA 9.1. INFINIBAND RDMA 9.2. INFINIBAND RDMA 9.3. BASE RDMA 9.4. 9.5. INFINIBAND RDMA 9.6. IPOIB 9.7. NMTUI INFINIBAND 9.8. NMCLI IPOIB 9.9. IPOIB 9.10. IPOIB RDMA 9.11. GUI IPOIB 9.12.
III.
10 DHCP 10.1. DHCP 10.2. DHCP
120121129132
134134138140144149
150151151153156157159160
161161162162163163164165165166167168
170
171171172173175177180182184186187188189
191
192192192
2
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10.3. DHCP 10.4. DHCP 10.5. IPV6 DHCP (DHCPV6)10.6. IPV6 RADVD 10.7.
11 DNS 11.1. DNS 11.2. BIND
12 SQUID12.1. SQUID 12.2. SQUID 12.3. SQUID 12.4. SQUID 12.5. SQUID 12.6.
A RED HAT CUSTOMER PORTAL LABSNETWORK BONDING HELPERPACKET CAPTURE SYNTAX GENERATOR
B
199200203204205
206206207
235235235236241245247
248248248248
249
250
3
4
I. IP
Red Hat Enterprise Linux
I. IP
5
1 RED HAT ENTERPRISE LINUX
1.1.
Red Hat Engineering Content Services Red Hat Enterprise Linux 6
nmtui
NetworkManager nmcli
(GUI) : nm-connection-editor control-network NetworkManager
(CLI) ip ifcfg
1.2. IP IP
2 IP IP DSL VPN
IP 1 InfiniBand () InfiniBand IP IP InfiniBand 9InfiniBand RDMA InfiniBand RDMA
ethX Red Hat Enterprise Linux 7
1.3. NETWORKMANAGER
Red Hat Enterprise Linux 7 NetworkManager
6
ifcfg NetworkManager
1.1
NetworkManager
nmtui NetworkManager curses (TUI)
nmcli NetworkManager
control-center GNOME Shell
nm-connection-editor control-center GTK+ 3
NetworkManager IP DNS VPN NetworkManager D-Bus API
NetworkManager managed NetworkManager unmanaged
1.4. NETWORKMANAGER
NetworkManager Red Hat Enterprise Linux root
~]# yum install NetworkManager
Red Hat Enterprise Linux 7
1.4.1. NetworkManager
NetworkManager root NetworkManager
~]$ systemctl status NetworkManagerNetworkManager.service - Network Manager Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled) Active: active (running) since Fri, 08 Mar 2013 12:50:04 +0100; 3 days ago
1 RED HAT ENTERPRISE LINUX
7
https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/
NetworkManager systemctl status NetworkManager Active: inactive (dead) root
~]# systemctl start NetworkManager
NetworkManager systemctl enable
~]# systemctl enable NetworkManager
Red Hat Enterprise Linux 7
1.4.2. NetworkManager
NetworkManager Red Hat Enterprise Linux 7
1. NetworkManager curses (TUI) nmtui
2. nmcli NetworkManager GUI nmcli NetworkManager GUI
3. GNOME Shell NetworkManager
4. GNOME Shell control-center Super Network
5. nm-connection-editor control-center nm-connection-editor
~]$ nm-connection-editor
1.5. (NMTUI)
NetworkManager (TUI) nmtui NetworkManager NetworkManager-tui NetworkManager NetworkManager-tui root
8
https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/
~]# yum install NetworkManager-tui
NetworkManager NetworkManager
nmtui
~]$ nmtui
Tab Shift+Tab Enter Space
nmtui edit connection-name
nmtui connect connection-name
nmtui VPN WPA Enterprise 802.1X
1.6. NETWORKMANAGER CLI (NMCLI)
NetworkManager nmcli NetworkManager NetworkManager NetworkManager NetworkManager
nmcli nmcli NetworkManager (nmcli) man nmcli-examples(7) nmcli c add nmcli c modify man nm-settings(5)
1.7. (CLI)
ip iproute2 man ip(8) Red Hat Enterprise Linux 7 iproute ip
~]$ ip -Vip utility, iproute2-ss130716
1 RED HAT ENTERPRISE LINUX
9
ip NetworkManager NetworkManager nmcli nmtuicontrol-centerD-Bus API
ip ifconfig ifconfig net-tools InfiniBand ip help OBJECTS ip link help ip addr help
ip (ifcfg )
nmtui nmcli control-center nm-connection-editor NetworkManager
1.8. NETWORKMANAGER
Red Hat Enterprise Linux /etc/init.d/network/
NetworkManager Red Hat NetworkManager Red Hat
systemctl
systemctl start|stop|restart|status network
Red Hat Enterprise Linux 7 NetworkManager /etc/init.d/network NetworkManager NetworkManager NetworkManager sysconfig /etc/init.d/network
/etc/init.d/network
1. (systemctl start|stop|restart network )
2. (systemctl enable network )
ifup ifdown
10
/sbin/ifup-localifdown-pre-local ifdown-local /etc/init.d/network ifup-local /sbin/
ifup-local initscripts NetworkManager NetworkManager dispatcher.d dispatcher dispatcher
initscripts rpm Red Hat
NetworkManager NetworkManager ifup ifdown NetworkManager NetworkManager ifcfg DEVICE=NetworkManager ifup NetworkManager
NetworkManager
NetworkManager NetworkManager NetworkManager
ifdown NetworkManager ifdown NetworkManager
NetworkManager NetworkManager NetworkManager
dispatcher NetworkManager //etc/NetworkManager/dispatcher.d NetworkManager root NetworkManager dispatcher Red Hat ethtool NetworkManager dispatcher
1.9. SYSCONFIG
/etc/sysconfig/ VPNPPPoE /etc/NetworkManager/ /etc/sysconfig/network-scripts/ ifcfg
1 RED HAT ENTERPRISE LINUX
11
https://access.redhat.com/ja/solutions/3159111
/etc/sysconfig/network VPN PPPoE /etc/NetworkManager/system-connections/
Red Hat Enterprise Linux 7 ifcfg NetworkManager NetworkManager NetworkManager NetworkManagerroot
~]# nmcli connection reload
ifcfg-ifname
~]# nmcli con load /etc/sysconfig/network-scripts/ifcfg-ifname
root Red Hat Enterprise Linux 7 su(1) sudo(8) man
nmcli
nmcli dev disconnect interface-name
nmcli con up interface-name
ifup NetworkManager NetworkManager NetworkManager NetworkManager
ifup ifup-ethX ifup-wirelessifup-ppp ifup eth0
1. ifup /etc/sysconfig/network-scripts/ifcfg-eth0
2. ifcfg ifup TYPE
3. ifup TYPE ifup-wirelessifup-eth ifup-XXX
4.
5. DHCP IP
/etc/init.d/network ifcfg ONBOOT=yes
12
https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/
NetworkManager ifcfg DEVICE NetworkManager ONBOOT=yes NetworkManager initscripts ifcfg ifup
ifcfg ONBOOT=yes NetworkManager initscripts (ISDN ) NetworkManager NetworkManager NetworkManager initscripts
ifcfg .old.orig.rpmnew.rpmorig .rpmsave ifcfg-* /etc
1.10.
Red Hat Enterprise Linux crda Central Regulatory Domain Agent udev udev udev crda Linux (IEEE-802.11) regulatory.bin
setregdomain udev /etc/sysconfig/regdomain COUNTRY
man
setregdomain(1) man :
crda(8) man : ISO IEC 3166 alpha2
regulatory.bin(5) man : Linux
iw(8) man :
1.11. NETCONSOLE
netconsole
rsyslog rsyslogd 514/udp 514/udp rsyslogd /etc/rsyslog.conf MODULES
1 RED HAT ENTERPRISE LINUX
13
$ModLoad imudp$UDPServerRun 514
rsyslogd
]# systemctl restart rsyslog
rsyslogd 514/udp
]# netstat -l | grep syslogudp 0 0 0.0.0.0:syslog 0.0.0.0:*udp6 0 0 [::]:syslog [::]:*
netstat -l 0.0.0.0:syslog [::]:syslog rsyslogd /etc/services netconsole
]$ cat /etc/services | grep syslogsyslog 514/udpsyslog-conn 601/tcp # Reliable Syslog Servicesyslog-conn 601/udp # Reliable Syslog Servicesyslog-tls 6514/tcp # Syslog over TLSsyslog-tls 6514/udp # Syslog over TLSsyslog-tls 6514/dccp # Syslog over TLS
Red Hat Enterprise Linux 7 netconsole initscripts /etc/sysconfig/netconsole netconsole
/etc/sysconfig/netconsole SYSLOGADDR syslogd IP
SYSLOGADDR=192.168.0.1
netconsole netconsole.service
]# systemctl restart netconsole.service]# systemctl enable netconsole.service
rsyslogd netconsole /var/log/messages rsyslog.conf
14
rsyslogd netconsole.service /etc/rsyslog.conf
$UDPServerRun
/etc/sysconfig/netconsole
SYSLOGPORT=514
netconsole Netconsole
1.12.
man(1) man : man
NetworkManager(8) man :
NetworkManager.conf(5) man : NetworkManager
/usr/share/doc/initscripts-version/sysconfig.txt: ifcfg
/usr/share/doc/initscripts-version/examples/networking/:
1 RED HAT ENTERPRISE LINUX
15
https://www.kernel.org/doc/Documentation/networking/netconsole.txt
2 IP
2.1.
LAN 2 Red Hat Enterprise Linux 7 OpenLMI Red Hat Enterprise Linux 7 kickstart
2.1.1.
IP DHCP DHCPDNS
IP DHCP IP
IP nmcli
2.1.2.
IP dynamic host control protocol (DHCP) DHCP
BOOTPROTO dhcp NetworkManager DHCP dhclient DHCP (IPv4 IPv6) dhclient NetworkManager dhclient
2.1.3.
NetworkManager nmtui (nmtui)
NetworkManager nmcli NetworkManager (nmcli)
16
https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/index.htmlhttps://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/index.html
GNOME NetworkManager
2.1.4. (nmtui)
nmtui
~]$ nmtui
2.1 NetworkManager
Tab Shift+Tab Enter Space
1.
2 IP
17
2.2
2.
18
2.3
3.
2 IP
19
2.4
nmtui (nmtui)
2.1.5. NetworkManager (nmcli)
nmcli (NetworkManager ) NetworkManager nm-applet nmcli
nmcli NetworkManager
GUI nmcli NetworkManager
nmcli
20
nmcli
nmcli OPTIONS OBJECT { COMMAND | help }
OBJECT generalnetworkingradioconnectiondeviceagent monitor: nmcli con help
OPTIONS
-t (terse)
()
-p (pretty)
nmcli
-h (help)
nmcli
nmcli help
nmcli object help
nmcli c help
nmcli ()nmcli-examples(5) man
NetworkManager :
nmcli general status
NetworkManager :
nmcli general logging
:
nmcli connection show
2 IP
21
--active ( -a)
nmcli connection show --active
NetworkManager :
nmcli device status
nmcli nmcli
nmcli con up id bond0nmcli con up id port0nmcli dev disconnect bond0nmcli dev disconnect ens3
nmcli connection down nmcli device disconnect
nmcli nmcli
~]$ nmcli con edit
nmcli type nmcli con edit nmcli
nmcli con edit [id | uuid | path] ID
nmcli con edit [type new-connection-type] [con-name new-connection-name]
nmcli help describe
describe setting.property
nmcli> describe team.config
22
NetworkManager
nmcli c add {ARGUMENTS}
nmcli c add 2
NetworkManager
connection.type
nmcli c add connection.type bond
connection.interface-name
nmcli c add connection.interface-name eth0
connection.id
nmcli c add connection.id "My Connection"
nm-settings(5) man
type (connection.type )
nmcli c add type bond
ifname (connection.interface-name )
nmcli c add ifname eth0
con-name (connection.id )
nmcli c add con-name "My Connection"
nmcli ifname eth0 con-name My Connection
nmcli c add type ethernet ifname eth0 con-name "My Connection"
2 IP
23
nmcli c add type ethernet ifname eth0 con-name "My Connection" ethernet.mtu 1600
nmcli c add connection.type ethernet ifname eth0 con-name "My Connection" ethernet.mtu 1600
nmcli c add connection.type ethernet connection.interface-name eth0 connection.id "My Connection" ethernet.mtu 1600
type ifname bondteambridge vlan
type (type_name)
:
nmcli c add type bond
ifname (interface_name)
:
nmcli c add ifname interface_name type ethernet
1
nmcli c modify
connection.id My Connection My favorite connectionconnection.interface-name eth1
nmcli c modify "My Connection" connection.id "My favorite connection" connection.interface-name eth1
MTU 1600
nmcli c modify "My favorite connection" ethernet.mtu 1600
nmcli
nmcli con up con-name
24
nmcli con up My-favorite-connection Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/16)
2.1.6. nmcli
nmcli nmcli(1) man
connection.type
adslbondbond-slavebridgebridge-slavebluetoothcdmaethernetgsminfinibandolpc-meshteamteam-slavevlanwifiwimax nmcli(1) man TYPE_SPECIFIC_OPTIONS
gsm apn
nmcli c add connection.type gsm apn access_point_name
wifi ssid
nmcli c add connection.type wifi ssid My identifier
connection.interface-name
nmcli con add connection.interface-name eth0 type ethernet
connection.id
connection.type -connection.interface-name
connection.id (wlan0ens3em1 ) 1 id
showupdown nmcli
id
nmcli connection Id NAME IDcon-name
uuid
2 IP
25
nmcli connection uuid
2.1.7. nmcli
~]$ nmcli con showNAME UUID TYPE DEVICEAuto Ethernet 9b7f2511-5432-40ae-b091-af2457dfd988 802-3-ethernet --ens3 fb157a65-ad32-47ed-858c-102a48e064a2 802-3-ethernet ens3MyWiFi 91451385-4eb8-4080-8b82-720aab8328dd 802-11-wireless wlan0
NAME ID () 2 NAME ens3 ens3 ID ID MyWiFi wlan0
~]$ nmcli device statusDEVICE TYPE STATE CONNECTIONens3 ethernet disconnected --ens9 ethernet disconnected --lo loopback unmanaged --
NetworkManager (unmanaged)
$ nmcli device set ifname managed no
eth2 unmanaged
$ nmcli device statusDEVICE TYPE STATE CONNECTIONbond0 bond connected bond0virbr0 bridge connected virbr0eth1 ethernet connected bond-slave-eth1eth2 ethernet connected bond-slave-eth2eth0 ethernet unmanaged --
$ nmcli device set eth2 managed no
$ nmcli device statusDEVICE TYPE STATE CONNECTIONbond0 bond connected bond0virbr0 bridge connected virbr0
26
eth1 ethernet connected bond-slave-eth1eth2 ethernet unmanaged --eth0 ethernet unmanaged --
unmanaged NetworkManager
IP DHCP
nmcli connection add type ethernet con-name connection-name ifname interface-name
my-office
~]$ nmcli con add type ethernet con-name my-office ifname ens3Connection 'my-office' (fb157a65-ad32-47ed-858c-102a48e064a2) successfully added.
NetworkManager connection.autoconnect yes NetworkManager /etc/sysconfig/network-scripts/ifcfg-my-office ONBOOT yes
ifcfg NetworkManager sysconfig
~]$ nmcli con up my-officeConnection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
~]$ nmcli device statusDEVICE TYPE STATE CONNECTIONens3 ethernet connected my-officeens9 ethernet disconnected --lo loopback unmanaged --
DHCP dhcp-hostname
~]$ nmcli con modify my-office my-office ipv4.dhcp-hostname host-name ipv6.dhcp-hostname host-name
DHCP IPv4 ID dhcp-client-id
2 IP
27
~]$ nmcli con modify my-office my-office ipv4.dhcp-client-id client-ID-string
IPv6 dhcp-client-id dhclient IPv6 dhclient(8) man
DHCP DNS ignore-auto-dns
~]$ nmcli con modify my-office my-office ipv4.ignore-auto-dns yes ipv6.ignore-auto-dns yes
nm-settings(5) man
2.1
~]$ nmcli con edit type ethernet con-name ens3
===| nmcli interactive connection editor |===
Adding a new '802-3-ethernet' connection
Type 'help' or '?' for available commands.Type 'describe [.]' for detailed property description.
You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6, dcbnmcli> describe ipv4.method
=== [method] ===[NM property description]IPv4 configuration method. If 'auto' is specified then the appropriate automatic method (DHCP, PPP, etc) is used for the interface and most other properties can be left unset. If 'link-local' is specified, then a link-local address in the 169.254/16 range will be assigned to the interface. If 'manual' is specified, static IP addressing is used and at least one IP address must be given in the 'addresses' property. If 'shared' is specified (indicating that this connection will provide network access to other computers) then the interface is assigned an address in the 10.42.x.1/24 range and a DHCP and forwarding DNS server are started, and the interface is NAT-ed to the current default network connection. 'disabled' means IPv4 will not be used on this connection. This property must be set.
nmcli> set ipv4.method autonmcli> saveSaving the connection with 'autoconnect=yes'. That might result in an immediate activation of the connection.Do you still want to save? [yes] yesConnection 'ens3' (090b61f7-540f-4dd6-bf1f-a905831fc287) successfully
28
saved.nmcli> quit~]$
save temporary
IPv4
nmcli connection add type ethernet con-name connection-name ifname interface-name ip4 address gw4 address
ip6 gw6 IPv6
IPv4
~]$ nmcli con add type ethernet con-name test-lab ifname ens9 ip4 10.10.10.10/24 \gw4 10.10.10.254
IPv6
~]$ nmcli con add type ethernet con-name test-lab ifname ens9 ip4 10.10.10.10/24 \gw4 10.10.10.254 ip6 abbe::cafe gw6 2001:db8::1Connection 'test-lab' (05abfd5e-324e-4461-844e-8501ba704773) successfully added.
NetworkManager ipv4.method manual connection.autoconnect yes NetworkManager /etc/sysconfig/network-scripts/ifcfg-my-office BOOTPROTO none ONBOOT yes
ifcfg NetworkManager sysconfig
2 IPv4 DNS
~]$ nmcli con mod test-lab ipv4.dns "8.8.8.8 8.8.4.4"
DNS 2 IPv6 DNS
~]$ nmcli con mod test-lab ipv6.dns "2001:4860:4860::8888 2001:4860:4860::8844"
2 IP
29
DNS + DNS
~]$ nmcli con mod test-lab +ipv4.dns "8.8.8.8 8.8.4.4"
~]$ nmcli con mod test-lab +ipv6.dns "2001:4860:4860::8888 2001:4860:4860::8844"
~]$ nmcli con up test-lab ifname ens9Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
~]$ nmcli device statusDEVICE TYPE STATE CONNECTIONens3 ethernet connected my-officeens9 ethernet connected test-lablo loopback unmanaged --
~]$ nmcli -p con show test-lab=============================================================================== Connection profile details (test-lab)===============================================================================connection.id: test-labconnection.uuid: 05abfd5e-324e-4461-844e-8501ba704773connection.interface-name: ens9connection.type: 802-3-ethernetconnection.autoconnect: yesconnection.timestamp: 1410428968connection.read-only: noconnection.permissions:connection.zone: --connection.master: --connection.slave-type: --connection.secondaries:connection.gateway-ping-timeout: 0[]
-p, --pretty
2.2
~]$ nmcli con edit type ethernet con-name ens3
30
===| nmcli interactive connection editor |===
Adding a new '802-3-ethernet' connection
Type 'help' or '?' for available commands.Type 'describe [>settingprop
~]$ nmcli dev wifi list SSID MODE CHAN RATE SIGNAL BARS SECURITY FedoraTest Infra 11 54 MB/s 98 WPA1 Red Hat Guest Infra 6 54 MB/s 97 WPA2 Red Hat Infra 6 54 MB/s 77 _ WPA2 802.1X* Red Hat Infra 40 54 MB/s 66 _ WPA2 802.1X VoIP Infra 1 54 MB/s 32 __ WEP MyCafe Infra 11 54 MB/s 39 __ WPA2
IP Wi-Fi DNS
~]$ nmcli con add con-name MyCafe ifname wlan0 type wifi ssid MyCafe \ip4 192.168.100.101/24 gw4 192.168.100.1
WPA2 caffeine
~]$ nmcli con modify MyCafe wifi-sec.key-mgmt wpa-psk~]$ nmcli con modify MyCafe wifi-sec.psk caffeine
Red Hat Enterprise Linux 7
Wi-Fi
~]$ nmcli radio wifi [on | off ]
mtu
~]$ nmcli connection show id 'MyCafe' | grep mtu802-11-wireless.mtu: auto
~]$ nmcli connection modify id 'MyCafe' 802-11-wireless.mtu 1350
~]$ nmcli connection show id 'MyCafe' | grep mtu802-11-wireless.mtu: 1350
NetworkManager 802-3-ethernet 802-11-wireless mtu nm-settings(5) man
2.1.8. nmcli
nmcli
2.3 nmcli
32
https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/Security_Guide/
~]# nmcli connection modify eth0 +ipv4.routes "192.168.122.0/24 10.10.10.1"
192.168.122.0/24 10.10.10.1
2.4 nmcli
~]$ nmcli con edit type ethernet con-name ens3
===| nmcli interactive connection editor |===
Adding a new '802-3-ethernet' connection
Type 'help' or '?' for available commands.Type 'describe [>settingprop
ipcalc
Red Hat Enterprise Linux 7 8HWADDR MAC
ifcfg em1 /etc/sysconfig/network-scripts/ ifcfg-em1
DHCP ifcfg
DHCP_HOSTNAME=hostname
DHCP (FQDN) ifcfg
DHCP_FQDN=fully.qualified.domain.name
ifcfg DHCP_HOSTNAME DHCP_FQDN 1 DHCP_HOSTNAME DHCP_FQDN
DNS ifcfg
ip-address DNS DNS /etc/resolv.conf DNS 1
DEVICE=eth0BOOTPROTO=noneONBOOT=yesPREFIX=24IPADDR=10.0.1.27
DEVICE=em1BOOTPROTO=dhcpONBOOT=yes
PEERDNS=no DNS1=ip-address DNS2=ip-address
34
BOOTPROTO dhcp NetworkManager DHCP dhclient DHCP (IPv4 IPv6) dhclient NetworkManager dhclient
nmcli c reload
2.2.2.
iSCSI
1. dracut dracut Red Hat EnterpriseLinux 7
2. ip
ip:[]:::::{dhcp|dhcp6|auto6|on|any|none|off}
dhcp: DHCP
dhpc6: DHCP IPv6
auto6: IPv6
onany: ()
noneoff: ()
ip=192.168.180.120:192.168.180.100:192.168.180.1:255.255.255.0::eth0:off
3.
nameserver=srv1 [nameserver=srv2 [nameserver=srv3 []]]
dracut ifcfg /etc/sysconfig/network-scripts/
2.2.3. ip
ip IP
2 IP
35
https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/
ip addr [ add | del ] address dev ifname
ip IP root
~]# ip address add 10.0.0.3/24 dev eth0The address assignment of a specific device can be viewed as follows:~]# ip addr show dev eth02: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether f0:de:f1:7b:6e:5f brd ff:ff:ff:ff:ff:ff inet 10.0.0.3/24 brd 10.0.0.255 scope global global eth0 valid_lft 58682sec preferred_lft 58682sec inet6 fe80::f2de:f1ff:fe7b:6e5f/64 scope link valid_lft forever preferred_lft forever
ip-address(8) man
ip ip ip
~]# ip address add 192.168.2.223/24 dev eth1~]# ip address add 192.168.4.223/24 dev eth1~]# ip addr3: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:fb:77:9e brd ff:ff:ff:ff:ff:ff inet 192.168.2.223/24 scope global eth1 inet 192.168.4.223/24 scope global eth1
ip ip(8) man
ip
2.2.4.
()Red Hat Enterprise Linux VPN
36
Red Hat System Administration I (RH124)
ip route add ip route del ip route
ip route [ add | del | change | append | replace ] destination-address
ip-route(8) man
ip route IP
~]$ ip routedefault via 192.168.122.1 dev ens9 proto static metric 1024192.168.122.0/24 dev ens9 proto kernel scope link src 192.168.122.107192.168.122.0/24 dev eth0 proto kernel scope link src 192.168.122.126
IP root
ip route add 192.0.2.1 via 10.0.0.1 [dev ifname]
192.0.2.1 10 IP 10.0.0.1 ifname
IP IP root
ip route add 192.0.2.0/24 via 10.0.0.1 [dev ifname]
192.0.2.0 10 IP /24 classless inter-domain routing (CIDR)
/etc/sysconfig/network-scripts/route-interface eth0 /etc/sysconfig/network-scripts/route-eth0 route-interface ip /2
ip route ip-route(8) man
/etc/sysconfig/network up ifcfg ifcfg GATEWAY
2 IP
37
http://www.redhat.com/en/services/training/rh124-red-hat-system-administration-i?cr=cp|tr|pdtxt|00004
GATEWAY Red Hat Enterprise Linux /etc/sysconfig/network
NetworkManager DHCP NetworkManager ifcfg DEFROUTE=no
2.2.5. ifcfg
ip /etc/sysconfig/network-scripts/ route-ifname IP ip / Network/Netmask 2
2.2.5.1. IP
/etc/sysconfig/network-scripts/route-eth0 1 DHCP /etc/sysconfig/network
default via 192.168.1.1 dev interface
192.168.1.1 IP interface dev /etc/sysconfig/network
10.10.10.0/24 via 192.168.1.1 [dev interface]
10.10.10.0/24 192.168.1.1 IP dev interface
ip route-interface 192.168.0.1 eth0 WAN 192.168.0.10 2 10.10.10.0/24 172.16.1.10/32
38
default via 192.168.0.1 dev eth010.10.10.0/24 via 192.168.0.10 dev eth0172.16.1.10/32 via 192.168.0.10 dev eth0
192.168.0.0/24 10.10.10.0/24 172.16.1.10/32 192.168.0.10
VPN tun0
ip route
10.10.10.0/24 via 192.168.0.10 src 192.168.0.2
10.10.10.0/24 via 192.168.0.10 table 110.10.10.0/24 via 192.168.0.10 table 2
DHCP "RTNETLINK answers: File exists"
2.2.5.2. /
/ route-interface /
ADDRESS0=10.10.10.0
NETMASK0=255.255.255.0 ADDRESS0=10.10.10.0
GATEWAY0=192.168.1.1 ADDRESS0=10.10.10.0 IP
/ route-interface 192.168.0.1 WAN
ADDRESS0=10.10.10.0NETMASK0=255.255.255.0GATEWAY0=192.168.1.1
2 IP
39
192.168.0.10 2 10.10.10.0/24 172.16.1.0/24
ADDRESS0ADDRESS1ADDRESS2
(VPN)IP Red HatEnterprise Linux 7 Security GuideEnabling Packet Forwarding
2.2.6. VPN
Red Hat Enterprise Linux 7 VPN Libreswan IPsec IPsec VPN Red Hat Enterprise Linux 7
2.3. GNOME NETWORKMANAGER
Red Hat Enterprise Linux 7 NetworkManager (GUI) GNOME GNOME control-center GUI nm-connection-editor GUI GNOMEcontrol-center
2.3.1. GUI
control-center 2
Super Network
GNOME
ADDRESS0=10.10.10.0NETMASK0=255.255.255.0GATEWAY0=192.168.0.10ADDRESS1=172.16.1.10NETMASK1=255.255.255.0GATEWAY1=192.168.0.10
40
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/security_guide/#bh-Enabling_Packet_Forwardinghttps://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/Security_Guide/
2.5 GNOME
GNOME
( Wi-Fi )
NetworkManager Available Networks ()
VPN ()
2.3.2.
IP
2 IP
41
2.6
VLAN VPN
IP DNS
2.7
42
2.3.2.1.
VPN VPN VPN
Bond Bond
Bridge
VLAN VLAN VLAN
Team Team GUI
2.3.3.
NetworkManager
2.1 NetworkManager
1. Super Network
2.
3. 1
4. Identity Network identity
5. NetworkManager NetworkManager NetworkManager
2.3.4. nm-connection-editor
nm-connection-editor (Wi-FiDSL) 5
1. nm-connection-editor
~]$ nm-connection-editor
2 IP
43
2.
2.8
3.
2.9 nm-connection-editor
: Network
44
: NetworkManager
: root
VPN : NetworkManager VPN VPN
: Red Hat Enterprise Linux 7
VPN 3
2.3.5.
NetworkManager NetworkManager () NetworkManager connection permissions nm-settings(5)man ifcfg USERS USERS ifcfg
USERS="joe bob alice"
nm-connection-editor GNOME control-center Identity
NetworkManager user user-em2
2
2 IP
45
https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/Security_Guide/
polkit
2 polkit polkit(8) man
VPN Wi-Fi
2.2 control-center
root
1. Super Network
2.
3. 1
4. Identity Network identity
5. NetworkManager
2.3.6. control-center ()
Super Network
NetworkManager NetworkManager
46
Identity
2.10
: Network
MAC : MAC
: MAC
MTU: (MTU) MTU 1500
: Red Hat Enterprise Linux 7
: NetworkManager
: root
2 IP
47
https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/Security_Guide/
() NetworkManager GUI
(PNAC) 802.1X 802.1X
IPv4 IPv4 IPv4
IPv6 IPv6 IPv6
2.3.7. control-center Wi-Fi
NetworkManager Wi-Fi ( 802.1a/b/g/n )
(3G )
Wi-Fi (SSID)
NetworkManager NetworkManager Wi-Fi WPA-PSK ( WPA) WPA Enterprise (802.1X) 40-bit WEP 128-bit WPA Wi-Fi
NetworkManager
Wi-Fi
48
Wi-Fi (SSID) SSID NetworkManager SSID SSID
Super Network Wi-Fi SSID Wi-Fi
Wi-Fi
Wi-Fi Wi-Fi
SSID Wi-Fi ( SSID ) SSID Wi-Fi SSID
1. Super Network
2. Wi-Fi
3. Wi-Fi
4.
Wi-Fi Wi-Fi Wi-Fi Wi-Fi Identity
2 IP
49
2.11 Wi-Fi
SSID
(AP) (SSID)
BSSID
BSSID () (BSSID) MAC BSSID SSID BSSID
mac80211 BSSID NetworkManager
MAC
MAC Wi-Fi
1 MAC ()
50
MAC
: NetworkManager
: root
() GUI
Wi-Fi
IPv4 IPv4 IPv4
IPv6 IPv6 IPv6
2.4. VPN
Red Hat Enterprise Linux 7 VPN Libreswan IPsec GNOME NetworkManager-libreswan-gnome root
~]# yum install NetworkManager-libreswan-gnome
Red Hat Enterprise Linux 7 Red HatEnterprise Linux 7
(VPN) LAN () LAN VPN VPN VPN
1.
2.
2 IP
51
https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/
3. (ESP) ESP
VPN () VPN
VPN
2.3 control-center VPN
VPN
1. Super Network
2.
2.12
3. IPsec VPN
52
2.13 IPsec VPN
4. Identity
2 IP
53
2.14
VPN IP
VPN
VPN
VPN IKEv1
54
1
2
IPsec
2.4 VPN
VPN
1. Super Network
2. VPN
3.
2.15 VPN
4. Identity
2 IP
55
2.16 VPN
() VPN NetworkManager GUI
IPv4 IPv4 IPv4
IPv6 IPv6 IPv6
56
2.5.
NetworkManager 2G 3G
2G: GPRS (General Packet Radio Service)EDGE (Enhanced Data Rates for GSMEvolution) CDMA (Code Division Multiple Access)
3G: UMTS (Universal Mobile Telecommunications System)HSPA (High Speed PacketAccess) EVDO (EVolution Data-Only)
() () PC USB
2.5 nm-connection-editor
1. nm-connection-editor
~]$ nm-connection-editor
2.
3.
4.
5. 2G 3G
6.
7.
8. Access Point Name (APN)
9.
10.
2.6
1. nm-connection-editor
~]$ nm-connection-editor
2 IP
57
2. nm-connection-editor
3.
()
PPP PPP ()
IPv4 IPv4 IPv4
IPv6 IPv6 IPv6
( 2.5nm-connection-editor ) ID (3G 2G ) NetworkManager
GSM PPP APN
APN
GSM Access Point Name (APN) APN
ID
58
ID NetworkManager
Any: Any
3G (UMTS/HSPA): 3G
2G (GPRS/EDGE): 2G
Prefer 3G (UMTS/HSPA): HSPA UMTS 3G GPRS EDGE
Prefer 2G (GPRS/EDGE): GPRS EDGE 2G HSPA UMTS
NetworkManager NetworkManager
PIN
SIM (Subscriber Identity Module ()) PIN (Personal IdentificationNumber ()) PIN NetworkManager PIN NetworkManager SIM
CDMA EVDO APNNetwork ID Type
2.6. DSL
SOHO DSL DSL
2.7 nm-connection-editor DSL
1. nm-connection-editor
~]$ nm-connection-editor
2.
3.
4. DSL
5. DSL 1
2 IP
59
2.8 DSL
1. nm-connection-editor
~]$ nm-connection-editor
2. nm-connection-editor
DSL
() DSL
MAC MTU
PPP PPP ()
IPv4 IPv4 IPv4
2.7.
802.3 NetworkManager
2.7.1. 802.3
802.3
802-3-ethernet.auto-negotiate
802-3-ethernet.speed
802-3-ethernet.duplex
802.3 3
60
speed duplex
NetworkManager
802-3-ethernet.auto-negotiate = no802-3-ethernet.speed = 0802-3-ethernet.duplex = NULL
auto-negotiate no speed duplex
NetworkManager
802-3-ethernet.auto-negotiate = yes802-3-ethernet.speed = 0802-3-ethernet.duplex = NULL
speed duplex speed duplex
speed duplex
802-3-ethernet.auto-negotiate = no 802-3-ethernet.speed = [speed in Mbit/s] 802-3-ethernet.duplex = [half |full]
speed duplex NetworkManager
802.3
nmcli
nm-connection-editor
2.9 nmcli 802.3
2 IP
61
1. eth0
2. 802.3 802.3
speed 100 Mbit/s duplex full
nmcli connection add con-name MyEthernet type ethernet ifname eth0 \ 802-3-ethernet.auto-negotiate no \ 802-3-ethernet.speed 100 \ 802-3-ethernet.duplex full
2.10 nm-connection-editor 802.3
1. nm-connection-editor
~]$ nm-connection-editor
2. nm-connection-editor
3.
: ()
:
: Speed Duplex
62
2.17 nm-connection-editor 802.3
2.7.2. 802.1X
802.1X (PNAC) IEEE WPA Enterprise 802.1X 802.1X
802.1X (WLAN) (LAN) DHCP IP 802.1X
802.1X WLAN LAN EAP (ExtensibleAuthentication Protocol) 1 EAP
GUI 802.1X 802.1X (GUI ) Super
2 IP
63
Network 2.11 2.12
2.11
1.
2. 802.1X
3.
4. (TLS)
2.12
1. Wi-Fi
2. 802.1X
3.
4. LEAP WEP (802.1X)WPA & WPA2 Enterprise
5. extensible authentication protocol (EAP) (TLS)
nmcli 802.1X nmcli
1. key-mgmt () Wi-Fi nm-settings(5) man
2. 802-1x (TLS) (TLS) TLS
2.1 802-1x
802-1x
802-1x.identity
802-1x.ca-cert CA
802-1x.client-cert
64
802-1x.private-key
802-1x.private-key-password
802-1x
EAP-TLS WPA2 Enterprise
nmcli c add type wifi ifname wlan0 con-name 'My Wifi Network' \ 802-11-wireless.ssid 'My Wifi' \ 802-11-wireless-security.key-mgmt wpa-eap \ 802-1x.eap tls \ 802-1x.identity [email protected] \ 802-1x.ca-cert /etc/pki/my-wifi/ca.crt \ 802-1x.client-cert /etc/pki/my-wifi/client.crt \ 802-1x.private-key /etc/pki/my-wifi/client.key \ 802-1x.private-key-password s3cr3t
nmcli 802-11-wireless.ssid 802-11-wireless-security.key-mgmt
2.7.2.1. (TLS)
TLS () TLS ID TLS AESTKIPWEP
EAP-TLS TLS PKI () TLS (W)LAN
NetworkManager TLS NetworkManager wpa_supplicant OpenSSL TLS OpenSSL SSL/TLS
TLS TLS
2 IP
65
Flexible Authentication via Secure Tunneling FAST FAST
Tunneled Transport Layer Security (TTLS EAP-TTLS ) TLS TLS
Protected Extensible Authentication Protocol EAP (PEAP) EAP (PEAP)
2.7.2.2. TLS
X.509 Distinguished Encoding Rules(DER) Privacy Enhanced Mail (PEM)
CA
X.509 Distinguished Encoding Rules(DER) Privacy Enhanced Mail (PEM)
Distinguished Encoding Rules(DER)Privacy Enhanced Mail (PEM) Personal Information Exchange Syntax Standard(PKCS #12)
2.7.2.3. FAST
PAC
PAC
protected access credential (PAC)
GTC: Generic Token Card
MSCHAPv2: Microsoft 2
66
2.7.2.4. TLS
ID
CA
(CA)
PAP:
MSCHAP:
MSCHAPv2: Microsoft 2
CHAP:
2.7.2.5. EAP (PEAP)
ID
CA
(CA)
PEAP
EAP Automatic01
MSCHAPv2: Microsoft 2
MD5: 5
GTC: Generic Token Card
2 IP
67
2.7.3. Wi-Fi
: Wi-Fi
WEP 40/128-bit : IEEE 802.11 Wired Equivalent Privacy (WEP) (PSK)
WEP 128-bit : MD5 WEP
LEAP: Cisco Systems Lightweight Extensible Authentication Protocol
WEP (802.1X): WEP (TLS)
WPA & WPA2 Personal: IEEE 802.11i Wi-Fi Protected Access (WPA)WEP 802.11i-2004 Wi-Fi Protected Access II (WPA2) (WPA-PSK)
WPA & WPA2 Enterprise: RADUIS WPA IEEE 802.1X (TLS)
2.7.4. wpa_supplicant NetworkManager MACsec
Media Access Control Security (MACsec IEEE 802.1AE) LAN GCM-AES-128 MACsec IP (ARP) (ND) DHCP IPsec ( 3) SSL TLS ( 4) MACsec ( 2) MACsec
/CAK (CAK/CKN) MACsec
1. CAK/CKN 16 16
~]$ dd if=/dev/urandom count=16 bs=1 2> /dev/null | hexdump -e '1/2 "%02x"'
2. wpa_supplicant.conf
68
ctrl_interface=/var/run/wpa_supplicanteapol_version=3ap_scan=0fast_reauth=1
network={ key_mgmt=NONE eapol_flags=0 macsec_policy=1
mka_cak=0011... # 16 bytes hexadecimal mka_ckn=2233... # 32 bytes hexadecimal}
wpa_supplicant.conf mka_cak mka_ckn
wpa_supplicant.conf(5) man
3. eth0 wpa_supplicant
~]# wpa_supplicant -i eth0 -Dmacsec_linux -c wpa_supplicant.conf
Red Hat wpa_supplicant.conf nmcli wpa_supplicant 16 16 CAK ($MKA_CAK) 32 16 CKN ($MKA_CKN)
~]# nmcli connection add type macsec \ con-name test-macsec+ ifname macsec0 \ connection.autoconnect no \ macsec.parent eth0 macsec.mode psk \ macsec.mka-cak $MKA_CAK \ macsec.mka-cak-flags 0 \ macsec.mka-ckn $MKA_CKN
~]# nmcli connection up test-macsec+
macsec0
Whats new in MACsec: setting up MACsec using wpa_supplicant and (optionally)NetworkManagerMACsec MACsec: a different solution to encryptnetwork traffic
2.7.5. PPP ()
PPP PPP
2 IP
69
https://developers.redhat.com/blog/2017/06/28/whats-new-in-macsec-setting-up-macsec-using-wpa_supplicant-and-optionally-networkmanager/https://developers.redhat.com/blog/2016/10/14/macsec-a-different-solution-to-encrypt-network-traffic/
MPPE ()
Microsoft (RFC 3078)
BSD
PPP BSD (RFC 1977)
Deflate
PPP Deflate (RFC 1979)
TCP
TCP/IP (RFC 1144)
PPP echo
LCP Echo Echo (RFC 1661)
NetworkManager PPP PPP NetworkManager-ppp
2.7.6. IPv4
IPv4 IP DNS IPv4 VPNDSLIPv6 IPv6
DHCP DHCP IP (DHCP)
IPv4
IPv4
(DHCP): IP DHCP DHCP ID
(DHCP) : IP DHCP DNS
70
http://www.rfc-editor.org/info/rfc3078http://www.rfc-editor.org/info/rfc1977http://www.rfc-editor.org/info/rfc1979http://www.rfc-editor.org/info/rfc1144http://www.rfc-editor.org/info/rfc1661
: DHCP IP RFC 3927 169.254/16
: WAN 10.42.x.1/24 DHCP DNS (NAT)
: IPv4
DSL
: IP
(PPP): IP DNS
(PPP) : IP DNS DNS
VPN
(VPN): IP DNS
(VPN) : IP DNS DNS
DSL
(PPPoE): IP DNS
(PPPoE) : IP DNS DNS
2.7.7. IPv6
: IPv6
: SLAAC (RA)
: (RA) DNS
DHCP : RADHCPv6
2 IP
71
http://www.rfc-editor.org/info/rfc3927
: IP
: DHCP IP RFC 4862 FE80::0
DNS : DNS
:
2.7.8.
upVPN
DHCP () IP 192.168.10.1 192.168.10.254 192.168.10.0 192.168.10.255
IPv4 IPv6 GUI
: IP
: IP
: IP
:
RA DHCP
72
http://www.rfc-editor.org/info/rfc4862
VPN
2.8.
ip(8) man : ip
nmcli(1) man : NetworkManager
nmcli-examples(5) man : nmcli
nm-settings(5) man : NetworkManager
nm-settings-ifcfg-rh(5) man : ifcfg-rh
Red Hat Enterprise Linux 7
IPsec VPN DNSSEC DNS
RFC 1518: Classless Inter-Domain Routing (CIDR)
CIDR
RFC 1918: Address Allocation for Private Internets
IPv4
RFC 3330: Special-Use IPv4 Addresses
Internet Assigned Numbers Authority (IANA) IPv4
2 IP
73
https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/Security_Guide/http://www.rfc-editor.org/info/rfc1518http://www.rfc-editor.org/info/rfc1918http://www.rfc-editor.org/info/rfc3330
3
3.1.
hostname static ()prettytransient () 3
static hostname /etc/hostname transient hostname static localhost DHCP mDNS pretty hostname UTF8
64 Red Hat static transient host.example.com DNS (FQDN) static transient 7 ASCII DNS
hostnamectl static transient a-zA-Z0-9-_.2 64
3.1.1.
ICANN (The Internet Corporation for Assigned Names and Numbers) (.yourcompany ) Red Hat DNSSEC DNSSEC Name Collision Resources and Information
3.2. NMTUI
nmtui
~]$ nmtui
74
https://www.icann.org/namecollision
3.1 NetworkManager
Tab Shift+Tab Enter Space
nmtui (nmtui)
NetworkManager nmtui /etc/hostname
Red Hat Enterprise Linux 7 NetworkManager systemd-hostnamed /etc/hostname /etc/hostname NetworkManager hostnamectl /etc/sysconfig/network HOSTNAME
3.3. HOSTNAMECTL
hostnamectl 3
3.3.1.
~]$ hostnamectl status
status
3.3.2.
3
75
root
~]# hostnamectl set-hostname name
prettystatic transient static transient pretty -
3.3.3.
root
~]# hostnamectl set-hostname name [option...]
option --pretty--static --transient 1
--static --transient --pretty static transient pretty ---pretty
pretty
~]# hostnamectl set-hostname "Stephen's notebook" --pretty
3.3.4.
root
~]# hostnamectl set-hostname "" [option...]
"" option --pretty--static --transient 1
3.3.5.
hostnamectl -H, --host
~]# hostnamectl set-hostname -H [username]@hostname
hostname username hostnamectl SSH
3.4. NMCLI
NetworkManager nmcli /etc/hostname
76
~]$ nmcli general hostname
my-server root
~]# nmcli general hostname my-server
3.5.
hostnamectl(1) man : hostnamectl
hostname(1) man : hostname domainname
hostname(5) man :
hostname(7) man :
machine-info(5) man :
machine-id(5) man : ID
systemd-hostnamed.service(8) man : hostnamectl systemd-hostnamed
3
77
4 Red Hat Enterprise Linux 7 () 1
?
active-backupbalance-tlb balance-alb Cisco Modes 02 3 EtherChannel Mode 4 LACP EtherChannel https://www.kernel.org/doc/Documentation/networking/bonding.txt
4.1.
NetworkManager
1.
2.
3.
4. IP
5. DHCP
6. DHCP
7. DHCP
4.2. NMTUI
78
https://access.redhat.com/ja/solutions/1465133https://www.kernel.org/doc/Documentation/networking/bonding.txt
nmtui
~]$ nmtui
Tab Shift+Tab Enter Space
1.
4.1 NetworkManager
2.
4
79
4.2 NetworkManager
3.
80
4.3 NetworkManager
4. MAC MAC MAC OK
MAC
4
81
4.4 NetworkManager
5.
6. OK
82
4.5 NetworkManager
Bond
nmtui (nmtui)
4.3. NETWORKMANAGER NMCLI
nmcli NetworkManager (nmcli)
nmcli
~]$ nmcli con add type bond ifname mybond0Connection 'bond-mybond0' (5f739690-47e8-444b-9620-1895316a28ba) successfully added.
con-name
4
83
NetworkManager
~]$ nmcli con add type bond ifname mybond0 bond.options "mode=balance-rr,miimon=100"Connection 'bond-mybond0' (5f739690-47e8-444b-9620-1895316a28ba) successfully added.
1.
2.
~]$ nmcli con add type ethernet ifname ens3 master mybond0Connection 'bond-slave-ens3' (220f99c6-ee0a-42a1-820e-454cbabc2618) successfully added.
~]$ nmcli con add type ethernet ifname ens7 master mybond0Connection 'bond-slave-ens7' (ecc24c75-1c89-401f-90c8-9706531e0231) successfully added.
~]$ nmcli con up bond-slave-ens7Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/14)
~]$ nmcli con up bond-slave-ens3Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/15)
active_slave primary active_slave
~]$ nmcli dev mod bond0 +bond.options "active_slave=ens7"Connection successfully reapplied to device 'bond0'.
primary
~]$ nmcli dev mod bond0 +bond.options "primary=ens3"Connection successfully reapplied to device 'bond0'.
84
active_slave primary
4.4. (CLI)
4.4.1.
Red Hat Enterprise Linux 7 root
~]# modprobe --first-time bonding
Red Hat Enterprise Linux 7 BONDING_OPTS
~]$ modinfo bonding
modprobe(8) man
4.4.2.
/etc/sysconfig/network-scripts/ ifcfg-bondN N 0
DEVICE bondN N TYPE=Bond BONDING_MASTER=yes
4.1 ifcfg-bond0
DEVICE=bond0NAME=bond0TYPE=BondBONDING_MASTER=yesIPADDR=192.168.1.1PREFIX=24
4
85
https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/
NAME NetworkManager ONBOOT ()
ifcfg-bondN BONDING_OPTS="bonding parameters" /etc/modprobe.d/bonding.conf /etc/modprobe.conf
max_bonds ifcfg-bondN BONDING_OPTS
4.4.3.
MASTER SLAVE
4.2
2 eth0 eth1
N ONBOOT=yes TYPE=Ethernet
4.4.4.
ONBOOT=yesBOOTPROTO=noneBONDING_OPTS="bonding parameters separated by spaces"
DEVICE=ethNNAME=bond0-slaveTYPE=EthernetBOOTPROTO=noneONBOOT=yesMASTER=bond0SLAVE=yes
86
root
~]# ifup ifcfg-eth0Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7)
~]# ifup ifcfg-eth1Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8)
up down
ifdown ethN
(down)
NetworkManager root
~]# nmcli con load /etc/sysconfig/network-scripts/ifcfg-device
~]# nmcli con reload
NetworkManager NetworkManager.conf monitor-connection-files NetworkManager.conf(5) man
~]# ip link show1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eth0: mtu 1500 qdisc pfifo_fast master bond0 state UP mode DEFAULT qlen 1000 link/ether 52:54:00:e9:ce:d2 brd ff:ff:ff:ff:ff:ff3: eth1: mtu 1500 qdisc pfifo_fast master bond0 state UP mode DEFAULT qlen 1000 link/ether 52:54:00:38:a6:4c brd ff:ff:ff:ff:ff:ff4: bond0: mtu 1500 qdisc noqueue state UP mode DEFAULT link/ether 52:54:00:38:a6:4c brd ff:ff:ff:ff:ff:ff
4.4.5.
Red Hat Enterprise Linux 7 BONDING_OPTS
4
87
BONDING_OPTS ifcfg-bondN
SLAVE
MASTER
4.3 ifcfg-bondN
N 2 ifcfg-bond0 ifcfg-bond1 2 IP
4.2MASTER=bondN 2 2 4 2 MASTER=bond0 2 MASTER=bond1
4.5.
miimonarp_intervalarp_ip_target
4.5.1.
( ifcfg-bond0) BONDING_OPTS="bonding parameters" sysfs ()
sysfs sysfs
DEVICE=bondNNAME=bondNTYPE=BondBONDING_MASTER=yesIPADDR=192.168.1.1PREFIX=24ONBOOT=yesBOOTPROTO=noneBONDING_OPTS="bonding parameters separated by spaces"
88
sysfs /sys/ /sys/class/net/
ifcfg-bond0 bond0 SLAVE=yes MASTER=bond0
root ifup bondN
~]# ifup bond0
ifcfg-bond0 root ip link show bond0
~]# ip link show1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: eth0: mtu 1500 qdisc pfifo_fast master bond0 state UP mode DEFAULT qlen 1000 link/ether 52:54:00:e9:ce:d2 brd ff:ff:ff:ff:ff:ff3: eth1: mtu 1500 qdisc pfifo_fast master bond0 state UP mode DEFAULT qlen 1000 link/ether 52:54:00:38:a6:4c brd ff:ff:ff:ff:ff:ff4: bond0: mtu 1500 qdisc noqueue state UP mode DEFAULT link/ether 52:54:00:38:a6:4c brd ff:ff:ff:ff:ff:ff
~]$ cat /sys/class/net/bonding_mastersbond0
/sys/class/net/bondN/bonding/
~]# ifdown bond0
bond0 MII 1 root
~]# echo 1000 > /sys/class/net/bond0/bonding/miimon
bond0 balance-alb
~]# echo 6 > /sys/class/net/bond0/bonding/mode
~]# echo balance-alb > /sys/class/net/bond0/bonding/mode
4
89
ifup bondN sysfs
/etc/sysconfig/network-scripts/ifcfg-bondN BONDING_OPTS= (ONBOOT=yes ) BONDING_OPTS
modinfo bonding parm https://www.kernel.org/doc/Documentation/networking/bonding.txt
ad_select=value
802.3ad
stable 0:
bandwidth 1:
802.3ad
count 2: bandwidth
bandwidth count 802.3ad
arp_interval=time_in_milliseconds
ARP ()
arp_interval arp_ip_target miimon
90
https://www.kernel.org/doc/Documentation/networking/bonding.txt
mode=0 mode=2 (2 ) NIC https://www.kernel.org/doc/Documentation/networking/bonding.txt
0 ARP
arp_ip_target=ip_address[,ip_address_2,ip_address_16]
arp_interval ARP IP 16 IP
arp_validate=value
ARP / none activebackupall
downdelay=time_in_milliseconds
()miimon 0
fail_over_mac=value
- MAC () MAC
none 0: fail_over_mac -MAC
active 1: active fail_over_mac MAC MAC MAC MAC
MAC (ARP ) MAC ARP ARP ARP
MII ARP updelay
follow 2: follow fail_over_mac MAC ( MAC )2 MAC MAC ( MAC )
MAC
4
91
https://www.kernel.org/doc/Documentation/networking/bonding.txt
lacp_rate=value
802.3ad LACPDU
slow 0: 30 LACPDU
fast 1: 1 LACPDU
miimon=time_in_milliseconds
MII ()MII NIC NIC MII root
~]# ethtool interface_name | grep "Link detected:"
interface_name eth0 MII
Link detected: yes
NIC MII 0 () 100
arp_interval arp_ip_target miimon
mode=value
value
balance-rr 0:
active-backup 1:
balance-xor 2: XOR MAC MAC
92
broadcast 3:
802.3ad 4: IEEE 802.3ad 802.3ad
balance-tlb 5: (TLB) MAC
balance-alb 6: (ALB) IPv4 ARP
primary=interface_name
eth0 primary NIC 1
active-backup https://www.kernel.org/doc/Documentation/networking/bonding.txt
primary_reselect=value
always 0 ():
better 1:
failure 2:
primary_reselect 2
4
93
https://www.kernel.org/doc/Documentation/networking/bonding.txt
sysfs primary_reselect
resend_igmp=range
IGMP 1 200ms ()
0 255 1 0 IGMP
IGMP balance-rr (mode 0)active-backup (mode 1)balance-tlb (mode 5) balance-alb (mode 6) IGMP IGMP
updelay=time_in_milliseconds
()miimon 0
use_carrier=number
miimon MII/ETHTOOL ioctls netif_carrier_ok() netif_carrier_ok() netif_carrier_on/off
MII/ETHTOOL ioctls netif_carrier_on/off
1: netif_carrier_ok()
0: MII/ETHTOOL ioctls
netif_carrier_on/off
xmit_hash_policy=value
balance-xor 802.3ad
94
0 layer2: MAC XOR
(source_MAC_address XOR destination_MAC) MODULO slave_count
802.3ad
1 layer3+4: ()
TCP UDP :
((source_port XOR dest_port) XOR ((source_IP XOR dest_IP) AND 0xffff) MODULO slave_count
TCP UDP IP IP layer2
PFC2 Cisco Foundry IBM
802.3ad
2 layer2+3: layer2 layer3
MAC IP XOR
(((source_IP XOR dest_IP) AND 0xffff) XOR ( source_MAC XOR destination_MAC )) MODULO slave_count
IP layer2
layer3 layer2
802.3ad
4.6. GUI
nm-connection-editor NetworkManager 2 InfiniBand MAC
4.6.1.
4
95
4.1 nm-connection-editor
1. nm-connection-editor
~]$ nm-connection-editor
2. 1
4.6 NetworkManager Bond
3. Bond
96
4. bond0 1 MAC MAC MAC MAC MAC MAC
4.7 NetworkManager
5. Bond
6.
7. Bond
4.2
1. nm-connection-editor
~]$ nm-connection-editor
2.
4
97
3.
4.
5
: Network
: NetworkManager
: root
VPN : NetworkManager VPN VPN
: Red Hat Enterprise Linux 7
5. Bond
()
IPv4 IPv4 IPv4
IPv6 IPv6 IPv6
4.6.1.1. Bond
(4.1nm-connection-editor )
802.3ad
98
https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/Security_Guide/
InfiniBand
XOR
XOR () XOR MAC MAC
802.3ad
IEEE 802.3ad 802.3ad
(TLB) MAC
(ALB) IPv4 ARP
4
99
MII (Media Independent Interface)
MII ethtool 3
MII ()
up ()up ARP
down ()
ARP
(ARP) 1
2
ARP ()
ARP
ARP IP
4.7.
nmcli(1) man : NetworkManager
nmcli-examples(5) man : nmcli
nm-settings(5) man : NetworkManager
100
Red Hat Enterprise Linux 7
https://access.redhat.com/site/node/28421/Configuring_VLAN_devices_over_a_bonded_interface
VLAN Red Hat
4
101
https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/https://access.redhat.com/site/node/28421/Configuring_VLAN_devices_over_a_bonded_interface
5
5.1.
NIC Linux Red Hat Enterprise Linux 7
() Team Netlink API (API) Netlink API libTeam Netlink RT Netlinklibteam teamd teamd 1 1 teamd teamd libteam
teamdctl D-bus teamd teamdctl teamd D-Bus API D-Bus teamd Unix Domain Sockets D-Bus D-Bus teamd teamd D-Bus teamdctl
Team Netlink API Netlink libteam API libnl teamnl API
teamd
teamd NetworkManager
5.2.
102
NetworkManager
1.
2.
3.
4. IP
5. DHCP
6. DHCP
7. DHCP
?
5.3.
5.1
Tx
Tx
Tx
LACP (802.3ad) ()
Tx
5
103
https://access.redhat.com/ja/solutions/1465133
Tx (TLB)
LACP
LACP
Ethtool
ARP
NS/NA (IPv6)
/
()
Tx/Rx (rwlock) (RCU)
VLAN
D-Bus
LLDP zero config
NetworkManager
104
5.4.
teamd libteam 1 team0 team0 team1 teamd JSON teamd teamd teamd
broadcast ()
round-robin ()
active-backup (1 )
loadbalance ( Tx BPF Tx )
lacp (802.3ad )
ethtool (Libteam lib ethtool )
arp_ping (arp_ping ARP )
nsna_ping (IPv6 )
lacp ethtool
5.5.
teamd teamdroot
~]# yum install teamd
5.6.
bond2team ifcfg ifcfg JSON
5
105
ifcfg
~]$ bond2team --examples
/tmp/bond2team.XXXXXX/ XXXXXX /etc/sysconfig/network-scripts/
5.1
bond0 ifcfg root
~]# /usr/bin/bond2team --master bond0
bond0 --rename
~]# /usr/bin/bond2team --master bond0 --rename team0
ifcfg JSON --json JSON teamd.conf(5) man
5.2
bond0 ifcfg ifcfg root
~]# /usr/bin/bond2team --master bond0 --configdir /path/to/ifcfg-file
ifcfg JSON --json
5.3 Bond2team
bond2team
~]# /usr/bin/bond2team --bonding_opts "mode=1 miimon=500"
~]# /usr/bin/bond2team --bonding_opts "mode=1 miimon=500 primary=eth1 \ primary_reselect-0" --port eth1 --port eth2 --port eth3 --port eth4
106
bond2team(1) man
5.7.
~]$ ip link show1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: em1: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 52:54:00:6a:02:8a brd ff:ff:ff:ff:ff:ff3: em2: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000link/ether 52:54:00:9b:6d:2a brd ff:ff:ff:ff:ff:ff
5.8.
NetworkManager nmtui nmtui
nmcli nmcli
teamd teamd
ifcfg
GUI
5.9. NMTUI
nmtui
~]$ nmtui
Tab Shift+Tab Enter Space
5
107
1.
5.1 NetworkManager
2. team
108
5.2 NetworkManager
3.
5
109
5.3 NetworkManager
4. MAC MAC MAC OK
MAC
110
5.4 NetworkManager
5.
6. JSON vim vim JSON JSON
7. OK
5
111
5.5 NetworkManager
JSON teamd nmtui JSON DeviceJSON deviceport JSON JSON
nmtui (nmtui)
5.10.
5.10.1. nmcli
~]$ nmcli connection showNAME UUID TYPE DEVICEeth1 0e8185a1-f0fd-4802-99fb-bedbb31c689b 802-3-ethernet --eth0 dfe1f57b-419d-4d1c-aaf5-245deab82487 802-3-ethernet --
112
~]$ nmcli device statusDEVICE TYPE STATE CONNECTIONvirbr0 bridge connected virbr0ens3 ethernet connected ens3
ServerA
~]$ nmcli connection add type team ifname ServerAConnection 'team-ServerA' (b954c62f-5fdd-4339-97b0-40efac734c50) successfully added.
NetworkManager connection.autoconnect yes IP ipv4.method auto NetworkManager /etc/sysconfig/network-scripts/ifcfg-team-ServerA ONBOOT yes BOOTPROTO dhcp
ifcfg NetworkManager sysconfig
~]$ nmcli con show team-ServerAconnection.id: team-ServerAconnection.uuid: b954c62f-5fdd-4339-97b0-40efac734c50connection.interface-name: ServerAconnection.type: teamconnection.autoconnect: yesipv4.method: auto[]
JSON JSON teamd.conf(5) man con-name
~]$ nmcli connection add type team con-name Team0 ifname ServerBConnection 'Team0' (5f7160a1-09f6-4204-8ff0-6d96a91218a7) successfully added.
~]$ nmcli con showNAME UUID TYPE DEVICEteam-ServerA b954c62f-5fdd-4339-97b0-40efac734c50 team ServerAeth1 0e8185a1-f0fd-4802-99fb-bedbb31c689b 802-3-ethernet --eth0 dfe1f57b-419d-4d1c-aaf5-245deab82487 802-3-ethernet --Team0 5f7160a1-09f6-4204-8ff0-6d96a91218a7 team ServerB
5
113
nmcli con mod old-team-name connection.id new-team-name
nmcli connection modify team-name team.config JSON-config
JSON team.config JSON JSON
team.config
nmcli con show team-name | grep team.config
Team0 Team0-port1 eth0
~]$ nmcli con add type ethernet con-name Team0-port1 ifname eth0 master Team0Connection 'Team0-port1' (ccd87704-c866-459e-8fe7-01b06cf1cffc) successfully added.
Team0-port2 eth1
~]$ nmcli con add type team-slave con-name Team0-port2 ifname eth1 master Team0Connection 'Team0-port2' (a89ccff8-8202-411e-8ca6-2953b7db52dd) successfully added.
nmcli
~]$ nmcli connection up Team0-port1Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
~]$ nmcli connection up Team0-port2Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
~]$ ip link3: Team0: mtu 1500 qdisc noqueue state UP mode DEFAULT link/ether 52:54:00:76:6f:f0 brd ff:ff:ff:ff:ff:f
114
~]$ nmcli connection up Team0Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
nmcli NetworkManager (nmcli)
5.10.2. teamd
teamd nmcli ifcfg
JSON root
~]$ ls /usr/share/doc/teamd-*/example_configs/activebackup_arp_ping_1.conf activebackup_multi_lw_1.conf loadbalance_2.confactivebackup_arp_ping_2.conf activebackup_nsna_ping_1.conf loadbalance_3.confactivebackup_ethtool_1.conf broadcast.conf random.confactivebackup_ethtool_2.conf lacp_1.conf roundrobin_2.confactivebackup_ethtool_3.conf loadbalance_1.conf roundrobin.conf
activebackup_ethtool_1.conf
~]$ cat /usr/share/doc/teamd-*/example_configs/activebackup_ethtool_1.conf{ "device": "team0", "runner": {"name": "activebackup"}, "link_watch": {"name": "ethtool"}, "ports": { "eth1": { "prio": -10, "sticky": true }, "eth2": { "prio": 100 } }}
5
115
teamd
~]$ mkdir ~/teamd_working_configs
~]$ cp /usr/share/doc/teamd-*/example_configs/activebackup_ethtool_1.conf \ ~/teamd_working_configs/activebackup_ethtool_1.conf
~]$ vi ~/teamd_working_configs/activebackup_ethtool_1.conf
vi vi(1) man
down
~]$ ip link show1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:002: em1: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 52:54:00:d5:f7:d4 brd ff:ff:ff:ff:ff:ff3: em2: mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000 link/ether 52:54:00:d8:04:70 brd ff:ff:ff:ff:ff:ff
UP
root
~]# ip link set down em1
root ( teamd_working_configs )
~]# cd /home/userteamd_working_configs
~]# teamd -g -f activebackup_ethtool_1.conf -dUsing team device "team0".Using PID file "/var/run/teamd/team0.pid"Using config file "/home/user/teamd_working_configs/activebackup_ethtool_1.conf"
116
-g -f -d teamd(8) man
root
~]# teamdctl team0 statesetup: runner: activebackupports: em1 link watches: link summary: up instance[link_watch_0]: name: ethtool link: up em2 link watches: link summary: up instance[link_watch_0]: name: ethtool link: uprunner: active port: em1
team0 root
~]# ip addr add 192.168.23.2/24 dev team0
IP
~]$ ip addr show team04: team0: mtu 1500 qdisc noqueue state UP link/ether 16:38:57:60:20:6f brd ff:ff:ff:ff:ff:ff inet 192.168.23.2/24 scope global team0 valid_lft forever preferred_lft forever inet6 2620:52:0:221d:1438:57ff:fe60:206f/64 scope global dynamic valid_lft 2591880sec preferred_lft 604680sec inet6 fe80::1438:57ff:fe60:206f/64 scope link valid_lft forever preferred_lft forever
uproot
~]# ip link set dev team0 up
downroot
~]# ip link set dev team0 down
5
117
killroot
~]# teamd -t team0 -k
-k team0 killteamd(8) man
teamd
~]$ teamd -h
teamd(8) man
5.10.3. ifcfg
ifcfg /etc/sysconfig/network-scripts/
DEVICE=team0DEVICETYPE=TeamONBOOT=yesBOOTPROTO=noneIPADDR=192.168.11.1PREFIX=24TEAM_CONFIG='{"runner": {"name": "activebackup"}, "link_watch": {"name": "ethtool"}}'
team0 /etc/sysconfig/network-scripts/
DEVICE=eth1HWADDR=D4:85:64:01:46:9EDEVICETYPE=TeamPortONBOOT=yesTEAM_MASTER=team0TEAM_PORT_CONFIG='{"prio": 100}'
()DEVICE HWADDR prio 0 -32,767 +32,767 ()
HWADDR MAC 8
root
~]# ifup team0
118
~]$ ip link show
5.10.4. iputils
ip em1 team0 root
~]# ip link set dev em1 down~]# ip link set dev em1 master team0
5.10.5. teamnl
teamnl root
~]# teamnl team0 portsem2: up 100 fullduplexem1: up 100 fullduplex
5.10.6. teamnl
teamnl root
~]# teamnl team0 options
root
~]# teamnl team0 setoption mode activebackup
5.10.7. iputils
ip team0 root
~]# ip addr add 192.168.252.2/24 dev team0
5.10.8. iputils
ip team0 root
~]# ip link set team0 up
5.10.9. teamnl
5
119
teamnl activeport root
~]# teamnl team0 getoption activeport0
5.10.10. teamnl
teamnl activeport root
~]# teamnl team0 setoption activeport 5
root
~]# teamnl team0 getoption activeport5
5.11. TEAMDCTL TEAMD
teamd teamdctl
team0 root
~]# teamdctl team0 state view
~]# teamdctl team0 state view -v
team0 JSON ()
~]# teamdctl team0 state dump
team0 JSON
~]# teamdctl team0 config dump
team0 em1
~]# teamdctl team0 port config dump em1
5.11.1.
em1 team0 root
~]# teamdctl team0 port add em1
120
teamdctl down teamdctl team0 port add em1
5.11.2.
em1 team0 root
~]# teamdctl team0 port remove em1
5.11.3.
team0 em1 JSON root
~]# teamdctl team0 port config update em1 JSON-config-string
JSON-config-string JSON JSON JSON
{ "prio": -10, "sticky": true}
JSON
teamdctl(8) man
5.11.4.
team0 em1 root
~]# teamdctl team0 port config dump em1
JSON
5.12. TEAMD
teamd
5.12.1.
5
121
root JSON
{ "device": "team0", "runner": {"name": "broadcast"}, "ports": {"em1": {}, "em2": {}}}
teamd.conf(5) man
5.12.2.
root JSON
{ "device": "team0", "runner": {"name": "random"}, "ports": {"em1": {}, "em2": {}}}
teamd.conf(5) man
5.12.3.
root JSON
{ "device": "team0", "runner": {"name": "roundrobin"}, "ports": {"em1": {}, "em2": {}}}
teamd.conf(5) man
5.12.4.
JSON
{ "device": "team0", "runner": { "name": "activebackup" }, "link_watch": { "name": "ethtool" },
122
"ports": { "em1": { "prio": -10, "sticky": true }, "em2": { "prio": 100 } }}
ethtool em2 sticky em1
{ "device": "team0", "runner": { "name": "activebackup" }, "link_watch": { "name": "ethtool" }, "ports": { "em1": { "prio": -10, "sticky": true, "queue_id": 4 }, "em2": { "prio": 100 } }}
queue ID 4 ethtool em2 sticky em1
ethtool root JSON
{ "device": "team0", "runner": { "name": "activebackup" }, "link_watch": { "name": "ethtool", "delay_up": 2500, "delay_down": 1000 }, "ports": { "em1": { "prio": -10,
5
123
"sticky": true }, "em2": { "prio": 100 } }}
ethtool em2 sticky em1
teamd.conf(5) man
5.12.5.
2 teamd
(Tx) root JSON
{ "device": "team0", "runner": { "name": "loadbalance", "tx_hash": ["eth", "ipv4", "ipv6"] }, "ports": {"em1": {}, "em2": {}}}
(Tx)
(Tx) root JSON
{ "device": "team0", "runner": { "name": "loadbalance", "tx_hash": ["eth", "ipv4", "ipv6"], "tx_balancer": { "name": "basic" } }, "ports": {"em1": {}, "em2": {}}}
(Tx)
124
teamd.conf(5) man
5.12.6. LACP (802.3ad)
ethtool LACP root JSON
{ "device": "team0", "runner": { "name": "lacp", "active": true, "fast_rate": true, "tx_hash": ["eth", "ipv4", "ipv6"] }, "link_watch": {"name": "ethtool"}, "ports": {"em1": {}, "em2": {}}}
link aggregation control protocol (LACP) LACP ethtool ethtool arp_ping ARP ethtool
(Tx)
"tx_balancer": { "name": "basic"}
teamd.conf(5) man
5.12.7.
root JSON JSON
5.12.7.1. Ethtool
()
"link_watch": { "name": "ethtool", "delay_up": 2500}
()
"link_watch": {
5
125
"name": "ethtool", "delay_down": 1000}
5.12.7.2. ARP Ping
teamd ARP arping
JSON
{ "device": "team0", "runner": {"name": "activebackup"}, "link_watch":{ "name": "arp_ping", "interval": 100, "missed_max": 30, "source_host": "192.168.23.2", "target_host": "192.168.23.1" }, "ports": { "em1": { "prio": -10, "sticky": true }, "em2": { "prio": 100 } }}
arp_ping missed_max ( ARP ) interval
JSON em2 root
~]# port config update em2 JSON-config-file
teamdctl(8) man
5.12.7.3. IPv6 NA/NS
{ "device": "team0", "runner": {"name": "activebackup"}, "link_watch": { "name": "nsna_ping", "interval": 200,
126
"missed_max": 15, "target_host": "fe80::210:18ff:feaa:bbcc" }, "ports": { "em1": { "prio": -10, "sticky": true }, "em2": { "prio": 100 } }}
NS/NA
"link_watch": { "name": "nsna_ping", "interval": 200}
missed_max
NS/NA
"link_watch": { "name": "nsna_ping", "missed_max": 15}
NS/NA missed_max ( ARP ) interval
NS/NA IPv6
"link_watch": { "name": "nsna_ping", "target_host": "MyStorage"}
target_hostIPv6 NS/NA IPv6
teamd.conf(5) man
5.12.8.
5
127
(teamd ) 16Netlink tx_queues
ID queue_id
{ "queue_id": 3}
ID tc 192.168.1.100 eth1 root
~]# tc qdisc add dev team0 handle 1 root multiq~]# tc filter add dev team0 protocol ip parent 1: prio 1 u32 match ip dst \ 192.168.1.100 action skbedit queue_mapping 3
5.12.9. BPF Tx
LACP Berkeley Packet Filter (BPF) BPF 8 256 (SKB)
Tx
eth: MAC
vlan: VLAN ID
ipv4: IPv4
ipv6: IPv6
ip: IPv4 IPv6
l3: IPv4 IPv6
tcp: TCP
128
udp: UDP
sctp: SCTP
l4: TCPUDP SCTP
"tx_hash": ["eth", "ipv4", "ipv6"]
5.13. GUI
5.13.1.
nm-connection-editor NetworkManager 2 InfiniBand MAC
5.1 nm-connection-editor
1. nm-connection-editor
~]$ nm-connection-editor
2. 1
5
129
5.6 NetworkManager Team
3. Team Team
4. team0 1
130
5.7 NetworkManager
5. Team JSON
6.
7. Team
8.
9.
5.2
1. nm-connection-editor
~]$ nm-connection-editor
2.
3.
4. 5
5
131
: Network
: NetworkManager
: root
VPN : NetworkManager VPN VPN
: Red Hat Enterprise Linux 7
5.
()
IPv4 IPv4 IPv4
IPv6 IPv6 IPv6
5.13.1.1.
JSON JSON
JSON teamd
5.1nm-connection-editor
5.14.
teamd(8) man : teamd
teamdctl(8) man : teamd
teamd.conf(5) man : teamd
132
https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/7/html/Security_Guide/
teamnl(8) man : teamd Netlink
bond2team(1) man :
http://www.w3schools.com/js/js_json_syntax.asp
JSON
5
133
http://www.w3schools.com/js/js_json_syntax.asp
6 MAC MAC Linux NIC 1 NIC
Wi-Fi IEEE 802.11 Wi-Fi 3
6.1. NMTUI
nmtui
~]$ nmtui
Tab Shift+Tab Enter Space
1.
134
6.1 NetworkManager
2.
3.
6
135
6.2 NetworkManager
4. MAC MAC MAC OK
MAC
136
6.3 NetworkManager
5.
6. OK
6
137
6.4 NetworkManager
nmtui (nmtui)
6.2. NETWORKMANAGER NMCLI
bridge-br0 root
~]# nmcli con add type bridge ifname br0Connection 'bridge-br0' (6ad5bba6-98a0-4f20-839d-c997ba7668ad) successfully added.
bridgebridge-1bridge-2
~]$ nmcli con showNAME UUID TYPE DEVICE
138
bridge-br0 79cf6a3e-0310-4a78-b759-bda1cc3eef8d bridge br0eth0 4d5c449a-a6c5-451c-8206-3c9a4ec88bca 802-3-ethernet eth0
(STP) IEEE802.1D-1998 STP root
~]# nmcli con modify bridge-br0 bridge.stp no
802.1D STP root
~]# nmcli con modify bridge-br0 bridge.stp yes
802.1D STP 32768 root 32768 () 28672 root
~]$ nmcli con add type bridge ifname br5 stp yes priority 28672Connection 'bridge-br5' (86b83ad3-b466-4795-aeb6-4a66eb1856c7) successfully added.
0 65535
~]$ nmcli connection modify bridge-br5 bridge.priority 36864
0 65535
~]$ nmcli -f bridge con show bridge-br0
802.1D STP nmcli(1) man
eth1 bridge-br0
~]$ nmcli con add type ethernet ifname eth1 master bridge-br0Connection 'bridge-slave-eth1' (70ffae80-7428-4d9c-8cbd-2e35de72476e) successfully added.
nmcli
~]$ nmcli connection edit bridge-br0
nmcli
nmcli> set bridge.priority 4096
6
139
nmcli> saveConnection 'bridge-br0' (79cf6a3e-0310-4a78-b759-bda1cc3eef8d) successfully saved.nmcli> quit
nmcli NetworkManager (nmcli)
6.3. (CLI)
6.3.1.
Red Hat Enterprise Linux 7 root
~]# modprobe --first-time bridgemodprobe: ERROR: could not insert 'bridge': Module already in kernel
~]$ modinfo bridge
modprobe(8) man
6.3.2.
/etc/sysconfig/network-scripts/ ifcfg-brN N 0
DEVICE brN N
TYPE Bridge /
IP MAC ()
DELAY=0 MAC 15
6.1 ifcfg-br0
IP
DEVICE=br0
140
6.2 ifcfg-ethX
/etc/sysconfig/network-scripts/ifcfg-ethX X
NAME NetworkManager ifcfg-rh Type Interface Bridge br0 NAME=bridge-br0 ifcfg-br0 bridge-br0
DEVICE TYPE=Ethernet TYPE ()
HWADDR MAC 8
TYPE=BridgeIPADDR=192.168.1.1PREFIX=24BOOTPROTO=noneONBOOT=y