[ASK] - How to add IP Route using Channel Bonding in RHEL6

rahardj · 01-04-2013, 08:47 AM

Hi All,

I have question about IP Route using Channel Bonding in RHEL6.

For example I have 1 machine with 4 Ethernet and I will create 2 channel bonding that connect to 2 different switches in different VLAN with following details:

eth0 to switch A (VLAN1, gateway: 10.1.0.1/28)
eth1 to switch B (VLAN1, gateway: 10.1.0.2/28)
eth2 to switch A (VLAN2, gateway: 10.1.0.10/28)
eth3 to switch B (VLAN2, gateway: 10.1.0.11/28)

Current Config:

Code:

cat etc/modprobe.d/bonding.conf 
alias bond0 bonding
alias bond1 bonding

cat /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
NM_CONTROLLED="no"
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
BONDING_OPTS="mode=1 miimon=100 primary=eth0"
IPADDR=10.1.0.4 
NETMASK=255.255.255.240
GATEWAY=10.1.0.1

cat /etc/sysconfig/network-scripts/ifcfg-bond1
DEVICE=bond1
NM_CONTROLLED="no"
BOOTPROTO=none
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
BONDING_OPTS="mode=1 miimon=100 primary=eth2"
IPADDR=10.1.0.13 
NETMASK=255.255.255.240
GATEWAY=10.1.0.10

cat /etc/sysconfig/network-scripts/ifcfg-eth0 
DEVICE="eth0"
NM_CONTROLLED="no"
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
USERCTL=no
DEFROUTE=no
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
PEERDNS=yes

cat /etc/sysconfig/network-scripts/ifcfg-eth1 
DEVICE="eth1"
NM_CONTROLLED="no"
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
USERCTL=no
DEFROUTE=no
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth1"
PEERDNS=yes

cat /etc/sysconfig/network-scripts/ifcfg-eth2 
DEVICE="eth2"
NM_CONTROLLED="no"
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
MASTER=bond1
SLAVE=yes
USERCTL=no
DEFROUTE=no
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth2"
PEERDNS=yes

cat /etc/sysconfig/network-scripts/ifcfg-eth3 
DEVICE="eth3"
NM_CONTROLLED="no"
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
MASTER=bond1
SLAVE=yes
USERCTL=no
DEFROUTE=no
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth3"
PEERDNS=yes

QUESTIONS:

Is that configuration above correct for channel bonding? If not please help to made correction
How to configure to add route to made the server unable to ping/access from the computer with IP: 10.2.0.17/24 Gateway: 10.2.0.1 and IP: 10.2.2.10/24 Gateway: 10.2.2.1?

Many thanks for help

amlife · 01-04-2013, 09:06 AM

Well, generally this how its done.

1. Bond interfaces

2. create virtual interfaces which corresponds to your network vlan setup ( you will need to configure bridging).

I can guide you how to get it done, but first, lets get bonding out of the way!

Your config seems okay, have you tried applying it? if so, have you rebooted your system?

Quote:

cat /proc/net/bonding/bond0

You should see an output like this.

Ethernet Channel Bonding Driver: v3.6.0 (September 26, 2009)

Bonding Mode: adaptive load balancing
Primary Slave: None
Currently Active Slave: eth1
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:26:6c:f0:79:20
Slave queue ID: 0

Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:26:6c:f0:79:21
Slave queue ID: 0

rahardj · 01-04-2013, 09:19 AM

Hi amlife,

Yes the configuration for channel bonding works in my server, but I didn't test if primary Ethernet down. For example for Bond0 if eth0, I'm not sure eth1 will take over due the physical to different switch with different gateway with eth0

Please also help me to answer my 2nd question

Quote:

2. How to configure to add route to made the server unable to ping/access from the computer with IP: 10.2.0.17/24 Gateway: 10.2.0.1 and IP: 10.2.2.10/24 Gateway: 10.2.2.1?

amlife · 01-06-2013, 11:45 PM

there are number of ways to get it done, I would prefere to use iptables to control the traffic

iptables -A INPUT -s 10.2.0.17 -j DROP
iptables -A OUTPUT -d 10.2.0.17 -j DROP

iptables -A INPUT -s 10.2.2.10 -j DROP
iptables -A OUTPUT -d 10.2.2.10 -j DROP

rahardj · 01-16-2013, 09:38 PM

Hi alife,

How do I put the iptables config that you describe below? this should be done on router/switch or I should create config on the server?

Quote:

Originally Posted by amlife

there are number of ways to get it done, I would prefere to use iptables to control the traffic

iptables -A INPUT -s 10.2.0.17 -j DROP
iptables -A OUTPUT -d 10.2.0.17 -j DROP

iptables -A INPUT -s 10.2.2.10 -j DROP
iptables -A OUTPUT -d 10.2.2.10 -j DROP

amlife · 01-17-2013, 05:21 PM

ptables -A INPUT -s 10.2.0.17 -j DROP
iptables -A OUTPUT -d 10.2.0.17 -j DROP

iptables -A INPUT -s 10.2.2.10 -j DROP
iptables -A OUTPUT -d 10.2.2.10 -j DROP

You just need to run the commands one by one at the shell, then run iptables -L to verify