vlan management with iproute2

Use iproute2 to manage vlan:

# ip link add name eth0.3 link eth0  type vlan id 3
# ip link

To show vlan info you need the -d option.

# ip -d link show eth0.3
# ip l f eth0.3

Names like eth0.3 are a convention. The following works too:

# ip l a name foo3 link eth0  type vlan id 3
# ip -d l s foo3
32: foo3@eth0 [snip]
    vlan protocol 802.1Q id 12

Bridge management with iproute2

You can do simple management tasks on linux virtual bridges using iproute2.

While you can’t set STP or showmacs, you can create/delete bridges and add/remove interfaces.

The following commands are the same.

* add bridge

#brctl addbr ipbr0
#ip l a ipbr0 type bridge

* add interface to bridge

#brctl addif ipbr0 eth0
#ip l s eth0 master ipbr0

* remove interface from bridge

#brctl delif ipbr0 eth0
#ip l s eth0 nomaster

* remove bridge

#brctl delbr ipbr0
#ip l d ipbr0 

VIP loves privacy…with arptables!

If you want to hide your cluster vip for some time, you can play with

#ip link set eth3 arp off

But if your vip is on a virtual interface or a secondary ip, #ip link; can’t help you.

You can just

#sudo yum -y install arptables_jf
#arptables  -A IN -d $YOURVIP -j DROP

The syntax mimics iptables, so

#arptables-save ; # list rules
#arptables -F ; # flush rules

ip route cheatsheet – tunnel with assigned interfaces

When creating an ip tunnel (see ip route cheatsheet) you may let linux to find the right routing path between the nodes.

To create a tunnel between two exact ips (eg. one node has more of one ip on the same network) you have to use the `local` options.

ex. with the following configuration

# host1
eth0: 192.168.0.1/16, 192.168.1.1/16
# host2
eth2: 192.168.0.2/16

Just force host1 to use one of the source ip.

#host1
ip tun add tun0 mode ipip remote 192.168.0.2 local 192.168.1.1
# host2
ip tun add tun0 mode ipip remote 192.168.0.1 local 192.168.0.2

routes made easy

The legacy routes configuration on RH-like was ugly and error prone. You had to compile files like the following:

# route-eth0
ADDRESS0=10.10.10.0
NETMASK0=255.255.255.0
GATEWAY0=192.168.0.253
ADDRESS1=172.16.1.0
NETMASK1=255.255.255.0
GATEWAY1=192.168.0.254

You had to preserve enumeration and evaluate netmasks. This was probably due to the usage of route script, which synopsis is

route add -net $ADDRESS0 netmask $NETMASK0 gw $GATEWAY0

The “new” iproute2 suite allows a new format of route files, compatible with the route dumping.

#route-eth0
10.10.10.0/24 via 192.168.0.253 dev eth0
172.16.1.0/26 via 192.168.0.254 dev eth0

At this point it’s easy to create our route-ethX files starting from the #ip route; output.

#ip route list scope global | grep -- eth0 | grep -v 'default' > route-eth0

In this case we filtered out two kind of entries:
* the default gateway, that could be managed via DHCP or other means like /etc/sysconfig/network:GATEWAY
* non global scope routes, like the ones set by #ip; when assigning addresses.
Check

#man ip |less +/rt_scope

Eg.

#ip -4 -o a list eth2; # show the ip
8: eth2    inet 192.168.0.40/26 brd 192.168.0.63 scope global eth2

#ip route | grep eth2 # show all eth2-related routes
192.168.0.0/26 dev eth2  proto kernel  scope link  src 192.168.0.40    #scope link!
10.0.10.0/24 via 192.168.0.1 dev eth2 

ip route cheatsheet – link, address, tunnel

ip route is the new Linux ip and routing management suite.

ip l # list devices
ip l l eth0 # list only one
ip l s eth0 [down|up] # set link status
ip l s eth0 multicast [on|off] # set multicast status

ip a l # list addresses
ip -4 -o a # list just ipv4 addresses
ip a a 192.168.0.1/24 dev eth0 # set an ip
ip a d 192.168.0.1/32 dev eth0 # remove an ip
ip a f dev eth0 # remove all ips from eth0

ip r # list routes
ip r l m 172.23.0.4 # show the route for the given ip

ip ne # list arp table (ipv4 neighbour table)

# create a tunnel between two host
host1: ip tun add tunnel0 mode ipip remote 192.168.0.2
host1: ip a a 10.0.0.1/24 dev tunnel0
host1: ip l s tunnel0 up
host2: ip tun add tunnel0 mode ipip remote 192.168.0.1
host1: ip a a 10.0.0.2/24 dev tunnel0
host2: ip l s tunnel0 up