Use iproute2 to manage vlan:
# ip link add name eth0.3 link eth0 type vlan id 3 # ip link
To show vlan info you need the -d option.
# ip -d link show eth0.3 # ip l f eth0.3
Names like eth0.3 are a convention. The following works too:
# ip l a name foo3 link eth0 type vlan id 3
# ip -d l s foo3
32: foo3@eth0 [snip]
vlan protocol 802.1Q id 12
You can do simple management tasks on linux virtual bridges using iproute2.
While you can’t set STP or showmacs, you can create/delete bridges and add/remove interfaces.
The following commands are the same.
* add bridge
#brctl addbr ipbr0 #ip l a ipbr0 type bridge
* add interface to bridge
#brctl addif ipbr0 eth0 #ip l s eth0 master ipbr0
* remove interface from bridge
#brctl delif ipbr0 eth0 #ip l s eth0 nomaster
* remove bridge
#brctl delbr ipbr0 #ip l d ipbr0
If you want to hide your cluster vip for some time, you can play with
#ip link set eth3 arp off
But if your vip is on a virtual interface or a secondary ip, #ip link; can’t help you.
You can just
#sudo yum -y install arptables_jf #arptables -A IN -d $YOURVIP -j DROP
The syntax mimics iptables, so
#arptables-save ; # list rules #arptables -F ; # flush rules
When creating an ip tunnel (see ip route cheatsheet) you may let linux to find the right routing path between the nodes.
To create a tunnel between two exact ips (eg. one node has more of one ip on the same network) you have to use the `local` options.
ex. with the following configuration
# host1 eth0: 192.168.0.1/16, 192.168.1.1/16 # host2 eth2: 192.168.0.2/16
Just force host1 to use one of the source ip.
#host1 ip tun add tun0 mode ipip remote 192.168.0.2 local 192.168.1.1 # host2 ip tun add tun0 mode ipip remote 192.168.0.1 local 192.168.0.2
The legacy routes configuration on RH-like was ugly and error prone. You had to compile files like the following:
# route-eth0 ADDRESS0=10.10.10.0 NETMASK0=255.255.255.0 GATEWAY0=192.168.0.253 ADDRESS1=172.16.1.0 NETMASK1=255.255.255.0 GATEWAY1=192.168.0.254
You had to preserve enumeration and evaluate netmasks. This was probably due to the usage of route script, which synopsis is
route add -net $ADDRESS0 netmask $NETMASK0 gw $GATEWAY0
The “new” iproute2 suite allows a new format of route files, compatible with the route dumping.
#route-eth0 10.10.10.0/24 via 192.168.0.253 dev eth0 172.16.1.0/26 via 192.168.0.254 dev eth0
At this point it’s easy to create our route-ethX files starting from the #ip route; output.
#ip route list scope global | grep -- eth0 | grep -v 'default' > route-eth0
In this case we filtered out two kind of entries:
* the default gateway, that could be managed via DHCP or other means like /etc/sysconfig/network:GATEWAY
* non global scope routes, like the ones set by #ip; when assigning addresses.
Check
#man ip |less +/rt_scope
Eg.
#ip -4 -o a list eth2; # show the ip 8: eth2 inet 192.168.0.40/26 brd 192.168.0.63 scope global eth2 #ip route | grep eth2 # show all eth2-related routes 192.168.0.0/26 dev eth2 proto kernel scope link src 192.168.0.40 #scope link! 10.0.10.0/24 via 192.168.0.1 dev eth2
ip route is the new Linux ip and routing management suite.
ip l # list devices
ip l l eth0 # list only one
ip l s eth0 [down|up] # set link status
ip l s eth0 multicast [on|off] # set multicast status
ip a l # list addresses
ip -4 -o a # list just ipv4 addresses
ip a a 192.168.0.1/24 dev eth0 # set an ip
ip a d 192.168.0.1/32 dev eth0 # remove an ip
ip a f dev eth0 # remove all ips from eth0
ip r # list routes
ip r l m 172.23.0.4 # show the route for the given ip
ip ne # list arp table (ipv4 neighbour table)
# create a tunnel between two host
host1: ip tun add tunnel0 mode ipip remote 192.168.0.2
host1: ip a a 10.0.0.1/24 dev tunnel0
host1: ip l s tunnel0 up
host2: ip tun add tunnel0 mode ipip remote 192.168.0.1
host1: ip a a 10.0.0.2/24 dev tunnel0
host2: ip l s tunnel0 up