RHEL 계열 리눅스에서 네트워크가 ifcfg 를 통해 제어되는 경우 Multi-Homed 설정 방법
Overview
Network
[ Prefix = 24 ] == [ Netmask 255.255.255.0 ]
| Interface | IP | Gateway | Prefix | Default Route | Note |
|---|---|---|---|---|---|
| eth0 | 10.0.10.5 | 10.0.10.1 | 24 | Y | 주로 사용되는 네트워크 인터페이스 |
| eth1 | 10.0.20.5 | 10.0.20.1 | 24 | N | |
| eth2 | 10.0.30.5 | 10.0.30.1 | 24 | N |
Route
| Route | Gateway | Interface | Note |
|---|---|---|---|
| default | 10.0.10.1 | eth0 | 다음에 언급되지 않은 IP 와는 eth0 를 통해 통신이 된다는 의미임 |
| 10.0.20.0/24 | 10.0.20.1 | eth1 | |
| 10.0.30.0/24 | 10.0.30.1 | eth2 | |
| 192.168.20.0/24 | 10.0.20.1 | eth1 | IP 가 192.168.20.0/24 ( 192.168.20.1 ~ 255 )인 경우 eth1 를 통해 통신이 된다는 의미임 |
| 192.168.30.0/24 | 10.0.30.1 | eth2 |
ifcfg config
[ DEFROUTE=yes ] 는 하나의 인터페이스만! 나머지는 [ DEFROUTE=no ] 으로 설정
ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO=none DEFROUTE=yes DEVICE=eth0 DNS1=8.8.8.8 GATEWAY=10.0.10.1 IPADDR=10.0.10.5 PREFIX=24 # PREFIX 대신 NETMASK 로도 설정 가능 # NETMASK=255.255.255.0 ONBOOT=yes TYPE=Ethernet USERCTL=no MTU=9000
ifcfg-eth1
/etc/sysconfig/network-scripts/ifcfg-eth1
BOOTPROTO=none DEFROUTE=no DEVICE=eth1 GATEWAY=10.0.20.1 IPADDR=10.0.20.5 PREFIX=24 ONBOOT=yes TYPE=Ethernet USERCTL=no MTU=9000
ifcfg-eth2
/etc/sysconfig/network-scripts/ifcfg-eth2
BOOTPROTO=none DEFROUTE=no DEVICE=eth1 GATEWAY=10.0.30.1 IPADDR=10.0.30.5 PREFIX=24 ONBOOT=yes TYPE=Ethernet USERCTL=no MTU=9000
route-eth1
/etc/sysconfig/network-scripts/route-eth1
192.168.20.0/24 via 10.0.20.1 dev eth1
route-eth2
/etc/sysconfig/network-scripts/route-eth2
192.168.30.0/24 via 10.0.30.1 dev eth2
rp_filter ( reverse path filtering ) config
rp_filter = 0 이어야 함
/etc/sysctl.d/99-rp_filter.conf
net.ipv4.conf.eth0.rp_filter = 0 net.ipv4.conf.eth1.rp_filter = 0 net.ipv4.conf.eth2.rp_filter = 0
Reboot
reboot
Reboot 없이 적용
1) 설정 적용 및 네트워크 재시작
sysctl -p /etc/sysctl.d/99-rp_filter.conf systemctl restart network 또는 systemctl restart NetworkManager
2) 다음 챕터인 Check 를 따라 적용된 사항을 확인
3) 의도하지 않은 사항이 있으면 수동으로 명령하여 조정
- ip route 에 의도치 않은 라우팅 항목이 있으면 삭제
예) ip route del 192.168.20.0/24 dev eth1 proto kernel scope link src 10.0.20.50 metric 101 - ip addr 에 의도치 않은 주소가 등록되어 있으면 삭제
예) ip addr del 10.0.20.50/24 dev eth1
Check
rp_filter
# sysctl net.ipv4.conf.eth0.rp_filter net.ipv4.conf.eth1.rp_filter net.ipv4.conf.eth2.rp_filter net.ipv4.conf.eth0.rp_filter = 0 net.ipv4.conf.eth1.rp_filter = 0 net.ipv4.conf.eth2.rp_filter = 0
IP config
# ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP group default qlen 1000
inet 10.0.10.5/24 brd 10.0.10.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP group default qlen 1000
inet 10.0.20.5/24 brd 10.0.20.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP group default qlen 1000
inet 10.0.30.5/24 brd 10.0.30.255 scope global noprefixroute eth2
valid_lft forever preferred_lft forever
Route config
# ip route default via 10.0.10.1 dev eth0 proto static metric 100 10.0.10.1/24 dev eth0 proto kernel scope link src 10.0.10.5 metric 100 10.0.20.1/24 dev eth1 proto kernel scope link src 10.0.20.5 metric 101 10.0.30.1/24 dev eth2 proto kernel scope link src 10.0.30.5 metric 101 192.168.20.0/24 via 10.0.20.1 dev eth1 proto static metric 101 192.168.30.0/24 via 10.0.30.1 dev eth2 proto static metric 101
Test
Route test via default route
# traceroute -q 1 -n 192.168.20.50 traceroute to 192.168.20.50 (192.168.20.50), 30 hops max, 60 byte packets 1 10.0.20.1 0.303 ms 2 * * * 3 * * * 4 192.168.20.1 2.568 ms 5 192.168.20.1 2.765 ms
Route test via custom route
route 파일에 등록된 경로대로 패킷이 전달되는지 확인
# traceroute -q 1 -n 192.168.20.50 traceroute to 192.168.20.50 (192.168.20.50), 30 hops max, 60 byte packets 1 10.0.20.1 0.303 ms 2 * * * 3 * * * 4 192.168.20.1 2.568 ms 5 192.168.20.1 2.765 ms