RHEL 계열 리눅스에서 네트워크가 NetworkManager (nmcli) 를 통해 제어되는 경우 Multi-Homed 설정 방법
Overview
Network
[ Prefix = 24 ] == [ Netmask 255.255.255.0 ]
Interface | IP | Gateway | Prefix | Default Route | Note |
---|---|---|---|---|---|
eth0 | 10.0.10.5 | 10.0.10.1 | 24 | Y | 주로 사용되는 네트워크 인터페이스 |
eth1 | 10.0.20.5 | 10.0.20.1 | 24 | N | |
eth2 | 10.0.30.5 | 10.0.30.1 | 24 | N |
Route
Route | Gateway | Interface | Note |
---|---|---|---|
default | 10.0.10.1 | eth0 | 다음에 언급되지 않은 IP 와는 eth0 를 통해 통신이 된다는 의미임 |
10.0.20.0/24 | 10.0.20.1 | eth1 | |
10.0.30.0/24 | 10.0.30.1 | eth2 | |
192.168.20.0/24 | 10.0.20.1 | eth1 | IP 가 192.168.20.0/24 ( 192.168.20.1 ~ 255 )인 경우 eth1 를 통해 통신이 된다는 의미임 |
192.168.30.0/24 | 10.0.30.1 | eth2 |
(참고) ifcfg → NetworkManager 마이그레이션
RHEL9 계열인데 아직 ifcfg 를 사용하고 있는 경우
ifcfg 를 사용해도 되고, NetworkManager 를 사용해도 됨
# ls -1 /etc/sysconfig/network-scripts ifcfg-eth0 ifcfg-eth1 ifcfg-eth2 route-eth1 route-eth2 # nmcli conn migrate Connection 'lo' (a347aabb-185b-474d-950d-375806be80a8) successfully migrated. Connection 'System eth0' (5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03) successfully migrated. Connection 'System eth1' (9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04) successfully migrated. Connection 'System eth2' (98476239-7eac-4a8c-9092-8c67c90f0001) successfully migrated. # ls /etc/sysconfig/network-scripts readme-ifcfg-rh.txt # ls -1 /etc/NetworkManager/system-connections/ 'System eth0.nmconnection' 'System eth1.nmconnection' 'System eth2.nmconnection'
NetworkManager Config
Multi Home Guide for RHEL using ifcfg 와는 다르게, 특정 인터페이스를 통하는 라우팅 설정은 각 설정파일 안에 기록함
ifcfg 의 [ DEFROUTE=no ] 설정은 [ never-default=true ] 임
System eth0.nmconnection
/etc/NetworkManager/system-connections/System\ eth0.nmconnection
[connection] id=System eth0 type=ethernet interface-name=eth0 [ethernet] [ipv4] address1=10.0.10.5/24,10.0.10.1 dns=8.8.8.8; method=manual [ipv6] method=ignore [proxy]
System eth1.nmconnection
/etc/NetworkManager/system-connections/System\ eth1.nmconnection
[connection] id=System eth1 type=ethernet interface-name=eth1 [ethernet] [ipv4] address1=10.0.20.5/24,10.0.20.1 method=manual never-default=true route1=192.168.20.0/24,10.0.20.1 [ipv6] method=ignore [proxy]
System eth2.nmconnection
/etc/NetworkManager/system-connections/System\ eth2.nmconnection
[connection] id=System eth2 type=ethernet interface-name=eth2 [ethernet] [ipv4] address1=10.0.30.5/24,10.0.30.1 method=manual never-default=true route1=192.168.30.0/24,10.0.30.1 [ipv6] method=ignore [proxy]
rp_filter ( reverse path filtering ) config
rp_filter = 0 이어야 함
/etc/sysctl.d/99-rp_filter.conf
net.ipv4.conf.eth0.rp_filter = 0 net.ipv4.conf.eth1.rp_filter = 0 net.ipv4.conf.eth2.rp_filter = 0
Reboot
reboot
Reboot 없이 적용
1) 설정 적용 및 네트워크 재시작
sysctl -p /etc/sysctl.d/99-rp_filter.conf systemctl restart network 또는 systemctl restart NetworkManager
2) 다음 챕터인 Check 를 따라 적용된 사항을 확인
3) 의도하지 않은 사항이 있으면 수동으로 명령하여 조정
- ip route 에 의도치 않은 라우팅 항목이 있으면 삭제
예) ip route del 192.168.20.0/24 dev eth1 proto kernel scope link src 10.0.20.50 metric 101 - ip addr 에 의도치 않은 주소가 등록되어 있으면 삭제
예) ip addr del 10.0.20.50/24 dev eth1
Check
rp_filter
# sysctl net.ipv4.conf.eth0.rp_filter net.ipv4.conf.eth1.rp_filter net.ipv4.conf.eth2.rp_filter net.ipv4.conf.eth0.rp_filter = 0 net.ipv4.conf.eth1.rp_filter = 0 net.ipv4.conf.eth2.rp_filter = 0
IP config
# ip addr 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP group default qlen 1000 inet 10.0.10.5/24 brd 10.0.10.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP group default qlen 1000 inet 10.0.20.5/24 brd 10.0.20.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP group default qlen 1000 inet 10.0.30.5/24 brd 10.0.30.255 scope global noprefixroute eth2 valid_lft forever preferred_lft forever
Route config
# ip route default via 10.0.10.1 dev eth0 proto static metric 100 10.0.10.1/24 dev eth0 proto kernel scope link src 10.0.10.5 metric 100 10.0.20.1/24 dev eth1 proto kernel scope link src 10.0.20.5 metric 101 10.0.30.1/24 dev eth2 proto kernel scope link src 10.0.30.5 metric 101 192.168.20.0/24 via 10.0.20.1 dev eth1 proto static metric 101 192.168.30.0/24 via 10.0.30.1 dev eth2 proto static metric 101
Test
Route test via default route
# traceroute -q 1 -n 192.168.20.50 traceroute to 192.168.20.50 (192.168.20.50), 30 hops max, 60 byte packets 1 10.0.20.1 0.303 ms 2 * * * 3 * * * 4 192.168.20.1 2.568 ms 5 192.168.20.1 2.765 ms
Route test via custom route
route 파일에 등록된 경로대로 패킷이 전달되는지 확인
# traceroute -q 1 -n 192.168.20.50 traceroute to 192.168.20.50 (192.168.20.50), 30 hops max, 60 byte packets 1 10.0.20.1 0.303 ms 2 * * * 3 * * * 4 192.168.20.1 2.568 ms 5 192.168.20.1 2.765 ms