RHEL 계열 리눅스에서 네트워크가 NetworkManager (nmcli) 를 통해 제어되는 경우 Multi-Homed 설정 방법

Overview

Network

[ Prefix = 24 ] == [ Netmask 255.255.255.0 ]

InterfaceIPGatewayPrefixDefault RouteNote
eth010.0.10.510.0.10.124Y주로 사용되는 네트워크 인터페이스
eth110.0.20.510.0.20.124N
eth210.0.30.510.0.30.124N

Route

RouteGatewayInterfaceNote
default10.0.10.1eth0다음에 언급되지 않은 IP 와는
eth0 를 통해 통신이 된다는 의미임
10.0.20.0/2410.0.20.1eth1
10.0.30.0/2410.0.30.1eth2
192.168.20.0/2410.0.20.1eth1IP 가 192.168.20.0/24
( 192.168.20.1 ~ 255 )인 경우 
eth1 를 통해 통신이 된다는 의미임
192.168.30.0/2410.0.30.1eth2

(참고) ifcfg → NetworkManager 마이그레이션

RHEL9 계열인데 아직 ifcfg 를 사용하고 있는 경우
ifcfg 를 사용해도 되고, NetworkManager 를 사용해도 됨

# ls -1 /etc/sysconfig/network-scripts
ifcfg-eth0
ifcfg-eth1
ifcfg-eth2
route-eth1
route-eth2

# nmcli conn migrate
Connection 'lo' (a347aabb-185b-474d-950d-375806be80a8) successfully migrated.
Connection 'System eth0' (5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03) successfully migrated.
Connection 'System eth1' (9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04) successfully migrated.
Connection 'System eth2' (98476239-7eac-4a8c-9092-8c67c90f0001) successfully migrated.


# ls /etc/sysconfig/network-scripts
readme-ifcfg-rh.txt


# ls -1 /etc/NetworkManager/system-connections/
'System eth0.nmconnection'
'System eth1.nmconnection'
'System eth2.nmconnection'

NetworkManager Config

Multi Home Guide for RHEL using ifcfg 와는 다르게, 특정 인터페이스를 통하는 라우팅 설정은 각 설정파일 안에 기록함

ifcfg 의 [ DEFROUTE=no ] 설정은 [ never-default=true ] 임

System eth0.nmconnection

/etc/NetworkManager/system-connections/System\ eth0.nmconnection
[connection]
id=System eth0
type=ethernet
interface-name=eth0

[ethernet]

[ipv4]
address1=10.0.10.5/24,10.0.10.1
dns=8.8.8.8;
method=manual

[ipv6]
method=ignore

[proxy]

System eth1.nmconnection

/etc/NetworkManager/system-connections/System\ eth1.nmconnection
[connection]
id=System eth1
type=ethernet
interface-name=eth1

[ethernet]

[ipv4]
address1=10.0.20.5/24,10.0.20.1
method=manual
never-default=true
route1=192.168.20.0/24,10.0.20.1

[ipv6]
method=ignore

[proxy]

System eth2.nmconnection

/etc/NetworkManager/system-connections/System\ eth2.nmconnection
[connection]
id=System eth2
type=ethernet
interface-name=eth2

[ethernet]

[ipv4]
address1=10.0.30.5/24,10.0.30.1
method=manual
never-default=true
route1=192.168.30.0/24,10.0.30.1

[ipv6]
method=ignore

[proxy]

rp_filter ( reverse path filtering ) config

(참고) 역방향 경로 전달 - RHEL 7 메뉴얼

rp_filter = 0 이어야 함

/etc/sysctl.d/99-rp_filter.conf
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth1.rp_filter = 0
net.ipv4.conf.eth2.rp_filter = 0

Reboot

reboot

Reboot 없이 적용

1) 설정 적용 및 네트워크 재시작

sysctl -p /etc/sysctl.d/99-rp_filter.conf

systemctl restart network
또는
systemctl restart NetworkManager

2) 다음 챕터인 Check 를 따라 적용된 사항을 확인

3) 의도하지 않은 사항이 있으면 수동으로 명령하여 조정

  • ip route 에 의도치 않은 라우팅 항목이 있으면 삭제
    예) ip route del 192.168.20.0/24 dev eth1 proto kernel scope link src 10.0.20.50 metric 101
  • ip addr 에 의도치 않은 주소가 등록되어 있으면 삭제
    예) ip addr del 10.0.20.50/24 dev eth1

Check

rp_filter

# sysctl net.ipv4.conf.eth0.rp_filter net.ipv4.conf.eth1.rp_filter net.ipv4.conf.eth2.rp_filter
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth1.rp_filter = 0
net.ipv4.conf.eth2.rp_filter = 0

IP config

# ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP group default qlen 1000
    inet 10.0.10.5/24 brd 10.0.10.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP group default qlen 1000
    inet 10.0.20.5/24 brd 10.0.20.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP group default qlen 1000
    inet 10.0.30.5/24 brd 10.0.30.255 scope global noprefixroute eth2
       valid_lft forever preferred_lft forever

Route config

# ip route
default via 10.0.10.1 dev eth0 proto static metric 100
10.0.10.1/24 dev eth0 proto kernel scope link src 10.0.10.5 metric 100
10.0.20.1/24 dev eth1 proto kernel scope link src 10.0.20.5 metric 101
10.0.30.1/24 dev eth2 proto kernel scope link src 10.0.30.5 metric 101
192.168.20.0/24 via 10.0.20.1 dev eth1 proto static metric 101
192.168.30.0/24 via 10.0.30.1 dev eth2 proto static metric 101

Test

Route test via default route

# traceroute -q 1 -n 192.168.20.50
traceroute to 192.168.20.50 (192.168.20.50), 30 hops max, 60 byte packets
 1  10.0.20.1        0.303 ms
 2  * * *
 3  * * *
 4  192.168.20.1     2.568 ms
 5  192.168.20.1     2.765 ms 

Route test via custom route

route 파일에 등록된 경로대로 패킷이 전달되는지 확인

# traceroute -q 1 -n 192.168.20.50
traceroute to 192.168.20.50 (192.168.20.50), 30 hops max, 60 byte packets
 1  10.0.20.1        0.303 ms
 2  * * *
 3  * * *
 4  192.168.20.1     2.568 ms
 5  192.168.20.1     2.765 ms