RHEL / CentOS nmcli madness II

nmcli

While writing, last weeks post became pretty awesome and should be a great, solid basis for your understanding of nmcli and network configuration in general.

This week I’ll be getting more into the RHCE part of nmcli: teaming network interfaces for high availability, backup and failover and aggregation.

Let’s get started.

From last weeks post we’ve got two configured ports eth1 and eth2 or you can start over, it doesn’t matter, as long as you have two ports to spare. Mind you that I say ‘to spare’ because we will be bringing stuff down. If this is your active connection, make sure to pay extra attention.

While teaming two ports, you have multiple options:

  • broadcast – all packets transmitted on all ports
  • roundrobin – packets transmitted round-robin on all ports
  • activebackup – failover/backup config
  • loadbalance – optimal load balance between all ports
  • lacp – load balancing based on lacp

For our example we’ll be setting up activebackup because you can immediately notice (and test) the benefits.

Check existing connections:

# nmcli con show

I’ll be working with the last two:

NAME         UUID                                  TYPE      DEVICE 
System eth0  5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  eth0   
System eth1  9c92fad9-6ecb-3e6c-eb4d-8a47c6f50c04  ethernet  eth1   
System eth2  3a73717e-65ab-93e8-b518-24f5af32dc0d  ethernet  eth2   

I’m making sure these two won’t autoconnect by themselves and I’ll bring them down:

# nmcli con mod System\ eth1 autoconnect no
# nmcli con mod System\ eth2 autoconnect no
# nmcli con down System\ eth1 
# nmcli con down System\ eth2 
# nmcli con show

Next we’re actually setting up the team.

# nmcli con add type team con-name myteam ifname myteam config '{"runner": {"name": "activebackup"}}'

Now, for people not too familiar with json, like me, this might look kind of foreign, but it’s just the way how the config should be specified.

Let’s give our new team a valid IP config:

# nmcli con mod myteam ipv4.method manual ipv4.addresses '172.17.3.10/16'

Pick an IP that suits your needs. This might feel a bit like it should be reversed, but after the team port, we’re setting up the individual ports that make up the team:

# nmcli con add type team-slave con-name myteam-port1 ifname eth1 master myteam
# nmcli con add type team-slave con-name myteam-port2 ifname eth2 master myteam 

I hope the above is self explanatory for the most part. We’re creating two slave ports for our master ‘myteam’ and are assigning the ‘eth1’ and ‘eth2’ as the interface name. These might be different for you, depending on the output of the very first ‘nmcli con show’ or a simple ‘ip a s’ command.

Get it all up and running:

# nmcli con up myteam-port1
# nmcli con up myteam-port2
# nmcli con up myteam
# nmcli con mod myteam autoconnect yes

Checks of connections, ports and teams:

# nmcli con show
# teamdctl myteam state

Clean up the old ones and reboot:

# nmcli con del System\ eth1
# nmcli con del System\ eth2
# shutdown -r

After a reboot your team connection should be up and running!

Last but not least, let’s simulate a situation where one of your interfaces goes down. First recheck your team state:

# teamdctl myteam state

Should output:

setup:
  runner: activebackup
ports:
  eth1
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 0
  eth2
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 0
runner:
  active port: eth1

In my case the active port is eth1. I’m bringing it down and immediately run the teamdctl command again:

# nmcli con down myteam-port1
# teamdctl myteam state

The interface, IP and all running services should remain unaffected.

setup:
  runner: activebackup
ports:
  eth2
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
        down count: 0
runner:
  active port: eth2

Get your port up again:

# nmcli con up myteam-port1

The active port will remain eth2 and eth1 will be running as a backup now.

Update: nmcli post 1 and post 2.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.