Managing Networks With nmcli: Difference between revisions

From Alteeve Wiki
Jump to navigation Jump to search
Line 385: Line 385:


Done!  
Done!  
= Assigning IP Addresses =
In this example, we're going to assign IP addresses to various devices.
== Assigning an IP Address to an Interface ==
<span class="code"></span>
<syntaxhighlight lang="bash">
</syntaxhighlight>
<syntaxhighlight lang="text">
</syntaxhighlight>
== Assigning an IP Address to a Bond ==
<span class="code"></span>
<syntaxhighlight lang="bash">
</syntaxhighlight>
<syntaxhighlight lang="text">
</syntaxhighlight>
== Assigning an IP Address to a Bridge ==





Revision as of 22:36, 15 December 2023

 AN!Wiki :: How To :: Managing Networks With nmcli

This article shows how to manage a network using just nmcli.

Key to this article, and to EL9 and above OSes, is that the old ifcfg-X files are no longer used. They can be forced, but let's not hold on to the past like that.

Network Manager Device Parameters

Network Manager stores all of the information relating to a network device in a "profile". What exactly is stored in this profile will vary be device, which can be seen using the "nmcli connection show <device_name>" command. The output is quite extensive, and there is an example of a standard network interface at the end of this tutorial.

Setting a Static IP on an Interface

The most basic step we'll start with is to simple assign a static IP address


Naming and Labelling Interfaces

Note: This requires that the initscripts-rename-device program is installed.

In previous versions of the Anvil!, we would uninstall biosdevname and change the actual network interface name to reflect it's role in the Anvil! cluster. This is no longer viable with EL9.

Note: In EL9, Red Hat says to only use biosdevname on Dell systems. We'll try to avoid that to provide maximum hardware agnosticism.

To rename an interface, first we need to decide which we want to rename. For this example, we've got only one network interface on the system, named enp1s0. We will rename this to 'ifn1_link1'.

ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:d3:19:cc brd ff:ff:ff:ff:ff:ff
    inet 192.168.6.142/16 brd 192.168.255.255 scope global dynamic noprefixroute enp1s0
       valid_lft 3435sec preferred_lft 3435sec
    inet6 fe80::5054:ff:fed3:19cc/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

The lo interface is virtual and we will ignore it.

Note the MAC address, which is "52:54:00:d3:19:cc" in this example.

We need the type ID for this interface, which we can find by reading /sys/class/net/enp1s0/type.

cat /sys/class/net/enp1s0/type
1

Now create or append the file /etc/udev/rules.d/70-persistent-net.rules and add this line;

vim /etc/udev/rules.d/70-persistent-net.rules
SUBSYSTEM=="net",ACTION=="add",ATTR{address}=="52:54:00:d3:19:cc",ATTR{type}=="1",NAME="ifn1_link1"
Note: This next step is optional and can take a minute to complete, please be patient. It's likely not actually needed.

Regenerate the initrd RAM disk image. Note that there will be no output.

dracut -f

Identify the name of the device we're renaming.

nmcli --fields device,name connection show
DEVICE  NAME   
enp1s0  enp1s0 
lo      lo

In this example, both the name and the device are the same. If the "NAME" column was something other than enp1s0, make note of the name.

We need to clear the existing interface name. We can see the existing name with the command below, where X in "show X is the device NAME from above:

nmcli --fields connection.interface-name connection show enp1s0
connection.interface-name:              enp1s0

So we got the name right, so now lets delete it.

nmcli connection modify enp1s0 connection.interface-name ""

There's no output from this command, but we can re-run the previous command to confirm the change.

nmcli --fields connection.interface-name connection show enp1s0
connection.interface-name:              --

Last step, before rebooting, is to match the old and new device names. First we can see if there's an existing "match" parameter, and there should NOT be one.

nmcli --fields match.interface-name connection show enp1s0

This parameter doesn't exist, and so there is no output. That's expected. Now set the match:

nmcli connection modify enp1s0 match.interface-name "ifn1_link1 enp1s0"

As before, there's no output. However, now there should be output when we query that parameter.

nmcli --fields match.interface-name connection show enp1s0
match.interface-name:                   ifn1_link1,enp1s0

Excellent! Now reboot the computer.

reboot

Once it's back up, you can check that the new device name exists.

ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ifn1_link1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:d3:19:cc brd ff:ff:ff:ff:ff:ff
    altname enp1s0
    inet 192.168.6.142/16 brd 192.168.255.255 scope global dynamic noprefixroute ifn1_link1
       valid_lft 3577sec preferred_lft 3577sec
    inet6 fe80::5054:ff:fed3:19cc/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

If we look at network manager's output, we can see the new name has been applied to the interface.

nmcli --fields device,name connection show
DEVICE      NAME   
ifn1_link1  enp1s0 
lo          lo

Voila! The device has been renamed!

Configuring a Bond

A bond is a pairing of two or more interfaces to provide increased bandwidth, increased reliability, or both.

In the Anvil! platform, active-passive, aka mode=1, is the mode we will use. It is the only bond type that does NOT increase bandwidth, but it is the one that fails over the fastest.

Configuring an Active-Passive Bond

At this point in the tutorial, the earlier example system now has six network interfaces, all of which have been renamed to ifn1_link1, ifn1_link2, bcn1_link1, bcn1_link2, sn1_link1, and sn1_link2.

For this example, we will create the bond named sn1_bond1, which will pair the sn1_link1 and sn1_link2 interfaces.

Each bonding mode has a set of configurable parameters, and those won't be covered in detail here. For this tutorial, the parameters we'll set are;

  • downdelay=0 - Change to the backup interface immediately on fault
  • updelay=120000 - Consider a link ready only after it's been up for 120 seconds.
  • miimon=100 - Check for a link every 100ms, in case the link state didn't change.
  • mode=active-backup - The bonding mode we're using.
  • primary=sn1_link1 - Use this interface if it's up.

You can read about network bonding in EL9 in detail here (Red Hat account required).

Here's the command to create the bond interface;

nmcli connection add type bond con-name sn1_bond1 ifname sn1_bond1 bond.options "mode=active-backup,miimon=100,downdelay=0,updelay=120000,primary=sn1_link1"
Connection 'sn1_bond1' (8d463d4d-1e09-4892-a192-1bad4459320c) successfully added.

Indeed, we can see the bond now;

nmcli connection show
NAME       UUID                                  TYPE      DEVICE     
enp10s0    0c601a39-65c0-3c6b-a064-a7df8d2d4329  ethernet  sn1_link1  
enp11s0    77a64113-ea2a-3644-8ad4-2c30d8196f09  ethernet  sn1_link2  
enp8s0     61cbf1bc-aab7-3b78-8d81-48a92409882b  ethernet  bcn1_link1 
enp9s0     7f45a5a2-2ba0-37e0-a38d-2a9da80653fd  ethernet  bcn1_link2 
sn1_bond1  8d463d4d-1e09-4892-a192-1bad4459320c  bond      sn1_bond1  
enp1s0     80d3aaf2-0ed8-3e32-977c-e3c63c39581f  ethernet  ifn1_link1 
enp7s0     8248651b-06ce-32e1-a9b4-67a9aa578ab6  ethernet  ifn1_link2 
lo         e5f527b2-03d7-492d-982e-45ae4779c2e5  loopback  lo

We can also see it in the special /proc/net/bonding/sn1_bond1 file;

cat /proc/net/bonding/sn1_bond1
Ethernet Channel Bonding Driver: v5.14.0-362.8.1.el9_3.x86_64

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: None
MII Status: down
MII Polling Interval (ms): 100
Up Delay (ms): 120000
Down Delay (ms): 0
Peer Notification Delay (ms): 0

Those familiar with bonding will note that the bond has no interfaces yet. So now to tell it to use the sn1_link1 and sn1_link2 interfaces.

Note: Red Hat as a company, and Linux as a community, are working to remove problematic language such as "master" and "slave". This is an ongoing process, and until it's finished, some of this legacy language is still used, as we'll see now.
nmcli connection add type ethernet con-name sn1_bond1_port1 ifname sn1_link1 master sn1_bond1
Connection 'sn1_bond1_port1' (f11e76d0-72a6-46e6-928f-5d654128d753) successfully added.

We can confirm this worked with nmcli;

nmcli connection show
NAME             UUID                                  TYPE      DEVICE     
sn1_bond1        dc6bc3c4-a3b6-458f-875b-630500bc050f  bond      sn1_bond1  
enp1s0           80d3aaf2-0ed8-3e32-977c-e3c63c39581f  ethernet  ifn1_link1 
enp7s0           8248651b-06ce-32e1-a9b4-67a9aa578ab6  ethernet  ifn1_link2 
lo               e5f527b2-03d7-492d-982e-45ae4779c2e5  loopback  lo         
sn1_bond1_port1  f11e76d0-72a6-46e6-928f-5d654128d753  ethernet  sn1_link1  
enp10s0          0c601a39-65c0-3c6b-a064-a7df8d2d4329  ethernet  --         
enp11s0          77a64113-ea2a-3644-8ad4-2c30d8196f09  ethernet  --         
enp8s0           61cbf1bc-aab7-3b78-8d81-48a92409882b  ethernet  --         
enp9s0           7f45a5a2-2ba0-37e0-a38d-2a9da80653fd  ethernet  --

Now lets add the second interface.

nmcli connection add type ethernet con-name sn1_bond1_port2 ifname sn1_link2 master sn1_bond1
Connection 'sn1_bond1_port2' (1f851704-8ba5-49fa-870a-f781781776ea) successfully added.

Again, lets confirm;

nmcli connection show
NAME             UUID                                  TYPE      DEVICE     
enp1s0           80d3aaf2-0ed8-3e32-977c-e3c63c39581f  ethernet  ifn1_link1 
enp7s0           8248651b-06ce-32e1-a9b4-67a9aa578ab6  ethernet  ifn1_link2 
lo               e5f527b2-03d7-492d-982e-45ae4779c2e5  loopback  lo         
enp10s0          0c601a39-65c0-3c6b-a064-a7df8d2d4329  ethernet  --         
enp11s0          77a64113-ea2a-3644-8ad4-2c30d8196f09  ethernet  --         
enp8s0           61cbf1bc-aab7-3b78-8d81-48a92409882b  ethernet  --         
enp9s0           7f45a5a2-2ba0-37e0-a38d-2a9da80653fd  ethernet  --         
sn1_bond1        dc6bc3c4-a3b6-458f-875b-630500bc050f  bond      --         
sn1_bond1_port1  f11e76d0-72a6-46e6-928f-5d654128d753  ethernet  --         
sn1_bond1_port2  1f851704-8ba5-49fa-870a-f781781776ea  ethernet  --

Lets also now look at /proc/net/bonding/sn1_bond1;

cat /proc/net/bonding/sn1_bond1
Ethernet Channel Bonding Driver: v5.14.0-362.8.1.el9_3.x86_64

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: sn1_link1 (primary_reselect always)
Currently Active Slave: sn1_link1
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 120000
Down Delay (ms): 0
Peer Notification Delay (ms): 0

Slave Interface: sn1_link1
MII Status: up
Speed: Unknown
Duplex: Unknown
Link Failure Count: 0
Permanent HW addr: 52:54:00:37:6f:22
Slave queue ID: 0

Slave Interface: sn1_link2
MII Status: going back
Speed: Unknown
Duplex: Unknown
Link Failure Count: 0
Permanent HW addr: 52:54:00:2f:02:1b
Slave queue ID: 0

Done!

Creating a Bridge Interface

A bridge is, basically, a dumb layer-2 ethernet switch. It is used to connect the network interfaces in virtual machines to the outside world, via a physical network interface. The bridge itself is called the "controller", and devices connected to it (typically the vnetX devices connecting a VM's interface to the bridge) are called "ports".

We built on the last tutorial to creat the bonded interface bcn1_bond1. We'll now create the bridge bcn1_bridge1, and use the bond as the (redundant) connection to the outside world.

nmcli connection add type bridge con-name bcn1_bridge1 ifname bcn1_bridge1
Connection 'bcn1_bridge1' (07829ca1-e028-40eb-b3b0-346f46a2bd49) successfully added.

Indeed, we can now see this new bridge.

nmcli connection show
NAME              UUID                                  TYPE      DEVICE       
bcn1_bridge1      07829ca1-e028-40eb-b3b0-346f46a2bd49  bridge    bcn1_bridge1 
enp8s0            61cbf1bc-aab7-3b78-8d81-48a92409882b  ethernet  bcn1_link1   
enp9s0            7f45a5a2-2ba0-37e0-a38d-2a9da80653fd  ethernet  bcn1_link2   
sn1_bond1         dc6bc3c4-a3b6-458f-875b-630500bc050f  bond      sn1_bond1    
enp1s0            80d3aaf2-0ed8-3e32-977c-e3c63c39581f  ethernet  ifn1_link1   
enp7s0            8248651b-06ce-32e1-a9b4-67a9aa578ab6  ethernet  ifn1_link2   
lo                e5f527b2-03d7-492d-982e-45ae4779c2e5  loopback  lo           
sn1_bond1_port1   f11e76d0-72a6-46e6-928f-5d654128d753  ethernet  sn1_link1    
sn1_bond1_port2   1f851704-8ba5-49fa-870a-f781781776ea  ethernet  sn1_link2    
bcn1_bond1        9c13f3ee-0f64-4185-895b-5682797a73a3  bond      --           
bcn1_bond1_port1  be724752-9dca-466f-a26c-84ce77af41d6  ethernet  --           
bcn1_bond1_port2  912cfa55-7cd6-41f3-9004-7c0f137af84c  ethernet  --           
enp10s0           0c601a39-65c0-3c6b-a064-a7df8d2d4329  ethernet  --           
enp11s0           77a64113-ea2a-3644-8ad4-2c30d8196f09  ethernet  --

Now connect the

nmcli connection modify bcn1_bond1 master bcn1_bridge1
<no output from this command>

To verify that the bond is now connected to the bridge, you can check the connection.master and connection.slave-type fields;

nmcli --fields connection.master,connection.slave-type connection show bcn1_bond1
connection.master:                      bcn1_bridge1
connection.slave-type:                  bridge

Done!

Assigning IP Addresses

In this example, we're going to assign IP addresses to various devices.

Assigning an IP Address to an Interface

Assigning an IP Address to a Bond

Assigning an IP Address to a Bridge

Network Properties Example

nmcli connection show enp1s0
connection.id:                          enp1s0
connection.uuid:                        80d3aaf2-0ed8-3e32-977c-e3c63c39581f
connection.stable-id:                   --
connection.type:                        802-3-ethernet
connection.interface-name:              enp1s0
connection.autoconnect:                 yes
connection.autoconnect-priority:        -999
connection.autoconnect-retries:         -1 (default)
connection.multi-connect:               0 (default)
connection.auth-retries:                -1
connection.timestamp:                   1701721755
connection.permissions:                 --
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (default)
connection.secondaries:                 --
connection.gateway-ping-timeout:        0
connection.metered:                     unknown
connection.lldp:                        default
connection.mdns:                        -1 (default)
connection.llmnr:                       -1 (default)
connection.dns-over-tls:                -1 (default)
connection.mptcp-flags:                 0x0 (default)
connection.wait-device-timeout:         -1
connection.wait-activation-delay:       -1
802-3-ethernet.port:                    --
802-3-ethernet.speed:                   0
802-3-ethernet.duplex:                  --
802-3-ethernet.auto-negotiate:          no
802-3-ethernet.mac-address:             --
802-3-ethernet.cloned-mac-address:      --
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist:   --
802-3-ethernet.mtu:                     auto
802-3-ethernet.s390-subchannels:        --
802-3-ethernet.s390-nettype:            --
802-3-ethernet.s390-options:            --
802-3-ethernet.wake-on-lan:             default
802-3-ethernet.wake-on-lan-password:    --
802-3-ethernet.accept-all-mac-addresses:-1 (default)
ipv4.method:                            auto
ipv4.dns:                               --
ipv4.dns-search:                        --
ipv4.dns-options:                       --
ipv4.dns-priority:                      0
ipv4.addresses:                         --
ipv4.gateway:                           --
ipv4.routes:                            --
ipv4.route-metric:                      -1
ipv4.route-table:                       0 (unspec)
ipv4.routing-rules:                     --
ipv4.replace-local-rule:                -1 (default)
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-iaid:                         --
ipv4.dhcp-timeout:                      0 (default)
ipv4.dhcp-send-hostname:                yes
ipv4.dhcp-hostname:                     --
ipv4.dhcp-fqdn:                         --
ipv4.dhcp-hostname-flags:               0x0 (none)
ipv4.never-default:                     no
ipv4.may-fail:                          yes
ipv4.required-timeout:                  -1 (default)
ipv4.dad-timeout:                       -1 (default)
ipv4.dhcp-vendor-class-identifier:      --
ipv4.link-local:                        0 (default)
ipv4.dhcp-reject-servers:               --
ipv4.auto-route-ext-gw:                 -1 (default)
ipv6.method:                            auto
ipv6.dns:                               --
ipv6.dns-search:                        --
ipv6.dns-options:                       --
ipv6.dns-priority:                      0
ipv6.addresses:                         --
ipv6.gateway:                           --
ipv6.routes:                            --
ipv6.route-metric:                      -1
ipv6.route-table:                       0 (unspec)
ipv6.routing-rules:                     --
ipv6.replace-local-rule:                -1 (default)
ipv6.ignore-auto-routes:                no
ipv6.ignore-auto-dns:                   no
ipv6.never-default:                     no
ipv6.may-fail:                          yes
ipv6.required-timeout:                  -1 (default)
ipv6.ip6-privacy:                       -1 (unknown)
ipv6.addr-gen-mode:                     eui64
ipv6.ra-timeout:                        0 (default)
ipv6.mtu:                               auto
ipv6.dhcp-pd-hint:                      --
ipv6.dhcp-duid:                         --
ipv6.dhcp-iaid:                         --
ipv6.dhcp-timeout:                      0 (default)
ipv6.dhcp-send-hostname:                yes
ipv6.dhcp-hostname:                     --
ipv6.dhcp-hostname-flags:               0x0 (none)
ipv6.auto-route-ext-gw:                 -1 (default)
ipv6.token:                             --
proxy.method:                           none
proxy.browser-only:                     no
proxy.pac-url:                          --
proxy.pac-script:                       --
GENERAL.NAME:                           enp1s0
GENERAL.UUID:                           80d3aaf2-0ed8-3e32-977c-e3c63c39581f
GENERAL.DEVICES:                        enp1s0
GENERAL.IP-IFACE:                       enp1s0
GENERAL.STATE:                          activated
GENERAL.DEFAULT:                        yes
GENERAL.DEFAULT6:                       no
GENERAL.SPEC-OBJECT:                    --
GENERAL.VPN:                            no
GENERAL.DBUS-PATH:                      /org/freedesktop/NetworkManager/ActiveConnection/2
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/Settings/1
GENERAL.ZONE:                           --
GENERAL.MASTER-PATH:                    --
IP4.ADDRESS[1]:                         192.168.6.142/16
IP4.GATEWAY:                            192.168.255.254
IP4.ROUTE[1]:                           dst = 192.168.0.0/16, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]:                           dst = 0.0.0.0/0, nh = 192.168.255.254, mt = 100
IP4.DNS[1]:                             192.168.255.254
IP4.DOMAIN[1]:                          ifn1_bridge1
DHCP4.OPTION[1]:                        broadcast_address = 192.168.222.255
DHCP4.OPTION[2]:                        dhcp_client_identifier = 01:52:54:00:d3:19:cc
DHCP4.OPTION[3]:                        dhcp_lease_time = 3600
DHCP4.OPTION[4]:                        dhcp_server_identifier = 192.168.255.254
DHCP4.OPTION[5]:                        domain_name = ifn1_bridge1
DHCP4.OPTION[6]:                        domain_name_servers = 192.168.255.254
DHCP4.OPTION[7]:                        expiry = 1701758267
DHCP4.OPTION[8]:                        interface_mtu = 9000
DHCP4.OPTION[9]:                        ip_address = 192.168.6.142
DHCP4.OPTION[10]:                       next_server = 192.168.255.254
DHCP4.OPTION[11]:                       requested_broadcast_address = 1
DHCP4.OPTION[12]:                       requested_domain_name = 1
DHCP4.OPTION[13]:                       requested_domain_name_servers = 1
DHCP4.OPTION[14]:                       requested_domain_search = 1
DHCP4.OPTION[15]:                       requested_host_name = 1
DHCP4.OPTION[16]:                       requested_interface_mtu = 1
DHCP4.OPTION[17]:                       requested_ms_classless_static_routes = 1
DHCP4.OPTION[18]:                       requested_nis_domain = 1
DHCP4.OPTION[19]:                       requested_nis_servers = 1
DHCP4.OPTION[20]:                       requested_ntp_servers = 1
DHCP4.OPTION[21]:                       requested_rfc3442_classless_static_routes = 1
DHCP4.OPTION[22]:                       requested_root_path = 1
DHCP4.OPTION[23]:                       requested_routers = 1
DHCP4.OPTION[24]:                       requested_static_routes = 1
DHCP4.OPTION[25]:                       requested_subnet_mask = 1
DHCP4.OPTION[26]:                       requested_time_offset = 1
DHCP4.OPTION[27]:                       requested_wpad = 1
DHCP4.OPTION[28]:                       routers = 192.168.255.254
DHCP4.OPTION[29]:                       subnet_mask = 255.255.0.0
IP6.ADDRESS[1]:                         fe80::5054:ff:fed3:19cc/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 1024


 

Any questions, feedback, advice, complaints or meanderings are welcome.
Alteeve's Niche! Enterprise Support:
Alteeve Support
Community Support
© Alteeve's Niche! Inc. 1997-2024   Anvil! "Intelligent Availability®" Platform
legal stuff: All info is provided "As-Is". Do not use anything here unless you are willing and able to take responsibility for your own actions.