I have a Linux server with three NIC that are connected to a switch (one NIC is the management, two NIC form a LACP bonding). In addition I need to use a VLAN (167), because the switch is configured with it.
Huawei switch:
interface Eth-Trunk10 description #### Server #### port link-type trunk port trunk allow-pass vlan 167 stp disable mode lacp load-balance src-dst-mac Now, that is the current configuration:
/etc/network/interfaces:
auto lo iface lo inet loopback iface enp3s0 inet manual auto enp4s0 iface enp4s0 inet manual bond-master bond1 auto eno1 iface eno1 inet manual bond-master bond1 auto bond1 iface bond1 inet manual bond-slaves eno1 enp4s0 bond-miimon 100 bond-mode 802.3ad bond-lacp-rate 1 auto bond1.167 iface bond1.167 inet static address x.x.x.x netmask 255.255.255.248 vlan-raw-device bond1 auto vmbr0 iface vmbr0 inet static address a.a.a.b netmask 255.255.255.248 gateway a.a.a.a bridge-ports enp3s0 bridge-stp off As you can see, there is an initial bridging interface (vmbr0) from the virtual hosting system, which is the management interface right now.
Later on all the traffic, with the exception of management, shall be going over the bonding interface using VLAN 167 and I guess, I will need two default gateways.
So, I think I have to change everything to this:
/etc/network/interfaces:
auto lo iface lo inet loopback iface enp3s0 inet static address a.a.a.b netmask 255.255.255.248 post-up ip route add a.a.a.0/24 dev enp3s0 src a.a.a.b table rt1 post-up ip route add default via a.a.a.a dev enp3s0 table rt1 post-up ip rule add from a.a.a.b/32 table rt1 post-up ip rule add to a.a.a.b/32 table rt1 post-up ip route add default via a.a.a.a metric 101 dev enp3s0 post-down ip rule del from 0/0 to 0/0 table rt1 post-down ip rule del from 0/0 to 0/0 table rt1 auto enp4s0 iface enp4s0 inet manual bond-master bond1 auto eno1 iface eno1 inet manual bond-master bond1 auto bond1 iface bond1 inet manual bond-slaves eno1 enp4s0 bond-miimon 100 bond-mode 802.3ad bond-lacp-rate 1 auto bond1.167 iface bond1.167 inet manual vlan-raw-device bond1 auto vmbr0 iface vmbr0 inet static address x.x.x.y netmask 255.255.255.248 bridge-ports bond1.167 bridge-stp off bridge-fd 0 post-up ip route add x.x.x.0/29 dev vmbr0 src x.x.x.y table rt2 post-up ip route add default via x.x.x.x dev vmbr0 table rt2 post-up ip rule add from x.x.x.y/32 table rt2 post-up ip rule add to x.x.x.y/32 table rt2 post-up ip route add default via x.x.x.x metric 100 dev vmbr0 post-down ip rule del from 0/0 to 0/0 table rt2 post-down ip rule del from 0/0 to 0/0 table rt2 /etc/iproute2/rt_tables:
101 rt1 102 rt2 Adresses explained:
x.x.x.0 = net for internet access and bridging vms to internet x.x.x.x = gateway x.x.x.y = ip for vmbr0/bonding a.a.a.0 = net for management a.a.a.a = gateway a.a.a.b = ip for management/enp3s0 Now my two questions are:
Is the VLAN 167 configured correctly with bond1.167 under vmbr0, so all the traffic from the hosts and virtual machines are going through it? I have a feeling, there is something wrong there.
Is this setup with two gateways working? Can I still use the management interface enp3s0 this way? My plan is to block management access on the bonding interface (vmbr0/bond1.167), but leaving it open on the management interface, of course.
