Combining Hybrid and Layer 2 Networking Modes¶
This example configuration uses two servers, one in Hybrid Bonded mode and one in Layer 2 Unbonded mode, and one VLAN. The servers are first configured to talk to each other over the VLAN, and then configured to so that Internet access is provided to the server in Layer 2 mode through the Hybrid Bonded mode server and VLAN.
Attaching the Servers to the VLAN¶
Attach the VLAN (with ID 1001) to
bond0 on the server in Hybrid Bonded mode.
Attach the same VLAN (with ID 1001) to
eth1 on the server in Layer 2 Unbonded mode.
Configure the Hybrid Bonded Mode Server¶
SSH into and configure the Hybrid Bonded mode server.
First, enable VLAN support.
modprobe 8021q echo "8021q" >> /etc/modules
Choose an IP address to assign the server from whichever subnet you choose. For example,
192.168.2.0/24. Since Hybrid Bonded mode does not support untagged VLAN traffic, add and configure a subinterface of
ip link add link bond0 name bond0.1001 type vlan id 1001 ip addr add 192.168.2.1/24 dev bond0.1001
Bring up the subinterface, and check that it came up.
ip link set dev bond0.1001 up ip -d link show bond0.1001
Configure the Layer 2 Unbonded Server¶
SSH into and configure the Layer 2 Unbonded mode server.
Remember, this node is in pure Layer 2 networking mode; there is no public connectivity to this server and you will have to use SOS/OOB console to connect. If you get locked out, you can always change the networking mode back to Layer 3, or hybrid mode and SSH back in via the public IPv4 address.
Note - in our recent Ubuntu images, the interfaces are no longer aliased to
Configure VLAN support and remove
eth1 from the bonded interface.
modprobe 8021q echo "8021q" >> /etc/module ip link set enp1s0f1 nomaster
Since this is Hybrid Unbonded mode, you can also remove the default route from the old IP address and remove the bonded interface entirely.
ip route delete default via <old_IP> ip link delete dev bond0
Assign a VLAN IP address from the same subnet as the Hybrid Bonded mode server. Since this is the only VLAN attached to this server currently, the traffic has to be untagged, so configure the
eth1 interface directly.
ip addr add 192.168.2.2/24 dev enp1s0f1
Bring up the interface, and check that it is back up.
ip link set dev enp1s0f1 up ip -d link show enp1s0f1
Also, in preparation for enabling Internet access for this server, add a route from the IP address of the Hybrid Bonded mode server. Set it as the default route.
ip route add 192.168.2.0/24 via 192.168.2.1 dev enp1s0f1 ip route add default via 192.168.2.1 dev enp1s0f1
Tear down the bond0 interface:
sudo ifdown bond0
/etc/sysconfig/network-scripts/ifcfg-eth1with any free IP from the IPv4 private block used by eth1 on the hybrid node. Ensure that the netmask, network, and gateway details are correct.
DEVICE=eth1 ONBOOT=yes HWADDR=e4:1d:2d:11:22:32 IPADDR=192.168.2.2 NETMASK=255.255.255.0 GATEWAY=192.168.2.1 NETWORK=192.168.2.0 BOOTPROTO=none
Bring up eth1.
sudo ifup eth1
You can set the "ONBOOT" parameter for the rest of the network interfaces to "no" so they do not come up one reboots.
bond0will not be used, and
eth0will only be used if you choose to connect it to another VLAN (perhaps connected to other isolated node). In which case, it should be configured with its own IP accordingly.
Configure IP Forwarding¶
At this point your Hybrid Bonded mode server and your Layer 2 Unbonded mode server node can talk to each other, but the Layer 2 server cannot reach the Internet. To give it Internet access you must configure IP masquerading on the Hybrid Bonded mode server.
Make sure IP forwarding is enabled on the Hybrid mode server.
Now add a new IP masquerade rule to the NAT table with
iptables. This routes traffic from any of the private IPs through the Internet-facing network interface on the Hybrid mode server, in this case,
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o bond0 -j MASQUERADE
Now if you SSH into your Layer 2 mode server, it should be able to ping the outside Internet.