Configurer un bridge et/ou un bond réseau

Un bridge relie plusieurs interfaces au sein d’un réseau local et leur permet de communiquer comme si elles étaient connectées à un switch. Un bond agrège plusieurs interfaces physiques pour offrir de la redondance et/ou une bande passante améliorée.

Bridge et Bond

Différences entre Bridge et Bond :

	Bridge (Pont)	Bond (Liaison)
Objectif principal	Relier plusieurs interfaces dans un même réseau local (LAN)	Combiner plusieurs interfaces physiques en une seule interface
Type de connexion	Fonctionne comme un switch (niveau 2)	Combinaison de liens physiques pour redondance ou performance
Isolation/routage	Pour connecter des machines dans le même sous-réseau	Pour augmenter la résilience et la bande passante
Domaines d’application	Virtualisation, isolation réseau, multi-interface dans un LAN	Augmentation de la bande passante, redondance
Bande passante	Ne modifie pas la bande passante	Peut augmenter la bande passante en fonction du mode choisi
Redondance	Non (utilisé pour relier des interfaces, pas pour la redondance)	Oui, en cas de panne d’une interface, une autre prend le relais

Commande mncli (Network Manager Command-Line Interface)

La commande nmcli permet d’interagir avec NetworkManager pour la gestion réseau, il est possible de :-

• Gérer les connexions : Wi-Fi, Ethernet, VPN, etc.
• Configurer les interfaces : IP, DNS, passerelle, etc.
• Obtenir des informations : état des connexions, appareils, etc.

Afficher l’état général des connexions réseau :

# nmcli general status

Lister les connexions réseau disponibles :

# nmcli connection show

Connexion à un réseau Wi-Fi :

# nmcli device wifi connect "<SSID>" password "<motdepasse>"

Afficher les appareils réseau actifs :

# nmcli device

Désactiver/activer le réseau :

# nmcli networking off
# nmcli networking on

Configurer un bridge et/ou un bound

Faire un Bridge avec un bond :

# nmcli connection add type bond ifname bond0 con-name bond0 mode 802.3ad
# nmcli connection add type bond-slave ifname eno42 con-name eno42-slave master bond0
# nmcli connection add type bond-slave ifname eno43 con-name eno43-slave master bond0
# nmcli connection add type bridge con-name bridge0 ifname bridge0
# nmcli con mod bridge0 ipv4.address 10.xxx.4.12/22
# nmcli con mod bridge0 ipv4.gateway 10.xxx.7.11
# nmcli con mod bridge0 ipv4.method manual
# nmcli con mod bridge0 ipv4.dns 10.yyy.0.63
# nmcli con mod bridge0 +ipv4.dns 10.yyy.1.63
# nmcli con mod bridge0 connection.autoconnect-slaves yes
# nmcli con mod bridge0 connection.autoconnect yes
# nmcli connection modify bond0 master bridge0
# nmcli con up bridge0

Faire un Bridge sans bond

# nmcli con add type bridge con-name bridge0 ifname bridge0
# nmcli conn modify bridge0 ipv4.addresses '10.xxx.5.191/22'
# nmcli conn modify bridge0 ipv4.gateway '10.xxx.7.11'
# nmcli conn modify bridge0 ipv4.dns '10.yyy.0.63' +ipv4.dns '10.yyy.1.63'
# nmcli conn modify bridge0 ipv4.dns-search codac.iter.org
# nmcli conn modify bridge0 ipv4.method manual
# nmcli conn add type ethernet slave-type bridge con-name bridge0-slave ifname enp2s0 master bridge0
# nmcli con mod bridge0 connection.autoconnect-slaves yes
# nmcli con mod bridge0 connection.autoconnect yes
# nmcli conn up bridge0

Faire un simple bond :

# nmcli connection add type bond ifname bond0 con-name bond0 mode 802.3ad
# nmcli connection add type bond-slave ifname eno42 con-name eno42-slave master bond0
# nmcli connection add type bond-slave ifname eno43 con-name eno43-slave master bond0
# nmcli con mod bond0 ipv4.address 10.xxx.4.12/22
# nmcli con mod bond0 ipv4.gateway 10.xxx.7.11
# nmcli con mod bond0 ipv4.method manual
# nmcli con mod bond0 ipv4.dns 10.yyy.0.63
# nmcli con mod bond0 +ipv4.dns 10.yyy.1.63
# nmcli con mod eno42-slave connection.autoconnect on
# nmcli con mod eno43-slave connection.autoconnect on
# nmcli con mod bond0 connection.autoconnect-slaves yes
# nmcli con up bond0

Exemple :

Configuration réseau :

# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether dd:44:ee:55:ff:0c brd ff:ff:ff:ff:ff:ff
3: eno2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether dd:44:ee:55:ff:0d brd ff:ff:ff:ff:ff:ff
4: eno3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether dd:44:ee:55:ff:0e brd ff:ff:ff:ff:ff:ff
5: eno4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether dd:44:ee:55:ff:0f brd ff:ff:ff:ff:ff:ff
6: eno42: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 11:aa:22:bb:33:54 brd ff:ff:ff:ff:ff:ff
    inet 10.zzz.xx.46/24 brd 10.zzz.xx.255 scope global dynamic noprefixroute eno42
       valid_lft 31449452sec preferred_lft 31449452sec
    inet6 fe80::1111:dddd:3333:7654/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
7: eno43: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 11:aa.22:bb:33:55 brd ff:ff:ff:ff:ff:ff

Le mieux est de mettre dans un script car la manipulation réseau entraine des déconnexions :

# vim bond.sh

#!/bin/bash
nmcli connection add type bond ifname bond0 con-name bond0 mode 802.3ad
nmcli connection add type bond-slave ifname eno42 con-name eno42-slave master bond0
nmcli connection add type bond-slave ifname eno43 con-name eno43-slave master bond0
nmcli con mod bond0 ipv4.address 10.zzz.xx.46/24
nmcli con mod bond0 ipv4.gateway 10.zzz.xx.1
nmcli con mod bond0 ipv4.method manual
nmcli con mod bond0 ipv4.dns 10.zzz.0.10
nmcli con mod bond0 +ipv4.dns 10.zzz.1.10
nmcli con mod eno42-slave connection.autoconnect on
nmcli con mod eno43-slave connection.autoconnect on
nmcli con mod bond0 connection.autoconnect-slaves yes
nmcli con up bond0

Lancement avec nohup sh qui permet d’exécuter un script en arrière-plan, sans être interrompu par la fermeture du terminal et qui créé un fichier d’output :

# nohup sh bond.sh

nohup: ignoring input and appending output to 'nohup.out'

Ouverture de l’output :

# cat nohup.out

Connection 'bond0' (66554411-abcd-ef12-abcd-fc8a502eabcd) successfully added.
Connection 'eno42-slave' (abcdefab-abcd-ef12-abcd-abcd0aedccfe) successfully added.
Connection 'eno43-slave' (fedcbafe-ef12-abcd-a3b4-1989abcd03d9) successfully added.
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)

Configuration réseau :

# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether dd:44:ee:55:ff:0c brd ff:ff:ff:ff:ff:ff
3: eno2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether dd:44:ee:55:ff:0d brd ff:ff:ff:ff:ff:ff
4: eno3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether dd:44:ee:55:ff:0e brd ff:ff:ff:ff:ff:ff
5: eno4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether dd:44:ee:55:ff:0f brd ff:ff:ff:ff:ff:ff
6: eno42: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP group default qlen 1000
    link/ether 11:aa.22:bb:33:54 brd ff:ff:ff:ff:ff:ff
7: eno43: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP group default qlen 1000
    link/ether 11:aa.22:bb:33:54 brd ff:ff:ff:ff:ff:ff permaddr 11:aa.22:bb:33:55
8: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 11:aa.22:bb:33:54 brd ff:ff:ff:ff:ff:ff
    inet 10.zzz.xx.46/24 brd 10.zzz.xx.255 scope global noprefixroute bond0
       valid_lft forever preferred_lft forever
    inet6 fe80::aaaa:bbbb:cccc:438/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

En vérifiant la configuration du bond0 :

# cat /proc/net/bonding/bond0

Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2 (0)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Peer Notification Delay (ms): 0

802.3ad info
LACP rate: slow
Min links: 0
Aggregator selection policy (ad_select): stable
System priority: 65535
System MAC address: 11:aa.22:bb:33:54
Active Aggregator Info:
        Aggregator ID: 1
        Number of ports: 2
        Actor Key: 15
        Partner Key: 32818
        Partner Mac Address: 00:11:aa:22:bb:51

Slave Interface: eno42
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 11:aa.22:bb:33:54
Slave queue ID: 0
Aggregator ID: 1
Actor Churn State: none
Partner Churn State: none
Actor Churned Count: 0
Partner Churned Count: 0
details actor lacp pdu:
    system priority: 65535
    system mac address: 11:aa.22:bb:33:54
    port key: 15
    port priority: 255
    port number: 1
    port state: 61
details partner lacp pdu:
    system priority: 16384
    system mac address: 00:11:aa:22:bb:51
    oper key: 32818
    port priority: 32768
    port number: 257
    port state: 61

Slave Interface: eno43
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 11:aa.22:bb:33:55
Slave queue ID: 0
Aggregator ID: 1
Actor Churn State: none
Partner Churn State: none
Actor Churned Count: 0
Partner Churned Count: 0
details actor lacp pdu:
    system priority: 65535
    system mac address: 11:aa.22:bb:33:54
    port key: 15
    port priority: 255
    port number: 2
    port state: 61
details partner lacp pdu:
    system priority: 16384
    system mac address: 00:11:aa:22:bb:51
    oper key: 32818
    port priority: 32768
    port number: 16641
    port state: 61

Documentation

ChatGPT

Remerciements

Quentin E.

Merci à Quentin E.