はじめに
KVMを使う環境で
以前 bonding + bridge + vlan の環境を構築したが、CentOS 7 でteamが導入され今後はbondingよりもteamを使う方が良さげなので、設定方法を確認してみた。
前提
対抗のスイッチにトランクが設定されていること
参考:以下はcatalyst2960の設定例
interface Port-channel1
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet0/1
switchport mode trunk
switchport nonegotiate
channel-group 1 mode active
!
interface GigabitEthernet0/2
switchport mode trunk
switchport nonegotiate
channel-group 1 mode active
物理NIC
CentOS8の物理インターフェースは以下の構成です。
| 物理デバイス | 用途 | 備考 |
| enp0s31f6 | 未使用 | オンボードNIC |
| enp2s0 | SSHログイン用 | 増設NIC(1枚目) |
| enp3s0f0 | team + bridge + vlan | 増設NIC(2枚目のポート1) |
| enp3s0f1 | team + bridge + vlan | 増設NIC(2枚目のポート2) |
team構成
| team名 | team0 |
| runner | lacp |
| 使用する物理NIC | enp3s0f0、enp3s0f1 |
VLAN構成
| VLAN ID | VLANデバイス名 | Bridgeデバイス名 | IPアドレス | デフォルトゲートウェイ |
| 10 | team0.10 | br10 | 172.31.0.20/24 | 172.31.0.254 |
| 11 | team0.11 | br11 | 172.31.1.20/24 | 172.31.1.254 |
手順
デバイスの確認
# nmcli device
DEVICE TYPE STATE CONNECTION
enp2s0 ethernet connected enp2s0
enp3s0f0 ethernet disconnected --
enp3s0f1 ethernet disconnected --
enp0s31f6 ethernet unavailable --
lo loopback unmanaged --
コネクションの確認
# nmcli connection
NAME UUID TYPE DEVICE
enp2s0 a44d2dfc-79d9-415a-9e50-babb769aa126 ethernet enp2s0
enp0s31f6 8f8cd680-b4e8-4da7-a556-69f3aade7661 ethernet --
enp3s0f0 28298433-05a6-4a9f-b19a-5551adc17579 ethernet --
enp3s0f1 d5e98622-a4b0-424f-a829-7e731f76016e ethernet --
teamインターフェースを作成する
# nmcli connection add type team ifname team0 con-name team0 team.runner lacp
# nmcli connection modify team0 ipv4.method disabled ipv6.method ignore
# nmcli connection modify team0 team.link-watchers "name=ethtool delay-up=2500 delay-down=1000"
teamインターフェースが作成されたことを確認
# nmcli device
DEVICE TYPE STATE CONNECTION
enp2s0 ethernet connected enp2s0
team0 team connecting (getting IP configuration) team0
enp3s0f0 ethernet disconnected --
enp3s0f1 ethernet disconnected --
enp0s31f6 ethernet unavailable --
lo loopback unmanaged --
# nmcli connection
NAME UUID TYPE DEVICE
enp2s0 a44d2dfc-79d9-415a-9e50-babb769aa126 ethernet enp2s0
team0 acf47e10-6d38-41d0-872a-73fc87a90a78 team team0
enp0s31f6 8f8cd680-b4e8-4da7-a556-69f3aade7661 ethernet --
enp3s0f0 28298433-05a6-4a9f-b19a-5551adc17579 ethernet --
enp3s0f1 d5e98622-a4b0-424f-a829-7e731f76016e ethernet --
接続をアクティベート
# nmcli connection up team0
接続が有効になったことを確認(team0がconnectedになっている)
nmcli device
DEVICE TYPE STATE CONNECTION
enp2s0 ethernet connected enp2s0
team0 team connected team0
enp3s0f0 ethernet disconnected --
enp3s0f1 ethernet disconnected --
enp0s31f6 ethernet unavailable --
lo loopback unmanaged --
team0にenp3s0f0とenp3s0f1をぶら下げるために、スレーブインターフェースを作成する
# nmcli connection add type team-slave ifname enp3s0f0 con-name team0-enp3s0f0 master team0
# nmcli connection add type team-slave ifname enp3s0f1 con-name team0-enp3s0f1 master team0
team0のスレーブインターフェースが作成されたことを確認
# nmcli device
DEVICE TYPE STATE CONNECTION
enp2s0 ethernet connected enp2s0
team0 team connected team0
enp3s0f0 ethernet connected team0-enp3s0f0
enp3s0f1 ethernet connected team0-enp3s0f1
enp0s31f6 ethernet unavailable --
lo loopback unmanaged --
# nmcli connection
NAME UUID TYPE DEVICE
enp2s0 a44d2dfc-79d9-415a-9e50-babb769aa126 ethernet enp2s0
team0 acf47e10-6d38-41d0-872a-73fc87a90a78 team team0
team0-enp3s0f0 5aa7f1f7-6d28-472d-a7cd-70a872711ea7 ethernet enp3s0f0
team0-enp3s0f1 009ea006-2536-4cc4-8987-b9a0df0e008b ethernet enp3s0f1
enp0s31f6 8f8cd680-b4e8-4da7-a556-69f3aade7661 ethernet --
enp3s0f0 28298433-05a6-4a9f-b19a-5551adc17579 ethernet --
enp3s0f1 d5e98622-a4b0-424f-a829-7e731f76016e ethernet --
VLAN10用のbridgeインターフェース作成(スパニングツリー無効、IP設定)
# nmcli connection add type bridge autoconnect yes ifname br10 con-name br10
# nmcli connection modify br10 bridge.stp no ipv4.method manual ipv4.address '172.31.0.20/24' ipv4.gateway '172.31.0.254' ipv4.dns '8.8.8.8'
# nmcli connection up br10
VLAN11用のbridgeインターフェース作成(スパニングツリー無効、IP設定)
# nmcli connection add type bridge autoconnect yes ifname br11 con-name br11
# nmcli connection modify br11 bridge.stp no ipv4.method manual ipv4.address '172.31.1.20/24' ipv4.gateway '172.31.1.254' ipv4.dns '8.8.8.8'
# nmcli connection up br11
bridgeスレーブインターフェースが作成されたことを確認
# nmcli device
DEVICE TYPE STATE CONNECTION
enp2s0 ethernet connected enp2s0
br10 bridge connected br10
br11 bridge connected br11
team0 team connected team0
enp3s0f0 ethernet connected team0-enp3s0f0
enp3s0f1 ethernet connected team0-enp3s0f1
enp0s31f6 ethernet unavailable --
lo loopback unmanaged --
# nmcli connection
NAME UUID TYPE DEVICE
br10 c0dd5f1d-b5af-446e-94a1-9e00908535fc bridge br10
br11 cf97c36e-c678-4a90-bef7-bb8d2a919a2f bridge br11
enp2s0 a44d2dfc-79d9-415a-9e50-babb769aa126 ethernet enp2s0
team0 acf47e10-6d38-41d0-872a-73fc87a90a78 team team0
team0-enp3s0f0 5aa7f1f7-6d28-472d-a7cd-70a872711ea7 ethernet enp3s0f0
team0-enp3s0f1 009ea006-2536-4cc4-8987-b9a0df0e008b ethernet enp3s0f1
enp0s31f6 8f8cd680-b4e8-4da7-a556-69f3aade7661 ethernet --
enp3s0f0 28298433-05a6-4a9f-b19a-5551adc17579 ethernet --
enp3s0f1 d5e98622-a4b0-424f-a829-7e731f76016e ethernet --
Bridgeに設定したIPアドレスを確認する
# ip addr | egrep 'br10|br11' | grep inet
inet 172.31.0.20/24 brd 172.31.0.255 scope global noprefixroute br10
inet 172.31.1.20/24 brd 172.31.1.255 scope global noprefixroute br11
team0をベースデバイスとしてVLAN10を作成し、ブリッジを接続して有効化
# nmcli connection add type vlan ifname team0.10 con-name team0.10 dev team0 vlan.id 10
# nmcli connection modify team0.10 connection.master br10 connection.slave-type bridge
# nmcli connection up team0.10
team0をベースデバイスとしてVLAN11を作成し、ブリッジを接続して有効化
# nmcli connection add type vlan ifname team0.11 con-name team0.11 dev team0 vlan.id 11
# nmcli connection modify team0.11 connection.master br11 connection.slave-type bridge
# nmcli connection up team0.11
GATEWAYにpingを打ってみる
# ping 172.31.0.254
PING 172.31.0.254 (172.31.0.254) 56(84) bytes of data.
64 bytes from 172.31.0.254: icmp_seq=1 ttl=64 time=2.88 ms
64 bytes from 172.31.0.254: icmp_seq=2 ttl=64 time=1.49 ms
64 bytes from 172.31.0.254: icmp_seq=3 ttl=64 time=1.52 ms
^C
--- 172.31.0.254 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 6ms
rtt min/avg/max/mdev = 1.492/1.964/2.876/0.645 ms
# ping 172.31.1.254
PING 172.31.1.254 (172.31.1.254) 56(84) bytes of data.
64 bytes from 172.31.1.254: icmp_seq=1 ttl=64 time=1.51 ms
64 bytes from 172.31.1.254: icmp_seq=2 ttl=64 time=1.52 ms
64 bytes from 172.31.1.254: icmp_seq=3 ttl=64 time=1.47 ms
^C
--- 172.31.1.254 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 1.465/1.498/1.520/0.023 ms
チームの稼働状態確認
# teamdctl team0 state -v
setup:
runner: lacp
kernel team mode: loadbalance
D-BUS enabled: yes
ZeroMQ enabled: no
debug level: 0
daemonized: no
PID: 7461
PID file: /var/run/teamd/team0.pid
ports:
enp3s0f0
ifindex: 4
addr: 68:05:ca:18:1b:bc
ethtool link: 1000mbit/fullduplex/up
link watches:
link summary: down
instance[link_watch_0]:
name: ethtool
link: down
down count: 0
link up delay: 2500
link down delay: 1000
runner:
aggregator ID: 5, Selected
selected: yes
state: current
key: 0
priority: 255
actor LACPDU info:
system priority: 65535
system: 68:05:ca:18:1b:bc
key: 0
port_priority: 255
port: 4
state: 0x3d
partner LACPDU info:
system priority: 32768
system: 00:19:e7:35:6a:00
key: 1
port_priority: 32768
port: 2
state: 0x85
enp3s0f1
ifindex: 5
addr: 68:05:ca:18:1b:bc
ethtool link: 1000mbit/fullduplex/up
link watches:
link summary: down
instance[link_watch_0]:
name: ethtool
link: down
down count: 0
link up delay: 2500
link down delay: 1000
runner:
aggregator ID: 5, Selected
selected: yes
state: current
key: 0
priority: 255
actor LACPDU info:
system priority: 65535
system: 68:05:ca:18:1b:bc
key: 0
port_priority: 255
port: 5
state: 0x3d
partner LACPDU info:
system priority: 32768
system: 00:19:e7:35:6a:00
key: 1
port_priority: 32768
port: 1
state: 0x85
runner:
active: yes
fast rate: no
system priority: 65535
以上
