NIC Bonding

Posted on November 21, 2005 by Ajitabh

NIC Bonding is a technique in which multiple Network Interface Cards (NICs) are logically bonded together and presented as a single interface to the outside world.

Before activating bonding it is recommended that the NICs are working alright. mii-tool can be used for this:

$ sudo /sbin/mii-tool
eth0: negotiated 100baseTx-FD, link ok
eth1: negotiated 100baseTx-FD, link ok

Bonding Driver in the Kernel

The first thing is to check whether the bonding driver module is already loaded or not.

$ sudo lsmod|grep bonding

If you do not see anything in the output then the bonding driver is not loaded. Most distribution’s default kernel compiles and installs the bonding driver module. To find out whether your distribution has the bonding driver module available. Use the following command:

$ sudo /sbin/modprobe --list | grep -i bonding
/lib/modules/2.6.8-2-386/kernel/drivers/net/bonding/bonding.ko

The output of the command shows that the bonding driver is available as a module. To load the bonding driver you can do the following:

$ sudo modprobe bonding
$ sudo lsmod|grep bonding
bonding                59112  0

If your distribution does not have the bonding driver module available then you need to recompile your kernel with the support. Select the “Bonding Driver Support” in the “Network Device Support” section. Remember to configure the driver as a module as currently it is the only way to pass parameters to it.
Configuring the bonding driver to load automatically at boot time.

To load the bonding driver automatically at boot time:

  • On RHEL 3 modify the /etc/modules.conf file to contain the following: 
    $ cat /etc/modules.conf
alias bond0 bonding
options bond0 miimon=100 mode=1 downdelay=2000 updelay=5000
  • On RHEL 4 modify the /etc/modprobe.conf file to contain the following: 
    $ cat /etc/modprobe.conf
alias bond0 bonding
options bond0 miimon=100 mode=1 downdelay=2000 updelay=5000
  • On the Debian Sarge system with the 2.6.8 kernel, I had to create the /etc/modprobe.conf file and add the following lines to it. 
    $ cat /etc/modprobe.conf
alias bond0 bonding
options bond0 miimon=100 mode=1 downdelay=2000 updelay=5000

    In debian if you install a package called modconf then there is another way to do this.

    $ sudo apt-get install modconf
$ sudo /usr/sbin/modconf

modconf is ncurses based. Select the bonding driver modules from it and install it. Enter the parameters for the driver when prompted and exit from the utility. Your bonding driver is loaded with the parameters and also set to be loaded automatically next time the server reboots.

This method of using modconf basically modifies the /etc/modules file(which basically lists the modules to be loaded at boot time) to include the bonding driver name and creates a file by the driver name in /etc/modprobe.d/ to contain the parameters for the drivers. Here are the two files on my system:

$ cat /etc/modules
bonding
$ cat /etc/modprobe.d/bonding
options bonding mode=1 miimon=100 updelay=2000 downdelay=3000

Userspace Tools

You need the ifenslave utility also in addition to the bonding driver in the kernel. For Debian Sarge you can install the metapackage ifenslave. This currently points to the ifenslave-2.4 package. Since the Sarge has 2.4 kernel as the default if you just install ifenslave metapackage then ifenslave-2.4 will be installed. If you have installed the 2.6 kernel instead of the default 2.4 kernel then you should install ifenslave-2.6 package.

$ uname -a
Linux noddy 2.6.8-2-386 #1 Thu May 19 17:40:50 JST 2005 i686 GNU/Linux
$ sudo apt-get install ifenslave-2.6

Configuring the system

Once the bonding driver has been loaded with the required parameter, the system needs to be configured to use the bonding driver.

  • Red Hat Enterprise Linux (all versions) and FedoraCreate a file /etc/sysconfig/network-scripts/ifcfg-bond0 with the following contents: 
    DEVICE=bond0
IPADDR=172.16.100.3
NETMASK=255.255.0.0
NETWORK=172.16.0.0
BROADCAST=172.16.255.255
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
PEERDNS=no
TYPE=Ethernet
GATEWAY=172.16.200.254

    Modify the file /etc/sysconfig/network-scripts/ifcfg-eth0 to contain the following:

    DEVICE=eth0
USERCTL=no
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none
TYPE=Ethernet

    For other NICs in the system which you want to bond together with eth0 do the same and replace eth0 with the respective NIC like eth1, eth2 and so on.

    Restart the networking:

    $ sudo /sbin/service network restart
  • Debian and DerivativesOn Debian systems edit the /etc/network/interfaces file and remove the reference of all the NICs and just leave the loopback adapter details. Then add the following interface details: 
    # The bonding interface
auto bond0
iface bond0
inet static
address 172.16.202.2
netmask 255.255.0.0
gateway 172.16.200.254

up ifenslave bond0 eth0 eth1
down ifenslave -d bond0 eth0 eth1

    After that a simple restart of networking services will bring the bonding interface up.

    $ sudo invoke-rc.d networking restart

    • ifconfig will list all the interfaces along with the bond0 interface. All will have the same MAC address and same ip address.

Posted in FLOSS | Tagged , , | Leave a comment

First Month At New Job

Posted on October 24, 2005 by Ajitabh

The first month at new job was hectic and I was so busy during the weekdays that could find time for my family, let alone creating a blog entry. Annanya, my 4 year old daughter missed me a lot as by the time I used to come back home, she was already asleep and next day morning again the same routine. Situation has eased down a bit as I have started understanding my servers and the organisational systems a bit.

On the first day itself on 26th Sep 2005 I was asked to move an LVM filesystem to a seperate physical disk. Not a difficult task, but since it was to be done in production servers, out of core business hours after 18:00 BST. I reached home at around 22:00 BST. And since then  I never reached home before 19:30 BST. Some people might think that this is normal in a SysAdmin’s life, but I got used to the luxorious life at British Airways where I used to leave dot at 17:00 BST.

Quite surprising that no proper monitoring system was in place except the HP Insight Manager and RRD-TOOL. The first few tasks which I initiated was to establish a HA monitoring station in place using Linux-HA project , Nagios, RRDTOOL , Cacti , Cheops. To start with I have been configuring and building Nagios in my development box which runs Slackware 10.1.

I also found that the only method of remote access to office network from home is using Cisco VPN client as we have Cisco Pix firewalls. I was finding it difficult to compile the Cisco VPN client for my  linux box at home due to I using the latest kernel and the client demanding 2.4. To provide myself a remote access I had to make use of OpenVPN without opening up any additional port on the Pix firewall. You can read more about that in my techlog here. Since my role was Linux Systems Administrator I decided to use Linux desktop for my self. I quickly installed Fedora Core 4 on one of the desktops and Slackware 10.1 on another. I decided to use the slack box as a test/dev machine to try out various new things.

Overall things have eased down a bit and I am really enjoying my new job and see a lots of opportunity.

Posted in Personal | Leave a comment

End of Journey – 4th Jan 1999 to 23rd Sept 2005

Posted on September 23, 2005 by Ajitabh
Dear Friends,

I wanted to take a moment to let you know that today is my last day at NIIT / British Airways. I will be joining a new position at Broadcasting Data Systems (a BBC Broadcast company) on Monday, 26th Sept 2005.

I have enjoyed my 81 months tenure with NIIT with the last 22 months at British Airways and appreciate having the opportunity to work with all of you. Thank you for the support, guidance and encouragement you have provided me during my time at NIIT / British Airways. Even though I will miss my colleagues and the company, I am looking forward to this new challenge and to starting a new phase of my career.

Please keep in touch, I can be reached at my personal email address
ajitabhpandey (at ) ajitabhpandey.info.

You can always read about me and my whereabouts at my website http://www.ajitabhpandey.info/
Thanks again for everything.

I seal it with a kiss,
because you I will miss.
I’ll sign it with a sigh,
because we went so high.
I wish I could tell you with a touch,
Why I care to write this..,
and why so much.

Yours truly,
Ajitabh Pandey

Posted in Personal | Leave a comment

A laptop for me

Posted on September 22, 2005 by Ajitabh

Yesterday I received my IBM Thinkpad R50e. R50e is a solid IBM machine and cost me around £750. The specs are

Pentium M 735 1.7 GHz

RAM 512 MB

HD 60 GB

DVD-Writer

Mdm – LAN EN, Fast EN 802.11b, 802.11g – Centrino

15″ TFT XGA (1024 x 768)

It came preloaded with WinXP Pro. I made a recovery disc set of 7 discs and replaced WinXP Pro with Ubuntu Linux. Almost everything has worked out of box and it is nice to see that Ubuntu recognized the Wireless chip as well.

As I am writing this, another window on this box is running debootstrap to build  a pure Debian Sarge system. Further plans are to install a Linux from Scratch system on this laptop.

I am still playing with it.

Posted in Personal | Leave a comment

Cracking attempts on my PC

Posted on August 26, 2005 by Ajitabh

Since the day I switched on ssh server on my home PC I saw a very increased number of people attempting to crack into my PC. For few days I kept quite as I saw clearly that none of the attacks were able to go anywhere near my user-id. But then I realise that the log size of the auth file is increasing and number of desperate attackers is growing day by day. So I installed a software called Denyhosts from http://denyhosts.sourceforge.net.

Denyhosts is a python script which can be run as a daemon or as a cron job to analyse the auth log file for invalid number of authentication attempts. This blocks the ip-address of the machine from which successive invalid authntication attempts are coming. To block this ip-address it creates and entry in /etc/hosts.deny file. I have so far blocked 23 different hosts. Let’s see what happens next.

Posted in Security | Leave a comment