dot1q

​As you may/may not know, bonding is the ability of taking two or more network cards and make them act as one. This not only improves fail over, but it also increases the amount of network throughput for the server. The following will show you how to set up such an environment. For this to work you must have a switch that is capable of combining multiple switch ports together. This can be done on either a single switch (which is still a single point of failure) or a switch that is stackable such as Cisco’s 3750 line of products.

There are six different kinds of NIC bonding in Linux, the one we will set up is mode 4 which follows the 802.3ad standard known as link aggregate control protocol. This allows for an active-active grouping of network cards and in testing resulted in zero ping drop, though I did see a momentary spike in response time (from 2ms to 20-30ms during convergence).

    First you need to check that your network card is capable of 802.1q VLAN tagging. You will need to research the capabilities of the card to make sure. Run ‘lspci | grep -i ethernet’ and note the response.

Second, check to see if the 802.1q module is installed by running ‘lsmod | grep 8021q’.  If its not installed then run ‘yum install bridge-utils’

Once those steps are done we can start configuring the network cards.  Go to /etc/sysconfig/network-scripts, in there you should see your network card configuration files; usually named ‘ifcfg-eth#’.  Write down or make a backup copy of the network information in your active NIC configuration file as you will need it later.

Edit your first configuration file with the following

        DEVICE=eth0

        ONBOOT=yes

        BOOTPROTO=none

        USERCTL=no

        MASTER=bond0

        SLAVE=yes

    Your secondary card will contain the same information however the ‘DEVICE=eth#’ should match the name of the second card.

Next we card the bonded interface, which then becomes the main device for the server. Create a new file named ‘ifcfg-bond0′:

        DEVICE=bond0

        BOOTPROTO=none

        ONBOOT=yes

        TYPE=Ethernet

        USERCTL=no

    We now create the configuration file which will handle the 802.1q jumbo frames. Note that the device is named ‘bond0.17′. This is important as the ’17′ is the VLAN ID which the server will listen on. Make sure you know which VLAN’s are in your environment! Create a file named ‘ifcfg-bond0.17′:

        DEVICE=bond0.17

        BOOTPROTO=static

        ONBOOT=yes

        VLAN=yes

        TYPE=Ethernet

        BRIDGE=xenbr17

The ‘BRIDGE’ string is also important as this will tie the bond0.17 config file to the Xen bridge we are about to create. Repeat that step for every VLAN that you want your server to listen to.

Next we will create the configuration file that the DomU will be given. Create a file called ‘ifcfg-xenbr17′ and place the following:

        DEVICE=xenbr17

        TYPE=Bridge

        BOOTPROTO=static

        ONBOOT=yes

        DELAY=0

        STP=off

We will now create the management interface for the server. The management interface should have the same security restrictions as a management interface would have for a switch or any other network device. If someone compromises your Dom0, then all of your DomU’s are also compromised. ACL’s should be implemented for this network!

        DEVICE=xenbr192

        TYPE=Bridge

        BOOTPROTO=static

        ONBOOT=yes

        DELAY=0

        STP=off

        IPADDR=192.168.1.12

        NETMASK=255.255.255.0

        NETWORK=192.168.1.0

        BROADCAST=192.168.1.255

Edit the /etc/modprobe.conf file and append the following:

        alias bond0 bonding

        options bond0 miimon=100 mode=4 lacp_rate=1

That told the server what type of network bonding we will use. ‘mode=4′ tells the server that we want to use 802.3ad as our protocol for communication to the switch device.

Edit the /etc/xen/xend-config.sxp file, change where it says ‘(network-script network-bridge)’ to ‘(network-script ‘network-bridge-bonding bridge=bond0 netdev=0′)’

Now reboot the server

The next steps we will configure a Cisco switch, create the port channel, and configure it for LACP with 802.1q trunking.

    Log into your switch, go to the global configuration mode and create a port channel interface by typing ‘int port-c 1′

Enter the following:

        switchport trunk encapsulation dot1q

        switchport mode trunk

Now go to the actual switch interfaces and enter the following:

        switchport trunk encapsulation dot1q

        switchport mode trunk

        channel-group 1 mode active

If the switch ports had originally been set up as an access interface, you can remove the configuration by entering:

        no switchport mode access

        no switchport access vlan VLAN ID

Now save the configuration file

Installation of new DomU’s will be the same as before by giving them a ‘xenbr#’ interface