Before we discuss further how to add a virtual network interface in linux first we need to know what is virtual IP. Virtual IP is also pronounced as VIP by technical professionals. So let’s understand it.
What is Virtual IP ( VIP )?
VIP stands for Virtual IP means Virtual IP Address. So it virtual in nature not any physical interface but associated with some other physical interface. So we can say “VIP is an IP address that does not correspond to an actual physical network interface.”
Uses for VIPs are Network Address Translation [ NAT] one-to-many used in case of fault-tolerance and mobility. The best Example you might have seen in the configuration of VCS Clusters. Only pre-condition of an available and active interface.
It looks like below. You can see in the below example available cards have been a bonded interface. Bonding is another topic that can be discussed separately why we need bonding as bonding also separately provides network redundancy other words fault tolerance. It can be configured in various modes.
The most used model is active-passive mode. One interface should be active at a time and in case if it goes down due to any reason another interface takes care of network availability to maintain network redundancy so bonding serves fault tolerance.
Even though it is very simple in configuration but just trying to elaborate on how it can help you in troubleshooting relevant issues in your production environment.Will share my experience related to the same in the last. Let’s focus topic on hand.
Table of Contents
How to create VIP in linux
In the below example treat bond0 as eth0 interface. Our whole objective is to set up a VIP. I am using the bond interface to stimulate my experience as stated above.VIP can be represented in form of interface:X.
In the below example, bond0:0 and bond0:1 are the virtual IP. Most of the server admins will be aware of ifconfig command in RHEL. Below output is truncated part of ifconfig -a. You need to have superuser privilege to do this config.
Syntax of command will be like below
# ifconfig <interface> <IP Add> netmask <netmask> up # ifconfig bond0:2 192.168.25.5 netmask 255.255.255.0 up
That,s it. The above command will create a new virtual interface with bond0:2. Once done if you run ifconfig -a command it will show one more interface in output and immediately it can be used. You need to register this IP in your DNS with any application preferred name.
You can validate that with nslookup command in your network. # nslookup <server-name> You can verify functionality using ping command. # ping <server-name>
How to Disable VIP in linux
Once VIP is configured it can be treated like a physical interface. You can use ifconfig command to make it down as below.
# ifconfig bond0:2 down
Now the question comes that do you want it to be persistent across reboots. If yes you need to create a device entry in the interface configuration file to make it persistent.
1.Change to network config directory. # cd /etc/sysconfig/network-scripts 2.Create new file with ifcfg-bond0:2 name using your preferred editor and add entry like below, save the file . # vi ifcfg-bond0:2 DEVICE=bond0:2 IPADDR=192.168.25.5 NETMASK=255.255.255.0 NETWORK=192.168.0.0 BROADCAST=184.108.40.206 ONBOOT=yes
Once done, if you are doing this under maintenance window you can restart network service or you can leave as it is. It will get addressed on the next reboot automatically as immediately after the main config command you can use VIP. The decision is yours. If you want to restart the network service you can use below.
# service network restart
The above command will work till RHEL 5,6 but since RHEL7 has the previous compatibility it will translate related systemctl command while executing.
That`s it. This facility is incorporated in most recent distros as it is standard for the operating system needs to have this ability.
Let me share my experience with VIP which I have used many times to resolve production down incidents in past. It is still relevant. Before I share my experience i would like to advise all system administrator communities to follow the standard procedure of system administrators “Never forget to take a backup of configuration file before making any modification to make your life easier”.
Related to this topic before making any change please save ifconfig -a output to /var/tmp. Never take a backup of the network configuration file in it,s directory.
Always take a backup of the network config file in a separate directory to avoid any network-related misbehavior of the server.
# ifconfig -a > /var/tmp/ifconfig-a.$date
OK, so let me share my experience of how this helped me in resolving production down incidents in past. The same technology being used many times in many situations like Patching of VCS Servers. Will share one which I mentioned earlier.
I have got a production server down alert. This was a crucial infrastructure netback up the server. Crucial because it performs the backup of the entire environment that,s why critical production server down.
In general most of the monitoring server run a ping to all the servers in the environment and it through an alert in case no response from the server on that behalf ticket gets generated and normally a list of hardware taken from CMDB of the organization.
1.First thing I did ping and found it was not responding.
2.Second I did nslookup for server in alert I got IP as it was registered in our DNS.
3.Our backup servers are veritas clustered PROD/DR pair and we have configured bonding that is the reason I took that example above. As per the veritas cluster configuration, some VIP needed to set up clusters.
4.I looked into our CMDB and found the actual server names for prod/dr.
5.I logged in server and take a look at ifconfig output. One of the VIPs was missing as earlier due to the failover server was rebooted. It was washed out because it was not configured to be available across reboots as mentioned above.
6. I configured it and make it permanent..
1. Ping works perfectly fine.
2.Was able to login using the name in CMDB/Incident as I already said it was there in our DNS.
So such small things sometimes make you realize their importance. Keeping that in mind always take a backup of configuration files before the change and utilize all the services offered by the operating system.