Non forwarding interfaces are used for several purposes, including HA peer node control traffic, reaching a 128T Conductor from a 128T Router, reaching managed 128T Routers from a 128T Conductor, management traffic and reaching the public internet.
Before we get started, it is important to understand the terminology relating to 128T interfaces
Changing a forwarding interface to non forwarding and vice versa is not dynamically reconfigurable and requires a restart of the 128T node
A quick recap:
External interfaces are not used for any control traffic to the node's HA peer and the user has no limit to how many
external interfaces they configure. A user may configure either one
fabric or one
shared interface per node, and that interface will be used for all HA control traffic.
This example will configure an interface to be used to establish connectivity between HA peers. To configure a non-forwarding interface, set the
forwarding flag to
false. This example uses a
device-interface set to type
The next step is to add a
network-interface. Start by creating a
fabric interface to reach the HA peer node.
fabric was chosen in this situation because the HA nodes are directly connected:
This interface is needed to establish connectivity to the HA peer node. A similar
fabric interface is required on each node of the HA pair.
At this point, it may be a good time to commit the configuration.
The interfaces created within the 128T configuration will manage corresponding interfaces in Linux. 128T will dynamically update all SSH tunnels which are used to send control traffic to the peer node.
The first time a non-forwarding interface is configured and 128T "takes over" the Linux interfaces, a backup of all the previous ifcfg scripts will be created at
Notice the interfaces are configured as network team because the type was set to
fabric. If instead the type was set to
shared then interface
eth1 would have been configured directly with the static IP address.
Upon committing configuration changing the control IP addresses, it can take up to two minutes for the node to reconnect internally or reconnect to its HA peer node. This delay happens because 128T is waiting for the TCP state machine to close existing connections. Don't panic. Just sit tight and wait for everything to reconnect.
While this example showcases peering with a HA node on a conductor, the configuration and operations are identical for a router.
show system connectivity to ensure that both nodes are connected.
show system connectivity internal to confirm that the internal processes are communicating with each other.
Now that connectivity has been fully established between HA peer nodes, it is useful to configure some external management interfaces. This example will create an
external Ethernet interface using
Notice that some additional fields were configured. The
default-route is set to
true. This instructs Linux to set this external interface as the default route for all traffic. Secondly, a
management-vector was configured. This is required when setting the
true. The user is allowed to define multiple interfaces as the
default-route, so the
management-vector is used to define the priority of all interfaces which are set as the default route.
If you configure the interface that is currently being used to connect to 128T as an
external interface, you will notice your connection hang for a few moments while 128T takes over the interface after the config is committed. Once the commit is complete you will notice the interface's ifcfg script has been updated:
The goal of this functionality is to eliminate the need for administrators to have to drop to the Linux shell to manually configure interfaces. A configuration field name
ifcfg-option was added to the
network-interface to allow super users to add any config field directly to an ifcfg script that 128T currently does not support. 128T does validate that the user is not trying to configure any options that 128T already configures to avoid creating conflicts with 128T settings. An example is firewalld zones. Perhaps this external interface needs to be configured as a trusted interface.
Upon committing this configuration you will see the ifcfg script get updated with the new value.