RedHat Certified System Engineer(EX300) is an advanced and extended exam from EX200. It tests what EX200 already covers and extend them in a more detailed and advanced level.

Network Manager

Besides what we already know about using nmcli to configure networks, RHCE would like to see if candidates would understand how nmcli and legacy script based config work.

A table of Comparison of nm-settings and ifcfg-* Directives

nmcli con mod ifcfg-* file Effect
ipv4.method manual BOOTPROTO=none IPv4 addresses configured statically.
ipv4.method auto BOOTPROTO=dhcp Will look for configuration settings from a DHCPv4 server. If static addresses are also set, will not bring those up until we have information from DHCPv4.
ipv4.addresses “192.0.2.1/24 192.0.2.254” IPADDR0=192.0.2.1PREFIX0=24GATEWAY0=192.0.2.254 Sets static IPv4 address, network prefix, and default gateway. If more than one is set for the connection, then instead of 0, the ifcfg-* directives end with 1, 2, 3 and so on.
ipv4.dns 8.8.8.8 DNS0=8.8.8.8 Modify /etc/resolv.conf to use this nameserver.
ipv4.dns-search example.com DOMAIN=example.com Modify /etc/resolv.conf to use this domain in the search directive.
ipv4.ignore-auto-dns true PEERDNS=no Ignore DNS server information from the DHCP server.
connection.autoconnect yes ONBOOT=yes Automatically activate this connection at boot.
connection.id eth0 NAME=eth0 The name of this connection.
connection.interface-name eth0 DEVICE=eth0 The connection is bound to the network interface with this name.
802-3-ethernet.mac-address . . . HWADDR= . . . The connection is bound to the network interface with this MAC address.

the difference between DHCPv6 and SLAAC is that DHCPv6 server will provide a pool of available IPv6 addresses to clients, while SLAAC routers only offer a IPv6 prefix to the client, and the client needs to pick up his own specific address based on its interface MAC just as how it does it with link-local address.

Network Teaming

Network teaming is method for linking NICs together logically to allow for failover or higher throughput. Teaming is a new implementation that does not affect the older bonding driver in the Linux kernel; it offers an alternate implementation. Red Hat Enterprise Linux 7 supports channel bonding for backward compatability. Network teaming provides better performance and is more extensible because of its modular design.

Red Hat Enterprise Linux 7 implements network teaming with a small kernel driver and a user-space daemon, teamd. The kernel handles network packets efficiently and teamd handles logic and interface processing. Software, called runners, implement load balancing and active-backup logic, such as roundrobin. The following runners are available to teamd:

  • broadcast: a simple runner which transmits each packet from all ports.
  • roundrobin: a simple runner which transmits packets in a round-robin fashing from each of the ports.
  • activebackup: this is a failover runner which watches for link changes and selects an active port for data transfers.
  • loadbalance: this runner monitors traffic and uses a hash function to try to reach a perfect balance when selecting ports for packet transmission. -lacp: implements the 802.3ad Link Aggregation Control Protocol. Can use the same transmit port selection possibilities as the loadbalance runner.

To create a teaming:

nmcli con add type team con-name team0 ifname team0 config '{"runner": {"name": "loadbalance"}}'
nmcli con add type team-slave ifname eth2 master team0 con-name team0-eth2
nmcli dev dis eth2
nmcli con up team0

Or the team port can also be created through config files, where link_watch can be ethtool by default, or use arp_ping as heartbeat detector:

nmcli con mod team0 team.config /tmp/team.conf
[[email protected] ~]# cat /tmp/team.conf
{
    "device": "team0",
    "mcast_rejoin": {
        "count": 1
    },
    "notify_peers": {
        "count": 1
    },
    "ports": {
        "eth1": {
	    "prio": -10,
	    "sticky": true,
            "link_watch": {
                "name": "ethtool"
            }
        },
        "eth2": {
	    "prio": 100,
            "link_watch": {
                "name": "ethtool"
            }
        }
    },
    "runner": {
        "name": "activebackup"
    }
}

To create a bridge with nmcli:

[[email protected] ~]# nmcli con add type bridge con-name br0 ifname br0
[[email protected] ~]# nmcli con add type bridge-slave con-name br0-port1 ifname eth1 master br0
[[email protected] ~]# nmcli con add type bridge-slave con-name br0-port2 ifname eth2 master br0

Note: NetworkManager can only attach Ethernet interfaces to a bridge. It does not support aggregate interfaces, such as a teamed or bonded interface. These must be configured by manipulating the configuration files in /etc/sysconfig/network-scripts.