RHEL: Linux Bond / Multiple Network Interfaces (NIC) Into a Single Interface

RHEL: Linux Bond / Multiple Network Interfaces (NIC) Into a Single Interface

Bonding is nothing but Linux kernel feature that allows to aggregate multiple like interfaces (such as eth0, eth1) into a single virtual link such as bond0. The idea is pretty simple get higher data rates and as well as link failover.

We will configure here bond0 virtual link on eth0 and eth1 NIC Cards on RHEL5.8 Server. It will also work on latest RHEL 6 version.

Bonding is mainly kernel feature of RHEL server which provides this functionality of load balancing and redundancy of link. The Bonding driver should be installed on server before configuring multiple NIC cards into a single bond virtual link.

Step #1: Create a Bond0 Configuration File

Red Hat Enterprise Linux (and its clone such as Cent OS) stores network configuration in /etc/sysconfig/network-scripts/ directory. First, you need to create a bond0 configuration file as follows:

# vi /etc/sysconfig/network-scripts/ifcfg-bond0
Append the following lines:

DEVICE=bond0

IPADDR=10.0.1.67

NETWORK=10.0.0.0

NETMASK=255.255.252.0

USERCTL=no

BOOTPROTO=none

ONBOOT=yes

 You need to replace IP address with your actual setup. Save and close the file.

Step #2: Modify eth0 and eth1 config files

Open both configuration using a text editor such as vi/vim, and make sure file read as follows for eth0 interface
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
Modify/append directive as follows:
DEVICE=eth0
USERCTL=no
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none

Open eth1 configuration file using vi text editor, enter:
# vi /etc/sysconfig/network-scripts/ifcfg-eth1
Make sure file read as follows for eth1 interface:

DEVICE=eth1
USERCTL=no
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none


Save and close the file.

Step # 3: Load bond driver/module

Make sure bonding module is loaded when the channel-bonding interface (bond0) is brought up. You need to modify kernel modules configuration file:

# vi /etc/modprobe.conf
Append following two lines:

alias bond0 bonding
options bond0 mode=balance-alb miimon=100

Save file and exit to shell prompt.

Step # 4: Test configuration

First, load the bonding module, enter:
# modprobe bonding

Restart the networking service in order to bring up bond0 interface, enter:
# service network restart
Make sure everything is working. Type the following cat command to query the current status of Linux kernel bounding driver, enter:
# cat /proc/net/bonding/bond0

Sample outputs:

Bonding Mode: adaptive load balancing

Primary Slave: None

Currently Active Slave: eth1

MII Status: up

MII Polling Interval (ms): 100

Up Delay (ms): 0

Down Delay (ms): 0

Slave Interface: eth0

MII Status: down

Speed: Unknown

Duplex: Unknown

Link Failure Count: 0

Permanent HW addr: 10:1f:74:2f:8c:8c

Slave Interface: eth1

MII Status: up

Speed: 1000 Mbps

Duplex: full

Link Failure Count: 0

To list all network interfaces, Enter:
# ifconfig

Sample outputs:

bond0     Link encap:Ethernet  HWaddr 10:1F:74:2F:8C:8C

          inet addr:10.0.1.67  Bcast:10.0.15.255  Mask:255.255.240.0

          inet6 addr: 2002:dc9c:bfcf:5:121f:74ff:fe2f:8c8c/64 Scope:Global

          inet6 addr: fec0::5:121f:74ff:fe2f:8c8c/64 Scope:Site

          inet6 addr: fec0::a:121f:74ff:fe2f:8c8c/64 Scope:Site

          inet6 addr: 2002:dc9c:bfca:a:121f:74ff:fe2f:8c8c/64 Scope:Global

          inet6 addr: fe80::121f:74ff:fe2f:8c8c/64 Scope:Link

          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1

          RX packets:4123683 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1658279 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:2050975191 (1.9 GiB)  TX bytes:555880972 (530.1 MiB)

eth0      Link encap:Ethernet  HWaddr 10:1F:74:2F:8C:8E

          UP BROADCAST SLAVE MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

          Interrupt:162 Memory:f4000000-f4012800

eth1      Link encap:Ethernet  HWaddr 10:1F:74:2F:8C:8C

          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1

          RX packets:4123683 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1658279 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:2050975191 (1.9 GiB)  TX bytes:555880972 (530.1 MiB)

          Interrupt:170 Memory:f2000000-f2012800

__________________________________________________________________________________

Post Installation Checklist of Qmail Server Part-2

Post Installation Checklist of Qmail Server Part-2

1.     Test IMAP: IMAP connection can be tested by following command.

telnet 10.0.0.99 143

* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc.  See COPYING for distribution information.

a001 login jitendrakumar password

a001 OK LOGIN Ok.

a001 logout

* BYE Courier-IMAP server shutting down

a001 OK LOGOUT completed

2.     Test IMAPS Service: Test your new server's IMAP-SSL service by running following command.

[root@mail html]# openssl s_client -connect localhost:993 -quiet

depth=0 /C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated IMAP SSL key/CN=localhost/emailAddress=postmaster@example.com

verify error:num=18:self signed certificate

verify return:1

depth=0 /C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated IMAP SSL key/CN=localhost/emailAddress=postmaster@example.com

verify return:1

* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE AUTH=PLAIN ACL ACL2=UNION] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc.  See COPYING for distribution information.

a001 login jitendrakumar password

a001 OK LOGIN Ok.

a001 logout

* BYE Courier-IMAP server shutting down

a001 OK LOGOUT completed

3.     Test POP-SSL Service: Test your new server's POP-SSL service by running following command.

[root@mail html]# openssl s_client -connect localhost:995 -quiet

depth=0 /C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated POP3 SSL key/CN=localhost/emailAddress=postmaster@example.com

verify error:num=18:self signed certificate

verify return:1

depth=0 /C=US/ST=NY/L=New York/O=Courier Mail Server/OU=Automatically-generated POP3 SSL key/CN=localhost/emailAddress=postmaster@example.com

verify return:1

+OK Hello there.

user jitendrakumar

+OK Password required.

pass password

+OK logged in.

quit

+OK Bye-bye.

4.     Qmail-Admin (Qmailadmin) Check List

A.    Email Accounts:-

a.     Check User is created successfully.

b.    Password with minimum 8 characters with 2 special characters.

c.     User quota is updating or not.

d.    Check forwarding is working fine.

e.     Check Set catchall email deleted  | Set catchall bounced  | Set remote catch all account

B.    Forwarding

                        Check Forwarding is working fine. Check local and remote Mail ID forward.

C.    Mail Robot

                        Check Mail robot is working fine.

D.    Mailing List

a.     Check weather new mailing list is successfully created or not.

b.    Check moderator is receiving the accept/reject mail, when a user send mail to mailing list ID.

c.     Mail received by moderator, check accept and reject links are working fine.

d.    Check Add, Delete, Show Subscriber and Add, Delete, Show Moderators radio buttons are working fine in new created mailing list or exiting mailing list. 

Post Installation Checklist of Qmail Server Part-1

Post Installation Checklist of Qmail Server Part 1

1.     Check all qmail services running on server and their timestamp are same.

[root@mail ~]# qmailctl stat

/service/qmail-send: up (pid 6480) 10591 seconds

/service/qmail-send/log: up (pid 6482) 10591 seconds

/service/qmail-smtpd: up (pid 6474) 10591 seconds

/service/qmail-smtpd/log: up (pid 6479) 10591 seconds

/service/qmail-pop3d: up (pid 6475) 10591 seconds

/service/qmail-pop3d/log: up (pid 6471) 10591 seconds

/service/qmail2-send: up (pid 6476) 10591 seconds

/service/qmail2-send/log: up (pid 6472) 10591 seconds

/service/qmail2-smtpd: up (pid 6466) 10591 seconds

/service/qmail2-smtpd/log: up (pid 6467) 10591 seconds

2.     DNS Setup: Emails don’t work without properly configured domain names. So, it’s a good idea to configure the domain name (names) with proper MX records pointing to the new server before starting the installation of an email server. This can be done before the actual testing of email server but since it’s critical, just do it a step ahead.

3.     You need to create different scenarios for testing. The minimum testing scenario might look like this:

i) Test from local to local: send an email to local user using the same server. (From: localuser; To: localuser)

ii) Test from remote to local: send an email to newly created user using any outside server. (From: Gmail user; To: localuser)

iii) Test receiving emails: make sure you can receive both the email from test (i) and (ii).

iv) Test from local to remote: send an email using the local server to a remote server and make sure you can receive it in the remote server. (From: localuser; To: Gmail user)

1.     Check the logs: Check the server logs during test because they provide a very good view on what is happening e.g. the newly created user cannot login. You can see “password incorrect” in the log. Which will tell you that you are typing an incorrect password? Or “relay not allowed” meaning your SMTP auth is not working or the IP is not listed in “tcp.smtp” file. Server log is the first place we should be looking during first test even if we don’t see any obvious problems. We don’t want to discover any hidden silly problems after the system is put on production.

The main qmail log files:

/var/log/qmail/current

/var/log/qmail/smtpd/current

/var/log/qmail2/current

/var/log/qmail2/smtpd/current

/var/log/qmail/pop3d/current

2.     Check the Ports:

   Check the ports on mail server whether these are working on server.

[root@mail ~]# nmap localhost

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2011-12-30 13:53 IST

Interesting ports on localhost (127.0.0.1):

(The 1647 ports scanned but not shown below are in state: closed)

PORT    STATE SERVICE

22/tcp  open  ssh

25/tcp  open  smtp

53/tcp  open  domain

80/tcp  open  http

110/tcp open  pop3

143/tcp open  imap

199/tcp open  smux

443/tcp open  https

631/tcp open  ipp

825/tcp open  unknown

953/tcp open  rndc

993/tcp open  imaps

995/tcp open  pop3s

6.     Test Courier-authlib: Check first if the created account is still there (without testing the authentification)

 [root@mail ~]# /home/vpopmail/bin/vuserinfo jitendrakumar@mydomain.in

name:   jitendrakumar

passwd: $1$6qh6nLgH$PjYHZzP/n/ofo9nyjNIQ2.

clear passwd: password

comment/gecos: Jitendra Kumar

uid:    1

gid:    0

flags:  0

gecos: Jitendra Kumar

limits: No user limits set.

dir:       /home/vpopmail/domains/mydomain.in/0/jitendrakumar

quota:     NOQUOTA

usage:     NOQUOTA

last auth: Tue Jan  3 13:39:51 2012

last auth ip: pop3

Test now the authentication process:

[root@mail ~]# /usr/local/src/courier-authlib-0.55/authtest jitendrakumar@mydomain.in

 Authentication succeeded.

 Authenticated: jitendrakumar@mydomain.in  (uid 507, gid 502)

 Home Directory: /home/vpopmail/domains/mydomain.in/0/jitendrakumar

           Maildir: (none)

           Quota: (none)

Encrypted Password: $1$6qh6nLgH$PjYHZzP/n/ofo9nyjNIQ2.

Cleartext Password: (none)

Options: disablewebmail=0,disablepop3=0,disableimap=0

This is the sign authlib is working well!

7.     SMTP authentication: The SMTP authentication system lets us identify the sender of any emails to you and helps us stop anonymous emails from getting through. It allows us to control spam and viruses sent through our outgoing mail servers and to protect your email service.

telnet 10.0.0.99 25

220 mail.mydomain.in ONLY SECURE MAIL ESMTP

EHLO TESTING

250-mail.mydomain.in ONLY SECURE MAIL

250-STARTTLS

250-AUTH LOGIN CRAM-MD5 PLAIN

250-AUTH=LOGIN CRAM-MD5 PLAIN

250-PIPELINING

250-8BITMIME

250 SIZE 17000000

If you see the AUTH line, then your server is broadcasting that capability. Next, let's try connecting and authenticating. First, generate the Base64 string required.

[root@mail ~]# perl -MMIME::Base64 -e 'print encode_base64("\000jitendrakumar\@mydomain.in\000AAA")'

AGppdGVuZHJha3VtYXJAY2RhY25vaWRhLmluAEFBQQ==

Next, connect and issue the AUTH command to login:

telnet 10.0.0.99 25

220 mail.mydomain.in ONLY SECURE MAIL ESMTP

EHLO TESTING

250-mail.mydomain.in ONLY SECURE MAIL

250-STARTTLS

250-AUTH LOGIN CRAM-MD5 PLAIN

250-AUTH=LOGIN CRAM-MD5 PLAIN

250-PIPELINING

250-8BITMIME

250 SIZE 17000000

AUTH PLAIN AGppdGVuZHJha3VtYXJAY2RhY25vaWRhLmluAEFBQQ==

235 ok, go ahead (#2.0.0)

If you see the 235 response, then your login has succeeded.

8.     Chkuser Testing: chkuser rejects messages if the MX record in the from field nonexistent. This is a rare case since spammers will try to use own domain in from field.

telnet 10.0.0.99 25

220 mail.mydomain.in ONLY SECURE MAIL ESMTP

mail from:jitendra@fake.com

511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser)

9.     Password Management: The password policy should be implemented in qmail-admin package so that every user would forcefully change password of minimum 8 characters with two special characters.

10.     Default User and Domain Quota: The default quota of every domain user should be set by following command. ( set default user quota, '100M' = 100 MB )

[root@mail ~]# /home/vpopmail/bin/vmoddomlimits –q 100M

The Domain Quota can be set by following command. ((set domain disk quota, '100' = 100 MB))

[root@mail ~]# /home/vpopmail/bin/vmoddomlimits –Q 100

 

11.     Open Relay: There should be open relay to only localhost and other IPs should be blocked.

[root@mail bin]# cat /etc/tcp1.smtp

127.:allow,RELAYCLIENT="",RBLSMTPD=""

10.0.0.99:allow,RELAYCLIENT="",RBLSMTP=""

.:deny

12.     Test POP3: POP3 connection can be tested by following result.

telnet 10.0.0.99 110

+OK <19705.1325496378@mail.mydomain.in>

user jitendrakumar

+OK

pass password

+OK

quit

+OK