배경: 프랑스 ISP(Orange Fiber)에서 제공한 라우터가 형편없었고 몇 년 전에 Ubiquity ER-4로 교체했습니다. 이제 Debian 10과 systemd-networkd.
라우터의 공용 IP를 검색하려면 특정 VLAN 태그가 포함된 DHCP 요청을 보내야 합니다. 내 설정은 다음과 같습니다. 몇 시간 동안 IP를 얻으려고 노력했지만 DHCP 호출이 완료되지 않습니다(응답 없음). 문제 중 하나는 90DHCP 호출의 일부로 사용해야 하는 옵션의 형식일 수 있지만 먼저 VLAN에 대한 IP를 얻는 일반적인 방법이 올바른지 확인하고 싶습니다.
먼저 파일에 VLAN을 정의합니다 .netdev.
[NetDev]
Name=orange.832
Kind=vlan
[VLAN]
Id=832
그런 다음 이 VLAN을 파일의 인터페이스에 삽입했습니다 .network.
[Match]
Name=enp2s0
Type=ether
[Network]
Description=ethernet interface with VLAN attached
VLAN=orange.832
# In case of 'tagged only' setups, you probably don't need any IP
# configuration on the link without VLAN (or: default VLAN).
# For that just omit an [Address] section and disable all the
# autoconfiguration magic like this:
LinkLocalAddressing=no
LLDP=no
EmitLLDP=no
IPv6AcceptRA=no
IPv6SendRA=no
.network마지막으로 DHCP를 통해 IP 주소를 검색하도록 VLAN(파일을 통해)을 구성합니다 .
[Match]
# matches the VLAN on enp2s0
Name=orange.832
[Network]
Description=orange internet
DHCP=ipv4
#KeepConfiguration=dhcp
IPForward=yes
[DHCPv4]
#SendRelease=false
VendorClassIdentifier=sagem
UserClass=FSVDSL_livebox.Internet.softathome.Livebox3
UseHostname=no
# below is the authentication string which I have a hard time setting but it is completely specific to Orange in France
SendOption=90:string:\x00\x00\x00\....
[Link]
RequiredForOnline=yes
내 방화벽은 현재 완전히 열려 있습니다( /etc/nftables.conf).
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0;
}
chain forward {
type filter hook forward priority 0;
}
chain output {
type filter hook output priority 0;
}
}
이 설정이 합리적으로 보입니까? (즉, 이것이 systemd-networkdVLAN IP 검색을 설정하는 올바른 방법입니까?)
약간 우려되는 점 중 하나는 링크에 VLAN에 대한 언급이 없다는 것입니다.
root@router:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:e2:69:59:33:a2 brd ff:ff:ff:ff:ff:ff
3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:e2:69:59:33:a3 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.201/24 brd 192.168.10.255 scope global enp3s0
valid_lft forever preferred_lft forever
inet6 fe80::2e2:69ff:fe59:33a3/64 scope link
valid_lft forever preferred_lft forever
4: enp4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:e2:69:59:33:a4 brd ff:ff:ff:ff:ff:ff
5: enp5s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:e2:69:59:33:a5 brd ff:ff:ff:ff:ff:ff
6: orange.832@enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
link/ether 00:e2:69:59:33:a2 brd ff:ff:ff:ff:ff:ff
업데이트된 후속 댓글:
/etc/network/interfaces존재하지 않고/etc/network/interfaces.d비어 있으며vlan사용하기 때문에 설치 되지 않았습니다.systemd-networkdnetworkctl산출
root@router:~# networkctl list
IDX LINK TYPE OPERATIONAL SETUP
1 lo loopback carrier unmanaged
2 enp2s0 ether no-carrier configuring
3 enp3s0 ether routable configured
4 enp4s0 ether off unmanaged
5 enp5s0 ether off unmanaged
6 orange.832 vlan no-carrier configuring
또한 있다networkctl status
root@router:~# networkctl status -a | cat
● 1: lo
Link File: /usr/lib/systemd/network/99-default.link
Network File: n/a
Type: loopback
State: carrier (unmanaged)
HW Address: 00:00:00:00:00:00
MTU: 65536
QDisc: noqueue
IPv6 Address Generation Mode: eui64
Queue Length (Tx/Rx): 1/1
Address: 127.0.0.1
::1
● 2: enp2s0
Link File: /usr/lib/systemd/network/99-default.link
Network File: /etc/systemd/network/enp2s0-ETH0-wan.network
Type: ether
State: no-carrier (configuring)
Path: pci-0000:02:00.0
Driver: igc
Vendor: Intel Corporation
Model: Ethernet Controller I225-V
HW Address: 00:e2:69:59:33:a2
MTU: 1500 (min: 68, max: 9216)
QDisc: mq
IPv6 Address Generation Mode: none
Queue Length (Tx/Rx): 4/4
Auto negotiation: yes
Speed: n/a
Port: tp
Aug 19 18:41:36 router systemd-networkd[249]: enp2s0: Link UP
● 3: enp3s0
Link File: /usr/lib/systemd/network/99-default.link
Network File: /etc/systemd/network/enp3s0-ETH1-lan.network
Type: ether
State: routable (configured)
Path: pci-0000:03:00.0
Driver: igc
Vendor: Intel Corporation
Model: Ethernet Controller I225-V
HW Address: 00:e2:69:59:33:a3
MTU: 1500 (min: 68, max: 9216)
QDisc: mq
IPv6 Address Generation Mode: eui64
Queue Length (Tx/Rx): 4/4
Auto negotiation: yes
Speed: 100Mbps
Duplex: full
Port: tp
Address: 192.168.10.201
fe80::2e2:69ff:fe59:33a3
Gateway: 192.168.10.1 (Ubiquiti Networks Inc.)
DNS: 192.168.10.3
DHCP6 Client DUID: DUID-EN/Vendor:0000ab1193e3b0e6f387bfe80000
Connected To: n/a on port 98:fa:9b:78:f7:8b
ap-couloir on port f0:9f:c2:73:34:fe (eth0)
Aug 19 18:41:36 router systemd-networkd[249]: enp3s0: Link UP
Aug 19 18:41:38 router systemd-networkd[249]: enp3s0: Gained carrier
Aug 19 18:41:40 router systemd-networkd[249]: enp3s0: Gained IPv6LL
● 4: enp4s0
Link File: /usr/lib/systemd/network/99-default.link
Network File: n/a
Type: ether
State: off (unmanaged)
Path: pci-0000:04:00.0
Driver: igc
Vendor: Intel Corporation
Model: Ethernet Controller I225-V
HW Address: 00:e2:69:59:33:a4
MTU: 1500 (min: 68, max: 9216)
QDisc: noop
IPv6 Address Generation Mode: eui64
Queue Length (Tx/Rx): 4/4
Auto negotiation: yes
Speed: n/a
Port: tp
● 5: enp5s0
Link File: /usr/lib/systemd/network/99-default.link
Network File: n/a
Type: ether
State: off (unmanaged)
Path: pci-0000:05:00.0
Driver: igc
Vendor: Intel Corporation
Model: Ethernet Controller I225-V
HW Address: 00:e2:69:59:33:a5
MTU: 1500 (min: 68, max: 9216)
QDisc: noop
IPv6 Address Generation Mode: eui64
Queue Length (Tx/Rx): 4/4
Auto negotiation: yes
Speed: n/a
Port: tp
● 6: orange.832
Link File: /usr/lib/systemd/network/99-default.link
Network File: /etc/systemd/network/wan.network
Type: vlan
State: no-carrier (configuring)
Driver: 802.1Q VLAN Support
HW Address: 00:e2:69:59:33:a2
MTU: 1500 (max: 65535)
QDisc: noqueue
IPv6 Address Generation Mode: eui64
VLan Id: 832
Queue Length (Tx/Rx): 1/1
Auto negotiation: yes
Speed: n/a
Port: tp
Aug 19 18:41:36 router systemd-networkd[249]: orange.832: netdev ready
Aug 19 18:41:36 router systemd-networkd[249]: orange.832: Link UP
답변1
이것은 유효한 시스템 네트워크 설정입니다.
phy0더 나은 관리를 위해 물리적 NIC의 이름을 다음으로 바꿉니다.- WAN(인터넷) 및 LAN용 VLAN 보유
- WAN은 DHCP를 사용합니다.
- LAN 및 WAN VLAN 인터페이스의 MAC 주소는 더 나은 관리 및 로깅을 위해 스푸핑됩니다.
- LAN DHCP 서버 활성화
- ISP는 DHCP를 사용하지 않고
SendOption일반 DHCPv4만 사용합니다.
물리적 네트워크 카드
/etc/systemd/network/10-phy0.link: (특정 MAC 주소를 가진 물리적 네트워크 카드의 이름을 로 변경 phy0)
[Match]
MACAddress=4d:ec:ef:04:76:8e
[Link]
# Rename NIC for better management purposes
Name=phy0
Description=Physical ethernet port 0 behind motherboard
# Use Jumbo frames
MTUBytes=9000
MACAddressPolicy=persistent
AutoNegotiation=yes
# Disable some HW accelerations because possible NIC bugs
ReceiveChecksumOffload=no
TransmitChecksumOffload=no
TCPSegmentationOffload=no
TCP6SegmentationOffload=no
GenericSegmentationOffload=no
GenericReceiveOffload=no
LargeReceiveOffload=no
/etc/systemd/network/phy0.network:(VLAN을 NIC에 연결)
[Match]
Name=phy0
[Network]
Description=Network for phy0
# Attach VLANs
VLAN=lan0
VLAN=wan0
DHCP=no
IPForward=yes
IPMasquerade=no
LinkLocalAddressing=no
LLDP=no
EmitLLDP=no
# It is "dumb" because of VLANs
ConfigureWithoutCarrier=yes
[Link]
RequiredForOnline=yes
ARP=no
Multicast=no
AllMulticast=no
Unmanaged=no
Promiscuous=no
VLAN:
근거리 통신망:
/etc/systemd/network/lan0.netdev:
[NetDev]
Description=LAN VLAN
Name=lan0
Kind=vlan
# Change MAC for better management and logs
MACAddress=ba:f4:4d:17:1b:48
[VLAN]
Id=123
LooseBinding=yes
ReorderHeader=yes
/etc/systemd/network/lan0.network:
[Match]
Name=lan0
[Network]
Description=LAN network
BindCarrier=phy0
DHCP=no
Address=192.168.100.1/24
Domains=home-net.lan
IPForward=yes
IPMasquerade=ipv4
LinkLocalAddressing=no
LLDP=yes
EmitLLDP=nearest-bridge
# See [DHCPServer]
DHCPServer=yes
[Link]
ActivationPolicy=always-up
ARP=yes
Multicast=no
AllMulticast=no
Unmanaged=no
RequiredForOnline=yes
ConfigureWithoutCarrier=yes
# Act as DHCP server
[DHCPServer]
BindToInterface=yes
ServerAddress=192.168.100.1/24
# Start from .128
PoolOffset=128
DefaultLeaseTimeSec=21600
MaxLeaseTimeSec=86400
EmitDNS=yes
DNS=192.168.100.1
EmitNTP=yes
NTP=192.168.100.1
EmitRouter=yes
EmitTimezone=yes
WAN(인터넷):
/etc/systemd/network/wan0.netdev:
[NetDev]
Description=WAN0 VLAN
Name=wan0
# Use standard MTU for internet
MTUBytes=1500
Kind=vlan
# Change MAC for better management and logs
MACAddress=0a:94:cf:7b:71:07
[VLAN]
Id=1000
LooseBinding=yes
ReorderHeader=yes
/etc/systemd/network/wan0.network
[Match]
Name=wan0
[Network]
Description=Internet
BindCarrier=phy0
DHCP=yes
DNS=192.168.100.1
IPForward=yes
IPMasquerade=ipv4
LinkLocalAddressing=no
LLMNR=no
LLDP=no
EmitLLDP=no
MulticastDNS=no
[Link]
ARP=yes
Multicast=no
AllMulticast=no
Unmanaged=no
RequiredForOnline=no
ConfigureWithoutCarrier=yes
nftables
netdev 주소 계열에서는 VLAN 태그 및 ARP 트래픽만 허용합니다 phy0.
table netdev if_traffic {
chain physical_in {
type filter hook ingress device phy0 priority filter; policy drop;
ether type vlan counter packets 0 bytes 0 accept
meta protocol arp counter packets 0 bytes 0 accept
}
}
노트: netdev규칙으로 인해 nftables인터페이스가 아직 존재하지 않을 수 있으므로(예: VLAN 인터페이스에 대해 허용된 MAC/IP 주소 규칙을 추가하는 경우) 부팅이 올바르게 시작되지 않으므로 다음을 사용하여 다시 시작을 활성화해야 합니다 nftables.
systemctl edit nftables
그리고 다음을 추가하세요:
[Service]
Restart=on-failure
RestartSec=30
문제 해결
systemd-networkd 디버그 로그는 다음을 통해 활성화할 수 있습니다(AFAIK를 다시 시작해야 함).
systemctl edit systemd-networkd
그리고 다음을 추가하세요:
[Service]
Environment=SYSTEMD_LOG_LEVEL=debug
이제 다음과 같은 DHCP 로그를 볼 수 있습니다.
journalctl -b -o short-monotonic --no-hostname -u systemd-networkd -u systemd-udevd
다음과 같아야 합니다.
[ 10.747475] systemd-networkd[453]: wan0: Requested configuring of the DHCPv4 client.
[ 10.749483] systemd-networkd[453]: wan0: DHCPv4 client is configured.
[ 10.765793] systemd-networkd[453]: wan0: link_check_ready(): DHCPv4, DHCPv6, DHCP-PD or IPv4LL is enabled but no dynamic address is assigned yet.
[ 14.371914] systemd-networkd[453]: wan0: DHCPv4 client: STARTED on ifindex 4
[ 14.372147] systemd-networkd[453]: wan0: Acquiring DHCPv4 lease.
[ 14.372362] systemd-networkd[453]: wan0: link_check_ready(): DHCPv4, DHCPv6, DHCP-PD or IPv4LL is enabled but no dynamic address is assigned yet.
[ 14.612883] systemd-networkd[453]: wan0: DHCPv4 client: DISCOVER
[ 14.648075] systemd-networkd[453]: wan0: DHCPv4 client: Received message from RAW socket, processing.
[ 14.648446] systemd-networkd[453]: wan0: DHCPv4 client: OFFER
[ 14.648669] systemd-networkd[453]: wan0: DHCPv4 client: REQUEST (requesting)
[ 14.683557] systemd-networkd[453]: wan0: DHCPv4 client: Received message from RAW socket, processing.
[ 14.683858] systemd-networkd[453]: wan0: DHCPv4 client: ACK
[ 14.703211] systemd-networkd[453]: wan0: DHCPv4 client: lease expires in 3h 59min 59s
[ 14.703397] systemd-networkd[453]: wan0: DHCPv4 client: T2 expires in 3h 30min
[ 14.703557] systemd-networkd[453]: wan0: DHCPv4 client: T1 expires in 1h 59min 59s
[ 14.704047] systemd-networkd[453]: wan0: DHCPv4 address XXX.XXX.XXX.XXX/24, gateway XXX.XXX.XXX.XXX acquired from XXX.XXX.XXX.XXX
[ 14.704224] systemd-networkd[453]: wan0: Requesting DHCPv4 address (n/a): XXX.XXX.XXX.XXX/24 (valid for 3h 59min 59s, preferred for 3h 59min 59s), flags: tentative, scope: global
[ 14.704371] systemd-networkd[453]: wan0: DHCP: No static routes received from DHCP server.
[ 14.704506] systemd-networkd[453]: wan0: Requesting DHCPv4 route (n/a): dst: XXX.XXX.XXX.XXX/32, src: n/a, gw: n/a, prefsrc: XXX.XXX.XXX.XXX, scope: link, table: main(254), proto: dhcp, type: unicast, nexthop: 0, priority: 1024, flags: n/a
[ 14.704649] systemd-networkd[453]: wan0: Requesting DHCPv4 route (n/a): dst: n/a, src: n/a, gw: XXX.XXX.XXX.XXX, prefsrc: XXX.XXX.XXX.XXX, scope: global, table: main(254), proto: dhcp, type: unicast, nexthop: 0, priority: 1024, flags: n/a
답변2
ethtool해당 기능이 활성화(켜져)되어 있는지 확인하세요 .
tcp-segmentation-offload generic-segmentation-offload generic-receive-offload rx-vlan-offload tx-vlan-offload hw-tc-offload
ethtool -K <physical_iface> xxx on
그런 다음 다시 시도해 보세요.