Virtual Server: How to Connect Your ITS-Hosted RHEL 7 Virtual Server to an ITS Private Network

OVERVIEW

Sometimes in order to access certain services offered by UH Information Technology Services (ITS) from your ITS-hosted virtual server, you will need to have access to an ITS private network. The instructions in this article give you instructions on how to make sure your virtual server is connected to an ITS private network.
 
These instructions only apply to Red Hat Enterprise Linux (RHEL) 7 virtual servers created by ITS Managed Services for your use, and only to RHEL systems that have the Network Manager service removed or turned off (e.g., “systemctl networkmanager stop” and “systemctl networkmanager disable”; also see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/Networking_Guide/sec-NetworkManager_and_the_Network_Scripts.html).
 
These instructions are for RHEL 7 environments where the network configuration files are manually maintained, which is the standard configuration for RHEL 6 virtual servers created by ITS Managed Services. You can still use Network Manager if you like, but ITS does not provide instructions for adding a private network connection when Network Manager is enabled so you will have to determine the appropriate procedure yourself.
 

PROCEDURE 

NOTE: All the commands given in the steps below are assumed to be issued as either user root or via "sudo".

  1. Enter the command:

ifconfig

 
to see all installed and connected NICs on your virtual server, and make note of the interface/NIC names of the NICs that are installed (e.g., “eno16780032”, “ens224” ,etc.). You may want to send the output of the “ifconfig” command to a text file for later reference—e.g., “ifconfig > ifconfig_results_2017-07-06.txt”.

For example:

ifconfig
eno16780032: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 166.122.3.161  netmask 255.255.255.0  broadcast 166.122.3.255
        inet6 fe80::250:56ff:feb0:2ddd  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:b0:2d:dd  txqueuelen 1000  (Ethernet)
        RX packets 1185  bytes 102807 (100.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 198  bytes 23317 (22.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens224: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.36.14  netmask 255.255.255.0  broadcast 172.17.36.255
        inet6 fe80::250:56ff:feb0:5673  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:b0:56:73  txqueuelen 1000  (Ethernet)
        RX packets 689  bytes 146959 (143.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 688  bytes 89245 (87.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
  1. In the output of the "ifconfig" command, look at the “inet” setting for each NIC (if there is one) and see if any have a value other than 128.171.*.* (e.g., 128.171.38.164) or 166.122.3.* (e.g., 166.122.3.3) or 127.0.0.1 (the standard internal loopback interface). Any value other than those subnets indicate the NIC does have a private network IP associated with it. If no "inet addr" setting is listed for a NIC, it means that the NIC is connected but has not been configured with an IPv4 IP address yet, and ITS CS will need to verify if the NIC is connected to a private network or not (step 4 below).
     
  2. If a NIC on your virtual server does have a private network IP associated with it, please skip to step 17 below (verify DNS resolves .pvt and .mgt). Otherwise, continue with the next step below.
  1. Contact ITS Managed Services (itscs@hawaii.edu) and ask that your virtual server be assigned to and connected to an ITS private network. As part of your request, please provide the following info:

* The reason you want to add an ITS private network connection to your virtual server

* Your virtual server’s fully qualified domain name (FQDN) (e.g., leeddash.its.hawaii.edu)

* Your virtual server’s public network IP address (128.171.x.x or 166.122.3.x)

 
  1. ITS Managed Services will verify that your virtual server does not have a connection to an ITS private network, and if so they will assign your virtual server an IP within an ITS private network, attach a new NIC on your virtual server that connects to that network, and provide you with the private network IP, gateway, and subnet mask information.
     
  2. Once you have the private network IP, gateway, and subnet mask information from ITS CS, do an “ifconfig” command and make note of the newly added NIC’s name (e.g., “ens224”), as well as the NIC name of the existing primary NIC for the public network (e.g., “eno16780032”).
     
  3. Back up the existing /etc/sysconfig/network file (e.g., “cp /etc/sysconfig/network /etc/sysconfig/network.2017-07-06”) and then edit the /etc/sysconfig/network file and ensure it contains only the following lines (substitute the bracketed items with appropriate values):
 
NETWORKING=yes
HOSTNAME=<Host-FQDN>
GATEWAY=<Gateway-IP-For-Primary-NIC-Public-Network>
GATEWAYDEV=<Primary-NIC-Name>
 
For example:
 
NETWORKING=yes
HOSTNAME=cstemplate06.its.hawaii.edu
GATEWAY=166.122.3.1
GATEWAYDEV=eno16780032
 
  1. Create a /etc/sysconfig/network-scripts/ifcfg-<NIC-name> file (where <NIC-name> is the name of the new NIC as determined in step 6; e.g., /etc/sysconfig/network-scripts/ifcfg-ens224). You can do so with “vi” or "nano" any basic text editor of your choice (or perhaps just copying the primary non-private NIC’s config file and just editing it—e.g., “cp /etc/sysconfig/network-scripts/ifcfg-eno16780032 /etc/sysconfig/network-scripts/ifcfg-ens224”).
     
  2. Edit the new ifcfg-<NIC-name> file created in the previous step so that it contains the following minimal entries:
 
DEVICE=“<NIC-name>
BOOTPROTO=static
ONBOOT=yes
USERCTL=no
IPADDR=<Assigned-Private-Network-IP>
NETMASK=<Assigned-Private-Network-Subnet-Mask>
PEERDNS=no
 
For example:
 
DEVICE="ens224"
BOOTPROTO=static
ONBOOT=yes
USERCTL=no
IPADDR=172.17.36.14
NETMASK=255.255.255.0
PEERDNS=no
 
 
  1. Create and edit a new /etc/sysconfig/network-scripts/route-<NIC-name> file (where <NIC-name> is the name of the new NIC; e.g., /etc/sysconfig/network-scripts/route-ens224) that contains the following lines:
 
192.168.0.0/16 via <Assigned-Private-Network-Gateway-IP> dev <NIC-name>
172.16.0.0/12 via <Assigned-Private-Network-Gateway-IP> dev <NIC-name>
10.0.0.0/8 via <Assigned-Private-Network-Gateway-IP> dev <NIC-name>
 
For example:
 
192.168.0.0/16 via 172.17.65.1 dev eth1
172.16.0.0/12 via 172.17.65.1 dev eth1
10.0.0.0/8 via 172.17.65.1 dev eth1
 
  1. Schedule a reboot the virtual server to incorporate all the changes you’ve made so far (just restarting the network service doesn't seem to be enough). E.g., when ready, as user root, enter the following command to reboot:
reboot
 
  1. Log back into the server and switch user to the "root" user (if you cannot access the server after rebooting, you may need to log in via the virtual console to troubleshoot if you have access [see Virtual Server: How to Access Your Virtual Server via VMware Console Access] or contact ITS CS at itscs@hawaii.edu to help you); one there, print out the current network routing table using the command:
 ip route show
 
  1. Examine the results of the “ip route show” command and ensure that among the entries shown are ones similar to those given in step 10 above and also a “default” entry that specifies the primary (public) NIC’s gateway and NIC name. E.g.:
 
ip route show
166.122.3.0/24 dev eth0  proto kernel  scope link  src 166.122.3.160 
172.17.65.0/24 dev eth1  proto kernel  scope link  src 172.17.65.11 
169.254.0.0/16 dev eth0  scope link  metric 1002 
169.254.0.0/16 dev eth1  scope link  metric 1003 
192.168.0.0/16 via 172.17.65.1 dev eth1 
172.16.0.0/12 via 172.17.65.1 dev eth1 
10.0.0.0/8 via 172.17.65.1 dev eth1 
default via 166.122.3.1 dev eth0 
 
 
  1. Verify that you can ping google.com okay:
 
ping google.com
PING google.com (216.58.193.78) 56(84) bytes of data.
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=1 ttl=55 time=66.7 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=2 ttl=55 time=65.5 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=3 ttl=55 time=65.6 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=4 ttl=55 time=65.7 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=5 ttl=55 time=65.7 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=6 ttl=55 time=65.7 ms
^C
--- google.com ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5645ms
rtt min/avg/max/mdev = 65.535/65.862/66.790/0.470 ms
 
 
  1. Back up the existing /etc/resolv.conf file (e.g., “cp /etc/resolv.conf /etc/resolv.conf.2017-07-06”) and then edit the /etc/resolv.conf file and ensure it consists of only the following three lines:
search hawaii.edu its.hawaii.edu pvt.hawaii.edu mgt.hawaii.edu colo.hawaii.edu
nameserver 192.168.10.115
nameserver 192.168.10.116
 
  1. Once again, verify that you can ping google.com okay (this verifies that you can reach the private DNS servers specified in the previous step; if the ping doesn't work, then back out by restoring the original contents of your /etc/resolv.conf file so that you have DNS resolution again, and then troubleshoot):
 
ping google.com
PING google.com (216.58.193.78) 56(84) bytes of data.
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=1 ttl=55 time=66.7 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=2 ttl=55 time=65.5 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=3 ttl=55 time=65.6 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=4 ttl=55 time=65.7 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=5 ttl=55 time=65.7 ms
64 bytes from sea15s07-in-f78.1e100.net (216.58.193.78): icmp_seq=6 ttl=55 time=65.7 ms
^C
--- google.com ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5645ms
rtt min/avg/max/mdev = 65.535/65.862/66.790/0.470 ms
 
  1. Verify that you can resolve a .pvt hostname via DNS okay. E.g., using the “nslookup” command:
 
nslookup dns11.pvt.hawaii.edu
Server:         192.168.10.115
Address:        192.168.10.115#53
 
Name:   dns11.pvt.hawaii.edu
Address: 192.168.10.116
 
 
  1. Schedule a reboot of your virtual server and, after it comes back up, do the previous two tests again (see if you can ping google.com okay, and see if you can resolve a .pvt hostname via DNS okay). This step verifies that your network configuration changes and private network connectivity will survive intact upon system reboot.
 
This completes the steps necessary to add private network connectivity to your ITS-hosted RHEL 7 virtual server.
 
 

RELATED ARTICLES:

 

Please rate the quality of this answer: Poor Fair Okay Good Excellent
Not the answer you were looking for? Try different keyword combinations and if you still can’t find your answer, please contact us.
Article ID: 1753
Created: Tue, 03 Oct 2017 4:49pm
Modified: Wed, 12 Aug 2020 1:34pm