=================
Accessing a node
=================

There are a variety of ways to connect to a aggregators and bonders for
management or monitoring. Use any one of these methods to start a
console session on a node.

When starting a console session, you will need to provide the node root
password unless you have set up SSH public keys. To ease administration
and improve security, we strongly recommend you set up public keys.


Aggregators and bonders
------------------------

These methods are used to start a console session to both aggregators
and bonders.

Management VPN IP
++++++++++++++++++

Nodes connect to the management server over a secure VPN, and this VPN
can be used to connect back to the node. To find the IP address of the
node's VPN client, go to its node details page. From the bond or
aggregator details page, click
|image0|

The management VPN IP is shown in the Details panel.
|image1|

To connect to the node, first start an SSH session to the management
server. From this SSH session, you can ping or SSH to the node at its
management VPN address.

Serial session
+++++++++++++++

Connect a computer to the serial port and begin a console session. Refer
to the device manufacturer's documentation for the serial port settings.

Monitor and keyboard
+++++++++++++++++++++

Connect a monitor and keyboard to the appropriate ports on the device
and begin a regular terminal session.

Bonders only
-------------

Bonders can be contacted by a few additional methods.

Legs
+++++

Public leg IPs can be used to connect to a bonder. For example, with a
bond configured as follows:

|image2|

You could connect to the bonder at the public IP 203.0.113.1 on leg 1.
However, the 10.8.0.1 IP on leg 7 is behind a NAT firewall, so it cannot
be used to connect to the bonder.

Connected IPs
++++++++++++++

Public connected IPs can also be used to connect to a bonder. For
example, with a bond configured as follows:

|image3|

You could connect to the bonder at the IP 203.0.13.245.

Tunnel private IP
++++++++++++++++++

You can also access the bonder directly from the aggregator it is
currently assigned to. To see the IP the bonder is given on the
aggregator, click the Show advanced link in the Details section of the
bond details page.

|image4|

From the current aggregator, the bonder can be accessed via the IP
address shown in the tunnel subnet field. This address can also be shown
by running the ``ip`` command on the aggregator:
``ip addr show dev tun<bond ID>``:



::

    root@agg01:~# ip addr show dev tun1
    11: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1403 qdisc htb state UNKNOWN qlen 500
        link/none
        inet 172.30.0.1 peer 172.30.0.0/32 scope global tun24

The "inet" and "peer" fields in this listing show that the IP on the
local (aggregator) side of the tunnel is 172.30.0.1, and the IP on the
remote (bonder) side of the tunnel is 172.30.0.0.



Troubleshooting IP
+++++++++++++++++++

The IP address 10.207.35.254/29 is configured on bonders to ensure there
is a known IP available on the device even if the bonding service fails
to start. To connect to the bonder at this IP, physically connect a
computer to the interface with the lowest MAC address. You can check your
management server to see the MAC addresses of configured interfaces. You
may have to try each port if you still can't confirm which port has the
lowest MAC address. Configure the computer with the IP address 10.207.35.250
and netmask 255.255.255.248. You should be able to connect to the bonder
at the IP address 10.207.35.254.

.. note::
    Prior to 6.6, the troubleshooting IP was always set on eth0. However
    on newer versions of debian eth0 may be named differently due to how
    predictable interface naming works. Instead the interface with the lowest
    MAC address is used. This forces the IP to be set on the same physical
    interface regardless of name.

**Troubleshooting via IPv6 link-local address**

If you are unable to connect to the bonder via the troubleshooting IP, you
can also try connecting via the IPv6 link-local address of any interfaces that
have been assigned a connected IP on the bonder. First, determine the MAC
address of one of these interfaces (as above, the MAC addresses can be found
on the management server). From here, you can determine what the link-local
address will be using an `online
converter <https://ben.akrin.com/?p=1347>`__, or manually using the
following steps:

1. Convert the first octet in the MAC address from hexadecimal to binary (in
the following example, the MAC address is assumed to be ``11:22:33:44:55:66``):
::

    11:22:33:44:55:66
    11 -> 00010001

2. Invert the seventh bit (if the seventh bit is a 0, make it a 1):
::

    00010001 -> 00010011

3. Convert the octet back to hexadecimal:
::

    00010011 = 13

4. Substitute the original octet for the converted one:
::

    11:22:33:44:55:66 -> 13:22:33:44:55:66

5. Insert ff:fe: into the middle of the MAC address:
::

    13:22:33:ff:fe:44:55:66

6. Prepend fe80:: to the beginning of the address:
::

    fe80::13:22:33:ff:fe:44:55:66

7. After distributing the rest of the values evenly, you now have the IPv6
link-local address for that interface:
::

    fe80::1322:33ff:fe44:5566

With this link-local address, you should now be able to connect to the
bonder.

.. note::
    Make sure to specify the outgoing interface when you try to connect (e.g.
    when using ssh) by appending it to the link-local address with a percent
    sign (in the following example, the interface is assumed to be ``host0``):
    ::

        user@device:~# ssh root@fe80::1322:33ff:fe44:5566%host0

Aggregators only
-----------------

Public IP
++++++++++

You can connect to an aggregator over its public IP address, shown on
the aggregator details page.

|image5|


.. |image0| image:: /attachments/1179705/1933407.png
.. |image1| image:: /attachments/1179705/1933408.png
.. |image2| image:: /attachments/1179705/9076747.png
.. |image3| image:: /attachments/1179705/1933411.png
.. |image4| image:: /attachments/1179705/2818053.png
.. |image5| image:: /attachments/1179705/1933412.png
