Accessing a node¶
There are a variety of ways to connect to a aggregators and bonders for management or monitoring. Use any one of these methods to start a console session on a node.
When starting a console session, you will need to provide the node root password unless you have set up SSH public keys. To ease administration and improve security, we strongly recommend you set up public keys.
Aggregators and bonders¶
These methods are used to start a console session to both aggregators and bonders.
Management VPN IP¶
Nodes connect to the management server over a secure VPN, and this VPN
can be used to connect back to the node. To find the IP address of the
node’s VPN client, go to its node details page. From the bond or
aggregator details page, click
The management VPN IP is shown in the Details panel.
To connect to the node, first start an SSH session to the management server. From this SSH session, you can ping or SSH to the node at its management VPN address.
Serial session¶
Connect a computer to the serial port and begin a console session. Refer to the device manufacturer’s documentation for the serial port settings.
Monitor and keyboard¶
Connect a monitor and keyboard to the appropriate ports on the device and begin a regular terminal session.
Bonders only¶
Bonders can be contacted by a few additional methods.
Legs¶
Public leg IPs can be used to connect to a bonder. For example, with a bond configured as follows:
You could connect to the bonder at the public IP 203.0.113.1 on leg 1. However, the 10.8.0.1 IP on leg 7 is behind a NAT firewall, so it cannot be used to connect to the bonder.
Connected IPs¶
Public connected IPs can also be used to connect to a bonder. For example, with a bond configured as follows:
You could connect to the bonder at the IP 203.0.13.245.
Tunnel private IP¶
You can also access the bonder directly from the aggregator it is currently assigned to. To see the IP the bonder is given on the aggregator, click the Show advanced link in the Details section of the bond details page.
From the current aggregator, the bonder can be accessed via the IP
address shown in the tunnel subnet field. This address can also be shown
by running the ip command on the aggregator:
ip addr show dev tun<bond ID>:
root@agg01:~# ip addr show dev tun1
11: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1403 qdisc htb state UNKNOWN qlen 500
link/none
inet 172.30.0.1 peer 172.30.0.0/32 scope global tun24
The “inet” and “peer” fields in this listing show that the IP on the local (aggregator) side of the tunnel is 172.30.0.1, and the IP on the remote (bonder) side of the tunnel is 172.30.0.0.
Troubleshooting IP¶
The IP address 10.207.35.254/29 is configured on bonders to ensure there is a known IP available on the device even if the bonding service fails to start. To connect to the bonder at this IP, physically connect a computer to the interface with the lowest MAC address. You can check your management server to see the MAC addresses of configured interfaces. You may have to try each port if you still can’t confirm which port has the lowest MAC address. Configure the computer with the IP address 10.207.35.250 and netmask 255.255.255.248. You should be able to connect to the bonder at the IP address 10.207.35.254.
Note
Prior to 6.6, the troubleshooting IP was always set on eth0. However on newer versions of debian eth0 may be named differently due to how predictable interface naming works. Instead the interface with the lowest MAC address is used. This forces the IP to be set on the same physical interface regardless of name.
Troubleshooting via IPv6 link-local address
If you are unable to connect to the bonder via the troubleshooting IP, you can also try connecting via the IPv6 link-local address of any interfaces that have been assigned a connected IP on the bonder. First, determine the MAC address of one of these interfaces (as above, the MAC addresses can be found on the management server). From here, you can determine what the link-local address will be using an online converter, or manually using the following steps:
1. Convert the first octet in the MAC address from hexadecimal to binary (in
the following example, the MAC address is assumed to be 11:22:33:44:55:66):
11:22:33:44:55:66
11 -> 00010001
2. Invert the seventh bit (if the seventh bit is a 0, make it a 1):
00010001 -> 00010011
3. Convert the octet back to hexadecimal:
00010011 = 13
4. Substitute the original octet for the converted one:
11:22:33:44:55:66 -> 13:22:33:44:55:66
5. Insert ff:fe: into the middle of the MAC address:
13:22:33:ff:fe:44:55:66
6. Prepend fe80:: to the beginning of the address:
fe80::13:22:33:ff:fe:44:55:66
7. After distributing the rest of the values evenly, you now have the IPv6 link-local address for that interface:
fe80::1322:33ff:fe44:5566
With this link-local address, you should now be able to connect to the bonder.
Note
Make sure to specify the outgoing interface when you try to connect (e.g.
when using ssh) by appending it to the link-local address with a percent
sign (in the following example, the interface is assumed to be host0):
user@device:~# ssh root@fe80::1322:33ff:fe44:5566%host0
