Faster way to add large ranges to servers?

Discussion in 'Noob Central' started by sti, Mar 2, 2016.

  1. sti

    sti New Member

    Joined:
    Feb 4, 2014
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Hey all,

    I suppose this isn't exactly a noob question...

    When I add a /24 for example to a CentOS server I edit the ipcfg-ethX file and add (depending on the range)
    IPADDR_START=192.168.1.0
    IPADDR_END=192.168.1.255

    And then restart the network. Sometimes this can take 10+ minutes. I know other systems that can add a /16 faster than that. I'm upping my game to larger IP ranges and am wondering what tricks or tools are used to add/bind IPs faster with bigger ranges.

    I've been googling this for an hour or so but haven't found any shortcuts - apparently not that many people add large blocks to servers.

    /24s are common. But if I were to add a /22 or /18 or bigger, this could take forever. I know there are easier ways, I just haven't found them yet.

    Thanks for any input or help. I'm not a skilled admin so a tool or tutorial would be appreciated.
     
  2. nickphx

    nickphx VIP

    Joined:
    Apr 2, 2011
    Messages:
    1,139
    Likes Received:
    363
    Trophy Points:
    83
    Gender:
    Male
    Location:
    guadalajara, chiuhuahua
    The ifup script runs an arping command for every ip before it binds the IP to the interface. This is slow and silly.
    Add this to your ifcfg-ethX-rangeY file:
    ARPCHECK=no

    Alternatively, you can bind a range to dev lo (after enabling source routing) in one command:
    ip add add 192.168.0.0/16 dev lo
     
  3. sti

    sti New Member

    Joined:
    Feb 4, 2014
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the quick reply. I think the server I tested this on tonight was a little wonky. I am far from a system admin so source routing was new to me. I know you've said "google it" more than once here so I spent another hour+ trying to figure out how to enable source routing before asking here again ;) There was a great tutorial on disabling it, but everything I found for enabling (quite limited) didn't seem right at all. Turns out from a few places I read, it is apparently enabled by default on newer CentOS. So assuming that to be the case I tried it out.

    Please note a typo "addr" in what you posted above:
    ip addr add 192.168.0.0/16 dev lo

    In my case, I ran that for a /24 and was immediately able to ping it from the server. However, it didn't ping from remote. So I reverted to the ifcfg-ethX-rangeY and used your other tip, ARPCHECK=no. This resulted in a much faster IP add. Again, I could ping the IPs from the server but not from remote. Bug. So after a reboot and several retries of everything I was still stumped. I took a late night cereal break and ended up trying it the old slow way without ARPCHECK=no. It magically worked and I can ping the IPs from remote. Since I had a routing issue with a previous range, I'm assuming that is what happened here and during my break the IPs got routed.

    All that said, can you or anyone comment on whether what I read is correct regarding source routing being enabled by default on CentOS? I'll give that a shot on the next server either way and report back. If that works it will be a timesaver for sure.
     
  4. nickphx

    nickphx VIP

    Joined:
    Apr 2, 2011
    Messages:
    1,139
    Likes Received:
    363
    Trophy Points:
    83
    Gender:
    Male
    Location:
    guadalajara, chiuhuahua
    there was not a typo.
    ip tool allows you to use abbreviations..

    ip a a 1.2.3.4/32 dev lo
    ip a s dev lo

    ...

    If the IPs do not work with arpcheck disabled then the issue is with how your provider has their switch/router configured.

    centos 7.2 has source routing disabled by default for all interfaces except lo.
    ]# cat /etc/redhat-release
    CentOS Linux release 7.2.1511 (Core)

    # sysctl -a | grep source
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0
    net.ipv4.conf.eno1.accept_source_route = 0
    net.ipv4.conf.enp2s0.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 1
    net.ipv6.conf.all.accept_source_route = 0
    net.ipv6.conf.default.accept_source_route = 0
    net.ipv6.conf.eno1.accept_source_route = 0
    net.ipv6.conf.enp2s0.accept_source_route = 0
    net.ipv6.conf.lo.accept_source_route = 0
     
  5. sti

    sti New Member

    Joined:
    Feb 4, 2014
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Ah, sorry for the typo mention. Just what I saw when googling. See...Google doesn't know everything ;)

    I have not moved up to CentOS 7.x yet. But good to know. I'm definitely thinking the host has some configs that are not making it easy on me here.

    I know I'm not going to learn everything you know overnight. Is there a networking for dummies book or a good site to read for tutorials and explanations of these kinds of alternative routings and configs? MF is about the best place for networking/admin and such as it relates to mailing as we deal with topics out of the ordinary for hosting. I appreciate your input and try your suggestions. But as above, I can try but not know why it is failing. In the end it doesn't matter so much as long as it is working. But when it doesn't work, it would be nice to know why or where to look for why.

    I've been a hack sys admin for a decade+ but without a sound base. I have a great guy that has done all my installs for several years - great admin for normal stuff, but not innovative. Its hard when I know there are better ways but don't know how to find them. (Again - appreciate you sharing here.) So I end up being the teacher for my guy - and barely a hack teacher at that.

    So when you give me something like this:
    ip a a 1.2.3.4/32 dev lo
    ip a s dev lo

    I end up spending an hour or two on Google trying to figure out what it means. Not necessarily a bad thing - here to learn. But simply inputting commands and hoping it works isn't exactly the best thing. Next server I'll try the alternative bind to dev lo again. Thanks again nick.
     
  6. nickphx

    nickphx VIP

    Joined:
    Apr 2, 2011
    Messages:
    1,139
    Likes Received:
    363
    Trophy Points:
    83
    Gender:
    Male
    Location:
    guadalajara, chiuhuahua

Share This Page