How to configure a second network interface in a Netwitness appliance

Issue

Sometimes customers need to configure a second network interface, for example when the administration network and the log collection network are located in different subnets. An example of configuration could be the following one:

       Interface            : em1
       IPADDR               : 172.30.0.50
       NETMASK              : 255.255.0.0
       GATEWAY              : 172.30.0.1
       Default gateway?     : Yes
       MACADDRESS           : ec:f4:bb:ee:73:3c

       Note: The em1 interface is always used for communication between the Netwitness appliances.

       Interface            : em2
       IPADDR               : 192.168.30.50
       NETMASK              : 255.255.255.0
       GATEWAY              : 192.168.30.1
       MACADDRESS           : ec:f4:bb:ee:af:fc

Tasks

(Optional but recommended) Open a virtual console from the iDRAC and follow the rest of steps from the console, especially if you are accessing a remote appliance. This way we avoid losing access to the appliance after misconfiguring some network configuration by mistake.

Configure the first interface (em1, or eth0 in VMs) using the netconfig command, as usual:

 # netconfig --static --interface em1 --ip 172.30.0.50 --netmask 255.255.0.0 --gateway 172.30.0.1 --dns 172.30.0.10 --dns 172.30.0.1

Configure the second interface (em2, or eth1 in VMs) by editing the following file and changing the fields as required manually. Note: don’t change the UUID that you find in the file:

 # vi /etc/sysconfig/network-scripts/ifcfg-em2
 
TYPE="Ethernet"
 
PROXY_METHOD="none"
 
BROWSER_ONLY="no"
 
DEFROUTE="no"
 
IPV4_FAILURE_FATAL="no"
 
NAME=em2
 
UUID="xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
 
DEVICE=em2
 
HWADDR=ec:f4:bb:ee:af:fc
 
BOOTPROTO=static
 
IPADDR=192.168.30.50
 
NETMASK=255.255.255.0
 
GATEWAY=192.168.30.1
 
NM_CONTROLLED=no
 
ONBOOT=yes
 
PEERDNS=yes

Set the default gateway in the /etc/sysconfig/network-scripts/route-em1 file, for example:

 # vi /etc/sysconfig/network-scripts/route-em1
 
 default via 172.30.0.1 dev em1

You can also add any other required routes to this file, for example:

     172.20.0.0/24 via 172.30.0.1 dev em1
 
    172.16.1.10/32 via 172.30.0.1 dev em1

Add any required static routes for the em2 interface, for example:

 # vi /etc/sysconfig/network-scripts/route-em2
 
    192.168.0.0/16 via 192.168.30.1 dev em2

You can also define a default gateway in this file, but then you need to remove it from route-em1.

Restart network service:

 # systemctl restart network

Check the routes:

 # route -n

The output should look something similar to:

        Destination    Gateway       Genmask         Flags Metric Ref    Use    Iface
 
       0.0.0.0        172.30.0.1    0.0.0.0         UG    0       0      0      em1
 
       172.20.0.0     0.0.0.0       255.255.255.0   U     0      0      0      em1
 
       172.16.1.10    0.0.0.0       255.255.255.255 U     0      0      0      em1
 
       192.168.0.0   192.168.30.1  255.255.0.0     U    0      0      0      em2

Run some connectivity tests to see if the routing is working fine, for example by pinging the routers:

 # ping 172.30.0.1
 
PING 172.30.0.1 (172.30.0.1) 56(84) bytes of data.
 
64 bytes from 172.30.0.1: icmp_seq=1 ttl=64 time=0.235 ms
 
# ping 192.168.30.1
 
PING 192.168.30.1 (192.168.30.1) 56(84) bytes of data.
 
64 bytes from 192.168.30.1: icmp_seq=1 ttl=64 time=0.263 ms

Then try to ping any other devices that are located on each of the different subnets.

Reboot and check the routes again, to confirm that the they persist after rebooting.

 # reboot

Notes

Reference:

Red Hat Enterprise Linux 7 – Networking Guide:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/index

Product Details

RSA Product Set: NetWitness Platform
RSA Product/Service Type: All NetWitness Appliances
RSA Version/Condition: 11.x
Platform: CentOS 7

Approval Reviewer Queue

Technical approval queue