HowTo Setup A Server With Multiple Network Interface Adapters Using: "nstnetcfg": Difference between revisions
Line 642: | Line 642: | ||
=== ''' Adding IPv4 Alias Address''' === | === ''' Adding IPv4 Alias Address''' === | ||
In this section we will show how the '''nstnetcfg''' script can be used to add "'''IPv4 Alias Addresses'''" to an '''NST''' | In this section we will show how the '''nstnetcfg''' script can be used to add "'''IPv4 Alias Addresses'''" to an '''NST''' system. | ||
First, the current '''IP Address''' state is shown on our demo '''NST''' system. | First, the current '''IP Address''' state is shown on our demo '''NST''' system. |
Revision as of 10:14, 12 February 2014
Overview
This page demonstrates how to setup networking with an NST server that is configured with multiple network interface adapters for performing simultaneous network computing surveillance tasks. The NST script: "nstnetcfg" command line tool was designed to make this task easy to accomplish using the underlying "network" service.
The diagram below will be used as a reference for setting up a multi-network interface adapter server using NST. The rear panel of a 1U Server is shown with NIC attachments to the network infrastructure. The network security staff for fictitious company: "TxyCorp" would like to use NST for monitoring different network segments throughout their network. In particular, they would like to monitor traffic entering and leaving their corporation, web server traffic, all client electronic business transactions and remote traffic to and from their satellite offices.
When booting up "NST Live" or after a hard disk installation, the "Network Manager" service is on by default for managing all network interfaces found on an NST system. Network Manager provides a quick and easy method for setting up networking on a system equipped with a wireless interface that uses DHCP for IPv4 Address configuration. When a system is configured with two or more wired network interfaces or requires a multi-homed network setup, the "network" service may be a better choice for setting up the network configuration.
The nstnetcfg script will help mitigate some of the error prone tasks necessary when setting up networking on a NST (Linux) system using the "network" service.
Network Interface Setup Configuration Information
In this section we will identify each network interface and how it should be setup using the 1U Server configuration illustrated in the reference diagram above. Network parameters such as the Subnet Mask, Host Name(s), Domain Name Servers, Domain Name, Gateway and Default Interface will also be identified. The table below depicts values that will be used by the nstnetcfg script.
Interface / Parameter | Configuration Values | Network Service Management |
---|---|---|
em0 | IPv4 Address: 172.30.1.16, Network Routing Prefix: 24, Host Name: nstsurv1-mon, Gateway: 10.221.1.1 | network |
em1 | IPv4 Address: 10.221.5.14, Network Routing Prefix: 16, Host Name: nstsurv1, Gateway: 10.221.1.1 | network |
em2 | IPv4 Address: stealth | network |
em3 | IPv4 Address: stealth | network |
p2p1 | IPv4 Address: stealth | network |
p2p2 | IPv4 Address: stealth | network |
p4p1 | IPv4 Address: stealth | network |
p4p2 | IPv4 Address: stealth | network |
p6p1 | IPv4 Address: stealth | network |
p6p2 | IPv4 Address: stealth | network |
Domain Name Servers | 10.221.1.10, 10.221.1.11 | N/A |
Domain Name | txycorp.com | N/A |
Virtual Host (ssl.conf) | *:443 | N/A |
Server Name (ssl.conf) | nstsurv1.txycorp.com:443 | N/A |
Network Interface Configuration: nstnetcfg
The NST script: "nstnetcfg" will now be used for setting up networking on this server. This script will disable the "NetworkManager" service and enable the "network" service when setting up a static IPv4 Address (--mode ipv4). The "NetworkManager" service will also be disabled at boot time and the "network" service will be enabled at boot time. Use the sequence of nstnetcfg invocations below to serve as an example for setting up networking on your particular server with NST.
The "nstnetcfg" script should only be run on a Serial Console or a Desktop Terminal due to the fact that the "IPv4 Address" for this NST system will most likely change.
Initialize All Network Interfaces
The nstnetcfg mode: --init will put the networking setup posture in a known initialized state. Both the "NetworkManager" service and the "network" service will be disabled with their associated configuration files and/or entries removed. The "LoopBack" interface device is never altered or removed with this mode. The Name Service Switch configuration file: "/etc/nsswitch.conf" will have its hosts entry set to: "files dns". It is wise to first use this mode prior to setting up networking so that any lingering "NetworkManager" configuration files will Not interfere with the "network" service operation.
Static IPv4 Configured Interfaces
The example NST server shown above uses a "Multi-Home" configuration with network interface devices: "em0" and "em1" set with static IPv4 Addresses: 172.30.1.16 and 10.221.5.14 respectively.
Interface: em1
The "em1" interface device is network attached to the "TxyCorp" Intranet. This network provides name services and external access to the Internet. The "Host Name", "Domain Name", "Name Servers" and "Gateway" values are set accordingly. A host name entry for "nstsurv1" will be added to the Hosts file: "/etc/hosts", the system host name will be set to: "nstsurv1". A "16" network routing prefix (CIDR - Format) will be used. The configuration for this interface is shown below.
Interface: em0
The "em0" network interface is connected to the "Security Network" for performing network surveillance tasks using the "NST WUI" and the large collection of NST network security applications and tools. The "--hosts-file-only" setting is used so that only the Hosts file: "/etc/hosts" will be updated with a host name entry for: "nstserv1-mon". Note that there is No "--gateway" parameter used with this interface because there is only one default gateway (i.e., "10.221.1.1") for this Multi-Home example configuration. It is not necessary to again set the system "Host Name", "Domain Name" and "Name Servers" values since these were specified in the configuration for network interface "em1". A "24" network routing prefix (CIDR - Format) will be used.
Stealth Configured Interfaces
The "Stealth" network interfaces (i.e., An interface in the "UP" state with No binding IPv4 Address) will now be configured. These interfaces are strategically network attached throughout the network infrastructure for surveillance monitoring.
Interface: em2
This network interface: "em2" is used to monitor the Transmit Data: "TxD" port on a Network TAP (Test Access Point) for all traffic leaving (egress) the "TxyCorp" corporation at the Firewall Dirty Side.
Interface: em3
This network interface: "em3" is used to monitor the Receive Data: "RxD" port on a Network TAP for all traffic entering (ingress) the "TxyCorp" corporation at the Firewall Dirty Side.
Interface: p2p1
This network interface: "p2p1" is used to monitor specific "Web Server" traffic on a SPAN (Switched Port Analyzer) port.
Interface: p2p2
This network interface: "p2p2" is used to monitor specific "Web Server" traffic on a SPAN port.
Interface: p4p1
This 10 Gigabit Ethernet network interface: "p4p1" is used to monitor specific "Business Transaction" data packets on a SPAN port.
Interface: p4p2
This 10 Gigabit Ethernet network interface: "p4p2" is used to monitor specific "Business Transaction" data packets on a SPAN port.
Interface: p6p1
This network interface: "p6p1" is used to monitor specific "Remote Office" traffic on a SPAN port.
Interface: p6p2
This network interface: "p6p2" is used to monitor specific "Remote Office" traffic on a SPAN port.
Stealth Interface Combo Setting Command
The output below is a compact way of using a Bash "for loop " statement to configure all "Stealth" interfaces in one command line invocation.
Apache SSL Configuration For Proper HTTPS NST WUI Access
If the "IPv4 Address" on an NST system is changed, the Apache Web Server SSL configuration file: "/etc/httpd/conf.d/ssl.conf" needs to be modified for proper HTTPS access to the "NST WUI". The following "nstnetcfg" command uses the "ssl" mode to allow all hosts "HTTPS" access to the "NST WUI" using Server Name: "nstsurv1.txycorp.com". A new "SSL" certificate and key file will also be generated.
Using A Bash Script With "nstnetcfg"
It may be better to use a Bash script given the numerous invocations of "nstnetcfg" with this NST network configuration setup. A good location to store your script would be in directory: "/etc/nst". This will allow one to easily make changes to your network configuration by editing the script and running it. An example script below is shown for: "/etc/nst/net_cfg.sh" using the above invocations of "nstnetcfg". One can copy and paste this script as a starter template file for your usage.
#!/bin/bash # # Script: "net_cfg.sh" # # Description: Helper script for setting up the configuration of network interfaces # on Server: "nstsurv1" using: "nstnetcfg". # # Short Usage: "nstnetcfg" # # nstnetcfg [-m|--mode TEXT] [-i|--interface DEVICE] # [-a|--ipv4-addr-prefix IPv4ADDR/PREFIX] [-g|--gateway IPv4ADDR] # [--mac-addr MACADDR] [--host-name TEXT] [--domain-name TEXT] # [--name-servers IPv4ADDRLIST] [--hosts-file-only [true]|false] # [--virtual-host TEXT] [--server-name TEXT] # [-h|--help [true]|false] [-H|--help-long [true]|false] # [-v|--verbose [true]|false] [--version [true]|false] # # Available Modes: ipv4, dhcp, ssl, stealth, netmgr, rmint, init, show # # Uncomment to enable verbosity #VERBOSE=" --verbose"; # # Network Interface: Initialization /usr/bin/nstnetcfg --mode init${VERBOSE}; # # Network Interface: em1 /usr/bin/nstnetcfg --mode ipv4 --interface em1 --ipv4-addr-prefix 10.221.5.14/16 --gateway 10.221.1.1 \ --host-name nstsurv1 --domain-name txycorp.com --name-servers "10.221.1.10,10.221.1.11"${VERBOSE}; # # Network Interface: em0 /usr/bin/nstnetcfg --mode ipv4 --interface em0 --ipv4-addr-prefix 172.30.1.16/24 --host-name nstsurv1-mon \ --hosts-file-only${VERBOSE}; # # Network Interface: em2 /usr/bin/nstnetcfg --mode stealth --interface em2${VERBOSE}; # # Network Interface: em3 /usr/bin/nstnetcfg --mode stealth --interface em3${VERBOSE}; # # Network Interface: p2p1 /usr/bin/nstnetcfg --mode stealth --interface p2p1${VERBOSE}; # # Network Interface: p2p2 /usr/bin/nstnetcfg --mode stealth --interface p2p2${VERBOSE}; # # Network Interface: p4p1 /usr/bin/nstnetcfg --mode stealth --interface p4p1${VERBOSE}; # # Network Interface: p4p2 /usr/bin/nstnetcfg --mode stealth --interface p4p2${VERBOSE}; # # Network Interface: p6p1 /usr/bin/nstnetcfg --mode stealth --interface p6p1${VERBOSE}; # # Network Interface: p6p2 /usr/bin/nstnetcfg --mode stealth --interface p6p2${VERBOSE}; # # Uncomment for using a Stealth Interface Combo Setting #for i in em2 em3 p2p1 p2p2 p4p1 p4p2 p6p1 p6p2; # do /usr/sbin/nstnetcfg --mode stealth --interface ${i}; #done # # Apache SSL Configuration /usr/bin/nstnetcfg --mode ssl --interface em1 --virtual-host *:443 --server-name nstsurv1.txycorp.com:443${VERBOSE};
Script Invocation
Make sure the script has it's execute permissions set:
Execute the script:
List All Installed Network Interface Devices Using: "getipaddr"
The NST script: "getipaddr" can be used to list all available network interface devices on an NST system.
lo em0 em1 em2 em3 p2p1 p2p2 p4p1 p4p2 p6p1 p6p2
List All 'Virtual' Installed Network Interface Devices Using: "getipaddr"
lo
List All 'Physical' Installed Network Interface Devices Using: "getipaddr"
em0 em1 em2 em3 p2p1 p2p2 p4p1 p4p2 p6p1 p6p2
Renaming A Network Interface Device
The NST script: "nstnetcfg" can also be used to rename a Network Interface Device thus providing a predictable Network Interface Name that is stable and available after each successive system reboot. In this section we will demonstrate how to rename a network interface device from: "eno16777984" to: "net0" using the "nstnetcfg" utility. This utility's rename mode generates a udev rules file that is used by systemd/udev at system boot time to automatically assign the predictable, stable network interface name for local Ethernet, WLAN and/or WWAN network interfaces.
The current Network Interface Devices available are shown:
eno16777984 lo
The current IP Address configuration:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno16777984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:e2:38:0b brd ff:ff:ff:ff:ff:ff inet 10.222.222.120/24 brd 10.222.222.255 scope global dynamic net0 valid_lft 75211sec preferred_lft 75211sec inet6 fe80::20c:29ff:fee2:380b/64 scope link valid_lft forever preferred_lft forever
The "nstnetcfg" utility will now be used to rename the network interface device from: "eno16777984" to: "net0". Notice the creation and content of the generated custom udev network rules file: "/etc/udev/rules.d/79-my-net-name-slot.rules"
Generating a new/updated custom 'udev' network rules file: "/etc/udev/rules.d/79-my-net-name-slot.rules": ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="00:0c:29:e2:38:0b", NAME="net0" Renaming Network configuration file: "/etc/sysconfig/network-scripts/ifcfg-eno16777984" to "/etc/sysconfig/network-scripts/ifcfg-net0" Labeling Network configuration file: "/etc/sysconfig/network-scripts/ifcfg-net0" - NAME="net0" The Network Interface Device rename from: "eno16777984" to "net0" will take effect on the next system reboot.
Now perform a system reboot:
After a system Reboot, the "nstnetcfg" utility is now run to verify the generated udev rules file: "/etc/udev/rules.d/79-my-net-name-slot.rules" which internally uses the udevadm tool.
/bin/udevadm test "/sys/class/net/net0"; calling: test version 208 This program is for debugging only, it does not run any program specified by a RUN key. It may show incorrect results, because some values may be different, or not available at a simulation run. === trie on-disk === tool version: 208 file size: 5882628 bytes header size 80 bytes strings 1299372 bytes nodes 4583176 bytes load module index read rules file: /usr/lib/udev/rules.d/10-dm.rules read rules file: /usr/lib/udev/rules.d/11-dm-lvm.rules read rules file: /usr/lib/udev/rules.d/13-dm-disk.rules read rules file: /usr/lib/udev/rules.d/40-libgphoto2.rules IMPORT found builtin 'usb_id --export %%p', replacing /usr/lib/udev/rules.d/40-libgphoto2.rules:11 read rules file: /usr/lib/udev/rules.d/40-usb_modeswitch.rules read rules file: /usr/lib/udev/rules.d/42-usb-hid-pm.rules read rules file: /usr/lib/udev/rules.d/50-udev-default.rules read rules file: /usr/lib/udev/rules.d/56-hpmud.rules read rules file: /usr/lib/udev/rules.d/60-cdrom_id.rules read rules file: /usr/lib/udev/rules.d/60-drm.rules read rules file: /usr/lib/udev/rules.d/60-ffado.rules read rules file: /usr/lib/udev/rules.d/60-fprint-autosuspend.rules read rules file: /usr/lib/udev/rules.d/60-keyboard.rules read rules file: /usr/lib/udev/rules.d/60-net.rules read rules file: /usr/lib/udev/rules.d/60-pcmcia.rules read rules file: /usr/lib/udev/rules.d/60-persistent-alsa.rules read rules file: /usr/lib/udev/rules.d/60-persistent-input.rules read rules file: /usr/lib/udev/rules.d/60-persistent-serial.rules read rules file: /usr/lib/udev/rules.d/60-persistent-storage-tape.rules read rules file: /usr/lib/udev/rules.d/60-persistent-storage.rules read rules file: /usr/lib/udev/rules.d/60-persistent-v4l.rules read rules file: /usr/lib/udev/rules.d/60-raw.rules read rules file: /usr/lib/udev/rules.d/61-accelerometer.rules read rules file: /usr/lib/udev/rules.d/62-multipath.rules read rules file: /usr/lib/udev/rules.d/63-md-raid-arrays.rules read rules file: /usr/lib/udev/rules.d/64-btrfs.rules read rules file: /usr/lib/udev/rules.d/64-md-raid-assembly.rules read rules file: /usr/lib/udev/rules.d/65-libwacom.rules read rules file: /usr/lib/udev/rules.d/65-md-incremental.rules read rules file: /usr/lib/udev/rules.d/69-cd-sensors.rules read rules file: /usr/lib/udev/rules.d/69-dm-lvm-metad.rules read rules file: /usr/lib/udev/rules.d/69-libmtp.rules read rules file: /usr/lib/udev/rules.d/69-pilot-link.rules read rules file: /usr/lib/udev/rules.d/69-xorg-vmmouse.rules read rules file: /usr/lib/udev/rules.d/70-power-switch.rules read rules file: /usr/lib/udev/rules.d/70-printers.rules read rules file: /usr/lib/udev/rules.d/70-spice-vdagentd.rules read rules file: /usr/lib/udev/rules.d/70-touchpad-quirks.rules read rules file: /usr/lib/udev/rules.d/70-uaccess.rules read rules file: /usr/lib/udev/rules.d/70-wacom.rules read rules file: /usr/lib/udev/rules.d/71-biosdevname.rules read rules file: /usr/lib/udev/rules.d/71-seat.rules read rules file: /usr/lib/udev/rules.d/73-seat-late.rules read rules file: /usr/lib/udev/rules.d/75-net-description.rules read rules file: /usr/lib/udev/rules.d/75-probe_mtd.rules read rules file: /usr/lib/udev/rules.d/75-tty-description.rules read rules file: /usr/lib/udev/rules.d/77-mm-ericsson-mbm.rules read rules file: /usr/lib/udev/rules.d/77-mm-huawei-net-port-types.rules read rules file: /usr/lib/udev/rules.d/77-mm-longcheer-port-types.rules read rules file: /usr/lib/udev/rules.d/77-mm-nokia-port-types.rules read rules file: /usr/lib/udev/rules.d/77-mm-pcmcia-device-blacklist.rules read rules file: /usr/lib/udev/rules.d/77-mm-platform-serial-whitelist.rules read rules file: /usr/lib/udev/rules.d/77-mm-simtech-port-types.rules read rules file: /usr/lib/udev/rules.d/77-mm-telit-port-types.rules read rules file: /usr/lib/udev/rules.d/77-mm-usb-device-blacklist.rules read rules file: /usr/lib/udev/rules.d/77-mm-usb-serial-adapters-greylist.rules read rules file: /usr/lib/udev/rules.d/77-mm-x22x-port-types.rules read rules file: /usr/lib/udev/rules.d/77-mm-zte-port-types.rules read rules file: /usr/lib/udev/rules.d/77-nm-olpc-mesh.rules read rules file: /usr/lib/udev/rules.d/78-sound-card.rules read rules file: /etc/udev/rules.d/79-my-net-name-slot.rules read rules file: /usr/lib/udev/rules.d/80-drivers.rules read rules file: /usr/lib/udev/rules.d/80-mm-candidate.rules read rules file: /usr/lib/udev/rules.d/80-net-name-slot.rules read rules file: /usr/lib/udev/rules.d/80-udisks.rules read rules file: /usr/lib/udev/rules.d/80-udisks2.rules read rules file: /usr/lib/udev/rules.d/85-regulatory.rules read rules file: /usr/lib/udev/rules.d/85-usbmuxd.rules read rules file: /usr/lib/udev/rules.d/90-alsa-restore.rules read rules file: /usr/lib/udev/rules.d/90-alsa-tools-firmware.rules read rules file: /usr/lib/udev/rules.d/90-pulseaudio.rules read rules file: /usr/lib/udev/rules.d/91-drm-modeset.rules read rules file: /usr/lib/udev/rules.d/95-cd-devices.rules read rules file: /usr/lib/udev/rules.d/95-dm-notify.rules read rules file: /usr/lib/udev/rules.d/95-udev-late.rules read rules file: /usr/lib/udev/rules.d/95-upower-battery-recall-dell.rules read rules file: /usr/lib/udev/rules.d/95-upower-battery-recall-fujitsu.rules read rules file: /usr/lib/udev/rules.d/95-upower-battery-recall-gateway.rules read rules file: /usr/lib/udev/rules.d/95-upower-battery-recall-ibm.rules read rules file: /usr/lib/udev/rules.d/95-upower-battery-recall-lenovo.rules read rules file: /usr/lib/udev/rules.d/95-upower-battery-recall-toshiba.rules read rules file: /usr/lib/udev/rules.d/95-upower-csr.rules read rules file: /usr/lib/udev/rules.d/95-upower-hid.rules read rules file: /usr/lib/udev/rules.d/95-upower-wup.rules read rules file: /etc/udev/rules.d/98-kexec.rules read rules file: /etc/udev/rules.d/99-gpsd.rules read rules file: /usr/lib/udev/rules.d/99-qemu-guest-agent.rules read rules file: /usr/lib/udev/rules.d/99-systemd.rules rules contain 393216 bytes tokens (32768 * 12 bytes), 32346 bytes strings 29283 strings (243715 bytes), 26259 de-duplicated (214394 bytes), 3025 trie nodes used PROGRAM '/lib/udev/rename_device' /usr/lib/udev/rules.d/60-net.rules:1 starting '/lib/udev/rename_device' '/lib/udev/rename_device' [2075] exit with return code 0 PROGRAM '/sbin/biosdevname --policy physical -i net0' /usr/lib/udev/rules.d/71-biosdevname.rules:22 starting '/sbin/biosdevname --policy physical -i net0' '/sbin/biosdevname --policy physical -i net0' [2076] exit with return code 4 IMPORT builtin 'net_id' /usr/lib/udev/rules.d/75-net-description.rules:6 IMPORT builtin 'hwdb' /usr/lib/udev/rules.d/75-net-description.rules:12 NAME 'net0' /etc/udev/rules.d/79-my-net-name-slot.rules:1 RUN '/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/ipv4/conf/$name --prefix=/proc/sys/net/ipv4/neigh/$name --prefix=/proc/sys/net/ipv6/conf/$name --prefix=/proc/sys/net/ipv6/neigh/$name' /usr/lib/udev/rules.d/99-systemd.rules:52 ACTION=add DEVPATH=/devices/pci0000:00/0000:00:15.0/0000:03:00.0/net/net0 ID_BUS=pci ID_MM_CANDIDATE=1 ID_MODEL_FROM_DATABASE=VMXNET3 Ethernet Controller ID_MODEL_ID=0x07b0 ID_NET_LABEL_ONBOARD=enEthernet0 ID_NET_NAME_MAC=enx000c29e2380b ID_NET_NAME_ONBOARD=eno16777984 ID_NET_NAME_PATH=enp3s0 ID_NET_NAME_SLOT=ens160 ID_OUI_FROM_DATABASE=VMware, Inc. ID_PCI_CLASS_FROM_DATABASE=Network controller ID_PCI_SUBCLASS_FROM_DATABASE=Ethernet controller ID_VENDOR_FROM_DATABASE=VMware ID_VENDOR_ID=0x15ad IFINDEX=2 INTERFACE=net0 SUBSYSTEM=net SYSTEMD_ALIAS=/sys/subsystem/net/devices/net0 TAGS=:systemd: USEC_INITIALIZED=78468 run: '/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/ipv4/conf/net0 --prefix=/proc/sys/net/ipv4/neigh/net0 --prefix=/proc/sys/net/ipv6/conf/net0 --prefix=/proc/sys/net/ipv6/neigh/net0' unload module index
One can see that the Network Interface device has been changed to: "net0":
net0 lo
The IP Address configuration after the device rename is shown:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: net0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:e2:38:0b brd ff:ff:ff:ff:ff:ff inet 10.222.222.120/24 brd 10.222.222.255 scope global dynamic net0 valid_lft 75211sec preferred_lft 75211sec inet6 fe80::20c:29ff:fee2:380b/64 scope link valid_lft forever preferred_lft forever
Managing IPv4 Alias Addresses
The NST script: "nstnetcfg" can also be used to Create and Remove (i.e., Manage) IPv4 Alias Address.
Adding IPv4 Alias Address
In this section we will show how the nstnetcfg script can be used to add "IPv4 Alias Addresses" to an NST system.
First, the current IP Address state is shown on our demo NST system.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 30:85:a9:44:7e:37 brd ff:ff:ff:ff:ff:ff inet 10.222.222.10/24 brd 10.222.222.255 scope global p5p1 valid_lft forever preferred_lft forever inet6 fe80::3285:a9ff:fe44:7e37/64 scope link valid_lft forever preferred_lft forever 3: p1p1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether a0:36:9f:00:69:6a brd ff:ff:ff:ff:ff:ff inet6 fe80::a236:9fff:fe00:696a/64 scope link valid_lft forever preferred_lft forever 4: p1p2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000 link/ether a0:36:9f:00:69:6b brd ff:ff:ff:ff:ff:ff