Managing Networking

•TCP/IP Network Model
The TCP/IP network model is a simplified, four-layered set of abstractions that describes how different protocols interoperate in order for computers to send traffic from one machine to another over the Internet.
Requirements for Internet Hosts -- Communication Layers
1.Application
2.Transport
3.Internet
4.Link

•Describing Network Interface Names
Each network port on a system has a name, which you use to configure and identify it.
The name eth0 was the first network port detected by the operating system, eth1 the second, and so on. However, as devices are added and removed, the mechanism detecting devices and naming them could change which interface gets which name. Furthermore, the PCIe standard does not guarantee the order in which PCIe devices will be detected on boot, which could change device naming unexpectedly due to variations during device or system startup.
The names of network interfaces are assigned based on information from the firmware, the PCI bus topology, and type of network device.
Network interface names start with the type of interface:

• Ethernet interfaces begin with en
• WLAN interfaces begin with wl
• WWAN interfaces begin with ww

•IPv4 Networking
IPv4 is the primary network protocol used on the Internet today. You should have at least a basic understanding of IPv4 networking in order to manage network communication for your servers.
~IPv4 Addresses
An IPv4 address is a 32-bit number, normally expressed in decimal as four 8-bit octets ranging in value from 0 to 255, separated by dots. The address is divided into two parts: the network part and the host part. All hosts on the same subnet, which can talk to each other directly without a router, have the same network part; the network part identifies the subnet. No two hosts on the same subnet can have the same host part; the host part identifies a particular host on a subnet.
The lowest possible address on a subnet is sometimes called the network address. The highest possible address on a subnet is used for broadcast messages in IPv4, and is called the broadcast address.

~IPv4 Routing
Network traffic needs to move from host to host and network to network. Each host has a routing table, which tells it how to route traffic for particular networks. A routing table entry lists a destination network, which interface to use when sending traffic, and the IP address of any intermediate router required to relay a message to its final destination. The routing table entry matching the destination of the network traffic is used to route it. If two entries match, the one with the longest prefix is used.
If the network traffic does not match a more specific route, the routing table usually has an entry for a default route to the entire IPv4 Internet: 0.0.0.0/0. This default route points to a router on a reachable subnet.
If a router receives traffic that is not addressed to it, instead of ignoring it like a normal host, it forwards the traffic based on its own routing table. This may send the traffic directly to the destination host, or it may be forwarded on to another router. This process of forwarding continues until the traffic reaches its final destination.

~IPv4 Address and Route Configuration
A server can automatically configure its IPv4 network settings at boot time from a DHCP server. A local client daemon queries the link for a server and network settings, and obtains a lease to use those settings for a specific length of time. If the client does not request a renewal of the lease periodically, it might lose its network configuration settings.

•IPv6 Networking
IPv6 is intended as an eventual replacement for the IPv4 network protocol. You will need to understand how it works since increasing numbers of production systems use IPv6 addressing.
IPv6 can also be used in parallel with IPv4 in a dual-stack model. In this configuration, a network interface can have an IPv6 address or addresses as well as IPv4 addresses.
~IPv6 Addresses
An IPv6 address is a 128-bit number, normally expressed as eight colon-separated groups of four hexadecimal nibbles (half-bytes). Each nibble represents four bits of the IPv6 address, so each group represents 16 bits of the IPv6 address.
Some tips for writing consistently readable addresses:

Suppress leading zeros in a group.
Use :: to shorten as much as possible.
If an address contains two consecutive groups of zeros, equal in length, it is preferred to shorten the leftmost groups of zeros to :: and the rightmost groups to :0: for each group.
Although it is allowed, do not use :: to shorten one group of zeros. Use :0: instead, and save :: for consecutive groups of zeros.
Always use lowercase letters for hexadecimal numbers a through f.
~IPv6 Subnetting
A normal IPv6 unicast address is divided into two parts: the network prefix and interface ID. The network prefix identifies the subnet. No two network interfaces on the same subnet can have the same interface ID; the interface ID identifies a particular interface on the subnet.
IPv6 has a standard subnet mask, which is used for almost all normal addresses, /64.In this case, half of the address is the network prefix and half of it is the interface ID.

A link-local address in IPv6 is an unroutable address used only to talk to hosts on a specific network link. Every network interface on the system is automatically configured with a link-local address on the fe80::/64 network. The usual procedure to convert the 48-bit MAC address to a 64-bit interface ID is to invert bit 7 of the MAC address and insert ff:fe between its two middle bytes.

Network prefix: fe80::/64
MAC address: 00:11:22:aa:bb:cc
Link-local address: fe80::211:22ff:feaa:bbcc/64
use ping6 to ping the link-local address fe80::211:22ff:feaa:bbcc using the link connected to the ens3 network interface, the correct command syntax is the following:

Multicast plays a larger role in IPv6 than in IPv4 because there is no broadcast address in IPv6. One key multicast address in IPv6 is ff02::1, the all-nodes link-local address. Pinging this address sends traffic to all nodes on the link. Link-scope multicast addresses (starting ff02::/8) need to be specified with a scope identifier, just like a link-local address.
~IPv6 Address Configuration
IPv6 also supports manual configuration, and two methods of dynamic configuration, one of which is DHCPv6.
Interface IDs for static IPv6 addresses can be selected at will, just like IPv4.In IPv6, the following interface IDs are reserved and cannot be used for a normal network address on a host.

The all-zeros identifier 0000:0000:0000:0000 (“subnet router anycast”) used by all routers on the link. (For the 2001:db8::/64 network, this would be the address 2001:db8::)
The identifiers fdff:ffff:ffff:ff80 through fdff:ffff:ffff:ffff.
DHCPv6 works differently than DHCP for IPv4, because there is no broadcast address. Essentially, a host sends a DHCPv6 request from its link-local address to port 547/UDP on ff02::1:2, the all-dhcp-servers link-local multicast group. The DHCPv6 server then usually sends a reply with appropriate information to port 546/UDP on the client's link-local address.
In addition to DHCPv6, IPv6 also supports a second dynamic configuration method, called Stateless Address Autoconfiguration (SLAAC). Using SLAAC, the host brings up its interface with a link-local fe80::/64 address normally. It then sends a “router solicitation” to ff02::2, the all-routers link-local multicast group. An IPv6 router on the local link responds to the host's link-local address with a network prefix and possibly other information. The host then uses that network prefix with an interface ID that it normally constructs in the same way that link-local addresses are constructed. The router periodically sends multicast updates (“router advertisements”) to confirm or update the information it provided.
•Host Names and IP Addresses
It would be inconvenient if you always had to use IP addresses to contact your servers.And so Linux has a number of mechanisms to map a host name to an IP address, collectively called name resolution.
One way is to set a static entry for each name in the /etc/hosts file on each system. This requires you to manually update each server's copy of the file.
For most hosts, you can look up the address for a host name from a network service called the Domain Name System (DNS).DNS is a distributed network of servers providing mappings of host names to IP addresses. In order for name service to work, a host needs to be pointed at a name server. This nameserver does not need to be on the same subnet; it just needs to be reachable by the host. This is typically configured through DHCP or a static setting in a file called /etc/resolv.conf.
Gathering Network Interface Information

•Identifying Network Interfaces
The ip link command will list all network interfaces available on your system:

•Displaying IP Addresses
Use the ip command to view device and address information. A single network interface can have multiple IPv4 or IPv6 addresses.

•Displaying Performance Statistics
The ip command may also be used to show statistics about network performance. Counters for each network interface can be used to identify the presence of network issues. The counters record statistics for things like the number of received and transmitted packets, packet errors, and packets that were dropped.

Checking Connectivity Between Hosts
The ping command is used to test connectivity. The command continues to run until Ctrl+c is pressed unless options are given to limit the number of packets sent.

The ping6 command is the IPv6 version of ping in Red Hat Enterprise Linux. It communicates over IPv6 and takes IPv6 addresses, but otherwise works like ping.

Pinging ff02::1 can be useful for finding other IPv6 nodes on the local network.

Remember that IPv6 link-local addresses can be used by other hosts on the same link, just like normal addresses.

Remember that IPv6 link-local addresses can be used by other hosts on the same link, just like normal addresses.

Troubleshooting Routing

•Displaying the Routing Table
Use the ip command with the route option to show routing information.

Add the -6 option to show the IPv6 routing table:

•Tracing Routes Taken by Traffic
To trace the path that network traffic takes to reach a remote host through multiple routers, use either traceroute or tracepath. The traceroute command has options to trace the path with UDP (default), ICMP (-I), or TCP (-T) packets. Typically, however, the traceroute command is not installed by default.
The tracepath6 and traceroute -6 commands are the equivalent to tracepath and traceroute for IPv6.

•Troubleshooting ports and services
TCP services use sockets as end points for communication and are made up of an IP address, protocol, and port number.Well-known names for standard ports are listed in the /etc/services file.
The ss command is used to display socket statistics. The ss command is meant to replace the older tool netstat, part of the net-tools package, which may be more familiar to some system administrators but which is not always installed.

Validating Network Configuration
Enter into the computer terminal.
Login as user, and enter password.
From workstation, run the lab net-validate start command. The command runs a start script that determine if the host, servera, is reachable on the network.

1. Use the ssh command to log in to servera as the user. The systems are configured to use SSH keys for authentication and passwordless access to servera.

1. Locate the network interface name associated with the Ethernet address 52:54:00:00:fa:0a. Record or remember this name and use it to replace the enX placeholder in subsequent commands.

1. Display the current IP address and netmask for all interfaces.

1. Display the statistics for the enX interface.

1. Display the routing information.

1. Verify that the router is accessible.

1. Show all the hops between the local system and classroom.example.com.

1. Display the listening TCP sockets on the local system.

1. Exit from servera.

Finish
On workstation, run the lab net-validate finish script to finish this exercise.

Configuring Networking from the Command Line

•Describing NetworkManager Concepts
Command-line and graphical tools talk to NetworkManager and save configuration files in the /etc/sysconfig/network-scripts directory.

•Viewing Networking Information
The nmcli dev status command displays the status of all network devices:

The nmcli con show command displays a list of all connections. To list only the active connections, add the --active option.

•Adding a network connection
The nmcli con add command is used to add new network connections.
The name of the configuration file is based on the value of the con-name option, eno2, and is saved to the /etc/sysconfig/network-scripts/ifcfg-eno2 file.

The next example creates an eno2 connection for the eno2 device with a static IPv4 address, using the IPv4 address and network prefix 192.168.0.5/24 and default gateway 192.168.0.254, but still autoconnects at startup and saves its configuration into the same file.

This final example creates an eno2 connection for the eno2 device with static IPv6 and IPv4 addresses, using the IPv6 address and network prefix 2001:db8:0:1::c000:207/64 and default IPv6 gateway 2001:db8:0:1::1, and the IPv4 address and network prefix 192.0.2.7/24 and default IPv4 gateway 192.0.2.1, but still autoconnects at startup and saves its configuration into /etc/sysconfig/network-scripts/ifcfg-eno2.

•Controlling network connections
The nmcli con up name command activates the connection name on the network interface it is bound to. Note that the command takes the name of a connection, not the name of the network interface.

The nmcli dev disconnect device command disconnects the network interface device and brings it down. This command can be abbreviated nmcli dev dis device:

•Modifying Network Connection Settings
Network Manager connections have two kinds of settings. There are static connection properties, configured by the administrator and stored in the configuration files in /etc/sysconfig/network-scripts/ifcfg-*. There may also be active connection data, which the connection gets from a DHCP server and which are not stored persistently.

To set the IPv4 address to 192.0.2.2/24 and default gateway to 192.0.2.254 for the connection static-ens3:

To set the IPv6 address to 2001:db8:0:1::a00:1/64 and default gateway to 2001:db8:0:1::1 for the connection static-ens3:

•Deleting a network connection
The nmcli con del name command deletes the connection named name from the system, disconnecting it from the device and removing the file /etc/sysconfig/network-scripts/ifcfg-name.

Configuring Networking from the Command Line
Enter into the computer terminal.
Login as user, and enter password.
From workstation, run the lab net-configure start command. The command runs a start script that determine if the host, servera, is reachable on the network.

1. Use the ssh command to log in to servera as the user. The systems are configured to use SSH keys for authentication, so a password is not required to log in to servera.

1. Locate network interface names.

1. View network settings using nmcli.

3.1 Show all connections.

3.2 Display only the active connection.

3.3 Display all configuration settings for the active connection.

Press q to exit the command.
3.4 Show device status.

3.5 Display the settings for the enX device.

1. Create a static connection with the same IPv4 address, network prefix, and default gateway. Name the new connection static-addr.

1. Modify the new connection to add the DNS setting.

1. Display and activate the new connection.

6.1 View all connections

6.2 View the active connection.

6.3 Activate the new static-addr connection.

6.4 Verify the new active connection

1. Configure the original connection so that it does not start at boot, and verify that the static connection is used when the system reboots.

7.1 Disable the original connection from autostarting at boot.

7.2 Reboot the system.

7.3 View the active connection.

1. Test connectivity using the new network addresses.

8.1 Verify the IP address.

8.2 Verify the default gateway.

8.3 Ping the DNS address.

8.4 Exit from servera.

Finish
On workstation, run the lab net-configure finish script to finish this exercise.

Editing Network Configuration Files

•Describing Connection Configuration Files Objectives
By default, changes made with nmcli con mod name are automatically saved to /etc/sysconfig/network-scripts/ifcfg-name. That file can also be manually edited with a text editor. After doing so, run nmcli con reload so that NetworkManager reads the configuration changes.
•Modifying network configuration
It is also possible to configure the network by directly editing the connection configuration files. These files are usually named /etc/sysconfig/network-scripts/ifcfg-name, where name refers to the name of the device or connection that the configuration file controls.
After modifying the configuration files, run nmcli con reload to make NetworkManager read the configuration changes. The interface still needs to be restarted for changes to take effect.

Editing Network Configuration Files
Enter into the computer terminal.
Login as user, and enter password.
From workstation, run the lab net-edit start command. The command runs a start script that determine if the hosts, servera and serverb, are reachable on the network.

1. Use the ssh command to log in to servera as the user. The systems are configured to use SSH keys for authentication, so a password is not required to log in to servera.

1. Locate network interface names.

1. On servera, switch to the root user, and then edit the /etc/sysconfig/network-scripts/ifcfg-Wired_connection_1 file to add an additional address

3.1 Use the sudo -i command to switch to the root user. The password for the student user is student.

3.2 Append an entry to the file to specify the IPv4 address.

3.3 Append an entry to the file to specify the network prefix.

1. Activate the new address.

4.1 Reload the configuration changes.

4.2 Restart the connection with the new settings.

1. Verify the new IP address.
2. Exit from servera to return to workstation as the user.
3. On serverb, edit the /etc/sysconfig/network-scripts/ifcfg-Wired_connection_1 file to add an additional address,then load the new configuration.

7.1 From workstation, use the ssh command to log in to serverb as the student user.

7.2 Use the sudo -i command to switch to the root user. The password for the student user is student.

7.3 Modify the ifcfg-Wired_connection_1 file to add the second IPv4 address and network prefix.

7.4 Reload the configuration changes.

7.5 Bring up the connection with the new settings.

7.6 Verify the new IP address.

1. Test connectivity using the new network addresses.

8.1 From serverb, ping the new address of servera.

8.2 Exit from serverb to return to workstation.

8.3 From workstation, use the ssh command to access servera as the student user to ping the new address of serverb.

Finish
On workstation, run the lab net-edit finish script to finish this exercise.

Configuring Host Names and Name Resolution

•Changing the system host name
The hostname command displays or temporarily modifies the system's fully qualified host name.

A static host name may be specified in the /etc/hostname file. The hostnamectl command is used to modify this file and may be used to view the status of the system's fully qualified host name.

Configuring name resolution
The stub resolver is used to convert host names to IP addresses or the reverse. It determines where to look based on the configuration of the /etc/nsswitch.conf file. By default, the contents of the /etc/hosts file are checked first.

The getent hosts hostname command can be used to test host name resolution using the /etc/hosts file.
If an entry is not found in the /etc/hosts file, by default the stub resolver tries to look up the hostname by using a DNS nameserver. The /etc/resolv.conf file controls how this query is performed:

search: a list of domain names to try with a short host name. Both this and domain should not be set in the same file; if they are, the last instance wins. See resolv.conf for details.
nameserver: the IP address of a nameserver to query. Up to three nameserver directives may be given to provide backups if one is down.

NetworkManager updates the /etc/resolv.conf file using DNS settings in the connection configuration files. Use the nmcli command to modify the connections.

The default behavior of nmcli con mod ID ipv4.dns IP is to replace any previous DNS settings with the new IP list provided. A + or - symbol in front of the ipv4.dns argument adds or removes an individual entry.

To add the DNS server with IPv6 IP address 2001:4860:4860::8888 to the list of nameservers to use with the connection static-ens3:

Testing DNS Name Resolution
The host HOSTNAME command can be used to test DNS server connectivity.

DHCP automatically rewrites the /etc/resolv.conf file as interfaces are started unless you specify PEERDNS=no in the relevant interface configuration files. Set this using the nmcli command.

Configuring Host Names and Name Resolution
Enter into the computer terminal.
Login as user, and enter password.
From workstation, run the lab net-hostnames start command. The command runs a start script that determine if the host, servera, is reachable on the network.

1. Use the ssh command to log in to servera as the user. The systems are configured to use SSH keys for authentication, so a password is not required to log in to servera.
2. View the current host name settings.

2.1 Display the current host name.

2.2 Display the host name status.

1. Set a static host name to match the current transient host name.

3.1 Change the host name and host name configuration file.

3.2 View the content of the /etc/hostname file which provides the host name at network start.
3.3 Display the host name status.

1. Temporarily change the host name.

4.1 Change the host name.

4.2 Display the current host name.

4.3 View the content of the /etc/hostname file which provides the host name at network start.
4.4 Reboot the system

4.5 From workstation log in to servera as student user.

4.6 Display the current host name.

1. Add a local nickname for the classroom server.

5.1 Look up the IP address of the
classroom.example.com.

5.2 Modify /etc/hosts so that the additional name of class can be used to access the IP address.
5.3 Look up the IP address of class.


5.5 Ping class.

5.6 Exit from servera.

Finish
On workstation, run the lab net-hostnames finish script to finish this exercise.