In this part 5 of the series, we will assign IPs for addressing the NICs, set up routes and DNS etc for our device to be online and be able to communicate local and remote devices. But first half will need some explanation for few things for better understanding of how these things work. Yes my tutorials are very verbose, but they are very easy to read thru and contain information that a beginner may not find elsewhere in a single book or website.
By default, the wired ethernet NIC and wireless NICs will have dhcp address assignment with these NICs setup as dhcp clients.
Many instances will require persistent IP address assignment, which we call as Static IP address. For devices like servers, network equipment, appliances, network printers, IOT controllers, we will normally assign static IP addresses. This way, not only we can use tools to monitor these devices for their up / down status, login to them at known IP addresses to manage them, but also client / user applications know where to send requests for certain services.
In some environments, to ease in the deployment of a large number of network devices (think hundreds wireless APs in a large site(s) like university, airport, or even a city wide WI-fi hotzone), we may keep these devices into factory default dhcp client mode and then reserve their addresses for the network management / monitoring / alerting applications that may periodically poll these devices, to have a persistent set of fixed IP addresses.
Normally in any business environment, we will have a separate management vlan and all these management functions for the devices are then placed into the management vlan and associated subnet is used to assign IP addresses for these devices.
Typical Linux systems these days utilize NIC names in the form of enp0s1 or en01 or ens1 etc. They term it as predictable names as the names are allocated by udev (the Linux code that detects devices like NICs, USB flash drives, mouse, keyboard, DVD drives and many such things and then allocates names) based on BIOS / physical PCI bus and slot in the bus etc, and it may even utilize the mac address of the NIC. Typically you may see in your computer/server, enp0s1 etc., wherein en stands for ethernet, p0 is PCI bus 0 and s1 is slot 1 in that bus. Some boards with single OCI bus, may skip the reference to p0 and may display names as ens01 etc. And en01 etc will be used for on-board (also called LOM or Lan on motherboard) NIC ports. Bus is just a term to describe a shared copper track(s) on a Printed Circuit Board (PCB), the motherboard, to link various connectors together instead of using wiring. Since pins of the connectors may all be on the same track, they use certain polling/addressing mechanism to take control of the track /line to send their data traffic across while other PCI devices sharing the same track will wait for some nano seconds.
For wireless NICs, the name could be wlp0s1. The wl here denotes wireless.
In most use cases, for us, the classical old rigid, kernel driver probed, naming convention of eth0, eth1 or wlan0 will work. And we can change it with the following code:
Make sure you try this on a net-new machine or in tour test lab. Don’t try to do this on an in-use production machine unless you are experienced enough to reverse the changes (save old file with extension.original).
sudo nano /etc/default/grub
Replace the line GRUB_CMDLINE_LINUX=“” with the following
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
and if you want to disable IPv6 also, then replace the line GRUB_CMDLINE_LINUX_DEFAULT=“quite” with the following
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1"
save the file and exit out of nano
sudo update-grub
or in certain setups
sudo update-grub -o /boot/grub/grub.cfg
reboot
Now if you will issue a command like “ip address” you will see NIC names as eth0 etc.
Latest Debian version has a bug and throws an error when trying to ping IPv4 addresses with IPv6 disabled under grub. In that case, we can use the following instead of the GRUB_CMDLINE_LINUX_DEFAULT=“ipv6.disable=1”
sysctl -w net.ipv6.conf.all.disable_ipv6=1
We can then also install, if we want to get back to ifconfig (and still also use new recommended ip address command),
sudo apt install net-tools
Also install traceroute and few other useful networking packages
sudo apt install traceroute ifupdown2 resolvconf
Sometimes in business setups, we may need to force full duplex on a interface to satisfy a third party service provider, like an ISP, who may have their end set to 100 Mbps Full duplex. We cannot plug our ethernet port in there as we will be by default in a auto-negotiation mode of duplexity and if other end is not auto-neg as well, we will become half-duplex, so end to end there will be duplex mismatch and our throughout will become a fraction of 100 Meg. Rare but you will come across requests to disable auto-neg and manually set port to full duplex.
sudo apt install ethtools
check the existing settings via
ethtool eth0
and then if need be use the command
ethtool -s eth0 speed 100 duplex full autoneg off
To assign a static IP address to NIC eth0
sudo nano /etc/network/interfaces
and change the configuration file as below. Comment out (by putting # in front of all other lines) unneeded configuration.
auto eth0
iface eth0 inet static
address 172.16.100.10
netmask 255.255.255.0
gateway 172.16.100.254
dns-nameservers 1.1.1.1
dns-nameservers 8.8.8.8
and then save the config file and exit out of nano.
Please note that we are covering only Debian based (and RPi) IP configurations. Ubuntu uses a netplan format. Redhat based distros IP config files reside in /etc/sysconfig/network-scripts/ and in there, you will go to the file like ifcfg-eth0 and then use a different configuration suited to such distro. Don’t try to use the above code for non-debian distro.
sudo ifconfig
will now show the assigned IP address. make sure to plug into your network switch that have uplink to a firewall for Internet access, and test connectivity by pinging something local and at internet and also do traceroute.
ping -c 5 1.1.1.1
Note unlike windows, ping in Linux is continuous, so you can specify a count with switch -c (here 5 count of pings)
ping 172.16.100.254
Ctrl-C (written generally as ^C) will break the ping (and traceroute) and return you to terminal.
traceroute 8.8.8.8
Sometimes, we may want to resiliently connect multiple NICs from the devices to one switch (with different port blades) or to two different switches (in a stacked switch setup) so that if a single NIC on device fails, or cable is unplugged, or one switch/ blade fails, the device remains online and services remain available. In such situations, we team two (generally) or more interfaces into a bond and then assign the IP address to the bond (not to individual team members).
Here we are creating a team of two interfaces eth1 and eth2 and call it bond0. Various bonding modes are available including for most common active-active and active-failover. Here we are using active-failover (mode 3) with eth1 as primary / active. All members are configured as slaves also.
Before we can use bonding, we need to install bonding package called ifenslave and add the bonding module to the file that will load the bonding drivers on reboots.
apt install ifenslave
echo 'bonding' >> /etc/modules
echo command above will append (note double gt sign) the bonding to the end of the /etc/modules file.
The config below has miimon of 100 and that is used to monitor the link every 100 milliseconds for its availability and for traffic redistribution in case of failure. Additional delays are added for a link that came back up after being down or after mii detects link failure to actually bring down the interface. These extra cushions guard against tiny failures that may not have any noticeable disruption to services.
sudo nano /etc/network/interfaces
#The team member interfaces
auto eth1
iface eth1 inet static
bond-master bond0
bond-primary eth1
auto eth2
iface eth2 inet static
bond-master bond0
bond-primary eth1
#The teamed network interface
auto bond0
iface bond0 inet static
address 10.10.10.11
netmask 255.255.255.0
gateway 10.10.10.1
dns-nameservers 1.1.1.1
dns-nameservers 8.8.8.8
bond-mode 3
bond-primary eth1
bond-slaves eth1 eth2
bond-miimon 100
bond-downdelay 400
bond-updelay 800
```
Save the configuration and make sure to comment out unwanted config lines (but don't delete them).
Some situations may not save the DNS servers as listed above. In such situation, you may try to add them to a different config file as below.
nano /etc/resolvconf/resolv.conf.d/head
namesever 8.8.8.8
nameserver 1.1.1.1
save and then try by rebooting if you are able to surf.
This should be enough for now. Will find some other topic for next part to close this networking series.