Cari di RHE Linux 
     RHE Linux User Manual
Daftar Isi
(Sebelumnya) 13 : Part III. Networking - De ...13 : Part IV. Infrastructure S ... (Berikutnya)

Deployment Guide

Chapter 9. Network Interfaces

9.1. Network Configuration Files
9.2. Interface Configuration Files
9.2.1. Ethernet Interfaces
9.2.2. Specific ifcfg Options for Linux on System z
9.2.3. Required ifcfg Options for Linux on System z
9.2.4. Ethtool
9.2.5. Channel Bonding Interfaces
9.2.6. Network Bridge
9.2.7. Setting Up 802.1q VLAN Tagging
9.2.8. Alias and Clone Files
9.2.9. Dialup Interfaces
9.2.10. Other Interfaces
9.3. Interface Control Scripts
9.4. Static Routes and the Default Gateway
9.5. Network Function Files
9.6. Additional Resources
9.6.1. Installed Documentation
9.6.2. Useful Websites
Under Red Hat Enterprise Linux, all network communications occur between configured software interfaces and physical networking devices connected to the system.
The configuration files for network interfaces are located in the /etc/sysconfig/network-scripts/ directory. The scripts used to activate and deactivate these network interfaces are also located here. Although the number and type of interface files can differ from system to system, there are three categories of files that exist in this directory:
  1. Interface configuration files
  2. Interface control scripts
  3. Network function files
The files in each of these categories work together to enable various network devices.
This chapter explores the relationship between these files and how they are used.

9.1. Network Configuration Files

Before delving into the interface configuration files, let us first itemize the primary configuration files used in network configuration. Understanding the role these files play in setting up the network stack can be helpful when customizing a Red Hat Enterprise Linux system.
The primary network configuration files are as follows:
/etc/hosts
The main purpose of this file is to resolve hostnames that cannot be resolved any other way. It can also be used to resolve hostnames on small networks with no DNS server. Regardless of the type of network the computer is on, this file should contain a line specifying the IP address of the loopback device (127.0.0.1) as localhost.localdomain. For more information, refer to the hosts(5) manual page.
/etc/resolv.conf
This file specifies the IP addresses of DNS servers and the search domain. Unless configured to do otherwise, the network initialization scripts populate this file. For more information about this file, refer to the resolv.conf(5) manual page.
/etc/sysconfig/network
This file specifies routing and host information for all network interfaces. It is used to contain directives which are to have global effect and not to be interface specific. For more information about this file and the directives it accepts, refer to Section D.1.13, "/etc/sysconfig/network".
/etc/sysconfig/network-scripts/ifcfg-interface-name
For each network interface, there is a corresponding interface configuration script. Each of these files provide information specific to a particular network interface. Refer to Section 9.2, "Interface Configuration Files" for more information on this type of file and the directives it accepts.

Network interface names

Network interface names may be different on different hardware types. Refer to Appendix A, Consistent Network Device Naming for more information.

The /etc/sysconfig/networking/ directory

The /etc/sysconfig/networking/ directory is used by the now deprecated Network Administration Tool (system-config-network). Its contents should not be edited manually. Using only one method for network configuration is strongly encouraged, due to the risk of configuration deletion. For more information about configuring network interfaces using graphical configuration tools, refer to Chapter 8, NetworkManager.

9.2. Interface Configuration Files

Interface configuration files control the software interfaces for individual network devices. As the system boots, it uses these files to determine what interfaces to bring up and how to configure them. These files are usually named ifcfg-name, where name refers to the name of the device that the configuration file controls.

9.2.1. Ethernet Interfaces

One of the most common interface files is /etc/sysconfig/network-scripts/ifcfg-eth0, which controls the first Ethernet network interface card or NIC in the system. In a system with multiple NICs, there are multiple ifcfg-ethX files (where X is a unique number corresponding to a specific interface). Because each device has its own configuration file, an administrator can control how each interface functions individually.
The following is a sample ifcfg-eth0 file for a system using a fixed IP address:
DEVICE=eth0BOOTPROTO=noneONBOOT=yesNETMASK=255.255.255.0IPADDR=10.0.1.27USERCTL=no
The values required in an interface configuration file can change based on other values. For example, the ifcfg-eth0 file for an interface using DHCP looks different because IP information is provided by the DHCP server:
DEVICE=eth0BOOTPROTO=dhcpONBOOT=yes
NetworkManager is graphical configuration tool which provides an easy way to make changes to the various network interface configuration files (refer to Chapter 8, NetworkManager for detailed instructions on using this tool).
However, it is also possible to manually edit the configuration files for a given network interface.
Below is a listing of the configurable parameters in an Ethernet interface configuration file:
BONDING_OPTS=parameters
sets the configuration parameters for the bonding device, and is used in /etc/sysconfig/network-scripts/ifcfg-bondN (see Section 9.2.5, "Channel Bonding Interfaces"). These parameters are identical to those used for bonding devices in /sys/class/net/bonding_device/bonding, and the module parameters for the bonding driver as described in bonding Module Directives.
This configuration method is used so that multiple bonding devices can have different configurations. It is highly recommended to place all of your bonding options after the BONDING_OPTS directive in ifcfg-name. Do not specify options for the bonding device in /etc/modprobe.d/bonding.conf, or in the deprecated /etc/modprobe.conf file.
BOOTPROTO=protocol
where protocol is one of the following:
  • none - No boot-time protocol should be used.
  • bootp - The BOOTP protocol should be used.
  • dhcp - The DHCP protocol should be used.
BROADCAST=address
where address is the broadcast address. This directive is deprecated, as the value is calculated automatically with ipcalc.
DEVICE=name
where name is the name of the physical device (except for dynamically-allocated PPP devices where it is the logical name).
DHCP_HOSTNAME=name
where name is a short hostname to be sent to the DHCP server. Use this option only if the DHCP server requires the client to specify a hostname before receiving an IP address.
DNS{1,2}=address
where address is a name server address to be placed in /etc/resolv.conf if the PEERDNS directive is set to yes.
ETHTOOL_OPTS=options
where options are any device-specific options supported by ethtool. For example, if you wanted to force 100Mb, full duplex:
ETHTOOL_OPTS="autoneg off speed 100 duplex full"
Instead of a custom initscript, use ETHTOOL_OPTS to set the interface speed and duplex settings. Custom initscripts run outside of the network init script lead to unpredictable results during a post-boot network service restart.

Set "autoneg off" before changing speed or duplex settings

Changing speed or duplex settings almost always requires disabling auto-negotiation with the autoneg off option. This option needs to be stated first, as the option entries are order-dependent.
Refer to Section 9.2.4, "Ethtool" for more Ethtool options.
HOTPLUG=answer
where answer is one of the following:
  • yes - This device should be activated when it is hot-plugged (this is the default option).
  • no - This device should not be activated when it is hot-plugged.
The HOTPLUG=no option can be used to prevent a channel bonding interface from being activated when a bonding kernel module is loaded.
Refer to Section 9.2.5, "Channel Bonding Interfaces" for more about channel bonding interfaces.
HWADDR=MAC-address
where MAC-address is the hardware address of the Ethernet device in the form AA:BB:CC:DD:EE:FF. This directive must be used in machines containing more than one NIC to ensure that the interfaces are assigned the correct device names regardless of the configured load order for each NIC's module. This directive should not be used in conjunction with MACADDR.

Note

  • Persistent device names are now handled by /etc/udev/rules.d/70-persistent-net.rules.
  • HWADDR must not be used with System z network devices.
  • Refer to Section 25.3.3, "Mapping subchannels and network device names", in the Red Hat Enterprise Linux 6 Installation Guide.
IPADDR=address
where address is the IP address.
LINKDELAY=time
where time is the number of seconds to wait for link negotiation before configuring the device.
MACADDR=MAC-address
where MAC-address is the hardware address of the Ethernet device in the form AA:BB:CC:DD:EE:FF.
This directive is used to assign a MAC address to an interface, overriding the one assigned to the physical NIC. This directive should not be used in conjunction with the HWADDR directive.
MASTER=bond-interface
where bond-interface is the channel bonding interface to which the Ethernet interface is linked.
This directive is used in conjunction with the SLAVE directive.
Refer to Section 9.2.5, "Channel Bonding Interfaces" for more information about channel bonding interfaces.
NETMASK=mask
where mask is the netmask value.
NETWORK=address
where address is the network address. This directive is deprecated, as the value is calculated automatically with ipcalc.
NM_CONTROLLED=answer
where answer is one of the following:
  • yes - NetworkManager is permitted to configure this device.This is the default behavior and can be omitted.
  • no - NetworkManager is not permitted to configure this device.

Note

The NM_CONTROLLED directive is now, as of Red Hat Enterpise Linux 6.3, dependent on the NM_BOND_VLAN_ENABLED directive in /etc/sysconfig/network. If and only if that directive is present and is one of yes, y, or true, will NetworkManager detect and manage bonding and VLAN interfaces.
ONBOOT=answer
where answer is one of the following:
  • yes - This device should be activated at boot-time.
  • no - This device should not be activated at boot-time.
PEERDNS=answer
where answer is one of the following:
  • yes - Modify /etc/resolv.conf if the DNS directive is set. If using DHCP, then yes is the default.
  • no - Do not modify /etc/resolv.conf.
SLAVE=answer
where answer is one of the following:
  • yes - This device is controlled by the channel bonding interface specified in the MASTER directive.
  • no - This device is not controlled by the channel bonding interface specified in the MASTER directive.
This directive is used in conjunction with the MASTER directive.
Refer to Section 9.2.5, "Channel Bonding Interfaces" for more about channel bonding interfaces.
SRCADDR=address
where address is the specified source IP address for outgoing packets.
USERCTL=answer
where answer is one of the following:
  • yes - Non-root users are allowed to control this device.
  • no - Non-root users are not allowed to control this device.

9.2.2. Specific ifcfg Options for Linux on System z

SUBCHANNELS=<read_device_bus_id>, <write_device_bus_id>, <data_device_bus_id>
where <read_device_bus_id><write_device_bus_id>, <data_device_bus_id> are the three device bus IDs representing a network device.
PORTNAME=myname;
where myname is the Open Systems Adapter (OSA) portname or LAN Channel Station (LCS) portnumber.
CTCPROT=answer
where answer is one of the following:
  • 0 - Compatibility mode, TCP/IP for Virtual Machines (used with non-Linux peers other than IBM S/390 and IBM System z operating systems). This is the default mode.
  • 1 - Extended mode, used for Linux-to-Linux Peers.
  • 3 - Compatibility mode for S/390 and IBM System z operating systems.
This directive is used in conjunction with the NETTYPE directive. It specifies the CTC protocol for NETTYPE='ctc'. The default is 0.
OPTION='answer'
where 'answer' is a quoted string of any valid sysfs attributes and their value. The Red Hat Enterprise Linux installer currently uses this to configure the layer mode, (layer2), and the relative port number, (portno), of QETH devices. For example: 
OPTIONS='layer2=1 portno=0'

9.2.3. Required ifcfg Options for Linux on System z

NETTYPE=answer
where answer is one of the following:
  • ctc - Channel-to-Channel communication. For point-to-point TCP/IP or TTY.
  • lcs - LAN Channel Station (LCS).
  • qeth - QETH (QDIO Ethernet). This is the default network interface. It is the preferred installation method for supporting real or virtual OSA cards and HiperSockets devices.

9.2.4. Ethtool

Ethtool is a utility for configuration of Network Interface Cards (NICs). This utility allows querying and changing settings such as speed, port, auto-negotiation, PCI locations and checksum offload on many network devices, especially Ethernet devices.
We present here a short selection of often used Ethtool commands together with some useful commands that are not well known. For a full list of commands type ethtool -h or refer to the man page, ethtool(8), for a more verbose list and explanation. The first two examples are information queries and show the use of the different formats of the command.
But first, the command structure:
ethtool [option...] devname
where option is none or more options, and devname is your Network Interface Card (NIC). For example eth0 or em1.
ethtool
The ethtool command with only a device name as an option is used to query a network device for NIC and driver statistics. It takes the following form:
ethtool -S, --statistics devname
where devname is your NIC. For example eth0 or em1.
Some values can only be obtained when the command is run as root. Here is an example of the output when the command is run as root:
~]# ethtool em1Settings for em1:Supported ports: [ TP ]Supported link modes:   10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supported pause frame use: NoSupports auto-negotiation: YesAdvertised link modes:  10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised pause frame use: NoAdvertised auto-negotiation: YesSpeed: 1000Mb/sDuplex: FullPort: Twisted PairPHYAD: 2Transceiver: internalAuto-negotiation: onMDI-X: onSupports Wake-on: pumbgWake-on: gCurrent message level: 0x00000007 (7)   drv probe linkLink detected: yes
Issue the following command, using the short or long form of the argument, to query the specified network device for associated driver information:
ethtool -i, --driver devname
where devname is your Network Interface Card (NIC). For example eth0 or em1.
Here is an example of the output:
~]$ ethtool -i em1driver: e1000eversion: 2.0.0-kfirmware-version: 0.13-3bus-info: 0000:00:19.0supports-statistics: yessupports-test: yessupports-eeprom-access: yessupports-register-dump: yes
Here follows a list of commands to query, identify or reset the device. They are in the usual -short and --long form:
--statistics
The --statistics or -S queries the specified network device for NIC and driver statistics. It takes the following form:
ethtool -S, --statistics devname
where devname is your NIC.
--identify
The --identify or -p option initiates adapter-specific action intended to enable an operator to easily identify the adapter by sight. Typically this involves blinking one or more LEDs on the specified network port. It takes the following form:
-p, --identify devname integer
where integer is length of time in seconds to perform the action,
and devname is your NIC.
--test
The --test or -t option is used to perform tests on a Network Interface Card. It takes the following form:
-t, --test word devname
where word is one of the following:
  • offline - Perform a comprehensive set of tests. Service will be interrupted.
  • online - Perform a reduced set of tests. Service should not be interrupted.
  • external_lb - Perform full set of tests including loopback tests while fitted with a loopback cable.
and devname is your NIC.
Changing some or all settings of the specified network device requires the -s or --change option. All the following options are only applied if the -s or --change option is also specified. For the sake of clarity we will omit it here.
To make these settings permanent you can make use of the ETHTOOL_OPTS directive. It can be used in interface configuration files to set the desired options when the network interface is brought up. Refer to Section 9.2.1, "Ethernet Interfaces" for more details on how to use this directive.
--speed
The --speed option is used to set the speed in megabits per second (Mb/s). Omitting the speed value will show the supported device speeds. It takes the following form:
--speed number devname
where number is the speed in megabits per second (Mb/s),
and devname is your NIC.
--duplex
The --duplex option is used to set the transmit and receive mode of operation. It takes the following form:
 --duplex word devname
where word is one of the following:
  • half - Sets half-duplex mode. Usually used when connected to a hub.
  • full - Sets full-duplex mode. Usually used when connected to a switch or another host.
and devname is your NIC.
--port
The --port option is used to select the device port . It takes the following form:
--port value devname
where value is one of the following:
  • tp - An Ethernet interface using Twisted-Pair cable as the medium.
  • aui - Attachment Unit Interface (AUI). Normally used with hubs.
  • bnc - An Ethernet interface using BNC connectors and co-axial cable.
  • mii - An Ethernet interface using a Media Independent Interface (MII).
  • fibre - An Ethernet interface using Optical Fibre as the medium.
and devname is your NIC.
--autoneg
The --autoneg option is used to control auto-negotiation of network speed and mode of operation (full-duplex or half-duplex mode). If auto-negotiation is enabled you can initiate re-negotiation of network speeds and mode of operation by using the -r, --negotiate option. You can display the auto-negotiation state using the --a, --show-pause option.
It takes the following form:
--autoneg value devname
where value is one of the following:
  • yes - Allow auto-negotiating of network speed and mode of operation.
  • no - Do not allow auto-negotiating of network speed and mode of operation.
and devname is your NIC.
--advertise
The --advertise option is used to set what speeds and modes of operation (duplex mode) are advertised for auto-negotiation. The argument is one or more hexadecimal values from Table 9.1, "Ethtool advertise options: speed and mode of operation".
It takes the following form:
--advertise HEX-VALUE devname
where HEX-VALUE is one or more of the hexadecimal values from the table below and devname is your NIC.

Table 9.1. Ethtool advertise options: speed and mode of operation

Hex ValueSpeedDuplex ModeIEEE standard?
0x00110
Half
Yes
0x00210
Full
Yes
0x004100
Half
Yes
0x008100
Full
Yes
0x0101000HalfNo
0x0201000
Full
Yes
0x80002500FullYes
0x100010000FullYes
0x2000020000MLD2FullNo
0x2000020000MLD2FullNo
0x4000020000KR2FullNo

--phyad
The --phyad option is used to change the physical address. Often referred to as the MAC or hardware address but in this context referred to as the physical address.
It takes the following form:
--phyad HEX-VALUE devname
where HEX-VALUE is the physical address in hexadecimal format and devname is your NIC.
--xcvr
The --xcvr option is used to select the transceiver type. Currently only "internal" and "external" can be specified. In the future other types might be added.
It takes the following form:
--xcvr word devname
where word is one of the following:
  • internal - Use internal transceiver.
  • external - Use external transceiver.
and devname is your NIC.
--wol
The --wol option is used to set "Wake-on-LAN" options. Not all devices support this. The argument to this option is a string of characters specifying which options to enable.
It takes the following form:
--wol value devname
where value is one or more of the following:
  • p - Wake on PHY activity.
  • u - Wake on unicast messages.
  • m - Wake on multicast messages.
  • b - Wake on broadcast messages.
  • g - Wake-on-Lan; wake on receipt of a "magic packet".
  • s - Enable security function using password for Wake-on-Lan.
  • d - Disable Wake-on-Lan and clear all settings.
and devname is your NIC.
--sopass
The --sopass option is used to set the "SecureOn" password. The argument to this option must be 6 bytes in Ethernet MAC hexadecimal format (xx:yy:zz:aa:bb:cc).
It takes the following form:
--sopass xx:yy:zz:aa:bb:cc devname
where xx:yy:zz:aa:bb:cc is the password in the same format as a MAC address and devname is your NIC.
--msglvl
The --msglvl option is used to set the driver message-type flags by name or number. The precise meanings of these type flags differ between drivers.
It takes the following form:
--msglvl value devname
where value is one of:
  • HEX-VALUE - Hexadecimal value indicating message type.
  • message-type - The message type name in plain text.
and devname is your NIC.
The defined message type names and numbers are shown in the table below:

Table 9.2. Driver message type

Message TypeHex ValueDescription
drv0x0001
General driver status
probe0x0002
Hardware probing
link0x0004
Link state
timer0x0008
Periodic status check
ifdown0x0010Interface being brought down
ifup0x0020
Interface being brought up
rx_err0x0040Receive error
tx_err0x0080Transmit error
intr0x0200Interrupt handling
tx_done0x0400Transmit completion
rx_status0x0800Receive completion
pktdata0x1000Packet contents
hw0x2000Hardware status
wol0x4000Wake-on-LAN status

9.2.5. Channel Bonding Interfaces

Red Hat Enterprise Linux allows administrators to bind multiple network interfaces together into a single channel using the bonding kernel module and a special network interface called a channel bonding interface. Channel bonding enables two or more network interfaces to act as one, simultaneously increasing the bandwidth and providing redundancy.
To create a channel bonding interface, create a file in the /etc/sysconfig/network-scripts/ directory called ifcfg-bondN, replacing N with the number for the interface, such as 0.
The contents of the file can be identical to whatever type of interface is getting bonded, such as an Ethernet interface. The only difference is that the DEVICE directive is bondN, replacing N with the number for the interface.
The following is a sample channel bonding configuration file:

Example 9.1. Sample ifcfg-bond0 interface configuration file

DEVICE=bond0IPADDR=192.168.1.1NETMASK=255.255.255.0ONBOOT=yesBOOTPROTO=noneUSERCTL=noBONDING_OPTS="bonding parameters separated by spaces"

After the channel bonding interface is created, the network interfaces to be bound together must be configured by adding the MASTER and SLAVE directives to their configuration files. The configuration files for each of the channel-bonded interfaces can be nearly identical.
For example, if two Ethernet interfaces are being channel bonded, both eth0 and eth1 may look like the following example:
DEVICE=ethNBOOTPROTO=noneONBOOT=yesMASTER=bond0SLAVE=yesUSERCTL=no
In this example, replace N with the numerical value for the interface.
For a channel bonding interface to be valid, the kernel module must be loaded. To ensure that the module is loaded when the channel bonding interface is brought up, create a new file as root named bonding.conf in the /etc/modprobe.d/ directory. Note that you can name this file anything you like as long as it ends with a .conf extension. Insert the following line in this new file:
alias bondN bonding
Replace N with the interface number, such as 0. For each configured channel bonding interface, there must be a corresponding entry in your new /etc/modprobe.d/bonding.conf file.

Put all bonding module parameters in ifcfg-bondN files

Parameters for the bonding kernel module must be specified as a space-separated list in the BONDING_OPTS="bonding parameters" directive in the ifcfg-bondN interface file. Do not specify options for the bonding device in /etc/modprobe.d/bonding.conf, or in the deprecated /etc/modprobe.conf file. For further instructions and advice on configuring the bonding module and to view the list of bonding parameters, refer to Section 25.7.2, "Using Channel Bonding".

9.2.6. Network Bridge

A network bridge is a Link Layer device which forwards traffic between networks based on MAC addresses and is therefore also referred to as a Layer 2 device. It makes forwarding decisions based on tables of MAC addresses which it builds by learning what hosts are connected to each network. A software bridge can be used within a Linux host in order to emulate a hardware bridge, for example in virtualization applications for sharing a NIC with one or more virtual NICs. This case will be illustrated here as an example.
To create a network bridge, create a file in the /etc/sysconfig/network-scripts/ directory called ifcfg-brN, replacing N with the number for the interface, such as 0.
The contents of the file is similar to whatever type of interface is getting bridged to, such as an Ethernet interface. The differences in this example are as follows:
  • The DEVICE directive is given an interface name as its argument in the format brN, where N is replaced with the number of the interface.
  • The TYPE directive is given an argument Bridge or Ethernet. This directive determines the device type and the argument is case sensitive.
  • The bridge interface configuration file now has the IP address and the physical interface has only a MAC address.
  • An extra directive, DELAY=0, is added to prevent the bridge from waiting while it monitors traffic, learns where hosts are located, and builds a table of MAC addresses on which to base its filtering decisions. The default delay of 30 seconds is not needed if no routing loops are possible.
  • The NM_CONTROLLED=no should be added to the Ethernet interface to prevent NetworkManager from altering the file. It can also be added to the bridge configuration file in case future versions of NetworkManager support bridge configuration.
The following is a sample bridge interface configuration file using a static IP address:

Example 9.2. Sample ifcfg-br0 interface configuration file

DEVICE=br0TYPE=BridgeIPADDR=192.168.1.1NETMASK=255.255.255.0ONBOOT=yesBOOTPROTO=staticNM_CONTROLLED=noDELAY=0

To complete the bridge another interface is created, or an existing interface is modified, and pointed to the bridge interface. The following is a sample Ethernet interface configuration file pointing to a bridge interface. Configure your physical interface in /etc/sysconfig/network-scripts/ifcfg-ethX, where X is a unique number corresponding to a specific interface, as follows:

Example 9.3. Sample ifcfg-ethX interface configuration file

DEVICE=ethXTYPE=EthernetHWADDR=AA:BB:CC:DD:EE:FFBOOTPROTO=noneONBOOT=yesNM_CONTROLLED=noBRIDGE=br0

Note

For the DEVICE directive, almost any interface name could be used as it does not determine the device type. Other commonly used names include tap, dummy and bond for example. TYPE=Ethernet is not strictly required. If the TYPE directive is not set, the device is treated as an Ethernet device (unless it's name explicitly matches a different interface configuration file.)
You can refer to Section 9.2, "Interface Configuration Files" for a review of the directives and options used in network interface config files.

Warning

If you are configuring bridging on a remote host, and you are connected to that host over the physical NIC you are configuring, please consider the implications of losing connectivity before proceeding. You will lose connectivity when restarting the service and may not be able to regain connectivity if any errors have been made. Console, or out-of-band access is advised.
Restart the networking service, in order for the changes to take effect, as follows:
 service network restart
An example of a network bridge formed from two or more bonded Ethernet interfaces will now be given as this is another common application in a virtualization environment. If you are not very familiar with the configuration files for bonded interfaces then please refer to Section 9.2.5, "Channel Bonding Interfaces"
Create or edit two or more Ethernet interface configuration files, which are to be bonded, as follows: 
DEVICE=ethXTYPE=EthernetUSERCTL=noSLAVE=yesMASTER=bond0BOOTPROTO=noneHWADDR=AA:BB:CC:DD:EE:FFNM_CONTROLLED=no

Note

Using ethX as the interface name is common practice but almost any name could be used. Names such as tap, dummy and bond are commonly used.
Create or edit one interface configuration file, /etc/sysconfig/network-scripts/ifcfg-bond0, as follows: 
DEVICE=bond0ONBOOT=yesBONDING_OPTS='mode=1 miimon=100'BRIDGE=brbond0NM_CONTROLLED=no
For further instructions and advice on configuring the bonding module and to view the list of bonding parameters, refer to Section 25.7.2, "Using Channel Bonding".
Create or edit one interface configuration file, /etc/sysconfig/network-scripts/ifcfg-brbond0, as follows: 
DEVICE=brbond0ONBOOT=yesTYPE=BridgeIPADDR=192.168.1.1NETMASK=255.255.255.0NM_CONTROLLED=no
A network bridge consisting of two bonded Ethernet interfaces.
A diagram of two Ethernet interfaces on the left feeding into a virtual interface labeled bond 0. This in turn leads to a virtual interface called BR Bond 0 on the right. From there a path leads to a virtual network below.

Figure 9.1. A network bridge consisting of two bonded Ethernet interfaces.


We now have two or more interface configuration files with the MASTER=bond0 directive. These point to the configuration file named /etc/sysconfig/network-scripts/ifcfg-bond0, which contains the DEVICE=bond0 directive. This ifcfg-bond0 in turn points to the /etc/sysconfig/network-scripts/ifcfg-brbond0 configuration file, which contains the IP address, and acts as an interface to the virtual networks inside the host.
Restart the networking service, in order for the changes to take effect, as follows:
 service network restart

9.2.7. Setting Up 802.1q VLAN Tagging

  1. Ensure that the module is loaded by entering the following command:
     lsmod | grep 8021q
  2. If the module is not loaded, load it with the following command:
    modprobe 8021q
  3. Configure your physical interface in /etc/sysconfig/network-scripts/ifcfg-ethX, where X is a unique number corresponding to a specific interface, as follows:
    DEVICE=ethXTYPE=EthernetBOOTPROTO=noneONBOOT=yes
  4. Configure the VLAN interface configuration in /etc/sysconfig/network-scripts. The configuration filename should be the physical interface plus a . character plus the VLAN ID number. For example, if the VLAN ID is 192, and the physical interface is eth0, then the configuration filename should be ifcfg-eth0.192:
    DEVICE=ethX.192BOOTPROTO=staticONBOOT=yesIPADDR=192.168.1.1NETMASK=255.255.255.0USERCTL=noNETWORK=192.168.1.0VLAN=yes
    If there is a need to configure a second VLAN, with for example, VLAN ID 193, on the same interface, eth0 , add a new file with the name eth0.193 with the VLAN configuration details.
  5. Restart the networking service, in order for the changes to take effect, as follows:
     service network restart

9.2.8. Alias and Clone Files

Two lesser-used types of interface configuration files are alias and clone files. As the ip command of the iproute package now supports assigning multiple address to the same interface it is no longer necessary to use this method of binding multiple addresses to the same interface.

Note

At the time of writing, NetworkManager does not detect IP aliases in ifcfg files. For example, if ifcfg-eth0 and ifcfg-eth0:1 files are present, NetworkManager creates two connections, which will cause confusion.
For new installations, users should select the Manual method on the IPv4 or IPv6 tab in NetworkManager to assign multiple IP address to the same interface. For more information on using this tool, refer to Chapter 8, NetworkManager.
Alias interface configuration files, which are used to bind multiple addresses to a single interface, use the ifcfg-if-name:alias-value naming scheme.
For example, an ifcfg-eth0:0 file could be configured to specify DEVICE=eth0:0 and a static IP address of 10.0.0.2, serving as an alias of an Ethernet interface already configured to receive its IP information via DHCP in ifcfg-eth0. Under this configuration, eth0 is bound to a dynamic IP address, but the same physical network card can receive requests via the fixed, 10.0.0.2 IP address.

Warning

Alias interfaces do not support DHCP.
A clone interface configuration file should use the following naming convention: ifcfg-if-name-clone-name. While an alias file allows multiple addresses for an existing interface, a clone file is used to specify additional options for an interface. For example, a standard DHCP Ethernet interface called eth0, may look similar to this:
DEVICE=eth0ONBOOT=yesBOOTPROTO=dhcp
Since the default value for the USERCTL directive is no if it is not specified, users cannot bring this interface up and down. To give users the ability to control the interface, create a clone by copying ifcfg-eth0 to ifcfg-eth0-user and add the following line to ifcfg-eth0-user:
USERCTL=yes
This way a user can bring up the eth0 interface using the /sbin/ifup eth0-user command because the configuration options from ifcfg-eth0 and ifcfg-eth0-user are combined. While this is a very basic example, this method can be used with a variety of options and interfaces.
It is no longer possible to create alias and clone interface configuration files using a graphical tool. However, as explained at the beginning of this section, it is no longer necessary to use this method as it is now possible to directly assign multiple IP address to the same interface. For new installations, users should select the Manual method on the IPv4 or IPv6 tab in NetworkManager to assign multiple IP address to the same interface. For more information on using this tool, refer to Chapter 8, NetworkManager.

9.2.9. Dialup Interfaces

If you are connecting to the Internet via a dialup connection, a configuration file is necessary for the interface.
PPP interface files are named using the following format:
ifcfg-pppX
where X is a unique number corresponding to a specific interface.
The PPP interface configuration file is created automatically when wvdial, or Kppp is used to create a dialup account. It is also possible to create and edit this file manually.
The following is a typical /etc/sysconfig/network-scripts/ifcfg-ppp0 file:
DEVICE=ppp0NAME=testWVDIALSECT=testMODEMPORT=/dev/modemLINESPEED=115200PAPNAME=testUSERCTL=trueONBOOT=noPERSIST=noDEFROUTE=yesPEERDNS=yesDEMAND=noIDLETIMEOUT=600
Serial Line Internet Protocol (SLIP) is another dialup interface, although it is used less frequently. SLIP files have interface configuration file names such as ifcfg-sl0.
Other options that may be used in these files include:
DEFROUTE=answer
where answer is one of the following:
  • yes - Set this interface as the default route.
  • no - Do not set this interface as the default route.
DEMAND=answer
where answer is one of the following:
  • yes - This interface allows pppd to initiate a connection when someone attempts to use it.
  • no - A connection must be manually established for this interface.
IDLETIMEOUT=value
where value is the number of seconds of idle activity before the interface disconnects itself.
INITSTRING=string
where string is the initialization string passed to the modem device. This option is primarily used in conjunction with SLIP interfaces.
LINESPEED=value
where value is the baud rate of the device. Possible standard values include 57600, 38400, 19200, and 9600.
MODEMPORT=device
where device is the name of the serial device that is used to establish the connection for the interface.
MTU=value
where value is the Maximum Transfer Unit (MTU) setting for the interface. The MTU refers to the largest number of bytes of data a frame can carry, not counting its header information. In some dialup situations, setting this to a value of 576 results in fewer packets dropped and a slight improvement to the throughput for a connection.
NAME=name
where name is the reference to the title given to a collection of dialup connection configurations.
PAPNAME=name
where name is the username given during the Password Authentication Protocol (PAP) exchange that occurs to allow connections to a remote system.
PERSIST=answer
where answer is one of the following:
  • yes - This interface should be kept active at all times, even if deactivated after a modem hang up.
  • no - This interface should not be kept active at all times.
REMIP=address
where address is the IP address of the remote system. This is usually left unspecified.
WVDIALSECT=name
where name associates this interface with a dialer configuration in /etc/wvdial.conf. This file contains the phone number to be dialed and other important information for the interface.

9.2.10. Other Interfaces

Other common interface configuration files include the following:
ifcfg-lo
A local loopback interface is often used in testing, as well as being used in a variety of applications that require an IP address pointing back to the same system. Any data sent to the loopback device is immediately returned to the host's network layer.

Do not manually edit the ifcfg-lo script

The loopback interface script, /etc/sysconfig/network-scripts/ifcfg-lo, should never be edited manually. Doing so can prevent the system from operating correctly.
ifcfg-irlan0
An infrared interface allows information between devices, such as a laptop and a printer, to flow over an infrared link. This works in a similar way to an Ethernet device except that it commonly occurs over a peer-to-peer connection.
ifcfg-plip0
A Parallel Line Interface Protocol (PLIP) connection works much the same way as an Ethernet device, except that it utilizes a parallel port.
Interface configuration files for Linux on System z include the following:
ifcfg-hsiN
A HiperSockets interface is an interface for high-speed TCP/IP communication within and across z/VM guest virtual machines and logical partitions (LPARs) on an IBM System z mainframe.

9.3. Interface Control Scripts

The interface control scripts activate and deactivate system interfaces. There are two primary interface control scripts that call on control scripts located in the /etc/sysconfig/network-scripts/ directory: /sbin/ifdown and /sbin/ifup.
The ifup and ifdown interface scripts are symbolic links to scripts in the /sbin/ directory. When either of these scripts are called, they require the value of the interface to be specified, such as:
ifup eth0

Use the ifup and ifdown interface scripts

The ifup and ifdown interface scripts are the only scripts that the user should use to bring up and take down network interfaces.
The following scripts are described for reference purposes only.
Two files used to perform a variety of network initialization tasks during the process of bringing up a network interface are /etc/rc.d/init.d/functions and /etc/sysconfig/network-scripts/network-functions. Refer to Section 9.5, "Network Function Files" for more information.
After verifying that an interface has been specified and that the user executing the request is allowed to control the interface, the correct script brings the interface up or down. The following are common interface control scripts found within the /etc/sysconfig/network-scripts/ directory:
ifup-aliases
Configures IP aliases from interface configuration files when more than one IP address is associated with an interface.
ifup-ippp and ifdown-ippp
Brings ISDN interfaces up and down.
ifup-ipv6 and ifdown-ipv6
Brings IPv6 interfaces up and down.
ifup-plip
Brings up a PLIP interface.
ifup-plusb
Brings up a USB interface for network connections.
ifup-post and ifdown-post
Contains commands to be executed after an interface is brought up or down.
ifup-ppp and ifdown-ppp
Brings a PPP interface up or down.
ifup-routes
Adds static routes for a device as its interface is brought up.
ifdown-sit and ifup-sit
Contains function calls related to bringing up and down an IPv6 tunnel within an IPv4 connection.
ifup-wireless
Brings up a wireless interface.

Be careful when removing or modifying network scripts!

Removing or modifying any scripts in the /etc/sysconfig/network-scripts/ directory can cause interface connections to act irregularly or fail. Only advanced users should modify scripts related to a network interface.
The easiest way to manipulate all network scripts simultaneously is to use the /sbin/service command on the network service (/etc/rc.d/init.d/network), as illustrated by the following command:
/sbin/service network action
Here, action can be either start, stop, or restart.
To view a list of configured devices and currently active network interfaces, use the following command:
/sbin/service network status

9.4. Static Routes and the Default Gateway

Static routes are for traffic that must not, or should not, go through the default gateway. Routing is usually handled by routing devices and therefore it is often not necessary to configure static routes on Red Hat Enterprise Linux servers or clients. Exceptions include traffic that must pass through an encrypted VPN tunnel or traffic that should take a less costly route. The default gateway is for any and all traffic which is not destined for the local network and for which no preferred route is specified in the routing table. The default gateway is traditionally a dedicated network router.

Static Routes

Use the ip route command to display the IP routing table. If static routes are required, they can be added to the routing table by means of the ip route add command and removed using the ip route del command. To add a static route to a host address, that is to say to a single IP address, issue the following command as root: 
ip route add X.X.X.X
where X.X.X.X is the IP address of the host in dotted decimal notation. To add a static route to a network, that is to say to an IP address representing a range of IP addresses, issue the following command as root: 
ip route add X.X.X.X/Y
where X.X.X.X is the IP address of the network in dotted decimal notation and Y is the network prefix. The network prefix is the number of enabled bits in the subnet mask. This format of network address slash prefix length is referred to as CIDR notation.
Static route configuration is stored per-interface in a /etc/sysconfig/network-scripts/route-interface file. For example, static routes for the eth0 interface would be stored in the /etc/sysconfig/network-scripts/route-eth0 file. The route-interface file has two formats: IP command arguments and network/netmask directives. These are described below.

The Default Gateway

The default gateway is specified by means of the GATEWAY directive and can be specified either globally or in interface-specific configuration files. Specifying the default gateway globally has certain advantages especially if more than one network interface is present and it can make fault finding simpler if applied consistently. There is also the GATEWAYDEV directive, which is a global option. If multiple devices specify GATEWAY, and one interface uses the GATEWAYDEV directive, that directive will take precedence. This option is not recommend as it can have unexpected consequences if an interface goes down and it can complicate fault finding.
Global default gateway configuration is stored in the /etc/sysconfig/network file. This file specifies gateway and host information for all network interfaces. For more information about this file and the directives it accepts, refer to Section D.1.13, "/etc/sysconfig/network".

IP Command Arguments Format

If required in a per-interface configuration file, define a default gateway on the first line. This is only required if the default gateway is not set via DHCP and is not set globally as mentioned above:
default via X.X.X.X dev interface
X.X.X.X is the IP address of the default gateway. The interface is the interface that is connected to, or can reach, the default gateway. The dev option can be omitted, it is optional.
Define a static route. Each line is parsed as an individual route:
X.X.X.X/Y via X.X.X.X dev interface
X.X.X.X/Y is the network address and netmask for the static route. X.X.X.X and interface are the IP address and interface for the default gateway respectively. The X.X.X.X address does not have to be the default gateway IP address. In most cases, X.X.X.X will be an IP address in a different subnet, and interface will be the interface that is connected to, or can reach, that subnet. Add as many static routes as required.
The following is a sample route-eth0 file using the IP command arguments format. The default gateway is 192.168.0.1, interface eth0. The two static routes are for the 10.10.10.0/24 and 172.16.1.0/24 networks:
default via 192.168.0.1 dev eth010.10.10.0/24 via 192.168.0.1 dev eth0172.16.1.0/24 via 192.168.0.1 dev eth0
Static routes should only be configured for other subnetworks. The above example is not necessary, since packets going to the 10.10.10.0/24 and 172.16.1.0/24 networks will use the default gateway anyway. Below is an example of setting static routes to a different subnet, on a machine in a 192.168.0.0/24 subnet. The example machine has an eth0 interface in the 192.168.0.0/24 subnet, and an eth1 interface (10.10.10.1) in the 10.10.10.0/24 subnet:
10.10.10.0/24 via 10.10.10.1 dev eth1
Specifying an exit interface is optional. It can be useful if you want to force traffic out of a specific interface. For example, in the case of a VPN, you can force traffic to a remote network to pass through a tun0 interface even when the interface is in a different sub-net to the destination network.

Duplicate default gateways

If the default gateway is already assigned from DHCP, the IP command arguments format can cause one of two errors during start-up, or when bringing up an interface from the down state using the ifup command: "RTNETLINK answers: File exists" or 'Error: either "to" is a duplicate, or "X.X.X.X" is a garbage.', where X.X.X.X is the gateway, or a different IP address. These errors can also occur if you have another route to another network using the default gateway. Both of these errors are safe to ignore.

Network/Netmask Directives Format

You can also use the network/netmask directives format for route-interface files. The following is a template for the network/netmask format, with instructions following afterwards:
 ADDRESS0=X.X.X.X NETMASK0=X.X.X.X GATEWAY0=X.X.X.X
  • ADDRESS0=X.X.X.X is the network address for the static route.
  • NETMASK0=X.X.X.X is the netmask for the network address defined with ADDRESS0=X.X.X.X.
  • GATEWAY0=X.X.X.X is the default gateway, or an IP address that can be used to reach ADDRESS0=X.X.X.X
The following is a sample route-eth0 file using the network/netmask directives format. The default gateway is 192.168.0.1, interface eth0. The two static routes are for the 10.10.10.0/24 and 172.16.1.0/24 networks. However, as mentioned before, this example is not necessary as the 10.10.10.0/24 and 172.16.1.0/24 networks would use the default gateway anyway:
ADDRESS0=10.10.10.0NETMASK0=255.255.255.0GATEWAY0=192.168.0.1ADDRESS1=172.16.1.0NETMASK1=255.255.255.0GATEWAY1=192.168.0.1
Subsequent static routes must be numbered sequentially, and must not skip any values. For example, ADDRESS0, ADDRESS1, ADDRESS2, and so on.
Below is an example of setting static routes to a different subnet, on a machine in the 192.168.0.0/24 subnet. The example machine has an eth0 interface in the 192.168.0.0/24 subnet, and an eth1 interface (10.10.10.1) in the 10.10.10.0/24 subnet:
ADDRESS0=10.10.10.0NETMASK0=255.255.255.0GATEWAY0=10.10.10.1
Note that if DHCP is used, it can assign these settings automatically.

9.5. Network Function Files

Red Hat Enterprise Linux makes use of several files that contain important common functions used to bring interfaces up and down. Rather than forcing each interface control file to contain these functions, they are grouped together in a few files that are called upon when necessary.
The /etc/sysconfig/network-scripts/network-functions file contains the most commonly used IPv4 functions, which are useful to many interface control scripts. These functions include contacting running programs that have requested information about changes in the status of an interface, setting hostnames, finding a gateway device, verifying whether or not a particular device is down, and adding a default route.
As the functions required for IPv6 interfaces are different from IPv4 interfaces, a /etc/sysconfig/network-scripts/network-functions-ipv6 file exists specifically to hold this information. The functions in this file configure and delete static IPv6 routes, create and remove tunnels, add and remove IPv6 addresses to an interface, and test for the existence of an IPv6 address on an interface.

9.6. Additional Resources

The following are resources which explain more about network interfaces.

9.6.1. Installed Documentation

/usr/share/doc/initscripts-version/sysconfig.txt
A guide to available options for network configuration files, including IPv6 options not covered in this chapter.

9.6.2. Useful Websites

http://linux-ip.net/gl/ip-cref/
This document contains a wealth of information about the ip command, which can be used to manipulate routing tables, among other things. The information can also be found in the ip-cref.ps file by installing the iproute-doc sub-package from the optional content channel.
(Sebelumnya) 13 : Part III. Networking - De ...13 : Part IV. Infrastructure S ... (Berikutnya)