LTS

    Innovation Version

      Configuring the Network

      Configuring an IP Address

      Using the nmcli Command

      NOTE: The network configuration configured by running the nmcli command takes effect immediately and will not be lost after the system restarts.

      Introduction to nmcli

      nmcli (NetworkManager Command Line Interface) is the command-line utility to configure networking through NetworkManager. The basic format of using nmcli is as follows:

       nmcli [OPTIONS] OBJECT { COMMAND | help }
      

      In the preceding command, OBJECT can be one of the following options: general, networking, radio, connection, and device. OPTIONS can be optional options, such as -t, --terse (for script processing),-p, --pretty (for human-readable output), -h, and --help. For more information, run the nmcli help command.

      nmcli help
      

      Common commands are listed as follows:

      • To display the general status of NetworkManager, run the following command:

        nmcli general status
        
      • To display all connections, run the following command:

        nmcli connection show
        
      • To display the current active connections only, add the -a or --active option as follows:

        nmcli connection show --active
        
      • To display the device identified by NetworkManager and its connection status, run the following command:

        nmcli device status
        
      • To start or stop network interfaces, for example, run the nmcli commands as the root user:

        nmcli connection up id enp3s0
        nmcli device disconnect enp3s0
        

      Device Management

      Connecting to a Device

      Run the following command to connect NetworkManager to the corresponding network device. Try to find the proper connection configuration and activate it.

      nmcli device connect "$IFNAME"   
      

      If the corresponding connection configuration does not exist, NetworkManager creates and activates a configuration file with default settings.

      Disconnecting to a Device

      Run the following command to disconnect NetworkManager with the network device and prevent the device from being automatically activated.

      nmcli device disconnect "$IFNAME"    
      

      Setting Network Connections

      Run the following command to display all the available network connections:

      $ nmcli con show
      
      
      NAME    UUID                                  TYPE      DEVICE
      enp4s0  5afce939-400e-42fd-91ee-55ff5b65deab  ethernet  enp4s0
      enp3s0  c88d7b69-f529-35ca-81ab-aa729ac542fd  ethernet  enp3s0
      virbr0  ba552da6-f014-49e3-91fa-ec9c388864fa  bridge    virbr0
      

      NOTE: In the command output, NAME indicates the connection ID (name).

      After a network connection is added, the corresponding configuration file is generated and associated with the corresponding device. To check for available devices, run the following command:

      $ nmcli dev status
      
      DEVICE      TYPE      STATE      CONNECTION
      enp3s0      ethernet  connected  enp3s0
      enp4s0      ethernet  connected  enp4s0
      virbr0      bridge    connected  virbr0
      lo          loopback  unmanaged  --
      virbr0-nic  tun       unmanaged  --
      
      Configuring Dynamic IP Connections
      Configuring IP Addresses

      When DHCP is used to allocate a network, run the following command to add a network configuration file:

      nmcli connection add type ethernet con-name connection-name ifname interface-name
      

      For example, to create a dynamic connection configuration file named net-test, run the following command as the root user:

      $ nmcli connection add type ethernet con-name net-test ifname enp3s0
      Connection 'net-test' (a771baa0-5064-4296-ac40-5dc8973967ab) successfully added.
      

      The NetworkManager sets connection.autoconnect to yes and saves the setting to the /etc/sysconfig/network-scripts/ifcfg-net-test file. In the /etc/sysconfig/network-scripts/ifcfg-net-test file, ONBOOT is set to yes.

      Activating a Connection and Checking Device Connection Status

      Run the following command as the root user to activate a network connection:

      $ nmcli con up net-test 
      Connection successfully activated (D-Bus active path:/org/freedesktop/NetworkManager/ActiveConnection/5)
      

      Run the following command to check the connection status of devices:

      $ nmcli device status
      
      DEVICE      TYPE      STATE      CONNECTION
      enp4s0      ethernet  connected  enp4s0
      enp3s0      ethernet  connected  net-test
      virbr0      bridge    connected  virbr0
      lo          loopback  unmanaged  --
      virbr0-nic  tun       unmanaged  --
      
      Configuring Static IP Connections
      Configuring IP Addresses

      To add a static IPv4 network connection, run the following command:

      nmcli connection add type ethernet con-name connection-name ifname interface-name ip4 address gw4 address
      

      NOTE: To add an IPv6 address and related gateway information, use the ip6 and gw6 options.

      For example, to create a static connection configuration file named net-static, run the following command as the root user:

      nmcli con add type ethernet con-name net-static ifname enp3s0 ip4 192.168.0.10/24 gw4 192.168.0.254
      

      You can also specify the IPv6 address and gateway for the device. The following is an example:

      $ nmcli con add type ethernet con-name test-lab ifname enp3s0 ip4 192.168.0.10/24 gw4 192.168.0.254 ip6 abbe::**** gw6 2001:***::*
      Connection 'net-static' (63aa2036-8665-f54d-9a92-c3035bad03f7) successfully added.
      

      The NetworkManager sets the internal parameter ipv4.method to manual, connection.autoconnect to yes, and writes the setting to the /etc/sysconfig/network-scripts/ifcfg-my-office file. In the file, BOOTPROTO is set to none, and ONBOOT is set to yes.

      Run the following command as the root user to set IPv4 addresses of two DNS servers:

      nmcli con mod net-static ipv4.dns "*.*.*.* *.*.*.*"
      

      Run the following command as the root user to set IPv6 addresses of two DNS servers:

      nmcli con mod net-static ipv6.dns "2001:4860:4860::**** 2001:4860:4860::****"
      
      Activating a Connection and Checking Device Connection Status

      Run the following command as the root user to activate a network connection:

      $ nmcli con up net-static ifname enp3s0
      Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
      

      Run the following command to check the connection status of devices:

      $ nmcli device status
      
      DEVICE      TYPE      STATE      CONNECTION
      enp4s0      ethernet  connected  enp4s0
      enp3s0      ethernet  connected  net-static
      virbr0      bridge    connected  virbr0
      lo          loopback  unmanaged  --
      virbr0-nic  tun       unmanaged  --
      

      Run the following command to view the connection details (with the -p and --pretty options to add the title and segment to the output):

      $ nmcli -p con show net-static 
      ===============================================================================
      Connection profile details (net-static )
      ===============================================================================
      connection.id:                          net-static
      connection.uuid:                        b9f18801-6084-4aee-af28-c8f0598ff5e1
      connection.stable-id:                   --
      connection.type:                        802-3-ethernet
      connection.interface-name:              enp3s0
      connection.autoconnect:                 yes
      connection.autoconnect-priority:        0
      connection.autoconnect-retries:         -1 (default)
      connection.multi-connect:               0 (default)
      connection.auth-retries:                -1
      connection.timestamp:                   1578988781
      connection.read-only:                   no
      connection.permissions:                 --
      connection.zone:                        --
      connection.master:                      --
      connection.slave-type:                  --
      connection.autoconnect-slaves:          -1 (default)
      connection.secondaries:                 --
      connection.gateway-ping-timeout:        0
      connection.metered:                     unknown
      connection.lldp:                        default
      connection.mdns:                        -1 (default)
      connection.llmnr:                       -1 (default)
      
      Adding a Wi-Fi Connection

      You can add the Wi-Fi connection using either of the following methods:

      Method 1: Connect to the Wi-Fi network using a network port.

      Connect to the Wi-Fi network specified by the SSID or BSSID. Run the following command to find a matching connection or create a connection, and then activate the connection on the device.

      nmcli device wifi connect "$SSID" password "$PASSWORD" ifname "$IFNAME"  
      nmcli --ask device wifi connect "$SSID" 
      

      Method 2: Connect to the Wi-Fi network using the configuration file.

      1,Run the following command to check for available Wi-Fi access points:

      nmcli dev wifi list
      

      2,Run the following command to generate a static IP address configuration that allows Wi-Fi connections automatically allocated by the DNS:

      nmcli con add con-name Wifi ifname wlan0 type wifi ssid MyWifi ip4 192.168.100.101/24 gw4 192.168.100.1
      

      3,Run the following command to set a WPA2 password, for example, answer:

      nmcli con modify Wifi wifi-sec.key-mgmt wpa-psk
      nmcli con modify Wifi wifi-sec.psk answer
      

      4,Run the following command to change the Wi-Fi status:

      nmcli radio wifi [ on | off ]
      
      Modifying Attributes

      Run the following command to check a specific attribute, for example, mtu:

      $ nmcli connection show id 'Wifi ' | grep mtu
      802-11-wireless.mtu: auto
      

      Run the following command to modify the attribute:

      nmcli connection modify id 'Wifi ' 802-11-wireless.mtu 1350
      

      Run the following command to confirm the modification:

      $ nmcli connection show id 'Wifi ' | grep mtu
      802-11-wireless.mtu: 1350
      

      Configuring a Static Route

      • Run the nmcli command to configure a static route for a network connection:

        nmcli connection modify enp3s0 +ipv4.routes "192.168.122.0/24 10.10.10.1"
        
      • Run the following command to configure the static route using the editor:

        $ nmcli con edit type ethernet con-name enp3s0
        ===| nmcli interactive connection editor |===
        Adding a new '802-3-ethernet' connection
        Type 'help' or '?' for available commands.
        Type 'describe [<setting>.<prop>]' for detailed property description.
        You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6, dcb
        nmcli> set ipv4.routes 192.168.122.0/24 10.10.10.1
        nmcli>
        nmcli> save persistent
        Saving the connection with 'autoconnect=yes'. That might result in an immediate activation of the connection.
        Do you still want to save? [yes] yes
        Connection 'enp3s0' (1464ddb4-102a-4e79-874a-0a42e15cc3c0) successfully saved.
        nmcli> quit
        

      Using the ip Command

      NOTE: The network configuration configured using the ip command takes effect immediately, but the configuration will be lost after the system restarts.

      Configuring IP Addresses

      Run the ip command to configure an IP address for the interface. The command format is as follows, where interface-name indicates the NIC name.

      ip addr [ add | del ] address dev interface-name
      
      Configuring a Static IP Address

      Run the following command as the root user to configure an IP address:

      ip address add 192.168.0.10/24 dev enp3s0
      

      Run the following command as the root user to view the configuration result:

      $ ip addr show dev enp3s0
      2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
          link/ether 52:54:00:aa:ad:4a brd ff:ff:ff:ff:ff:ff
          inet 192.168.202.248/16 brd 192.168.255.255 scope global dynamic noprefixroute enp3s0
             valid_lft 9547sec preferred_lft 9547sec
          inet 192.168.0.10/24 scope global enp3s0
             valid_lft forever preferred_lft forever
          inet6 fe80::32e8:cc22:9db2:f4d4/64 scope link noprefixroute
             valid_lft forever preferred_lft forever
      
      Configuring Multiple IP Addresses

      The ip command can be used to assign multiple IP addresses to an interface. You can run the ip command multiple times as the root user to assign IP addresses to an interface. The following is an example:

      $ ip address add 192.168.2.223/24 dev enp4s0
      $ ip address add 192.168.4.223/24 dev enp4s0
      $ ip addr
      
      3: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
          link/ether 52:54:00:aa:da:e2 brd ff:ff:ff:ff:ff:ff
          inet 192.168.203.12/16 brd 192.168.255.255 scope global dynamic noprefixroute enp4s0
             valid_lft 8389sec preferred_lft 8389sec
          inet 192.168.2.223/24 scope global enp4s0
             valid_lft forever preferred_lft forever
          inet 192.168.4.223/24 scope global enp4s0
             valid_lft forever preferred_lft forever
          inet6 fe80::1eef:5e24:4b67:f07f/64 scope link noprefixroute
             valid_lft forever preferred_lft forever
      

      Configuring a Static Route

      To add a static route to the routing table, run the ip route add command. To delete a route, run the ip route del command. The following shows the common format of the ip route command:

      ip route [ add | del | change | append | replace ] destination-address
      

      To display the current IP routing table, run the ip route command as the root user. The following is an example:

      $ ip route
      
      default via 192.168.0.1 dev enp3s0 proto dhcp metric 100
      default via 192.168.0.1 dev enp4s0 proto dhcp metric 101
      192.168.0.0/16 dev enp3s0 proto kernel scope link src 192.168.202.248 metric 100
      192.168.0.0/16 dev enp4s0 proto kernel scope link src 192.168.203.12 metric 101
      192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
      

      To add a static route to the host address, run the following command as the root user:

      ip route add 192.168.2.1 via 10.0.0.1 [dev interface-name]
      

      In the preceding command, 192.168.2.1 is the IP address in the dot-decimal notation, 10.0.0.1 is the next hop, and interface-name is the exit interface for entering the next hop.

      To add a static route to the network, that is, an IP address that represents an IP address range, run the following command as the root user:

      ip route add 192.168.2.0/24 via 10.0.0.1 [dev interface-name]
      

      In the preceding command, 192.168.2.1 is the IP address of the target network, 10.0.0.1 is the network prefix, and interface-name is the NIC name.

      Configuring the Network Through the ifcfg File

      NOTE: The network configured in the ifcfg file does not take effect immediately. You need to run the systemctl reload NetworkManager command as the root user to restart the network service for the configuration to take effect.

      Configuring a Static Network

      The following uses the enp4s0 network interface as an example to describe how to configure a static network by modifying the ifcfg file as the root user. The ifcfg-enp4s0 file is generated in the /etc/sysconfig/network-scripts/ directory. Modify the following parameters in the file:

      TYPE=Ethernet
      PROXY_METHOD=none
      BROWSER_ONLY=no
      BOOTPROTO=none
      IPADDR=192.168.0.10
      PREFIX=24
      DEFROUTE=yes
      IPV4_FAILURE_FATAL=no
      IPV6INIT=yes
      IPV6_AUTOCONF=yes
      IPV6_DEFROUTE=yes
      IPV6_FAILURE_FATAL=no
      IPV6_ADDR_GEN_MODE=stable-privacy
      NAME=enp4s0static
      UUID=08c3a30e-c5e2-4d7b-831f-26c3cdc29293
      DEVICE=enp4s0
      ONBOOT=yes
      

      Configuring a Dynamic Network

      The following uses the em1 network interface as an example to describe how to configure a dynamic network by modifying the ifcfg file. The ifcfg-em1 file is generated in the /etc/sysconfig/network-scripts/ directory. Modify the following parameters in the file:

      DEVICE=em1
      BOOTPROTO=dhcp
      ONBOOT=yes
      

      To configure an interface to send different host names to the DHCP server, add the following content to the ifcfg file:

      DHCP_HOSTNAME=hostname
      

      To configure an interface to ignore the routes sent by the DHCP server to prevent network services from updating the /etc/resolv.conf file using the DNS server received from the DHCP server, add the following content to the ifcfg file:

      PEERDNS=no
      

      To configure an interface to use a specific DNS server, set the PEERDNS parameter to no and add the following content to the ifcfg file:

      DNS1=ip-address
      DNS2=ip-address
      

      ip-address is the IP address of the DNS server. This allows the network service to update the /etc/resolv.conf file using the specified DNS server.

      Default Gateway Configuration

      When determining the default gateway, parse the /etc/sysconfig/network file and then the ifcfg file, and uses the value of GATEWAY that is read last as the default route in the routing table.

      In a dynamic network environment, when the NetworkManager is used to manage hosts, you are advised to set the default gateway to DHCP assignment.

      Configuring a Host Name

      Introduction

      There are three types of host names: static, transient, and pretty.

      • static: Static host name, which can be set by users and saved in the /etc/hostname file.
      • transient: Dynamic host name, which is maintained by the kernel. The initial value is a static host name. The default value is localhost. The value can be changed when the DHCP or mDNS server is running.
      • pretty: Flexible host name, which can be set in any form (including special characters/blanks). Static and transient host names are subject to the general domain name restrictions.

      NOTE: Static and transient host names can contain only letters (a–z and A–Z), digits (0–9), hyphens (-), underlines (_), and periods (.). The host names cannot start or end with a period (.) or contain two consecutive periods (.). The host name can contain a maximum of 64 characters.

      Configuring a Host Name by Running the hostnamectl Command

      Viewing All Host Names

      Run the following command to view the current host name:

      hostnamectl status
      

      NOTE: If no option is specified in the command, the status option is used by default.

      Setting All Host Names

      Run the following command as the root user to set all host names:

      hostnamectl set-hostname name
      

      Setting a Specific Host Name

      Run the following command as the root user to set a specific host name:

      hostnamectl set-hostname name [option...]
      

      The option may be one or more of --pretty, --static, and --transient.

      If --static or --transient is used together with --pretty, the host names of the static or transient type will be simplified to the host names of the pretty type with spaces replaced with hyphens (-) and special characters deleted.

      When setting a host name of the pretty type, use double quotation marks if the host name contains spaces or single quotation marks. An example is as follows:

      hostnamectl set-hostname "Stephen's notebook" --pretty
      

      Clearing a Specific Host Name

      To clear a specific host name and restore it to the default format, run the following command as the root user:

      hostnamectl set-hostname "" [option...]
      

      In the preceding command, "" is a blank character string, and the option may be one or more of --pretty, --static, and --transient.

      Remotely Changing a Host Name

      To change the host name in a remote system, run the hostnamectl command as the root user with the -H or --host option.

      hostnamectl set-hostname -H [username]@hostname new_hostname
      

      In the preceding command, hostname indicates the name of the remote host to be configured, username indicates the user-defined name, and new_hostname indicates the new host name. hostnamectl is used to connect to the remote system through SSH.

      Configuring a Host Name by Running the nmcli Command

      To query a static host name, run the following command:

      nmcli general hostname
      

      To name a static host as host-server, run the following command as root user:

      nmcli general hostname host-server
      

      To enable the system to detect the change of the static host name, run the following command as the root user to restart the hostnamed service:

      systemctl restart systemd-hostnamed
      

      Configuring Network Bonding

      Running the nmcli Command

      • To create a bond named mybond0, run the following command:

        nmcli con add type bond con-name mybond0 ifname mybond0 mode active-backup
        
      • To add a slave interface, run the following command:

        nmcli con add type bond-slave ifname enp3s0 master mybond0
        

        To add another slave interface, repeat the preceding command with the new interface name:

        $ nmcli con add type bond-slave ifname enp4s0 master mybond0
        Connection 'bond-slave-enp4s0' (05e56afc-b953-41a9-b3f9-0791eb49f7d3) successfully added.
        
      • To enable a bond, run the following command to enable the slave interface first:

        $ nmcli con up bond-slave-enp3s0
        Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/14)
        
        $ nmcli con up bond-slave-enp4s0
        Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/15)
        

        Then, run the following command to enable the bond:

        $ nmcli con up mybond0
        Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/16)
        

      Configuring Network Bonding by Using a Command Line

      Checking Whether the Bonding Kernel Module Is Installed

      By default, the bonding kernel module is loaded. To load this module, run the following command as the root user:

      modprobe --first-time bonding
      

      Run the following command as the root user to display the information about the module:

      modinfo bonding
      

      For more commands, run the modprobe --help command as the root user.

      Creating a Channel Bonding Interface

      To create a channel bonding interface, you can create a file named ifcfg-bondN in the /etc/sysconfig/network-scripts/ directory as the root user (replacing N with the actual interface number, for example, 0).

      Write the corresponding content to the configuration file according to the type of the interface to be bonded, for example, network interface. An example of the interface configuration file is as follows:

      DEVICE=bond0
      NAME=bond0
      TYPE=Bond
      BONDING_MASTER=yes
      IPADDR=192.168.1.1
      PREFIX=24
      ONBOOT=yes
      BOOTPROTO=none
      BONDING_OPTS="bonding parameters separated by spaces"
      

      Creating a Slave Interface

      After creating a channel bonding interface, you must add the MASTER and SLAVE instructions to the configuration file of the slave interface.

      For example, to bind the two network interfaces enp3s0 and enp4s0 in channel mode, the configuration files are as follows:

      TYPE=Ethernet
      NAME=bond-slave-enp3s0
      UUID=3b7601d1-b373-4fdf-a996-9d267d1cac40
      DEVICE=enp3s0
      ONBOOT=yes
      MASTER=bond0
      SLAVE=yes
      
      TYPE=Ethernet
      NAME=bond-slave-enp4s0
      UUID=00f0482c-824f-478f-9479-abf947f01c4a
      DEVICE=enp4s0
      ONBOOT=yes
      MASTER=bond0
      SLAVE=yes
      

      Activating Channel Bonding

      To activate channel bonding, you need to enable all the slave interfaces. Run the following command as the root user:

      $ ifup enp3s0
      Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7)
      
      $ ifup enp4s0
      Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8)
      

      NOTE: If an interface is in up state, run the ifdown enp3s0 command to change the state to down. In the command, enp3s0 indicates the actual NIC name.

      After that, enable all the slave interfaces to enable the bonding (do not set them to Down).

      To enable the NetworkManager to detect the modifications made by the system, run the following command as the root user after each modification:

      nmcli con load /etc/sysconfig/network-scripts/ifcfg-device
      

      Run the following command as the root user to check the status of the bonded interface:

      $ ip link show
      
      1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
          link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
      2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
          link/ether 52:54:00:aa:ad:4a brd ff:ff:ff:ff:ff:ff
      3: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
          link/ether 52:54:00:aa:da:e2 brd ff:ff:ff:ff:ff:ff
      4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
          link/ether 86:a1:10:fb:ef:07 brd ff:ff:ff:ff:ff:ff
      5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN mode DEFAULT group default qlen 1000
          link/ether 52:54:00:29:35:4c brd ff:ff:ff:ff:ff:ff
      

      Creating Multiple Bondings

      The system creates a channel bonding interface for each bonding, including the BONDING_OPTS instruction. This configuration method allows multiple bonded devices to use different configurations. Perform the following operations to create multiple channel bonding interfaces:

      • Create multiple ifcfg-bondN files that contain the BONDING_OPTS instruction so that network scripts can create bonding interfaces as required.
      • Create or edit the existing interface configuration file to be bonded, and add the SLAVE instruction.
      • Use the MASTER instruction to assign the interface to be bonded, that is, the slave interface, to the channel bonding interface.

      The following is an example of the configuration file of a channel bonding interface:

      DEVICE=bondN
      NAME=bondN
      TYPE=Bond
      BONDING_MASTER=yes
      IPADDR=192.168.1.1
      PREFIX=24
      ONBOOT=yes
      BOOTPROTO=none
      BONDING_OPTS="bonding parameters separated by spaces"
      

      In this example, replace N with the number of the bonded interface. For example, to create two interfaces, you need to create two configuration files ifcfg-bond0 and ifcfg-bond1 with correct IP addresses.

      IPv6 Differences (vs IPv4)

      Restrictions

      • chrony supports global addresses but not link-local addresses.
      • Firefox supports the access to the global address through HTTP or HTTPS, but does not support the access to the link-local address.

      Configuration Description

      Setting the MTU of an Interface Device

      Overview

      In an IPv6 scenario, the minimum MTU value of the entire routing path is used as the PMTU value of the current link. The source end determines whether to fragment packets based on the PMTU value. Other devices on the entire path do not need to fragment packets. This reduces the load of intermediate routing devices. The minimum value of IPv6 PMTU is 1280.

      Setting the MTU of the Interface Device

      If the MTU of an interface configured with an IPv6 address is set to a value smaller than 1280 (the minimum value of the IPv6 PMTU), the IPv6 address of the interface will be deleted and cannot be added again. Therefore, in IPv6 scenarios, the MTU of the interface device must be greater than or equal to 1280. Run the following commands as the root user to view the details:

      $ ip addr show enp3s0
      3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
          link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx
          inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0
             valid_lft 38663sec preferred_lft 38663sec
          inet6 2001:222::2/64 scope global
             valid_lft forever preferred_lft forever
      
      $ ip link set dev enp3s0 mtu 1200
      $ ip addr show enp3s0
      3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1200 qdisc pfifo_fast state UP group default qlen 1000
          link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx
          inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0
             valid_lft 38642sec preferred_lft 38642sec
      
      $ ip addr add 2001:222::2/64 dev enp3s0
      RTNETLINK answers: No buffer space available
      
      $ ip link set dev enp3s0 mtu 1500
      $ ip addr show enp3s0
      3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
          link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx
          inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0
             valid_lft 38538sec preferred_lft 38538sec
      
      $ ip addr add 2001:222::2/64 dev enp3s0
      $ ip addr show enp3s0
      3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
          link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx
          inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0
             valid_lft 38531sec preferred_lft 38531sec
          inet6 2001:222::2/64 scope global
             valid_lft forever preferred_lft forever
      

      Stateful IPv6 Address Autoconfiguration

      Overview

      Both IPv6 and IPv4 addresses can be obtained through DHCP as the root user. There are configuration methods for IPv6 address: stateless autoconfiguration and stateful autoconfiguration.

      • Stateless autoconfiguration

        The DHCP server is not required for management. The device obtains the network prefix according to the router advertisement (RA), or the prefix of a link-local address is fixed to fe80::. The interface ID is automatically obtained based on the value of IPV6_ADDR_GEN_MODE in the ifcfg file.

        1. If the value of IPv6_ADDR_GEN_MODE is stable-privacy, the device determines a random interface ID based on the device and network environment.
        2. If the value of IPv6_ADDR_GEN_MODE is EUI64, the device determines the interface ID based on the device MAC address.
      • Stateful autoconfiguration: The DHCP server manages and leases IPv6 addresses from the DHCPv6 server base on the DHCPv6 protocol.

        In stateful autoconfiguration, the DHCPv6 server can classify clients based on the vendor class configured on the clients and assign IPv6 addresses in different address segments to different types of clients. In IPv4 scenarios, the client can use the -V option of the dhclient command to set the vendor-class-identifier field. The DHCP server classifies clients based on the vendor-class-identifier field in the configuration file. In IPv6 scenarios, if the same method is used to classify clients, the classification does not take effect.

        dhclient -6 <interface> -V <vendor-class-identifier string> <interface>
        

        This is because DHCPv6 differs greatly from DHCP. The vendor-class-option in DHCPv6 replaces the vendor-class-identifier in DHCP. However, the -V option of dhclient cannot be set to vendor-class-option.

      Setting the vendor class for dhclient in Stateful IPv6 Address Autoconfiguration
      • On the client, add the setting of vendor class by using the configuration file.

        Client configuration file (/etc/dhcp/dhclient6.conf): The file location can be customized. You need to specify the configuration file using the dhclient -cf option.

        option dhcp6.vendor-class code 16 = {integer 32, integer 16, string};
        interface "enp3s0" {
                send dhcp6.vendor-class <Enterprise-ID number> <vendor class string length> <vendor class string>;
        }
        

        NOTE:

        • <Enterprise-ID number>: a 32-digit integer, indicating the enterprise ID. The enterprise is registered through the IANA.
        • <vendor class string length>: a 16-digit integer, indicating the length of the vendor class string.
        • <vendor class string>: character string of the vendor class to be set, for example, HWHW.

        On the client:

        dhclient -6 <interface> -cf /etc/dhcp/dhclient6.conf
        
      • The DHCPv6 server configuration file (/etc/dhcp/dhcpd6.conf) needs to be specified by the dhcpd -cf option.

        option dhcp6.vendor-class code 16 = {integer 32, integer 16, string};
        subnet6 fc00:4:12:ffff::/64 {
                class "hw" {
                        match if substring ( option dhcp6.vendor-class, 6, 10 ) = "HWHW";
                }
                pool6 {
                        allow members of "hw";
                        range6 fc00:4:12:ffff::ff10 fc00:4:12:ffff::ff20;
                }
                pool6 {
                        allow unknown clients;
                        range6 fc00:4:12:ffff::100 fc00:4:12:ffff::120;
                }
        }
        

        NOTE: In substring (option dhcp6.vendor-class, 6, 10), the start position of the substring is 6, because the substring contains four bytes of <Enterprise-ID number> and two bytes of <string length>. The end position of the substring is 6+<vendor class string length>. In this example, the vendor class string is HWHW, and the length of the string is 4. Therefore, the end position of the substring is 6 + 4 = 10. You can specify <vendor class string> and <vendor class string length> as required.

        On the server:

        dhcpd -6 -cf /etc/dhcp/dhcpd6.conf <interface>
        
      Overview

      The length of an IPv6 address is extended to 128 bits, indicating that there are sufficient IPv6 addresses for allocation. Compared with the IPv4 header, the IPv6 header is simplified, and the IPv6 automatic configuration function is enhanced. IPv6 addresses are classified into unicast addresses, multicast addresses, and anycast addresses. Common unicast addresses include link-local addresses, unique local addresses, and global addresses. As there are sufficient global IPv6 addresses, unique local addresses are not used. (formerly known as site-local addresses, which were discarded in 2004.) Currently, the mainstream unicast addresses are link-local address and global address. The current kernel supports socket system invoking. The link-local address and global address using unicast addresses are different.

      RFC 2553: Basic Socket Interface Extensions for IPv6 defines the sockaddr_in6 data structure as follows:

      struct sockaddr_in6 {     
          uint8_t         sin6_len;       /* length of this struct */     
          sa_family_t     sin6_family;    /* AF_INET6 */     
          in_port_t       sin6_port;      /* transport layer port # */     
          uint32_t        sin6_flowinfo;  /* IPv6 flow information */     
          struct in6_addr sin6_addr;      /* IPv6 address */     
          uint32_t        sin6_scope_id;  /* set of interfaces for a scope */ 
      }; 
      

      NOTE: sin6_scope_id: a 32-bit integer. For the link-local address, it identifies the index of the specified interface. For the link-range sin6_addr, it identifies the index of the specified interface. For the site-range sin6_addr, it is used as the site identifier (the site-local address has been discarded).

      When the link-local address is used for socket communication, the interface index corresponding to the address needs to be specified when the destination address is constructed. Generally, you can use the if_nametoindex function to convert an interface name into an interface index number. Details are as follows:

      int port = 1234;
      int sk_fd;
      int iff_index = 0;
      char iff_name[100] = "enp3s0";
      char * ll_addr[100] = "fe80::123:456:789";
      struct sockaddr_in6 server_addr;
      
      memset(&server_addr,0,sizeof(structsockaddr_in6));
      iff_index=if_nametoindex(iff_name);
      
      server_addr.sin6_family=AF_INET6;
      server_addr.sin6_port=htons(port);
      server_addr.sin6_scope_id=iff_index;
      inet_pton(AF_INET6, ll_addr, &(server_addr.sin6_addr));
      
      sk_fd=socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP);
      connect(sk_fd, (struct sockaddr *)&server_addr, sizeof(struct sockaddr_in6));
      

      Persistency Configuration of the IPv4 dhclient Daemon Process

      Overview

      When the NetworkManager service is used to manage network services, if the ifcfg-<interface-name> configuration file of an interface is configured to obtain an IP address in DHCP mode, the NetworkManager service starts the dhclient daemon process to obtain an IP address from the DHCP server.

      The dhclient provides the -1 option to determine whether the dhclient process persistently attempts to request an IP address or exits after the request times out before receiving a response from the DHCP server. For the IPv4 dhclient daemon process, you can set PERSISTENT_DHCLIENT in the ifcfg-<interface-name> configuration file to determine whether to set the persistence of the IPv4 dhclient process.

      Restrictions
      1. If the ongoing dhclient process is killed, the network service cannot automatically start it. Therefore, you need to ensure the reliability.
      2. If PERSISTENT_DHCLIENT is configured, ensure that the corresponding DHCP server exists. If no DHCP server is available when the network service is started and the dhclient process continuously attempts to send request packets but does not receive any response, the network service is suspended until the network service times out. The network service starts the IPv4 dhclient processes of multiple NICs in serial mode. If persistency is configured for a NIC but the DHCP server is not ready, the network service will be suspended when obtaining an IPv4 address for the NIC. As a result, the NIC cannot obtain an IPv4 or IPv6 address.

      The preceding restrictions apply to special scenarios. You need to ensure reliability.

      Configuration Differences Between IPv4 DHCP and IPv6 DHCPv6

      You can configure the ifcfg-<interface-name> parameter on an interface to enable IPv4 and IPv6 to dynamically obtain IP addresses using DHCP or DHCPv6. The configuration is as follows:

      BOOTPROTO=none|bootp|dhcp
      DHCPV6C=yes|no
      PERSISTENT_DHCLIENT=yes|no|1|0
      
      • BOOTPROTO: none indicates that an IPv4 address is statically configured. bootp|dhcp enables DHCP dhclient to dynamically obtain an IPv4 address.

      • DHCPV6C: no indicates that an IPv6 address is statically configured, and yes indicates that the DHCPv6 dhclient is enabled to dynamically obtain the IPv6 address.

      • PERSISTENT_DHCLIENT: no|0 indicates that the IPv4 dhclient process is configured as nonpersistent. If the dhclient sends a request packet to the DHCP server but does not receive any response, the dhclient exits after a period of time and the exit value is 2. yes|1 indicates that the IPv4 dhclient process is configured to be persistent. The dhclient process repeatedly sends request packets to the DHCP server. If PERSISTENT_DHCLIENT is not configured, dhclient of IPv4 is set to yes|1 by default.

        NOTE: The PERSISTENT_DHCLIENT configuration takes effect only for IPv4 and does not take effect for IPv6-related dhclient -6 processes. By default, the persistence configuration is not performed for IPv6.

      Differences Between IPv4 and IPv6 Configuration Using the iproute Command

      Overview

      IPv4 and IPv6 are two different protocol standards. Therefore, the iproute commands are different in usage. This section describes the differences between IPv4 and IPv6 commands in the iproute package.

      To run the iproute commands, you must have the root permission.

      Lifecycle of an IPv6 Address
      IPv6 statusDescription
      tentativeTemporary state: The newly added address is still in the DAD process.
      preferredPreferred state: The DAD process is complete, but no NA packet is received, indicating that the address does not conflict.
      deprecatedDeprecated state: An address has a validity period (valid_lft or preferred_lft). After preferred_lft expires, the address changes to the deprecated state.
      The address in this state cannot be used to create a new connection, but the original connection can still be used.
      invalidInvalid state: If the lease renewal fails after the preferred_lft time expires, the address status is set to invalid after the valid_lft time expires, indicating that the address cannot be used again.

      Remarks:

      • preferred_lft: preferred lifetime. The preferred_lft address has not expired and can be used for normal communication. If there are multiple preferred addresses, the address is selected based on the kernel mechanism.
      • valid_lft: valid lifetime. The address cannot be used for creating new connections within the period of [preferred_lft, valid_lft]. The existing connections are still valid.

      The commands are as follows:

      ip link set IFNAME mtu MTU
      

      The minimum PMTU of IPv6 is 1280. If the MTU is set to a value smaller than 1280, IPv6 addresses will be lost. Other devices cannot ping the IPv6 address.

      Command ip addr
      1. The commands are as follows:

        ip [-6] addr add IFADDR dev IFNAME
        

        You can choose to add the -6 option or not to add the IPv6 address. The ip addr command determines whether the address is an IPv4 address or an IPv6 address based on the address type.

        If the -6 option is specified but IFADDR is an IPv4 address, an error message is returned.

      2. The commands are as follows:

        ip [-6] addr add IFADDR  dev IFNAME [home|nodad]
        

        [home|nodad] is valid only for IPv6 addresses.

        • home: specifies the home address defined in RFC 6275. (This address is obtained by the mobile node from the home link, and is a permanent address of the mobile node. If the mobile node remains in the same home link, communication between various entities is performed normally.)
        • nodad: indicates that DAD is not performed when this IPv6 address is added. (RFC 4862) If multiple interfaces on a device are configured with the same IPv6 address through nodad, the IPv6 address is used in the interface sequence. An IPv6 address with both nodad and non-nodad cannot be added the same interface because the two IP addresses are the same. Otherwise, the message "RTNETLINK answers: File exists" is displayed.
      3. The commands are as follows:

        ip [-6] addr del IFADDR dev IFNAME
        

        You can choose to add the -6 option or not to delete an IPv6 address. The ip addr del command determines whether an IPv4 address or an IPv6 address is used based on the address type.

      4. The commands are as follows:

        ip [-6] addr show dev IFNAME [tentative|-tentative|deprecated|-deprecated|dadfailed|-dadfailed|temporary]
        
        • If the -6 option is not specified, both IPv4 and IPv6 addresses are displayed. If the -6 option is specified, only IPv6 addresses are displayed.
        • [tentative|-tentative|deprecated|-deprecated|dadfailed|-dadfailed|temporary]. These options are only for IPv6. You can filter and view addresses based on the IPv6 address status.
          1. tentative: (only for IPv6) lists only the addresses that have not passed duplicate address detection (DAD).
          2. -tentative: (only for IPv6) lists only the addresses that are not in the DAD process.
          3. deprecated: (only for IPv6) lists only the deprecated addresses.
          4. -deprecated: (only for IPv6) lists only the addresses that are not deprecated.
          5. dadfailed: (only for IPv6) lists only the addresses that fail the DAD.
          6. -dadfailed: (only for IPv6) lists only the addresses that do not encounter DAD failures.
          7. temporary: (only for IPv6) lists only the temporary addresses.
      Command ip route
      1. The commands are as follows:

        ip [-6] route add ROUTE [mtu lock MTU]
        
        • -6 option: You can add the -6 option or not when adding an IPv6 route. The ip route command determines whether an IPv4 or IPv6 address is used based on the address type.

        • mtu lock MTU: specifies the MTU of the locked route. If the MTU is not locked, the MTU value may be changed by the kernel during the PMTUD process. If the MTU is locked, PMTUD is not attempted. All IPv4 packets are not set with the DF bit and IPv6 packets are segmented based on the MTU.

      2. The commands are as follows:

        ip [-6] route del ROUTE
        

        You can choose whether to add the -6 option when deleting an IPv6 route. The ip route command determines whether an IPv4 address or an IPv6 address is used based on the address type.

      Command ip rule
      1. The commands are as follows:

        ip [-6] rule list
        

        -6 option: If the -6 option is set, IPv6 policy-based routes are printed. If the -6 option is not set, IPv4 policy-based routes are printed. Therefore, you need to configure the -6 option according to the specific protocol type.

      2. The commands are as follows:

        ip [-6] rule [add|del] [from|to] ADDR table TABLE pref PREF
        

        -6 option: IPv6-related policy routing entries need to be configured with the -6 option. Otherwise, the error message "Error: Invalid source address." is displayed. Accordingly, the -6 option cannot be set for IPv4-related policy routing entries. Otherwise, the error message "Error: Invalid source address." is displayed.

      Configuration Differences of the NetworkManager Service

      Overview

      The NetworkManager service uses the ifup/ifdown logical interface definition to perform advanced network settings. Most of the parameters are set in the /etc/sysconfig/network and /etc/sysconfig/network-scripts/ifcfg-<interface-name> configuration files. The former is a global setting, and the latter is a setting of a specified NIC. When the two settings conflict, the latter takes effect.

      Configuration Differences

      The configuration differences in /etc/sysconfig/network are as follows:

      IPv4IPv6Description
      NAIPV6FORWARDING=yes/noIPv6 forwarding. By default, IPv6 packets are not forwarded.
      NAIPV6_AUTOCONF=yes/noIf IPv6 forwarding is enabled, the value is no. Otherwise, the value is yes.
      NAIPV6_ROUTER=yes/noIf IPv6 forwarding is enabled, the value is yes. Otherwise, the value is no.
      NAIPV6_AUTOTUNNEL=yes/noIndicates the automatic tunnel mode. The default value is no.
      GATEWAYIPV6_DEFAULTGW=<IPv6 address[%interface]> (optional)Indicates the default gateway in IPv6.
      NAIPV6_DEFAULTDEV= (optional)Specifies the default forwarding NIC.
      NAIPV6_RADVD_PIDFILE= (optional)The default path of ipv6_radvd_pid is /var/run/radvd/radvd.pid.
      NAIPV6_RADVD_TRIGGER_ACTION=startstopreload

      The differences in /etc/sysconfig/network-scripts/ifcfg-<interface-name> are as follows:

      IPv4IPv6Description
      IPADDRIPV6ADDR=[/]indicates the IP address.
      PREFIXNAThe network prefix, network alias, and PPP are invalid. The priority is higher than that of NETMASK.
      NETMASKNAIndicates the subnet mask. It is used only for the alias and PPP.
      GATEWAYIPV6_DEFAULTGW=<IPv6 address[%interface]> (optional)Default gateway
      MTUIPV6_MTU= (optional)Default MTU
      IPV4_FAILURE_FATAL=yes/noIPV6_FAILURE_FATALThe default value is no. If this parameter is set to yes, ifup-eth exits when dhclient fails.
      NAIPV6_PRIVACY=rfc3041Disabled by default.
      NAIPV6INIT=yes/noIPv6 is enabled by default.
      NAIPV6FORWARDING=yes/noThis function is disabled by default and has been discarded.

      FAQs

      The iscsi-initiator-utils Does Not Support the fe80 IPv6 Address

      Symptom

      When a client uses an IPv6 address to log in to the iSCSI server, run the iscsiadm -m node -p ipv6address -l command. If the global address is used, replace ipv6address in the command example with the global address. However, the link-local address (IPv6 address starting with fe80) cannot be used because the current mechanism of iscsi-initiator-utils does not support the link-local address to log in to the iSCSI server.

      Possible Cause

      If you log in to the system using the iscsiadm -m node -p fe80::xxxx -l format, a login timeout error is returned. This is because you must specify an interface when using the link-local address. Otherwise, the iscsi_io_tcp_connect function fails to invoke the connect function, and the standard error code 22 is generated.

      If you use the iscsiadm -m node -p fe80::xxxx%enp3s0 -l format for login, the iscsi_addr_match function will compare the address fe80::xxxx%enp3s0 with the address fe80::xxxx in the node information returned by the server. The comparison result does not match, causing the login failure.

      Therefore, the current mechanism of iscsi-initiator-utils does not support login to the iSCSI server using a link-local address.

      The IPv6 Address Is Lost After the NIC Is Down

      Symptom

      Run the ip link down+up NIC or ifconfig down+up NIC command to disable the NIC and then enable it to go online. Check the IP address configured on the NIC. It is found that the IPv4 address is not lost but the configured IPv6 address is lost.

      Possible Cause

      According to the processing logic in the kernel, if the NIC is set to the down state, all IPv4 and IPv6 addresses will be cleared. After the NIC is set to the up state, the IPv4 address is automatically restored, and the automatically configured IPv6 link-local address on the NIC is also restored. However, other IPv6 addresses are lost by default. To retain these IPv6 addresses, run the sysctl -w net.ipv6.conf.< NIC name >.keep_addr_on_down=1 command.

      Taking a Long Time to Add or Delete an IPv6 Address for a Bond Interface with Multiple IPv6 Addresses

      Symptom

      When users run the following command to add or delete (including flush) an IPv6 address, the waiting time increases linearly along with the number of IPv6 addresses configured on a bond interface. X is the least significant 16 bits that dynamically change. For example, it takes about five minutes to add 3000 IPv6 address to or delete them from a bond interface that already has four physical NICs using a single thread, while for a common physical NIC, it takes less than 10 seconds.

      ip a add/del 192:168::18:X/64 dev DEVICE
      
      Possible Cause

      When an IPv6 address is added to a bond interface, the IPv6 multicast address is generated and synchronized to all physical NICs. The time required increases with the number of IPv6 addresses. As a result, it takes a too long time.

      Solution

      The IPv6 multicast address is generated by combining the least significant 24 bits of the IPv6 address and 33-33-ff. If there are too many multicast addresses, it takes a long time to add or delete the address. If there are a few multicast addresses, the time required is not affected.

      It is recommended that you set the least significant 24 bits of the IPv6 address to be the same as the most significant 24 bits of the IPv6 address. In this way, a single NIC can communicate with external devices using only one IP address in a network segment.

      Rsyslog Log Transmission Is Delayed in the Scenario Where Both IPv4 and IPv6 Are Used

      Symptom

      When both IPv4 and IPv6 addresses are configured in the configuration file of the rsyslog client and the port configurations are the same, there is a possibility that log output is delayed when the server collects logs.

      Possible Cause

      The delay is caused by the buffer queue mechanism of rsyslog. By default, rsyslog writes data to a file only when the number of buffer queues reaches a specified value.

      Solution

      You can disable the buffer queue mechanism by configuring the Direct mode as the root user. Add the following information at the beginning of the new remote transmission configuration file in the /etc/rsyslog.d directory on the rsyslog remote transmission server:

      $ActionQueueType Direct
      $MainMsgQueueType Direct
      

      NOTE:

      • In direct mode, the queue size is reduced by 1. Therefore, one log is reserved in the queue for the next log output.
      • The direct mode degrades the rsyslog performance of the server.

      Bug Catching

      Buggy Content

      Bug Description

      Submit As Issue

      It's a little complicated....

      I'd like to ask someone.

      PR

      Just a small problem.

      I can fix it online!

      Bug Type
      Specifications and Common Mistakes

      ● Misspellings or punctuation mistakes;

      ● Incorrect links, empty cells, or wrong formats;

      ● Chinese characters in English context;

      ● Minor inconsistencies between the UI and descriptions;

      ● Low writing fluency that does not affect understanding;

      ● Incorrect version numbers, including software package names and version numbers on the UI.

      Usability

      ● Incorrect or missing key steps;

      ● Missing prerequisites or precautions;

      ● Ambiguous figures, tables, or texts;

      ● Unclear logic, such as missing classifications, items, and steps.

      Correctness

      ● Technical principles, function descriptions, or specifications inconsistent with those of the software;

      ● Incorrect schematic or architecture diagrams;

      ● Incorrect commands or command parameters;

      ● Incorrect code;

      ● Commands inconsistent with the functions;

      ● Wrong screenshots.

      Risk Warnings

      ● Lack of risk warnings for operations that may damage the system or important data.

      Content Compliance

      ● Contents that may violate applicable laws and regulations or geo-cultural context-sensitive words and expressions;

      ● Copyright infringement.

      How satisfied are you with this document

      Not satisfied at all
      Very satisfied
      Submit
      Click to create an issue. An issue template will be automatically generated based on your feedback.
      Bug Catching
      编组 3备份