109.2 Lesson 1

Network interface is the term by which the operating system refers to the communication channel configured to work with the network hardware attached to the system, such as an ethernet or wi-fi device. The exception to this is the loopback interface, which the operating system uses when it needs to establish a connection with itself, but the main purpose of a network interface is to provide a route through which local data can be sent and remote data can be received. Unless the network interface is properly configured, the operating system will not be able to communicate with other machines in the network.

For most cases, the correct interface settings are either defined by default or customized during the installation of the operating system. Nevertheless, these settings often need to be inspected or even modified when the communication isn’t working properly or when the interface’s behavior requires customization.

There are many Linux commands to list which network interfaces are present on the system, but not all of them are available in all distributions. Command ip, however, is part of the basic set of networking tools bundled with all Linux distributions and can be used to list the network interfaces. The complete command to show the interfaces is ip link show:

If available, command nmcli device can also be used:

The commands shown in the examples do not modify any settings in the system, so they can be executed by an unprivileged user. Both commands list two network interfaces: lo (the loopback interface) and enp3s5 (an ethernet interface).

Desktops and laptops running Linux usually have two or three predefined network interfaces, one for the loopback virtual interface and the others assigned to the network hardware found by the system. Servers and network appliances running Linux, on the other hand, may have tens of network interfaces, but the same principles apply to all of them. The abstraction provided by the operating system allows for the setup of network interfaces using the same methods, regardless of the underlying hardware.

However, knowing the details about the underlying hardware of an interface can be useful to better understand what is going on when the communication is not working as expected. In a system where many network interfaces are available, it could not be obvious which one corresponds to the wi-fi and which one corresponds to the ethernet, for example. For this reason, Linux uses an interface naming convention that helps identify which network interface corresponds to which device and port.

Older Linux distributions named ethernet network interfaces as eth0, eth1, etc., numbered according to the order in which the kernel identifies the devices. The wireless interfaces were named wlan0, wlan1, etc. This naming convention, however, does not clarify which specific ethernet port matches with the interface eth0, for example. Depending on how the hardware was detected, it was even possible for two network interfaces to swap names after a reboot.

To overcome this ambiguity, more recent Linux systems employ a predictable naming convention for network interfaces, making up a closer relationship between the interface name and the underlying hardware connection.

In Linux distributions that use the systemd naming scheme, all interface names start with a two-character prefix that signifies the interface type:

From higher to lower priority, the following rules are used by the operating system to name and number the network interfaces:

It is correct to assume, for example, that the network interface enp3s5 was so named because it did not fit the first two naming methods, so its address in the corresponding bus and slot was used instead. The device address 03:05.0, found in the output of the lspci command, reveals the associate device:

Network interfaces are created by the Linux kernel itself, but there are many commands that can be used to interact with them. Normally, the configuration happens automatically and there is no need to change the settings manually. Nonetheless, with the name of the interface, it is possible to tell the kernel how to proceed in configuring it if necessary.

Over the years, several programs have been developed to interact with the networking features provided by the Linux kernel. Although the old ifconfig command can still be used to do simple interface configurations and queries, it is now deprecated due to its limited support of non-ethernet interfaces. The ifconfig command was superseded by the command ip, which is capable of managing many other aspects of TCP/IP interfaces, like routes and tunnels.

The many capabilities of the ip command can be overkill for most ordinary tasks, so there are auxiliary commands to facilitate the activation and configuration of the network interfaces. Commands ifup and ifdown may be used to configure network interfaces based on interface definitions found in the file /etc/network/interfaces. Although they can be invoked manually, these commands are normally executed automatically during system boot.

All network interfaces managed by ifup and ifdown should be listed in the /etc/network/interfaces file. The format used in the file is straightforward: lines beginning with the word auto are used to identify the physical interfaces to be brought up when ifup is executed with the -a option. The interface name should follow the word auto on the same line. All interfaces marked auto are brought up at boot time, in the order they are listed.

The actual interface configuration is written in another line, starting with the word iface, followed by the interface name, the name of the address family that the interface uses and the name of the method used to configure the interface. The following example shows a basic configuration file for interfaces lo (loopback) and enp3s5:

The address family should be inet for TCP/IP networking, but there is also support for IPX networking (ipx), and IPv6 networking (inet6). Loopback interfaces use the loopback configuration method. With the dhcp method, the interface will use the IP settings provided by the network’s DHCP server. The settings from the example configuration allow the execution of command ifup using interface name enp3s5 as its argument:

In this example, the method chosen for the enp3s5 interface was dhcp, so the command ifup called a DHCP client program to obtain the IP settings from the DHCP server. Likewise, command ifdown enp3s5 can be used to turn the interface off.

In networks without a DHCP server, the static method could be used instead and the IP settings provided manually in /etc/network/interfaces. For example:

Interfaces using the static method do not need a corresponding auto directive, as they are brought up whenever the network hardware is detected.

If the same interface has more than one iface entry, then all of the configured addresses and options will be applied when bringing up that interface. This is useful to configure both IPv4 and IPv6 addresses on the same interface, as well as to configure multiple addresses of the same type on a single interface.

A working TCP/IP setup is just the first step towards full network usability. In addition to being able to identify nodes on the network by their IP numbers, the system must be able to identify them with names more easily understood by human beings.

The name by which the system identifies itself is customizable and it is good practice to define it, even if the machine is not intended to join a network. The local name often matches the network name of the machine, but this isn’t necessarily always true. If the file /etc/hostname exists, the operating system will use the contents of the first line as its local name, thereafter simply called the hostname. Lines starting with # inside /etc/hostname are ignored.

The /etc/hostname file can be edited directly, but the machine’s hostname can also be defined with the hostnamectl command. When supplied with sub-command set-hostname, command hostnamectl will take the name given as an argument and write it in /etc/hostname:

The hostname defined in /etc/hostname is the static hostname, that is, the name which is used to initialize the system’s hostname at boot. The static hostname may be a free-form string up to 64 characters in length. However, it is recommended that it consists only of ASCII lower-case characters and no spaces or dots. It should also limit itself to the format allowed for DNS domain name labels, even though this is not a strict requirement.

Command hostnamectl can set two other types of hostnames in addition to the static hostname:

If neither the --pretty nor --transient option is used, then all three hostname types will be set to the given name. To set the static hostname, but not the pretty and transient names, the option --static should be used instead. In all cases, only the static hostname is stored in the /etc/hostname file. Command hostnamectl can also be used to display various descriptive and identity bits of information about the running system:

This is the default action of the hostnamectl command, so the status sub-command can be omitted.

Regarding the name of the remote network nodes, there are two basic ways the operating system can implement to match names and IP numbers: to use a local source or to use a remote server to translate names into IP numbers and vice versa. The methods can be complementary to each other and their priority order is defined in the Name Service Switch configuration file: /etc/nsswitch.conf. This file is used by the system and applications to determine not only the sources for name-IP matches, but also the sources from which to obtain name-service information in a range of categories, called databases.

The hosts database keeps track of the mapping between host names and host numbers. The line inside /etc/nsswitch.conf beginning with hosts defines the services accountable for providing the associations for it:

In this example entry, files and dns are the service names that specify how the lookup process for host names will work. First, the system will look for matches in local files, then it will ask the DNS service for matches.

The local file for the hosts database is /etc/hosts, a simple text file that associates IP addresses with hostnames, one line per IP address, e.g.:

The IP number 127.0.0.1 is the default address for the loopback interface, hence its association with the localhost name.

It is also possible to bind optional aliases to the same IP. Aliases can provide alternate spellings, shorter hostnames and should be added at the end of the line, for example:

The formatting rules for the /etc/hosts file are:

IPv6 addresses may also be added to /etc/hosts. The following entry refers to the IPv6 loopback address:

Following the files service specification, the dns specification tells the system to ask a DNS service for the desired name/IP association. The set of routines responsible for this method is called the resolver and its configuration file is /etc/resolv.conf. The following example shows a generic /etc/resolv.conf containing entries for Google’s public DNS servers:

As shown in the example, the nameserver keyword indicates the IP address of the DNS server. Only one nameserver is required, but up to three nameservers can be given. The supplementary ones will be used as a fallback. If no nameserver entries are present, the default behaviour is to use the name server on the local machine.

The resolver can be configured to automatically add the domain to names before consulting them on the name server. For example:

The domain entry sets mydomain.org as the local domain name, so queries for names within this domain will be allowed to use short names relative to the local domain. The search entry has a similar purpose, but it accepts a list of domains to try when a short name is provided. By default, it contains only the local domain name.