109.3 Lesson 1

Certificate:

LPIC-1

Version:

5.0

Topic:

109 Networking Fundamentals

Objective:

109.3 Basic network troubleshooting

Lesson:

1 of 2

Introduction

Linux has very flexible and powerful network capabilities. In fact, Linux based operating systems are often used on common network devices, including expensive commercial equipment. Linux networking could be a certification in itself. With this mind, this lesson is only going to cover a few basic configuration and troubleshooting tools.

Be sure to review the lessons on internet protocols and persistent network configuration prior to this lesson. Within this lesson, we will be covering tools to configure and troubleshoot IPv4 and IPv6 networking.

While not an official objective, packet sniffers such as tcpdump are useful troubleshooting tools. Packet sniffers allow you to view and record packets coming into or out of a network interface. Tools such as hex viewers and protocol analyzers can be used to view these packets in more detail than a packet sniffer will typically allow. It wouldn’t hurt to at least be aware of such programs.

About the `ip` Command

The ip command is a fairly recent utility used to view and configure just about anything relating to network configurations. This lesson covers some of the most used subcommands of ip, but it barely scratches the surface of what is available. Learning to read the documentation will help you be much more efficient with it.

Each subcommand of ip has its own man page. The SEE ALSO section of the ip man page has a list of them:

$ man ip
...
SEE ALSO
       ip-address(8), ip-addrlabel(8), ip-l2tp(8), ip-link(8), ip-maddress(8),
       ip-monitor(8), ip-mroute(8), ip-neighbour(8), ip-netns(8), ip-
       ntable(8), ip-route(8), ip-rule(8), ip-tcp_metrics(8), ip-token(8), ip-
       tunnel(8), ip-xfrm(8)
       IP Command reference ip-cref.ps
...

Instead of looking at this every time you need the man page, simply add - and the name of the subcommand to ip, e.g. man ip-route.

Another source of information is the help function. To view the built-in help, add help after the subcommand:

$ ip address help
Usage: ip address {add|change|replace} IFADDR dev IFNAME [ LIFETIME ]
                                                      [ CONFFLAG-LIST ]
       ip address del IFADDR dev IFNAME [mngtmpaddr]
       ip address {save|flush} [ dev IFNAME ] [ scope SCOPE-ID ]
                            [ to PREFIX ] [ FLAG-LIST ] [ label LABEL ] [up]
       ip address [ show [ dev IFNAME ] [ scope SCOPE-ID ] [ master DEVICE ]
                         [ type TYPE ] [ to PREFIX ] [ FLAG-LIST ]
                         [ label LABEL ] [up] [ vrf NAME ] ]
       ip address {showdump|restore}
IFADDR := PREFIX | ADDR peer PREFIX
...

Netmask and Routing Review

IPv4 and IPv6 are what are known as routed or routable protocols. This means they are designed in a way that make it possible for network designers to control traffic flow. Ethernet is not a routable protocol. This means that if you were to connect a bunch of devices together using nothing but Ethernet, there is very little you can do to control the flow of network traffic. Any measures to control traffic would end up similar to current routable and routing protocols.

Routable protocols allow network designers to segment networks to reduce the processing requirements of connectivity devices, provide redundancy, and manage traffic.

IPv4 and IPv6 addresses have two sections. The first set of bits make up the network section while the second set make up the host portion. The number of bits that make up the network portion are determined by the netmask (also called subnet mask). Sometimes it will also be referred to as the prefix length. Regardless of what it is called, it is the number of bits that the machine treats as the network portion of the address. With IPv4, sometimes this is specified in dotted decimal notation.

Below is an example using IPv4. Notice how the binary digits maintain their place value in the octets even when it is divided by the netmask.

192.168.130.5/20

          192      168      130      5
          11000000 10101000 10000010 00000101

20 bits = 11111111 11111111 11110000 00000000

Network = 192.168.128.0
Host    = 2.5

The network portion of an address is used by an IPv4 or IPv6 machines to lookup which interface a packet should be sent out on in its routing table. When an IPv4 or IPv6 host with routing enabled receives a packet that is not for the host itself, it attempts to match the network portion of the destination to a network in the routing table. If a matching entry is found, it sends the packet to the destination specified in the routing table. If no entries are found and a default route is configured, it is sent to the default route. If no entry is found and no default route are configured, the packet is discarded.

Configuring an Interface

There are two tools we will be covering that you can use to configure a network interface: ifconfig and ip. The ifconfig program, while still widely used, is considered a legacy tool and may not be available on newer systems.

Tip	On newer Linux distributions, installation of the `net-tools` package will provide you with the legacy networking commands.

Before configuring an interface, you must first know what interfaces are available. There are a few ways to do this. One way is to use the -a option of ifconfig:

$ ifconfig -a

Another way is with ip. Sometimes you will see examples with ip addr, ip a, and some with ip address. They are synonymous. Officially, the subcommand is ip address. This means that if you wish to view the man page, you must use man ip-address and not man ip-addr.

The link subcommand for ip will list the interface links available for configuration:

$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:54:18:57 brd ff:ff:ff:ff:ff:ff
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:ab:11:3e brd ff:ff:ff:ff:ff:ff

Assuming the sys filesystem is mounted, you can also list the contents of /sys/class/net:

$ ls /sys/class/net
enp0s3  enp0s8  lo

To configure an interface with ifconfig, you must be logged in as root or use a utility such as sudo to run the command with root privilege. Follow the example below:

# ifconfig enp1s0 192.168.50.50/24

The Linux version of ifconfig is flexible with how you specify the subnet mask:

# ifconfig eth2 192.168.50.50 netmask 255.255.255.0
# ifconfig eth2 192.168.50.50 netmask 0xffffff00
# ifconfig enp0s8 add 2001:db8::10/64

Notice how with IPv6 the keyword add was used. If you don’t precede an IPv6 address with add, you will get an error message.

The following command configures an interface with ip:

# ip addr add 192.168.5.5/24 dev enp0s8
# ip addr add 2001:db8::10/64 dev enp0s8

With ip, the same command is used for both IPv4 and IPv6.

Configuring Low Level Options

The ip link command is used to configure low level interface or protocol settings such as VLANs, ARP, or MTUs, or disabling an interface.

A common task for ip link is to disable or enable an interface. This can be done with ifconfig as well:

# ip link set dev enp0s8 down
# ip link show dev enp0s8
3: enp0s8: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
    link/ether 08:00:27:ab:11:3e brd ff:ff:ff:ff:ff:ff
# ifconfig enp0s8 up
# ip link show dev enp0s8
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:ab:11:3e brd ff:ff:ff:ff:ff:ff

Sometimes you may need to adjust an interface’s MTU. As with enabling/disabling interfaces, this can be done with either ifconfig of ip link:

# ip link set enp0s8 mtu 2000
# ip link show dev enp0s3
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2000 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:54:53:59 brd ff:ff:ff:ff:ff:ff
# ifconfig enp0s3 mtu 1500
# ip link show dev enp0s3
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:54:53:59 brd ff:ff:ff:ff:ff:ff

The Routing Table

The commands route, netstat -r, and ip route can all be used to view your routing table. If you wish to modify your routes, you need to use route or ip route. Below are examples of viewing a routing table:

$ netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         10.0.2.2        0.0.0.0         UG        0 0          0 enp0s3
10.0.2.0        0.0.0.0         255.255.255.0   U         0 0          0 enp0s3
192.168.150.0   0.0.0.0         255.255.255.0   U         0 0          0 enp0s8
$ ip route
default via 10.0.2.2 dev enp0s3 proto dhcp metric 100
10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 100
192.168.150.0/24 dev enp0s8 proto kernel scope link src 192.168.150.200
$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.0.2.2        0.0.0.0         UG    100    0        0 enp0s3
10.0.2.0        0.0.0.0         255.255.255.0   U     100    0        0 enp0s3
192.168.150.0   0.0.0.0         255.255.255.0   U     0      0        0 enp0s8

Notice how there is no output regarding IPv6. If you wish to view your routing table for IPv6, you must use route -6, netstat -6r, and ip -6 route.

$ route -6
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
2001:db8::/64                  [::]                       U    256 0      0 enp0s8
fe80::/64                      [::]                       U    100 0      0 enp0s3
2002:a00::/24                  [::]                       !n   1024 0      0 lo
[::]/0                         2001:db8::1                UG   1   0      0 enp0s8
localhost/128                  [::]                       Un   0   2     84 lo
2001:db8::10/128               [::]                       Un   0   1      0 lo
fe80::a00:27ff:fe54:5359/128   [::]                       Un   0   1      0 lo
ff00::/8                       [::]                       U    256 1      3 enp0s3
ff00::/8                       [::]                       U    256 1      6 enp0s8

An example of netstat -r6 has been omitted because its output is identical to route -6. Some of the output of the above route command is self explanatory. The Flag column provides some information about the route. The U flag indicates that a route is up. A ! means reject route i.e. a route with a ! won’t be used. The n flag means the route hasn’t been cached. The kernel maintains a cache of routes for faster lookups separately from all known routes. The G flag indicates a gateway. The Metric or Met column isn’t used by the kernel. It refers to the administrative distance to the target. This administrative distance is used by routing protocols to determine dynamic routes. The Ref column is the reference count, or number of uses of a route. Like Metric, it is not used by the Linux kernel. The Use column shows the number of lookups for a route.

In the output of netstat -r, MSS indicates the maximum segment size for TCP connections over that route. The Window column shows you the defualt TCP window size. The irtt shows the round trip time for packets on this route.

The output of ip route and ip -6 route reads as follows:

Destination.
Optional address followed by interface.
The routing protocol used to add the route.
The scope of the route. If this is omitted, it is global scope, or a gateway.
The route’s metric. This is used by dynamic routing protocols to determine the cost of the route. This isn’t used by most systems.
If it is an IPv6 route, the RFC4191 route preference.

Working through a few examples should clarify this:

IPv4 Example

default via 10.0.2.2 dev enp0s3 proto dhcp metric 100

The destination is the default route.
The gateway address is 10.0.2.2 reachable through interface enp0s3.
It was added to the routing table by DHCP.
The scope was omitted, so it is global.
The route has a cost value of 100.
No IPv6 route preference.

IPv6 Example

fc0::/64 dev enp0s8 proto kernel metric 256 pref medium

The destination is fc0::/64.
It is reachable through interface enp0s8.
It was added automatically by the kernel.
The scope was omitted, so it is global.
The route has a cost value of 256.
It has an IPv6 preference of medium.

Managing Routes

Routes can by managed by using route or ip route. Below is an example of adding and removing a route using the route command. With route, you must use the -6 option for IPv6:

# ping6 -c 2 2001:db8:1::20
connect: Network is unreachable
# route -6 add 2001:db8:1::/64 gw 2001:db8::3
# ping6 -c 2 2001:db8:1::20
PING 2001:db8:1::20(2001:db8:1::20) 56 data bytes
64 bytes from 2001:db8:1::20: icmp_seq=1 ttl=64 time=0.451 ms
64 bytes from 2001:db8:1::20: icmp_seq=2 ttl=64 time=0.438 ms
# route -6 del 2001:db8:1::/64 gw 2001:db8::3
# ping6 -c 2 2001:db8:1::20
connect: Network is unreachable

Below is the same example using the ip route command:

# ping6 -c 2 2001:db8:1:20
connect: Network is unreachable
# ip route add 2001:db8:1::/64 via 2001:db8::3
# ping6 -c 2 2001:db8:1:20
PING 2001:db8:1::20(2001:db8:1::20) 56 data bytes
64 bytes from 2001:db8:1::20: icmp_seq=2 ttl=64 time=0.529 ms
64 bytes from 2001:db8:1::20: icmp_seq=2 ttl=64 time=0.438 ms
# ip route del 2001:db8:1::/64 via 2001:db8::3
# ping6 -c 2 2001:db8:1::20
connect: Network is unreachable

Guided Exercises

Which commands can be used to list network interfaces?
How would you temporarily disable an interface? How would you re-enable it?
Which of the following is a reasonable subnet mask for IPv4?

0.0.0.255

255.0.255.0

255.252.0.0

/24
Which commands can you use to verify your default route?
How would add a second IP address to an interface?

Explorational Exercises

Which subcommand of ip can be used to configure vlan tagging?
How would you configure a default route?
How would you get detailed information about the ip neighbour command? What happens if you run it by itself?
How would you backup your routing table? How would you restore from it?
Which ip subcommand can be used to configure spanning tree options?

Summary

Networking is usually configured by a system’s startup scripts or a helper such as NetworkManager. Most distributions have tools that will edit the startup script configuration files for you. Consult your distribution’s documentation for details.

Being able to manually configure networking allows you to troubleshoot more effectively. It is useful in minimal environments used for things like restoring from backups or migrating to new hardware.

The utilities covered in this section have more functionality than covered in this lesson. It would be worthwhile to skim through the man page of each to familiarize yourself with the options available. The ss and ip commands are the modern way of doing things, while the rest that are covered, while still in common use, are considered legacy tools.

The best way to get familiar with the tools covered is practice. Using a computer with a modest amount of RAM, it is possible to setup a virtual network lab using virtual machines that you can practice with. Three virtual machines are enough to get comfortable with the tools listed.

Commands used in this lesson include:

ifconfig: Legacy utility used to configure network interfaces and review their states.
ip: Modern and versatile utility used to configure network interfaces and review their states.
netstat: Legacy command used to view current network connections and route information.
route: Legacy command used to view or modify a system’s routing table.

Answers to Guided Exercises

Which commands can be used to list network interfaces?

Any of the commands below:

ip link, ifconfig -a, or ls /sys/class/net
How would you temporarily disable an interface? How would you re-enable it?

You could use ifconfig or ip link:

Using ifconfig:
```
$ ifconfig wlan1 down
$ ifconfig wlan1 up
```
Using ip link:
```
$ ip link set wlan1 down
$ ip link set wlan1 up
```
Which of the following is a reasonable subnet mask for IPv4?
- 255.252.0.0
- /24
  
  The other masks listed are invalid because they don’t separate the address cleanly into two sections, the first part defining the network, and the second the host. The left most bits of a mask will always be 1 and the right bits will always be 0.

Which commands can you use to verify your default route?

You can use route, netstat -r, or ip route:

$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         server          0.0.0.0         UG    600    0        0 wlan1
192.168.1.0     0.0.0.0         255.255.255.0   U     600    0        0 wlan1
$ netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         server          0.0.0.0         UG        0 0          0 wlan1
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 wlan1
$ ip route
default via 192.168.1.20 dev wlan1 proto static metric 600
192.168.1.0/24 dev wlan1 proto kernel scope link src 192.168.1.24 metric 600

How would add a second IP address to an interface?

You would use ip address or ifconfig. Keep in mind that ifconfig is a legacy tool:
```
$ ip addr add 172.16.15.16/16 dev enp0s9 label enp0s9:sub1
```
The portion of the command label enp0s9:sub1 adds an alias to enp0s9. If you don’t use the legacy ifconfig you can omit this. If you do, the command will still work, but the address you just added won’t show up in the output of ifconfig.

You can also use ifconfig:
```
$ ifconfig enp0s9:sub1 172.16.15.16/16
```

Answers to Explorational Exercises

Which subcommand of ip can be used to configure vlan tagging?

ip link has a vlan option that can be used. Below is an example of tagging a sub interface with vlan 20.
```
# ip link add link enp0s9 name enp0s9.20 type vlan id 20
```

How would you configure a default route?

Using route or ip route:

# route add default gw 192.168.1.1
# ip route add default via 192.168.1.1

How would you get detailed information about the ip neighbour command? What happens if you run it by itself?

By reading the man page:
```
$ man ip-neigbour
```
It displays your ARP cache:
```
$ ip neighbour
10.0.2.2 dev enp0s3 lladdr 52:54:00:12:35:02 REACHABLE
```
How would you backup your routing table? How would you restore from it?

The example below demonstrates backing up and restoring a routing table:
```
# ip route save > /root/routes/route_backup
# ip route restore < /root/routes/route_backup
```
Which ip subcommand can be used to configure spanning tree options?

Similar to managing vlan settings, ip link can configure spanning tree by using the bridge type. The example shows adding a virtual interface with a STP priority of 50:
```
# ip link add link enp0s9 name enp0s9.50 type bridge priority 50
```