109.3 Lesson 1
Certificate: |
LPIC-1 |
---|---|
Version: |
5.0 |
Topic: |
109 Networking Fundamentals |
Objective: |
109.3 Basic network troubleshooting |
Lesson: |
1 of 2 |
Introduction
Linux has very flexible and powerful network capabilities. In fact, Linux based operating systems are often used on common network devices, including expensive commercial equipment. Linux networking could be a certification in itself. With this mind, this lesson is only going to cover a few basic configuration and troubleshooting tools.
Be sure to review the lessons on internet protocols and persistent network configuration prior to this lesson. Within this lesson, we will be covering tools to configure and troubleshoot IPv4 and IPv6 networking.
While not an official objective, packet sniffers such as tcpdump
are useful troubleshooting tools. Packet sniffers allow you to view and record packets coming into or out of a network interface. Tools such as hex viewers and protocol analyzers can be used to view these packets in more detail than a packet sniffer will typically allow. It wouldn’t hurt to at least be aware of such programs.
About the ip
Command
The ip
command is a fairly recent utility used to view and configure just about anything relating to network configurations. This lesson covers some of the most used subcommands of ip
, but it barely scratches the surface of what is available. Learning to read the documentation will help you be much more efficient with it.
Each subcommand of ip
has its own man page. The SEE ALSO
section of the ip
man page has a list of them:
$ man ip ... SEE ALSO ip-address(8), ip-addrlabel(8), ip-l2tp(8), ip-link(8), ip-maddress(8), ip-monitor(8), ip-mroute(8), ip-neighbour(8), ip-netns(8), ip- ntable(8), ip-route(8), ip-rule(8), ip-tcp_metrics(8), ip-token(8), ip- tunnel(8), ip-xfrm(8) IP Command reference ip-cref.ps ...
Instead of looking at this every time you need the man page, simply add -
and the name of the subcommand to ip
, e.g. man ip-route
.
Another source of information is the help function. To view the built-in help, add help
after the subcommand:
$ ip address help Usage: ip address {add|change|replace} IFADDR dev IFNAME [ LIFETIME ] [ CONFFLAG-LIST ] ip address del IFADDR dev IFNAME [mngtmpaddr] ip address {save|flush} [ dev IFNAME ] [ scope SCOPE-ID ] [ to PREFIX ] [ FLAG-LIST ] [ label LABEL ] [up] ip address [ show [ dev IFNAME ] [ scope SCOPE-ID ] [ master DEVICE ] [ type TYPE ] [ to PREFIX ] [ FLAG-LIST ] [ label LABEL ] [up] [ vrf NAME ] ] ip address {showdump|restore} IFADDR := PREFIX | ADDR peer PREFIX ...
Netmask and Routing Review
IPv4 and IPv6 are what are known as routed or routable protocols. This means they are designed in a way that make it possible for network designers to control traffic flow. Ethernet is not a routable protocol. This means that if you were to connect a bunch of devices together using nothing but Ethernet, there is very little you can do to control the flow of network traffic. Any measures to control traffic would end up similar to current routable and routing protocols.
Routable protocols allow network designers to segment networks to reduce the processing requirements of connectivity devices, provide redundancy, and manage traffic.
IPv4 and IPv6 addresses have two sections. The first set of bits make up the network section while the second set make up the host portion. The number of bits that make up the network portion are determined by the netmask (also called subnet mask). Sometimes it will also be referred to as the prefix length. Regardless of what it is called, it is the number of bits that the machine treats as the network portion of the address. With IPv4, sometimes this is specified in dotted decimal notation.
Below is an example using IPv4. Notice how the binary digits maintain their place value in the octets even when it is divided by the netmask.
192.168.130.5/20 192 168 130 5 11000000 10101000 10000010 00000101 20 bits = 11111111 11111111 11110000 00000000 Network = 192.168.128.0 Host = 2.5
The network portion of an address is used by an IPv4 or IPv6 machines to lookup which interface a packet should be sent out on in its routing table. When an IPv4 or IPv6 host with routing enabled receives a packet that is not for the host itself, it attempts to match the network portion of the destination to a network in the routing table. If a matching entry is found, it sends the packet to the destination specified in the routing table. If no entries are found and a default route is configured, it is sent to the default route. If no entry is found and no default route are configured, the packet is discarded.
Configuring an Interface
There are two tools we will be covering that you can use to configure a network interface: ifconfig
and ip
. The ifconfig
program, while still widely used, is considered a legacy tool and may not be available on newer systems.
Tip
|
On newer Linux distributions, installation of the |
Before configuring an interface, you must first know what interfaces are available. There are a few ways to do this. One way is to use the -a
option of ifconfig
:
$ ifconfig -a
Another way is with ip
. Sometimes you will see examples with ip addr
, ip a
, and some with ip address
. They are synonymous. Officially, the subcommand is ip address
. This means that if you wish to view the man page, you must use man ip-address
and not man ip-addr
.
The link
subcommand for ip
will list the interface links available for configuration:
$ ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:54:18:57 brd ff:ff:ff:ff:ff:ff 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:ab:11:3e brd ff:ff:ff:ff:ff:ff
Assuming the sys
filesystem is mounted, you can also list the contents of /sys/class/net
:
$ ls /sys/class/net enp0s3 enp0s8 lo
To configure an interface with ifconfig
, you must be logged in as root or use a utility such as sudo
to run the command with root privilege. Follow the example below:
# ifconfig enp1s0 192.168.50.50/24
The Linux version of ifconfig
is flexible with how you specify the subnet mask:
# ifconfig eth2 192.168.50.50 netmask 255.255.255.0 # ifconfig eth2 192.168.50.50 netmask 0xffffff00 # ifconfig enp0s8 add 2001:db8::10/64
Notice how with IPv6 the keyword add
was used. If you don’t precede an IPv6 address with add
, you will get an error message.
The following command configures an interface with ip
:
# ip addr add 192.168.5.5/24 dev enp0s8 # ip addr add 2001:db8::10/64 dev enp0s8
With ip
, the same command is used for both IPv4 and IPv6.
Configuring Low Level Options
The ip link
command is used to configure low level interface or protocol settings such as VLANs, ARP, or MTUs, or disabling an interface.
A common task for ip link
is to disable or enable an interface. This can be done with ifconfig
as well:
# ip link set dev enp0s8 down # ip link show dev enp0s8 3: enp0s8: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000 link/ether 08:00:27:ab:11:3e brd ff:ff:ff:ff:ff:ff # ifconfig enp0s8 up # ip link show dev enp0s8 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:ab:11:3e brd ff:ff:ff:ff:ff:ff
Sometimes you may need to adjust an interface’s MTU. As with enabling/disabling interfaces, this can be done with either ifconfig
of ip link
:
# ip link set enp0s8 mtu 2000 # ip link show dev enp0s3 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2000 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:54:53:59 brd ff:ff:ff:ff:ff:ff # ifconfig enp0s3 mtu 1500 # ip link show dev enp0s3 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:54:53:59 brd ff:ff:ff:ff:ff:ff
The Routing Table
The commands route
, netstat -r
, and ip route
can all be used to view your routing table. If you wish to modify your routes, you need to use route
or ip route
. Below are examples of viewing a routing table:
$ netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default 10.0.2.2 0.0.0.0 UG 0 0 0 enp0s3 10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3 192.168.150.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s8 $ ip route default via 10.0.2.2 dev enp0s3 proto dhcp metric 100 10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 100 192.168.150.0/24 dev enp0s8 proto kernel scope link src 192.168.150.200 $ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3 10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 192.168.150.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s8
Notice how there is no output regarding IPv6. If you wish to view your routing table for IPv6, you must use route -6
, netstat -6r
, and ip -6 route
.
$ route -6 Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If 2001:db8::/64 [::] U 256 0 0 enp0s8 fe80::/64 [::] U 100 0 0 enp0s3 2002:a00::/24 [::] !n 1024 0 0 lo [::]/0 2001:db8::1 UG 1 0 0 enp0s8 localhost/128 [::] Un 0 2 84 lo 2001:db8::10/128 [::] Un 0 1 0 lo fe80::a00:27ff:fe54:5359/128 [::] Un 0 1 0 lo ff00::/8 [::] U 256 1 3 enp0s3 ff00::/8 [::] U 256 1 6 enp0s8
An example of netstat -r6
has been omitted because its output is identical to route -6
. Some of the output of the above route
command is self explanatory. The Flag
column provides some information about the route. The U
flag indicates that a route is up. A !
means reject route i.e. a route with a !
won’t be used. The n
flag means the route hasn’t been cached. The kernel maintains a cache of routes for faster lookups separately from all known routes. The G
flag indicates a gateway. The Metric
or Met
column isn’t used by the kernel. It refers to the administrative distance to the target. This administrative distance is used by routing protocols to determine dynamic routes. The Ref
column is the reference count, or number of uses of a route. Like Metric
, it is not used by the Linux kernel. The Use
column shows the number of lookups for a route.
In the output of netstat -r
, MSS
indicates the maximum segment size for TCP connections over that route. The Window
column shows you the defualt TCP window size. The irtt
shows the round trip time for packets on this route.
The output of ip route
and ip -6 route
reads as follows:
-
Destination.
-
Optional address followed by interface.
-
The routing protocol used to add the route.
-
The scope of the route. If this is omitted, it is global scope, or a gateway.
-
The route’s metric. This is used by dynamic routing protocols to determine the cost of the route. This isn’t used by most systems.
-
If it is an IPv6 route, the RFC4191 route preference.
Working through a few examples should clarify this:
- IPv4 Example
-
default via 10.0.2.2 dev enp0s3 proto dhcp metric 100
-
The destination is the default route.
-
The gateway address is
10.0.2.2
reachable through interfaceenp0s3
. -
It was added to the routing table by DHCP.
-
The scope was omitted, so it is global.
-
The route has a cost value of
100
. -
No IPv6 route preference.
-
- IPv6 Example
-
fc0::/64 dev enp0s8 proto kernel metric 256 pref medium
-
The destination is
fc0::/64
. -
It is reachable through interface
enp0s8
. -
It was added automatically by the kernel.
-
The scope was omitted, so it is global.
-
The route has a cost value of
256
. -
It has an IPv6 preference of
medium
.
-
Managing Routes
Routes can by managed by using route
or ip route
. Below is an example of adding and removing a route using the route
command. With route
, you must use the -6
option for IPv6:
# ping6 -c 2 2001:db8:1::20 connect: Network is unreachable # route -6 add 2001:db8:1::/64 gw 2001:db8::3 # ping6 -c 2 2001:db8:1::20 PING 2001:db8:1::20(2001:db8:1::20) 56 data bytes 64 bytes from 2001:db8:1::20: icmp_seq=1 ttl=64 time=0.451 ms 64 bytes from 2001:db8:1::20: icmp_seq=2 ttl=64 time=0.438 ms # route -6 del 2001:db8:1::/64 gw 2001:db8::3 # ping6 -c 2 2001:db8:1::20 connect: Network is unreachable
Below is the same example using the ip route
command:
# ping6 -c 2 2001:db8:1:20 connect: Network is unreachable # ip route add 2001:db8:1::/64 via 2001:db8::3 # ping6 -c 2 2001:db8:1:20 PING 2001:db8:1::20(2001:db8:1::20) 56 data bytes 64 bytes from 2001:db8:1::20: icmp_seq=2 ttl=64 time=0.529 ms 64 bytes from 2001:db8:1::20: icmp_seq=2 ttl=64 time=0.438 ms # ip route del 2001:db8:1::/64 via 2001:db8::3 # ping6 -c 2 2001:db8:1::20 connect: Network is unreachable
Guided Exercises
-
Which commands can be used to list network interfaces?
-
How would you temporarily disable an interface? How would you re-enable it?
-
Which of the following is a reasonable subnet mask for IPv4?
0.0.0.255
255.0.255.0
255.252.0.0
/24
-
Which commands can you use to verify your default route?
-
How would add a second IP address to an interface?
Explorational Exercises
-
Which subcommand of
ip
can be used to configure vlan tagging? -
How would you configure a default route?
-
How would you get detailed information about the
ip neighbour
command? What happens if you run it by itself? -
How would you backup your routing table? How would you restore from it?
-
Which
ip
subcommand can be used to configure spanning tree options?
Summary
Networking is usually configured by a system’s startup scripts or a helper such as NetworkManager. Most distributions have tools that will edit the startup script configuration files for you. Consult your distribution’s documentation for details.
Being able to manually configure networking allows you to troubleshoot more effectively. It is useful in minimal environments used for things like restoring from backups or migrating to new hardware.
The utilities covered in this section have more functionality than covered in this lesson. It would be worthwhile to skim through the man page of each to familiarize yourself with the options available. The ss
and ip
commands are the modern way of doing things, while the rest that are covered, while still in common use, are considered legacy tools.
The best way to get familiar with the tools covered is practice. Using a computer with a modest amount of RAM, it is possible to setup a virtual network lab using virtual machines that you can practice with. Three virtual machines are enough to get comfortable with the tools listed.
Commands used in this lesson include:
ifconfig
-
Legacy utility used to configure network interfaces and review their states.
ip
-
Modern and versatile utility used to configure network interfaces and review their states.
netstat
-
Legacy command used to view current network connections and route information.
route
-
Legacy command used to view or modify a system’s routing table.
Answers to Guided Exercises
-
Which commands can be used to list network interfaces?
Any of the commands below:
ip link
,ifconfig -a
, orls /sys/class/net
-
How would you temporarily disable an interface? How would you re-enable it?
You could use
ifconfig
orip link
:Using
ifconfig
:$ ifconfig wlan1 down $ ifconfig wlan1 up
Using
ip link
:$ ip link set wlan1 down $ ip link set wlan1 up
-
Which of the following is a reasonable subnet mask for IPv4?
-
255.252.0.0
-
/24
The other masks listed are invalid because they don’t separate the address cleanly into two sections, the first part defining the network, and the second the host. The left most bits of a mask will always be
1
and the right bits will always be0
.
-
-
Which commands can you use to verify your default route?
You can use
route
,netstat -r
, orip route
:$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default server 0.0.0.0 UG 600 0 0 wlan1 192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlan1 $ netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface default server 0.0.0.0 UG 0 0 0 wlan1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan1 $ ip route default via 192.168.1.20 dev wlan1 proto static metric 600 192.168.1.0/24 dev wlan1 proto kernel scope link src 192.168.1.24 metric 600
-
How would add a second IP address to an interface?
You would use
ip address
orifconfig
. Keep in mind thatifconfig
is a legacy tool:$ ip addr add 172.16.15.16/16 dev enp0s9 label enp0s9:sub1
The portion of the command
label enp0s9:sub1
adds an alias toenp0s9
. If you don’t use the legacyifconfig
you can omit this. If you do, the command will still work, but the address you just added won’t show up in the output ofifconfig
.You can also use
ifconfig
:$ ifconfig enp0s9:sub1 172.16.15.16/16
Answers to Explorational Exercises
-
Which subcommand of
ip
can be used to configure vlan tagging?ip link
has avlan
option that can be used. Below is an example of tagging a sub interface with vlan 20.# ip link add link enp0s9 name enp0s9.20 type vlan id 20
-
How would you configure a default route?
Using
route
orip route
:# route add default gw 192.168.1.1 # ip route add default via 192.168.1.1
-
How would you get detailed information about the
ip neighbour
command? What happens if you run it by itself?By reading the man page:
$ man ip-neigbour
It displays your ARP cache:
$ ip neighbour 10.0.2.2 dev enp0s3 lladdr 52:54:00:12:35:02 REACHABLE
-
How would you backup your routing table? How would you restore from it?
The example below demonstrates backing up and restoring a routing table:
# ip route save > /root/routes/route_backup # ip route restore < /root/routes/route_backup
-
Which
ip
subcommand can be used to configure spanning tree options?Similar to managing vlan settings,
ip link
can configure spanning tree by using thebridge
type. The example shows adding a virtual interface with a STP priority of 50:# ip link add link enp0s9 name enp0s9.50 type bridge priority 50