Beruflich Dokumente
Kultur Dokumente
®
TRAINING
C H A PT E R 1
Overview
RH254- R H E L7-en-1-20140711
-
C h a pter 1 . C o n t ro l l i n g Se rvices a n d D a e m o n s
-
O bject ives
-
After co m p l et i n g t h i s sect i o n , stu d e nts s h o u l d b e a b l e to:
• List syst e m d a e m o n s and n etwo rk se rvi ces started by the syst emd service and socket u n its.
-
I nt ro d u c t i o n to systemd
-
A service ofte n refers to one or more d a e m o n s , but start i n g o r sto p p i n g a se rvice may
i n stead m a ke a one-t i m e c h a n ge to the state of the system (for exa m p l e, to confi g u re network -
A bit of h i story -
Fo r many yea rs, p rocess ID 1 of L i n u x and U N I X systems has been t h e init p rocess. This process
was res p o n s i b l e for a ct i vat i n g ot h e r servi ces o n the system. Freq u e n t l y used d a e m o n s were
started o n systems at boot t i m e with System V a n d L i n u x Sta n d a rd Base (LSB) init scri pts. -
-
N ote
W i t h syste m d , s h e l l-ba sed service scripts a re used o n l y for a few l e g a cy services.
-
Therefore, confi g u ra t i o n files with s h e l l va ria b l es, such a s t hose fou n d i n
/ e t c / sysconfig, a re b e i n g re p l a ced. Those sti l l i n use a re i n c l u d e d a s syst e m d
e nv iro n m e nt f i l es a n d r e a d a s N A M E=VA L U E p a i rs. T h e y a re no l o n g e r s o u rced a s a
-
s h e l l s c r i pt.
-
-
-
I m p o rta nt
T h e systemc t l m a y a b b reviate o r " e l l i psize" u n it n a m es, p rocess t ree e n t ries, and
- u n it d e s c r i p t i o n s u n l ess run w i t h t h e - 1 o p t i on.
Service states
-
The sta t u s of a service can be vi ewed with sys t emc t l s t a t u s name . type. If the u n i t type is
not p rovi d e d , sys temctl wi l l s h ow t h e sta t u s of a service u n it, if one exi sts.
- r-·
! [ ro o t @ s e r v e r x - ] # systemc t l s t a t u s sshd . s e rvice
' s s h d . s e rvice - OpenSSH s e r v e r d aemon
Loaded : loaded ( / u s r/lib/sys t e m d / s y s t e m/ s s h d . se rvic e ; enabled )
- Act ive : ac t ive ( r u n n i n g ) s i n c e T h u 2 0 14 - 02 - 2 7 11 : 51 : 39 EST ; 7 h ago
Main P I O : 1073 ( s s h d )
CG r o u p : / s y s t e m . slice/ s s h d . s e r vice
L.._ 10 73 / u s r / s b i n / s s h d -D
-
Keyword: Descri p t i o n :
loaded U n it confi g u ra t i o n f i l e h a s been p rocessed.
-
- R H254- R H E L 7 - en -1-20140711 3
-
-
Keyword: Desc r i pt i o n :
enabled W i l l be started at boot t i m e. -
-
N ote
T h e sys t emc t l s t a t u s NAME c o m m a n d rep l a ces t h e se rvice NAME s t a t u s
com m a n d u s e d i n prev i o u s vers i o n s o f R e d H a t Enterprise L i n u x . -
L i st i n g u n it fi l es w i t h systemctl
-
f � � � - type :: ervice
[ r o o t @ s e r v e r x - ]# sys t e ct -
-- �---'
-�- --�------------
--
• I nvest i g ate a n y u n its w h i c h a re i n a fa i l ed or m a i nt e n a n ce state. Option a l l y, add t h e -1 option
-
to show t h e f u l l output.
I
-
[ root@se r v e r x - ] # systemctl is - enabled sshd
-
• L ist the active state of a l l l o a d e d u n its. Optio n a l l y, l i m it the type of u n it. The - - all option w i l l
a d d i n active u n its.
-
[ r oot@se r v e r X - ] # systemctl lis t - units - - type=service
[ r oot@se r v e r x - ] # sys temctl list - units - - type=service - - all
-
• View t h e e n a b l ed a n d d i sa b l ed sett i n g s for a l l u n its. Optio n a l l y, l i m it t h e type of u n it.
j
- -- - ----- - ---�
-
• View o n l y fa i l ed services.
-
� �- ty�e=se rvice
-----�
l : : ��
-- --�
-.----T-��-
;�-
- ·-----· ��---- -
-
-
• Verify t h a t t h e process i s r u n n i n g .
-
-
• Stop, t h e n sta rt. t h e service i n a s i n g l e co m m a n d .
-
R H 254- R H E L 7-en-1 -201 40711 5
-
C h a pter 1 . C o n t ro l l i n g S e rvices a n d D a e m o n s
-
-
U n i t d e p e n d e n c i es
Se rvi ces m a y be sta rted as d e p e n d e n cies of ot h e r se rvices. I f a socket u n i t i s e na b l ed a n d t h e
service u n it w i t h t h e s a m e n a m e i s not, t h e s e r v i c e w i l l automatica l ly be s t a r t e d w h e n a req uest -
i s made on the n etwo r k soc ket. S e rvices may a l so be t r i g g e re d by path u n its w h e n a f i l e syste m
condition i s met.
-
The sys t emc t l list - dependencies UNIT co m m a n d c a n be u sed to d i s p l ay a t ree of other
u n its which m u st be started i n conj u n c t i o n w i t h a specific u n it. T h e - - r eve r s e o p t i o n to this
command w i l l s h ow w h a t u n i t s need to have t h e specified unit started i n order to r u n . -
M a s k i n g services
A syste m m a y h a ve c o n f l i c t i n g services i n sta l l e d for a cert a i n f u n c t i o n , such a s fi rewa l l s ( i pta b l es -
L.
rm ' /e t c / s y s t em d / s y s t em/netwo r k . s e rvice '
-
I m po rta nt
-
A d i s a b l e d service w i l l n ot be started a utomatica l l y at boot o r by other unit f i l es,
b u t can b e started m a n u a l l y. A m a s ked service ca n n ot b e started m a n u a l l y or
a u t o m a t i ca l l y.
-
E n a b l i n g syste m d a e m o n s to sta rt o r sto p a t boot
Services a re sta rted at boot t i m e w h e n l i n ks a re c reated i n t h e a p p ropriate syst emd
config u ra ti o n d i rectories. These l i n ks a re created a n d removed with sys temc t l c o m m a nds. -
-
• D i sa b l e the service a n d verify the sta t u s. N ote t h a t disa b l i n g a service does not stop t h e
se rvice.
-
6 R H 254- R H E L 7 - e n -1 -20140711 -
-
-
S u m m a ry of sys t em c t l com m a n d s
-
�-�-- ·---�---·
-
E n a b l e t h e service a n d verify t h e status.
I
; [ r o o t @ s e r v e r X - ] # systemc t l enable sshd . service
[ ro o t @ s e r v e r X - ] # systemct l is - enabled sshd . se rvice
-
I
-
S u m m a ry of systemctl co m m a n d s
Services c a n b e sta rted a n d sto p p e d o n a r u n n i n g syst e m a n d e n a b l ed o r d i s a b l e d for a ut o m a t i c
s t a r t a t boot t i m e.
-
Co mma n d : Ta s k :
sys t em c t l s t a t u s UNIT V iew deta i l e d i n fo r m a t i o n a b o u t a u n it state.
-
sys t em c t l s t o p UNIT Stop a service o n a r u n n i ng syste m .
sys t emc t l s t a r t UNIT Start a service o n a r u n n i n g syste m .
-
sys t emc t l r e s t a r t UNIT Restart a service o n a r u n n i n g syste m .
sys t emc t l reload UNIT Reload confi g u rat i o n f i l e of a r u n n i n g service.
-
sys t emc t l mas k UNIT Co m p l et e l y d i s a b l e a service from b e i n g
sta rte d , both m a n u a l l y a n d at boot.
-
sys t emc t l disable UNIT D i sa b l e a service from start i n g at boot t i me.
sys t emc t l list - dependencies UNIT L i st u n its w h i c h a re req u i re d a n d wa nted by
t h e s p e c i f i e d u n it.
-
R Refe re n ces
-
sys t emd(2), syst emd . u n i t (5), syst emd . se rvice(5), syst emd . soc k e t (5), a n d
syst emct l(1 ) m a n pages
...
A d d i t i o n a l i n fo r m a t i o n m a y b e a va i l a b l e i n t h e c h a pter o n m a n a g i n g services with
syst emd i n the Red Hat Enterprise Linux System Administrator's Guide for Red H at
E n t e r p rise L i n u x 7, w h i c h c a n be fo u n d a t
-
http://d ocs.re d hat.com/
-..
R H 254- R H E L 7-en-1 -20140711 7
-
-
P ra ct i ce : U s i n g syste m ct l to M a n a g e S e rv i ces
-
G u i d e d exe rc i s e -
r'*'*�
-
Machlnes� .....
O utcomes:
-
T h e ch r onyd service is d i s a b l e d and n o l o n g e r r u n n i n g o n the system.
Before y o u begin. ..
-
Reset y o u r serverX syste m .
-
[ s t u d e n t @ s e r v e r X - ] $ sudo systemct l s t a t u s sshd
s h d . se rvice - Ope nSSH s e r v e r daemon
Loaded : loaded ( / u s r/lib/sy s t emd / sy s t e m/ s s h d . se rvice ; enabled )
Ac t ive : ac t ive ( r u n n i n g ) since Tue 2014 - 0 6 - 10 09 : 09 : 50 EDT ; 35min ago -
P r o c e s s : 1061 ExecS t a r t P r e=/ u s r / s b i n / s s h d - keygen ( c ode=exit ed , s t a t u s=0/
SUCCESS )
Main P I D : 1077 ( s s h d )
CG r o u p : / s y s t em . s lice/ s s h d . se rvice -
L.. 1077 / u s r / s b i n / s s h d - D
[ s t u d e n t@ s e r v e r X - ] $ s u d o systemc t l r e s t a r t sshd
[ s t u d e n t@s e r v e r X - ] $ sudo systemc t l s t a t u s sshd
s s h d . se rvice - OpenSSH server daemon -
8 R H 254-R H E L 7 - e n -1 -20140711
-
-
G u i d e d exercise
-
-
D 3. Stop t h e c h r onyd service and view t h e status.
...
D 5.
... I
Reboot the syste m .
[ s t u d e n t @ s e r v e r x - ] $ sudo reboot
D 6. Log i n to the se rverX system and view the stat u s of the c h ronyd se rvice.
-
-
-
D 8. Re boot t h e syste m.
-
-
C o n t ro l l i n g t h e Boot P rocess
Co n t ro l l i n g t h e B o ot P rocess
-
-
O bj e c t i ves
After c o m p l e t i n g t h i s sect i o n , st u d e nts s h o u l d b e a b l e to i n f l u e nce t h e b o o t p rocess a n d b e a b l e
t o re p a i r c o m m o n boot issues u s i n g syst emd ta rg ets.
-
Se l ect i n g a syste m d ta rg et
A syst emd t a rg et is a s e t o f syst emd u n its t h a t s h o u l d be started to rea c h a d e s i re d state.
-
I m portant ta rgets a re l isted in the fo l l o w i n g ta b l e.
Ta rget P u r pose
-
!
-
-
A n ove rview of a l l ava i l a b l e ta rgets ca n b e v i ewed with:
-
J [ r oo t @ s e r v e r X - ] # systemc t l list - un i t s - - type=target - - all
I!
-
...
S e l e c t i n g a t a rg et at r u n t i m e
O n a r u n n i n g system, a d m i n i st rators c a n c h oose to switch to a d iffe rent ta rget u s i n g t h e
-
sys t emc t l isola t e com m a nd; for exa m p l e, syst emc t l isola t e m u l t i - u s e r . t a r g e t .
N ote
-
- Sett i n g a d e fa u l t ta rget
W h e n the system sta rts, and control is passed ove r to syst emd from the init ramfs, sys t emd
w i l l t ry to a c t i vate t h e default . t a r get t a rg et. N o r m a l l y t h e default . target ta rget w i l l
-
-
....
i
m u l t i - u se r. t a r g e t
[ r oot@se r v e r X - ] # sys t emc t l set - default g raphical . t arget -
I
-
g r aphical. t a r g e t
.....____ ����� -������ -��� ·������.
I
-
s y s t emd. u n i t = r e s c u e. t a r g e t
-
1. ( Re)boot t h e system.
-
2. I nterru pt t h e boot l o a d e r menu cou ntdown by p ress i n g any key.
5. M ove the c u rsor to the l i n e that starts with linux16. This i s the k e r n e l com m a n d l i ne. -
N ote
-
O n Red H a t Enterprise L i n u x 6 a n d e a r l i e r, a n a d m i n istrator cou l d boot t h e syste m
i nto run/eve/ 1 , a n d b e presented w i t h a root prom pt. T h e c l osest a n a l o g s to
r u n l evel 1 on a Red H a t Enterprise L i n u x 7 m a c h i n e a re t h e rescue . t a rget a n d
eme rgency . t a r g e t ta rgets, both o f w h i c h req u i re t h e root password to l o g i n .
12 R H 254- R H E L 7 - e n -1 -20140711 -
-
-
Recove r i n g t h e root password
-
1. Reboot t h e syste m.
-
2. I nt e r r u pt t h e b o ot l o a d e r cou ntdown by press i n g a ny key.
-
3. M ove t h e c u rs o r to the e n t ry that needs to b e booted .
-
5. M ove the c u rs o r to the k e r n e l co m m a n d l i n e (the l i n e that starts with linux16.
k>-,�
< /���'>
-
N ote
T h e init r amfs p ro m pt w i l l s h ow u p o n w hatever conso l e is specified last o n t h e
ker n e l c o m m a n d l i ne.
-
-
7. Press Ct rl +x to boot w i t h t h e c h a n g es.
At t h i s poi nt, a root s h e l l w i l l b e p resented, w i t h the root fi l e syste m for the a c t u a l system
m o u nted rea d -o n l y o n / sys r o o t .
-
'
-
I m p o rta nt
-
S E L i n u x is n ot yet e n a b l e d a t t h i s poi nt, so a ny n e w fi l es bei n g created w i l l n ot h ave an
S E L i n u x context assigned to t h em. Keep i n mind t h a t s o m e tools (s u c h a s pas swd ) fi rst
-
c reate a new f i l e, t h e n m ove it in p l a ce of t h e f i l e t h e y a re i nt e n d e d to edit, effec t i ve l y
creati n g a n e w f i l e w i t h o u t a n S E L i n u x context.
-
To recove r the root pa ssword from this p o i n t . u s e t h e fo l l ow i n g p roce d u re:
-
2. Switch i nto a c h root j a i l , w h e re /sys root i s treated a s the root of the f i l e syst e m t ree.
- I
�
swi t c h_ r oo t : /# c h root /sysroot
i
i s h - 4 . 2# pas swd root
4. M a ke s u re t h a t a l l u n l a b e l e d f i l es ( i n c l u d i n g / e t c / s hadow a t t h i s p o i nt) g et re l a b e l ed d u ri n g
boot.
-
C h a pter 1 . C o n t ro l l i n g S e rv i ces a n d D a e m o n s
I
-
s h - 4 . 2# touch / . autorelabel
5. Ty pe exit twice. The fi rst w i l l exit t h e c h root j a i l , a n d t h e second w i l l exit t h e init ramfs
debug s h e l l .
-
&
-
Wa r n i n g
-
By a p pe n d i n g e i t h e r syst emd . u n i t = r e s c u e . t a r g e t or
sys t emd . u n i t =eme r gency . t a r g e t to the ke r n e l c o m m a n d l i n e from the boot l o a d e r, t h e
-
system wi l l s p a w n i nto a s p e c i a l rescue o r e m e rg e n cy s h e l l i n stead o f start i n g n o rm a l l y. Bot h
of t hese s h e l l s req u i re t h e root password. T h e eme rgency ta rget kee p s t h e root f i l e system
m o u nted read-o n l y, w h i l e rescue . target waits for sysinit . target to co m p l ete fi rst so that
-
more of t h e system w i l l be i n i t i a l ized, for exa m p l e, l o g g i n g , file systems, etc. E x i t i n g from t h ese
s he l l s wi l l cont i n u e w i t h the reg u l a r boot p rocess.
St u c k jo bs
D u ri n g sta rtup, syst emd spawns a n u m be r of j o bs. I f some of t h ese jobs c a n not c o m p l ete, they
w i l l b l o c k o t h e r j o bs from r u n n i n g . To i n s pect t h e c u r rent j o b l ist. a n a d m i n istrator can use the -
c o m m a n d sys t emc t l list - j obs. A n y jobs l i sted a s ru nning m ust co m p l ete before t h e jobs
l i sted as wai t i n g can cont i n ue.
-
R Refe re n ces
-
syst emd . t a r g e t (5), syst emd . special(7), sulogin(8), s u s hell(8), a n d
sys t em c t l(l) m a n p a g e s
-
/u s r /lib/syst emd/syst em/d e b u g - s hell . se rvice
P ra ct i ce: S e l e ct i n g a B o ot Ta rget
G u i d e d exe rc i se
O utcome:
A system booted i nto d iffere nt t a rgets.
0 1 .1 .
[ s t u d e n t @s e r v e r X - ] $ sudo systemc t l isolate multi - u s e r . t a r get
0 3.1.
[ r o o t @ s e rv e r X - ] # systemc t l s e t - d efault mult i - u se r . ta rget
r m ' / e t c / s y s t e m d / s y s t em/defau l t . t a r g e t '
l n - s ' / u s r / l i b / s y s t emd / s y s t em/mul t i - u s e r . t a r g e t ' ' / e t c / s y s t em d / s y s t em/
d e f a u l t . ta r g e t '
0 3.2.
[ r o o t @ s e r v e r X - ] # systemctl reboot
.....
I
-
s y s t emd.u n i t = r e s c u e. t a r g e t
16 R H 254- R H E L 7 - e n -1 -20140711 -
-
L a b : Contro l l i n g Services a n d D a e m o n s
-
L a b : C o n t ro l l i n g S e rv i ces a n d D a e m o n s
-
Pe rfo r m a n ce c h e c k l i st
I n t h i s l a b, you wi l l c h a n g e t h e defa u lt target a n d e n a b l e a n d verify t h a t a service starts u p o n
boot.
-
-
�··�
: .. �···�
Outcomes:
- S t u d e nts w i l l confi g u re t h e se rve rX.exa m p l e.co m m a c h i n e to boot to a state s u p p o rt i n g m u l t i p l e
users w i t h b o t h g ra p h ic a l a n d text-based l o g i n s. S t u d e nts w i l l a l so confi g u re t h e rsys l o g service
to start at boot ti m e.
-
After t h e reboot, verify t h e system state and rsys log service sta t u s to m a ke s u re everyt h i n g is
work i n g as expected . After com p l et i n g yo u r work, r u n t h e co m m a n d lab sys t emd g r ade o n
-
se rverX to verify t h e res u l ts.
2. Dete r m i n e if the rsys log p rocess is r u n n i ng . I f not, verify if it i s config u re d to start o n boot,
and f i x it if it i s n ot.
4. Reboot t h e syst e m .
'-
C h a pter 1 . C o n t ro l l i n g S e rvices a n d D a e m o n s
-
Solution
-
I n t h i s l a b , you w i l l c h a n g e t h e defa u l t ta rget a n d e n a b l e a n d verify t h a t a service starts u pon
boot.
�ik"l'-
Machines ;server)(
-
-
Outcomes:
S t u d e nts w i l l config u re the serverX.ex a m p l e.com m a c h i n e to boot to a state s u p p o rt i n g m u lt i p l e
users w i t h b o t h g ra p h i c a l a n d text-based l o g i ns. St u d e nts w i l l a l so confi g u re t h e rsys l o g service -
to start at boot t i me.
working a s expected. After co m p l et i n g y o u r work, run the command lab sys t emd g rade on
se rverX to verify t h e res u lts.
-
1 .1 . Switch to t h e r o o t user on t h e serverX system.
1 .2. Dete r m i n e t h e state that t h e system is c u rre n t l y confi g u red to boot to.
....
-
[ r oo t @ s e r v e r x - ] # sys temc t l set - default g r aphical . t arget
r m ' /e t c / s y s t emd/sys t em/default . t a r g e t '
ln - s ' / u s r/lib/sys temd / s y s t em/ g r a p h ical . t a r g e t ' ' /e t c / s y s t em d / s y s t em/
default . target ' -
-
-
Solution
-
2 . 2 . C h e c k i f t h e rsys l og service i s e n a b l e d .
-
..
3.2. Ve rify t h e rsys l o g service started w i t h o u t issu es.
4.
I
Reboot t h e system.
-
...
5. Log in to the serverX syste m a g a i n a n d switch to u s e r root. Ve rify that the system boots to
t h e d e s i red system state a n d t h a t t h e rsys l o g service i s r u n n i n g p r o p e r l y.
-
-
RH254- R H E L 7-en-1 -20140711 19
....
-
....
-
-
Solution
S u m m a ry
-
• D ete r m i n e t h e status of system daemons and network servi ces sta rted by sys t emd.
C o n t ro l l i n g t h e Boot Process
-
In this sect i o n , students l ea rned how to:
• B rea k down the Red Hat E nterprise L i n u x 7 boot p rocess i nto fo u r steps:
-
1. H a rd wa re ( B I OS/U E F I )
2. Boot l o a d e r ( g r u b2)
-
- 4. sys t emd
-
R H 254- R H E L7-en-1 -201 40711 21
-
I
-�
--
22
red h at ®
® TRAINING
C H A PT E R 2
Overview
RH254- R H E L7-en-1-20140711 23
-
R ev i ew of 1 Pv4 N etwo r k i n g C o n f i g u ra t i o n
-
O bj e c t i ves -
1 Pv4 n etwo r k i n g
T h i s sect i o n assu mes t h a t stu de nts have a basic u n d e rsta n d i n g of 1 Pv4 n etwo r k i n g c o n ce pts. -
In p a rti c u l a r, students s h o u l d k n ow somet h i n g a bout 1 Pv4 a d d resses, n etwork prefi xes (a n d
n e t m a s ks), defa u lt gateways a n d b a s i c ro u t i n g , network i nte rfa ces, /etc/hosts, a n d n a m e
res o l u t i o n . -
[ s t ud e n t@demo - ] $ nmcli d e v s t a t u s
DEVICE TYPE STATE CONN ECTION -
enol ethe rnet connected enol
ethe ethernet connected s t a t ic - e t h e
eno2 ethe rnet disconnected
lo loopback u nmanaged -
...
A d d i n g a netwo r k c o n n e c t i o n
-
T h e ip add r s how com m a n d d i s p l ays the c u rrent confi g u ra t i o n of network i nte rfa ces o n t h e
- system. To l i st o n l y a s i n g l e i nt e rface, a d d t h e i n t e rface n a m e a s t h e l a st a rg u m ent:
0 1 i n k /e t h e r 5 2 : 54 : 00 : 00 : 00 : 0b brd ff : ff : ff : ff : ff : ff
-
E» i n e t 172. 2 5 . 0 . 11/16 b r d 1 7 2 . 2 5 . 255 . 2 5 5 scope global e t h 0
valid_lft f o r e v e r p r efe r r ed_lft f o r ev e r
- C» i n e t 6
fe80 : : 50 54 : ff : fe00 : b / 64 s c op e l i n k
valid_lft fo reve r p r efe r r ed_lft f o r eve r
-
O A n a ct i ve i nt e rface is UP.
O The lin k/e t h e r l i n e specifies t h e h a rd wa re ( M A C ) a d d ress of t h e d evice.
-
Ad d i n g a n etwo r k co n n e ct i o n
The nmcli con add co m m a n d i s u sed to a d d n e w n etwork connections. The exa m p l e nmcli
- con add com m a n d s that fo l l ow a s s u m e that the n a m e of the network c o n n e c t i o n b e i n g a d d e d is
not a l re a d y i n use.
-
The fo l l owi n g co m m a nd w i l l add a new c o n n e c t i o n for the i n t e rfa ce eno2, which w i l l get 1 Pv4
netwo r k i n g i nfo r m a t i o n u s i n g D H C P a nd w i l l a utocon nect on sta rtu p. The config u ra t i o n w i l l be
saved in /et c/sysconfig/netwo r k - sc ript s/ifcfg - eno2 because the con - name i s eno2.
-
The next exa m p l e config u res the eno2 i nterface statica l l y i n stea d , u s i n g the 1 Pv4 a d d ress a n d
network prefix 1 92.1 68.0.5/24 a n d defa u l t g a teway 192.1 6 8.0.254, b u t sti l l a utoco n n ects a t
sta r t u p a n d saves i t s confi g u ra t i o n i nto t h e s a m e f i l e. T h e exa m p l e is l i ne-wra p p e d w i t h a s h e l l \
-
esca pe.
I
H
I
[ r oo t@demo - ] # nmcli con add con - name eno2 type e t h e r n e t ifname eno2 \
-
> ip4 192 . 168 . 0 . 5/24 gw4 192 . 168 . 0 . 254
I
-
Cont ro l l i n g n etwo r k co n n ec t i o n s
T h e nmcli con u p name c o m m a n d w i l l activate t h e con n ection name o n t h e netwo r k i n t e rface
-
it is b o u n d to. Note that the c o m m a n d ta kes the n a m e of a connection, not the n a m e of t h e
-
R H 254- R H E L 7-en-1 -20140711 25
-
I [ r oot@demo - ] # nmcli c o n up s t at ic - e t h0
[
-
The nmcli dev disconnect de vi c e com m a n d w i l l d i scon nect the n etwo r k i n te rface device
a n d b ri n g i t d o w n . T h i s co m m a n d can be a b b reviated nmcli dev dis de vi c e :
-
I m p o rta nt
Use nmcli dev dis de vi c e to d eactivate a n etwo r k i nterfa ce. -
The co m m a n d nmcli con down name i s n o r m a l l y not the best way to deactivate
a network i nterface. T h i s com m a n d wi l l b ri n g down t h e c o n n e ct i o n . B u t by d e fa u lt, -
-
M od i fyi n g n etwo rk co n n ec t i o n sett i n g s
N etwork M a n a g e r co n n ecti o n s have two k i n d s o f sett i n gs. There a re static c o n n ect i o n
properties, w h i c h a re confi g u red by t h e a d m i n istrator a n d stored i n t h e config u ra t i o n f i l es i n -
Ie t c/sysconf ig/netwo r k - s c r i p t s / i fcfg - * . T h e re m a y a l so be active con n e cti o n data,
which t h e c o n n ec t i o n gets from a D H C P server and which a re not stored persistently.
-
To l i st t h e c u rrent sett i n g s for a con n e cti o n , r u n t h e nmcli con show name com m a n d , where
name is t h e n a m e of t h e c o n n ection. Sett i n g s i n lowercase a re static properties the a d m i n istrator
can c h a n g e ; sett i n gs i n a l l caps a re active sett i n g s in tem porary use for this i n stance of t h e -
c o n n ecti o n .
-
-
c o n n e c t i o n . id : s t at i c - e t h 0
-
c o n n e c t io n . uu id : 8 7 b5 3 c 5 6 - 1f5d - 4a29 - a869 - 8 a 7 b d af 5 6 d f a
c o n n e c t io n . in t e r f ac e - n ame :
c o n n e c t io n . type : 802 - 3 - e t h e r n e t
- c o n n e c t io n . a u t o c o n n e c t : yes
c o n n e c t io n . t i me s t amp : 140180345 3 .
c o n n e c t i o n . read - only : no
c o n n e c t io n . pe rm i s s i on s :
-
c o n n e c t i o n . zo n e :
c o n n e c t io n . ma s t e r :
c o n n e c t io n . slave - type :
c o n n e c t i o n . se c o n d a r i e s :
-
c o n n e c t io n . g a t eway -pin g - t imeo u t : 0
802 - 3 - e t h e r n e t . po r t :
802 - 3 - e t h e r n e t . speed : 0
- 802 - 3 - e t h e r ne t . d uplex :
802 - 3 - e t he r ne t . a u t o - n e g o t i a t e : yes
802 - 3 - e t h e r n e t . mac - ad d r e s s : CA : 9D : E9 : 2A : CE : F0
802 - 3 - e t h e r ne t . c l o n e d - mac - ad d r e s s :
-
802 - 3 - e t h e r n e t . mac - ad d r e s s - blac kli s t :
802 - 3 - e t h e r n e t . m t u : auto
802 - 3 - e t h e r ne t . s 3 90 - s u b c h a n n e l s :
-
802 - 3 - e t h e r n e t . s 3 9 0 - ne t t ype :
802 - 3 - et h e r n e t . s 3 9 0 - op t io n s :
ipv4 . me t h o d : man u al
ipv4 . d n s : 1 9 2 . 168 . 0 . 254
- ipv4 . d n s - s e a r c h : e xample . com
ipv4 . ad d r e s s e s : { ip = 192 . 168 . 0 . 2/24 , gw = 192 . 168 . 0 . 254 }
ipv4 . r o u t e s :
ipv4 . ig n o r e - au t o - ro u t e s : no
-
ipv4 . ig n o r e - au t o - d n s : no
ipv4 . d h cp - c lie n t - id :
ipv4 . d h cp - s e n d - h o s t n ame : yes
-
ipv4 . d h cp - h o s t name :
ipv4 . n eve r - d e f a u l t : no
ipv4 . may - fail : yes
To set the 1 Pv4 a d d ress to 1 92.0.2.2/24 a n d d e fa u l t gateway to 1 92.0.2.254 for the c o n n ection
s t a t i c - et h0:
-
[ root@demo - ] # nmcli con mod s t a t ic - e t h 0 ipv4 . addresses " 192 . 0 . 2 . 2/24 192 . 0 . 2 . 254"
9
-
I m p o rt a n t
I f a c o n n e c t i o n t h a t got its 1 Pv4 i n fo r m a t i o n from a D H C Pv4 server i s b e i n g c h a nged
-
to g et i t from sta t i c conf i g u ra t i o n f i l es o n l y, t h e sett i n g i pv4 . met hod s h o u l d a l s o b e
c h a n g e d from a u t o to manual. o t h e r w ise, t h e c o n n e c t i o n m a y h a n g o r not com p l ete
s u ccessf u l l y when it is activated , o r it may get an 1 Pv4 a d d ress from D H C P in a d d ition
to t h e stat i c a d d ress.
...
-
C h a pter 2. M a n a g i ng 1 Pv 6 N etwo r k i n g
-
J
'
[ root@demo - ] # nmcli con mod s t atic - ethe +ipv4 . dn s 192 . 0 . 2 . 1
.....,. ___,___
� _ - ��---
-
By defa u lt, c h a nges m a d e w i t h nmcli con mod name a re a utomatica l l y saved to
/ e t c / sysconfig/netwo r k - sc r i p t s /ifcfg - name. That f i l e can a l so b e m a n u a l l y e d ited
with a text editor. After d o i n g so, run nmcli con reload so that Netwo r k M a n a g e r rea d s the -
confi g u ra t i o n c h a nges.
Fo r backward-compati b i l ity rea sons, t h e d i rectives saved i n that file have d i fferent n a m es a n d -
syntax t h a n t h e nm - se t t ings(5) n a m es. T h e fo l l ow i n g ta b l e m a p s s o m e o f t h e key sett i n g
n a mes to i fcfg - * d i rectives.
-
Comparison of nm- setti ngs and ifcfg· * Directives
nmcli c o n mod i f c f g - * file Effe c t
-
i pv4 . me t hod manu al BOOTPROTO=none 1 Pv4 a d d resses confi g u re d
statica l l y.
ipv4 . met hod au t o BOOTPROTO=dhcp W i l l l o o k for confi g u ra t i o n -
sett i n g s f r o m a D H C Pv4
server. I f static a d d resses a re
a lso set, w i l l not b r i n g t h ose -
u p u n t i l we have i n f o r m a t i o n
f r o m D H C Pv4.
!
r· ···-- � - - - -
.. -- '
; -
i pv4 . add resses l Sets static 1 Pv4 a d d ress,
IPADDR9=192 . 9 . 2 . 1
" 192 . 0 . 2 . 1/24 PREFIX0=24 ' network prefix, and d e fa u lt
l
19 2 . 0 . 2 . 254 " ' GATEWAY9=192 . 0 . 2 . 254 gateway. I f more t h a n o n e i s
. . -- -- - --- - - --��--- - �- - - -: s e t for t h e connect i o n , t h e n -
i nstead o f 0, t h e ifcfg - *
d i rectives e n d w i t h 1 , 2, 3 a n d
-
so o n .
i pv4 . d n s 8 . 8 . 8 . 8 DNSE>=8 . 8 . 8 . 8 Modify / e t c / resolv . c o n f
t o use t h i s name s e rv e r . -
server.
connec t ion . autoconnect ON BOOT=yes Automatica l l y act ivate t h i s
-
yes connection at boot.
connec t ion . id e t h E> NAME= e t h E> The name of this co n n ec t i o n .
connec t ion . in t e rfac e - DEVICE=e t h E> The c o n n ection i s b o u n d t o -
D e l e t i n g a n etwork c o n n e c t i o n
-
A I m p o rta nt
-
T Beca use N etwo r k M a n a g e r tends to d i rect l y m o d i fy the / e t c / resolv . conf f i l e , d i rect
e d its to t h a t f i l e m a y be ove rwritten.
-
To c h a n g e sett i n g s in t h a t f i l e, i t i s better to set DNSn and DOMAIN d i rectives in t h e
re l eva n t Ie t c / sysconf ig/netwo r k - s c r i p t s / i fcfg - * f i l es.
-
D e l et i n g a n etwo r k co n n ect i o n
-
T h e nmcli con del name c o m m a n d w i l l d e l ete t h e c o n n ection n a m ed
name from t h e syste m , d i sco n n ecti n g it from t h e d evice a n d remov i n g t h e f i l e
/ e t c / sysconfig/ n e t wo r k - sc ript s/ifcfg - name.
-
M od i fy i n g t h e syste m h ost n a m e
... T h e h o s t n ame com m a n d d i s p l ays o r tempora r i l y m o d i fies t h e syste m ' s f u l l y q u a l i f i e d host n a m e .
- - -� - �-�-
I l
i [ r o o t@demo - ] # host name
- demo . example . com
--�--� - � ----- __ _____j
-
� I m p o rt a n t
T The stat ic host n a m e i s stored i n / e t c / h o s t name. P revi o u s vers i o n s
- of Red H a t E n t e r p r i se L i n u x stored t h e h o s t n a m e a s a va ri a b l e i n t h e
/ e t c/sysconfig/netwo r k f i l e.
-
R H 254-R H E L 7-en-1-20140711 29
-
C h a pter 2. M a n a g i ng 1 Pv 6 N etwo r k i n g
S u m m a ry of co m m a n d s
T h e fo l l ow i n g t a b l e i s a l ist of key co m m a n d s d i scussed i n t h i s sect i o n . -
Comm a n d P u r pose
-
nmcli dev s t a t u s S h ow t h e N etwo r k M a n a g e r status of a l l n etwork i nte rfa ces.
nmcli con s how L i st a l l c o n n e c t i o n s .
-
nmcli con show name L i st t h e c u rrent sett i ngs for t h e con n e c t i o n name.
nmcli con add con - name Add a n ew c o n n e c t i o n n a m e d name.
name . . .
-
R Refe re n ces
Netwo r kManag e r (8), nmcli(l ), nmcli - examples(5), nm - set t ings ( 5) ,
host name c t l(l ), r e solv . con f(5) , host name(5), ip( 8 ) , a n d ip - add ress(8) m a n -
pages
30 R H 254- R H E L7 - e n -1 -20140711 -
-
-
....
P ra ct i ce : C o n f i g u r i n g I Pv4 N etwo r k i n g
-
-
G u i d e d exe rc ise
-
Resou rces:
Files: / e t c / sysconfig/netwo r k - s c r i p t s/ifcfg - enol
- Machines: s e rve rx
Outcomes:
-
The enol n etwo r k i nte rface o n yo u r serverX m a c h i n e w i l l b e m a n a g ed by N etwo r k M a n a g e r
with a c o n n e c t i o n n a m e d e n o l . I t w i l l sta t i c a l l y confi g u re a n 1 Pv4 a d d ress of 1 92.1 6 8.0.1 /24
w i t h o u t a gateway. T h e host with a d d ress 1 92 .1 68 .0.254 c a n be referenced as " o t h e rhost".
-
• Beco m e t h e root u s e r.
-
[ s t u d e n t@s e r v e r X - ] $ sudo - i
-
D 1. Before m a k i n g a n y c h a nges, d i s p l a y t h e l i st o f exist i n g network i nt e rfaces to determ i n e
t h e syste m ' s sta rting confi g u ra t i o n . A l s o d ete r m i n e w h i c h i nte rfaces a re m a naged by
N etwork M a na g e r.
[ r oo t @ s e r v e r X - ] # ip link
1 : lo : <LOOPBAC K , U P , LOWER_UP> m t u 65536 qdisc n o q u e u e s t a t e UNKNOWN mode
- DEFAULT
lin k/loopbac k 00 : 00 : 00 : 00 : 00 : 00 brd 00 : 00 : 00 : 00 : 00 : 00
2 : e t h 0 : <BROADCAST , MU LT I CAST , U P , LOWER_UP> m t u 1500 q d i s c pfifo_f a s t s t a t e
UP m o d e DEFAULT q l e n 1000
l i n k / e t h e r 5 2 : 54 : 00 : 00 : 07 : 0b brd ff : ff : ff : ff : ff : ff
4 : e n o 1 : <BROADCAST , MU L T I CAST , U P , LOWER_U P> m t u 1500 q d i s c pfifo_fas t s t a t e
I
U P m o d e D EFAU LT q l e n 1000
- _ l i n k /e t h e r c a : 8a : 8f : 84 : e4 : 8f b r d ff : ff : ff : ff : ff : ff
....
D 2. C reate a N etwo r k M a n a g e r con nection, c a l l e d eno1, for t h e eno1 network i nte rface.
-
Red i s p l a y the l i st of m a n a g ed i nterfa ces to confirm N etwork M a n a g e r m a n a ges eno1.
I t w i l l have an 1 Pv6 l i n k- l o c a l a d d ress assigned to it (the a d d ress sta rting with fe80 : : ) ,
b u t it w i l l not have a n a u t o m a t i c 1 Pv4 a d d ress.
-
32 R H 254- R H E L 7 - e n -1 -20140711 -
-
G u i d ed exercise
D 6. Restart t h e eno1 network inte rface a n d conf i r m its new 1 Pv4 a d d ress confi g u ra t i o n .
-
D 6.1 . B o u n c e t h e e n o 1 i nterfa ce by ta k i n g it d o w n , t h e n b r i n g i n g it b a c k u p.
-
N ot i c e t h e new i n et a d d ress ent ry.
-
D 8. P i n g a n ot h e r 1 Pv4 host, with a d d ress 1 92 .1 68.0.254, to m a ke s u re it is rea c h a b l e by eno1.
-
[ r oot@s e r v e r x - ] # ping 192 . 168 . 0 . 254
P I N G 192.168. 0.254 ( 19 2.168.0.254 ) 56 ( 84 ) b y t e s of d a t a.
64 bytes f rom 192.168.0.254 : icmp_seq=1 t t l=64 t ime=0.165 ms
64 bytes f r om 192.168. 0. 2 54 : icmp_seq =2 t t l= 6 4 t ime=0.082 ms
- AC
- - - 192. 168.0. 2 54 ping s t at i s t ic s - - -
2 p ac k e t s t r a n s mi t t e d , 2 r eceived , 0% pac k e t lo s s , t ime 1010ms
r t t min/avg/max/mdev = 0.082/0.123/0.165/0.042 ms
-
D 9. Use t h e ip c o m m a n d to d i s p l ay t h e 1 Pv4 ro u t i n g ta b l e.
-
[ r o o t @ s e r v e r X - ] # i p route
d e f a u l t via 1 7 2 . 25 . 7 . 254 dev eth0 p r o t o s t atic me t r ic 1024
-
172 . 25 . 7 . 0/24 dev eth0 proto kernel s c ope l i n k s rc 17 2 . 25 . 7 . 11
1 7 2 . 25 . 253 . 254 via 172 . 2 5 . 7 . 254 d e v e t h 0 p r o t o s t at i c met r ic 1
192 . 168 . 0 . 0/24 dev enol p r o t o k e r nel s c ope lin k s rc 192 . 168 . 0 . 1
-
-
D 11. Config u re t h e hos t s f i l e so t h a t 1 92.1 68.0.254 ca n be refe re nced a s "otherhost".
[ r o o t @ s e r v e r x - ] # ping o t h e r host
PING o t h e r h o s t ( 19 2 . 168 . 0 . 2 54 ) 56 ( 84 ) bytes of d a t a .
64 b y t e s f r om o t h e r ho s t ( 19 2 . 168 . 0 . 2 54 ) : icmp_seq=l t tl=64 t ime=0 . 09 9 ms -
64 b y t e s f r om o t h e r ho s t ( 19 2 . 168 . 0 . 254 ) : icmp_s eq=2 t tl=64 t ime=0 . 07 0 m s
"C
- - - otherhost ping statistics - - -
-
2 p ac k e t s t r ansmit t e d , 2 r e c e ived , 0 % p a c k e t lo s s , t ime 1009ms
r t t min/avg /max/mdev = 0 . 0 7 0 / 0 . 084/0 . 09 9/ 0 . 017 ms
-
-
1 Pv 6 N etwo r k i n g Concepts
1 Pv 6 N etwo r k i n g Co n c e pt s
-
O bj e c t i ves
-
After c o m p l et i n g t h i s sect i o n , st u d e nts s h o u l d b e a b l e to ex p l a i n t h e b a s i c concepts o f 1 Pv6
a d d resses a n d n etwo r k i n g .
-
The key rea s o n 1 Pv 6 i s not yet i n wide d e p l oy m e n t is that t h e core p rotocol does not have a
s i m p l e way for syste m s that o n l y h ave 1 Pv 6 a d d resses to com m u n icate w i t h syste m s that o n l y
- have 1 Pv4 a d d resses.
N ote
T h e re a re a n u m be r of p ro m i s i n g t ra ns i t i o n met h o d s in d eve l o p m e n t to a l l ow 1 Pv6-o n l y
- h osts to u s e t h e 1 Pv4 I nternet o r s u p p o rt o t h e r fo r m s of 1 Pv4/ 1 Pv6 t ra n s l at i o n , s u c h
a s N AT64 ( R FC 61 45) a n d 464 X L AT ( R FC 6 877 ) , b u t t h ey a re beyo n d t h e scope o f t h i s
cou rse.
-
I nt e r p ret i n g 1 Pv6 a d d resses
1 Pv6 a d d resses
A n 1 Pv 6 a d d ress i s a 128-bit n u m be r, n o rm a l l y e x p ressed as e i g ht c o l o n -s e p a rated g ro u ps of fo u r
-
hexa d e c i m a l n i b b les ( h a l f-bytes). E a c h n i b b l e re p resents fo u r bits o f t h e 1 Pv6 a d d ress, s o e a c h
g ro u p represents 1 6 bits of t h e 1 Pv6 a d d ress.
- - - - - - -- - --�---�
-
!' 2991 : Gdb8 : GGGG : GG19 : 990G : GGGG : 0GGG : G9 9 1
-
R H254- R H E L 7 - en -1 -201 40711 35
....
-
.-
I
ZG01 : db8 : 0 : 10 : 0 : 0 : 0 : 1
I
ZG01 : db8 : 0 : 10 : : 1
N otice t h a t u n d e r t h ese r u l es, 2001 : db8 : : 0010 : 0 : 0 : 0 : 1 wou l d be a not h e r l ess conve n i e n t
w a y to w rite t h e exa m p l e a d d ress. B u t it i s a va l i d re p rese ntat i o n of t h e s a m e add ress, a n d t h i s
c a n c o n f u s e a d m i ni st rators n ew to 1 Pv6. Some t i p s for writ i n g consiste n t l y rea d a b l e a d d resses: -
I m p o rt a n t
W h e n i n c l u d i n g a TC P o r U D P network port after a n 1 Pv6 a d d ress, a l ways e n c l ose t h e
1 Pv6 a d d ress i n s q u a re b ra c kets so t h a t t h e p o rt d o e s n o t l o o k l i ke it is p a rt of t h e -
a d d ress.
IPv6 s u b nets
A n o r m a l u n icast a d d ress i s d iv i d e d i nto two pa rts: the network prefix and interface ID. The
n etwork p ref i x i d e ntifies the s u b net. No two network i nte rfa ces o n the same s u bnet can h a ve t h e -
/64. In this case, h a l f of the a d d ress i s the network p refix and h a l f of it i s the i n te rface I D. T h i s
m e a n s t h a t a s i n g l e s u b n et c a n h o l d a s m a ny h o s t s a s necessa ry.
-
-
-
-
-
n etwo r k pa rt i nte rfa ce I D
- -
-
I
-
- '/48 al:cat i o ;
- /1 6 fo r l oca l s u b nets
Figure 2. 1 : 1Pv6 address parts and subnetting
-
1 Pv6 a d d ress a l l ocat i o n
L i n k - l o c a l a d d resses
A link-local address in 1 Pv6 i s a n u n routa b l e a d d ress w h i c h i s used o n l y to ta l k to h osts o n a
specific network l i n k . Eve ry network i nte rface o n t h e system is a utomatica l ly confi g u re d with a
l i n k - l o c a l a d d ress on t h e fe80 : : network. To e n s u re that it is u n i q ue, t h e i nte rfa ce I D of t h e l i n k -
l oca l a d d ress i s constru cted from t h e network i nte rface's Ethernet h a rd wa re a d d ress. The u s u a l
proce d u re to co nvert t h e 48-bit MAC a d d ress to a 64-bit i n te rface I D i s to s e t b i t 7 of t h e MAC
a d d ress and i n se rt ff : fe betwe e n its two m i d d l e bytes. -
Fo r exa m p le, to use pings to ping the l i n k- l o c a l a d d ress fe80 : : 211 : 22ff : feaa : bbcc u s i n g
t h e l i n k con nected to t h e e t h e netwo r k i nterface, t h e correct co mma n d wo u l d b e :
-
N ote
/ · · .'--;
-
Scope i d e n t if i e rs a re o n l y n e e d e d w h e n contact i n g a d d resses t h a t h a ve " l i n k" scope.
N o r m a l g l o b a l a d d resses a re used j u st l i ke t h ey a re i n 1 Pv4, and s e l e ct t h e i r o u t b o u n d
inte rfa ces f r o m t h e ro u t i n g t a b l e.
-
M u l t i cast
-
M u lt i cast p l ays a l a rg e r ro l e in 1 Pv6 t h a n in 1 Pv4 beca u se t h e re i s no broadcast a d d ress i n
1 Pv6. O n e key m u lticast a d d ress i n 1 Pv6 i s ff02 : : 1 , t h e a l l -nodes l i n k- l o ca l a d d ress. Pi n g i n g
t h i s a d d ress w i l l s e n d traffic to a l l n o d e s o n t h e l i n k. L i n k-scope m u lticast a d d resses (st a r t i n g
-
ff02 : : /8) need to be s p e c i f i e d with a scope i d e nt i f i e r, j u st l i ke a l i n k - l oca l a d d ress.
1 Pv 6 a d d ress config u ra t i o n
-
Stati c a d d re s s i n g
-
I nterface I Ds for static 1 Pv6 a d d resses c a n b e s e l ected at w i l l , j u st l i ke 1 Pv4. I n 1 Pv4, t h e re were
two a d d resses o n a n etwork that cou l d not be u s e d , the l owest a d d ress in the s u bnet and t h e
-
h i g h est a d d ress i n t h e s u b net. I n 1 Pv6, t h e fo l l ow i n g i n te rface I Ds a re rese rved a n d ca n n ot b e
used for a n o r m a l n e t w o r k a d d ress o n a host.
-
• The a l l - z e ros i d e n t i f i e r 0000 : 0 0 0 0 : 0000 : 0000 ( " s u b net ro uter a nycast " ) u s e d by a l l routers
on t h e l i n k. ( Fo r t h e 2001 : db8 : : /64 n etwo rk, t h i s wo u l d be t h e a d d ress 2001 : db8 : : .)
D H C Pv6 confi g u ra t i o n
D H C Pv 6 works a l itt l e d iffere n t l y than DHCP for 1 Pv4, because t h e re i s n o broad cast a d d ress.
-
Essent ia l l y, a host s e n d s a D H C Pv6 requ est from its l i n k- l o c a l a d d ress to p o rt 547/ U D P on
ff02 : : 1 : 2, the a l l - d h c p-servers l i n k- l oca l m u l t i ca st g ro u p. The D H C Pv6 server t h e n u s u a l l y
s e n d s a re p l y w i t h a p p ro p riate i nfo r m a t i o n t o port 546/ U D P o n t h e c l i e nt ' s l i n k- l o c a l a d d ress.
-
-
S LAAC confi g u ra t i o n
In addition to D H C Pv6, 1 Pv6 a l so s u p ports a second dynamic config u ra t i o n method, ca l l ed
Stateless Address Autoconfiguration ( S L A A C ) . U s i n g S L AAC, the host b r i n g s up its i nte rface
-
with a l i n k- l o c a l fe80 : : /64 a d d ress n o rm a l l y. I t then sends a " ro u t e r s o l i c itat i o n " to ff02 : : 2,
t h e a l l -ro u t e rs l i n k- l o c a l m u l t icast g r o u p. A n 1 Pv6 ro uter o n t h e l oca l l i n k res p o n d s to t h e h o s t ' s
-
l i n k - l o c a l a d d ress w i t h a n etwo rk p refix a n d poss i b l y ot h e r i nfo r m a t i o n . T h e h o s t t h e n uses
that netwo r k prefix with a n i nterface ID that it n o rm a l l y constructs i n the same way that l i n k
l oca l a d d resses a re constructed. T h e rou t e r p e r i o d i ca l l y s e n d s m u l t i cast u p d ates ( " router
-
advert i s e m e nt s " ) to confirm o r u p d ate the i nf ormation it p rovi d e d .
I m p o rta nt
-
-
R H 2 5 4- R H E L 7 - e n -1 -201 40711 39
-
-
R Refe re n ces
-
-
-
-
P ra ct i ce: I n t e r p ret i n g 1 Pv6 A d d resses
- Quiz
M atch t h e fo l l owi n g c o m p ressed 1 Pv 6 a d d resses to t h e i r cou nterpa rts i n t h e ta b l e.
-
-
2800 : : 1 I 2001 : 3 : 788 : : 2 I I
2001 : 3 : : 7 : 8 : 2
-
2 0 0 1 : d b8 : 8 : 7 : : 2 I 2 0 8 1 : d b8 : : 7 : : 2 I��
ff02 : : 1 : 0 : 0
-
- 2 0 0 0 : 0 000 : 0 0 0 0 : 0 0 0 0 : 0 000 : 0 0 0 0 : 0 0 0 0 : 0 0 0 1
- 0 0 0 2 : 0000 : 00 0 0 : 0 0 0 0 : 0000 : 00 0 0 : 00 0 0 : 0 0 0 1
-
2 0 0 1 : 0 d b8 : 0 0 0 0 : 0 0 0 7 : 0 000 : 0 0 0 0 : 0 0 0 0 : 0 0 0 2
2 0 0 1 : 0003 : 0 0 0 0 : 0 0 0 0 : 0000 : 00 0 7 : 0 0 0 0 : 0 0 0 2
2 0 0 1 : 0003 : 0 7 0 0 : 0 0 0 0 : 0000 : 00 0 0 : 00 0 0 : 0 0 0 2
-
N ot a va l i d 1 Pv6 a d d ress
-
-
R H 254- R H E L 7 - e n -1 -20140711 41
-
-
Solution
-
Match t h e fo l l o w i n g c o m p ressed 1 Pv6 a d d resses t o t h e i r counterparts i n t h e t a b l e.
-
2001 : 00 0 3 : 0000 : 0000 : 00 0 0 : 0 0 0 7 : 0000 : 0 0 0 2 2001 : 3 : : 7 : 0 : 2
. .
0000 : 00 0 0 : 0000 : 0000 : 00 0 0 : 00 0 0 : 0000 : 00 0 0 . .
-
-
1 Pv 6 N etwo r k i n g Confi g u ra t i o n
-
1 Pv 6 N etwo r k i n g Co n f i g u ra t i o n
-
-
O bj ect i ves
After c o m p l et i n g t h i s sect i o n , st u d e nts s h o u l d b e a b l e to confi g u re 1 Pv 6 n etwo r k i n g u s i n g nmcli
and c o n fi g u ra t i o n f i l es in t h e / e t c / sysconfig/netwo r k - s c r i p t s d i recto ry.
-
N etwo r k M a n a g e r a n d l Pv6
-
To work w i t h 1 Pv 6 a d d resses u s i n g N etwo r k M a n a g e r, a l l t h e c o m ma n d s t h a t a re used with 1 Pv4
n etwo r k i n g work with 1 Pv6 netwo r k i n g . T h e re a re some d i fferent sett i n g s t h a t a re rel eva n t for
c o n n e c t i o n s , but m ost co m m a n d s w i l l be s i m i l a r for 1 Pv6 confi g u ra t i o n .
-
-
i [ r oo t@demo - ] # nmcli con add con - name eno2 t ype ethernet ifname eno2
L �������· ��-
- The n ext exa m p l e config u res t h e eno2 i n te rfa ce statica l l y i n stea d , u s i n g t h e 1 Pv6
a d d ress and n etwo rk p refix 2001 : d b8:0:1 ::c000:207/64 and defa u l t 1 Pv6 g a teway
2001 : d b 8:0:1 ::1 , a n d t h e 1 Pv4 a d d ress a n d n etwork prefix 1 92.0.2.7/24 a n d defa u lt 1 Pv4
- g ateway 1 92 .0.2.1 , but sti l l autoco n n ects a t start u p and saves its confi g u ra t i o n i nto
/ e t c / sysconfig/netwo r k - sc r i p t s/ifcfg - eno2. The exa m p l e i s l i ne-wra p ped with a s h e l l
\ escape.
r
-
I_
-
ipv6 . ip 6 - p r ivacy : - 1 ( u n k n own )
ipv6 . d h cp - h o s t n ame :
[ r oo t@demo - ] #
-
- RH254- R H E L 7 - en -1 -20140711 43
-
-
C h a pter 2. M a na g i ng 1 Pv 6 N etwo r k i n g
To set the 1 Pv6 a d d ress to 2001 : d b 8 :0:1::a 00:1/64 a n d defa u l t g ateway to 2001 : d b 8:0:1 ::1 for t h e -
c o n n ect i o n s t at ic - e t h a :
[ r oot@demo ] # nmcli c o n mod s t atic - et h 0 ipv6 . address " 20 0 1 : db8 : 0 : 1 : : a00 : 1/64
-
-
I m p o rt a n t
I f a c o n n ection t h a t g o t its 1 Pv6 i nfo r m a t i o n b y S LAAC o r a D H C Pv6 server i s b e i n g
-
-
A n u m b e r of sett i n g s may have m u l t i p l e va l u es. A specific va l u e can b e added to the l ist or
d e l eted from the l i st for a sett i n g by a d d i n g a + o r - sy m b o l to the start of the sett i n g n a m e.
con nection s t a t ic - e t h 0 :
-
[ r oot@demo - ] # nmcli c o n mod s t atic - et h 0 +ipv6 . dns 2 0 0 1 : 4860 : 4860 : : 8888
N ote
-
�····."':,
S t a t i c 1 Pv4 a n d 1 Pv 6 D N S sett i n g s a l l e n d u p a s namese rve r d i rectives i n
/ e t c / resolv . conf. I t m a y b e a good i d ea to e n s u re t h a t t h e re i s , at m i n i m u m , a n -
stat i ca l l y.
ipv6 . me t hod au t o I PV6_AUTOCON F=yes W i l l conf i g u re network
-
-
-
-
ipv6 . ignore - au t o - d n s I PV6-PEERDNS=no I g n ore DNS server
true i nfo r m a t i o n f r o m t h e D H C P
s e rver.
- connec t ion . au t oconnect ON BOOT=yes Automatica l l y a ct i vate t h i s
yes c o n n ection a t boot.
connec t ion . id e t h 0 NAME= e t h 0 T h e n a m e of t h i s c o n n e c t i o n .
-
C» u P , LOWER_UP>
[ s t u d e n t@demo - ] $ ip add r s how etha
E> 1 i n k /e t h e r 5 2 : 54 : 00 : 00 : 00 : 0 b b r d ff : ff : ff : ff : ff : ff
- E> i n e t 192 . 0 . 2 . 2/24 b r d 192 . 0 . 2 . 255 s c o pe global e t h 0
valid_l f t fo rever p r e fe r r ed_lft f o r ev e r
C» i n e t 6
2001 : d b8 : 0 : 1 : 50 54 : ff : fe00 : b /64 s c o pe g l o b a l
- valid_lft f o r ev e r p r e fe r r ed_l f t f o r e v e r
C> i n e t 6
fe80 : : 50 54 : ff : fe00 : b/64 s c o pe lin k
valid_lft fo reve r p r e fe r r ed_lft f o r e v e r
-
-
-
I
• 2001 : d b8 : 0 : 1 : : / 64 dev e t h 0 p r o t o k e r nel m e t r i c 256 -
L
-
I fe80 : : / 64 d e v eth0 p r o t o k e r nel m e t ric 256
d efa u l t via 2001 : d b 8 : 0 : 1 : : ffff d e v e t h 0 p r o t o s t atic m e t r i c 1024
______
______ _____ _,
____________
-
In t h e p revi o u s exa m p l e, i g n o re the u n reachable routes, w h i c h point at n etworks w h i c h a re
never to b e u s e d . That l eaves t h ree ro utes:
1. To the 2001 : d b8:0:1 ::/64 network u s i n g the ethO i nterface (w h i c h p res u m a b l y h a s a n a d d ress -
on t h a t n etwork).
2. To the feB0::/64 network u s i n g the ethO i nt e rface, for the l i n k- l oca l a d d ress. O n a system -
with m u l t i p l e inte rfa ces, t h e re wi l l b e a ro ute to feB0::/64 out each i nterface for each l i nk
l o c a l a d d ress.
-
3. A defa u l t route to a l l n etworks o n the 1 Pv 6 I nternet (the ::/0 network) that d o n ' t have a
more specific ro ute o n t h e syste m , t h ro u g h t h e router at 2001 : d b 8 :0:1 ::ffff, reac h a b l e with
t h e ethO d evi ce. -
C o n n ectivity
The ping6 c o m m a n d i s t h e 1 Pv6 vers i o n of ping in Red Hat E nterprise L i n u x. I t com m u n icates
-
over 1 Pv6 a n d can take 1 Pv6 a d d resses, but otherwise works l i ke ping.
"C
- - - 2001 : d b8 : 0 : 1 : : 1 p i n g s t a t i s t i c s - - -
3 pac k e t s t r ansmit t e d , 3 received , 0% pac k e t lo s s , t ime 2001ms
-
rtt min/av g/ max/mdev = 0 . 178/6 . 2 72/18 . 458/8 . 616 ms
[ r oot@demo - ] #
-
-
1 Pv 6 t ro u b l es h ooti n g too l s
64 bytes from fe80 : : 78cf : 7fff : fed2 : f97b : icmp_seq=1 ttl=64 time=22 . 7 ms
-
64 bytes from fe80 : : f482 : dbff : fe25 : 6a9f : icmp_seq=1 ttl=64 time=30 . 1 ms ( DUP ! )
64 bytes from fe80 : : 78cf : 7fff : fed2 : f97b : icmp_seq=2 ttl=64 time=0 . 183 ms
64 bytes from fe80 : : f482 : dbff : fe25 : 6a9f : icmp_seq=2 ttl=64 time=0 . 231 ms ( DUP ! )
-
"C
- - - ff02 : : 1%eth1 ping statistics - - -
2 packets transmitted, 2 received, +2 duplicates, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0 . 183/13 . 320/30 . 158/13 . 374 ms
-
Rout i n g
T h e t r acepat h 6 a n d t rac e r o u t e - 6 c o m m a n d s a re t h e e q u i va l e nt to t r acepat h a n d
1? : [LOCALHOST]
t r ace r o u t e fo r 1 Pv6.
-
Resume : pmtu 1500 hops 3 back 3
- Ports a n d se rvices
E i t h e r the s s com m a n d o r the net stat c o m m a n d c a n d i s p l ay i nfo r m a t i o n a bo u t network
- RH 25 4- R H E L 7-en-1 -20140711 47
-
-
R Refe re n ces
Ne two r kManager(8), nmcli(1 ) , nmcli - examples(5), nm - set t ings(5), ip(8), i p -
add ress(8), ip - r o u t e(8), ping6(8), t racepat h6(8), t race rou t e(8), ss(8), a n d
ne t s t at (8) m a n pages
-
48 R H 2 5 4- R H E L7 - e n - 1 -20 1 407 11 -
-
-
-
P ra ct i ce : C o nf i g u ri n g I Pv6 N etwo r k i n g
-
G u i d e d exe rc i s e
Res o u rces:
Files: /et c/sysconfig/netwo r k - s c r ip t s/ifcfg - enol
-
Machines: se rve rX
- Outcomes:
The enol network i nte rfa ce o n you r serverX m a c h i n e w i l l b e m a n a g e d by N etwo r k M a n a g e r
with a c o n n e ction n a m e d e n o l . I t wi l l statica l l y confi g u re a n 1 Pv6 a d d ress of
-
f d d b :fe2 a : a b1 e::c0a 8:1/64 a n d u s e fdd b:fe2a:a b1 e::c0a 8:fe/64 as t h e 1 Pv6 gateway.
[student@serverX
Log i nto a n d set up y o u r se rverx system.
-
[student@serverx
-
Become t h e root u s e r.
- - ] $ sudo - i
-
D 1 .1 . T h e i p l i n k c o m m a n d w i l l d i s p l ay a l l o f t h e network i nte rfa ces reco g n i ze d by
[ root@serverx - ] # ip link
1 : lo : <LOOPBACK, UP, LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
t h e system.
DEFAULT
-- - ---�----- - -� ------
--- -- -------- -
link/loopback 00 : 00 : 00 : 00 : 00 : 00 brd 00 : 00 : 00 : 00 : 00 : 00
-
2 : eth0 : <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP mode DEFAULT qlen 1000
link/ether 52 : 54 : 00 : 00 : 07 : 0b brd ff : ff : ff : ff : ff : ff
-
4 : enol : <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP mode DEFAULT qlen 1000
link/ether ce : c4 : 7c : 28 : 4c : 7a brd ff : ff : ff : ff : ff : ff
-
---�------------ -- - - --
-
-
-
[ root@serverX -]# nmcli con add con - name enol type e t h e r net ifname enol
D 2 .1 .
added . -
4 : encl : <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
D i s p l ay the c u r rent IP a d d ress i nformation for enol.
qlen 1000
-
link/ether 06 : 8f : 6e : 13 : 6e : 8e brd ff : ff : ff : ff : ff : ff
inet6 fe80 : : 48f : 6eff : fe13 : 6e8e/64 scope link
valid_lft forever preferred_lft forever
-
[ root@serverx - ] # nmcli c o n
ipv6 . method : auto
connection.
-
ipv6 . dns :
ipv6 . dns-search :
ipv6 . addresses :
show enol g rep ipv6
ipv6 . routes :
-
D 5. Confi g u re enol to have a stat i c 1 Pv6 a d d ress of fddb : fe2a : able : : c0a8 : 1 with a
sta n d a rd /64 s u b n et p refix. U s e fddb : fe2a : able : : c0a8 : fe as t h e 1 Pv6 g ateway.
-
-
-
[ root@serverX - ] # nmcli con m o d e n o 1 ipvS . add resses ' fddb : fe2a : ab 1e : : c0a8 : 1/S4
G u i d ed exercise
D 6. Resta rt the enol network i nte rfa ce a n d confi r m its new 1 Pv6 a d d ress confi g u ra t i o n .
-
4 : enol : <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast state
-
UP qlen 1000
link/ether 06 : 8f : 6e : 13 : 6e : 8e brd ff : ff : ff : ff : ff : ff
,-
I
L__________
-
N otice t h e g l o b a l a d d ress, fd d b :fe2a:ab1e::c0a 8:1/64, is ava i l a b l e for use.
PING fddb : fe2a : ab1e : : c0a8 : 1( fddb : fe2a : ab1e : : c0a8 : 1) 56 data bytes
Ping enol ' s own 1 Pv 6 a d d ress.
-
64 bytes from fddb : fe2a : ab1e : : c0a8 : 1 : icmp_seq=l ttl=64 time=0 . 141 ms
.--- -
64 bytes from fddb : fe2a : ab1e : : c0a8 : 1 : icmp_seq=2 ttl=64 time=0 . 081 ms
- - - fddb : fe2a : ab1e : : c0a8 : 1 ping statistics - - -
-
D 8.
PING fddb : fe2a : ab1e : : c0a8 : fe(fddb : fe2a : ab1e : : c0a8 : fe ) 56 data bytes
P i n g t h e 1 Pv6 g ateway to m a ke s u re it i s reac h a b l e by enol.
64 bytes from fddb : fe2a : ab1e : : c0a8 : fe : icmp_seq=l ttl=64 time=0 . 254 ms
64 bytes from fddb : fe2a : ab1e : : c0a8 : fe : icmp_seq=2 ttl=64 time=0 . 123 ms
-
64 bytes from fddb : fe2a : ab1e : : c0a8 : fe : icmp_seq=3 ttl=64 time=0 . 119 ms
64 bytes from fddb : fe2a : ab1e : : c0a8 : fe : icmp_seq=4 ttl=64 time=0 . 123 ms
64 bytes from fddb : fe2a : ab1e : : c0a8 : fe : icmp_seq=5 ttl=64 time=0 . 090 ms
-
-
1-z;�o t@se � verX �] #
C h a pter 2. M a n a g i ng 1 Pv 6 N etwo r k i n g
fddb : fe2a : ab1e : : /64 dev eno1 proto kernel metric 256
fe80 : : /64 dev eth0 proto kernel metric 256
fe80 : : /64 dev eno1 proto kernel metric 256
default via fddb : fe2a : ab1e : : c0a8 : fe dev eno1 proto static metric 1024
-
64 bytes from fe80 : : fc46 : acff : fefe : 10b7 : icmp_seq=l ttl=64 time=0 . 298 ms
64 bytes from fe80 : : 707e : 68ff : fe3e : fd23 : icmp_seq=1 ttl=64 time=0 . 306 ms ( DUP ! )
64 bytes from fe80 : : 707e : 68ff : fe3e : fd23 : icmp_seq=2 ttl=64 time=0 . 125 ms
-
64 bytes from fe80 : : fc46 : acff : fefe : 10b7 : icmp_seq=2 ttl=64 time=0 . 161 ms ( DUP ! )
64 bytes from fe80 : : 707e : 68ff : fe3e : fd23 : icmp_seq=3 ttl=64 time=0 . 107 ms
64 bytes from fe80 : : fc46 : acff : fefe : 10b7 : icmp_seq=3 ttl=64 time=0 . 136 ms ( DUP ! )
-
64 bytes from fe80 : : 707e : 68ff : fe3e : fd23 : icmp_seq=4 ttl=64 time=0 . 111 ms
64 bytes from fe80 : : fc46 : acff : fefe : 10b7 : icmp_seq=4 ttl=64 time=0 . 143 ms ( DUP ! )
64 bytes from fe80 : : 707e : 68ff : fe3e : fd23 : icmp_seq=5 ttl=64 time=0 . 131 ms
64 bytes from fe80 : : fc46 : acff : fefe : 10b7 : icmp_seq=5 ttl=64 time=0 . 167 ms ( DUP ! )
-
64 bytes from fe80 : : 707e : 68ff : fe3e : fd23 : icmp_seq=6 ttl=64 time=0 . 109 ms
64 bytes from fe80 : : fc46 : acff : fefe : 10b7 : icmp_seq=6 ttl=64 time=0 . 141 ms ( DUP ! )
64 bytes from fe80 : : 707e : 68ff : fe3e : fd23 : icmp_seq=7 ttl=64 time=0 . 116 ms
64 bytes from fe80 : : fc46 : acff : fefe : 10b7 : icmp_seq=7 ttl=64 time=0 . 150 ms ( DUP ! )
-
52 R H254- R H E L 7 - e n -1 -20140711
-
-
/etc/sysconfig/network-scripts/ifcfg-enol
-
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
-
IPV6INIT=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
-
NAME=enol
UUID=4214d89b-f409-4853-8e31-4e673845elal
IPV6_AUTOCONF=n o
DEVICE=enol
ONBOOT=yes
-
PEERDNS=yes
-
PEERROUTES=yes
IPV6ADDR= fddb : fe2a : a b 1 e : : cea B : 1/64
IPV6_DEFAUL TGW= fddb : fe2a : a b1 e : : ce a B : fe
-
R H 254-R H E L7-e n -1 -201 40711 53
-
-
L a b: M a n a g i n g 1 Pv6 N etwo r k i n g
Pe rfo r m a nce c h ec k l i st
I n t h i s l a b, you w i l l assig n static 1 Pv4 a n d 1 Pv6 a d d resses to a network i nte rface.
Machines
�·i*-
-
;serverX
Outcomes:
i nterface. I t wi l l b e confi g u red statica l l y w i t h a n 1 Pv4 a d d ress of 192.1 68.0.1 0 0/24 and a n 1 Pv6
se rverX w i l l have a N etwork M a n a g e r c o n n ec t i o n , ca l l e d enol, that m a n a g es the enol n etwork
[student@serverx -]$
• Log into and set u p yo u r se rve rX syst e m .
[student@serverx -]$
• Become t h e r oot user.
-
sudo - i
4. Restart the enol network i n te rface and c o n f i r m its new 1 Pv4 and 1 Pv 6 a d d ress
confi g u ra t i o n .
-
5. P i n g t h e l o c a l 1 Pv4 g ateway, 192.1 6 8 .0.254, a n d t h e l oca l 1 Pv6 g ateway,
fdd b:fe2 a : a b1 e::c0a8:fe, to confi rm t hey c a n both be reac h e d t h ro u g h t h e enol i nte rface.
Output omitted
g r ade
. . . . . . . PASS
-�._ J
54 R H 254- R H E L 7 - e n -1 -20140711 -
-
Solution
-
-
Solution
I n t h i s l a b, you wi l l ass i g n sta t i c 1 Pv4 a n d 1 Pv6 a d d resses to a n etwork i nte rfa ce.
-
Outcomes:
- serverX w i l l have a N etwork M a n a g e r connection, ca l l ed enol, t h a t m a n ages t h e enol n etwork
i n te rface. I t w i l l b e config u red statica l l y w i t h a n 1 Pv4 a d d ress of 192.1 6 8 .0.1 00/24 and an 1 Pv6
a d d ress of fdd b:fe2 a : a bl e::c0 a 8 : 64/64.
-
Before you begin ...
• Reset t h e serverX system.
-
[student@serverx -]$
• Log i nto and set u p yo u r se rve rX syste m .
[student@serverx -]$
-
• Become t h e root u s e r.
L_
sudo - i
- __ ______
[ root@serverx -]# nmcli con add con - name eno1 type e t he rnet ifname eno1
Connection ' eno1 ' (0d687259-c64b-4e5b-bece-cabbe952e46f) successfully added .
i nte rface.
-
�
-
[ root@serverx -]#
[ root@serverX -]#
3. C o n fi g u re enol w i t h a stat i c 1 Pv6 a d d ress of fd d b:fe2 a : a ble::c0a8:64/64.
- ;------
- - - ---
- --
--�--- -�-- - -
� -- -- ----�-- --�-��- - �---
! nmcli con mod eno1 ipv6 . addresses fddb : fe2a : ab1e : : c0a8 : 64/64
I nmcli con mod eno1 ipv6 . method manual
- --- I
-
4. Resta rt t h e enol network i nte rface a n d confirm its n e w 1 Pv4 a n d 1 Pv6 a d d ress
c o n fi g u ra t i o n .
-
4.1 . B o u nce t h e enol i nte rfa ce by ta k i n g it down, t h e n b r i n g i n g it b a c k u p.
-
R H 2 5 4- R H E L7-en-1-20140711 55
-
[ root@serverx - ] # nmcli c o n down enol
C h a pter 2. M a n a g i n g 1 Pv 6 N etwo r k i n g
qlen 1000
link/ether ca : 8a : 8f : 84 : e4 : 8f brd ff : ff : ff : ff : ff : ff
inet 192 . 168 . 0 . 100/24 brd 192 . 168 . 0 . 255 scope global eno1
-
. . . Output omitted . . .
56 R H 254- R H E L7 - e n -1 -20140711 -
-
Solution
-
S u m m a ry
-
-
-
-
'
�
I
--
58
......