Lab 5: Networking Essentials¶
Objectives¶
After completing this lab, you will be able to:
- Create virtual network devices
- Manage network devices and settings on a Linux system using the
iproute2
(ip
) toolkit - Manage network devices and settings on a Linux system using NetworkManager (
nmcli
) toolkit - Troubleshoot common network issues
Estimated time to complete this lab: 60 minutes
Overview¶
This Networking Essentials lab covers various network configuration and troubleshooting exercises on a Linux server. You will be better equipped to manage and troubleshoot network settings using common networking utilities readily available on Linux based systems.
Exercise 1¶
Change Hostname¶
There are many methods for identifying or referring to computers. Some of these methods guarantee uniqueness [ especially on a network], and others don't. A computer hostname can be regarded as a human-friendly name. Computer hostnames should ideally be unique depending on how they are managed and assigned. But because anyone with the Administrative privileges on a system can unilaterally assign whatever hostname they want to the system - uniqueness is not always guaranteed.
This first exercise walks through some common tools for managing the computer hostname.
To change the system's hostname¶
While logged into your system, view the current hostname, using the popular
hostname
utility. Type:hostname
Run the
hostname
utility again with a different option to view the server's FQDN:hostname --fqdn
Question
What does FQDN stand for? And why is the result of your server plain server hostname different from its FQDN?
Use the
hostnamectl
utility to view the current hostnames. Type:hostnamectl
That's a lot of extra information!
Add the
--static
option to thehostnamectl
command to view the static hostname for your server. Type:hostnamectl --static
Add the
--transient
option to thehostnamectl
command to view the transient hostname for your server.Now try the
--pretty
option to thehostnamectl
command to view the pretty hostname for your server.Set a new transient hostname for your server. Type:
hostnamectl --transient set-hostname my-temp-server1
Verify the transient hostname change. Type:
hostnamectl --transient
Set a new static hostname for your server. Type:
hostnamectl set-hostname my-static-hostname1
Verify the static hostname change.
Question
Consult the man page for
hostnamectl
. What are the differences between pretty, transient and static hostnames?
Exercise 2¶
The first critical step you need to complete before going on to the other exercises in this network lab will be creating a special virtual network interface known as a MACVTAP device.
MACVTAP devices are virtual devices that combine the properties of a software-only interface known as a TAP device as well as the properties of the MACVLAN driver.
Creating and working with these MACVTAP devices will allow you to safely test, change, and configure various network configuration-related tasks. These virtual network interfaces will be used in various exercises without disrupting the existing network configuration.
Tip
TAP devices provide a software-only interface that user-space applications can easily access. TAP devices send and receive raw Ethernet frames. MACVLAN is used for creating virtual network interfaces that attach to physical network interfaces. The MACVTAP devices have their own unique MAC address distinct from the MAC address of the underlying physical network card they are associated with.
Create MACVTAP Interfaces¶
This exercise starts with creating needed MACVTAP virtual network interfaces. This will allow you to safely test, change, and configure various network configuration related tasks. These virtual network interfaces will be used in various exercises without disrupting the existing network configuration.
To list all network interfaces on the system¶
Ensure you are logged into the server.
Use the
ip
program to view the existing network interfaces on your system. Type:ip link show
Try using the
nmcli
command to list all the network devices. Type:nmcli -f DEVICE device
Query the low-level /sys virtual file-system to enumerate ALL network interfaces available on your server manually. Type:
ls -l /sys/class/net/ | grep -v 'total' | awk '{print $9}'
To create macvtap
interfaces¶
Ensure you are logged into the system as a user with Administrative privileges.
You need query for and identify the proper network device types that are available on your server to be able to associate with
macvtap
device. Type:ls -l /sys/class/net/ | grep -v 'virtual\|total' | tail -n 1 | awk '{print $9}' eno2
The output on the sample demo system shows one suitable interface named eno2.
Run the command to identify the device again but this time store the returned value in a variable named $DEVICE1. Double check the value of $DEVICE1 using echo. Type the following 2 separate commands to accomplish this:
# DEVICE1=$(ls -l /sys/class/net/ | grep -v 'virtual\|total' | tail -n 1 | awk '{print $9}') # echo $DEVICE1
Now, create a MACVTAP interface named -
macvtap1
. The new interface will be associated with $DEVICE1. Type:ip link add link $DEVICE1 name macvtap1 type macvtap mode bridge
Verify the creation of
macvtap1
interface. Type:ip --brief link show macvtap1
Note the DOWN state of the
macvtap
interface in the output.View detailed information about all the MACVTAP-type network devices on the system. Type:
ip --detail link show type macvtap
Run a command to view all the network interfaces on the server and compare the output to the output of the similar command in the earlier section "To list all network interfaces on the system".
Enable/Disable Network Interface¶
To enable or disable a network interface¶
Check the status of the
macvtap1
network interface. Type:ip link show macvtap1
Enable the
macvtap1
network interface (if it's currently disabled). Run:ip link set macvtap1 up
Verify the status changes by running:
ip -br link show macvtap1
Tip
If you ever need to disable a network interface, the syntax for
ip
command to do this isip link set <IFNAME> down
. For example to disable a network interface namedmacvtap7
, you would run:ip link set macvtap7 down
Now that you have set up the macvtap
interfaces, you safely perform the various network configuration and troubleshooting tasks in the remaining exercises.
Exercise 3¶
Assign IP Addresses¶
To set an IP addresses on a network interface¶
View the IP addresses for all network interfaces on your server. Type:
ip address show
Assign the IP address - 172.16.99.100 - to
macvtap1
. Typeip address add 172.16.99.100/24 dev macvtap1
Verify the IP address assignment for
macvtap1
ip address show macvtap1
Use the
nmcli
command to view the IPv4 addresses for all interfaces on your system. Type:nmcli --get-values IP4.ADDRESS,GENERAL.DEVICE device show
Exercise 4¶
Configure IPv6 Addresses¶
To assign IPv6 addresses to macvtap
interfaces¶
Starting with
macvtap1
, assign the 2001:db8::1/64 IPv6 address tomacvtap1
by running:ip -6 address add 2001:db8::1/64 dev macvtap1
Verify the IPv6 address assignments, type:
ip --brief -6 address show macvtap1 && ip -br -6 address show macvtap1
Use
nmcli
to view the IPv6 addresses for all interfaces on your system. Type:nmcli --get-values IP6.ADDRESS,GENERAL.DEVICE device show
Exercise 5¶
Routing management¶
To view the system's routing table¶
Display the current routing table for the system. Type:
ip route show default via 192.168.2.1 dev enp1s0 proto dhcp src 192.168.2.121 metric 100 10.99.99.0/24 dev tunA proto kernel scope link src 10.99.99.1 metric 450 linkdown 192.168.2.0/24 dev enp1s0 proto kernel scope link src 192.168.2.121 metric 100
Using one of the networks displayed in the leftmost column of the previous command's output as the argument, display the route table entry for that network. For example to show the kernel route table entry for the 10.99.99.0/24 network, type:
ip route show 10.99.99.0/24
Query the system to see the route that will be used to get to an example arbitrary destination. For example to view the routing details for getting to the destination IP address 8.8.8.8, type:
ip route get 8.8.8.8 8.8.8.8 via 192.168.2.1 dev enp1s0 src 192.168.2.121 uid 0 cache
Here is a breakdown of the output in plain-speak:
- Destination IP Address: 8.8.8.8 is the IP address that we are trying to reach
- Via: 192.168.2.1 is the next hop IP address that the packet will be sent to reach the destination
- Device:
enp1s0
is the network interface that will be used to send the packet - Source IP Address: 192.168.2.121 is the IP address of the network interface that will be used as the source address for the packet
- UID: 0 is the user ID of the process that initiated this command
- Cache: This field indicates whether this route is cached in the kernel’s routing table
Now view how the system will route a packet from one IP to another destination IP address. Type:
ip route get from 192.168.1.1 to 192.168.1.2 local 192.168.1.2 from 192.168.1.1 dev lo uid 0 cache <local>
Set Default Gateway¶
To configure a default gateway for the system¶
Use
ip
to query for and list the current default gateway on your system. Type:ip route show default
Set a default gateway via the
macvtap1
interface. Type:ip route add default via 192.168.1.1
Verify the new default gateway configuration
ip route show default
Add Static Route¶
To add a static route to the routing table¶
Add a demo static route for a bogus 172.16.0.0/16 network via 192.168.1.2. Type:
ip route add 172.16.0.0/16 via 192.168.1.2
Verify the addition of the static route by running:
ip route show 172.16.0.0/16
Delete Static Route¶
To Remove a static route from the routing table¶
Delete the static route for 10.0.0.0/24
ip route del 10.0.0.0/24 via 192.168.1.2
Verify the removal of the static route
ip route show
Exercise 6¶
Deleting IP addresses¶
This exercise walks through how to delete configured IP (IPv4 and IPv6) addresses on network interfaces.
Delete IPv4 Address¶
To remove an assigned IP address from a network interface¶
Delete the IP address on
macvtap1
. Type:ip address del 172.16.99.100/24 dev macvtap1
Verify the removal of the IP address by running:
ip address show macvtap1
Delete IPv6 Address¶
To remove an assigned IPv6 address from a network interface¶
Delete the IPv6 address on
macvtap1
with this command:ip -6 address del 2001:db8::1/64 dev macvtap1
Verify the removal of the IPv6 address with:
ip -6 address show macvtap1
Exercise 7¶
Configure Network Interfaces via nmcli
¶
This exercise shows how to configure network interfaces using the NetworkManager tooling.
Note
By default, any network configuration changes done using nmcli
(NetworkManager) will persist between system reboots.
This is in contrast to the configuration changes that are done with the ip
utility.
To create a macvtap
interface using nmcli
¶
Start by listing all available network devices by running:
nmcli device
Next, identify an underlying network device with which to associate the new MACVTAP interface. Save the value of the identified device in the variable $DEVICE2. Type:
DEVICE2=$(ls -l /sys/class/net/ | grep -v 'virtual\|total' | tail -n 1 | awk '{print $9}')
Now, create a new NetworkManager connection called
macvtap2
and an associated MACVTAP interface named -macvtap2
. The new interface will be associated with $DEVICE2. Type:nmcli con add con-name macvtap2 type macvlan mode bridge tap yes dev $DEVICE2 ifname macvtap2
Use
nmcli
to verify the creation ofmacvtap2
interface. Type:nmcli device show macvtap2
Use
nmcli
to verify the creation ofmacvtap2
connection. Type:nmcli connection show macvtap2
Similarly use
ip
to verify the creation ofmacvtap2
interface. Type:ip --brief link show macvtap2
Note the output's UP state of the
macvtap
interface.Question
What is the difference between the concept of a connection and that of a device in NetworkManager?
To modify interface network configuration with nmcli
¶
Start by querying for the IPv4 address for the new
macvtap2
interface by running:nmcli -f ipv4.addresses con show macvtap2
The value of the ipv4.addresses property should be empty.
Configure the
macvtap2
connection with these settings:- IPv4 Method = manual
- IPv4 Addresses = 172.16.99.200/24
- Gateway = 172.16.99.1
- DNS Servers = 8.8.8.8 and 8.8.4.4
- DNS Search domain = example.com
Type:
nmcli connection modify macvtap2 ipv4.method manual \ ipv4.addresses 172.16.99.200/24 ipv4.gateway 172.16.99.1 \ ipv4.dns 8.8.8.8,8.8.4.4 ipv4.dns-search example.com
Verify the new IPv4 address setting by running:
nmcli -f ipv4.addresses con show macvtap2
Run a slightly different variation of the previous command to include the runtime configuration of the given settings. Type:
nmcli -f ipv4.addresses,IP4.ADDRESS con show macvtap2
Question
What is the difference between these NetworkManager properties - ipv4.addresses and IP4.ADDRESS?
Check the changes to the network connection using the
ip
command. Type:ip -br address show dev macvtap2
To properly apply the new settings and make them the new runtime values, use
nmcli
to first toggle the connection down (i.e. deactivate it). Type:nmcli connection down macvtap2 Connection macvtap2 successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
Now activate the new connection to apply the new settings. Type:
nmcli connection up macvtap2 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
View the final setting using the ip utility. Type:
ip -br address show dev macvtap2
Exercise 8¶
Configure DNS Servers¶
To set DNS server addresses for the system¶
Configure DNS servers for
macvtap1
nmcli con mod macvtap1 ipv4.dns 8.8.8.8, 8.8.4.4
Verify the DNS server configuration
nmcli con show macvtap1 | grep DNS
Exercise 9¶
Troubleshoot network issues¶
To Identify and troubleshoot common network issues¶
Check the status of network interfaces
ip link show
Test network connectivity to a remote host (e.g., google.com)
ping google.com
Try pinging the local gateway. Type:
ping _gateway
Question
Through what mechanism is your system able to correctly resolve the name
_gateway
to the proper IP address for your locally configured default gateway?
View Active Connections¶
To List all active network connections¶
List all active network connections
ss -tuln
Monitor Network Traffic¶
To monitor network traffic in real-time¶
Capture network traffic on a specific interface (e.g.,
macvtap1
)tcpdump -i macvtap1
Analyze captured packets and observe network activity. You can stop the packet capture when done by pressing Ctrl+C
View Network Logs¶
To view NetworkManager daemon related logs for troubleshooting¶
View network-related logs
journalctl -u NetworkManager
Author: Wale Soyinka
Contributors: Steven Spencer, Ganna Zhyrnova