summaryrefslogtreecommitdiffstats
path: root/README.networking
diff options
context:
space:
mode:
Diffstat (limited to 'README.networking')
-rw-r--r--README.networking554
1 files changed, 0 insertions, 554 deletions
diff --git a/README.networking b/README.networking
deleted file mode 100644
index 835db50..0000000
--- a/README.networking
+++ /dev/null
@@ -1,554 +0,0 @@
-Slackware Network Configuration
-===============================
-
-Networking in Slackware is configured by the /etc/rc.d/rc.inet1 script, and the
-configuration file /etc/rc.d/rc.inet1.conf. Wireless interfaces are configured
-just like any network interface, but accept many more configuration parameters.
-
-The rc.inet1.conf file contains a series of variable array definitions, with
-each array index corresponding to a single network interface. This means that
-each set of parameters with an index of 0 configure the first interface (since
-indexing starts at 0), parameters with an index of 1 configure the second
-interface, and so on. Not all parameters need to be set for each type of
-interface, or interface number. This is better illustrated with examples,
-which you will find in the documentation below.
-
-
-Starting and Stopping Interfaces
---------------------------------
-The way to start networking (configuring all NICs, bringing the interfaces up,
-and creating a default route, if required) is by running the command:
- /etc/rc.d/rc.inet1 start
-This command will configure all networking interfaces which are defined in the
-configuration file, and is used at boot time to bring networking up.
-
-The counterpart to this is the:
- /etc/rc.d/rc.inet1 stop
-command, which will bring all networking to a stop. It is advised to use this
-with caution as it can make your host completely inaccessable from the network.
-
-Restarting the whole network (all available network interfaces) and resetting
-the default gateway (if set) is done in a similar fashion to starting it:
- /etc/rc.d/rc.inet1 restart
-And will first deconfigure all interfaces, before bringing them back up - which
-is functionally equalivant to a 'stop' and 'start' operation.
-
-More specifically speaking, you can start/stop/restart any network interface on
-an individual basis using the commands:
- /etc/rc.d/rc.inet1 <interface>_start
- /etc/rc.d/rc.inet1 <interface>_stop
- /etc/rc.d/rc.inet1 <interface>_restart
-where <interface> is the name of an existing network interface (eth0, eth1,
-wlan0, etc).
-
-
-Guided Networking Configuration
--------------------------------
-The 'netconfig' script is capable of configuring basic networking parameters for
-the first ethernet interface of the system, and writing an annotated
-/etc/rc.d/rc.inet1.conf configuration file. 'netconfig' is usually invoked
-during installation to configure the first ethernet interface of your freshly
-installed system.
-
-'netconfig' is capable of configuring a set of IPv4 and/or IPv6 addresses for an
-interface, or setting the interface to be configured using DHCP (both DHCPv4 and
-DHCPv6) and IPv6 StateLess Address Auto Configuration (SLAAC). The default
-gateways and nameservers can also be configured through the guided interface.
-
-The option to use NetworkManager for interface configuration (instead of
-rc.inet1.conf) is also available.
-
-For most users with a single ethernet interface, and simple IP configuration
-requirements, 'netconfig' can completely configure the networking sub-system for
-you.
-
-
-Deprecated and New IPv4 Configuration Syntax
---------------------------------------------
-With the release of Slackware 15.0, several parameters used in older
-rc.inet1.conf configurations have become deprecated and are substituted by a
-new, singular, IP parameter for v4 addresses.
-
-Specifically, the following parameters used in previous rc.inet1.conf
-configurations to configure IPv4 addresses have become deprecated:
- IPADDR[x]=""
- NETMASK[x]=""
- IPALIASES[x]=""
-These parameters should no longer be used in new configurations.
-
-New configurations should use the updated syntax parameter:
- IPADDRS[x]=""
-which can hold multiple, space delimited, IPv4 addresses with their CIDR
-masks in order to configure an interface.
-
-The format for the addresses specified in this new parameter is:
- IP-address/mask
-For example:
- IPADDRS[0]="192.168.0.1/24 10.10.10.10/8"
-which would be the equilivant of old syntax:
- IPADDR[0]="192.168.0.1"
- NETMASK[0]="255.255.255.0"
- IPALIASES[0]="10.10.10.10/8"
-
-If a mask (in CIDR notation) is not provided with the IP address in IPADDRS, it
-is assumed to be /24 (aka, 255.255.255.0). A warning will also be emitted about
-the missing mask.
-
-rc.inet1 is fully backwards compatible with the older syntax - old configuration
-files will contiinue to be accepted for the foreseeable future, but 'netconfig'
-has been adjusted to output the new syntax.
-
-Notes:
- * When DHCP or SLAAC is used to dynamically configure the interface, IP
- addresses specified in IPADDRS will be added to the interface as alias IPs.
- However, any address specified in IPADDR is *not* added to the interface in
- order to maintain backwards semantics with the pre 15.0 rc.inet1.
- * Should an rc.inet1.conf contain both the IPADDR and IPADDRS parameters
- (without DHCP or SLAAC being in use) the addresses listed in IPADDRS will be
- added to the interface after the IPADDR address is set.
-
-
-Manual Networking Configuration
--------------------------------
-FIXME
-
-
-IPv6
-----
- Overview
- ~~~~~~~~
-
- With the new IPv4 syntax detailed above, there is the addition of optional
- configuration semantics for IPv6.
-
- The IPv6 capabilities in Slackware 15.0+ are as follows:
- * Dual stack. Interfaces can be configured with an IPv4 address or an IPv6
- address, or both.
- * Each interface can have single or multiple v4 and/or v6 IPs.
- * Optional StateLess Address Auto Configuration (SLAAC) of v6 IP addresses,
- for quick and easy IPv6 configuration on supported networks.
- * DHCPv6 support for server controlled dynamic address configuration.
- * Fixed IPv6 addresses configured interfaces.
-
- 'netconfig' can be used for guided configuration of all of the above features,
- or they can be configured manually using the options below.
-
-
- IPv6 Parameters
- ~~~~~~~~~~~~~~~
- v6 IPs can be configured via SLAAC, DHCP6 or statically using the following
- new options for rc.inet1.conf:
- USE_SLAAC[x]="" Allow StateLess Address Auto Configuration of a
- (potentially) globally routable v6 IP. With this
- parameter set to "yes", the interface's v6 IP will ONLY
- be configured via SLAAC, even if Router Advertisment
- indicates DHCPv6 is available on the network - if SLAAC
- is not available on the network, no IPv6 address will be
- assigned.
-
- Since 'dhcpcd' is capable of handling SLAAC as well as
- DHCPv6, it is better practice to set USE_DHCP6[x]="yes"
- to perform full auto configuration instead.
-
- USE_DHCP6[x]="" Use 'dhcpcd' to configure the interface. This will
- bring up the interface using DHCPv6, falling back to
- SLAAC (if supported on the network), or will leave the
- interface unconfigured after a timeout. When this
- parameter is set to "yes", the USE_SLAAC[x] option is
- ignored.
-
- This is the preferred option to configure an interface
- dynamically - whether the network is setup for DHCPv6 or
- SLAAC, 'dhcpcd' will be able to configure the interface.
-
- IP6ADDRS[x]="" The static v6 IP addresses for the interface. This
- parameter takes a list of v6 IP addresses and prefix
- lengths in CIDR notation, in a space delimited list.
- For example: IP6ADDRS[x]="a:b:c:d:e::1/48 1:2:3:4::5/64"
-
- If a prefix length is not given (separated from the IP
- address with a /), a length of 64 will be assumed, and
- a warning emitted about the unset value.
-
- When either the USE_DHCP6[x] or USE_SLAAC[x] options are
- set to "yes", the IP addresses listed in this parameter
- are also added to the interface, but only upon sucessful
- assigning of the dynamic IP address.
-
- A static gateway can be configured using this parameter:
- GATEWAY6="" The default IPv6 gateway for the network. This is a
- single IPv6 address in standard format, without a
- prefix suffix.
-
- The following lesser used misc options can be used for tailouring of the IPv6
- configuration process:
- USE_RA[x]="" Normally, unless USE_SLAAC[x]="yes" is set, Router
- Advertisment (RA) is disabled for the interface as it
- can result in extraneous routes being added to the
- routing table. With this option set to "yes", RA
- packets will be accepted on the interface even when DHCP
- or fixed IP addressing is used, and the routes
- advertised by the router will be added to the table.
-
- Conversely, if this parameter is explicitly set to "no",
- RA will be disabled at all times - meaning SLAAC cannot
- be performed even when USE_SLAAC[x]="yes" is set. The
- default (unset) is to enable RA when SLAAC is in use,
- and to disable it otherwise.
-
- The use of this parameter should rarely be required as
- rc.inet1 will do the right thing.
-
- SLAAC_TIMEOUT[x]="" The time to wait (in seconds) for an interface to be
- configured by SLAAC. When unset, the default is 15.
- Some networks may require a longer period for the router
- to broadcast an advertisement packet on the network, so
- may need to increase this value.
-
-
- Disabling IPv6
- ~~~~~~~~~~~~~~
- For some use cases, where IPv6 support is not required at all, disabling IPv6
- may be a better option than leaving the interface unconfigured.
-
- There are two similar methods which can be used to disable IPv6. Both of the
- options involve creating (or replacing the content if it already exists in)
- the file:
- /etc/modprobe.d/ipv6.conf
- (which overrides any configuration in the /lib/modprobe.d/ipv6.conf file),
- with the content:
- alias ipv6 off
- alias net-pf-10 off
- Or:
- install ipv6 /bin/true
- install net-pf-10 /bin/true
-
- It is important to disable both the 'ipv6' and 'net-pf-10' modules since the
- module can be automatically loaded by either name.
-
-
- Changes From Previous Behaviour
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- * Previous to Slackware 15.0, if the network the host is connecting to is set
- up for StateLess Address Auto Configuration (SLAAC), the host would bring up
- an interface with a (potentially) globally routable IPv6 address with no
- configuration by the user. This has been changed so that all network
- configuration must be explicitly enabled. Thus, interfaces will no longer
- automatically come up with a valid IPv6 address on networks which support
- auto configuration, without enabling the USE_SLAAC[x]="yes" parameter for
- the interface. This is a security enhancement.
-
- * Unless RA is explicitly enabled using the USE_RA[x]="yes" option, rc.inet1
- now disables RA (via the accept_ra tunable in /proc) for an interface before
- trying to add any IPs configured for it. This prevents RA on the network
- from automatically adding any routes to the table. When USE_SLAAC[x]="yes"
- is set, RA is implicitly re-enabled for the interface (since SLAAC and RA
- are usually used together on a network), unless explicitly disabled with
- USE_RA[x]="no". This is a change from previous versions of Slackware, which
- would auto configure routes without any user intevention. This is a
- security enhancement.
-
-
- Caveats
- ~~~~~~~
- * When being configured with the USE_DHCP[x]="yes" and USE_DHCP6[x]="yes"
- parameters for an interface (that is, configured to obtain both a v4 and v6
- addresses via DHCP), 'dhcpcd' will only wait until one type of IP is
- obtained before backgrounding - it will not wait for both a v4 AND v6 to be
- configured. This means there is no way to know if the interface has been
- completely configured for both types of IP, as one type will continue to be
- sought in the background; but MAY ultimately fail. This is an issue with
- the way dhcpcd operates, not an issue with rc.inet1.
-
-
-Bonding / Link Aggregation
---------------------------
- Overview
- ~~~~~~~~
- Bonding (or Link Aggregation) is a teccnique for combining two or more
- physical interfaces into a single, logical, interface; a logical interface
- which has all the capabilities of a single physical interface.
-
- The Slackware bonding options provide full support for the features offered by
- the bonding kernel module, in the familiar Slackware parameter configuration
- syntax. Included is the ability to select the bonding mode, easy addition of
- interfaces to a bond using a new parameter in rc.inet1.conf, and the setting
- of bonding module options via a new, generic, IFOPTS[x] parameter.
-
- At this time 'netconfig' is unable to configure bonded interfaces, so they
- must be configured manually with the parameters detailed below.
-
-
- Bonding Parameters
- ~~~~~~~~~~~~~~~~~~
- Bonded interfaces can be configured via two new bond specific parameters for
- use in rc.inet1.conf, plus the new, generic, IFOPTS[x] parameter. The new
- bonding parameters are:
- BONDNICS[x]="" The space delimited list of interfaces to add to this
- bond. The interfaces will be brought up and configured
- while bringing up the interface, so do not need to be
- previously defined in rc.inet1.conf. A bond can be
- created with only 1 interface, but does not become
- useful until at least 2 interfaces are configured.
-
- BONDMODE[x]="" This parameter sets the bonding mode for the logical
- interface. If not specified when BONDNICS[x] has been
- used, the default is 'balance-rr'. See below for a
- list of all bonding modes available.
-
-
- Bonding Modes
- ~~~~~~~~~~~~~
- When a bonded logical interface is created, it needs to operate in a
- particular mode. By default that mode is 'balance-rr'. The following modes,
- along with details of their functionallity, are available using the kernel
- bonding driver:
- 802.3ad Also known as LACP. This mode requires a switch that
- supports an IEEE 802.3ad. The physical interfaces must
- share the same speed and duplex settings and form a
- logical interface which provides fault tolerance and
- load balancing.
- active-backup When in this mode only one interface set to active,
- while all other interfaces are in the backup state. If
- the active interface fails, a backup interface replaces
- it as the only active interface in the bond. This mode
- only provides fault tolerance, no load balancing.
- This mode requires that the 'primary <interface>'
- option be configured with the IFOPTS[x]="" parameter.
- balance-alb The receiving packets are load balanced through Address
- Resolution Protocol (ARP) negotiation. This mode
- provides fault tolerance and load balancing.
- balance-rr This mode is also known as round-robin mode. Packets
- are sequentially transmitted and received through each
- interface one by one. This mode provides load
- balancing functionality along with fault tolerance.
- This is the default mode of operation.
- balance-tlb This mode ensures that outgoing traffic is distributed
- according to the load on each physical interface. If
- one interface fails to receive traffic, another
- interface is assigned to the receiving role. This mode
- provides fault tolerance and load balancing.
- balance-xor The source MAC address uses eXclusive OR (XOR) logic
- with the destination MAC address in order to determine
- which physical interface the packet should be sent via.
- This calculation ensures that the same physical (slave)
- interface is selected for each destination host. If the
- physical interface to be used is in a failed state, one
- of the backup interfaces is used instead. This mode
- provides fault tolerance and load balancing.
- broadcast All packets are sent to all the physical (slaved)
- interfaces at once. This mode provides fault tolerence
- but may result in duplicate packets arriving at the
- destination host, assuming they are not screened out by
- networking hardware.
-
-
- Bonding Options
- ~~~~~~~~~~~~~~~
- Bonding specific options can be set using the the IFOPTS[x]="" paramter (which
- takes a pipe (|) delimited list of options) for the interface being
- configured. The following are the most useful options (but not an exhaustive
- list - see "Further Reading" below for more information) which can be set:
- lacp_rate This option specifies the rate at which the host will
- ask the switch to transmit LACPDU packets in 802.3ad
- mode. Possible values are:
- slow Transmit LACPDUs every 30 seconds.
- fast Transmit LACPDUs every 1 second.
- The default is slow, but fast is recommended for rapid
- recovery after a physical link failure.
- miimon Specifies the MII link monitoring frequency in
- milliseconds. This determines how often the link state
- of each physical (slaved) interface is checked for link
- failures. A value of zero disables MII link monitoring,
- but this is NOT advised. A value of 100 is a good
- starting point. The default value is 0, so be sure to
- set this option with ALL bonding modes.
- primary The physical (slave) interface (eth0, eth1, etc) which
- is to be used as the primary interface. The specified
- interface will always be the active slave while it is
- available. Only when the primary interface is off-line
- will alternate interfaces be used. This is useful when
- one interface is preferred over another (e.g. when one
- interface has higher throughput than another). This
- option is only valid for "active-backup", "balance-tlb",
- and "balance-alb" bonding modes.
- xmit_hash_policy Selects the transmit hash policy to use for interface
- selection in "balance-xor", "802.3ad", and "balance-tlb"
- bonding modes. Possible values are:
- layer2 Use eXclusive OR (XOR) of source and
- destination MAC addresses and packet
- type ID fields to generate the hash.
- This algorithm will place all traffic
- to a particular destination on the
- same phydivsl (slave) interface.
- layer2+3 Use a combination of layer2 and
- layer3 protocol information (MAC
- addresses and IP addresses) to
- generate the hash. This algorithm
- will place all traffic to a particular
- destination on the same physical
- (slave) interface. This policy is
- intended to provide a more balanced
- distribution of traffic than layer2
- alone.
- layer3+4 This policy uses upper layer protocol
- information, when available, to
- generate the hash. This allows for
- traffic to a particular destination to
- span multiple physical (slave)
- interfaces, although a single
- connection will not span multiple
- slaves.
- The default value is layer2. Additional (lesser used)
- policies are available - see the "Further Reading"
- section below for further details.
-
-
- Caveats
- ~~~~~~~
- * The IFOPTS[x]="" parameter should always include the 'miimon' option - not
- using this option will result in network degradation.
- * In "active-backup" mode, the "primary" option should also always be
- supplied.
- * When using "802.3ad" mode, set "lacp_rate fast" for faster recovery from an
- interface failure. In other modes, the 'xmit_hash_policy' should be set.
-
-
- Examples
- ~~~~~~~~
- FIXME: Add examples.
-
-
- Further Reading
- ~~~~~~~~~~~~~~~
- Full documentation of the bonding layer is available in the kernel source
- documentation at: /usr/src/linux/Documentation/networking/bonding.txt.
-
-
-VLANs (a.k.a, 802.1q)
----------------------
- Overview
- ~~~~~~~~
- Virtual LANs (VLANs) allow the segmentation of physical networks into
- multiple, isolated, private virtual networks, whilst using shared network
- switches and hardware.
-
- VLANs work by applying tags to network frames to form virtual private LANs.
- In this way, VLANs can keep network applications separate despite being
- connected to the same physical network, and without requiring multiple sets of
- cabling and networking devices to be deployed.
-
- In essence, a VLAN is a collection of devices or network hosts that
- communicate with one another as if they make up a single LAN, but utilising
- shared network hardware.
-
- Because VLAN frames are tagged with a VLAN ID, it is possible to 'cherry-pick'
- those frames from the network by use of a VLAN interface on the host.
-
- Slackware now allows configuration of such interfaces in order to allow a host
- to join a specific VLAN or VLANs. The guided deployment in 'netconfig' has
- been updated to support the creation of such VLAN interfaces.
-
- The configuration in rc.inet1.conf for VLANs is a simple modification of the
- existing support for declaration of a network interface using the standard
- Slackware IFNAME[x] parameter. As shown in the examples below, VLANs
- interfaces can be built on top on top of regular, physical, interfaces, or on
- top of a bond interface to allow for link aggregation.
-
- The new IFOPT[x] generic interface options parameter can be used to customise
- the usage and configuration of the VLAN interfaces, but is not required in a
- normal configuration setting.
-
-
- Exposing VLANs
- ~~~~~~~~~~~~~~
- Configuring VLAN interfaces utilises the standard Slackware networking
- configuration syntax in rc.inet1.conf; with setting up an interface as simple
- as changing the IFNAME[x]="" parameter.
-
- VLAN interfaces can be configured quite simply in rc.inet1.conf, in the
- standard Slackware way of defining an interface. The key to the configuration
- is to use the correct IFNAME[x]="" parameter for the underlying physical (or
- bond) interface and the tagged VLAN ID that should be exposed. For example:
- IFNAME[0]="eth0.10"
- IFOPTS[0]=""
- IPADDRS[0]="192.168.10.1/24"
-
- The VLAN ID is taken from the full interface name, as set in the IFNAME[x]
- parameter which is comprised of the underlying physical (or bond) interface
- name, a period (.) and the VLAN ID to expose. The above example would use the
- physical interface 'eth0', and expose the VLAN with ID 10, and configure the
- interface with the IPv4 address 192.168.10.1 with a mask of 24.
-
- IFOPTS[x]="" is a pipe (|) delimited list of VLAN kernel module specific
- settings to be applied to the interface. The ip-link(8) man page contains
- details of exactly what settings can be used with this option (search for
- "VLAN Type Support"). For example:
- IFOPTS[x]="protocol 802.1ad | reorder_hdr off"
- Under normal circumstances, where a standard VLAN interface is required, no
- options need be supplied.
-
-
- Examples
- ~~~~~~~~
- FIXME: Add examples.
-
-
-Bridges
--------
-
-
-Wireless (WiFi) Network Interfaces
-----------------------------------
-
-
-TUN/TAP
--------
-
-
-Advanced networking configuration
----------------------------------
-(stacking interface configs - bond, then VLAN, then bridge)
-
- It is also possible to use a bond as the underlying interface, which allows
- link aggregated VLAN interfaces to be created for network redundancy. For
- example:
- IFNAME[0]="bond0"
- BONDNICS[0]="eth0 eth1"
- BONDMODE[0]="active-backup"
- IFOPTS[0]="miimon 100 | primary eth0"
- IFNAME[1]="bond0.5"
- IFNAME[2]="br0"
- BRNICS[2]="bond0.5"
- IPADDRS[2]="192.168.5.10/24"
- IP6ADDRS[2]="a:b:c:d::1/64"
- Would create a bond interface using the eth0 and eth1 physical ethernet
- interfaces, in an "active-backup" redundancy configuration with the primary
- interface being "eth0", exposing VLAN ID 5 and setting an IPv4 address of
- "192.168.5.10" mask "24", plus an IPv6 address of "a:b:c:d::1" prefix "64"
- for the interface.
-
-
-General Caveats
----------------
-
- The network interface definitions are stored in variable arrays. The bash shell has no facilities to retrieve the largest array index used. There-
- fore, the rc.inet1 script makes the assumption that array indexes stay below the value of 6. Effectively this means that you can configure up to 6
- network interfaces in rc.inet1.conf by default.
-
- If you want to configure more than six network interfaces, you will have to edit the file /etc/rc.d/rc.inet1.conf and change the value `6' in the
- line:
- #MAXNICS="6"
- (at the very bottom of the file) to a value that is larger than the largest index value you use, and uncomment the line.
-
- The /etc/rc.d/rc.wireless script is not meant to be run on its own by the user!
-
-
-rc.inet1 does not keep a record of how an interface was configured. If the
-interface config is changed in rc.inet1.conf from, say, DHCP to static IP,
-restarting networking may fail because the previous type of interface config
-cannot be stopped (because its type is unknown). In this instance, it is easier
-to reboot to start from fresh. However, if reboot is not possible, it may be
-required to bring the interface down manually (either by deconfiguring the IPs,
-or killing dhcpcd) before trying to restart the interface.
-