Ubuntu Server Guide

Merge lp:~powersj/serverguide/network-revamp-18.04 into lp:serverguide/trunk

  1. network-revamp-18.04
  2. Merge into trunk
Proposed by Joshua Powers
Status: Merged
Approved by: Doug Smythies
Approved revision: 363
Merged at revision: 358
Proposed branch: lp:~powersj/serverguide/network-revamp-18.04
Merge into: lp:serverguide/trunk
Diff against target: 1128 lines (+326/-369)
1 file modified
serverguide/C/network-config.xml (+326/-369)
To merge this branch: bzr merge lp:~powersj/serverguide/network-revamp-18.04
Reviewer Review Type Date Requested Status
Doug Smythies Approve
Mathieu Trudel-Lapierre Approve
David Britton (community) Approve
Review via email: mp+345788@code.launchpad.net

Commit message

Update networking for 18.04 LTS (Bionic)

With the release of Bionic /etc/network/interfaces was replaced by netplan.
This updates the guide to show how to use netplan to configure networking.
It also updates many references to older commands to updated ones:

* ifconfig -> ip
* resolvconf -> systemd-resolved
* dhclient -> systemd-networkd.

Drive-by: editor found numerous extra white spaces throughout document

Fixes LP: #1769007

To post a comment you must log in.
Revision history for this message
David Britton (dpb) wrote :

Thanks for this Josh, I didn't review the content yet, but I did get a number of parse errors in XML. I think you need to look at your escaping, and then run `LN=C make serverguide-html` to test.

lp:~powersj/serverguide/network-revamp-18.04 updated
359. By Joshua Powers

Fix spacing and escape < and >

Revision history for this message
Joshua Powers (powersj) wrote :

Here is how to make the PDF in container:

$ sudo apt update && sudo apt install -y bzr xsltproc docbook-xsl fop build-essential;
$ bzr branch lp:~powersj/serverguide/network-revamp-18.04 && cd network-revamp-18.04
$ LN=C make serverguide-pdf

I've attached the built PDF.

Revision history for this message
Joshua Powers (powersj) wrote :

https://people.canonical.com/~powersj/serverguide.pdf

Revision history for this message
David Britton (dpb) wrote :

Some cleanups. After each of these, one last scrub of the doc for:

'resolvconf' (replaced by systemd-resolved) and 'dhclient' (replaced by systemd-networkd, or netplan.io for configuration) should be done.

Revision history for this message
David Britton (dpb) :
review: Needs Fixing
Revision history for this message
Doug Smythies (dsmythies) wrote :

Thanks very much for taking on the bug report and re-doing this section.

> Drive-bys: editor found numerous extra white spaces

There isn't a tab verses spaces rule in the serverguide. Making massive white space changes makes it difficult to focus on the changes. However, this command (from "bzr help diff") reduces the difference listing by about 1/2:

bzr diff --using /usr/bin/diff --diff-options -wu

review: Needs Fixing
Revision history for this message
Joshua Powers (powersj) wrote :

@david one question below

lp:~powersj/serverguide/network-revamp-18.04 updated
360. By Joshua Powers

Changes from David and Doug.

Also went through and removed refrences to resolveconf and dhclient as
they have been replaced by systemd-resolved and systemd-networkd

Revision history for this message
Joshua Powers (powersj) wrote :

Pushed updates from both reviews, thank you!

Revision history for this message
David Britton (dpb) wrote :

On Fri, May 18, 2018 at 02:45:08PM -0000, Joshua Powers wrote:
> ip a will show all devices, whether or not they have an IP address, therefore should this change still occur?

You are right, disregard my comments in this vein.

--
David Britton <email address hidden>

Revision history for this message
David Britton (dpb) wrote :

Nice cleanup. I think some things could be made better, but this is very much better than what is there, so +1

review: Approve
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

+1

Maybe add a mention of 'ip link set dev X up' / 'ip link set dev X down' for how to activate/deactivate an interface when it's already configured in netplan?

review: Approve
lp:~powersj/serverguide/network-revamp-18.04 updated
361. By Joshua Powers

Add ip link set info

Revision history for this message
Joshua Powers (powersj) wrote :

I added a brief section for ip link set dev

Revision history for this message
Ryan Harper (raharper) wrote :

Couple of fixes inline below.

lp:~powersj/serverguide/network-revamp-18.04 updated
362. By Joshua Powers

Fixes from rharper

Revision history for this message
Doug Smythies (dsmythies) wrote :

For this line:

+ The <ulink url="http://manpages.ubuntu.com/manpages/xenial/man1/systemd-resolve.1.html">systemd-resolve man page</ulink> has

The hard coding of "xenial" is a problem, because non-one will remember to change it in the future.
Using "manpages.ubuntu.com/manpages/lts/man1/systemd-resolve.1.html" seems to work as does "manpages.ubuntu.com/manpages/man1/systemd-resolve.1.html". Is there an alternative we can use which will not need to be edited in future?

lp:~powersj/serverguide/network-revamp-18.04 updated
363. By Joshua Powers

Update link to version independent link

Revision history for this message
Joshua Powers (powersj) wrote :

Updated the link to use a version independent link.

I have also started looking into how to update the man page website to point to bionic as the default release as well. That will be done independent of this merge.

Revision history for this message
Doug Smythies (dsmythies) wrote :

O.K. thanks. Let's go ahead and merge and publish this.If something got missed we'll fix it with subsequent updates.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'serverguide/C/network-config.xml'
--- serverguide/C/network-config.xml 2018-04-24 14:55:32 +0000
+++ serverguide/C/network-config.xml 2018-05-21 14:38:40 +0000
@@ -1,5 +1,5 @@
1<?xml version="1.0" encoding="UTF-8"?>1<?xml version="1.0" encoding="UTF-8"?>
2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" 2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4<!ENTITY % globalent SYSTEM "../../libs/global.ent">4<!ENTITY % globalent SYSTEM "../../libs/global.ent">
5%globalent;5%globalent;
@@ -10,49 +10,60 @@
10<chapter id="networking" status="review">10<chapter id="networking" status="review">
11 <title>Networking</title>11 <title>Networking</title>
12 <para>12 <para>
13 Networks consist of two or more devices, such as computer systems, printers, 13 Networks consist of two or more devices, such as computer systems, printers,
14 and related equipment which are connected by either physical cabling or 14 and related equipment which are connected by either physical cabling or
15 wireless links for the purpose of sharing and distributing information among 15 wireless links for the purpose of sharing and distributing information among
16 the connected devices. 16 the connected devices.
17 </para>17 </para>
18 <para>18 <para>
19 This section provides general and specific information pertaining19 This section provides general and specific information pertaining
20 to networking, including an overview of network concepts and detailed 20 to networking, including an overview of network concepts and detailed
21 discussion of popular network protocols.21 discussion of popular network protocols.
22 </para>22 </para>
2323
24 <sect1 id="network-configuration" status="review">24 <sect1 id="network-configuration" status="review">
25 <title>Network Configuration</title>25 <title>Network Configuration</title>
26 <para>26 <para>
27 Ubuntu ships with a number of graphical utilities to configure your 27 Ubuntu ships with a number of graphical utilities to configure your
28 network devices. This document is geared toward server administrators 28 network devices. This document is geared toward server administrators
29 and will focus on managing your network on the command line.29 and will focus on managing your network on the command line.
30 </para>30 </para>
3131
32 <sect2 id="ethernet-interfaces" status="review">32 <sect2 id="ethernet-interfaces" status="review">
33 <title>Ethernet Interfaces</title>33 <title>Ethernet Interfaces</title>
34 <para>34 <para>
35 Ethernet interfaces are identified by the system using the naming convention of 35 Ethernet interfaces are identified by the system using predictable network
36 <emphasis role="italix">ethX</emphasis>, where <emphasis role="italic">X</emphasis> 36 interface names. These names can appear as <emphasis role="italix">eno1</emphasis>
37 represents a numeric value. The first Ethernet interface is typically identified 37 or <emphasis role="italix">enp0s25</emphasis>. However, in some cases an
38 as <emphasis role="italic">eth0</emphasis>, the second as 38 interface may still use the kernel <emphasis role="italix">eth#</emphasis>
39 <emphasis role="italic">eth1</emphasis>, and all others should move up in 39 style of naming.
40 numerical order.
41 </para>40 </para>
4241
43 <sect3 id="identify-ethernet-interfaces" status="review">42 <sect3 id="identify-ethernet-interfaces" status="review">
44 <title>Identify Ethernet Interfaces</title>43 <title>Identify Ethernet Interfaces</title>
45 <para>44 <para>
46 To quickly identify all available Ethernet interfaces, you can use the 45 To quickly identify all available Ethernet interfaces, you can use the
47 <application>ifconfig</application> command as shown below.46 <application>ip</application> command as shown below.
48 </para>47 </para>
49<screen>48<screen>
50<command>ifconfig -a | grep eth</command>49<command>ip a</command><computeroutput>
51<computeroutput>eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a</computeroutput>501: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
51 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
52 inet 127.0.0.1/8 scope host lo
53 valid_lft forever preferred_lft forever
54 inet6 ::1/128 scope host
55 valid_lft forever preferred_lft forever
562: enp0s25: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc noqueue state UP group default qlen 1000
57 link/ether 00:16:3e:e2:52:42 brd ff:ff:ff:ff:ff:ff link-netnsid 0
58 inet 10.102.66.200/24 brd 10.102.66.255 scope global dynamic eth0
59 valid_lft 3257sec preferred_lft 3257sec
60 inet6 fe80::216:3eff:fee2:5242/64 scope link
61 valid_lft forever preferred_lft forever</computeroutput>
52</screen>62</screen>
53 <para>63 <para>
54 Another application that can help identify all network interfaces available to your system 64 Another application that can help identify all network interfaces available to your system
55 is the <application>lshw</application> command. In the example below, <application>lshw</application> 65 is the <application>lshw</application> command. This command provides greater details around the
66 hardware capabilities of specific adapters. In the example below, <application>lshw</application>
56 shows a single Ethernet interface with the logical name of <emphasis role="italic">eth0</emphasis>67 shows a single Ethernet interface with the logical name of <emphasis role="italic">eth0</emphasis>
57 along with bus information, driver details and all supported capabilities.68 along with bus information, driver details and all supported capabilities.
58 </para>69 </para>
@@ -60,96 +71,78 @@
60<command>sudo lshw -class network</command>71<command>sudo lshw -class network</command>
61<computeroutput> *-network72<computeroutput> *-network
62 description: Ethernet interface73 description: Ethernet interface
63 product: BCM4401-B0 100Base-TX74 product: MT26448 [ConnectX EN 10GigE, PCIe 2.0 5GT/s]
64 vendor: Broadcom Corporation75 vendor: Mellanox Technologies
65 physical id: 076 physical id: 0
66 bus info: pci@0000:03:00.077 bus info: pci@0004:01:00.0
67 logical name: eth078 logical name: eth4
68 version: 0279 version: b0
69 serial: 00:15:c5:4a:16:5a80 serial: e4:1d:2d:67:83:56
70 size: 10MB/s81 slot: U78CB.001.WZS09KB-P1-C6-T1
71 capacity: 100MB/s82 size: 10Gbit/s
72 width: 32 bits83 capacity: 10Gbit/s
84 width: 64 bits
73 clock: 33MHz85 clock: 33MHz
74 capabilities: (snipped for brevity)86 capabilities: pm vpd msix pciexpress bus_master cap_list ethernet physical fibre 10000bt-fd
75 configuration: (snipped for brevity)87 configuration: autonegotiation=off broadcast=yes driver=mlx4_en driverversion=4.0-0 duplex=full firmware=2.9.1326 ip=192.168.1.1 latency=0 link=yes multicast=yes port=fibre speed=10Gbit/s
76 resources: irq:17 memory:ef9fe000-ef9fffff</computeroutput>88 resources: iomemory:24000-23fff irq:481 memory:3fe200000000-3fe2000fffff memory:240000000000-240007ffffff</computeroutput>
77</screen>89</screen>
78 </sect3>90 </sect3>
7991
80 <sect3 id="ethernet-interface-names" status="review">92 <sect3 id="ethernet-interface-names" status="review">
81 <title>Ethernet Interface Logical Names</title>93 <title>Ethernet Interface Logical Names</title>
82 <para>94 <para>
83 Interface logical names are configured in the file 95 Interface logical names can also be configured via a netplan configuration. If you would
84 <filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would 96 like control which interface receives a particular logical name use the
85 like control which interface receives a particular logical name, find the line 97 <emphasis role="italic">match</emphasis> and <emphasis role="italic">set-name</emphasis> keys.
86 matching the interfaces physical MAC address and modify the value of 98 The match key is used to find an adapter based on some criteria like MAC address, driver, etc.
87 <emphasis role="italic">NAME=ethX</emphasis> to the desired logical name. 99 Then the set-name key can be used to change the device to the desired logial name.
88 Reboot the system to commit your changes.
89 </para>100 </para>
90 </sect3>
91101
102<screen>
103<computeroutput>network:
104 version: 2
105 renderer: networkd
106 ethernets:
107 eth_lan0:
108 dhcp4: true
109 match:
110 macaddress: 00:11:22:33:44:55
111 set-name: eth_lan0</computeroutput>
112</screen>
113</sect3>
92 <sect3 id="ethernet-interface-settings" status="review">114 <sect3 id="ethernet-interface-settings" status="review">
93 <title>Ethernet Interface Settings</title>115 <title>Ethernet Interface Settings</title>
94 <para>116 <para>
95 <application>ethtool</application> is a program that displays and changes Ethernet 117 <application>ethtool</application> is a program that displays and changes Ethernet
96 card settings such as auto-negotiation, port speed, duplex mode, and Wake-on-LAN. It118 card settings such as auto-negotiation, port speed, duplex mode, and Wake-on-LAN.
97 is not installed by default, but is available for installation in the repositories.119 The following is an example of how to view supported features and configured
98 </para>
99<screen>
100<command>sudo apt install ethtool</command>
101</screen>
102 <para>
103 The following is an example of how to view supported features and configured
104 settings of an Ethernet interface.120 settings of an Ethernet interface.
105 </para>121 </para>
106<screen>122<screen>
107<command>sudo ethtool eth0</command>123<command>sudo ethtool eth4</command>
108<computeroutput>Settings for eth0:124<computeroutput>Settings for eth4:
109 Supported ports: [ TP ]125 Supported ports: [ FIBRE ]
110 Supported link modes: 10baseT/Half 10baseT/Full 126 Supported link modes: 10000baseT/Full
111 100baseT/Half 100baseT/Full 127 Supported pause frame use: No
112 1000baseT/Half 1000baseT/Full 128 Supports auto-negotiation: No
113 Supports auto-negotiation: Yes129 Supported FEC modes: Not reported
114 Advertised link modes: 10baseT/Half 10baseT/Full 130 Advertised link modes: 10000baseT/Full
115 100baseT/Half 100baseT/Full 131 Advertised pause frame use: No
116 1000baseT/Half 1000baseT/Full 132 Advertised auto-negotiation: No
117 Advertised auto-negotiation: Yes133 Advertised FEC modes: Not reported
118 Speed: 1000Mb/s134 Speed: 10000Mb/s
119 Duplex: Full135 Duplex: Full
120 Port: Twisted Pair136 Port: FIBRE
121 PHYAD: 1137 PHYAD: 0
122 Transceiver: internal138 Transceiver: internal
123 Auto-negotiation: on139 Auto-negotiation: off
124 Supports Wake-on: g140 Supports Wake-on: d
125 Wake-on: d141 Wake-on: d
126 Current message level: 0x000000ff (255)142 Current message level: 0x00000014 (20)
127 Link detected: yes</computeroutput>143 link ifdown
144 Link detected: yes</computeroutput>
128</screen>145</screen>
129 <para>
130 Changes made with the <application>ethtool</application> command are temporary
131 and will be lost after a reboot. If you would like to retain settings, simply add
132 the desired <application>ethtool</application> command to a <emphasis role="italic">pre-up</emphasis>
133 statement in the interface configuration file <filename>/etc/network/interfaces</filename>.
134 </para>
135 <para>
136 The following is an example of how the interface identified as <emphasis role="italic">eth0</emphasis>
137 could be permanently configured with a port speed of 1000Mb/s running in full duplex mode.
138 </para>
139<programlisting>
140auto eth0
141iface eth0 inet static
142pre-up /sbin/ethtool -s eth0 speed 1000 duplex full
143</programlisting>
144 <note>
145 <para>
146 Although the example above shows the interface configured to use the
147 <emphasis role="italic">static</emphasis> method, it actually works with other
148 methods as well, such as DHCP. The example is meant to demonstrate only proper
149 placement of the <emphasis role="italic">pre-up</emphasis> statement in relation
150 to the rest of the interface configuration.
151 </para>
152 </note>
153 </sect3>146 </sect3>
154 </sect2>147 </sect2>
155148
@@ -164,63 +157,65 @@
164 <sect3 id="temp-ip-assignment" status="review">157 <sect3 id="temp-ip-assignment" status="review">
165 <title>Temporary IP Address Assignment</title>158 <title>Temporary IP Address Assignment</title>
166 <para>159 <para>
167 For temporary network configurations, you can use standard commands 160 For temporary network configurations, you can use the
168 such as <application>ip</application>, <application>ifconfig</application> 161 <application>ip</application> command which is also found on most other
169 and <application>route</application>, which are also found on most other 162 GNU/Linux operating systems. The <application>ip</application> command
170 GNU/Linux operating systems. These commands allow you to configure settings163 allows you to configure settings which take effect immediately, however
171 which take effect immediately, however they are not persistent and will164 they are not persistent and will be lost after a reboot.
172 be lost after a reboot.
173 </para>165 </para>
174 <para>166 <para>
175 To temporarily configure an IP address, you can use the <application>ifconfig</application> 167 To temporarily configure an IP address, you can use the <application>ip</application>
176 command in the following manner. Just modify the IP address and subnet mask to match your 168 command in the following manner. Modify the IP address and subnet mask to match your
177 network requirements.169 network requirements.
178 </para>170 </para>
179<screen>171<screen>
180<command>sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0</command>172<command>sudo ip addr add 10.102.66.200/24 dev enp0s25</command>
181</screen>173</screen>
182 <para>174 <para>
183 To verify the IP address configuration of <application>eth0</application>, 175 The <application>ip</application> can then be used to set the link up or down.
184 you can use the <application>ifconfig</application> command in the following manner.176 </para>
185 </para>177<screen>
186<screen>178<command>ip link set dev enp0s25 up</command>
187<command>ifconfig eth0</command>179<command>ip link set dev enp0s25 down</command>
188<computeroutput>eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a 180</screen>
189 inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0181 <para>
190 inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link182 To verify the IP address configuration of <application>enp0s25</application>,
191 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1183 you can use the <application>ip</application> command in the following manner.
192 RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0184 </para>
193 TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0185<screen>
194 collisions:0 txqueuelen:1000 186<command>ip address show dev enp0s25</command>
195 RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)187<computeroutput>10: enp0s25: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc noqueue state UP group default qlen 1000
196 Interrupt:16</computeroutput> 188 link/ether 00:16:3e:e2:52:42 brd ff:ff:ff:ff:ff:ff link-netnsid 0
197</screen>189 inet 10.102.66.200/24 brd 10.102.66.255 scope global dynamic eth0
198 <para>190 valid_lft 2857sec preferred_lft 2857sec
199 To configure a default gateway, you can use the <application>route</application> 191 inet6 fe80::216:3eff:fee2:5242/64 scope link
200 command in the following manner. Modify the default gateway address to match 192 valid_lft forever preferred_lft forever6</computeroutput>
193</screen>
194 <para>
195 To configure a default gateway, you can use the <application>ip</application>
196 command in the following manner. Modify the default gateway address to match
201 your network requirements.197 your network requirements.
202 </para>198 </para>
203<screen>199<screen>
204<command>sudo route add default gw 10.0.0.1 eth0</command>200<command>sudo ip route add default via 10.102.66.1</command>
205</screen>201</screen>
206 <para>202 <para>
207 To verify your default gateway configuration, you can use the <application>route</application> 203 To verify your default gateway configuration, you can use the <application>ip</application>
208 command in the following manner.204 command in the following manner.
209 </para>205 </para>
210<screen>206<screen>
211<command>route -n</command>207<command>ip route show</command>
212<computeroutput>Kernel IP routing table208<computeroutput>default via 10.102.66.1 dev eth0 proto dhcp src 10.102.66.200 metric 100
213Destination Gateway Genmask Flags Metric Ref Use Iface20910.102.66.0/24 dev eth0 proto kernel scope link src 10.102.66.200
21410.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 eth021010.102.66.1 dev eth0 proto dhcp scope link src 10.102.66.200 metric 100 </computeroutput>
2150.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0</computeroutput>
216</screen>211</screen>
217 <para>212 <para>
218 If you require DNS for your temporary network configuration, you can add DNS server213 If you require DNS for your temporary network configuration, you can add DNS server
219 IP addresses in the file <filename>/etc/resolv.conf</filename>. In general, editing214 IP addresses in the file <filename>/etc/resolv.conf</filename>. In general, editing
220 <filename>/etc/resolv.conf</filename> directly is not recommanded, but this is a215 <filename>/etc/resolv.conf</filename> directly is not recommanded, but this is a
221 temporary and non-persistent configuration. The example below 216 temporary and non-persistent configuration. The example below
222 shows how to enter two DNS servers to <filename>/etc/resolv.conf</filename>, which 217 shows how to enter two DNS servers to <filename>/etc/resolv.conf</filename>, which
223 should be changed to servers appropriate for your network. A more lengthy description 218 should be changed to servers appropriate for your network. A more lengthy description
224 of the proper persistent way to do DNS client configuration is in a following section.219 of the proper persistent way to do DNS client configuration is in a following section.
225 </para>220 </para>
226<programlisting>221<programlisting>
@@ -230,17 +225,17 @@
230 <para>225 <para>
231 If you no longer need this configuration and wish to purge all IP configuration from226 If you no longer need this configuration and wish to purge all IP configuration from
232 an interface, you can use the <application>ip</application> command with the flush option227 an interface, you can use the <application>ip</application> command with the flush option
233 as shown below. 228 as shown below.
234 </para>229 </para>
235<screen>230<screen>
236<command>ip addr flush eth0</command>231<command>ip addr flush eth0</command>
237</screen>232</screen>
238 <note>233 <note>
239 <para>234 <para>
240 Flushing the IP configuration using the <application>ip</application> command does not clear the 235 Flushing the IP configuration using the <application>ip</application> command does not clear the
241 contents of <filename>/etc/resolv.conf</filename>. You must remove or modify those entries manually,236 contents of <filename>/etc/resolv.conf</filename>. You must remove or modify those entries manually,
242 or re-boot which should also cause <filename>/etc/resolv.conf</filename>, which is actually now a237 or re-boot which should also cause <filename>/etc/resolv.conf</filename>, which is a
243 symlink to <filename>/run/resolvconf/resolv.conf</filename>, to be re-written.238 symlink to <filename>/run/systemd/resolve/stub-resolv.conf</filename>, to be re-written.
244 </para>239 </para>
245 </note>240 </note>
246 </sect3>241 </sect3>
@@ -248,65 +243,57 @@
248 <sect3 id="dynamic-ip-addressing" status="review">243 <sect3 id="dynamic-ip-addressing" status="review">
249 <title>Dynamic IP Address Assignment (DHCP Client)</title>244 <title>Dynamic IP Address Assignment (DHCP Client)</title>
250 <para>245 <para>
251 To configure your server to use DHCP for dynamic address assignment, add the246 To configure your server to use DHCP for dynamic address assignment, create a netplan
252 <emphasis role="italic">dhcp</emphasis> method to the inet address family statement 247 configuration in the file <filename>/etc/netplan/99_config.yaml</filename>.
253 for the appropriate interface in the file <filename>/etc/network/interfaces</filename>.248 The example below assumes you are configuring your first Ethernet interface identified as
254 The example below assumes you are configuring your first Ethernet interface identified as 249 <emphasis role="italic">enp3s0</emphasis>.
255 <emphasis role="italic">eth0</emphasis>.
256 </para>250 </para>
257<programlisting>251<programlisting>
258auto eth0252network:
259iface eth0 inet dhcp253 version: 2
254 renderer: networkd
255 ethernets:
256 enp3s0:
257 dhcp4: true
260</programlisting>258</programlisting>
261 <para>259 <para>
262 By adding an interface configuration as shown above, you can manually enable the 260 The configuration can then be applied using the
263 interface through the <application>ifup</application> command which initiates the 261 <application>netplan</application> command.
264 DHCP process via <application>dhclient</application>.262 </para>
265 </para>263<screen>
266<screen>264<command>sudo netplan apply</command>
267<command>sudo ifup eth0</command>
268</screen>
269 <para>
270 To manually disable the interface, you can use the <application>ifdown</application>
271 command, which in turn will initiate the DHCP release process and shut down the
272 interface.
273 </para>
274<screen>
275<command>sudo ifdown eth0</command>
276</screen>265</screen>
277 </sect3>266 </sect3>
278267
279 <sect3 id="static-ip-addressing" status="review">268 <sect3 id="static-ip-addressing" status="review">
280 <title>Static IP Address Assignment</title>269 <title>Static IP Address Assignment</title>
281 <para>270 <para>
282 To configure your system to use a static IP address assignment, add the 271 To configure your system to use static address assignment, create a netplan
283 <emphasis role="italic">static</emphasis> method to the inet address family statement 272 configuration in the file <filename>/etc/netplan/99_config.yaml</filename>.
284 for the appropriate interface in the file <filename>/etc/network/interfaces</filename>. 273 The example below assumes you are configuring your first Ethernet interface identified as
285 The example below assumes you are configuring your first Ethernet interface identified as 274 <emphasis role="italic">eth0</emphasis>. Change the <emphasis role="italic">addresses</emphasis>,
286 <emphasis role="italic">eth0</emphasis>. Change the <emphasis role="italic">address</emphasis>, 275 <emphasis role="italic">gateway4</emphasis>, and <emphasis role="italic">nameservers</emphasis>
287 <emphasis role="italic">netmask</emphasis>, and <emphasis role="italic">gateway</emphasis>
288 values to meet the requirements of your network.276 values to meet the requirements of your network.
289 </para>277 </para>
290<programlisting>278<programlisting>
291auto eth0279network:
292iface eth0 inet static280 version: 2
293address 10.0.0.100281 renderer: networkd
294netmask 255.255.255.0282 ethernets:
295gateway 10.0.0.1283 eth0:
284 addresses:
285 - 10.10.10.2/24
286 gateway4: 10.10.10.1
287 nameservers:
288 search: [mydomain, otherdomain]
289 addresses: [10.10.10.1, 1.1.1.1]
296</programlisting>290</programlisting>
297 <para>291 <para>
298 By adding an interface configuration as shown above, you can manually enable the 292 The configuration can then be applied using the
299 interface through the <application>ifup</application> command.293 <application>netplan</application> command.
300 </para>294 </para>
301<screen>295<screen>
302<command>sudo ifup eth0</command>296<command>sudo netplan apply</command>
303</screen>
304 <para>
305 To manually disable the interface, you can use the <application>ifdown</application>
306 command.
307 </para>
308<screen>
309<command>sudo ifdown eth0</command>
310</screen>297</screen>
311 </sect3>298 </sect3>
312299
@@ -314,29 +301,17 @@
314 <title>Loopback Interface</title>301 <title>Loopback Interface</title>
315 <para>302 <para>
316 The loopback interface is identified by the system as <emphasis role="italic">lo</emphasis>303 The loopback interface is identified by the system as <emphasis role="italic">lo</emphasis>
317 and has a default IP address of 127.0.0.1. It can be viewed using the ifconfig command. 304 and has a default IP address of 127.0.0.1. It can be viewed using the ip command.
318 </para>305 </para>
319<screen>306<screen>
320<command>ifconfig lo</command>307<command>ip address show lo</command>
321<computeroutput>lo Link encap:Local Loopback 308<computeroutput>1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
322 inet addr:127.0.0.1 Mask:255.0.0.0309 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
323 inet6 addr: ::1/128 Scope:Host310 inet 127.0.0.1/8 scope host lo
324 UP LOOPBACK RUNNING MTU:16436 Metric:1311 valid_lft forever preferred_lft forever
325 RX packets:2718 errors:0 dropped:0 overruns:0 frame:0312 inet6 ::1/128 scope host
326 TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0313 valid_lft forever preferred_lft forever</computeroutput>
327 collisions:0 txqueuelen:0
328 RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)</computeroutput>
329</screen>314</screen>
330 <para>
331 By default, there should be two lines in <filename>/etc/network/interfaces</filename>
332 responsible for automatically configuring your loopback interface. It is recommended that you
333 keep the default settings unless you have a specific purpose for changing them. An example of
334 the two default lines are shown below.
335 </para>
336<programlisting>
337auto lo
338iface lo inet loopback
339</programlisting>
340 </sect3>315 </sect3>
341 </sect2>316 </sect2>
342317
@@ -344,7 +319,7 @@
344 <sect2 id="name-resolution" status="review">319 <sect2 id="name-resolution" status="review">
345 <title>Name Resolution</title>320 <title>Name Resolution</title>
346 <para>321 <para>
347 Name resolution as it relates to IP networking is the process of mapping IP addresses 322 Name resolution as it relates to IP networking is the process of mapping IP addresses
348 to hostnames, making it easier to identify resources on a network. The following section323 to hostnames, making it easier to identify resources on a network. The following section
349 will explain how to properly configure your system for name resolution using DNS and static324 will explain how to properly configure your system for name resolution using DNS and static
350 hostname records.325 hostname records.
@@ -354,40 +329,38 @@
354 <title>DNS Client Configuration</title>329 <title>DNS Client Configuration</title>
355 <para>330 <para>
356 Traditionally, the file <filename>/etc/resolv.conf</filename> was a static configuration file that rarely331 Traditionally, the file <filename>/etc/resolv.conf</filename> was a static configuration file that rarely
357 needed to be changed or automatically changed via DCHP client hooks. Nowadays, a computer can switch from332 needed to be changed or automatically changed via DCHP client hooks. Systemd-resolved handles name server configuration,
358 one network to another quite often and the <emphasis>resolvconf</emphasis> framework is now being used to track333 and it should be interacted with through the <command>systemd-resolve</command> command. Netplan configures
359 these changes and update the resolver's configuration automatically. It acts as an intermediary between programs334 systemd-resolved to generate a list of nameservers and domains to put in <filename>/etc/resolv.conf</filename>, which is a symlink:
360 that supply nameserver information and applications that need nameserver information. Resolvconf gets populated with information
361 by a set of hook scripts related to network interface configuration. The most notable difference for the
362 user is that any change manually done to <filename>/etc/resolv.conf</filename> will be lost as it gets overwritten each time
363 something triggers resolvconf. Instead, resolvconf uses DHCP client hooks, and <filename>/etc/network/interfaces</filename> to
364 generate a list of nameservers and domains to put in <filename>/etc/resolv.conf</filename>, which is now a symlink:
365335
366<programlisting>336<programlisting>
367/etc/resolv.conf -> ../run/resolvconf/resolv.conf337/etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
368</programlisting>338</programlisting>
369339
370 To configure the resolver, add the IP addresses of the nameservers that340 To configure the resolver, add the IP addresses of the nameservers that
371 are appropriate for your network in the file <filename>/etc/network/interfaces</filename>. You can also341 are appropriate for your network to the netplan configuration file. You can also
372 add an optional DNS suffix search-lists to match your network domain names. For each other valid342 add an optional DNS suffix search-lists to match your network domain names. The resulting file might look like the following:
373 resolv.conf configuration option, you can include, in the stanza, one line beginning with that
374 option name with a <emphasis role="bold">dns-</emphasis> prefix. The resulting file might look like the following:
375 </para>343 </para>
376344
377<programlisting>345<programlisting>
378iface eth0 inet static346network:
379 address 192.168.3.3347 version: 2
380 netmask 255.255.255.0348 renderer: networkd
381 gateway 192.168.3.1349 ethernets:
382 dns-search example.com350 enp0s25:
383 dns-nameservers 192.168.3.45 192.168.8.10351 addresses:
352 - 192.168.0.100/24
353 gateway4: 192.168.0.1
354 nameservers:
355 search: [mydomain, otherdomain]
356 addresses: [1.1.1.1, 8.8.8.8, 4.4.4.4]
384</programlisting>357</programlisting>
385358
386 <para>359 <para>
387 The <emphasis role="italic">search</emphasis> option can also be used with multiple domain names 360 The <emphasis role="italic">search</emphasis> option can also be used with multiple domain names
388 so that DNS queries will be appended in the order in which they are entered. For example, your 361 so that DNS queries will be appended in the order in which they are entered. For example, your
389 network may have multiple sub-domains to search; a parent domain of <emphasis role="italic">example.com</emphasis>,362 network may have multiple sub-domains to search; a parent domain of <emphasis role="italic">example.com</emphasis>,
390 and two sub-domains, <emphasis role="italic">sales.example.com</emphasis> and <emphasis role="italic">dev.example.com</emphasis>. 363 and two sub-domains, <emphasis role="italic">sales.example.com</emphasis> and <emphasis role="italic">dev.example.com</emphasis>.
391 </para>364 </para>
392365
393 <para>366 <para>
@@ -395,16 +368,21 @@
395 </para>368 </para>
396369
397<programlisting>370<programlisting>
398iface eth0 inet static371network:
399 address 192.168.3.3372 version: 2
400 netmask 255.255.255.0373 renderer: networkd
401 gateway 192.168.3.1374 ethernets:
402 dns-search example.com sales.example.com dev.example.com375 enp0s25:
403 dns-nameservers 192.168.3.45 192.168.8.10376 addresses:
377 - 192.168.0.100/24
378 gateway4: 192.168.0.1
379 nameservers:
380 search: [example.com, sales.example.com, dev.example.com]
381 addresses: [1.1.1.1, 8.8.8.8, 4.4.4.4]
404</programlisting>382</programlisting>
405383
406 <para>384 <para>
407 If you try to ping a host with the name of <emphasis role="italic">server1</emphasis>, your system 385 If you try to ping a host with the name of <emphasis role="italic">server1</emphasis>, your system
408 will automatically query DNS for its Fully Qualified Domain Name (FQDN) in the following order:386 will automatically query DNS for its Fully Qualified Domain Name (FQDN) in the following order:
409 </para>387 </para>
410388
@@ -426,7 +404,7 @@
426 </listitem>404 </listitem>
427 </orderedlist>405 </orderedlist>
428 <para>406 <para>
429 If no matches are found, the DNS server will provide a result of 407 If no matches are found, the DNS server will provide a result of
430 <emphasis role="italic">notfound</emphasis> and the DNS query will fail.408 <emphasis role="italic">notfound</emphasis> and the DNS query will fail.
431 </para>409 </para>
432 </sect3>410 </sect3>
@@ -437,11 +415,11 @@
437 Static hostnames are locally defined hostname-to-IP mappings located in the file <filename>/etc/hosts</filename>.415 Static hostnames are locally defined hostname-to-IP mappings located in the file <filename>/etc/hosts</filename>.
438 Entries in the <filename>hosts</filename> file will have precedence over DNS by default. This means that if your416 Entries in the <filename>hosts</filename> file will have precedence over DNS by default. This means that if your
439 system tries to resolve a hostname and it matches an entry in /etc/hosts, it will not attempt to look up the417 system tries to resolve a hostname and it matches an entry in /etc/hosts, it will not attempt to look up the
440 record in DNS. In some configurations, especially when Internet access is not required, servers that 418 record in DNS. In some configurations, especially when Internet access is not required, servers that
441 communicate with a limited number of resources can be conveniently set to use static hostnames instead of DNS.419 communicate with a limited number of resources can be conveniently set to use static hostnames instead of DNS.
442 </para>420 </para>
443 <para>421 <para>
444 The following is an example of a <filename>hosts</filename> file where a number of local servers 422 The following is an example of a <filename>hosts</filename> file where a number of local servers
445 have been identified by simple hostnames, aliases and their equivalent Fully Qualified Domain Names (FQDN's).423 have been identified by simple hostnames, aliases and their equivalent Fully Qualified Domain Names (FQDN's).
446 </para>424 </para>
447<programlisting>425<programlisting>
@@ -454,11 +432,11 @@
454</programlisting>432</programlisting>
455 <note>433 <note>
456 <para>434 <para>
457 In the above example, notice that each of the servers have been given aliases in addition to their 435 In the above example, notice that each of the servers have been given aliases in addition to their
458 proper names and FQDN's. <emphasis role="italic">Server1</emphasis> has been mapped to the name 436 proper names and FQDN's. <emphasis role="italic">Server1</emphasis> has been mapped to the name
459 <emphasis role="italic">vpn</emphasis>, <emphasis role="italic">server2</emphasis> is referred 437 <emphasis role="italic">vpn</emphasis>, <emphasis role="italic">server2</emphasis> is referred
460 to as <emphasis role="italic">mail</emphasis>, <emphasis role="italic">server3</emphasis> as 438 to as <emphasis role="italic">mail</emphasis>, <emphasis role="italic">server3</emphasis> as
461 <emphasis role="italic">www</emphasis>, and <emphasis role="italic">server4</emphasis> as 439 <emphasis role="italic">www</emphasis>, and <emphasis role="italic">server4</emphasis> as
462 <emphasis role="italic">file</emphasis>.440 <emphasis role="italic">file</emphasis>.
463 </para>441 </para>
464 </note>442 </note>
@@ -469,9 +447,9 @@
469 <para>447 <para>
470 The order in which your system selects a method of resolving hostnames to IP addresses is448 The order in which your system selects a method of resolving hostnames to IP addresses is
471 controlled by the Name Service Switch (NSS) configuration file <filename>/etc/nsswitch.conf</filename>.449 controlled by the Name Service Switch (NSS) configuration file <filename>/etc/nsswitch.conf</filename>.
472 As mentioned in the previous section, typically static hostnames defined in the systems 450 As mentioned in the previous section, typically static hostnames defined in the systems
473 <filename>/etc/hosts</filename> file have precedence over names resolved from DNS. The following 451 <filename>/etc/hosts</filename> file have precedence over names resolved from DNS. The following
474 is an example of the line responsible for this order of hostname lookups in the file 452 is an example of the line responsible for this order of hostname lookups in the file
475 <filename>/etc/nsswitch.conf</filename>.453 <filename>/etc/nsswitch.conf</filename>.
476 </para>454 </para>
477<programlisting>455<programlisting>
@@ -481,7 +459,7 @@
481 <itemizedlist>459 <itemizedlist>
482 <listitem>460 <listitem>
483 <para>461 <para>
484 <emphasis role="bold">files</emphasis> first tries to resolve static hostnames located in 462 <emphasis role="bold">files</emphasis> first tries to resolve static hostnames located in
485 <filename>/etc/hosts</filename>.463 <filename>/etc/hosts</filename>.
486 </para>464 </para>
487 </listitem>465 </listitem>
@@ -492,9 +470,9 @@
492 </listitem>470 </listitem>
493 <listitem>471 <listitem>
494 <para>472 <para>
495 <emphasis role="bold">[NOTFOUND=return]</emphasis> means that any response of 473 <emphasis role="bold">[NOTFOUND=return]</emphasis> means that any response of
496 <emphasis role="italic">notfound</emphasis> by the preceding 474 <emphasis role="italic">notfound</emphasis> by the preceding
497 <emphasis role="italic">mdns4_minimal</emphasis> process should be treated as 475 <emphasis role="italic">mdns4_minimal</emphasis> process should be treated as
498 authoritative and that the system should not try to continue hunting for an answer.476 authoritative and that the system should not try to continue hunting for an answer.
499 </para>477 </para>
500 </listitem>478 </listitem>
@@ -512,9 +490,9 @@
512490
513 <para>491 <para>
514 To modify the order of the above mentioned name resolution methods, you can492 To modify the order of the above mentioned name resolution methods, you can
515 simply change the <emphasis role="italic">hosts:</emphasis> string to the value 493 simply change the <emphasis role="italic">hosts:</emphasis> string to the value
516 of your choosing. For example, if you prefer to use legacy Unicast DNS versus 494 of your choosing. For example, if you prefer to use legacy Unicast DNS versus
517 Multicast DNS, you can change the string in <filename>/etc/nsswitch.conf</filename> 495 Multicast DNS, you can change the string in <filename>/etc/nsswitch.conf</filename>
518 as shown below.496 as shown below.
519 </para>497 </para>
520<programlisting>498<programlisting>
@@ -527,41 +505,26 @@
527 <title>Bridging</title>505 <title>Bridging</title>
528506
529 <para>507 <para>
530 Bridging multiple interfaces is a more advanced configuration, but is very useful in multiple scenarios. 508 Bridging multiple interfaces is a more advanced configuration, but is very useful in multiple scenarios.
531 One scenario is setting up a bridge with multiple network interfaces, then using a firewall to filter traffic509 One scenario is setting up a bridge with multiple network interfaces, then using a firewall to filter traffic
532 between two network segments. Another scenario is using bridge on a system with one interface to allow virtual510 between two network segments. Another scenario is using bridge on a system with one interface to allow virtual
533 machines direct access to the outside network. The following example covers the latter scenario.511 machines direct access to the outside network. The following example covers the latter scenario.
534 </para>512 </para>
535513
536 <para>514 <para>
537 Before configuring a bridge you will need to install the <application>bridge-utils</application> package. To install the 515 Configure the bridge by editing your netplan configuration found
538 package, in a terminal enter:516 in <filename>/etc/netplan/</filename>:
539 </para>
540
541<screen>
542<command>sudo apt install bridge-utils</command>
543</screen>
544
545 <para>
546 Next, configure the bridge by editing <filename>/etc/network/interfaces</filename>:
547 </para>517 </para>
548518
549<programlisting>519<programlisting>
550auto lo520network:
551iface lo inet loopback521 version: 2
552522 renderer: networkd
553auto br0523 bridges:
554iface br0 inet static524 br0:
555 address 192.168.0.10525 dhcp4: yes
556 network 192.168.0.0526 interfaces:
557 netmask 255.255.255.0527 - enp3s0
558 broadcast 192.168.0.255
559 gateway 192.168.0.1
560 bridge_ports eth0
561 bridge_fd 9
562 bridge_hello 2
563 bridge_maxage 12
564 bridge_stp off
565</programlisting>528</programlisting>
566529
567 <note>530 <note>
@@ -571,63 +534,60 @@
571 </note>534 </note>
572535
573 <para>536 <para>
574 Now bring up the bridge:537 Now apply the configuration to enable the bridge:
575 </para>538 </para>
576539
577<screen>540<screen>
578<command>sudo ifup br0</command>541<command>sudo netplan apply</command>
579</screen>542</screen>
580 <para>543 <para>
581 The new bridge interface should now be up and running. The <application>brctl</application> provides useful information544 The new bridge interface should now be up and running. The <application>brctl</application> provides useful information
582 about the state of the bridge, controls which interfaces are part of the bridge, etc. See <command>man brctl</command> 545 about the state of the bridge, controls which interfaces are part of the bridge, etc. See <command>man brctl</command>
583 for more information. 546 for more information.
584 </para>547 </para>
585548
586 </sect2>549 </sect2>
587 <sect2 id="network-config-resources" status="review">550 <sect2 id="network-config-resources" status="review">
588 <title>Resources</title>551 <title>Resources</title>
589 552
590 <para>553 <para>
591 554
592 </para>555 </para>
593556
594 <itemizedlist>557 <itemizedlist>
595 <listitem>558 <listitem>
596 <para>559 <para>
597 The <ulink url="https://help.ubuntu.com/community/Network">Ubuntu Wiki Network page</ulink> has 560 The <ulink url="https://help.ubuntu.com/community/Network">Ubuntu Wiki Network page</ulink> has
598 links to articles covering more advanced network configuration.561 links to articles covering more advanced network configuration.
599 </para>562 </para>
600 </listitem>563 </listitem>
601 <listitem>564 <listitem>
602 <para>565 <para>
603 The <ulink url="http://manpages.ubuntu.com/manpages/man8/resolvconf.8.html">resolvconf man page</ulink> has 566 The <ulink url="https://netplan.io">netplan website</ulink> has additional examples and documentation.
604 more information on resolvconf.567 </para>
605 </para>568 </listitem>
606 </listitem>569 <listitem>
607 <listitem>570 <para>
608 <para>571 The <ulink url="http://manpages.ubuntu.com/manpages/man8/netplan.8.html">netplan man page</ulink> has
609 The <ulink url="http://manpages.ubuntu.com/manpages/man5/interfaces.5.html">interfaces man page</ulink> has 572 more information on netplan.
610 details on more options for <filename>/etc/network/interfaces</filename>.573 </para>
611 </para>574 </listitem>
612 </listitem>575 <listitem>
613 <listitem>576 <para>
614 <para>577 The <ulink url="http://manpages.ubuntu.com/manpages/man1/systemd-resolve.1.html">systemd-resolve man page</ulink> has
615 The <ulink url="http://manpages.ubuntu.com/manpages/man8/dhclient.8.html">dhclient man page</ulink> has 578 details on systemd-resolve command.
616 details on more options for configuring DHCP client settings.579 </para>
617 </para>580 </listitem>
618 </listitem>581 <listitem>
619 <listitem>582 <para>
620 <para>583 The <ulink url="http://manpages.ubuntu.com/manpages/man8/systemd-resolved.8.html">systemd-resolved man page</ulink> has
621 For more information on DNS client configuration see the 584 more information on systemd-resolved service.
622 <ulink url="http://manpages.ubuntu.com/manpages/man5/resolver.5.html">resolver man page</ulink>. Also, Chapter 585 </para>
623 6 of O'Reilly's <ulink url="http://oreilly.com/catalog/linag2/book/ch06.html">Linux Network Administrator's Guide</ulink> is 586 </listitem>
624 a good source of resolver and name service configuration information.587 <listitem>
625 </para>588 <para>
626 </listitem>589 For more information on <emphasis>bridging</emphasis> see the
627 <listitem>590 <ulink url="https://netplan.io/examples">netplan.io examples page</ulink> and the Linux Foundation's
628 <para>
629 For more information on <emphasis>bridging</emphasis> see the
630 <ulink url="http://manpages.ubuntu.com/manpages/man8/brctl.8.html">brctl man page</ulink> and the Linux Foundation's
631 <ulink url="http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge">Networking-Bridge</ulink> page.591 <ulink url="http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge">Networking-Bridge</ulink> page.
632 </para>592 </para>
633 </listitem>593 </listitem>
@@ -638,34 +598,34 @@
638 <sect1 id="tcpip" status="review">598 <sect1 id="tcpip" status="review">
639 <title>TCP/IP</title>599 <title>TCP/IP</title>
640 <para>600 <para>
641 The Transmission Control Protocol and Internet Protocol (TCP/IP) is a standard 601 The Transmission Control Protocol and Internet Protocol (TCP/IP) is a standard
642 set of protocols developed in the late 1970s by the Defense Advanced Research 602 set of protocols developed in the late 1970s by the Defense Advanced Research
643 Projects Agency (DARPA) as a means of communication between different types of 603 Projects Agency (DARPA) as a means of communication between different types of
644 computers and computer networks. TCP/IP is the driving force of the Internet, 604 computers and computer networks. TCP/IP is the driving force of the Internet,
645 and thus it is the most popular set of network protocols on Earth. 605 and thus it is the most popular set of network protocols on Earth.
646 </para>606 </para>
647 <sect2 id="tcpip-introduction" status="review">607 <sect2 id="tcpip-introduction" status="review">
648 <title>TCP/IP Introduction</title> 608 <title>TCP/IP Introduction</title>
649 <para>609 <para>
650 The two protocol components of TCP/IP deal with different aspects of computer networking.610 The two protocol components of TCP/IP deal with different aspects of computer networking.
651 <emphasis>Internet Protocol</emphasis>, the "IP" of TCP/IP is a 611 <emphasis>Internet Protocol</emphasis>, the "IP" of TCP/IP is a
652 connectionless protocol which deals only with network packet routing using the <emphasis 612 connectionless protocol which deals only with network packet routing using the <emphasis
653 role="italics">IP Datagram</emphasis> as the basic unit of networking information. The 613 role="italics">IP Datagram</emphasis> as the basic unit of networking information. The
654 IP Datagram consists of a header followed by a message. The <emphasis>614 IP Datagram consists of a header followed by a message. The <emphasis>
655 Transmission Control Protocol</emphasis> is the "TCP" of TCP/IP and enables network hosts 615 Transmission Control Protocol</emphasis> is the "TCP" of TCP/IP and enables network hosts
656 to establish connections which may be used to exchange data streams. TCP also guarantees 616 to establish connections which may be used to exchange data streams. TCP also guarantees
657 that the data between connections is delivered and that it arrives at one network host in 617 that the data between connections is delivered and that it arrives at one network host in
658 the same order as sent from another network host.618 the same order as sent from another network host.
659 </para>619 </para>
660 </sect2>620 </sect2>
661 <sect2 id="tcpip-configuration" status="review">621 <sect2 id="tcpip-configuration" status="review">
662 <title>TCP/IP Configuration</title>622 <title>TCP/IP Configuration</title>
663 <para>623 <para>
664 The TCP/IP protocol configuration consists of several elements which must be set by 624 The TCP/IP protocol configuration consists of several elements which must be set by
665 editing the appropriate configuration files, or deploying solutions such as the Dynamic 625 editing the appropriate configuration files, or deploying solutions such as the Dynamic
666 Host Configuration Protocol (DHCP) server which in turn, can be configured to provide the 626 Host Configuration Protocol (DHCP) server which in turn, can be configured to provide the
667 proper TCP/IP configuration settings to network clients automatically. These 627 proper TCP/IP configuration settings to network clients automatically. These
668 configuration values must be set correctly in order to facilitate the proper network 628 configuration values must be set correctly in order to facilitate the proper network
669 operation of your Ubuntu system.629 operation of your Ubuntu system.
670 </para>630 </para>
671 <para>631 <para>
@@ -697,7 +657,7 @@
697 <emphasis role="bold">Network Address</emphasis> The Network Address represents the657 <emphasis role="bold">Network Address</emphasis> The Network Address represents the
698 bytes comprising the network portion of an IP address. For example, the host 12.128.1.2658 bytes comprising the network portion of an IP address. For example, the host 12.128.1.2
699 in a Class A network would use 12.0.0.0 as the network address, where twelve (12)659 in a Class A network would use 12.0.0.0 as the network address, where twelve (12)
700 represents the first byte of the IP address, (the network part) and zeroes (0) 660 represents the first byte of the IP address, (the network part) and zeroes (0)
701 in all of the remaining three bytes to represent the potential host values. A network661 in all of the remaining three bytes to represent the potential host values. A network
702 host using the private IP address 192.168.1.100662 host using the private IP address 192.168.1.100
703 would in turn use a Network Address of 192.168.1.0, which specifies the first three663 would in turn use a Network Address of 192.168.1.0, which specifies the first three
@@ -714,28 +674,28 @@
714 every host on the Internet because routers block it. A more appropriate broadcast address674 every host on the Internet because routers block it. A more appropriate broadcast address
715 is set to match a specific subnetwork. For example, on the private Class C IP network,675 is set to match a specific subnetwork. For example, on the private Class C IP network,
716 192.168.1.0, the broadcast address is 192.168.1.255. Broadcast messages are676 192.168.1.0, the broadcast address is 192.168.1.255. Broadcast messages are
717 typically produced by network protocols such as the Address Resolution Protocol (ARP) and the 677 typically produced by network protocols such as the Address Resolution Protocol (ARP) and the
718 Routing Information Protocol (RIP). 678 Routing Information Protocol (RIP).
719 </para>679 </para>
720 </listitem>680 </listitem>
721 <listitem>681 <listitem>
722 <para>682 <para>
723 <emphasis role="bold">Gateway Address</emphasis> A Gateway Address is the IP address through which683 <emphasis role="bold">Gateway Address</emphasis> A Gateway Address is the IP address through which
724 a particular network, or host on a network, may be reached. If one network host wishes to communicate684 a particular network, or host on a network, may be reached. If one network host wishes to communicate
725 with another network host, and that host is not located on the same network, then a 685 with another network host, and that host is not located on the same network, then a
726 <emphasis>gateway</emphasis> must be used. In many cases, the Gateway Address will be that686 <emphasis>gateway</emphasis> must be used. In many cases, the Gateway Address will be that
727 of a router on the same network, which will in turn pass traffic on to other networks or hosts, such as687 of a router on the same network, which will in turn pass traffic on to other networks or hosts, such as
728 Internet hosts. The value of the Gateway Address setting must be correct, or your system will not be able688 Internet hosts. The value of the Gateway Address setting must be correct, or your system will not be able
729 to reach any hosts beyond those on the same network. 689 to reach any hosts beyond those on the same network.
730 </para>690 </para>
731 </listitem>691 </listitem>
732 <listitem>692 <listitem>
733 <para>693 <para>
734 <emphasis role="bold">Nameserver Address</emphasis> Nameserver Addresses represent the IP addresses of694 <emphasis role="bold">Nameserver Address</emphasis> Nameserver Addresses represent the IP addresses of
735 Domain Name Service (DNS) systems, which resolve network hostnames into IP addresses. There are three levels of695 Domain Name Service (DNS) systems, which resolve network hostnames into IP addresses. There are three levels of
736 Nameserver Addresses, which may be specified in order of precedence: The 696 Nameserver Addresses, which may be specified in order of precedence: The
737 <emphasis>Primary</emphasis>697 <emphasis>Primary</emphasis>
738 Nameserver, the <emphasis>Secondary</emphasis> Nameserver, and the 698 Nameserver, the <emphasis>Secondary</emphasis> Nameserver, and the
739 <emphasis>Tertiary</emphasis>699 <emphasis>Tertiary</emphasis>
740 Nameserver. In order for your system to be able to resolve network hostnames into their700 Nameserver. In order for your system to be able to resolve network hostnames into their
741 corresponding IP addresses, you must specify valid Nameserver Addresses which you are authorized to use701 corresponding IP addresses, you must specify valid Nameserver Addresses which you are authorized to use
@@ -771,18 +731,18 @@
771 to direct the forwarding of network data packets from their source to the destination, often731 to direct the forwarding of network data packets from their source to the destination, often
772 via many intermediary network nodes known as <emphasis>routers</emphasis>.732 via many intermediary network nodes known as <emphasis>routers</emphasis>.
773 There are two primary forms of733 There are two primary forms of
774 IP routing: <emphasis>Static Routing</emphasis> and 734 IP routing: <emphasis>Static Routing</emphasis> and
775 <emphasis>Dynamic Routing.</emphasis>735 <emphasis>Dynamic Routing.</emphasis>
776 </para>736 </para>
777 <para>737 <para>
778 Static routing involves manually adding IP routes to the system's routing table, and this is usually738 Static routing involves manually adding IP routes to the system's routing table, and this is usually
779 done by manipulating the routing table with the <application>route</application> command. Static routing enjoys739 done by manipulating the routing table with the <application>route</application> command. Static routing enjoys
780 many advantages over dynamic routing, such as simplicity of implementation on smaller networks, 740 many advantages over dynamic routing, such as simplicity of implementation on smaller networks,
781 predictability (the routing table is always computed in advance, and thus the route is precisely the 741 predictability (the routing table is always computed in advance, and thus the route is precisely the
782 same each time it is used), and low overhead on other routers and network links due to the lack of a742 same each time it is used), and low overhead on other routers and network links due to the lack of a
783 dynamic routing protocol. However, static routing does present some disadvantages as well. For example,743 dynamic routing protocol. However, static routing does present some disadvantages as well. For example,
784 static routing is limited to small networks and does not scale well. Static routing also fails completely744 static routing is limited to small networks and does not scale well. Static routing also fails completely
785 to adapt to network outages and failures along the route due to the fixed nature of the route. 745 to adapt to network outages and failures along the route due to the fixed nature of the route.
786 </para>746 </para>
787 <para>747 <para>
788 Dynamic routing depends on large networks with multiple possible IP routes from a source to a destination748 Dynamic routing depends on large networks with multiple possible IP routes from a source to a destination
@@ -805,7 +765,7 @@
805 determines when the flow of a data stream needs to be stopped, and previously sent data765 determines when the flow of a data stream needs to be stopped, and previously sent data
806 packets should to be re-sent due to problems such as <emphasis>collisions</emphasis>,766 packets should to be re-sent due to problems such as <emphasis>collisions</emphasis>,
807 for example, thus ensuring complete and accurate delivery of the data. TCP is typically767 for example, thus ensuring complete and accurate delivery of the data. TCP is typically
808 used in the exchange of important information such as database transactions. 768 used in the exchange of important information such as database transactions.
809 </para>769 </para>
810 <para>770 <para>
811 The User Datagram Protocol (UDP), on the other hand, is a <emphasis>connectionless</emphasis>771 The User Datagram Protocol (UDP), on the other hand, is a <emphasis>connectionless</emphasis>
@@ -823,7 +783,7 @@
823 in the Request For Comments (RFC) #792 and supports network packets containing control, error, and783 in the Request For Comments (RFC) #792 and supports network packets containing control, error, and
824 informational messages. ICMP is used by such network applications as the <application>ping</application>784 informational messages. ICMP is used by such network applications as the <application>ping</application>
825 utility, which can determine the availability of a network host or device. Examples of some error messages785 utility, which can determine the availability of a network host or device. Examples of some error messages
826 returned by ICMP which are useful to both network hosts and devices such as routers, include 786 returned by ICMP which are useful to both network hosts and devices such as routers, include
827 <emphasis>Destination Unreachable</emphasis> and <emphasis>Time Exceeded</emphasis>.787 <emphasis>Destination Unreachable</emphasis> and <emphasis>Time Exceeded</emphasis>.
828 </para>788 </para>
829 </sect2>789 </sect2>
@@ -833,9 +793,9 @@
833 Daemons are special system applications which typically execute continuously in the background and793 Daemons are special system applications which typically execute continuously in the background and
834 await requests for the functions they provide from other applications. Many daemons are network-centric; that is,794 await requests for the functions they provide from other applications. Many daemons are network-centric; that is,
835 a large number of daemons executing in the background on an Ubuntu system may provide network-related functionality.795 a large number of daemons executing in the background on an Ubuntu system may provide network-related functionality.
836 Some examples of such network daemons include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> 796 Some examples of such network daemons include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis>
837 (httpd), which provides web server functionality; the <emphasis>Secure SHell Daemon</emphasis> (sshd), which797 (httpd), which provides web server functionality; the <emphasis>Secure SHell Daemon</emphasis> (sshd), which
838 provides secure remote login shell and file transfer capabilities; and the <emphasis>Internet Message Access 798 provides secure remote login shell and file transfer capabilities; and the <emphasis>Internet Message Access
839 Protocol Daemon</emphasis> (imapd), which provides E-Mail services.799 Protocol Daemon</emphasis> (imapd), which provides E-Mail services.
840 </para>800 </para>
841 </sect2>801 </sect2>
@@ -867,10 +827,10 @@
867 <sect1 id="dhcp" status="review">827 <sect1 id="dhcp" status="review">
868 <title>Dynamic Host Configuration Protocol (DHCP)</title>828 <title>Dynamic Host Configuration Protocol (DHCP)</title>
869 <para>829 <para>
870 The Dynamic Host Configuration Protocol (DHCP) is a network service that enables 830 The Dynamic Host Configuration Protocol (DHCP) is a network service that enables
871 host computers to be automatically assigned settings from a server as opposed to831 host computers to be automatically assigned settings from a server as opposed to
872 manually configuring each network host. Computers configured to be DHCP clients have832 manually configuring each network host. Computers configured to be DHCP clients have
873 no control over the settings they receive from the DHCP server, and the 833 no control over the settings they receive from the DHCP server, and the
874 configuration is transparent to the computer's user.834 configuration is transparent to the computer's user.
875 </para>835 </para>
876 <para>836 <para>
@@ -908,8 +868,8 @@
908 The advantage of using DHCP is that changes to the network, for example a change868 The advantage of using DHCP is that changes to the network, for example a change
909 in the address of the DNS server, need only be changed at the DHCP server, and all869 in the address of the DNS server, need only be changed at the DHCP server, and all
910 network hosts will be reconfigured the next time their DHCP clients poll the870 network hosts will be reconfigured the next time their DHCP clients poll the
911 DHCP server. As an added advantage, it is also easier to integrate new computers 871 DHCP server. As an added advantage, it is also easier to integrate new computers
912 into the network, as there is no need to check for the availability of an IP 872 into the network, as there is no need to check for the availability of an IP
913 address. Conflicts in IP address allocation are also reduced.873 address. Conflicts in IP address allocation are also reduced.
914 </para>874 </para>
915 <para>875 <para>
@@ -924,7 +884,7 @@
924 of each network card connected to the network and then continually884 of each network card connected to the network and then continually
925 supplying a constant configuration each time the DHCP client makes a885 supplying a constant configuration each time the DHCP client makes a
926 request to the DHCP server using that network device. This ensures that886 request to the DHCP server using that network device. This ensures that
927 a particular address is assigned automatically to that network card, 887 a particular address is assigned automatically to that network card,
928 based on it's MAC address.888 based on it's MAC address.
929 </para>889 </para>
930 </listitem>890 </listitem>
@@ -934,13 +894,13 @@
934 <listitem>894 <listitem>
935 <para>895 <para>
936 In this method, the DHCP server will assign an IP address from a pool of addresses896 In this method, the DHCP server will assign an IP address from a pool of addresses
937 (sometimes also called a range or scope) for a period of time or lease, that is 897 (sometimes also called a range or scope) for a period of time or lease, that is
938 configured on the server or until the client informs the server that it doesn't 898 configured on the server or until the client informs the server that it doesn't
939 need the address anymore. This way, the clients will be receiving their configuration899 need the address anymore. This way, the clients will be receiving their configuration
940 properties dynamically and on a "first come, first served" basis. When a DHCP client900 properties dynamically and on a "first come, first served" basis. When a DHCP client
941 is no longer on the network for a specified period, the configuration is expired and 901 is no longer on the network for a specified period, the configuration is expired and
942 released back to the address pool for use by other DHCP Clients. This way, an address902 released back to the address pool for use by other DHCP Clients. This way, an address
943 can be leased or used for a period of time. After this period, the client has to 903 can be leased or used for a period of time. After this period, the client has to
944 renegociate the lease with the server to maintain use of the address.904 renegociate the lease with the server to maintain use of the address.
945 </para>905 </para>
946 </listitem>906 </listitem>
@@ -950,7 +910,7 @@
950 <listitem>910 <listitem>
951 <para>911 <para>
952 Using this method, the DHCP automatically assigns an IP address permanently to a device,912 Using this method, the DHCP automatically assigns an IP address permanently to a device,
953 selecting it from a pool of available addresses. Usually DHCP is used to assign a 913 selecting it from a pool of available addresses. Usually DHCP is used to assign a
954 temporary address to a client, but a DHCP server can allow an infinite lease time.914 temporary address to a client, but a DHCP server can allow an infinite lease time.
955 </para>915 </para>
956 </listitem>916 </listitem>
@@ -962,12 +922,9 @@
962 is in how long the IP address is leased, in other words whether a client's address varies922 is in how long the IP address is leased, in other words whether a client's address varies
963 over time.923 over time.
964924
965 Ubuntu is shipped with both DHCP server and client. The server is925 The DHCP server Ubuntu makes available is
966 <application>dhcpd</application> (dynamic host configuration protocol daemon).926 <application>dhcpd</application> (dynamic host configuration protocol daemon),
967 The client provided with Ubuntu is <application>dhclient</application> and should 927 which is easy to install and configure and will be automatically started at system boot.
968 be installed on all computers required to be automatically configured. Both
969 programs are easy to install and configure and will be automatically started at
970 system boot.
971 </para>928 </para>
972 <sect2 id="dhcp-installation" status="review">929 <sect2 id="dhcp-installation" status="review">
973 <title>Installation</title>930 <title>Installation</title>
@@ -1011,15 +968,15 @@
1011 option routers 192.168.1.254;968 option routers 192.168.1.254;
1012 option domain-name-servers 192.168.1.1, 192.168.1.2;969 option domain-name-servers 192.168.1.1, 192.168.1.2;
1013 option domain-name "mydomain.example";970 option domain-name "mydomain.example";
1014} 971}
1015</programlisting>972</programlisting>
1016 <para>973 <para>
1017 This will result in the DHCP server giving clients an IP address from the range974 This will result in the DHCP server giving clients an IP address from the range
1018 192.168.1.150-192.168.1.200. It will lease an IP975 192.168.1.150-192.168.1.200. It will lease an IP
1019 address for 600 seconds if the client doesn't ask for a specific time frame. 976 address for 600 seconds if the client doesn't ask for a specific time frame.
1020 Otherwise the maximum (allowed) lease will be 7200 seconds. The server will also 977 Otherwise the maximum (allowed) lease will be 7200 seconds. The server will also
1021 "advise" the client to use 192.168.1.254 as the default-gateway and 978 "advise" the client to use 192.168.1.254 as the default-gateway and
1022 192.168.1.1 and 192.168.1.2 as its DNS servers. 979 192.168.1.1 and 192.168.1.2 as its DNS servers.
1023 </para>980 </para>
1024 <para>981 <para>
1025 After changing the config file you have to restart the982 After changing the config file you have to restart the
@@ -1040,7 +997,7 @@
1040 </listitem>997 </listitem>
1041 <listitem>998 <listitem>
1042 <para>999 <para>
1043 For more <filename>/etc/dhcp/dhcpd.conf</filename> options see the 1000 For more <filename>/etc/dhcp/dhcpd.conf</filename> options see the
1044 <ulink url="http://manpages.ubuntu.com/manpages/&distro-short-codename;/en/man5/dhcpd.conf.5.html">dhcpd.conf man page</ulink>.1001 <ulink url="http://manpages.ubuntu.com/manpages/&distro-short-codename;/en/man5/dhcpd.conf.5.html">dhcpd.conf man page</ulink>.
1045 </para>1002 </para>
1046 </listitem>1003 </listitem>
@@ -1057,10 +1014,10 @@
1057 <sect1 id="NTP" status="review">1014 <sect1 id="NTP" status="review">
1058 <title>Time Synchronization</title>1015 <title>Time Synchronization</title>
1059 <para>1016 <para>
1060NTP is a TCP/IP protocol for synchronizing time over a network. Basically a client requests the current time from a server, and uses it to set its own clock. 1017NTP is a TCP/IP protocol for synchronizing time over a network. Basically a client requests the current time from a server, and uses it to set its own clock.
1061</para>1018</para>
1062 <para>1019 <para>
1063Behind this simple description, there is a lot of complexity - there are tiers of NTP servers, with the tier one NTP servers connected to atomic clocks, and tier two and three servers spreading the load of actually handling requests across the Internet. Also the client software is a lot more complex than you might think - it has to factor out communication delays, and adjust the time in a way that does not upset all the other processes that run on the server. But luckily all that complexity is hidden from you! 1020Behind this simple description, there is a lot of complexity - there are tiers of NTP servers, with the tier one NTP servers connected to atomic clocks, and tier two and three servers spreading the load of actually handling requests across the Internet. Also the client software is a lot more complex than you might think - it has to factor out communication delays, and adjust the time in a way that does not upset all the other processes that run on the server. But luckily all that complexity is hidden from you!
1064</para>1021</para>
1065 <para>1022 <para>
1066 Ubuntu by default uses <emphasis>timedatectl / timesyncd</emphasis> to synchronize time and users can optionally use chrony to <xref linkend="timeservers"/>.1023 Ubuntu by default uses <emphasis>timedatectl / timesyncd</emphasis> to synchronize time and users can optionally use chrony to <xref linkend="timeservers"/>.
@@ -1573,10 +1530,10 @@
1573Network devices using kernel driver1530Network devices using kernel driver
1574===================================1531===================================
15750000:02:00.0 &apos;NetXtreme BCM5719 Gigabit Ethernet PCIe&apos; if=eth0 drv=tg3 unused=uio_pci_generic *Active*15320000:02:00.0 &apos;NetXtreme BCM5719 Gigabit Ethernet PCIe&apos; if=eth0 drv=tg3 unused=uio_pci_generic *Active*
15760000:02:00.1 &apos;NetXtreme BCM5719 Gigabit Ethernet PCIe&apos; if=eth1 drv=tg3 unused=uio_pci_generic 15330000:02:00.1 &apos;NetXtreme BCM5719 Gigabit Ethernet PCIe&apos; if=eth1 drv=tg3 unused=uio_pci_generic
15770000:02:00.2 &apos;NetXtreme BCM5719 Gigabit Ethernet PCIe&apos; if=eth2 drv=tg3 unused=uio_pci_generic 15340000:02:00.2 &apos;NetXtreme BCM5719 Gigabit Ethernet PCIe&apos; if=eth2 drv=tg3 unused=uio_pci_generic
15780000:02:00.3 &apos;NetXtreme BCM5719 Gigabit Ethernet PCIe&apos; if=eth3 drv=tg3 unused=uio_pci_generic 15350000:02:00.3 &apos;NetXtreme BCM5719 Gigabit Ethernet PCIe&apos; if=eth3 drv=tg3 unused=uio_pci_generic
15790000:04:00.1 &apos;Ethernet Controller 10-Gigabit X540-AT2&apos; if=eth5 drv=ixgbe unused=uio_pci_generic 15360000:04:00.1 &apos;Ethernet Controller 10-Gigabit X540-AT2&apos; if=eth5 drv=ixgbe unused=uio_pci_generic
15801537
1581Other network devices1538Other network devices
1582=====================1539=====================

Subscribers

People subscribed via source and target branches