Chapter 14. Networking

Support for latest Bluetooth, including Bluetooth LE

This update provides latest Bluetooth support, including support for connecting to Bluetooth Low Energy (LE) devices. This helps to ensure proper functionality of Internet of Things (IoT) devices. (BZ#1296707)

Open vSwitch now uses kernel lightweight tunnel support

With this update, the Open vSwitch (OVS) implementation now uses kernel lightweight tunnel support for VXLAN, GRE, and GENEVE tunnels. This allows you to eliminate duplicate functionality in the OVS vport implementation and also brings OVS benefits from feature and performance improvements in the base kernel, such as destination caching support or hardware off-loading. (BZ#1283886)

Bulking in the memory allocator subsystem is now supported

With this update, the kernel supports batching of memory allocation and memory freeing. Currently, this performance optimization is used only in the networking stack to free consecutive network packets. (BZ#1268334)

NetworkManager now supports LLDP

With this update, NetworkManager can now listen for Link Layer Discovery Protocol (LLDP) messages on given interfaces and expose information about found neighboring nodes through D-bus and nmcli. This feature is disabled by default, but you can enable it through the connection.lldp property or the LLDP variable in the ifcfg files. (BZ#1142898)

DHCP timeout in NetworkManager is configurable

The faster fallback in a Dynamic Host Configuration Protocol (DHCP) negotiation is useful in case a server is not present. With this update, the user can set the value of the ipv4.dhcp-timeout property or the IPV4_DHCP_TIMEOUT option in the ifcfg files. As a result, NetworkManager waits for a response from the DHCP server only for a given time. (BZ#1262922)

NetworkManager now detects duplicate IPv4 addresses

With this update, NetworkManager performs a check to detect duplicate IPv4 addresses when activating a new connection. If the address in LAN is already assigned, the connection activation fails. This feature is disabled by default, but you can enable it by the ipv4.dad-timeout property or the ARPING_WAIT variable in the ifcfg files. (BZ#1259063)

NetworkManager now controls the host name using systemd-hostnamed

With this update, NetworkManager uses the systemd-hostnamed service to read and write the static host name, which is stored in the /etc/hostname file. Due to this change, manual modifications done to the /etc/hostname file are no longer picked up automatically by NetworkManager; users should change the system host name through the hostnamectl utility. Also, the use of the HOSTNAME variable in the /etc/sysconfig/network file is now deprecated. (BZ#1367916)

NetworkManager now uses a randomized MAC address during wireless network scanning

During wireless network scanning, NetworkManager now uses a randomized MAC address for privacy by default. This can be explicitly disabled in configuration. (BZ#1388471)

bridge_netfilter rebased to version 4.4

The bridge_netfilter subsystem has been upgraded to upstream version 4.4, which provides a number of bug fixes and enhancements over the previous version. Most notably, the bridge forwarding performance is significantly improved, the bridge_netfilter hooks are now not registered by default, and functional issues in the fragments forwarding are fixed. (BZ#1265259)

libnl3 rebased to version 3.2.28

The libnl3 packages have been upgraded to version 3.2.28, which provides a number of bug fixes and enhancements. Among others:
  • Library symbol versioning has been added
  • Suport for new kernel features and device types has been added
  • A new libnl-xfrm-3 library is now included
  • This version provides a resynchronisation with upstream (BZ#1296058)

Additional policies for the PR-SCTP extension are now supported

The Partially Reliable SCTP (PR-SCTP) extension defined in RFC3758 provides a generic method for senders to abandon user messages. With this update, three additional PR-SCTP policies are supported:
  • Timed Reliability: This allows the sender to specify a timeout for a user message. The SCTP stack abandons the user message after the timeout expires.
  • Limited Retransmission Policy: Allows limitation of the number of retransmissions.
  • Priority Policy: Allows removal of lower-priority messages if space for higher-priority messages is needed in the send buffer. (BZ#965453)

Man pages for tc filter actions were added to the iproute package

With this update, man pages for the iproute utility's tc filter actions have been added. Every tc action has now a corresponding man page, which includes synopsis, options, and detailed functional description. (BZ#1275426)

The iproute utility can now prevent the physical interface used with MACVLAN from entering promiscuous mode by default

The new MACVLAN_FLAG_NOPROMISC flag allows the user to control entering physical interfaces in promiscuous mode by default after creating and setting up pass-through mode. This feature is useful in cases where all end stations' MAC addresses are known and the user wants to avoid the overhead of processing every packet the interface receives. (BZ#1013584)

New IFA_F_NOPREFIXROUTE flag to prevent automatic route creation

Previously, the user can not explicitly select the preferred interface when multiple ones belong to the same local network. With this update, the IFA_F_NOPREFIXROUTE netlink flag allows preventing automatic route creation when adding a new IPv4 address to a network interface. (BZ#1221311)

The ip command can now display bridge configuration

With this update, you can use the ip tool instead of the brctl tool to display network bridge configuration. (BZ#1270763)

ss now supports monitoring per connection TCP re-transmission

With this update, the ss command output includes the bytes_acked, bytes_received, segs_in, and segs_out fields, unless they are null. This feature improves link quality monitoring. (BZ#1269051)

iPXE packages rebased to support IPv6 on physical computers

The ipxe-bootimgs and ipxe-roms packages have been rebased to upstream commit 6366fa7a to support network booting over IPv6 on physical installations of Red Hat Enterprise Linux 7. (BZ#1298313)

New packages: libvma

libvma is a dynamically linked user space library for transparently enhancing the performance of TCP and UDP networking-heavy applications over Remote Direct Memory Access (RDMA)-capable network interface controllers. It allows standard socket API applications to run with the full network stack bypass from user space, which results in latency reduction, increased throughput, and increased packet rate.
libvma is currently limited to Mellanox ConnectX-3 Infiniband and Ethernet ports and Mellanox ConnectX-4 Ethernet ports. Mellanox ConnectX-4 Infiniband ports are not supported. (BZ#1271624)

A new --unix-socket option in curl

The curl utility is now able to connect through a Unix domain socket instead of using TCP/IP if the new --unix-socket option is specified. This feature is used by Docker REST API for monitoring. (BZ#1263318)

Kernel support for the newly added iproute commands

This updated version of Red Hat Enterprise Linux 7 adds kernel support to reach the right functionality of newly added iproute commands. The provided patchset includes: -extension of the IPsec interface which allows prefixed policies to be hashed -inclusion of the hash prefixed policies based on preflen thresholds -configuration of policy hash table thresholds by netlink (BZ#1212026)