Chapter 1. Overview of networking topics
The following sections mention some commands to be performed. The commands that need to be entered by the
root user have
~]# in the prompt, while the commands that can be performed by a regular user, have
~]$ in their prompt.
1.1. IP versus non-IP networks
A network is a system of interconnected devices that can communicate sharing information and resources, such as files, printers, applications, and Internet connection. Each of these devices has a unique Internet Protocol (IP) address to send and receive messages between two or more devices using a set of rules called protocol.
Categories of network communication
- IP networks
- Networks that communicate through IP addresses. An IP network is implemented in the Internet and most internal networks. Ethernet, cable modems, DSL modems, dial-up modems, wireless networks, and VPN connections are typical examples.
- non-IP networks
- Networks that are used to communicate through a lower layer rather than the transport layer. Note that these networks are rarely used. InfiniBand is a non-IP network.
1.2. Static versus dynamic IP addressing
- Static IP addressing
When a device is assigned a static IP address, the address does not change over time unless changed manually. Use static
IPaddressing if you want:
To ensure network address consistency for servers such as
DNS, and authentication servers.
To use out-of-band management devices that work independently of other network infrastructure.
All the configuration tools listed in Section 6.1, “Selecting network configuration methods” allow assigning static
- To ensure network address consistency for servers such as
- Dynamic IP addressing
When a device is assigned a dynamic IP address, the address changes over time. For this reason, it is recommended for devices that connect to the network occasionally because IP address might be changed after rebooting the machine.
Dynamic IP addresses are more flexible, easier to set up and administer. The Dynamic Host Control Protocol (DHCP) is a traditional method of dynamically assigning network configurations to hosts.
There is no strict rule defining when to use static or dynamic IP address. It depends on user’s needs, preferences and the network environment.
1.3. Configuring the DHCP client behavior
A Dynamic Host Configuration Protocol (DHCP) client requests the dynamic IP address and corresponding configuration information from a DHCP server each time a client connects to the network.
Configuring the DHCP timeout
DHCP connection is started, a dhcp client requests an IP address from a
DHCP server. The time that a dhcp client waits for this request to be completed is 45 seconds by default. This procedure describes how you can configure the
ipv4.dhcp-timeout property using the nmcli tool or the
IPV4_DHCP_TIMEOUT option in the
/etc/sysconfig/network-scripts/ifcfg-ifname file. For example, using nmcli:
nmcli connection modify enp1s0 ipv4.dhcp-timeout 10
If an address cannot be obtained during this interval, the IPv4 configuration fails. The whole connection may fail, too, and this depends on the
ipv4.may-failis set to yes (default), the state of the connection depends on IPv6 configuration:
- If the IPv6 configuration is enabled and successful, the connection is activated, but the IPv4 configuration can never be retried again.
- If the IPv6 configuration is disabled or does not get configured, the connection fails.
ipv4.may-failis set to no the connection is deactivated. In this case:
autoconnectproperty of the connection is enabled, NetworkManager retries to activate the connection as many times as set in the
autoconnect-retriesproperty. The default is 4.
If the connection still cannot acquire the dhcp address, auto-activation fails.
Note that after 5 minutes, the auto-connection process starts again and the dhcp client retries to acquire an address from the dhcp server.
- If the
Lease renewal and expiration
After a DHCP lease is acquired successfully, NetworkManager configures the interface with parameters received from the DHCP server for the given time, and tries to renew the lease periodically. When the lease expires and cannot be renewed, NetworkManager continues trying to contact the server up to 8 minutes. If the other IP configuration, either IPv4 or IPv6 is successful, DHCP requests continue as long as the connection is active.
1.3.1. Making DHCPv4 persistent
To make DHCPv4 persistent both at startup and during the lease renewal processes, set the
ipv4.dhcp-timeout property either to the maximum for a 32-bit integer (MAXINT32), which is
2147483647, or to the
nmcli connection modify enp1s0 ipv4.dhcp-timeout infinity
As a result, NetworkManager never stops trying to get or renew a lease from a DHCP server until it is successful.
To ensure a DHCP persistent behavior only during the lease renewal process, you can manually add a static IP to the
IPADDR property in the
/etc/sysconfig/network-scripts/ifcfg-device_name configuration file or by using nmcli:
nmcli connection modify enp1s0 ipv4.address 192.168.122.88/24
When an IP address lease expires, the static IP preserves the IP state as configured or partially configured - you can have an IP address, but you are not connected to the Internet.
1.4. InfiniBand and RDMA networks
For details about InfiniBand and Remote Direct Memory Access (RDMA) networks, see the Configuring InfiniBand and RDMA networks documentation.
1.5. Setting the wireless regulatory domain
In Red Hat Enterprise Linux, the crda package contains the Central Regulatory Domain Agent that provides the kernel with the wireless regulatory rules for a given jurisdiction. It is used by certain udev scripts and should not be run manually unless debugging udev scripts. The kernel runs crda by sending a udev event upon a new regulatory domain change. Regulatory domain changes are triggered by the Linux wireless subsystem (IEEE-802.11). This subsystem uses the
regulatory.bin file to keep its regulatory database information.
setregdomain utility sets the regulatory domain for your system.
Setregdomain takes no arguments and is usually called through system script such as udev rather than manually by the administrator. If a country code look-up fails, the system administrator can define the
COUNTRY environment variable in the
See the following man pages for more information about the regulatory domain:
setregdomain(1)man page — Sets regulatory domain based on country code.
crda(8)man page — Sends to the kernel a wireless regulatory domain for a given ISO or IEC 3166 alpha2.
regulatory.bin(5)man page — Shows the Linux wireless regulatory database.
iw(8)man page — Shows or manipulates wireless devices and their configuration.
1.6. Using network kernel tunables with sysctl
Using certain kernel tunables through the
sysctl utility, you can adjust network configuration on a running system and directly affect the networking performance.
To change network settings, use the
sysctl commands. For permanent changes that persist across system restarts, add lines to the
To display a list of all available
sysctl parameters, enter as
1.7. Managing data using the ncat utility
ncat utility is a reliable back-end tool that provides network connectivity to other applications and users. It reads and writes data across the network from the command line, and uses the Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Stream Control Transmission Protocol (SCTP), or Unix sockets for communication. The
ncat utility can handle both the IPv4 and IPv6 protocols, open connections, send packets, perform port scanning, and supports higher-level features such as TLS, and and connection broker.
To install the ncat package, enter as
~]# yum install nmap-ncat
Brief selection of ncat use cases
Example 1.1. Enabling communication between a client and a server
Set a client machine to listen for connections on TCP port 8080:
ncat -l 8080
On a server machine, specify the IP address of the client and use the same port number:
ncat 10.0.11.60 8080
You can send messages on either side of the connection and they appear on both local and remote machines.
Ctrl+Dto close the TCP connection.
To check a UDP port, use the same
nc commands with the
–u option. For example:
ncat -u -l 8080
Example 1.2. Sending files
Instead of printing information on the screen, as mentioned in the previous example, you can send all information to a file. For example, to send a file over TCP port 8080 from a client to a server:
On a client machine, to listen a specific port transferring a file to the server machine:
ncat -l 8080 > outputfile
On a server machine, specify the IP address of the client, the port and the file which is to be transferred:
ncat -l 10.0.11.60 8080 < inputfile
After the file is transferred, the connection closes automatically.
You can transfer a file in the other direction as well:
ncat -l 8080 < inputfile
ncat -l 10.0.11.60 8080 > outputfile
Example 1.3. Creating an HTTP proxy server
To create an HTTP proxy server on localhost port 8080:
ncat -l --proxy-type http localhost 8080
Example 1.4. Port scanning
To view which ports are open, use the
–z option and specify a range of ports to scan:
ncat -z 10.0.11.60 80-90Connection to 192.168.0.1 80 port [tcp/http] succeeded!
Example 1.5. Setting up secure client-server communication using SSL
SSL on a server:
ncat -e /bin/bash -k -l 8080 --ssl
On a client machine:
ncat --ssl 10.0.11.60 8080
To ensure true confidentiality of the
SSL connection, the server requires the
--ssl-key options, and the client requires the
For more examples, see the ncat(1) man page.