Chapter 1. Overview of networking topics

Note

The following sections mention some commands to be performed. The commands that need to be entered by the root user have ~]# in the prompt, while the commands that can be performed by a regular user, have ~]$ in their prompt.

1.1. IP versus non-IP networks

A network is a system of interconnected devices that can communicate sharing information and resources, such as files, printers, applications, and Internet connection. Each of these devices has a unique Internet Protocol (IP) address to send and receive messages between two or more devices using a set of rules called protocol.

Categories of network communication

IP networks
Networks that communicate through IP addresses. An IP network is implemented in the Internet and most internal networks. Ethernet, cable modems, DSL modems, dial-up modems, wireless networks, and VPN connections are typical examples.
non-IP networks
Networks that are used to communicate through a lower layer rather than the transport layer. Note that these networks are rarely used. InfiniBand is a non-IP network.

1.2. Static versus dynamic IP addressing

Static IP addressing

When a device is assigned a static IP address, the address does not change over time unless changed manually. Use static IP addressing if you want:

  • To ensure network address consistency for servers such as DNS, and authentication servers.
  • To use out-of-band management devices that work independently of other network infrastructure.

    All the configuration tools listed in Section 6.1, “Selecting network configuration methods” allow assigning static IP addresses manually.

Dynamic IP addressing

When a device is assigned a dynamic IP address, the address changes over time. For this reason, it is recommended for devices that connect to the network occasionally because IP address might be changed after rebooting the machine.

Dynamic IP addresses are more flexible, easier to set up and administer. The Dynamic Host Control Protocol (DHCP) is a traditional method of dynamically assigning network configurations to hosts.

Note

There is no strict rule defining when to use static or dynamic IP address. It depends on user’s needs, preferences and the network environment.

1.3. Configuring the DHCP client behavior

A Dynamic Host Configuration Protocol (DHCP) client requests the dynamic IP address and corresponding configuration information from a DHCP server each time a client connects to the network.

Configuring the DHCP timeout

When a DHCP connection is started, a dhcp client requests an IP address from a DHCP server. The time that a dhcp client waits for this request to be completed is 45 seconds by default. This procedure describes how you can configure the ipv4.dhcp-timeout property using the nmcli tool or the IPV4_DHCP_TIMEOUT option in the /etc/sysconfig/network-scripts/ifcfg-ifname file. For example, using nmcli:

~]# nmcli connection modify enp1s0 ipv4.dhcp-timeout 10

If an address cannot be obtained during this interval, the IPv4 configuration fails. The whole connection may fail, too, and this depends on the ipv4.may-fail property:

  • If ipv4.may-fail is set to yes (default), the state of the connection depends on IPv6 configuration:

    1. If the IPv6 configuration is enabled and successful, the connection is activated, but the IPv4 configuration can never be retried again.
    2. If the IPv6 configuration is disabled or does not get configured, the connection fails.
  • If ipv4.may-fail is set to no the connection is deactivated. In this case:

    1. If the autoconnect property of the connection is enabled, NetworkManager retries to activate the connection as many times as set in the autoconnect-retries property. The default is 4.
    2. If the connection still cannot acquire the dhcp address, auto-activation fails.

      Note that after 5 minutes, the auto-connection process starts again and the dhcp client retries to acquire an address from the dhcp server.

Lease renewal and expiration

After a DHCP lease is acquired successfully, NetworkManager configures the interface with parameters received from the DHCP server for the given time, and tries to renew the lease periodically. When the lease expires and cannot be renewed, NetworkManager continues trying to contact the server up to 8 minutes. If the other IP configuration, either IPv4 or IPv6 is successful, DHCP requests continue as long as the connection is active.

1.3.1. Making DHCPv4 persistent

To make DHCPv4 persistent both at startup and during the lease renewal processes, set the ipv4.dhcp-timeout property either to the maximum for a 32-bit integer (MAXINT32), which is 2147483647, or to the infinity value:

~]$ nmcli connection modify enp1s0 ipv4.dhcp-timeout infinity

As a result, NetworkManager never stops trying to get or renew a lease from a DHCP server until it is successful.

To ensure a DHCP persistent behavior only during the lease renewal process, you can manually add a static IP to the IPADDR property in the /etc/sysconfig/network-scripts/ifcfg-device_name configuration file or by using nmcli:

~]$ nmcli connection modify enp1s0 ipv4.address 192.168.122.88/24

When an IP address lease expires, the static IP preserves the IP state as configured or partially configured - you can have an IP address, but you are not connected to the Internet.

1.4. InfiniBand and RDMA networks

For details about InfiniBand and Remote Direct Memory Access (RDMA) networks, see the Configuring InfiniBand and RDMA networks documentation.

1.5. Setting the wireless regulatory domain

In Red Hat Enterprise Linux, the crda package contains the Central Regulatory Domain Agent that provides the kernel with the wireless regulatory rules for a given jurisdiction. It is used by certain udev scripts and should not be run manually unless debugging udev scripts. The kernel runs crda by sending a udev event upon a new regulatory domain change. Regulatory domain changes are triggered by the Linux wireless subsystem (IEEE-802.11). This subsystem uses the regulatory.bin file to keep its regulatory database information.

The setregdomain utility sets the regulatory domain for your system. Setregdomain takes no arguments and is usually called through system script such as udev rather than manually by the administrator. If a country code look-up fails, the system administrator can define the COUNTRY environment variable in the /etc/sysconfig/regdomain file.

Additional resources

See the following man pages for more information about the regulatory domain:

  • setregdomain(1) man page — Sets regulatory domain based on country code.
  • crda(8) man page — Sends to the kernel a wireless regulatory domain for a given ISO or IEC 3166 alpha2.
  • regulatory.bin(5) man page — Shows the Linux wireless regulatory database.
  • iw(8) man page — Shows or manipulates wireless devices and their configuration.

1.6. Using network kernel tunables with sysctl

Using certain kernel tunables through the sysctl utility, you can adjust network configuration on a running system and directly affect the networking performance.

To change network settings, use the sysctl commands. For permanent changes that persist across system restarts, add lines to the /etc/sysctl.conf file.

To display a list of all available sysctl parameters, enter as root:

~]# sysctl -a

1.7. Managing data using the ncat utility

The ncat utility is a reliable back-end tool that provides network connectivity to other applications and users. It reads and writes data across the network from the command line, and uses the Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Stream Control Transmission Protocol (SCTP), or Unix sockets for communication. The ncat utility can handle both the IPv4 and IPv6 protocols, open connections, send packets, perform port scanning, and supports higher-level features such as TLS, and and connection broker.

Installing ncat

To install the ncat package, enter as root:

~]# yum install nmap-ncat
Brief selection of ncat use cases

Example 1.1. Enabling communication between a client and a server

  1. Set a client machine to listen for connections on TCP port 8080:

    ~]$ ncat -l 8080
  2. On a server machine, specify the IP address of the client and use the same port number:

    ~]$ ncat 10.0.11.60 8080

    You can send messages on either side of the connection and they appear on both local and remote machines.

  3. Press Ctrl+D to close the TCP connection.
Note

To check a UDP port, use the same nc commands with the –u option. For example:

~]$ ncat -u -l 8080

Example 1.2. Sending files

Instead of printing information on the screen, as mentioned in the previous example, you can send all information to a file. For example, to send a file over TCP port 8080 from a client to a server:

  1. On a client machine, to listen a specific port transferring a file to the server machine:

    ~]$  ncat -l 8080 > outputfile
  2. On a server machine, specify the IP address of the client, the port and the file which is to be transferred:

    ~]$  ncat -l 10.0.11.60 8080 < inputfile

After the file is transferred, the connection closes automatically.

Note

You can transfer a file in the other direction as well:

~]$  ncat -l 8080 < inputfile
~]$  ncat -l 10.0.11.60 8080 > outputfile

Example 1.3. Creating an HTTP proxy server

To create an HTTP proxy server on localhost port 8080:

~]$  ncat -l --proxy-type http localhost 8080

Example 1.4. Port scanning

To view which ports are open, use the –z option and specify a range of ports to scan:

~]$  ncat -z 10.0.11.60 80-90
    Connection to 192.168.0.1 80 port [tcp/http] succeeded!

Example 1.5. Setting up secure client-server communication using SSL

Set up SSL on a server:

~]$ ncat -e /bin/bash -k -l 8080 --ssl

On a client machine:

~]$ ncat --ssl 10.0.11.60 8080
Note

To ensure true confidentiality of the SSL connection, the server requires the --ssl-cert and --ssl-key options, and the client requires the --ssl-verify and --ssl-trustfile options.

Additional resources

For more examples, see the ncat(1) man page.