Chapter 7. Managing networking in the web console

The RHEL 8 web console supports basic network configuration. You can:

  • Configure IPv4/IPv6 network settings
  • Manage Bonds
  • Manage network bridges
  • Manage VLANs
  • Manage Teams
  • Inspect a network log
Note

The RHEL 8 web console is build on top of the NetworkManager service.

For details, see Getting started with managing networking with NetworkManager.

Prerequisites

7.1. Configuring network bonds using the web console

This chapter helps you to understand how network bonding works and what all can configure in the web console. Additionally, you also find in this chapter the following guidelines:

  • Adding a new bond
  • Removing a bond
  • Adding interfaces to a bond
  • Removing interfaces from a bond

7.1.1. Understanding network bonding

Network bonding is a method to combine or aggregate network interfaces to provide a logical interface with higher throughput or redundancy.

The active-backup, balance-tlb, and balance-alb modes do not require any specific configuration of the network switch. However, other bonding modes require configuring the switch to aggregate the links. For example, Cisco switches requires EtherChannel for modes 0, 2, and 3, but for mode 4, the Link Aggregation Control Protocol (LACP) and EtherChannel are required.

For further details, see the documentation of your switch and https://www.kernel.org/doc/Documentation/networking/bonding.txt.

Important

Certain network bonding features, such as the fail-over mechanism, do not support direct cable connections without a network switch. For further details, see the Is bonding supported with direct connection using crossover cables? KCS solution.

7.1.2. Bond modes

The behavior of the bonded interfaces depends upon the mode. The bonding modes provide fault tolerance, load balancing or both.

Load balancing modes

  • Round Robin: Sequentially transmit packets from the first available interface to the last one.

Fault tolerance modes

  • Active Backup: Only when the primary interface fails, one of a backup interfaces replaces it. Only a MAC address used by active interface is visible.
  • Broadcast: All transmissions are sent on all interfaces.

    Note

    Broadcasting significantly increases network traffic on all the bonded interfaces.

Fault tolerance and load balancing modes

  • XOR: The destination MAC addresses are distributed equally between interfaces with a modulo hash. Each interface then serves the same group of MAC addresses.
  • 802.3ad: Sets an IEEE 802.3ad dynamic link aggregation policy. Creates aggregation groups that share the same speed and duplex settings. Transmits and receives on all interfaces in the active aggregator.

    Note

    This mode requires a switch that is 802.3ad compliant.

  • Adaptive transmit load balancing: The outgoing traffic is distributed according to the current load on each interface. Incoming traffic is received by the current interface. If the receiving interface fails, another interface takes over the MAC address of the failed one.
  • Adaptive load balancing: Includes transmit and receive load balancing for IPv4 traffic.

    Receive load balancing is achieved through Address Resolution Protocol (ARP) negotiation, therefore, it is necessary to set Link Monitoring to ARP in the bond’s configuration.

7.1.3. Adding a new bond using the web console

This section describes how to configure an active-backup bond on two or more network interfaces using the web console.

Other network bond modes can be configured similarly.

Prerequisites

  • Two or more network cards are installed in the server.
  • The network cards are connected to a switch.

Procedure

  1. Log in to the web console.

    For details, see Logging in to the web console.

  2. Open Networking.
  3. Click the Add Bond button.
  4. In the Bond Settings dialog box, enter a name for the new bond.
  5. In the Members field, select interfaces which should be a member of the bond.
  6. [Optional] In the MAC drop down list, select a MAC address which will be used for this interface.

    If you leave the MAC field empty, the bond will get one of the addresses that are listed in the drop down list.

  7. In the Mode drop down list, select the mode.

    For details, see Section 7.1.2, “Bond modes”.

  8. If you select Active Backup, select the primary interface.

    cockpit bond backup

  9. In the Link Monitoring drop down menu, leave here the MII option.

    Only the adaptive load balancing mode requires to switch this option to ARP.

  10. The Monitoring Interval, Link up delay, and Link down delay fields, which contain values in milliseconds, leave as they are. Change it only for a troubleshooting purpose.
  11. Click Apply.

    cockpit bond add

To verify that the bond works correctly, go to the Networking section and check if the Sending and Receiving columns in the Interfaces table display a network activity.

cockpit bond added

7.1.4. Adding interfaces to the bond using the web console

Network bonds can include multiple interfaces and you can add or remove any of them any time.

This section describes adding a network interface to an existing bond.

Prerequisites

Procedure

  1. Log in to the web console.

    For details, see Logging in to the web console.

  2. Open Networking.
  3. In the Interfaces table, click on the bond you want to configure.
  4. In the bond settings screen, scroll down to the table of members (interfaces).
  5. Click the + icon.
  6. Select the interface in the drop down list and click it.

    cockpit bond add interface

The RHEL 8 web console adds the interface to the bond.

7.1.5. Removing or disabling an interface from the bond using the web console

Network bonds can include multiple interfaces. If you need to change a device, you can remove or disable particular interfaces from the bond, which will work with the rest of the active interfaces.

Basically, you have two options, how to stop using an interface included in a bond. You can:

  • Remove the interface from the bond.
  • Disable the interface temporarily. The interface stays a part of the bond, but the bond will not use it until you enable it again.

Prerequisites

Procedure

  1. Log in to the RHEL web console.

    For details, see Logging in to the web console.

  2. Open Networking.
  3. Click the bond you want to configure.
  4. In the bond settings screen, scroll down to the table of ports (interfaces).
  5. Select the interface and and remove or disable it:

    • Click the - icon to remove the interface.
    • Switch the ON/OFF button to Off.

    cockpit bond remove interface

Based on your choice, the web console either removes or disables the interface from the bond and you can see it back in the Networking section as standalone interface.

7.1.6. Removing or disabling a bond using the web console

This section describes how to remove or disable a network bond using the web console. If you disable the bond, the interfaces stay in the bond, but the bond will not be used for network traffic.

Prerequisites

  • There is an existing bond in the web console.

Procedure

  1. Log in to the web console.

    For details, see Logging in to the web console.

  2. Open Networking.
  3. Click the bond you want to remove.
  4. In the bond settings screen, you can disable the bond with the ON/OFF button or click the Delete button to remove the bond permanently.

    cockpit bond remove

You can go back to Networking and verify that all the interfaces from the bond are now standalone interfaces.

7.2. Configuring network bridges in the web console

Network bridges are used to connect multiple interfaces to the one subnet with the same range of IP addresses.

7.2.1. Adding bridges in the web console

This section describes creating a software bridge on multiple network interfaces using the web console.

Procedure

  1. Log in to the RHEL web console.

    For details, see Logging in to the web console.

  2. Open Networking.
  3. Click the Add Bridge button.

    cockpit add bridge

  4. In the Bridge Settings dialog box, enter a name for the new bridge.
  5. In the Port field, select interfaces which you want to put to the one subnet.
  6. Optionally, you can select the Spanning Tree protocol (STP) to avoid bridge loops and broadcast radiation.

    If you do not have a strong preference, leave the predefined values as they are.

    cockpit bridge add interfaces

  7. Click Create.

If the bridge is successfully created, the web console displays the new bridge in the Networking section. Check values in the Sending and Receiving columns in the new bridge row.

cockpit bridge interface

If you can see that zero bytes are sent and received through the bridge, the connection does not work correctly and you need to adjust the network settings.

7.2.2. Configuring a static IP address in the web console

IP address for your system can be assigned from the pool automatically by the DHCP server or you can configure the IP address manually. The IP address will not be influenced by the DHCP server settings.

This section describes configuring static IPv4 addresses of a network bridge using the RHEL web console.

Procedure

  1. Log in to the RHEL web console.

    For details, see Logging in to the web console.

  2. Open the Networking section.
  3. Click the interface where you want to set the static IP address.

    cockpit network interfaces

  4. In the interface details screen, click the IPv4 configuration.

    cockpit ipv4

  5. In the IPv4 Settings dialog box, select Manual in the Addresses drop down list.

    cockpit ipv4 settings

  6. Click Apply.
  7. In the Addresses field, enter the desired IP address, netmask and gateway.

    cockpit ipv4 settings addresses

  8. Click Apply.

At this point, the IP address has been configured and the interface uses the new static IP address.

cockpit ipv4 settings static

7.2.3. Removing interfaces from the bridge using the web console

Network bridges can include multiple interfaces. You can remove them from the bridge. Each removed interface will be automatically changed to the standalone interface.

This section describes removing a network interface from a software bridge created in the RHEL 8 system.

Prerequisites

  • Having a bridge with multiple interfaces in your system.

Procedure

  1. Log in to the RHEL web console.

    For details, see Logging in to the web console.

  2. Open Networking.
  3. Click the bridge you want to configure.

    cockpit network interfaces

  4. In the bridge settings screen, scroll down to the table of ports (interfaces).

    cockpit bridge remove interface

  5. Select the interface and click the - icon.

The RHEL 8 web console removes the interface from the bridge and you can see it back in the Networking section as standalone interface.

7.2.4. Deleting bridges in the web console

You can delete a software network bridge in the RHEL web console. All network interfaces included in the bridge will be changed automatically to standalone interfaces.

Prerequisites

  • Having a bridge in your system.

Procedure

  1. Log in to the RHEL web console.

    For details, see Logging in to the web console.

  2. Open the Networking section.
  3. Click the bridge you want to configure.

    cockpit network interfaces

  4. In the bridge settings screen, scroll down to the table of ports.

    cockpit bridge remove interface

  5. Click Delete.

At this stage, go back to Networking and verify that all the network interfaces are displayed on the Interfaces tab. Interfaces which were part of the bridge can be inactive now. Therefore, you may need to activate them and set network parameters manually.

cockpit bridge delete settings

7.3. Configuring VLANs in the web console

VLANs (Virtual LANs) are virtual networks created on a single physical Ethernet interface.

Each VLAN is defined by an ID which represents a unique positive integer and works as a standalone interface.

The following procedure describes creating VLANs in the RHEL web console.

Prerequisites

  • Having a network interface in your system.

Procedure

  1. Log in to the RHEL web console.

    For details, see Logging in to the web console.

  2. Open Networking.
  3. Click Add VLAN button.

    cockpit add vlan

  4. In the VLAN Settings dialog box, select the physical interface for which you want to create a VLAN.
  5. Enter the VLAN Id or just use the predefined number.
  6. In the Name field, you can see a predefined name consisted of the parent interface and VLAN Id. If it is not necessary, leave the name as it is.

    cockpit vlan settings

  7. Click Apply.

The new VLAN has been created and you need to click at the VLAN and configure the network settings.

cockpit vlans

7.4. Configuring the web console listening port

Following sections provide information on how to:

  • Allow a new port with if you have active SELinux.
  • Allow a new port on a firewall in the web console.
  • Change the web console port.

7.4.1. Allowing a new port on a system with active SELinux

This procedure enables the web console to listen on a selected port.

Prerequisites

Procedure

  • For ports that are not defined by any other part of SELinux, run:

    $ sudo semanage port -a -t websm_port_t -p tcp PORT_NUMBER
  • For ports that already are defined by other part of SELinux, run:

    $ sudo semanage port -m -t websm_port_t -p tcp PORT_NUMBER

The changes should take effect immediately.

7.4.2. Allowing a new port on a system with firewalld

This procedure enables the web console to receive connections on a new port.

Prerequisites

  • The web console must be installed and accessible. For details, see Installing the web console.
  • The firewalld service must be running.

Procedure

  1. To add a new port number, run the following command:

    $ sudo firewall-cmd --permanent --service cockpit --add-port=PORT_NUMBER/tcp
  2. To remove the old port number from the cockpit service, run:

    $ sudo firewall-cmd --permanent --service cockpit --remove-port=OLD_PORT_NUMBER/tcp
Important

If you only run the firewall-cmd --service cockpit --add-port=PORT_NUMBER/tcp without the --permanent option, your change will be canceled with the next reload of firewalld or a system reboot.

7.4.3. Changing the web console port

The following procedure shows how to change default transmission control protocol (TCP) on port 9090 to a different one.

Prerequisites

Procedure

  1. Change the listening port with one of the following methods:

    1. Using the systemctl edit cockpit.socket command:

      1. Run the following command:

        $ sudo systemctl edit cockpit.socket

        This will open the /etc/systemd/system/cockpit.socket.d/override.conf file.

      2. Modify the content of override.conf or add a new content in the following format:

        [Socket]
        ListenStream=
        ListenStream=PORT_NUMBER
    2. Alternatively, add the above mentioned content to the /etc/systemd/system/cockpit.socket.d/listen.conf file.

      Create the cockpit.socket.d. directory and the listen.conf file if they do not exist yet.

  2. Run the following commands for changes to take effect:

    $ sudo systemctl daemon-reload
    $ sudo systemctl restart cockpit.socket

    If you used systemctl edit cockpit.socket in the previous step, running systemctl daemon-reload is not necessary.

Verification steps

  • To verify that the change was successful, try to connect to the web console with the new port.