Chapter 7. Managing networking in the web console

The RHEL 8 web console supports basic network configuration. You can:

  • Configure IPv4/IPv6 network settings
  • Manage Bonds
  • Manage network bridges
  • Manage VLANs
  • Manage Teams
  • Inspect a network log
Note

The RHEL 8 web console is build on top of the NetworkManager service.

For details, see Getting started with NetworkManager for managing networking.

Prerequisites

7.1. Configuring network bonds using the web console

This chapter helps you to understand how network bonding works and what all can configure in the web console. Additionally, you also find in this chapter the following guidelines:

  • Adding a new bond
  • Removing a bond
  • Adding interfaces to a bond
  • Removing interfaces from a bond

7.1.1. Understanding network bonding

Network bonding is a method to combine or aggregate network interfaces to provide a logical interface with higher throughput or redundancy.

The active-backup, balance-tlb, and balance-alb modes do not require any specific configuration of the network switch. However, other bonding modes require configuring the switch to aggregate the links. For example, Cisco switches requires EtherChannel for modes 0, 2, and 3, but for mode 4, the Link Aggregation Control Protocol (LACP) and EtherChannel are required.

For further details, see the documentation of your switch and https://www.kernel.org/doc/Documentation/networking/bonding.txt.

Important

Certain network bonding features, such as the fail-over mechanism, do not support direct cable connections without a network switch. For further details, see the Is bonding supported with direct connection using crossover cables? KCS solution.

7.1.2. Bond modes

The behavior of the bonded interfaces depends upon the mode. The bonding modes provide fault tolerance, load balancing or both.

Load balancing modes

  • Round Robin: Sequentially transmit packets from the first available interface to the last one.

Fault tolerance modes

  • Active Backup: Only when the primary interface fails, one of a backup interfaces replaces it. Only a MAC address used by active interface is visible.
  • Broadcast: All transmissions are sent on all interfaces.

    Note

    Broadcasting significantly increases network traffic on all the bonded interfaces.

Fault tolerance and load balancing modes

  • XOR: The destination MAC addresses are distributed equally between interfaces with a modulo hash. Each interface then serves the same group of MAC addresses.
  • 802.3ad: Sets an IEEE 802.3ad dynamic link aggregation policy. Creates aggregation groups that share the same speed and duplex settings. Transmits and receives on all interfaces in the active aggregator.

    Note

    This mode requires a switch that is 802.3ad compliant.

  • Adaptive transmit load balancing: The outgoing traffic is distributed according to the current load on each interface. Incoming traffic is received by the current interface. If the receiving interface fails, another interface takes over the MAC address of the failed one.
  • Adaptive load balancing: Includes transmit and receive load balancing for IPv4 traffic.

    Receive load balancing is achieved through Address Resolution Protocol (ARP) negotiation, therefore, it is necessary to set Link Monitoring to ARP in the bond’s configuration.

7.1.3. Adding a new bond using the web console

This section describes how to configure an active-backup bond on two or more network interfaces using the web console.

Other network bond modes can be configured similarly.

Prerequisites

  • Two or more network cards are installed in the server.
  • The network cards are connected to a switch.

Procedure

  1. Log in to the web console.

    For details, see Logging in to the web console.

  2. Open Networking.
  3. Click the Add Bond button.
  4. In the Bond Settings dialog box, enter a name for the new bond.
  5. In the Members field, select interfaces which should be a member of the bond.
  6. [Optional] In the MAC drop down list, select a MAC address which will be used for this interface.

    If you leave the MAC field empty, the bond will get one of the addresses that are listed in the drop down list.

  7. In the Mode drop down list, select the mode.

    For details, see Section 7.1.2, “Bond modes”.

  8. If you select Active Backup, select the primary interface.

    cockpit bond backup

  9. In the Link Monitoring drop down menu, leave here the MII option.

    Only the adaptive load balancing mode requires to switch this option to ARP.

  10. The Monitoring Interval, Link up delay, and Link down delay fields, which contain values in milliseconds, leave as they are. Change it only for a troubleshooting purpose.
  11. Click Apply.

    cockpit bond add

To verify that the bond works correctly, go to the Networking section and check if the Sending and Receiving columns in the Interfaces table display a network activity.

cockpit bond added

7.1.4. Adding interfaces to the bond using the web console

Network bonds can include multiple interfaces and you can add or remove any of them any time.

This section describes adding a network interface to an existing bond.

Prerequisites

Procedure

  1. Log in to the web console.

    For details, see Logging in to the web console.

  2. Open Networking.
  3. In the Interfaces table, click on the bond you want to configure.
  4. In the bond settings screen, scroll down to the table of members (interfaces).
  5. Click the + icon.
  6. Select the interface in the drop down list and click it.

    cockpit bond add interface

The RHEL 8 web console adds the interface to the bond.

7.1.5. Removing or disabling an interface from the bond using the web console

Network bonds can include multiple interfaces. If you need to change a device, you can remove or disable particular interfaces from the bond, which will work with the rest of the active interfaces.

Basically, you have two options, how to stop using an interface included in a bond. You can:

  • Remove the interface from the bond.
  • Disable the interface temporarily. The interface stays a part of the bond, but the bond will not use it until you enable it again.

Prerequisites

Procedure

  1. Log in to the RHEL web console.

    For details, see Logging in to the web console.

  2. Open Networking.
  3. Click the bond you want to configure.
  4. In the bond settings screen, scroll down to the table of ports (interfaces).
  5. Select the interface and and remove or disable it:

    • Click the - icon to remove the interface.
    • Switch the ON/OFF button to Off.

    cockpit bond remove interface

Based on your choice, the web console either removes or disables the interface from the bond and you can see it back in the Networking section as standalone interface.

7.1.6. Removing or disabling a bond using the web console

This section describes how to remove or disable a network bond using the web console. If you disable the bond, the interfaces stay in the bond, but the bond will not be used for network traffic.

Prerequisites

  • There is an existing bond in the web console.

Procedure

  1. Log in to the web console.

    For details, see Logging in to the web console.

  2. Open Networking.
  3. Click the bond you want to remove.
  4. In the bond settings screen, you can disable the bond with the ON/OFF button or click the Delete button to remove the bond permanently.

    cockpit bond remove

You can go back to Networking and verify that all the interfaces from the bond are now standalone interfaces.

7.2. Configuring network teams using the web console

This section describes how network bonding works, what are the differences between network teams and network bonds, and what are the possibilities of configuration in the web console. Additionally you can find guidelines for:

  • Adding a new network team
  • Adding new interfaces to an existing network team
  • Removing interfaces from an existing network team
  • Removing a network team

7.2.1. Understanding network teaming

Network teaming is a feature that combines or aggregates network interfaces to provide a logical interface with higher throughput or redundancy.

Network teaming uses a kernel driver to implement fast handling of packet flows, as well as user-space libraries and services for other tasks. This way, network teaming is an easily extensible and scalable solution for load-balancing and redundancy requirements.

Note that in the context of network teaming, the term port is also known as slave. In the teamd service, the term port is preferred while in the NetworkManager service, the term slave refers to interfaces which create a team.

Important

Certain network teaming features, such as the fail-over mechanism, do not support direct cable connections without a network switch. For further details, see Is bonding supported with direct connection using crossover cables?

7.2.2. Comparison of network teaming and bonding features

The following table compares features supported in network teams and network bonds:

FeatureNetwork bondNetwork team

Broadcast Tx policy

Yes

Yes

Round-robin Tx policy

Yes

Yes

Active-backup Tx policy

Yes

Yes

LACP (802.3ad) support

Yes (active only)

Yes

Hash-based Tx policy

Yes

Yes

User can set hash function

No

Yes

Tx load-balancing support (TLB)

Yes

Yes

LACP hash port select

Yes

Yes

Load-balancing for LACP support

No

Yes

Ethtool link monitoring

Yes

Yes

ARP link monitoring

Yes

Yes

NS/NA (IPv6) link monitoring

No

Yes

Ports up/down delays

Yes

Yes

Port priorities and stickiness (“primary” option enhancement)

No

Yes

Separate per-port link monitoring setup

No

Yes

Multiple link monitoring setup

Limited

Yes

Lockless Tx/Rx path

No (rwlock)

Yes (RCU)

VLAN support

Yes

Yes

User-space runtime control

Limited

Yes

Logic in user-space

No

Yes

Extensibility

Hard

Easy

Modular design

No

Yes

Performance overhead

Low

Very low

D-Bus interface

No

Yes

Multiple device stacking

Yes

Yes

Zero config using LLDP

No

(in planning)

NetworkManager support

Yes

Yes

7.2.3. Adding a new team using the web console

This procedure describes how to configure a new active backup network team on two or more network interfaces using the web console.

Prerequisites

  • Two or more network cards installed on the server.
  • The network cards are connected to a switch.

Procedure

  1. Log in to the web console.

    For details, see Logging in to the web console

  2. Go to the Networking tab.
  3. Click the Add Team button.
  4. In the Team Settings area, configure parameters for the new team:

    1. Add a name for your team device to the Name field.
    2. In the Ports field, select all network interfaces you want to add to the team.
    3. In the Runner drop down menu, select the runner.
    4. In the Link Watch drop down menu select a link watcher.

      1. If you select Ethtool, additionally, set a link up delay and a link down delay.
      2. If you select ARP Ping or NSNA Ping, additionally, set a ping interval and ping target.
  5. Click Apply

    cockpit network team settings

Verification steps

  1. Go to the Networking tab and check if the Sending and Receiving columns in the Interfaces table display a network activity.

    cockpit network team activity

Additional resources

7.2.4. Adding new interfaces to the team using the web console

Network teams can include multiple interfaces and it is possible to add or remove any of them at any time. The following section describes how to add a new network interface to an existing team.

Prerequisites

  • A network team with is configured.

Procedure

  1. Log in to the web console.

    For details, see Logging in to the web console.

  2. Switch to the Networking tab.
  3. In the Interfaces table, click on the team you want to configure.
  4. In the team settings window, scroll down to the Ports table.
  5. Click on the + icon.
  6. Select the interface you wish to add from the drop down list.

    cockpit network team add interface

The RHEL 8 web console adds the interface to the team.

7.2.5. Removing or disabling an interface from the team using the web console

Network teams can include multiple interfaces. If you need to change a device, you can remove or disable particular interfaces from the network team, which will work together with the rest of active interfaces.

There are two options how to stop using an inerface included in a team:

  • Removing the interface from the team
  • Temporarily disabling the interface. The interface then stays a part of the team, but the team will not use it until you enable it again.

Prerequisites

  • A network team with multiple interfaces exists on the host.

Procedure

  1. Log in to the RHEL web console.

    For details, see Logging in to the web console.

  2. Switch to the Networking tab.
  3. Click the team you want to configure.
  4. In the team settings window, scroll down to the table of ports (interfaces).
  5. Select an interface and remove or disable it.

    1. Switch the ON/OFF button to Off to disable the interface.
    2. Click the - icon to remove the interface.

    cockpit team remove interface

Based on your choice, the web console either removes or disables the interface. If you remove the interface, it will be available in Networking as a standalone interface.

7.2.6. Removing or disabling a team using the web console

This section describes how to remove or disable a network team using the web console. If you only disable the team, interfaces in the team will stay in it but the team will not be used for network traffic.

Prerequisites

  • A network team is configured on the host.

Procedure

  1. Log in to the web console.

    For details, see Logging in to the web console.

  2. Switch to the Networking tab.
  3. Click the team you wish to remove or disable.
  4. Remove or disable the selected team.

    1. You can remove the team by clicking the Delete button.
    2. You can disable the team by moving the ON/OFF switch to a disabled position.

      cockpit team remove

Verification steps

  • If you removed the team, go to Networking, and verify that all the interfaces from your team are now listed as standalone interfaces.

7.3. Configuring network bridges in the web console

Network bridges are used to connect multiple interfaces to the one subnet with the same range of IP addresses.

7.3.1. Adding bridges in the web console

This section describes creating a software bridge on multiple network interfaces using the web console.

Procedure

  1. Log in to the RHEL web console.

    For details, see Logging in to the web console.

  2. Open Networking.
  3. Click the Add Bridge button.

    cockpit add bridge

  4. In the Bridge Settings dialog box, enter a name for the new bridge.
  5. In the Port field, select interfaces which you want to put to the one subnet.
  6. Optionally, you can select the Spanning Tree protocol (STP) to avoid bridge loops and broadcast radiation.

    If you do not have a strong preference, leave the predefined values as they are.

    cockpit bridge add interfaces

  7. Click Create.

If the bridge is successfully created, the web console displays the new bridge in the Networking section. Check values in the Sending and Receiving columns in the new bridge row.

cockpit bridge interface

If you can see that zero bytes are sent and received through the bridge, the connection does not work correctly and you need to adjust the network settings.

7.3.2. Configuring a static IP address in the web console

IP address for your system can be assigned from the pool automatically by the DHCP server or you can configure the IP address manually. The IP address will not be influenced by the DHCP server settings.

This section describes configuring static IPv4 addresses of a network bridge using the RHEL web console.

Procedure

  1. Log in to the RHEL web console.

    For details, see Logging in to the web console.

  2. Open the Networking section.
  3. Click the interface where you want to set the static IP address.

    cockpit network interfaces

  4. In the interface details screen, click the IPv4 configuration.

    cockpit ipv4

  5. In the IPv4 Settings dialog box, select Manual in the Addresses drop down list.

    cockpit ipv4 settings

  6. Click Apply.
  7. In the Addresses field, enter the desired IP address, netmask and gateway.

    cockpit ipv4 settings addresses

  8. Click Apply.

At this point, the IP address has been configured and the interface uses the new static IP address.

cockpit ipv4 settings static

7.3.3. Removing interfaces from the bridge using the web console

Network bridges can include multiple interfaces. You can remove them from the bridge. Each removed interface will be automatically changed to the standalone interface.

This section describes removing a network interface from a software bridge created in the RHEL 8 system.

Prerequisites

  • Having a bridge with multiple interfaces in your system.

Procedure

  1. Log in to the RHEL web console.

    For details, see Logging in to the web console.

  2. Open Networking.
  3. Click the bridge you want to configure.

    cockpit network interfaces

  4. In the bridge settings screen, scroll down to the table of ports (interfaces).

    cockpit bridge remove interface

  5. Select the interface and click the - icon.

The RHEL 8 web console removes the interface from the bridge and you can see it back in the Networking section as standalone interface.

7.3.4. Deleting bridges in the web console

You can delete a software network bridge in the RHEL web console. All network interfaces included in the bridge will be changed automatically to standalone interfaces.

Prerequisites

  • Having a bridge in your system.

Procedure

  1. Log in to the RHEL web console.

    For details, see Logging in to the web console.

  2. Open the Networking section.
  3. Click the bridge you want to configure.

    cockpit network interfaces

  4. In the bridge settings screen, scroll down to the table of ports.

    cockpit bridge remove interface

  5. Click Delete.

At this stage, go back to Networking and verify that all the network interfaces are displayed on the Interfaces tab. Interfaces which were part of the bridge can be inactive now. Therefore, you may need to activate them and set network parameters manually.

cockpit bridge delete settings

7.4. Configuring VLANs in the web console

VLANs (Virtual LANs) are virtual networks created on a single physical Ethernet interface.

Each VLAN is defined by an ID which represents a unique positive integer and works as a standalone interface.

The following procedure describes creating VLANs in the RHEL web console.

Prerequisites

  • Having a network interface in your system.

Procedure

  1. Log in to the RHEL web console.

    For details, see Logging in to the web console.

  2. Open Networking.
  3. Click Add VLAN button.

    cockpit add vlan

  4. In the VLAN Settings dialog box, select the physical interface for which you want to create a VLAN.
  5. Enter the VLAN Id or just use the predefined number.
  6. In the Name field, you can see a predefined name consisted of the parent interface and VLAN Id. If it is not necessary, leave the name as it is.

    cockpit vlan settings

  7. Click Apply.

The new VLAN has been created and you need to click at the VLAN and configure the network settings.

cockpit vlans

7.5. Configuring the web console listening port

Following sections provide information on how to:

  • Allow a new port with if you have active SELinux.
  • Allow a new port on a firewall in the web console.
  • Change the web console port.

7.5.1. Allowing a new port on a system with active SELinux

This procedure enables the web console to listen on a selected port.

Prerequisites

Procedure

  • For ports that are not defined by any other part of SELinux, run:

    $ sudo semanage port -a -t websm_port_t -p tcp PORT_NUMBER
  • For ports that already are defined by other part of SELinux, run:

    $ sudo semanage port -m -t websm_port_t -p tcp PORT_NUMBER

The changes should take effect immediately.

7.5.2. Allowing a new port on a system with firewalld

This procedure enables the web console to receive connections on a new port.

Prerequisites

  • The web console must be installed and accessible. For details, see Installing the web console.
  • The firewalld service must be running.

Procedure

  1. To add a new port number, run the following command:

    $ sudo firewall-cmd --permanent --service cockpit --add-port=PORT_NUMBER/tcp
  2. To remove the old port number from the cockpit service, run:

    $ sudo firewall-cmd --permanent --service cockpit --remove-port=OLD_PORT_NUMBER/tcp
Important

If you only run the firewall-cmd --service cockpit --add-port=PORT_NUMBER/tcp without the --permanent option, your change will be canceled with the next reload of firewalld or a system reboot.

7.5.3. Changing the web console port

The following procedure shows how to change default transmission control protocol (TCP) on port 9090 to a different one.

Prerequisites

Procedure

  1. Change the listening port with one of the following methods:

    1. Using the systemctl edit cockpit.socket command:

      1. Run the following command:

        $ sudo systemctl edit cockpit.socket

        This will open the /etc/systemd/system/cockpit.socket.d/override.conf file.

      2. Modify the content of override.conf or add a new content in the following format:

        [Socket]
        ListenStream=
        ListenStream=PORT_NUMBER
    2. Alternatively, add the above mentioned content to the /etc/systemd/system/cockpit.socket.d/listen.conf file.

      Create the cockpit.socket.d. directory and the listen.conf file if they do not exist yet.

  2. Run the following commands for changes to take effect:

    $ sudo systemctl daemon-reload
    $ sudo systemctl restart cockpit.socket

    If you used systemctl edit cockpit.socket in the previous step, running systemctl daemon-reload is not necessary.

Verification steps

  • To verify that the change was successful, try to connect to the web console with the new port.