Chapter 9. Networking

This chapter lists the most notable changes to networking between RHEL 8 and RHEL 9.

9.1. Kernel

WireGuard VPN is available as a Technology Preview

WireGuard, which Red Hat provides as an unsupported Technology Preview, is a high-performance VPN solution that runs in the Linux kernel. It uses modern cryptography and is easier to configure than other VPN solutions. Additionally, the small code-basis of WireGuard reduces the surface for attacks and, therefore, improves the security.

For further details, see Setting up a WireGuard VPN.

9.2. Network Types

Network teams are deprecated

The teamd service and the libteam library are deprecated in Red Hat Enterprise Linux 9 and will be removed in the next major release. As a replacement, configure a bond instead of a network team.

For details about how to migrate a team to a bond, see Migrating a network team configuration to network bond.

9.3. NetworkManager

NetworkManager stores new network configurations in a key file format

Previously, NetworkManager stored new network configurations to /etc/sysconfig/network-scripts/ in the ifcfg format. Starting with RHEL 9.0, RHEL stores new network configurations at /etc/NetworkManager/system-connections/ in a key file format. The connections for which the configurations are stored to /etc/sysconfig/network-scripts/ in the old format still work uninterrupted. Modifications in existing profiles continue updating the older files.

9.4. Firewall

The ipset and iptables-nft packages have been deprecated

The ipset and iptables-nft packages have been deprecated in RHEL. The iptables-nft package contains different tools such as iptables, ip6tables, ebtables and arptables. These tools will no longer receive new features and using them for new deployments is not recommended. As a replacement, it is recommended to use the nft command line tool provided by the nftables package. Existing setups should migrate to nft when possible.

For more information on migrating to nftables, see Migrating from iptables to nftables and iptables-translate(8)/ip6tables-translate(8) man pages.

9.5. Removed functionality

RHEL 9 does not contain the legacy network scripts

RHEL 9 does not contain the network-scripts package that provided the deprecated legacy network scripts in RHEL 8. To configure network connections in RHEL 9, use NetworkManager. For details, see the Configuring and managing networking documentation.