Chapter 8. Configuring Networking
What does the nmcli networking connectivity command do?
Get's the network connectivity state. If the state is full, the host is connected to the a network and has full access to the Internet.
What does the nmcli dev status command do?
Lists all devices Use nmcli dev show <devicename> to show settings for a specific device.
What does the hostnamectl command do?
May be used to query and change the system hostname and related settings.
*Note, when using the ping utility, you can set the number of pings that you do: ping -c [#] <ip/orhostname>
example:
In RHEL there's a difference between a device and a connection:
A device is a network interface card A connection is the configuration that is used on a device
*Warning
In earlier versions of Linux and some Unix-Like operating systems, the ifconfig utility was and is used for validating network configuration. Don't use this utility on modern Linux distributions. Because Linux has become and important player in cloud computing, networking has evolved a lot to match cloud computing requirements, and many new features have been added to Linux networking. With the ifconfig utility, you can't manage or validate thses concepts.
What does the nmcli command do?
The command-line tool for controlling NetworkManager. nmcli is a command-line tool for controlling NetworkManager and reporting network status. nmcli is used to create, display, edit, delete, activate, and deactivate network connections, as well as control display network device status.
The set of all names used with DNS constitues the DNS name space. This space is partitioned hierarchically and is case sensitive, similar to computer file system folders (directories) and files.
The current DNS name space is a tree of domains with an unnamed root at the top. The top echelons of the tree are called the top-level domains (TLDs) There are many kinds of TLDs such as generic TLDs(gTLD), country-code TLDs(ccTLD), and internationalized country-code TLDs (IDN ccTLDs). These form the top levels of a naming tree
Private network classes:
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
Network card names follow a naming convention:
*Ethernet interfaces begin with en, WLAN interfaces wl, and WWAN interface ww. *The next part of the name represents the type of adapter. An o is used onboard, s for hotplug slot, and p is for a PCI location. Admins can also use x to create a device name that is based on the MAC address of the network card. *Then follows a number, which is used to represent an index, ID, or port *If the fixed name can't be determined, traditional names such as etho are used.
netstat options
-a : lists out all current connections, including tcp, udp, and Unix protocols. Shows both listening and non-listening (for TCP this means established connections) sockets. With the --interfaces option, show interfaces that are not up. -t: lists tcp sockets -u: lists udp sockets -p: shows the PID and name of the program to which each socket belongs.
ss options
-l : displays only listening sockets (these are omitted by default) -r: resolve numeric address/ports
What is a loopback interface?
A loopback interface can be considered stable once you enable it, it will remain up until you shut it down. This makes loopback interfaces ideal for assigning Layer 3 addresses such as IP address to when you want to have a single address to use as a reference that is independent of the status of any of the physical interfaces in the networking device. It's a virtual interface
The examples that we've seen so far are known as fully qualified domain names (FQDNs). They are sometimes written more formally with a trailing period (www.mit.edu.). This trailing period indicates that the name is complete; no additional information should be added to the name when performing a name resolution.
An unqualified domain name, which is used in combination with a default domain or domain search list set during system configuration, has one or more strings appended to the end. When a system is configured, it is typically assigned a default domain extension and a search list using DHCP. For example, the default domain at cs.berkeley.edu might be configured in systems at the computer science department at UC Berkeley. If a user on one of these machines types in the name justina, the local resolver software converts this name to the FQDN justina.cs.berkeley.edu. before invoking a resolver to determine justina's IP address.
What is a listening socket?
The socket is listening for incoming connections. Such sockets are not included in the output unless you specify the --listening (-l) or --all (-a) option. q
What does the command ip route show do?
Displays the default gateway Next you see lines that identify the local connected networks. When booting, an entry is added for aeach local network as well, and in this example, this applies to the networks 192.198.1.0/24 and 192.168.122.0/24. These routes are automatically generated and do not need to be managed.
*DNS
Domain Name System When accessing a website or sending email, your computer uses a DNS server to look up the domain name you're trying to access. The proper term for this process is DNS name resolution, and you would say that the DNS server resolves the domain name to the IP address.
What is a DNS cache?
DNS cache refers to the temporary storage of information about previous DNS lookups on a machine's OS or web browser. Keeping a local copy of a DNS lookup allows your OS or browser to quickly retrieve it and thus a website's URL can be resolved to its corresponding IP much more efficiently. DNS caching doesn't only occur at the OS and browser level. In fact, a DNS lookup involves various steps. During a new DNS lookup, the lookup passes through the resolver, root server, and the TLD server. At each step, information is gathered and cached for later use. Therefore, even if the local DNS cache is empty, the resolver may have a cached copy of the required information thus, avoiding the need to go through the complete DNS lookup process.
Zone information is supposed to exist in at least two physical places, implying that there should be at least two servers containing information for each zone. This is for redundancy. All of these server contain identical information about a zone. Typically, among the servers, a primary server contains the zone database in a disk file, and one or more secondary servers obtain copies of the database in its entirety from the primary using a process called a zone transfer.
DNS has a special protocol from performing zone transfers, but copies of a zone's contents can also be obtained using other means (e.g the r sync utility).
What does the ip address show command do?
Display current network address configuration on the system The command can be shorted to: ip addr ip address show ip a s ip a
What does the nm-connection-editor command do?
Displays a connection editor but this interface offers a relative restricted option set.
What is DNS caching?
Each DNS record ( e.g, name-to-IP address mapping) has its own TTL that controls how long it can be cached. These values are set and altered by the zone administrator when necessary. The TTL dictates how long a mapping can be cached anywhere within DNS, so if a zone changes, there may exist cached data within the network, potentially leading to incorrect DNS resolution until expiry of the TTL. For this reason, some zone admins, anticipating a change to the zone contents, first reduce the TTL before implementing the change. Doing so reduces the window for incorrect cached data to be present in the network.
What is FQDN?
Fully Qualified Domain Name The FQDN is the complete domain name for a specified computer, or host, on the internet. The FQDN consists of two parts: the hostname and the domain name. For example, an FQDN for a hypothetical mail server might be mymail.somecollege.edu. The hostname is mymail, and the host located within the domain somecollege.edu. In this example, .edu is the top-level domain (TLD). This is similar to the root directory on a typical workstation, where all other directories (or folders) originate. Here's the breakdown: [hostname].[domain].[tld]. *tld = Top Level Domain In some cases a subdomain can also be included as well. Like any other domain name, we read it from right to left. *You can think of a FQDN as an address. The goal of this address is to designate the location within the DNS system. With a FQDN the location of a website or other online entity has its own unique identifier and location.
Internet Protocol addresses are cumbersome for humans to use and remember, so the Internet supports the use of host names to identify hosts, both clients and servers.
In order to be used by protocols such as TCP and IP, host names are converted into IP addresses using a process known as name resolution. There are different forms of name resolution in the Internet, but the most prevalent and important one uses a distributed database system known as the Domain Name System (DNS). DNS runs as an application on the Internet, using IPv4 or IPv6 (or both) For scalability, DNS names are hierarchical, as are the servers that support name resolution.
Where does cache take place?
In some network configuraitons (e.g. those using older UNIX-compatible systems), the cache is maintained in a nearby name server, not in the resolvers resident in the clients. Placing the cache in the server allows any hosts on the LAN that use nearby server to benefit from the server's cache but implies a small delay in accessing the cache over the local network. in Windows and more recent systems (Linux), the client can maintain a cache, and it is made available to all applications running on the same system. In Windows, this happens by default, and in Linux, it is a service that can be enabled or disabled.
*If you don't like making modifications to the network configurations with nmcli or nmtui, you can directly edit the connections in /etc/sysconfig/network-scripts
Make sure to use the nmcli con up to active the new connection
What is the ss command?
The ss command is a tool used to dump socket statistics and displays information in similar fashion (although simpler and faster) to netstat. The ss command can also display even more TCP and state information than most other tools. The ss command-line utility can display stats for the likes of PACKET, TCP, UDP, DCCP, RAW, and Unix domain sockets.
*To set up networking on a server, you server needs a unique address on the network. For this purpose, IP (Internet Protocol) addresses are used.
There are two IP protocols that are relevant: IPv4 - 32 bit, 4 octets in dotted decimal notation. IPv6 - 128 bits, 8 octets that uses hexadecimal notation.
What is the nmtui command?
Text User Interface for controlling NetworkManager nmtui is a curses-based TUI application for interacting with NetworkManager. When starting nmtui, the user is prompted to choose the activity to perform unless it was specified as the first argument.
Every connection that you create is stored as a configuration file in the directory /etc/sysconfig/network-scripts.
The name of the configuration files starts with ifcfg- and is followed by the name of the network interface.
*Because hostnames are used to access servers and the services they're offering, it is important to know how to set the system hostname. A hostname typically consists of different parts. These are the name of the host and the DNS domain in which the host resides.
These two parts together make up for the fully qualified domain name (FQDN), which looks like server1.example.com. It is good practice to always specify an FQDN, and not just the hostname, because the FQDN provides a unique identity on the Internet.
ip utility
To verify the configuration of the network address, you need to use the ip utility. The ip utility is a modern utility that can consider advanced networking feature that have been introduced recently. With the ip utility, many aspects of networking can be monitored: *Use ip addr to configure and monitor network addresses *Use ip route to configure and monitor routing information *Use ip link to configure and monitor network link state
What are the different ways to change the hostname?
Use nmtui and select the Change Hostname Use hostnamectl set-hostname Edit the contents of the configuration file /etc/hostname
*Networking on RHEL is managed by the NetworkManager service. You can use the systemctl status NetworkManager command to verify its current status
When NetworkManager comes up, it reads the network card configuration scripts, which are in /etc/sysconfig/network-scripts and have a name that starts with ifcfg and is followed by the name of the network card.
What is a cache?
When a caching mechanism is in place, it helps improve delivery speed by storing a copy of the asset you requested and later accessing the cached copy instead of the original.
/etc/hosts file
You can configure hostname resolution in the /etc/hosts file. All hostname-IP address mapping definitions as set in etc/hosts will be applied before the hostname in DNS is used. This is configured as a default in the hosts line in /etc/nsswitch.conf Setting up an /etc/hosts file is easy; just make sure that it contains at least two columns. The first column has the IP address of the specific host, and the second column specifies the hostname.
*You can set an IP address of your interface
ip address add <ip address> dev <yourdevicename> ip address add 192.168.1.20 dev enp3s0 *places a secondary address on the interface
How to you configure the state of an interface?
ip link set dev [devicename] [up|down]
With the nmcli connection show command you can specify what connection you want to view.
nmcli device show gives a shorter output
To check current permissions when it comes to network configurations, what command do you use?
nmcli gen permissions
*In RHEL, you can create multiple connections for a device. This makes sense on mobile computers, for example, to differentiate between settings that are used to connect to the home network and settings that are used to connect to a corporate network. Switching between connections on devices is something that is common on end-user computers, and not so common on servers. To manage the network connections that you want to assign to devices, you use the nmuti command or nmcli command.
*Red hat wants you to know how to work with nmcli. This command is not very easy to use, however, and on the exam you will need to configure a network device with the appropriate settings.
A DNS server can contain information for more than one zone. At any hierarchical change point in a domain name (whenever a period appears), a different zone and containing server may be accessed to provide information for the name. This is called a delegation.
A common delegation approach uses a zone for implementing a second-level domain name, such as berkeley.edu. In this domain, there may be individual hosts (e.g www.berkeley.com) or other domains (e.g cs.berkeley.edu
What is a cache server?
A dedicated server used for caching web resources. This type of cache mechanism is used in content delivery networks or web proxies. These servers can be located in many geographical regions and used to store and deliver data so that the user's request and response doesn't need to travel as far.
What does the ip link show command do?
Displays the link state of the networking interfaces. Using ip -s link show command will give you traffic statistics, such as packets being transmitted and received on an interface, as well as an overview of errors that have occurred during packet transmission
IP addresses can be assigned into two ways:
Fixed IP addresses Dynamically assigned IP addresses
A domain name consts of a sequence of labels separated by periods. The name represents a location in the name hierarchy, where the period is the hierarchy delimiter and descending down the tree takes place from right to left.
For example, the FQDN www.net.in.tum.de. contains a host name label (www) in a four-level deep domain.
What does the netstat command do?
Netstat is a command line utility that can be used to list out all the network (socket) connections on a system. It lists out all the tcp and udp socket connections and the unix socket connections. Apart from connected sockets it can also list listening sockets that are waiting for incoming connections, so by verifying an open port 80 you can confirm if a web server is running on the system or not.
What does the nmcli connection show command do?
This shows active and inactive connections. --active shows only the active connections
To specify which DNS name servers you want to use, you have a few different options:
Use nmtui to set DNS name servers. Set the DNS1 and DNS2 parameters in the ifcfg network connection configuration file in /etc/sysconfig/network-scripts = include the ifcf configuration file to include the option PEERDNS=no Use a DHCP server that is configured to hand out the address of the DNS name server Use nmcli con mod <connection-id> [+]ipv4.dns<ip-of-dns>
What does the hostname command do?
Used to display the system's DNS name and to display or set its hostname or NIS domain name. hostname -f - gets the the fqdn
The unit of administrative delegation, in the language of DNS servers, is called a zone. A zone is a subtree of the DNS name space that can be administered separately from other zones. Every domain name exists within some zone, even TLDs that exist in the root zone.
Whenever a new record is added to a zone, the DNS administrator for the zone allocates a name and additional information (usually an IP address) for the new entry and enters theses into the name server's database.