Linux Enterprise basic network configuration

1. NIC configuration file parsing

Here we CentOS7.6 default configuration files to minimize network card installed, for example, is our video "/ etc / sysconfig / network-scripts / ifcfg-enp0s3".

TYPE=Ethernet                # 网卡类型：为以太网
PROXY_METHOD=none            # 代理方式：关闭状态
BROWSER_ONLY=no              # 只是浏览器：否
BOOTPROTO=dhcp               # 网卡的引导协议：DHCP[中文名称: 动态主机配置协议]
DEFROUTE=yes                 # 默认路由
IPV4_FAILURE_FATAL=no        # 是不开启IPV4致命错误检测：否
IPV6INIT=yes                 # IPV6是否自动初始化: 是[不会有任何影响, 现在还没用到IPV6]
IPV6_AUTOCONF=yes            # IPV6是否自动配置：是[不会有任何影响, 现在还没用到IPV6]
IPV6_DEFROUTE=yes            # IPV6是否可以为默认路由：是[不会有任何影响, 现在还没用到IPV6]
IPV6_FAILURE_FATAL=no        # 是不开启IPV6致命错误检测：否
IPV6_ADDR_GEN_MODE=stable-privacy   # IPV6地址生成模型：stable-privacy [这只一种生成IPV6的策略]
NAME=ens33                   # 网卡物理设备名称
UUID=f47bde51-fa78-4f79-b68f-d5dd90cfc698    # 通用唯一识别码, 每一个网卡都会有, 不能重复, 否两台linux只有一台网卡可用
DEVICE=ens33                 # 网卡设备名称, 必须和 'NAME' 值一样
ONBOOT=no                    # 是否开机启动， 要想网卡开机就启动或通过 'systemctl restart     network' 以及 ip 命令启动网卡,必须设置为 'yes'

This can NetworkManager documentation for more configuration parameters on the card.

2. Set a fixed IP address

The contents of the first few lessons, we have been using DHCP (Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol) to obtain an IP address, so that the benefits configuration is very simple, we only need to modify the parameters ONBOOT card configuration file to yes to after, but the drawback is that after every time we restart the network address might have changed, the virtual machine must log on again to view the IP address to connect remotely via ssh our tool, and if it is in a production environment, servers are generally in the engine room , and even in different places, each room to view the server IP address which is very outdated, so we must give the hosts set a static IP address.
Set static (fixed) IP address is actually very simple, we only need to modify and add a few parameters on it.

2.1 need to modify the parameters

• The BOOTPROTO = dhcp modify BOOTPROTO = static, i.e., the specified address assignment protocol that is specified by the static or dynamic acquisition.

Need to modify the parameters on this one, but the caveat here is that in some cases, we may see BOOTPROTO = no configuration file or not this parameter is equivalent to BOOTPROTO = static, so we can use this fact delete or modify the parameters for the BOOTPROTO = no, just "appear" not up to standard only.

2.2 you need to add parameters

We just need to add three parameters, namely IPADDR, GATEWAY, PREFIX to specify the IP address, gateway, mask digits, of course, sometimes we may need to add DNS1 (note not DNS) parameters, but the official is not recommended so use the following, we will give a standard solution.

Byte education - teacher shoots Reminder:
there may be some students still do not quite understand what is the IP address, gateway, mask digits, this time behind us to learn Linux and other network technologies to talk to everyone to get into the details because Linux network functions very powerful, but also more difficult to understand, now go to the contact piece of content, it is likely to affect children's shoes are zero-based self-confidence, so let's bring everyone under Linux familiar feeling, and then accumulated some "energy value." Here the teacher will tell you how to check the IP address, gateway, and network mask.

IP address , if we do not know which IP address is available, then the easiest way is to get the address that can be used by DHCP, then this address down. Remember how you look, use ip command, as follows:

 [root@byte-edu-lab2 ~]# ip addr show enp0s3
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:88:01:70 brd ff:ff:ff:ff:ff:ff
    inet 192.168.48.48/24 brd 192.168.48.255 scope global noprefixroute enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::5f4d:62cd:a789:64e6/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

We can see the "inet 192.168.48.48/24", which is the IP address 192.168.48.48, which is 24 behind the mask of bits (or mask length, is a meaning), which is PREFIX parameters need to develop .

Through the above it a command, we know the IP address and network mask length, then the argument is now short of a gateway, the gateway is available through the following command:

[root@byte-edu-lab2 ~]# ip route show
default via 192.168.48.1 dev enp0s3 proto static metric 100
192.168.48.0/24 dev enp0s3 proto kernel scope link src 192.168.48.48 metric 100

See the "default via 192.168.48.1" this information yet (to find the default field), this address is the default gateway address , of course, we get above these operations are under way DHCP, so now we can these parameters and values to our IP address is fixed up, that is, configure a static IP address.

Note: You can have multiple network cards on a single server, but only one default gateway, which means that when you specify DEFROUTE in one card, the other cards are not available then set this parameter, remember! Remember! Remember!

Byte education - teacher shoots Tips: The
above approach is actually not very serious, because in some complex network model, is likely to default route is not the route we are the first to use the current IP address, such as the following this:

# ip route show
default via 192.168.48.1 dev enp0s3 proto static metric 100
172.20.0.0/16 via 172.20.32.5 dev enp0s3 scope link
172.20.0.0/16 dev enp0s3 proto kernel scope link src 172.20.32.5
192.168.48.0/24 dev enp0s3 proto kernel scope link src 192.168.48.48 metric 100

So when I requested address is 172.20.0.0/16 network segment, it will use 172.20.32.5 address requests without longer follow the default route. But we do not consider such a pre-complex cases, we know that under it, as our knowledge is the accumulation of knowledge gradually lifted.

2.3 static configuration parameters

So now let's look at a complete static address configuration configuration parameters:

[root@byte-edu-lab2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
# 注意 BOOTPROTO 的值修改为 static
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp0s3
UUID=06713c0b-b0d9-469e-92c8-e4411656ec1b
DEVICE=enp0s3
ONBOOT=yes
 
# 下面是新增的三个参数
IPADDR=192.168.48.48
PREFIX=24
GATEWAY=192.168.48.1

Restart the network, look at our address information:

# 查看 enp0s3 地址信息
[root@byte-edu-lab2 ~]# ip addr show enp0s3
- 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:88:01:70 brd ff:ff:ff:ff:ff:ff
    inet 192.168.48.48/24 brd 192.168.48.255 scope global noprefixroute enp0s3
    valid_lft forever preferred_lft forever
    inet6 fe80::5f4d:62cd:a789:64e6/64 scope link noprefixroute
      valid_lft forever preferred_lft forever

# 检查到网关 192.168.48.1 之间网络是否通畅
[root@byte-edu-lab2 ~]# ping 192.168.48.1
PING 192.168.48.1 (192.168.48.1) 56(84) bytes of data.
64 bytes from 192.168.48.1: icmp_seq=1 ttl=64 time=3.08 ms
64 bytes from 192.168.48.1: icmp_seq=2 ttl=64 time=6.64 ms

Now we specify the address of 192.168.48.48, and to smooth network between the gateway, bringing our static IP address configuration even if the end, right? May not, outside the network we are now going to check the next is smooth, as follows:

# 就去 ping 下百度的域名吧
[root@byte-edu-lab2 ~]# ping baidu.com
ping: baidu.com: 未知的名称或服务

Here is the error message "baidu.com: Unknown name or service," What does it mean? That our host does not know who baidu.com is also just do not know what his IP is that we said before, the domain name or host name is actually good for our mind, but the real time communication using the Internet or IP address, then how can you know who baidu.com address is it? The need for domain name resolution DNS to get the IP address of the domain name, here, we only need to specify it comes to Linux domain name resolution file "/etc/resolv.conf" in this document which addresses the use of DNS domain name resolution on it. "/Etc/resolv.conf" file using the specified DNS nameserver address, we will use very well-known Google Free DNS address - 8.8.8.8, configuration is as follows:

[root@byte-edu-lab2 ~]# vim /etc/resolv.conf
# Generated by NetworkManager
 nameserver 8.8.8.8

At this time again to check the next baidu.com network conditions,

[root@byte-edu-lab2 ~]# ping -c 4 baidu.com              # 注意这里加了 -c 参数，是限定 ping 发送四个数据包就结束，而不会一直发下去
PING baidu.com (123.125.114.144) 56(84) bytes of data.
64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=1 ttl=50 time=10.7 ms
64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=2 ttl=50 time=12.3 ms
64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=3 ttl=50 time=12.0 ms
64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=4 ttl=50 time=17.1 ms

--- baidu.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3007ms
rtt min/avg/max/mdev = 10.773/13.068/17.132/2.421 ms

At this point the external network (baidu.com is outside the network) address has been through, to prove that our configuration has no problem.

3. The knowledge and skills extended

Remember we said above, there is a static network configuration parameters can be added from time to increase DNS1 (DNS1 refers to the preferred DNS, so you can also configure DNS2, DNS3 parameters) parameters do, what the role of this parameter is it? In fact, is used to specify the host DNS address resolution, for example, now we add this parameter, part of the configuration is as follows:

IPADDR=192.168.48.48
PREFIX=24
GATEWAY=192.168.48.1
DNS1=114.114.114.114

Note: 114.114.114.114 is the very famous free DNS, domestic users are still very much with.

Now we restart Network, and then look to see Baidu is smooth.

# 修改完网卡信息重启网络服务以使配置生效
[root@byte-edu-lab2 ~]# systemctl restart network
# 检查到 百度 的网络连通性
[root@byte-edu-lab2 ~]# ping -c 4 baidu.com
PING baidu.com (220.181.57.216) 56(84) bytes of data.
64 bytes from 220.181.57.216 (220.181.57.216): icmp_seq=1 ttl=50 time=8.59 ms
64 bytes from 220.181.57.216 (220.181.57.216): icmp_seq=2 ttl=50 time=8.12 ms
64 bytes from 220.181.57.216 (220.181.57.216): icmp_seq=3 ttl=50 time=10.5 ms
64 bytes from 220.181.57.216 (220.181.57.216): icmp_seq=4 ttl=50 time=8.26 ms

 --- baidu.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3022ms
rtt min/avg/max/mdev = 8.126/8.885/10.558/0.984 ms

# 再次看下服务器上的域名解析文件，发现已经被修改为网卡中配置的 114.114.114.114
[root@byte-edu-lab2 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 114.114.114.114

We have seen previously configured DNS entry has been DNS1 card configuration file to overwrite, why would rewrite it? Let's answer this question later, we now first delete the DNS /etc/resolv.conf off, and then see if we can resolve the domain name.

[root@byte-edu-lab2 ~]# cat /etc/resolv.conf

# Generated by NetworkManager
 [root@byte-edu-lab2 ~]# ping baidu.com
 ping: baidu.com: 未知的名称或服务

After the discovery of deleted, I do not have to restart the network, it has not ping baidu.com, and based on this we can draw the following conclusions:

1. DNS configuration information is written to the card configuration file will overwrite /etc/resolv.conf configuration when the network is restarted
2. /etc/resolv.conf configuration is with immediate effect, the need to restart the network
3. Linux hosts has been able to resolve domain names, because /etc/resolv.conf (also only relate to this document) with a nameserver, whether DNS has nothing to do with the network card configuration, while our example above, the reason why the NIC configuration file DNS entries, reboot the host can resolve baidu.com, in fact, because NetworkManager service writes this information to /etc/resolv.conf in the DNS1.
4. If the card configuration file and /etc/resolv.conf files are configured DNS information, no doubt, to /etc/resolv.conf configuration file specified DNS prevail.

Now we come to that answer another question, NIC configuration file DNS (examples are DNS1, I collectively referred to herein DNS entry) entry, why overrides /etc/resolv.conf file, if there will be any disadvantages to cover, how to cancel this "cover operation" mean?

4. DNS on the Linux configuration issues

Why 4.1 overwrites the file /etc/resolv.conf

RHEL7 series from the beginning, network management default NetworkManager, NetworkManager two but allows network and network management services exist on the system, and the front is RHEL6 before the default network management services, 7 series uses such a comparison fucking management tools. We see that there is such a sentence in /etc/resolv.conf information "# Generated by NetworkManager", that is, the service responsible for network management and DNS management, he is the DNS information is synchronized to the network card configuration file, which answer why overrides /etc/resolv.conf file because he considered himself particularly witty help you configure the DNS.

4.2 Use network card DNS configuration file /etc/resolv.conf cover shortcomings

We can indeed be covered by specifying DNS information in the NIC configuration file /etc/resolv.conf way to complete DNS configuration, but that there is a great risk in the production environment. For example, you configure the server in Beijing on the Beijing of a DNS address, write to the configuration file /etc/resolv.conf after restarting the network for domain name resolution. But suddenly one day the DNS can not be used (indeed frequent failures regional DNS, so the DNS or the use of relatively well-known), then your server can no longer resolve domain names, business disruption, which belong to sense a fault being. So you had to repair, modify values directly in /etc/resolv.conf nameserver, and into the available DNS address, you do not need to restart the network, you can take effect immediately, which is a normal fault release operation. But your network card configuration files still using the DNS addresses can not be used, when to restart the network, the fault will be generated at any time, which belongs to a human error. That may be some students would say, I directly modify the configuration file card is not on the list? First, this configuration requires restarting the network, delay the repair time is not that also may cause configuration information on the card is lost; secondly, this configuration still exists then the next time the same security risks DNS failure. Therefore, the best way is to "do his part" network card configuration file is used to set the network card information, / etc / resolv.conf file is used to configure the Linux DNS related.

4.3 How to cancel this coverage does it work?

First of all you need to know who the culprit covered by this operation is that we know can be a network managed network services can also be NetworkManager, how to see it? You can use systemctl status netwok or systemctl status NetwokManager, whose state is the Active , who is managing the network, of course, on CentOS7, can simultaneously two are the Active , here I will tell you how to remove this cover operation.

Many articles on the web say how CentOS6 or cancel coverage CentOS7 operation /etc/resolv.conf, in fact, is very strict, how to cancel a service for which network to use, instead of the system version.

• When is the network for network management

Add a line "PEERDNS = no" to the network card configuration file.

• When is NetworkManager for network management

/Etc/NetworkManager/NetworkManager.conf modify the configuration file, plus the "dns = none" or "dns = no" the [main] field, and then to restart the network: systemctl restart NetworkManager.

• How are both active status

The above operations can cook on it.

reference

---

Byte Education - linux- basic network configuration