Handbook:X86/Networking/Modular

From Gentoo Wiki
Jump to: navigation, search
Other languages:
Deutsch • ‎English • ‎español • ‎日本語 • ‎한국어 • ‎polski • ‎русский • ‎українська • ‎中文(中国大陆)‎
X86 Handbook
Installation
About the installation
Choosing the media
Configuring the network
Preparing the disks
Installing stage3
Installing base system
Configuring the kernel
Configuring the system
Installing tools
Configuring the bootloader
Finalizing
Working with Gentoo
Portage introduction
USE flags
Portage features
Initscript system
Environment variables
Working with Portage
Files and directories
Variables
Mixing software branches
Additional tools
Custom package repository
Advanced features
Network configuration
Getting started
Advanced configuration
Modular networking
Wireless
Adding functionality
Dynamic management


Network modules

Netifrc scripts now support modular networking scripts, which means support for new interface types and configuration modules can easily be added while keeping compatibility with existing ones.

Modules load by default if the package they need is installed. If users specify a module here that doesn't have its package installed then they get an error stating which package they need to install. Ideally, the modules setting is only used when two or more packages are installed that supply the same service and one needs to be preferred over the other.

Note
All settings discussed here are stored in /etc/conf.d/net unless otherwise specified.
FILE /etc/conf.d/netModule definitions
# Prefer ifconfig over iproute2
modules="ifconfig"
  
# You can also specify other modules for an interface
# In this case we prefer pump over dhcpcd
modules_eth0="pump"
  
# You can also specify which modules not to use - for example you may be
# using a supplicant or linux-wlan-ng to control wireless configuration but
# you still want to configure network settings per ESSID associated with.
modules="!iwconfig"

Interface handlers

We provide two interface handlers presently: ifconfig and iproute2. Only one of these is needed to do any kind of network configuration.

Both are installed by default as part of the system profile. iproute2 is the more powerful and flexible package.

root #emerge --ask sys-apps/iproute2
FILE /etc/conf.d/netiproute2 is installed but still prefer ifconfig
# To prefer ifconfig over iproute2 if both are installed as openrc prefers
# to use iproute2 then
modules="ifconfig"

As both ifconfig and iproute2 do very similar things we allow their basic configuration to work with each other. For example both the below code snippet work regardless of which module the user is using.

FILE /etc/conf.d/netExample different approaches for configuration
config_eth0="192.168.0.2/24"
config_eth0="192.168.0.2 netmask 255.255.255.0"
  
# We can also specify broadcast
config_eth0="192.168.0.2/24 brd 192.168.0.255"
config_eth0="192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255"

DHCP

DHCP is a means of obtaining network information (IP address, DNS servers, Gateway, etc) from a DHCP server. This means that if there is a DHCP server running on the network, the user just has to tell each client to use DHCP and it sets up the network all by itself. Of course, the user will have to configure for other things like wireless, PPP or other things if required before he can use DHCP.

DHCP can be provided by dhclient, dhcpcd, or pump. Each DHCP module has its pros and cons - here is a quick run down:

DHCP module Package Pros Cons
dhclient net-misc/dhcp Made by ISC, the same people who make the BIND DNS software. Very configurable Configuration is overly complex, software is quite bloated, cannot get NTP servers from DHCP, does not send hostname by default
dhcpcd net-misc/dhcpcd Long time Gentoo default, no reliance on outside tools, actively developed by Gentoo Can be slow at times, does not yet daemonize when lease is infinite
pump net-misc/pump Lightweight, no reliance on outside tools No longer maintained upstream, unreliable, especially over modems, cannot get NIS servers from DHCP

If more than one DHCP client is installed, specify which one to use - otherwise we default to dhcpcd if available.

To send specific options to the DHCP module, use module_eth0="..." (change module to the DHCP module being used - i.e. dhcpcd_eth0).

We try to make DHCP relatively agnostic - as such we support the following commands using the dhcp_eth0 variable. The default is not to set any of them:

  • release: Releases the IP address for re-use.
  • nodns: Don't overwrite /etc/resolv.conf
  • nontp: Don't overwrite /etc/ntp.conf
  • nonis: Don't overwrite /etc/yp.conf
FILE /etc/conf.d/netSample DHCP configuration
# Only needed if you have more than one DHCP module installed
modules="dhcpcd"
  
config_eth0="dhcp"
dhcpcd_eth0="-t 10" # Timeout after 10 seconds
dhcp_eth0="release nodns nontp nonis" # Only get an address
Note
dhcpcd and pump send the current hostname to the DHCP server by default so this does not need to be specified anymore.

ADSL with PPPoE/PPPoA

First we need to install the ADSL software.

root #emerge --ask net-dialup/ppp

Second, create the PPP net script and the net script for the Ethernet interface to be used by PPP:

root #ln -s /etc/init.d/net.lo /etc/init.d/net.ppp0
root #ln -s /etc/init.d/net.lo /etc/init.d/net.eth0

Be sure to set rc_depend_strict to YES in /etc/rc.conf.

Now we need to configure /etc/conf.d/net.

FILE /etc/conf.d/netA basic PPPoE setup
config_eth0=null (Specify the ethernet interface)
config_ppp0="ppp"
link_ppp0="eth0" (Specify the ethernet interface)
plugins_ppp0="pppoe"
username_ppp0='user'
password_ppp0='password'
pppd_ppp0="
noauth
defaultroute
usepeerdns
holdoff 3
child-timeout 60
lcp-echo-interval 15
lcp-echo-failure 3
noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp"
  
rc_need_ppp0="net.eth0"

It is also possible to set the password in /etc/ppp/pap-secrets.

FILE /etc/ppp/pap-secretsSample pap-secrets
# The * is important
"username"  *  "password"

If PPPoE is used with a USB modem then make sure to emerge br2684ctl. Please read /usr/portage/net-dialup/speedtouch-usb/files/README for information on how to properly configure it.

Important
Please carefully read the section on ADSL and PPP in /usr/share/doc/netifrc-*/net.example.bz2. It contains many more detailed explanations of all the settings any particular PPP setup will likely need.

APIPA (Automatic Private IP Addressing)

APIPA tries to find a free address in the range 169.254.0.0-169.254.255.255 by arping a random address in that range on the interface. If no reply is found then we assign that address to the interface.

This is only useful for LANs where there is no DHCP server and the system doesn't connect directly to the Internet and all other computers use APIPA.

For APIPA support, emerge net-misc/iputils with the arping USE flag or net-analyzer/arping.

FILE /etc/conf.d/netAPIPA configuration
# Try DHCP first - if that fails then fallback to APIPA
config_eth0="dhcp"
fallback_eth0="apipa"
  
# Just use APIPA
config_eth0="apipa"

Bonding

Bonding is used to increase network bandwidth or to improve resiliency in face of hardware failures. If a system has two network cards going to the same network, then the administrator can bond them together so the applications see just one interface but they really use both network cards.

There are many ways to configure bonding. Some of them, such as the 802.3ad LACP mode, require support and additional configuration of the network switch. For a reference of the individual options, please refer to the local copy of /usr/src/linux/Documentation/networking/bonding.txt.

First, clear the configuration of the participating interfaces:

FILE /etc/conf.d/netClearing interface configuration
config_eth0="null"
config_eth1="null"
config_eth2="null"

Next, define the bonding between the interfaces:

FILE /etc/conf.d/netDefine the bonding
slaves_bond0="eth0 eth1 eth2"
config_bond0="192.168.100.4/24"
# Pick a correct mode and additional configuration options which suit your needs
mode_bond0="balance-alb"

Remove the net.eth* services from the runlevels, create a net.bond0 one and add that one to the correct runlevel.

Bridging (802.1d support)

Bridging is used to join networks together. For example, a system may have a server that connects to the Internet via an ADSL modem and a wireless access card to enable other computers to connect to the Internet via the ADSL modem. It is possible to create a bridge to join the two interfaces together.

FILE /etc/conf.d/netBridge configuration
# Configure the bridge - "man brctl" for more details
bridge_forward_delay_br0=0
bridge_hello_time_br0=200
bridge_stp_state_br0=1
  
# To add ports to bridge br0
bridge_br0="eth0 eth1"
  
# You need to configure the ports to null values so dhcp does not get started
config_eth0="null"
config_eth1="null"
  
# Finally give the bridge an address - you could use DHCP as well
config_br0="192.168.0.1/24"
  
# Depend on eth0 and eth1 as they may require extra configuration
rc_need_br0="net.eth0 net.eth1"
Important
For using some bridge setups, consult the variable name documentation.
Important
When bridging using IPv6, SLAAC requires STP to be set to 1 as seen in the example above.

MAC address

It is possible to change the MAC address of the interfaces through the network configuration file too.

FILE /etc/conf.d/netMAC Address change example
# To set the MAC address of the interface
mac_eth0="00:11:22:33:44:55"
  
# To randomize the last 3 bytes only
mac_eth0="random-ending"
  
# To randomize between the same physical type of connection (e.g. fibre,
# copper, wireless) , all vendors
mac_eth0="random-samekind"
  
# To randomize between any physical type of connection (e.g. fibre, copper,
# wireless) , all vendors
mac_eth0="random-anykind"
  
# Full randomization - WARNING: some MAC addresses generated by this may
# NOT act as expected
mac_eth0="random-full"

Tunneling

Tunneling does not require any additional software to be installed as the interface handler can do it.

FILE /etc/conf.d/netTunneling configuration
# For GRE tunnels
iptunnel_vpn0="mode gre remote 207.170.82.1 key 0xffffffff ttl 255"
  
# For IPIP tunnels
iptunnel_vpn0="mode ipip remote 207.170.82.2 ttl 255"
  
# To configure the interface
config_vpn0="192.168.0.2 peer 192.168.1.1"

VLAN (802.1q support)

For VLAN support, make sure that sys-apps/iproute2 is installed and ensure that iproute2 is used as configuration module rather than ifconfig.

Virtual LAN is a group of network devices that behave as if they were connected to a single network segment - even though they may not be. VLAN members can only see members of the same VLAN even though they may share the same physical network.

To configure VLANs, first specify the VLAN numbers in /etc/conf.d/net like so:

FILE /etc/conf.d/netSpecifying VLAN numbers
vlans_eth0="1 2"

Next, configure the interface for each VLAN:

FILE /etc/conf.d/netInterface configuration for each VLAN
config_eth0_1="172.16.3.1 netmask 255.255.254.0"
routes_eth0_1="default via 172.16.3.254"
  
config_eth0_2="172.16.2.1 netmask 255.255.254.0"
routes_eth0_2="default via 172.16.2.254"

VLAN-specific configurations are handled by vconfig like so:

FILE /etc/conf.d/netConfiguring the VLANs
vlan1_name="vlan1"
vlan1_ingress="2:6 3:5"
eth0_vlan1_egress="1:2"
Important
For using some VLAN setups, consult the variable name documentation.