The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.
Difference between revisions of "Funtoo:Networking/Configuration"
(26 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
<blockquote>This document explains how to configure your network settings by explaining the network configuration functionality available in Funtoo Linux. Also covered is <tt>dhcpcd 5.x</tt>, Wi-Fi (IEEE 802.11) configuration, and the OpenResolv framework. | <blockquote>This document explains how to configure your network settings by explaining the network configuration functionality available in Funtoo Linux. Also covered is <tt>dhcpcd 5.x</tt>, Wi-Fi (IEEE 802.11) configuration, and the OpenResolv framework. | ||
</blockquote> | </blockquote> | ||
== Introduction == | == Introduction == | ||
__TOC__ | __TOC__ | ||
Line 16: | Line 16: | ||
=== The Easy (Dynamic) Way === | === The Easy (Dynamic) Way === | ||
When configuring your network, one option is to skip traditional network configuration and simply rely on DHCP. This is by far the simplest method of configuring your network. If you are on a wired network, no other steps are typically required beyond enabling a DHCP client, and Funtoo Linux includes | When configuring your network, one option is to skip traditional network configuration and simply rely on DHCP. This is by far the simplest method of configuring your network. If you are on a wired network, no other steps are typically required beyond enabling a DHCP client, and Funtoo Linux includes {{c|dhcpcd 7.x}} by default. | ||
==== Network Manager, Wicd ==== | ==== Network Manager, Wicd ==== | ||
Line 24: | Line 24: | ||
==== DHCP-Only Systems ==== | ==== DHCP-Only Systems ==== | ||
If you are not planning to use a third-party package to manage your network interfaces, it is still extremely easy to set up DHCP networking, especially if you always use DHCP to connect to networks, which is common for desktops or laptops. In this scenario, we can simply enable | If you are not planning to use a third-party package to manage your network interfaces, it is still extremely easy to set up DHCP networking, especially if you always use DHCP to connect to networks, which is common for desktops or laptops. In this scenario, we can simply enable {{c|dhcpcd}} to run at system startup. It will run in the background and automatically look for DHCP servers on all your network interfaces, and will attempt to lease an IP address from any DHCP servers found. | ||
If this sounds like what you want to do, then add | If this sounds like what you want to do, then add {{c|dhcpcd}} to your default runlevel as follows: | ||
<console># ##i##rc-update add dhcpcd default</console> | <console># ##i##rc-update add dhcpcd default</console> | ||
To enable DHCP immediately, you would follow the previous command with an | To enable DHCP immediately, you would follow the previous command with an {{c|openrc}} command, which would start the {{c|dhcpcd}} client you just added: | ||
{{console|body= | |||
###i## openrc | |||
}} | |||
If you're on a wired network and have the necessary drivers in your kernel, then this should get you going. For wireless networks, more steps are required to utilize your wireless hardware to associate with an access point, which will be covered later in this document. | If you're on a wired network and have the necessary drivers in your kernel, then this should get you going. For wireless networks, more steps are required to utilize your wireless hardware to associate with an access point, which will be covered later in this document. | ||
Line 38: | Line 40: | ||
===== Tweaking Dhcpcd ===== | ===== Tweaking Dhcpcd ===== | ||
For now, it's important to note that | For now, it's important to note that {{c|dhcpcd 7.x}} will manage ''all'' available network interfaces by default. If you want to run a DHCP client on ''all but one'' interface, or some other subset of interfaces, you can add the appropriate {{c|denyinterfaces}} or {{c|allowinterfaces}} [[glob pattern]] to {{c|/etc/dhcpcd.conf}}: | ||
{{file|name=/etc/dhcpcd.conf|lang=bash|body= | |||
# manage all interfaces but eth0 with dhcpcd | # manage all interfaces but eth0 with dhcpcd | ||
denyinterfaces eth0 | denyinterfaces eth0 | ||
}} | |||
This can also be accomplished by modifying | This can also be accomplished by modifying {{c|tc/init.d/dhcpcd}} directly and adding {{c|-Z ''ifglob''}} or {{c|-z ''ifglob''}} (the equivalent command-line parameters) to {{c|command_args}}. | ||
==== Using Funtoo Scripts for DHCP ==== | ==== Using Funtoo Scripts for DHCP ==== | ||
Line 51: | Line 53: | ||
You can also use the Funtoo Linux networking scripts to start a DHCP client just on a specific interface. This approach is best if you are planning to also do some advanced bridging, bonding or VLAN configuration on your machine along with DHCP, since you will be using the Funtoo Linux networking scripts for that too. | You can also use the Funtoo Linux networking scripts to start a DHCP client just on a specific interface. This approach is best if you are planning to also do some advanced bridging, bonding or VLAN configuration on your machine along with DHCP, since you will be using the Funtoo Linux networking scripts for that too. | ||
To use this variant approach, ''don't'' enable | To use this variant approach, ''don't'' enable {{c|/etc/init.d/dhcpcd}} directly. Instead, use the Funtoo Linux {{c|dhcpcd}} template which will start dhcpcd on only one interface. Below, you will see the steps to do this. This is very similar to how we set up advanced network interfaces, which will be covered later in this documentation: | ||
{{console|body= | |||
# ##i##cd /etc/init.d | # ##i##cd /etc/init.d | ||
# ##i##ln -s netif.tmpl netif.eth0 | # ##i##ln -s netif.tmpl netif.eth0 | ||
# ##i##rc-update add netif.eth0 default | # ##i##rc-update add netif.eth0 default | ||
# ##i##echo template=dhcpcd > /etc/conf.d/netif.eth0 | # ##i##echo template=dhcpcd > /etc/conf.d/netif.eth0 | ||
# ##i## | # ##i##openrc | ||
}} | |||
The last command, | The last command, {{c|openrc}} causes {{c|netif.eth0}} to be started. | ||
=== Server Network Configuration === | === Server Network Configuration === | ||
Line 69: | Line 71: | ||
Here are the key components of the template-based network configuration system: | Here are the key components of the template-based network configuration system: | ||
; | ;{{c|/etc/init.d/loopback}}: An init script that configures the localhost interface. This script is always enabled and is part of the boot process. | ||
; | ;{{c|/etc/netif.d}}: This is a directory that contains various network configuration templates. Each of these templates is focused on configuring a particular type of network interface, such as a general static IP-based interface, a bridge interface, a bond interface, etc. | ||
; | ;{{c|/etc/init.d/netif.tmpl}}: This is the master init script for the template-based network configuration system. New interfaces are added to your system by creating '''symbolic links''' to this file in {{c|/etc/init.d}}. | ||
So, if you wanted to use this system to configure | So, if you wanted to use this system to configure {{c|eth0}} with a static IP address, you would create a {{c|netif.eth0}} symlink to {{c|netif.tmpl}} as follows: | ||
{{console|body= | |||
# ##i##cd /etc/init.d | |||
# ##i##ln -s netif.tmpl netif.eth0 | |||
}} | |||
Then, you would create an {{c|/etc/conf.d/netif.eth0}} configuration file that would specify which template to use from the {{c|/etc/netif.d}} directory: | |||
Then, you would create an | |||
{{file|name=/etc/conf.d/netif.eth0|lang=bash|body= | |||
template="interface" | template="interface" | ||
ipaddr="10.0.1.200/24" | ipaddr="10.0.1.200/24" | ||
Line 85: | Line 90: | ||
nameservers="10.0.1.1 10.0.1.2" | nameservers="10.0.1.1 10.0.1.2" | ||
domain="funtoo.org" | domain="funtoo.org" | ||
}} | |||
To complete our static IP network configuration we would need to: | To complete our static IP network configuration we would need to: | ||
{{console|body=# ##i##rc-update add netif.eth0 default}} | |||
When configuring your own static network interface, one of | When configuring your own static network interface, one of {{c|ipaddr}} or {{c|ipaddrs}} is required and should specify the IP address(es) to configure for this interface, in "a.b.c.d/netmask" format. Optional parameters include {{c|gateway}}, which defines a default gateway for your entire network, and if set should specify the gateway's IP address. In addition, {{c|domain}} and {{c|nameservers}} (space-separated if more than one) can be used to specify DNS information for this interface. | ||
{{important|When creating symlinks for devices such as {{c|eth0}}, the symlink filename ''must'' follow the format {{c|netif.eth0}}. If the service is named any other way, such as {{c|net.eth0}}, it will not start. Config filenames must of course follow the same format. }} | |||
=== Configuration Variables === | === Configuration Variables === | ||
Line 96: | Line 103: | ||
==== Interface Variables ==== | ==== Interface Variables ==== | ||
The | The {{c|ipaddr}} and {{c|ipaddrs}} variables are supported by the {{c|interface}} and {{c|bridge}} templates, and are used to specify a single or multiple IPv4 or IPv6 address(es) for the interface. IP addresses should be specified in 'IP/netmask' format, such as {{c|10.0.0.1/24}}. Multiple IP addresses can be specified delimited by whitespace: | ||
<pre>ipaddrs="10.0.0.1/24 10.0.0.2/24"</pre> | <pre>ipaddrs="10.0.0.1/24 10.0.0.2/24"</pre> | ||
Line 132: | Line 139: | ||
==== VLAN Variables ==== | ==== VLAN Variables ==== | ||
VLAN support is enabled by default for all network configuration scripts. If a network script has a name in the format | VLAN support is enabled by default for all network configuration scripts. If a network script has a name in the format {{c|netif.ethX.Y}}, then it is assumed to be a VLAN interface referencing trunk <tt>ethX</tt> and VLAN ID <tt>Y</tt>. If you desire a custom name for your VLAN interface, you can name your interface whatever you'd like and specify the following variables in your interface config: | ||
;<tt>trunk</tt>: VLAN trunk interface, e.g. "eth0" | ;<tt>trunk</tt>: VLAN trunk interface, e.g. "netif.eth0" | ||
;<tt>vlan</tt>: VLAN id, e.g. "32" | ;<tt>vlan</tt>: VLAN id, e.g. "32" | ||
Line 148: | Line 155: | ||
OpenResolv will be used to set DNS information provided by the <tt>nameservers</tt>, <tt>domain</tt> and <tt>search</tt> variables when an interface is brought up. The OpenResolv framework will add entries to <tt>/etc/resolv.conf</tt>, and will also handle removing these entries when the interface is brought down. This way, <tt>/etc/resolv.conf</tt> should always contain current information and should not need to be manually edited by the system administrator. <tt>dhcpcd</tt> will use OpenResolv for updating system DNS information as well. | OpenResolv will be used to set DNS information provided by the <tt>nameservers</tt>, <tt>domain</tt> and <tt>search</tt> variables when an interface is brought up. The OpenResolv framework will add entries to <tt>/etc/resolv.conf</tt>, and will also handle removing these entries when the interface is brought down. This way, <tt>/etc/resolv.conf</tt> should always contain current information and should not need to be manually edited by the system administrator. <tt>dhcpcd</tt> will use OpenResolv for updating system DNS information as well. | ||
=== Multiple Network Configurations === | === Multiple Network Configurations === | ||
Line 172: | Line 170: | ||
Funtoo network scripts now support interface renaming, so you can create an interface called <tt>lan</tt> if you would like. To do this, simply specify the MAC address of the interface you would like to rename using the <tt>macaddr</tt> variable: | Funtoo network scripts now support interface renaming, so you can create an interface called <tt>lan</tt> if you would like. To do this, simply specify the MAC address of the interface you would like to rename using the <tt>macaddr</tt> variable: | ||
<pre>macaddr="00:15:17:19:b6:a3"</pre>If this MAC address is part of the <tt>netif.lan</tt> configuration file, then when this interface starts, whatever interface currently has the MAC address of 00:15:17:19:b6:a3 (i.e. <tt>eth5</tt>) will be renamed to <tt>lan</tt> prior to the interface being brought up, and will show up in <tt>ifconfig</tt> and <tt>ip</tt> commands as being an interface named <tt>lan</tt>. | <pre>macaddr="00:15:17:19:b6:a3"</pre>If this MAC address is part of the <tt>netif.lan</tt> configuration file, then when this interface starts, whatever interface currently has the MAC address of 00:15:17:19:b6:a3 (i.e. <tt>eth5</tt>) will be renamed to <tt>lan</tt> prior to the interface being brought up, and will show up in <tt>ifconfig</tt> and <tt>ip</tt> commands as being an interface named <tt>lan</tt>. It is possible to combine this with the <tt>mac_replace</tt> variable to set a new MAC address, if desired. | ||
=== Basic VLAN Configuration === | === Basic VLAN Configuration === | ||
Line 212: | Line 210: | ||
</console> | </console> | ||
The Funtoo network configuration scripts will automatically recognize the filename | The Funtoo network configuration scripts will automatically recognize the filename {{c|netif.eth1.32}} as being VLAN 32 of trunk interface {{c|netif.eth1}}. | ||
When the VLAN interface is brought up, it will be named <tt>eth1.32</tt>. | When the VLAN interface is brought up, it will be named <tt>eth1.32</tt>. | ||
Line 222: | Line 220: | ||
<pre>template="interface" | <pre>template="interface" | ||
vlan="32" | vlan="32" | ||
trunk="eth1" | trunk="netif.eth1" | ||
ipaddr="1.2.3.4/24" | ipaddr="1.2.3.4/24" | ||
gateway="1.2.3.1" | gateway="1.2.3.1" | ||
Line 230: | Line 228: | ||
Then you would simply create a VLAN network interface symlink for <tt>netif.mgmt</tt>: | Then you would simply create a VLAN network interface symlink for <tt>netif.mgmt</tt>: | ||
{{console|body= | |||
# ##i##cd /etc/init.d | |||
# ##i##ln -s netif.tmpl netif.mgmt | # ##i##ln -s netif.tmpl netif.mgmt | ||
# ##i##rc-update add netif.mgmt default</console> | # ##i##rc-update add netif.mgmt default</console> | ||
When the VLAN interface is brought up, it will be named | When the VLAN interface is brought up, it will be named {{c|netif.mgmt}}. | ||
}} | |||
=== Bonding Configuration === | === Bonding Configuration === | ||
Line 269: | Line 268: | ||
<console> | <console> | ||
# ##i##ln -s netif.tmpl netif. | # ##i##ln -s netif.tmpl netif.bond0 | ||
# ##i##rc-update add netif. | # ##i##rc-update add netif.bond0 default | ||
</console> | </console> | ||
Now we can configure " | Now we can configure "bond0" using its configuration file <tt>/etc/conf.d/netif.bond0</tt>, just as we would a regular interface, except that we specify <tt>slaves</tt>: | ||
<pre> | <pre> | ||
Line 284: | Line 283: | ||
</pre> | </pre> | ||
In a bonded configuration, it is common to set the MTU to the maximum possible value supported by hardware to maximize throughput. In order to do this, simply set the MTU option in <tt>/etc/conf.d/netif. | In a bonded configuration, it is common to set the MTU to the maximum possible value supported by hardware to maximize throughput. In order to do this, simply set the MTU option in <tt>/etc/conf.d/netif.bond0</tt> to the maximum value supported by your hardware. The network scripts will ensure that this MTU setting is applied to all slave interfaces: | ||
<pre> | <pre> | ||
mtu=9000 | mtu=9000 | ||
</pre> | </pre> | ||
{{Warning|Using jumbo frames (MTU of 9000 and above) can slightly improve network performance, but should only be used on an ''isolated'', ''task-specific'' network dedicated to certain types of bandwidth-intensive traffic, such as storage. Many common Internet devices do not support jumbo frames, and if large Ethernet frames reach endpoint devices such as routers and modems that communicate on the Internet, the larger TCP/IP packets will need to be fragmented into smaller packets, increasing router/modem CPU utilization and negatively impacting performance. Many routers will simply drop TCP/IP packets if they are larger than the MTU they support (typically ~1500). If you are using jumbo frames, be sure to inspect all ingress/egress devices for CPU utilization as well as ''dropped Ethernet frames'' over a reasonable time period to ensure no L2 network issues have been unintentionally introduced.}} | |||
By default, bonding will be active in 'round-robin' mode: | |||
{{console|body= | |||
# ##i##cat /proc/net/bonding/bond0 {{!}} grep ^Bonding | |||
Bonding Mode: load balancing (round-robin) | |||
}} | |||
To enable 802.3ad LACP bonding, you will need a managed switch that supports this standard. First, connect to the switch management interface to enable LACP on the appropriate | |||
ports. Then, manually create a {{f|/etc/modprobe.d/bonding.conf}} file with the following contents, and reboot: | |||
{{file|name=/etc/modprobe.d/bonding.conf|body= | |||
options bond0 miimon=100 mode=4 lacp_rate=1 | |||
}} | |||
Once rebooted, or doing an {{c|rmmod bonding; modprobe bonding}}, you should then see the interfaces in Bonding Mode: | |||
{{console|body= | |||
# ##i##cat /proc/net/bonding/bond0 {{!}} grep ^Bonding | |||
Bonding Mode: IEEE 802.3ad Dynamic link aggregation | |||
}} | |||
Run {{c|dmesg -Hw}} and look for any bonding-related errors such as this: | |||
{{console|body= | |||
# ##i##dmesg -Hw | |||
\##g##[ +0.839996]##!g## ##y##bond0##!y##: (slave eth1): An illegal loopback occurred on slave | |||
Check the configuration to verify that all adapters are connected to 802.3ad compliant switch ports | |||
}} | |||
These messages will display continually if you misconfigured your switch or you are using the wrong switch ports, and indicate that you are missing LACP support | |||
on your switch or that your switch configuration needs attention. | |||
{{Note|Once your bond is set up, it is possible to set up VLANs by using {{c|netif.bond0.3500}}, etc. following the VLAN setup instructions in this document.}} | |||
=== Bridge Configuration === | === Bridge Configuration === | ||
Line 331: | Line 365: | ||
group="kvm" | group="kvm" | ||
user="kvm" | user="kvm" | ||
mac_replace="10:20:30:40:50:66" | |||
</pre> | </pre> | ||
Line 353: | Line 387: | ||
denyinterfaces eth0 br0 | denyinterfaces eth0 br0 | ||
</pre> | </pre> | ||
=== SR-IOV Device Configuration === | |||
NOTE: This is experimental, and still being rolled out. | |||
Funtoo supports SR-IOV hardware NIC virtualization, if your hardware does. The physical device creates "virtual functions" which appear to be additional PCI network interface devices, and can be individually assigned to virtual machines, allowing near-native performance. This obviates the need for veth pairs, virtio+tap pairs, and software bridges. | |||
There are two steps: | |||
==== Create Virtual Devices ==== | |||
Before virtual functions can be used, the hardware has to be told to create them. Behind the scenes, this is done by the NIC driver, and configured through /sys. | |||
Assuming that the device eth2 supports SR-IOV virtual functions, enable them using the <b>numvfs</b> parameter, as follows: | |||
<pre> | |||
# in /etc/conf.d/netif.eth2 | |||
template="interface-noip" | |||
numvfs=15 | |||
</pre> | |||
It is not necessary to use "interface-noip", the physical function works normally, independently of any virtual functions. If you specify a number of virtual functions beyond what the hardware supports, it will be clamped to the value that the hardware supports. If you specify zero "0", then the maximum available number of virtual functions will be enabled. | |||
==== Configure Virtual Devices ==== | |||
The virtual functions created above show up as "ethNN" devices, IF the host kernel has the appropriate VF driver loaded. If it isn't loaded, then the virtual functions show up as unused PCI devices. | |||
Even without a driver, their MAC can (and should) be configured by the bare-metal host, and their VLAN can be set if desired. To do so, create an /etc/conf.d/netif.foobar file, where foobar is any arbitrary name that you like, containing the following: | |||
<pre> | |||
# /etc/conf.d/netif.foobar | |||
template="interface-noip" | |||
virtfn=1 | |||
trunk=netif.eth2 | |||
vlan=123 | |||
</pre> | |||
virtfn= is the index of the virtual function, between 0 and the numvfs number given above. Be sure to only use a given virtfn once per device. | |||
trunk= refers to the underlying physical device, and is required. | |||
vlan= is optional. If given, the hardware will tag and untag the packets automatically, and will prevent the guest system from altering it. | |||
If mac_replace is not specified, a static MAC will be generated based on the physical device's own MAC. | |||
==== Also: passing through to QEMU VMs ==== | |||
If you want to use the virtual function from inside a QEMU VM, you'll pass it through as a raw PCI device. If the virtual function driver is loaded in the host kernel, you'll want to unbind it from individual devices. Doing so is beyond the scope of this document, and not supported automatically at this time: the easy-button is to load the VF driver and use the virtual function in LXC's or natively on the host, e.g. to accelerate VLANs, or to not load the VF driver and use all of the virtual functions in VMs. | |||
=== More Complex Network Configuration === | === More Complex Network Configuration === | ||
Line 414: | Line 498: | ||
== Other Network Configurations == | == Other Network Configurations == | ||
If you have a network configuration template that might be useful to others, please post it to the [ | If you have a network configuration template that might be useful to others, please post it to the [https://bugs.funtoo.org bugtracker] so we can review it and possibly incorporate it into Funtoo. | ||
== License == | == License == |
Latest revision as of 23:01, November 23, 2022
This document explains how to configure your network settings by explaining the network configuration functionality available in Funtoo Linux. Also covered is dhcpcd 5.x, Wi-Fi (IEEE 802.11) configuration, and the OpenResolv framework.
Introduction
Funtoo Linux has its own core network configuration system that differs somewhat from upstream network configuration systems used in Gentoo Linux and OpenRC.
In this document, I will explain the unique additions and changes to the Funtoo network configuration and show you how to use this system to configure your network.
I'll also explain how to use dhcpcd
for managing network interfaces on DHCP-based networks, and will also cover OpenRC stacked runlevel configuration, Wi-Fi (IEEE 802.11) configuration, and the OpenResolv framework, which is enabled in Funtoo Linux by default.
A Gentle Introduction to Funtoo Network Configuration
Before I get into the technical details of configuring your network, it's important to understand that Funtoo Linux has a number of different options available to you for network configuration, with more likely to be added in the future. Each approach is different and has its own strengths and weaknesses, and this is, in my opinion, a good thing.
The Easy (Dynamic) Way
When configuring your network, one option is to skip traditional network configuration and simply rely on DHCP. This is by far the simplest method of configuring your network. If you are on a wired network, no other steps are typically required beyond enabling a DHCP client, and Funtoo Linux includes dhcpcd 7.x
by default.
Network Manager, Wicd
If you are going to use a third party package such as Network Manager or Wicd to manage your network then you do not need to configure DHCP at all. These packages configure DHCP for you. Simply emerge the package you want to use and start using it.
DHCP-Only Systems
If you are not planning to use a third-party package to manage your network interfaces, it is still extremely easy to set up DHCP networking, especially if you always use DHCP to connect to networks, which is common for desktops or laptops. In this scenario, we can simply enable dhcpcd
to run at system startup. It will run in the background and automatically look for DHCP servers on all your network interfaces, and will attempt to lease an IP address from any DHCP servers found.
If this sounds like what you want to do, then add dhcpcd
to your default runlevel as follows:
root # rc-update add dhcpcd default
To enable DHCP immediately, you would follow the previous command with an openrc
command, which would start the dhcpcd
client you just added:
root # openrc
If you're on a wired network and have the necessary drivers in your kernel, then this should get you going. For wireless networks, more steps are required to utilize your wireless hardware to associate with an access point, which will be covered later in this document.
Tweaking Dhcpcd
For now, it's important to note that dhcpcd 7.x
will manage all available network interfaces by default. If you want to run a DHCP client on all but one interface, or some other subset of interfaces, you can add the appropriate denyinterfaces
or allowinterfaces
glob pattern to /etc/dhcpcd.conf
:
/etc/dhcpcd.conf
(bash source code) # manage all interfaces but eth0 with dhcpcd
denyinterfaces eth0
This can also be accomplished by modifying tc/init.d/dhcpcd
directly and adding -Z ifglob
or -z ifglob
(the equivalent command-line parameters) to command_args
.
Using Funtoo Scripts for DHCP
You can also use the Funtoo Linux networking scripts to start a DHCP client just on a specific interface. This approach is best if you are planning to also do some advanced bridging, bonding or VLAN configuration on your machine along with DHCP, since you will be using the Funtoo Linux networking scripts for that too.
To use this variant approach, don't enable /etc/init.d/dhcpcd
directly. Instead, use the Funtoo Linux dhcpcd
template which will start dhcpcd on only one interface. Below, you will see the steps to do this. This is very similar to how we set up advanced network interfaces, which will be covered later in this documentation:
root # cd /etc/init.d root # ln -s netif.tmpl netif.eth0 root # rc-update add netif.eth0 default root # echo template=dhcpcd > /etc/conf.d/netif.eth0 root # openrc
The last command, openrc
causes netif.eth0
to be started.
Server Network Configuration
For servers and advanced networking scenarios, Funtoo Linux offers its own modular, template-based network configuration system. This system offers a lot of flexibility for configuring network interfaces, essentially serving as a "network interface construction kit." This system can be used by itself, or even combined with dhcpcd, as shown in the previous section.
Here are the key components of the template-based network configuration system:
/etc/init.d/loopback
- An init script that configures the localhost interface. This script is always enabled and is part of the boot process.
/etc/netif.d
- This is a directory that contains various network configuration templates. Each of these templates is focused on configuring a particular type of network interface, such as a general static IP-based interface, a bridge interface, a bond interface, etc.
/etc/init.d/netif.tmpl
- This is the master init script for the template-based network configuration system. New interfaces are added to your system by creating symbolic links to this file in
/etc/init.d
.
So, if you wanted to use this system to configure eth0
with a static IP address, you would create a netif.eth0
symlink to netif.tmpl
as follows:
root # cd /etc/init.d root # ln -s netif.tmpl netif.eth0
Then, you would create an /etc/conf.d/netif.eth0
configuration file that would specify which template to use from the /etc/netif.d
directory:
/etc/conf.d/netif.eth0
(bash source code) template="interface"
ipaddr="10.0.1.200/24"
gateway="10.0.1.1"
nameservers="10.0.1.1 10.0.1.2"
domain="funtoo.org"
To complete our static IP network configuration we would need to:
root # rc-update add netif.eth0 default
When configuring your own static network interface, one of ipaddr
or ipaddrs
is required and should specify the IP address(es) to configure for this interface, in "a.b.c.d/netmask" format. Optional parameters include gateway
, which defines a default gateway for your entire network, and if set should specify the gateway's IP address. In addition, domain
and nameservers
(space-separated if more than one) can be used to specify DNS information for this interface.
When creating symlinks for devices such as eth0
, the symlink filename must follow the format netif.eth0
. If the service is named any other way, such as net.eth0
, it will not start. Config filenames must of course follow the same format.
Configuration Variables
Interface Variables
The ipaddr
and ipaddrs
variables are supported by the interface
and bridge
templates, and are used to specify a single or multiple IPv4 or IPv6 address(es) for the interface. IP addresses should be specified in 'IP/netmask' format, such as 10.0.0.1/24
. Multiple IP addresses can be specified delimited by whitespace:
ipaddrs="10.0.0.1/24 10.0.0.2/24"
Broadcast Address
By default, a broadcast address will be calculated based on the IP address and network mask. If you need to manually specify a broadcast address, use the following format for your IP address:
ipaddrs="10.0.0.1/24;broadcast=10.0.1.255 10.0.0.2/24"
Not Specifying An Address
Note that in some cases, you may choose to not specify ipaddr or ipaddrs for a bridge template. That is allowed. If you don't want to specify an IP address for a regular interface, you can choose to use the interface template without an IP address specified in the config, or use the interface-noip template instead, for the sake of clarity.
Viewing All Configured IP Addresses
Also note that if you specify multiple IPv4 addresses, ifconfig will only show the first IP address. To view all IP addresses associated with the interface, use the ip addr show command.
General Variables
The following variables are enabled by default for all network scripts, and if specified will trigger a corresponding configuration action:
- nameservers
- Set DNS nameservers using OpenResolv. Specify multiple IPv4 or IPv6 nameservers like this: "1.2.3.4 1.2.3.5 1.2.3.6". Please note that OpenResolv treats 127.0.0.1 specially, and it indicates that you are running a local name resolver like dnsmasq or bind. OpenResolv will ignore all other name servers specified alongside 127.0.0.1. See man resolvconf and man resolvconf.conf for additional setup information.
- search
- Set DNS search information using OpenResolv.
- domain
- Set DNS domain using OpenResolv.
- gateway
- Define a default IPv4 gateway on this interface.
- gateway6
- Define a default IPv6 gateway on this interface.
- route
- Specify a semi-colon delimited list of IPv4 routes to apply when this interface is brought up. Will be appended to ip -4 route add.
- route6
- Specify a semi-colon delimited list of IPv6 routes to apply when this interface is brought up. Will be appended to ip -6 route add.
- mtu
- Set Maximum Transmit Unit for the interface
- mac_replace
- Replace existing MAC address with MAC address specified in this variable.
VLAN Variables
VLAN support is enabled by default for all network configuration scripts. If a network script has a name in the format netif.ethX.Y
, then it is assumed to be a VLAN interface referencing trunk ethX and VLAN ID Y. If you desire a custom name for your VLAN interface, you can name your interface whatever you'd like and specify the following variables in your interface config:
- trunk
- VLAN trunk interface, e.g. "netif.eth0"
- vlan
- VLAN id, e.g. "32"
Bridge / Tap Variables
The following variables for configuring a functional bridge interface with optional tap interfaces:
- slaves
- Set slave interfaces of this interface (for bridges, etc.) All slaves will automatically be depended upon, and will also automatically have their mtu set to that of the current interface, if an mtu is specified for the current interface. This setting is required for the bond template and optional for the bridge template.
- stp
- Enables Spanning Tree Protocol on a bridge interface like this "stp=on"
- forwarding
- Enables forwarding on a bridge interface by calling sysctl; as this interface does not exist when sysctl is called by init, we do it here. If this is disabled, your bridge will not forward traffic back out onto the network. useage: "forwarding=1"
OpenResolv and resolv.conf
OpenResolv will be used to set DNS information provided by the nameservers, domain and search variables when an interface is brought up. The OpenResolv framework will add entries to /etc/resolv.conf, and will also handle removing these entries when the interface is brought down. This way, /etc/resolv.conf should always contain current information and should not need to be manually edited by the system administrator. dhcpcd will use OpenResolv for updating system DNS information as well.
Multiple Network Configurations
For information on how to have multiple, independent network configurations, please see Stacked Runlevels.
Alternate Configs
If you need to run the same service with different configuration parameters depending upon runlevel, then you'll be happy to know that you can specify runlevel-specific conf.d files by appending a . <runlevel> suffix. In this particular example, we could imagine a situation where we had two child runlevels named home and work:
/etc/conf.d/netif.eth0.home /etc/conf.d/netif.eth0.work
Note that this feature works for all init scripts, not just network configuration scripts.
Interface Renaming
Funtoo network scripts now support interface renaming, so you can create an interface called lan if you would like. To do this, simply specify the MAC address of the interface you would like to rename using the macaddr variable:
macaddr="00:15:17:19:b6:a3"
If this MAC address is part of the netif.lan configuration file, then when this interface starts, whatever interface currently has the MAC address of 00:15:17:19:b6:a3 (i.e. eth5) will be renamed to lan prior to the interface being brought up, and will show up in ifconfig and ip commands as being an interface named lan. It is possible to combine this with the mac_replace variable to set a new MAC address, if desired.
Basic VLAN Configuration
The standard interface template supports VLANs. To use VLAN support, first ensure that your kernel was compiled with VLAN support (the module name is 8021q) :
root # grep CONFIG_VLAN /usr/src/linux/.config CONFIG_VLAN_8021Q=m CONFIG_VLAN_8021Q_GVRP=y
Then, configure the trunk interface using the interface-noip template. Assuming eth1 is trunked, you would create the file /etc/conf.d/netif.eth1 with the following contents:
template="interface-noip"
Then, create a network interface symlink for the trunk and add it to your default runlevel:
root # cd /etc/init.d root # ln -s netif.tmpl netif.eth1 root # rc-update add netif.eth1 default
Now, assuming you wanted to configure a VLAN of 32, you would create a config file named /etc/conf.d/netif.eth1.32 that looks something like this:
template="interface" ipaddr="1.2.3.4/24" gateway="1.2.3.1"# etc...
Then, create a VLAN network interface symlink and add it to your default runlevel:
root # cd /etc/init.d root # ln -s netif.tmpl netif.eth1.32 root # rc-update add netif.eth1.32 default
The Funtoo network configuration scripts will automatically recognize the filename netif.eth1.32
as being VLAN 32 of trunk interface netif.eth1
.
When the VLAN interface is brought up, it will be named eth1.32.
Custom VLAN Names
However, sometimes you may want to turn off automatic file-based VLAN naming and give your VLAN interface a custom name, such as mgmt. To do this, you would set up the trunk interface in the exact same way as described above, but instead of creating a netif.eth1.32 interface, you would create a netif.mgmt interface, and specify vlan and trunk in the /etc/conf.d/netif.mgmt config file, as follows:
template="interface" vlan="32" trunk="netif.eth1" ipaddr="1.2.3.4/24" gateway="1.2.3.1" # etc...
When you specify trunk and vlan in the interface config file, filename-based auto-detecting of VLAN ID and trunk is disabled. Both trunk and vlan must be specified -- you can't specify just one.
Then you would simply create a VLAN network interface symlink for netif.mgmt:
root # cd /etc/init.d root # ln -s netif.tmpl netif.mgmt root # rc-update add netif.mgmt default</console> When the VLAN interface is brought up, it will be named <code>netif.mgmt</code>.
Bonding Configuration
Bonding allows you to aggregate multiple network interfaces into a single logical network interface, allowing for benefits in throughput as well as resiliency in the case that an individual interface may go down. This example shows how you would create a bonding interface (mybond) with a simple static ip setup, containing two slave devices (eth0 and eth1).
First, ensure that your kernel is configured to support bonding (the module name is bonding) :
user $ grep CONFIG_BONDING /usr/src/linux/.config CONFIG_BONDING=m
You'l want to ensure that CONFIG_BONDING is set to "m" or "y". You can find this kernel configuration option tucked under "Device Drivers" -> "Network Device Support" -> "Bonding driver support". Be sure that ifenslave is emerged (this package included in Funtoo stage3):
root # emerge ifenslave
Once bonding is enabled in the kernel, you will need to choose at least two devices to bond together. These will be set up as "slave" interfaces with no IP address.
root # cd /etc/init.d/ root # ln -s netif.tmpl netif.eth0 root # ln -s netif.tmpl netif.eth1
Then, configure the slave interfaces by creating /etc/conf.d/netif.eth0 and /etc/conf.d/netif.eth1 with the following contents:
template="interface-noip"
Now, we will create the bond interface and make netif.eth0 and netif.eth1 slaves of this interface. Note that our bond interface can have any name. To demonstrate this, we will give it the name of "mybond" below:
root # ln -s netif.tmpl netif.bond0 root # rc-update add netif.bond0 default
Now we can configure "bond0" using its configuration file /etc/conf.d/netif.bond0, just as we would a regular interface, except that we specify slaves:
template="bond" ipaddr="10.0.1.200/24" gateway="10.0.1.1" nameservers="10.0.1.1 10.0.1.2" domain="funtoo.org" slaves="netif.eth0 netif.eth1"
In a bonded configuration, it is common to set the MTU to the maximum possible value supported by hardware to maximize throughput. In order to do this, simply set the MTU option in /etc/conf.d/netif.bond0 to the maximum value supported by your hardware. The network scripts will ensure that this MTU setting is applied to all slave interfaces:
mtu=9000
Using jumbo frames (MTU of 9000 and above) can slightly improve network performance, but should only be used on an isolated, task-specific network dedicated to certain types of bandwidth-intensive traffic, such as storage. Many common Internet devices do not support jumbo frames, and if large Ethernet frames reach endpoint devices such as routers and modems that communicate on the Internet, the larger TCP/IP packets will need to be fragmented into smaller packets, increasing router/modem CPU utilization and negatively impacting performance. Many routers will simply drop TCP/IP packets if they are larger than the MTU they support (typically ~1500). If you are using jumbo frames, be sure to inspect all ingress/egress devices for CPU utilization as well as dropped Ethernet frames over a reasonable time period to ensure no L2 network issues have been unintentionally introduced.
By default, bonding will be active in 'round-robin' mode:
root # cat /proc/net/bonding/bond0 | grep ^Bonding Bonding Mode: load balancing (round-robin)
To enable 802.3ad LACP bonding, you will need a managed switch that supports this standard. First, connect to the switch management interface to enable LACP on the appropriate
ports. Then, manually create a /etc/modprobe.d/bonding.conf
file with the following contents, and reboot:
/etc/modprobe.d/bonding.conf
options bond0 miimon=100 mode=4 lacp_rate=1
Once rebooted, or doing an rmmod bonding; modprobe bonding
, you should then see the interfaces in Bonding Mode:
root # cat /proc/net/bonding/bond0 | grep ^Bonding Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Run dmesg -Hw
and look for any bonding-related errors such as this:
root # dmesg -Hw [ +0.839996] bond0: (slave eth1): An illegal loopback occurred on slave Check the configuration to verify that all adapters are connected to 802.3ad compliant switch ports
These messages will display continually if you misconfigured your switch or you are using the wrong switch ports, and indicate that you are missing LACP support on your switch or that your switch configuration needs attention.
Once your bond is set up, it is possible to set up VLANs by using netif.bond0.3500
, etc. following the VLAN setup instructions in this document.
Bridge Configuration
When hosting virtual machines, it can be convenient to use a bridge setup. This example shows how you would create a bridge (br0) with a simple static ip setup, containing two slave devices (eth0, tap0).
First, ensure that your kernel is configured to support bridging (the module name is bridge) :
user $ grep CONFIG_BRIDGE /usr/src/linux/.config CONFIG_BRIDGE=m CONFIG_BRIDGE_IGMP_SNOOPING=y
Second, make sure you have the required software installed:
root # emerge -av bridge-utils usermode-utilities
Then, create the necessary symlinks for the interfaces and add them to your default runlevel :
root # cd /etc/init.d/ root # ln -s netif.tmpl netif.eth0 root # ln -s netif.tmpl netif.br0 root # ln -s netif.tmpl netif.tap0 root # rc-update add netif.br0 default root # rc-update add netif.tap0 default
Then, configure the slave interface /etc/conf.d/netif.eth0 :
template="interface-noip"
Then, configure the slave interface /etc/conf.d/netif.tap0 - note you only require group OR user, not both :
template="tap" group="kvm" user="kvm" mac_replace="10:20:30:40:50:66"
... and the bridge interface /etc/conf.d/netif.br0 :
template="bridge" ipaddr="10.0.1.200/24" gateway="10.0.1.1" nameservers="10.0.1.1 10.0.1.2" domain="funtoo.org" slaves="netif.eth0 netif.tap0" stp="on" forwarding=1
If you are using dhcpcd, you should ensure that it does not attempt to configure eth0 or br0 by adding the following to /etc/dhcpcd.conf :
# don't attempt to pull an ip address for br0 or its slave device denyinterfaces eth0 br0
SR-IOV Device Configuration
NOTE: This is experimental, and still being rolled out.
Funtoo supports SR-IOV hardware NIC virtualization, if your hardware does. The physical device creates "virtual functions" which appear to be additional PCI network interface devices, and can be individually assigned to virtual machines, allowing near-native performance. This obviates the need for veth pairs, virtio+tap pairs, and software bridges.
There are two steps:
Create Virtual Devices
Before virtual functions can be used, the hardware has to be told to create them. Behind the scenes, this is done by the NIC driver, and configured through /sys.
Assuming that the device eth2 supports SR-IOV virtual functions, enable them using the numvfs parameter, as follows:
# in /etc/conf.d/netif.eth2 template="interface-noip" numvfs=15
It is not necessary to use "interface-noip", the physical function works normally, independently of any virtual functions. If you specify a number of virtual functions beyond what the hardware supports, it will be clamped to the value that the hardware supports. If you specify zero "0", then the maximum available number of virtual functions will be enabled.
Configure Virtual Devices
The virtual functions created above show up as "ethNN" devices, IF the host kernel has the appropriate VF driver loaded. If it isn't loaded, then the virtual functions show up as unused PCI devices.
Even without a driver, their MAC can (and should) be configured by the bare-metal host, and their VLAN can be set if desired. To do so, create an /etc/conf.d/netif.foobar file, where foobar is any arbitrary name that you like, containing the following:
# /etc/conf.d/netif.foobar template="interface-noip" virtfn=1 trunk=netif.eth2 vlan=123
virtfn= is the index of the virtual function, between 0 and the numvfs number given above. Be sure to only use a given virtfn once per device.
trunk= refers to the underlying physical device, and is required.
vlan= is optional. If given, the hardware will tag and untag the packets automatically, and will prevent the guest system from altering it.
If mac_replace is not specified, a static MAC will be generated based on the physical device's own MAC.
Also: passing through to QEMU VMs
If you want to use the virtual function from inside a QEMU VM, you'll pass it through as a raw PCI device. If the virtual function driver is loaded in the host kernel, you'll want to unbind it from individual devices. Doing so is beyond the scope of this document, and not supported automatically at this time: the easy-button is to load the VF driver and use the virtual function in LXC's or natively on the host, e.g. to accelerate VLANs, or to not load the VF driver and use all of the virtual functions in VMs.
More Complex Network Configuration
If the standard templates don't work for your needs, simply create a new template -- I recommend starting from the interface template for most things:
root # cd /etc/netif.d root # cp interface custom
You can now call whatever commands you need to /etc/netif.d/custom. The following shell functions can be defined in a network script:
netif_create
In netif_create, you should call any commands to create the interface if it does not yet exist.
netif_depend
In netif_depend, you can define dependencies, using the functions need and use.
netif_pre_up
In netif_pre_up, you can define network configuration actions to perform prior to bringing the interface up. You can also ensure certain variables are specified by calling require var1 [var2...] here.
netif_post_up
In netif_post_up, you can define network configuration actions to perform after bringing the interface up.
netif_pre_down
In netif_pre_down, you can define network configuration actions to perform prior to bringing the interface down.
netif_post_down
In netif_post_down, you can define network configuration actions to perform after bringing the interface down.
netif_destroy
In netif_destroy, you can call any commands necessary to destroy/delete the interface if it is dynamic in nature (tun/tap, etc.)
How It Works
You do not specify a function for actually bringing up the interface, because the template-based system does this for you. The template-based system also performs all normal actions required to bring an interface down, so you only need to specify atypical actions that must be performed - such as removing child interfaces or destroying a bridge using brctl.
When you create your own network configuration template, the following capabilities are available for use automatically, as long as the appropriate variables are set in the /etc/conf.d/netif.<ifname> file, without requiring any explicit steps on your part:
- DNS configuration using domain and nameservers config settings. OpenResolv is used automatically.
- VLAN configuration using auto-naming (netif.ethX.Y) or via custom naming with trunk and vlan config settings.
- Default IPv4 gateway and route configuration using the gateway and route settings.
- Default IPv6 gateway and route configuration using the gateway6 and route6 settings.
- MTU configuration using the mtu setting.
- Auto-depend (and auto-MTU configuration) of slave interfaces specified using slaves setting.
- Renaming of existing network interface (specify MAC address using macaddr setting).
To take advantage of this functionality, simply enable the appropriate variables.
All other necessary network configuration and dependency behavior should be defined using the netif_-prefix functions described above.
Wireless Configuration
The recommended approach for setting up Wi-Fi under Funtoo Linux is to use NetworkManager. Steps are provided in the Wi-Fi section of the Funtoo Linux Installation Guide.
Other Network Configurations
If you have a network configuration template that might be useful to others, please post it to the bugtracker so we can review it and possibly incorporate it into Funtoo.
License
Funtoo Linux networking scripts are released under the following license: