Lab 5: Networking Essentials¶

Objectives¶

After completing this lab, you will be able to:

Create virtual network devices
Manage network devices and settings on a Linux system using the iproute2 (ip) toolkit
Manage network devices and settings on a Linux system using NetworkManager (nmcli) toolkit
Troubleshoot common network issues

Estimated time to complete this lab: 60 minutes

Overview¶

This Networking Essentials lab covers various network configuration and troubleshooting exercises on a Linux server. You will be better equipped to manage and troubleshoot network settings using common networking utilities readily available on Linux based systems.

Exercise 1¶

Change Hostname¶

There are many methods for identifying or referring to computers. Some of these methods guarantee uniqueness [ especially on a network], and others don't. A computer hostname can be regarded as a human-friendly name. Computer hostnames should ideally be unique depending on how they are managed and assigned. But because anyone with the Administrative privileges on a system can unilaterally assign whatever hostname they want to the system - uniqueness is not always guaranteed.

This first exercise walks through some common tools for managing the computer hostname.

To change the system's hostname¶

While logged into your system, view the current hostname, using the popular hostname utility. Type:
```
hostname
```
Run the hostname utility again with a different option to view the server's FQDN:
```
hostname --fqdn
```
Question

What does FQDN stand for? And why is the result of your server plain server hostname different from its FQDN?
Use the hostnamectl utility to view the current hostnames. Type:
```
hostnamectl
```

That's a lot of extra information!

Add the --static option to the hostnamectl command to view the static hostname for your server. Type:
```
hostnamectl --static
```
Add the --transient option to the hostnamectl command to view the transient hostname for your server.
Now try the --pretty option to the hostnamectl command to view the pretty hostname for your server.

Set a new transient hostname for your server. Type:

hostnamectl --transient set-hostname my-temp-server1

Verify the transient hostname change. Type:
```
hostnamectl --transient
```

Set a new static hostname for your server. Type:

hostnamectl set-hostname my-static-hostname1

Verify the static hostname change.

Question

Consult the man page for hostnamectl. What are the differences between pretty, transient and static hostnames?

Exercise 2¶

The first critical step you need to complete before going on to the other exercises in this network lab will be creating a special virtual network interface known as a MACVTAP device.

MACVTAP devices are virtual devices that combine the properties of a softwarei-only interface known as a TAP device as well as the properties of the MACVLAN driver.

Creating and working with these MACVTAP devices will allow you to safely test, change, and configure various network configuration-related tasks. These virtual network interfaces will be used in various exercises without disrupting the existing network configuration.

Tip

TAP devices provide a software-only interface that user-space applications can easily access. TAP devices send and receive raw Ethernet frames. MACVLAN is used for creating virtual network interfaces that attach to physical network interfaces. The MACVTAP devices have their own unique MAC address distinct from the MAC address of the underlying physical network card they are associated with.

Create MACVTAP Interfaces¶

This exercise starts with creating needed MACVTAP virtual network interfaces. This will allow you to safely test, change, and configure various network configuration related tasks. These virtual network interfaces will be used in various exercises without disrupting the existing network configuration.

To list all network interfaces on the system¶

Ensure you are logged into the server.
Use the ip program to view the existing network interfaces on your system. Type:
```
ip link show
```
Try using the nmcli command to list all the network devices. Type:
```
 nmcli -f DEVICE device
```
Query the low-level /sys virtual file-system to enumerate ALL network interfaces available on your server manually. Type:
```
 ls -l /sys/class/net/ | grep -v 'total' | awk '{print $9}'
```

To create `macvtap` interfaces¶

Ensure you are logged into the system as a user with Administrative privileges.
You need query for and identify the proper network device types that are available on your server to be able to associate with macvtap device. Type:
```
 ls -l /sys/class/net/ | grep -v 'virtual\|total' | tail -n 1 | awk '{print $9}'

 eno2
```
The output on the sample demo system shows one suitable interface named eno2.
Run the command to identify the device again but this time store the returned value in a variable named $DEVICE1. Double check the value of $DEVICE1 using echo. Type the following 2 separate commands to accomplish this:
```
# DEVICE1=$(ls -l /sys/class/net/ | grep -v 'virtual\|total' | tail -n 1 | awk '{print $9}')

# echo $DEVICE1
```
Now, create a MACVTAP interface named - macvtap1. The new interface will be associated with $DEVICE1. Type:
```
ip link add link $DEVICE1 name macvtap1 type macvtap mode bridge
```
Verify the creation of macvtap1 interface. Type:
```
ip --brief link show macvtap1
```
Note the DOWN state of the macvtap interface in the output.
View detailed information about all the MACVTAP-type network devices on the system. Type:
```
ip --detail link show type macvtap
```
Run a command to view all the network interfaces on the server and compare the output to the output of the similar command in the earlier section "To list all network interfaces on the system".

Enable/Disable Network Interface¶

To enable or disable a network interface¶

Check the status of the macvtap1 network interface. Type:
```
ip link show macvtap1
```
Enable the macvtap1 network interface (if it's currently disabled). Run:
```
ip link set macvtap1 up
```
Verify the status changes by running:
```
ip -br  link show macvtap1
```
Tip

If you ever need to disable a network interface, the syntax for ip command to do this is ip link set <IFNAME> down. For example to disable a network interface named macvtap7, you would run:
```
ip link set macvtap7 down
```

Now that you have set up the macvtap interfaces, you safely perform the various network configuration and troubleshooting tasks in the remaining exercises.

Exercise 3¶

Assign IP Addresses¶

To set an IP addresses on a network interface¶

View the IP addresses for all network interfaces on your server. Type:
```
ip address show   
```

Assign the IP address - 172.16.99.100 - to macvtap1. Type

ip address add 172.16.99.100/24 dev macvtap1

Verify the IP address assignment for macvtap1
```
ip address show macvtap1
```
Use the nmcli command to view the IPv4 addresses for all interfaces on your system. Type:
```
nmcli --get-values IP4.ADDRESS,GENERAL.DEVICE  device show  
```

Exercise 4¶

Configure IPv6 Addresses¶

To assign IPv6 addresses to `macvtap` interfaces¶

Starting with macvtap1, assign the 2001:db8::1/64 IPv6 address to macvtap1 by running:
```
 ip -6 address add 2001:db8::1/64 dev macvtap1
```
Next for macvtap1 assign the 2001:db8::2/64 IPv6 address by running:
```
# ip -6 address add 2001:db8::2/64 dev macvtap1
```

Verify the IPv6 address assignments, type:

ip --brief -6 address show macvtap1 && ip -br -6 address show macvtap1

Use nmcli to view the IPv6 addresses for all interfaces on your system. Type:
```
nmcli --get-values  IP6.ADDRESS,GENERAL.DEVICE  device show  
```

Exercise 5¶

Routing management¶

To view the system's routing table¶

Display the current routing table for the system. Type:

ip route show
default via 192.168.2.1 dev enp1s0 proto dhcp src 192.168.2.121 metric 100
10.99.99.0/24 dev tunA proto kernel scope link src 10.99.99.1 metric 450 linkdown
192.168.2.0/24 dev enp1s0 proto kernel scope link src 192.168.2.121 metric 100

Using one of the networks displayed in the leftmost column of the previous command's output as the argument, display the route table entry for that network. For example to show the kernel route table entry for the 10.99.99.0/24 network, type:
```
ip route show 10.99.99.0/24
```
Query the system to see the route that will be used to get to an example arbitrary destination. For example to view the routing details for getting to the destination IP address 8.8.8.8, type:
```
ip route get 8.8.8.8

8.8.8.8 via 192.168.2.1 dev enp1s0 src 192.168.2.121 uid 0
cache
```
Here is a breakdown of the output in plain-speak:
- Destination IP Address: 8.8.8.8 is the IP address that we are trying to reach
- Via: 192.168.2.1 is the next hop IP address that the packet will be sent to reach the destination
- Device: enp1s0 is the network interface that will be used to send the packet
- Source IP Address: 192.168.2.121 is the IP address of the network interface that will be used as the source address for the packet
- UID: 0 is the user ID of the process that initiated this command
- Cache: This field indicates whether this route is cached in the kernel’s routing table

Now view how the system will route a packet from one IP to another destination IP address. Type:

ip route get from 192.168.1.1 to 192.168.1.2

local 192.168.1.2 from 192.168.1.1 dev lo uid 0
cache <local>

Set Default Gateway¶

To configure a default gateway for the system¶

Use ip to query for and list the current default gateway on your system. Type:
```
 ip route show default
```
Set a default gateway via the macvtap1 interface. Type:
```
ip route add default via 192.168.1.1
```
Verify the new default gateway configuration
```
ip route show default
```

Add Static Route¶

To add a static route to the routing table¶

Add a demo static route for a bogus 172.16.0.0/16 network via 192.168.1.2. Type:
```
ip route add 172.16.0.0/16 via 192.168.1.2
```
Verify the addition of the static route by running:
```
ip route show 172.16.0.0/16
```

Delete Static Route¶

To Remove a static route from the routing table¶

Delete the static route for 10.0.0.0/24

ip route del 10.0.0.0/24 via 192.168.1.2

Verify the removal of the static route
```
ip route show
```

Exercise 6¶

Deleting IP addresses¶

This exercise walks through how to delete configured IP (IPv4 and IPv6) addresses on network interfaces.

Delete IPv4 Address¶

To remove an assigned IP address from a network interface¶

Delete the IP address on macvtap1. Type:

ip address del 172.16.99.100/24 dev macvtap1

Verify the removal of the IP address by running:
```
ip address show macvtap1
```

Delete IPv6 Address¶

To remove an assigned IPv6 address from a network interface¶

Delete the IPv6 address on macvtap1 with this command:

ip -6 address del 2001:db8::1/64 dev macvtap1

Verify the removal of the IPv6 address with:
```
ip -6 address show macvtap1
```

Exercise 7¶

Configure Network Interfaces via `nmcli`¶

This exercise shows how to configure network interfaces using the NetworkManager tooling.

Note

By default, any network configuration changes done using nmcli (NetworkManager) will persist between system reboots. This is in contrast to the configuration changes that are done with the ip utility.

To create a `macvtap` interface using `nmcli`¶

Start by listing all available network devices by running:
```
nmcli device
```
Next, identify an underlying network device with which to associate the new MACVTAP interface. Save the value of the identified device in the variable $DEVICE2. Type:
```
DEVICE2=$(ls -l /sys/class/net/ | grep -v 'virtual\|total' | tail -n 1 | awk '{print $9}')
```
Now, create a new NetworkManager connection called macvtap2 and an associated MACVTAP interface named - macvtap2. The new interface will be associated with $DEVICE2. Type:
```
nmcli con add con-name macvtap2 type macvlan mode bridge tap yes dev $DEVICE2 ifname macvtap2
```
Use nmcli to verify the creation of macvtap2 interface. Type:
```
nmcli device show macvtap2
```
Use nmcli to verify the creation of macvtap2 connection. Type:
```
nmcli connection show macvtap2
```
Similarly use ip to verify the creation of macvtap2 interface. Type:
```
ip --brief link show macvtap2
```
Note the output's UP state of the macvtap interface.

Question

What is the difference between the concept of a connection and that of a device in NetworkManager?

To modify interface network configuration with `nmcli`¶

Start by querying for the IPv4 address for the new macvtap2 interface by running:
```
nmcli -f ipv4.addresses con show macvtap2
```
The value of the ipv4.addresses property should be empty.
Configure the macvtap2 connection with these settings:
- IPv4 Method = manual
- IPv4 Addresses = 172.16.99.200/24
- Gateway = 172.16.99.1
- DNS Servers = 8.8.8.8 and 8.8.4.4
- DNS Search domain = example.com
Type:
```
nmcli connection modify macvtap2  ipv4.method manual \
ipv4.addresses 172.16.99.200/24 ipv4.gateway 172.16.99.1 \
ipv4.dns 8.8.8.8,8.8.4.4 ipv4.dns-search example.com
```

Verify the new IPv4 address setting by running:

nmcli -f ipv4.addresses con show macvtap2

Run a slightly different variation of the previous command to include the runtime configuration of the given settings. Type:
```
nmcli -f ipv4.addresses,IP4.ADDRESS con show macvtap2
```
Question

What is the difference between these NetworkManager properties - ipv4.addresses and IP4.ADDRESS?
Check the changes to the network connection using the ip command. Type:
```
ip -br address show  dev macvtap2
```

To properly apply the new settings and make them the new runtime values, use nmcli to first toggle the connection down (i.e. deactivate it). Type:

nmcli connection down macvtap2

Connection macvtap2 successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)

Now activate the new connection to apply the new settings. Type:

nmcli connection up macvtap2

Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)

View the final setting using the ip utility. Type:
```
ip -br address show  dev macvtap2
```

Exercise 8¶

Configure DNS Servers¶

To set DNS server addresses for the system¶

Configure DNS servers for macvtap1

nmcli con mod macvtap1 ipv4.dns 8.8.8.8, 8.8.4.4

Verify the DNS server configuration
```
nmcli con show macvtap1 | grep DNS
```

Exercise 9¶

Troubleshoot network issues¶

To Identify and troubleshoot common network issues¶

Check the status of network interfaces
```
ip link show
```
Test network connectivity to a remote host (e.g., google.com)
```
ping google.com
```
Try pinging the local gateway. Type:
```
ping _gateway
```
Question

Through what mechanism is your system able to correctly resolve the name _gateway to the proper IP address for your locally configured default gateway?

View Active Connections¶

To List all active network connections¶

List all active network connections
```
ss -tuln
```

Monitor Network Traffic¶

To monitor network traffic in real-time¶

Capture network traffic on a specific interface (e.g., macvtap1)
```
tcpdump -i macvtap1
```
Analyze captured packets and observe network activity. You can stop the packet capture when done by pressing Ctrl+C

View Network Logs¶

View network-related logs
```
journalctl -u NetworkManager
```

Author: Wale Soyinka

Contributors: Steven Spencer, Ganna Zhyrnova