RH124 - ch11s03

Bookmark this page

Validate Network Configuration

Objectives

Test and inspect the current network configuration with command-line utilities.

Gather Network Interface Information

The ip link command lists all available network interfaces on your system. In the following example, the server has three network interfaces: lo, which is the loopback device that is connected to the server itself, and two Ethernet interfaces, ens3 and ens4.

[user@host ~]$ ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 52:54:00:00:00:0a brd ff:ff:ff:ff:ff:ff
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 52:54:00:00:00:1e brd ff:ff:ff:ff:ff:ff

To configure a network interface correctly, you must know which interface is connected to which network. Often, you can obtain the MAC address of the interface that is connected to each network, either because it is physically printed on the card or server, or because it is a virtual machine and you know how it is configured. The MAC address of the device is listed after link/ether for each interface. So you know that the network card with the MAC address 52:54:00:00:00:0a is the network interface ens3.

Display IP Addresses

Use the ip command to view device and address information. A single network interface can have multiple IPv4 or IPv6 addresses.

[user@host ~]$ ip addr show ens3
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:00:00:0b brd ff:ff:ff:ff:ff:ff
    inet 192.0.2.2/24 brd 192.0.2.255 scope global ens3
       valid_lft forever preferred_lft forever
    inet6 2001:db8:0:1:5054:ff:fe00:b/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe00:b/64 scope link
       valid_lft forever preferred_lft forever

	An active interface is `UP`.
	The `link/ether` string specifies the hardware (MAC) address of the device.
	The `inet` string shows an IPv4 address, its network prefix length, and scope.
	The `inet6` string shows an IPv6 address, its network prefix length, and scope. This address is of global scope and is normally used.
	This `inet6` string shows that the interface has an IPv6 address of link scope that can be used only for communication on the local Ethernet link.

Display Performance Statistics

The ip command can also show statistics about network performance. Counters for each network interface can identify the presence of network issues. The counters record statistics, such as for the number of received (RX) and transmitted (TX) packets, packet errors, and dropped packets.

[user@host ~]$ ip -s link show ens3
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:00:00:0a brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast
    269850     2931     0       0       0       0
    TX: bytes  packets  errors  dropped carrier collsns
    300556     3250     0       0       0       0

Verify Connectivity Between Hosts

The ping command tests connectivity. The command continues to run until Ctrl+c is pressed, unless options are given to limit the number of sent packets.

[user@host ~]$ ping -c3 192.0.2.254
PING 192.0.2.1 (192.0.2.254) 56(84) bytes of data.
64 bytes from 192.0.2.254: icmp_seq=1 ttl=64 time=4.33 ms
64 bytes from 192.0.2.254: icmp_seq=2 ttl=64 time=3.48 ms
64 bytes from 192.0.2.254: icmp_seq=3 ttl=64 time=6.83 ms

--- 192.0.2.254 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 3.485/4.885/6.837/1.424 ms

The ping6 command is the IPv6 version of the ping command in Red Hat Enterprise Linux. The difference between these commands is that the ping6 command communicates over IPv6 and takes IPv6 addresses.

[user@host ~]$ ping6 2001:db8:0:1::1
PING 2001:db8:0:1::1(2001:db8:0:1::1) 56 data bytes
64 bytes from 2001:db8:0:1::1: icmp_seq=1 ttl=64 time=18.4 ms
64 bytes from 2001:db8:0:1::1: icmp_seq=2 ttl=64 time=0.178 ms
64 bytes from 2001:db8:0:1::1: icmp_seq=3 ttl=64 time=0.180 ms
^C
--- 2001:db8:0:1::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.178/6.272/18.458/8.616 ms
[user@host ~]$

When you ping the link-local addresses and the link-local all-nodes multicast group (ff02::1), the network interface to use must be specified explicitly with a scope zone identifier (such as ff02::1%ens3). If this network interface is omitted, then the connect: Invalid argument error is displayed.

You can use the ping6 ff02::1 command to find other IPv6 nodes on the local network.

[user@host ~]$ ping6 ff02::1%ens4
PING ff02::1%ens4(ff02::1) 56 data bytes
64 bytes from fe80::78cf:7fff:fed2:f97b: icmp_seq=1 ttl=64 time=22.7 ms
64 bytes from fe80::f482:dbff:fe25:6a9f: icmp_seq=1 ttl=64 time=30.1 ms (DUP!)
64 bytes from fe80::78cf:7fff:fed2:f97b: icmp_seq=2 ttl=64 time=0.183 ms
64 bytes from fe80::f482:dbff:fe25:6a9f: icmp_seq=2 ttl=64 time=0.231 ms (DUP!)
^C
--- ff02::1%ens4 ping statistics ---
2 packets transmitted, 2 received, +2 duplicates, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.183/13.320/30.158/13.374 ms
[user@host ~]$
[user@host ~]$ ping6 -c 1 fe80::f482:dbff:fe25:6a9f%ens4
PING fe80::f482:dbff:fe25:6a9f%ens4(fe80::f482:dbff:fe25:6a9f) 56 data bytes
64 bytes from fe80::f482:dbff:fe25:6a9f: icmp_seq=1 ttl=64 time=22.9 ms

--- fe80::f482:dbff:fe25:6a9f%ens4 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 22.903/22.903/22.903/0.000 ms

Other hosts on the same link can use IPv6 link-local addresses, like normal addresses.

[user@host ~]$ ssh fe80::f482:dbff:fe25:6a9f%ens4
user@fe80::f482:dbff:fe25:6a9f%ens4's password:
Last login: Thu Jun  5 15:20:10 2014 from host.example.com
[user@server ~]$

Troubleshoot Router Issues

Network routing is complex, and sometimes traffic does not behave as you might expect. You can use different tools to diagnose router issues.

Describe the Routing Table

Use the ip command route option to show routing information.

[user@host ~]$ ip route
default via 192.0.2.254 dev ens3 proto static metric 1024
192.0.2.0/24 dev ens3 proto kernel scope link src 192.0.2.2
10.0.0.0/8 dev ens4 proto kernel scope link src 10.0.0.11

All packets that are destined for the 10.0.0.0/8 network are sent directly to the destination through the ens4 device. All packets that are destined for the 192.0.2.0/24 network are sent directly to the destination through the ens3 device. All other packets are sent to the default router at 192.0.2.254, and also through device ens3.

Use the ip command -6 option to show the IPv6 routing table.

[user@host ~]$ ip -6 route
unreachable ::/96 dev lo  metric 1024  error -101
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  error -101
2001:db8:0:1::/64 dev ens3  proto kernel  metric 256
unreachable 2002:a00::/24 dev lo  metric 1024  error -101
unreachable 2002:7f00::/24 dev lo  metric 1024  error -101
unreachable 2002:a9fe::/32 dev lo  metric 1024  error -101
unreachable 2002:ac10::/28 dev lo  metric 1024  error -101
unreachable 2002:c0a8::/32 dev lo  metric 1024  error -101
unreachable 2002:e000::/19 dev lo  metric 1024  error -101
unreachable 3ffe:ffff::/32 dev lo  metric 1024  error -101
fe80::/64 dev ens3  proto kernel  metric 256
default via 2001:db8:0:1::ffff dev ens3  proto static  metric 1024

The 2001:db8:0:1::/64 network uses the ens3 interface (which presumably has an address on that network).
The fe80::/64 network uses the ens3 interface, for the link-local address. On a system with multiple interfaces, a route to the fe80::/64 network exists in each interface for each link-local address.
The default route to all networks on the IPv6 Internet (the ::/0 network) uses the router at the 2001:db8:0:1::ffff network and it is reachable with the ens3 device.

Trace Traffic Routes

To trace the network traffic path to reach a remote host through multiple routers, use either the traceroute or the tracepath command. These commands can identify issues with one of your routers or an intermediate router. Both commands use UDP packets to trace a path by default; however, many networks block UDP and ICMP traffic. The traceroute command has options to trace the path with UDP (default), ICMP (-I), or TCP (-T) packets. Typically, the traceroute command is not installed by default.

[user@host ~]$ tracepath access.redhat.com
...output omitted...
 4:  71-32-28-145.rcmt.qwest.net                          48.853ms asymm  5
 5:  dcp-brdr-04.inet.qwest.net                          100.732ms asymm  7
 6:  206.111.0.153.ptr.us.xo.net                          96.245ms asymm  7
 7:  207.88.14.162.ptr.us.xo.net                          85.270ms asymm  8
 8:  ae1d0.cir1.atlanta6-ga.us.xo.net                     64.160ms asymm  7
 9:  216.156.108.98.ptr.us.xo.net                        108.652ms
10:  bu-ether13.atlngamq46w-bcr00.tbone.rr.com           107.286ms asymm 12
...output omitted...

Each line in the output of the tracepath command represents a router or hop that the packet passes through between the source and the final destination. The command outputs information for each hop as it becomes available, including the round trip timing (RTT) and any changes in the maximum transmission unit (MTU) size. The asymm indication means that the traffic that reached the router returned from that router by different (asymmetric) routes. These routers here are for outbound traffic, not for return traffic.

The tracepath6 and traceroute -6 commands are the equivalent IPv6 commands to the tracepath and traceroute commands.

[user@host ~]$ tracepath6 2001:db8:0:2::451
 1?: [LOCALHOST]                        0.091ms pmtu 1500
 1:  2001:db8:0:1::ba                   0.214ms
 2:  2001:db8:0:1::1                    0.512ms
 3:  2001:db8:0:2::451                  0.559ms reached
     Resume: pmtu 1500 hops 3 back 3

Troubleshoot Port and Service Issues

TCP services use sockets as endpoints for communication, and are composed of an IP address, protocol, and port number. Services typically listen on standard ports, whereas clients use a random available port. Well-known names for standard ports are listed in the /etc/services file.

The ss command is used to display socket statistics. The ss command replaces the earlier netstat tool, from the net-tools package, which might be more familiar to some system administrators but is not always installed.

[user@host ~]$ ss -ta
State      Recv-Q Send-Q      Local Address:Port          Peer Address:Port
LISTEN     0      128                     *:sunrpc                   *:*
LISTEN     0      128                     *:ssh                      *:*
LISTEN     0      100             127.0.0.1:smtp                      :
LISTEN     0      128                     *:36889                    *:*
ESTAB      0      0           172.25.250.10:ssh         172.25.254.254:59392
LISTEN     0      128                    :::sunrpc                  :::*
LISTEN     0      128                    :::ssh                     :::*
LISTEN     0      100                   ::1:smtp                    :::*
LISTEN     0      128                    :::34946                   :::*

	*`:ssh`** : The port that is used for SSH is listening on all IPv4 addresses. The asterisk (``) character represents all* when referencing IPv4 addresses or ports.
	`127.0.0.1:smtp` : The port that is used for SMTP is listening on the `127.0.0.1` IPv4 loopback interface.
	`172.25.250.10:ssh` : The established SSH connection is on the 172.25.250.10 interface and originates from a system with an address of `172.25.254.254`.
	`:::ssh` : The port that is used for SSH is listening on all IPv6 addresses. The double colon (`::`) syntax represents all IPv6 interfaces.
	`::1:smtp` : The port that is used for SMTP is listening on the ::1 IPv6 loopback interface.

Table 11.6. Options for ss and netstat

Option	Description
`-n`	Show numbers instead of names for interfaces and ports.
`-t`	Show TCP sockets.
`-u`	Show UDP sockets.
`-l`	Show only listening sockets.
`-a`	Show all (listening and established) sockets.
`-p`	Show the process that uses the sockets.
`-A inet`	Display active connections (but not listening sockets) for the `inet` address family. That is, ignore local UNIX domain sockets. For the `ss` command, both IPv4 and IPv6 connections are displayed. For the `netstat` command, only IPv4 connections are displayed. (The `netstat -A inet6` command displays IPv6 connections, and the `netstat -46` command displays IPv4 and IPv6 at the same time.)

References

ip-link(8), ip-address(8), ip-route(8), ip(8), ping(8), tracepath(8), traceroute(8), ss(8), and netstat(8) man pages

For more information, refer to the Configuring and Managing Networking Guide at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/configuring_and_managing_networking/index

Discuss Red Hat System Administration I

Go to community

RH124 Chapter 15 Lab 3: Install zsh Package

VictoriaB97

16 sty 2024

Hello,I am trying to finish up Lab 3 of the Chapter 15 Comprehensive Review Labs in RH124, and when I type in sudo dnf install zsh for the 6th specification of the lab, I get an error message basically saying that it failed to download metadata for the repo 'ansible-2.9-for-rhel-9-x86_64-rpms', and that they could not download repomd.xml. It provided a 404 status code.Can someone please let me know what the problem is, and if there is a current workaround? Thanks.

377

Red Hat System Administration I | Guided Exercise: Explain and Investigate RPM Software Pack

AbeHiero

10 lis 2023

I cannot start the lab with command: lab start software-rpm. I get this error:ModuleNotFoundError: No module named 'rhcsa-classroom'Script software-rpm not in course library rhcsa-classroom Anyone else see this?

172

Red Hat System Administration I (RH124)

Haley_Ruccio

19 lip 2023

The first of two courses covering the core system administration tasks needed to manage Red Hat Enterprise Linux serversRed Hat System Administration I (RH124) is designed for IT professionals without previous Linux system administration experience. The course provides students with Linux administration competence by focusing on core administration tasks. This course also provides a foundation for students who plan to become full-time Linux system administrators by introducing key command-line concepts and enterprise-level tools. This course is the first of a two-course series that takes a computer professional without Linux system administration knowledge to become a fully capable Linux administrator. These concepts are further developed in the follow-on course, Red Hat System Administration II (RH134).This course is based on Red Hat® Enterprise Linux 9.0.Course content summaryIntroduce Linux and the Red Hat Enterprise Linux ecosystem.Run commands and view shell environments.Manage, organize, and secure files.Manage users, groups and user security policies.Control and monitor systemd services.Configure remote access using the web console and SSH.Configure network interfaces and settings.Manage software using DNFAudience for this courseThe primary persona is a technical professional with current or pending responsibilities as a Linux enterprise or cloud system administrator.This course is popular in Red Hat Academy, and is targeted at the student who is planning to become a technical professional using Linux.Prerequisites for this courseBasic technical user skills with computer applications on some operating systems are expected.Take our free assessment to gauge whether this offering is the best fit for your skills.Technology considerationsThere are no special technical requirements for this course.This course is not designed for bring your own device (BYOD).Internet access is not required but is recommended so that students can research and browse Red Hat online resources.

336

Revision: rh124-9.0-398f302