Linux for Network Engineers


This page is dedicated to some of the Linux resources I found useful especially for network administrators/engineers.

Basics

ifconfig

this command is now depracated and ip command is preferred.

To show the ip address

ip address

To see all the interfaces and the associated IPs in a glance.

ip -br a

Show routes

route

ip route
ip route get IP_ADDRESS/bits

frr:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.116.2   0.0.0.0         UG    203    0        0 eth1
10.72.100.0     *               255.255.255.0   U     0      0        0 eth1.100
10.72.200.0     *               255.255.255.0   U     0      0        0 eth1.200
192.168.116.0   *               255.255.255.0   U     0      0        0 eth1

FRR (Free Range Routing)

It is a network routing software suite for Linux/Unix platforms. It can be used to implement BGP, OSPF, RIP, RIPnG, EIGRP, ISIS and FHRPs.

Other supported protocols can be found on the official site.
https://frrouting.org/

After having FRR installed on the linux machine using either method, since I am using ubuntu I use the apt install frr. We switch to the vtysh shell.

Quagga

https://www.quagga.net/

FRRouting forked from Quagga aiming for a more open and faster development.

mdadm (Multiple Disk and Device Management)

mdadm is a Linux utility used to manage and monitor software RAID devices. It is used in modern Linux distributions in place of older software RAID utilities such as raidtools2 or raidtools.

Open Source Load Balancers

https://www.bizety.com/2020/06/24/open-source-load-balancers-neutrino-katran-maglev-seesaw-traefix-and-haproxy/amp/

Routing feature on Linux

To check whether the Linux machine is forwarding traffic and acting like a router.

cat /proc/sys/net/ipv4/ip_forward

if the value returned is 0 it means the routing feature is turned off. If the value returned is 1 it means routing is enabled.

To turn it on

echo "1" > /proc/sys/net/ipv4/ip_fowward

Editing the sysctl.conf file for persistent configuration

+ show block

Updating & Upgrading Debian and FRR

+ show block

To check bgp daemon is enabled for FRR

+ show block

Configuring interfaces on Debian based distributions

The interface configuration can be found under;

/etc/network/interfaces

Here you will find the lines are commented out (#), removing the hash will enable the line. IP addresses can statically be configured or dhcp can be enabled. All physical interfaces will follow with an auto in the same line.

In some distributions the interface configuration can be found under /run/networking/interface.d/

root@km-server:/#  ls -l /run/network/interfaces.d/
total 8
-rw-r--r-- 1 root root   89 Sep 16 19:07 eth0
-rw-r--r-- 1 root root 1024 Oct 12 17:02 eth1

Sub-interfaces can also be configured in this file. An example output shown below.

+ show block

Configuring interfaces on RedHat/Centos

+ show block

Let's see the interfaces configured according to this interface file.

frr:~# ip -br add
lo               UNKNOWN        127.0.0.1/8 ::1/128 
eth0             DOWN           
eth1             UP             192.168.116.173/24 fe80::e06:8bff:fe01:d301/64 
eth2             DOWN           
eth3             DOWN           
eth4             DOWN           
eth5             DOWN           
eth6             DOWN           
eth7             DOWN           
eth1.100@eth1    UP             10.72.10.2/24 fe80::e06:8bff:fe01:d301/64 
eth1.200@eth1    UP             10.72.20.2/24 fe80::e06:8bff:fe01:d301/64 
LINK_SYS         UP

To add or remove an IP address from an interface.

To add

root@linux:~# ip addr add 10.100.100.1/32 dev lo

root@linux:~# ip address show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 10.100.100.1/32 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever

To remove

root@linux:~# ip addr del 10.100.100.1/32 dev lo

root@linux:~# ip address show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever

Configuring a virtual interface

+ show block

Configuring Tunnel interface

+ show block

To restart the networking

systemctl restart networking

service networking restart

/etc/init.d/networking start|stop|restart

To add SSH keys for a user

Edit /root/.ssh/authorized_keys and add to the list of users.

e.g

nano /root/.ssh/authorized_keys

To add a VRF in Linux created in FRR

frr#conf t

vrf LINK_SYS
 ip router-id 100.100.100.100
 exit-vrf

If we check the show status of this created VRF it will show inactive.

frr# show vrf 
vrf LINK_SYS inactive (configured)

To activate it we exit out of vtysh session and configure vrf table information.

km:~# ip link add LINK_SYS type vrf table 100
km:~# ip link add OLIVE_WL type vrf table 200

km:~# ip link set dev LINK_SYS up
km:~# ip link set dev OLIVE_WL up

km:~# ip vrf show
Name              Table
-----------------------
LINK_SYS           100
OLIVE_WL           200

Now the status of this VRF will show active in vtysh shell.

frr# show vrf 
vrf LINK_SYS id 10 table 100 (configured)
vrf OLIVE_WL id 11 table 200 (configured)

Adding an interface to a VRF

#ip link set dev INTERFACE_NAME master VRF_NAME

The ip link show command will show you the interface is added the configured vrf.

To see the IP addresses of the interfaces in a vrf.

#ip -br add show vrf VRF_NAME

sample output
ip -br add show vrf LINK_SYS
bond0.60@bond0 UP             10.10.60.4/27 fe80::63f:72ff:fed9:816e/64 
bond0.66@bond0 UP             10.10.60.36/27 fe80::63f:72ff:fed9:816e/64

Checking the routes in each VRF

frr:~# ip route show vrf LINK_SYS
unreachable default metric 4278198272 
10.202.100.0/24 dev eth2 proto kernel scope link src 10.202.100.1 

frr:~# ip route show vrf OLIVE_WL
unreachable default metric 4278198272 
10.202.200.0/24 dev eth3 proto kernel scope link src 10.202.200.1

Adding the vrf table number in the rt_table for persistent configuration.

+ show block

Policy Routing Rules

Linux supports up to 255 routing tables, each routing table has its own table name and table ID. IP rule action defines tables to lookup if the rule selector matches. IP rule also defines the priority parameter which indicates the priority of this rule. Higher number means lower priority, and rules get processed in order of increasing number. Each rule should have an explicitly set unique priority value. Source Pica8.com

+ show block

Connectivity test towards the dockers

In order to do a ping test to check connectivity with the docker container IPs, we need to specify the source interface which is in the respective VRF. There is no option to specify the source VRF as of of the time doing this test.

frr:~# ping -I eth2 10.202.100.2
PING 10.202.100.2 (10.202.100.2): 56 data bytes
64 bytes from 10.202.100.2: seq=0 ttl=64 time=1.632 ms
64 bytes from 10.202.100.2: seq=1 ttl=64 time=1.169 ms
64 bytes from 10.202.100.2: seq=2 ttl=64 time=1.672 ms
64 bytes from 10.202.100.2: seq=3 ttl=64 time=1.221 ms
64 bytes from 10.202.100.2: seq=4 ttl=64 time=1.163 ms
^C
--- 10.202.100.2 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 1.163/1.371/1.672 ms

# to validate I will ping the other docker container (10.202.200.2) by sourcing with the same source interface and you will see that it fails.

frr:~# ping -I eth2 10.202.200.2
PING 10.202.200.2 (10.202.200.2): 56 data bytes
ping: sendto: Host is unreachable

# Now I change the interface to the correct interface within OLIVE_WL. 

frr:~# ping -I eth3 10.202.200.2
PING 10.202.200.2 (10.202.200.2): 56 data bytes
64 bytes from 10.202.200.2: seq=0 ttl=64 time=1.028 ms
64 bytes from 10.202.200.2: seq=1 ttl=64 time=2.655 ms
64 bytes from 10.202.200.2: seq=2 ttl=64 time=1.740 ms
64 bytes from 10.202.200.2: seq=3 ttl=64 time=1.191 ms
64 bytes from 10.202.200.2: seq=4 ttl=64 time=1.639 ms
64 bytes from 10.202.200.2: seq=5 ttl=64 time=2.042 ms
^C64 bytes from 10.202.200.2: seq=5 ttl=64 time=2.042 ms
--- 10.202.200.2 ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 1.028/1.715/2.655 ms

Performing ping from within a vrf with source interface

ip vrf exec VRF_NAME ping -I10.10.60.1 8.8.8.8

Checking arp/cache

frr:~# ip neighbor show
10.100.72.2 dev eth2 lladdr 9a:f9:60:61:3c:d0 STALE
10.72.100.1 dev eth1.100 lladdr 0c:93:c2:98:f5:03 REACHABLE
10.72.200.1 dev eth1.200 lladdr 0c:93:c2:98:f5:03 REACHABLE
10.200.72.2 dev eth3 lladdr 8e:ef:5a:eb:32:e0 STALE
fe80::6089:2ff:fef6:d821 dev eth3 lladdr 62:89:02:f6:d8:21 STALE
fe80::8cef:5aff:feeb:32e0 dev eth3 lladdr 8e:ef:5a:eb:32:e0 STALE
fe80::98f9:60ff:fe61:3cd0 dev eth2 lladdr 9a:f9:60:61:3c:d0 STALE
fe80::5052:22ff:fe50:9f74 dev eth2 lladdr 52:52:22:50:9f:74 STALE
fe80::20c:29ff:fe88:c937 dev eth1 lladdr 00:0c:29:88:c9:37 STALE

Querying an NTP server

In Linux install ntpdate tool and run the query against the ntp pool as shown in the example.

+ show block

Additional useful resources:

Kernel.org Documentation
Useful IP commands
Working with VRF in Linux
VRF in Linux
Debian documentation
Dockers reference documentation

engineersforlinuxnetwork
page revision: 77, last edited: 15 Feb 2024 15:29
Edit Tags History Files Print Site tools + Options
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License