Networking: Difference between revisions

(6 intermediate revisions by 3 users not shown)

Line 2:

== Configuration ==

=== Wireless networks ===

See [[wpa_supplicant]] / [[Iwd]].

=== Static IP for network adapter ===

Line 114:

Line 118:

};

</syntaxhighlight>

=== Virtualization ===

Sometimes complex network configurations with VPNs or firewall rules you may need extra configurations in order for your VMs to have network access. It is recommended to use more granular control over the ports instead of simply allowing the entire interface.<syntaxhighlight lang="nix">networking = {

firewall = {

enable = true;

# Allows the entire interface through the firewall.

# trustedInterfaces = [

# "virbr0"

# ];

# Allows individual ports through the firewall.

interfaces = {

virbr0 = {

allowedUDPPorts = [

# DNS

53

# DHCP

67

# You may want to allow more ports such as ipv6 and other services here.

];

};

nat = {

enable = true;

internalInterfaces = [

"virbr0"

];

};

};</syntaxhighlight>

== IPv6 ==

Line 241:

Line 277:

! Bonding mode !! Description !! Switch configuration

|-

| <code>balance-rr</code> || Transmit packets round-robin. || Requires static EtherChannel enabled, not LACP-negotiated.

| <code>balance-rr</code> || '''Default'''. Transmit packets round-robin. || Requires static EtherChannel enabled, not LACP-negotiated.

|-

| <code>active-backup</code> || Only one slave in the bond in active. If it fails, another one is picked to be active. || No configuration required on the switch.

| <code>active-backup</code> || Recommended for fault tolerance when 802.3ad isn't available. Only one slave in the bond in active. If it fails, another one is picked to be active. || No configuration required on the switch.

|-

| <code>balance-xor</code> || Transmit packets based on the selected transmit hash policy. || Requires static EtherChannel enabled, not LACP-negotiated.

Line 249:

Line 285:

| <code>broadcast</code> || Transmit everything on all slave interfaces. || Requires static EtherChannel enabled, not LACP-negotiated.

|-

| <code>802.3ad</code> || IEEE 802.3ad Dynamic link aggregation. Transmits packets based on the selected transmit hash policy. || Requires LACP-negotiated EtherChannel enabled. In simpler terms, dynamic LACP.

| <code>802.3ad</code> || '''Recommended'''. IEEE 802.3ad Dynamic link aggregation. Transmits packets based on the selected transmit hash policy. || Requires LACP-negotiated EtherChannel enabled. In simpler terms, dynamic LACP.

|-

| <code>balance-tlb</code> || Adaptive transmit load balancing || No configuration required on the switch.

Line 260:

Line 296:

=== NetworkManager ===

{{Warning|This has not been fully tested. I'm not sure if all the properties are required.}}

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

Line 266:

Line 302:

"Bond connection 1" = {

bond = {

~~downdelay = "0";~~

miimon = "100"; # Monitor MII link every 100ms

miimon = "1";

mode = "802.3ad";

mode = "802.3ad"; ~~# dynamic LACP~~

xmit_hash_policy = "layer3+4"; # IP and TCP/UDP hash

~~updelay~~ = "0";

};

connection = {

Line 290:

Line 325:

id = "bond0 port 1";

type = "ethernet";

interface-name = "~~eth1~~"; ~~# Replace this~~

interface-name = "enp2s0";

controller = "bond0";

port-type = "bond";

Line 299:

Line 334:

id = "bond0 port 2";

type = "ethernet";

interface-name = "~~eth2~~"; ~~# Replace this~~

interface-name = "enp3s0";

controller = "bond0";

port-type = "bond";

Line 307:

Line 342:

</nowiki>}}

=== systemd-networkd ===

=== systemd-networkd and scripted networking ===

See [[Systemd/networkd#Bonding]] for more detailed configuration possibilities.

=== ~~legacy scripted networking?~~ ===

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

networking.bonds = {

bond0 = {

interfaces = [ "enp2s0" "enp3s0" ];

driverOptions = {

miimon = "100"; # Monitor MII link every 100ms

mode = "802.3ad";

xmit_hash_policy = "layer3+4"; # IP and TCP/UDP hash

};

</nowiki>}}

=== Teaming ===

Using the teaming driver provides more configuration capabilities since more descision-making is done in userspace <ref>https://~~docs.redhat~~.com/en/~~documentation~~/~~red_hat_enterprise_linux~~/~~7/html/networking_guide/sec~~-~~comparison_of_network_teaming_to_bonding#sec~~-~~Comparison_of_Network_Teaming_to_Bonding~~</ref>.

Using the teaming driver provides more configuration capabilities since more descision-making is done in userspace <ref>https://github.com/jpirko/libteam/wiki/Bonding-vs.-Team-features</ref>.

@@ Line 2: / Line 2: @@
 == Configuration ==
+=== Wireless networks ===
+See [[wpa_supplicant]] / [[Iwd]].
 === Static IP for network adapter ===
@@ Line 114: / Line 118: @@
 };
 </syntaxhighlight>
+=== Virtualization ===
+Sometimes complex network configurations with VPNs or firewall rules you may need extra configurations in order for your VMs to have network access. It is recommended to use more granular control over the ports instead of simply allowing the entire interface.<syntaxhighlight lang="nix">networking = {
+  firewall = {
+    enable = true;
+    # Allows the entire interface through the firewall.
+    # trustedInterfaces = [
+    #   "virbr0"
+    # ];
+    # Allows individual ports through the firewall.
+    interfaces = {
+      virbr0 = {
+        allowedUDPPorts = [
+          # DNS
+          # DHCP
+          # You may want to allow more ports such as ipv6 and other services here.
+        ];
+      };
+    };
+  };
+  nat = {
+    enable = true;
+    internalInterfaces = [
+      "virbr0"
+    ];
+  };
+};</syntaxhighlight>
 == IPv6 ==
@@ Line 241: / Line 277: @@
 ! Bonding mode !! Description !! Switch configuration
 |-
-| <code>balance-rr</code> || Transmit packets round-robin. || Requires static EtherChannel enabled, not LACP-negotiated.
+| <code>balance-rr</code> || '''Default'''. Transmit packets round-robin. || Requires static EtherChannel enabled, not LACP-negotiated.
 |-
-| <code>active-backup</code> || Only one slave in the bond in active. If it fails, another one is picked to be active. || No configuration required on the switch.
+| <code>active-backup</code> || Recommended for fault tolerance when 802.3ad isn't available. Only one slave in the bond in active. If it fails, another one is picked to be active. || No configuration required on the switch.
 |-
 | <code>balance-xor</code> || Transmit packets based on the selected transmit hash policy. || Requires static EtherChannel enabled, not LACP-negotiated.
@@ Line 249: / Line 285: @@
 | <code>broadcast</code> || Transmit everything on all slave interfaces. || Requires static EtherChannel enabled, not LACP-negotiated.
 |-
-| <code>802.3ad</code> || IEEE 802.3ad Dynamic link aggregation. Transmits packets based on the selected transmit hash policy. || Requires LACP-negotiated EtherChannel enabled. In simpler terms, dynamic LACP.
+| <code>802.3ad</code> || '''Recommended'''. IEEE 802.3ad Dynamic link aggregation. Transmits packets based on the selected transmit hash policy. || Requires LACP-negotiated EtherChannel enabled. In simpler terms, dynamic LACP.
 |-
 | <code>balance-tlb</code> || Adaptive transmit load balancing || No configuration required on the switch.
@@ Line 260: / Line 296: @@
 === NetworkManager ===
-{{Warning|This has not been fully tested.}}
+{{Warning|This has not been fully tested. I'm not sure if all the properties are required.}}
 {{file|/etc/nixos/configuration.nix|nix|<nowiki>
@@ Line 266: / Line 302: @@
      "Bond connection 1" = {
        bond = {
-        downdelay = "0";
+         miimon = "100"; # Monitor MII link every 100ms
-         miimon = "1";
+         mode = "802.3ad";
-         mode = "802.3ad"; # dynamic LACP
+         xmit_hash_policy = "layer3+4"; # IP and TCP/UDP hash
-         updelay = "0";
        };
        connection = {
@@ Line 290: / Line 325: @@
          id = "bond0 port 1";
          type = "ethernet";
-         interface-name = "eth1"; # Replace this
+         interface-name = "enp2s0";
          controller = "bond0";
          port-type = "bond";
@@ Line 299: / Line 334: @@
          id = "bond0 port 2";
          type = "ethernet";
-         interface-name = "eth2"; # Replace this
+         interface-name = "enp3s0";
          controller = "bond0";
          port-type = "bond";
@@ Line 307: / Line 342: @@
 </nowiki>}}
-=== systemd-networkd ===
+=== systemd-networkd and scripted networking ===
+See [[Systemd/networkd#Bonding]] for more detailed configuration possibilities.
-=== legacy scripted networking? ===
+{{file|/etc/nixos/configuration.nix|nix|<nowiki>
+  networking.bonds = {
+    bond0 = {
+      interfaces = [ "enp2s0" "enp3s0" ];
+      driverOptions = {
+        miimon = "100"; # Monitor MII link every 100ms
+        mode = "802.3ad";
+        xmit_hash_policy = "layer3+4"; # IP and TCP/UDP hash
+      };
+    };
+  };
+</nowiki>}}
 === Teaming ===
-Using the teaming driver provides more configuration capabilities since more descision-making is done in userspace <ref>https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/networking_guide/sec-comparison_of_network_teaming_to_bonding#sec-Comparison_of_Network_Teaming_to_Bonding</ref>.
+Using the teaming driver provides more configuration capabilities since more descision-making is done in userspace <ref>https://github.com/jpirko/libteam/wiki/Bonding-vs.-Team-features</ref>.
 {{Expansion|Missing information about teaming.}}