Every computer on the Internet has a unique 32-bit address. These 32 bits (or 4 bytes) are normally written as illustrated in the second row in Example 22.1, “Writing IP Addresses”.

IP Address (binary):  11000000 10101000 00000000 00010100
IP Address (decimal):      192.     168.       0.      20

In decimal form, the four bytes are written in the decimal number system, separated by periods. The IP address is assigned to a host or a network interface. It can be used only once throughout the world. There are exceptions to this rule, but these are not relevant to the following passages.

The points in IP addresses indicate the hierarchical system. Until the 1990s, IP addresses were strictly categorized in classes. However, this system proved too inflexible and was discontinued. Now, classless routing (CIDR, classless interdomain routing) is used.

Netmasks are used to define the address range of a subnetwork. If two hosts are in the same subnetwork, they can reach each other directly. If they are not in the same subnetwork, they need the address of a gateway that handles all the traffic for the subnetwork. To check if two IP addresses are in the same subnet, simply “AND” both addresses with the netmask. If the result is identical, both IP addresses are in the same local network. If there are differences, the remote IP address, and thus the remote interface, can only be reached over a gateway.

To understand how the netmask works, look at Example 22.2, “Linking IP Addresses to the Netmask”. The netmask consists of 32 bits that identify how much of an IP address belongs to the network. All those bits that are 1 mark the corresponding bit in the IP address as belonging to the network. All bits that are 0 mark bits inside the subnetwork. This means that the more bits are 1, the smaller the subnetwork is. Because the netmask always consists of several successive 1 bits, it is also possible to just count the number of bits in the netmask. In Example 22.2, “Linking IP Addresses to the Netmask” the first net with 24 bits could also be written as 192.168.0.0/24.

IP address (192.168.0.20):  11000000 10101000 00000000 00010100
Netmask   (255.255.255.0):  11111111 11111111 11111111 00000000
---------------------------------------------------------------
Result of the link:         11000000 10101000 00000000 00000000
In the decimal system:           192.     168.       0.       0

IP address (213.95.15.200): 11010101 10111111 00001111 11001000
Netmask    (255.255.255.0): 11111111 11111111 11111111 00000000
---------------------------------------------------------------
Result of the link:         11010101 10111111 00001111 00000000
In the decimal system:           213.      95.      15.       0

To give another example: all machines connected with the same ethernet cable are usually located in the same subnetwork and are directly accessible. Even when the subnet is physically divided by switches or bridges, these hosts can still be reached directly.

IP addresses outside the local subnet can only be reached if a gateway is configured for the target network. In the most common case, there is only one gateway that handles all traffic that is external. However, it is also possible to configure several gateways for different subnets.

If a gateway has been configured, all external IP packets are sent to the appropriate gateway. This gateway then attempts to forward the packets in the same manner—from host to host—until it reaches the destination host or the packet's TTL (time to live) expires.

Because IP addresses must be unique all over the world, you cannot just select random addresses. There are three address domains to use if you want to set up a private IP-based network. These cannot get any connection from the rest of the Internet, because they cannot be transmitted over the Internet. These address domains are specified in RFC 1597 and listed in Table 22.3, “Private IP Address Domains”.

The most important and most visible improvement brought by the new protocol is the enormous expansion of the available address space. An IPv6 address is made up of 128 bit values instead of the traditional 32 bits. This provides for as many as several quadrillion IP addresses.

However, IPv6 addresses are not only different from their predecessors with regard to their length. They also have a different internal structure that may contain more specific information about the systems and the networks to which they belong. More details about this are found in Section 22.2.2, “Address Types and Structure”.

The following is a list of some other advantages of the new protocol:

As mentioned, the current IP protocol is lacking in two important aspects: there is an increasing shortage of IP addresses and configuring the network and maintaining the routing tables is becoming a more complex and burdensome task. IPv6 solves the first problem by expanding the address space to 128 bits. The second one is countered by introducing a hierarchical address structure, combined with sophisticated techniques to allocate network addresses, as well as multihoming (the ability to assign several addresses to one device, giving access to several networks).

When dealing with IPv6, it is useful to know about three different types of addresses:

An IPv6 address is made up of eight four-digit fields, each representing 16 bits, written in hexadecimal notation. They are separated by colons (:). Any leading zero bytes within a given field may be dropped, but zeros within the field or at its end may not. Another convention is that more than four consecutive zero bytes may be collapsed into a double colon. However, only one such :: is allowed per address. This kind of shorthand notation is shown in Example 22.3, “Sample IPv6 Address”, where all three lines represent the same address.

fe80 : 0000 : 0000 : 0000 : 0000 : 10 : 1000 : 1a4
fe80 :    0 :    0 :    0 :    0 : 10 : 1000 : 1a4
fe80 :                           : 10 : 1000 : 1a4

Each part of an IPv6 address has a defined function. The first bytes form the prefix and specify the type of address. The center part is the network portion of the address, but it may be unused. The end of the address forms the host part. With IPv6, the netmask is defined by indicating the length of the prefix after a slash at the end of the address. An address, as shown in Example 22.4, “IPv6 Address Specifying the Prefix Length”, contains the information that the first 64 bits form the network part of the address and the last 64 form its host part. In other words, the 64 means that the netmask is filled with 64 1-bit values from the left. Just like with IPv4, the IP address is combined with AND with the values from the netmask to determine whether the host is located in the same subnetwork or in another one.

fe80::10:1000:1a4/64

IPv6 knows about several predefined types of prefixes. Some of these are shown in Table 22.4, “Various IPv6 Prefixes”.

A unicast address consists of three basic components:

On top of this basic structure, IPv6 distinguishes between five different types of unicast addresses:

As a completely new feature introduced with IPv6, each network interface normally gets several IP addresses, with the advantage that several networks can be accessed through the same interface. One of these networks can be configured completely automatically using the MAC and a known prefix with the result that all hosts on the local network can be reached as soon as IPv6 is enabled (using the link-local address). With the MAC forming part of it, any IP address used in the world is unique. The only variable parts of the address are those specifying the site topology and the public topology, depending on the actual network in which the host is currently operating.

For a host to go back and forth between different networks, it needs at least two addresses. One of them, the home address, not only contains the interface ID but also an identifier of the home network to which it normally belongs (and the corresponding prefix). The home address is a static address and, as such, it does not normally change. Still, all packets destined to the mobile host can be delivered to it, regardless of whether it operates in the home network or somewhere outside. This is made possible by the completely new features introduced with IPv6, such as stateless autoconfiguration and neighbor discovery. In addition to its home address, a mobile host gets one or more additional addresses that belong to the foreign networks where it is roaming. These are called care-of addresses. The home network has a facility that forwards any packets destined to the host when it is roaming outside. In an IPv6 environment, this task is performed by the home agent, which takes all packets destined to the home address and relays them through a tunnel. On the other hand, those packets destined to the care-of address are directly transferred to the mobile host without any special detours.

The migration of all hosts connected to the Internet from IPv4 to IPv6 is a gradual process. Both protocols will coexist for some time to come. The coexistence on one system is guaranteed where there is a dual stack implementation of both protocols. That still leaves the question of how an IPv6 enabled host should communicate with an IPv4 host and how IPv6 packets should be transported by the current networks, which are predominantly IPv4 based. The best solutions offer tunneling and compatibility addresses (see Section 22.2.2, “Address Types and Structure”).

IPv6 hosts that are more or less isolated in the (worldwide) IPv4 network can communicate through tunnels: IPv6 packets are encapsulated as IPv4 packets to move them across an IPv4 network. Such a connection between two IPv4 hosts is called a tunnel. To achieve this, packets must include the IPv6 destination address (or the corresponding prefix) as well as the IPv4 address of the remote host at the receiving end of the tunnel. A basic tunnel can be configured manually according to an agreement between the hosts' administrators. This is also called static tunneling.

However, the configuration and maintenance of static tunnels is often too labor-intensive to use them for daily communication needs. Therefore, IPv6 provides for three different methods of dynamic tunneling:

To configure IPv6, you normally do not need to make any changes on the individual workstations. IPv6 is enabled by default. You can disable it during installation in the network configuration step described in Section 6.16.1.3, “Network Configuration”. To disable or enable IPv6 on an installed system, use the YaST Network Settings module. On the Global Options tab, check or uncheck the Enable IPv6 option as necessary. If you want to enable it temporarily until the next reboot, enter modprobe -i ipv6 as root. It is basically impossible to unload the ipv6 module once loaded.

Because of the autoconfiguration concept of IPv6, the network card is assigned an address in the link-local network. Normally, no routing table management takes place on a workstation. The network routers can be queried by the workstation, using the router advertisement protocol, for what prefix and gateways should be implemented. The radvd program can be used to set up an IPv6 router. This program informs the workstations which prefix to use for the IPv6 addresses and which routers. Alternatively, use zebra/quagga for automatic configuration of both addresses and routing.

Consult the ifcfg-tunnel (5) man page to get information about how to set up various types of tunnels using the /etc/sysconfig/network files.

The above overview does not cover the topic of IPv6 comprehensively. For a more in-depth look at the new protocol, refer to the following online documentation and books:

To configure your wired or wireless network card in YaST, select Network Devices › Network Settings. After starting the module, YaST displays the Network Settings dialog with four tabs: Global Options, Overview, Hostname/DNS and Routing.

The Global Options tab allows you to set general networking options such as the use of NetworkManager, IPv6 and general DHCP options. For more information, see Section 22.4.1.1, “Configuring Global Networking Options”.

The Overview tab contains information about installed network interfaces and configurations. Any properly detected network card is listed with its name. You can manually configure new cards, remove or change their configuration in this dialog. If you want to manually configure a card that was not automatically detected, see Section 22.4.1.3, “Configuring an Undetected Network Card”. If you want to change the configuration of an already configured card, see Section 22.4.1.2, “Changing the Configuration of a Network Card”.

The Hostname/DNS tab allows to set the hostname of the machine and name the servers to be used. For more information, see Section 22.4.1.4, “Configuring Hostname and DNS”.

The Routing tab is used for the configuration of routing. See Section 22.4.1.5, “Configuring Routing” for more information.

Figure 22.3: Configuring Network Settings #

22.4.1.2 Changing the Configuration of a Network Card #

To change the configuration of a network card, select a card from the list of the detected cards in Network Settings › Overview in YaST and click Edit. The Network Card Setup dialog appears in which to adjust the card configuration using the General, Address and Hardware tabs. For information about wireless card configuration, see Section 19.5, “Configuration with YaST”.

22.4.1.2.1 Configuring IP Addresses #

You can set the IP address of the network card or the way its IP address is determined in the Address tab of the Network Card Setup dialog. Both IPv4 and IPv6 addresses are supported. The network card can have No IP Address (which is useful for bonding devices), a Statically Assigned IP Address (IPv4 or IPv6) or a Dynamic Address assigned via DHCP or Zeroconf or both.

If using Dynamic Address, select whether to use DHCP Version 4 Only (for IPv4), DHCP Version 6 Only (for IPv6) or DHCP Both Version 4 and 6.

If possible, the first network card with link that is available during the installation is automatically configured to use automatic address setup via DHCP. On SUSE Linux Enterprise Desktop, where NetworkManager is active by default, all network cards are configured.

Note: IBM System z and DHCP

On IBM System z platforms, DHCP-based address configuration is only supported with network cards that have a MAC address. This is only the case with OSA and OSA Express cards.

DHCP should also be used if you are using a DSL line but with no static IP assigned by the ISP (Internet Service Provider). If you decide to use DHCP, configure the details in DHCP Client Options in the Global Options tab of the Network Settings dialog of the YaST network card configuration module. Specify whether the DHCP client should ask the server to always broadcast its responses in Request Broadcast Response. This option may be needed if your machine is a mobile client moving between networks. If you have a virtual host setup where different hosts communicate through the same interface, an DHCP Client Identifier is necessary to distinguish them.

DHCP is a good choice for client configuration but it is not ideal for server configuration. To set a static IP address, proceed as follows:

1. Select a card from the list of detected cards in the Overview tab of the YaST network card configuration module and click Edit.

2. In the Address tab, choose Statically Assigned IP Address.

3. Enter the IP Address. Both IPv4 and IPv6 addresses can be used. Enter the network mask in Subnet Mask. If the IPv6 address is used, use Subnet Mask for prefix length in format /64.

   Optionally, you can enter a fully qualified Hostname for this address, which will be written to the /etc/hosts configuration file.

4. Click Next.

5. To activate the configuration, click OK.

If you use the static address, the name servers and default gateway are not configured automatically. To configure name servers, proceed as described in Section 22.4.1.4, “Configuring Hostname and DNS”. To configure a gateway, proceed as described in Section 22.4.1.5, “Configuring Routing”.

22.4.1.2.2 Configuring Aliases #

One network device can have multiple IP addresses, called aliases.

Note: Aliases Are a Compatibility Feature

These so-called aliases resp. labels work with IPv4 only. With IPv6 they will be ignored. Using iproute2 network interfaces can have one or more addresses.

Using YaST to set an alias for your network card, proceed as follows:

1. Select a card from the list of detected cards in the Overview tab of the YaST network card configuration module and click Edit.

2. In the Address › Additional Addresses tab, click Add.

3. Enter Alias Name, IP Address, and Netmask. Do not include the interface name in the alias name.

4. Click OK.

5. Click Next.

6. To activate the configuration, click OK.

22.4.1.2.3 Changing the Device Name and Udev Rules #

It is possible to change the device name of the network card when it is used. It is also possible to determine whether the network card should be identified by udev via its hardware (MAC) address or via the bus ID. The later option is preferable in large servers to ease hot swapping of cards. To set these options with YaST, proceed as follows:

1. Select a card from the list of detected cards in the Overview tab of the YaST Network Settings module and click Edit.

2. Go to the Hardware tab. The current device name is shown in Udev Rules. Click Change.

3. Select whether udev should identify the card by its MAC Address or Bus ID. The current MAC address and bus ID of the card are shown in the dialog.

4. To change the device name, check the Change Device Name option and edit the name.

5. Click OK and Next.

6. To activate the configuration, click OK.

22.4.1.2.4 Changing Network Card Kernel Driver #

For some network cards, several kernel drivers may be available. If the card is already configured, YaST allows you to select a kernel driver to be used from a list of available suitable drivers. It is also possible to specify options for the kernel driver. To set these options with YaST, proceed as follows:

1. Select a card from the list of detected cards in the Overview tab of the YaST Network Settings module and click Edit.

2. Go to the Hardware tab.

3. Select the kernel driver to be used in Module Name. Enter any options for the selected driver in Options in the form option=value . If more options are used, they should be space-separated.

4. Click OK and Next.

5. To activate the configuration, click OK.

22.4.1.2.5 Activating the Network Device #

If you use the traditional method with ifup, you can configure your device to either start during boot, on cable connection, on card detection, manually or never. To change device start-up, proceed as follows:

1. In YaST select a card from the list of detected cards in Network Devices › Network Settings and click Edit.

2. In the General tab, select the desired entry from Device Activation.

   Choose At Boot Time to start the device during the system boot. With On Cable Connection, the interface is watched for any existing physical connection. With On Hotplug, the interface is set as soon as available. It is similar to the At Boot Time option, and only differs in the fact that no error occurs if the interface is not present at boot time. Choose Manually to control the interface manually with ifup. Choose Never to not start the device at all. The On NFSroot is similar to At Boot Time, but the interface does not shut down with the rcnetwork stop command. Use this if you use an nfs or iscsi root file system.

3. Click Next.

4. To activate the configuration, click OK.

Usually, only the system administrator can activate and deactivate network interfaces. If you want any user to be able to activate this interface via KInternet, select Enable Device Control for Non-root User via KInternet.

22.4.1.2.6 Setting Up Maximum Transfer Unit Size #

You can set a maximum transmission unit (MTU) for the interface. MTU refers to the largest allowed packet size in bytes. A higher MTU brings higher bandwidth efficiency. However, large packets can block up a slow interface for some time, increasing the lag for further packets.

1. In YaST select a card from the list of detected cards in Network Devices › Network Settings and click Edit.

2. In the General tab, select the desired entry from the Set MTU list.

3. Click Next.

4. To activate the configuration, click OK.

22.4.1.2.7 Configuring the Firewall #

Without having to enter the detailed firewall setup as described in Section 15.4.1, “Configuring the Firewall with YaST”, you can determine the basic firewall setup for your device as part of the device setup. Proceed as follows:

1. Open the YaST Network Devices › Network Settings module. In the Overview tab, select a card from the list of detected cards and click Edit.

2. Enter the General tab of the Network Settings dialog.

3. Determine the firewall zone to which your interface should be assigned. The following options are available:

   Firewall Disabled

   This option is available only if the firewall is disabled and the firewall does not run at all. Only use this option if your machine is part of a greater network that is protected by an outer firewall.

   Automatically Assign Zone

   This option is available only if the firewall is enabled. The firewall is running and the interface is automatically assigned to a firewall zone. The zone which contains the keyword any or the external zone will be used for such an interface.

   Internal Zone (Unprotected)

   The firewall is running, but does not enforce any rules to protect this interface. Use this option if your machine is part of a greater network that is protected by an outer firewall. It is also useful for the interfaces connected to the internal network, when the machine has more network interfaces.

   Demilitarized Zone

   A demilitarized zone is an additional line of defense in front of an internal network and the (hostile) Internet. Hosts assigned to this zone can be reached from the internal network and from the Internet, but cannot access the internal network.

   External Zone

   The firewall is running on this interface and fully protects it against other—presumably hostile—network traffic. This is the default option.

4. Click Next.

5. Activate the configuration by clicking OK.

yast dns edit hostname=hostname

yast dns edit nameserver1=192.168.1.116

yast dns edit nameserver2=192.168.1.116

yast dns edit nameserver3=192.168.1.116

Tip: IBM System z: Modem

The configuration of this type of hardware is not supported on IBM System z platforms.

In the YaST Control Center, access the modem configuration under Network Devices › Modem. If your modem was not automatically detected, go to the Modem Devices tab and open the dialog for manual configuration by clicking Add. Enter the interface to which the modem is connected under Modem Device.

Tip: CDMA and GPRS Modems

Configure supported CDMA and GPRS modems with the YaST Modem module just as you would configure regular modems.

Figure 22.4: Modem Configuration #

If you are behind a private branch exchange (PBX), you may need to enter a dial prefix. This is often a zero. Consult the instructions that came with the PBX to find out. Also select whether to use tone or pulse dialing, whether the speaker should be on and whether the modem should wait until it detects a dial tone. The last option should not be enabled if the modem is connected to an exchange.

Under Details, set the baud rate and the modem initialization strings. Only change these settings if your modem was not detected automatically or if it requires special settings for data transmission to work. This is mainly the case with ISDN terminal adapters. Leave this dialog by clicking OK. To delegate control over the modem to the normal user without root permissions, activate Enable Device Control for Non-root User via KInternet. In this way, a user without administrator permissions can activate or deactivate an interface. Under Dial Prefix Regular Expression, specify a regular expression. The Dial Prefix in KInternet, which can be modified by the normal user, must match this regular expression. If this field is left empty, the user cannot set a different Dial Prefix without administrator permissions.

In the next dialog, select the ISP. To choose from a predefined list of ISPs operating in your country, select Country. Alternatively, click New to open a dialog in which to provide the data for your ISP. This includes a name for the dial-up connection and ISP as well as the login and password provided by your ISP. Enable Always Ask for Password to be prompted for the password each time you connect.

In the last dialog, specify additional connection options:

Selecting Next returns to the original dialog, which displays a summary of the modem configuration. Close this dialog with OK.

Tip: IBM System z: ISDN

The configuration of this type of hardware is not supported on IBM System z platforms.

Use this module to configure one or several ISDN cards for your system. If YaST did not detect your ISDN card, click on Add in the ISDN Devices tab and manually select your card. Multiple interfaces are possible, but several ISPs can be configured for one interface. In the subsequent dialogs, set the ISDN options necessary for the proper functioning of the card.

Figure 22.5: ISDN Configuration #

In the next dialog, shown in Figure 22.5, “ISDN Configuration”, select the protocol to use. The default is Euro-ISDN (EDSS1), but for older or larger exchanges, select 1TR6. If you are in the US, select NI1. Select your country in the relevant field. The corresponding country code then appears in the field next to it. Finally, provide your Area Code and the Dial Prefix if necessary. If you do not want to log all your ISDN traffic, uncheck the Start ISDN Log option.

Activate Device defines how the ISDN interface should be started: At Boot Time causes the ISDN driver to be initialized each time the system boots. Manually requires you to load the ISDN driver as root with the command rcisdn start. On Hotplug, used for PCMCIA or USB devices, loads the driver after the device is plugged in. When finished with these settings, select OK.

In the next dialog, specify the interface type for your ISDN card and add ISPs to an existing interface. Interfaces may be either the SyncPPP or the RawIP type, but most ISPs operate in the SyncPPP mode, which is described below.

Figure 22.6: ISDN Interface Configuration #

The number to enter for My Phone Number depends on your particular setup:

For the connection to be terminated just before the next charge unit is due, enable ChargeHUP. However, remember that may not work with every ISP. You can also enable channel bundling (multilink PPP) by selecting the corresponding option. Finally, you can enable the firewall for your link by selecting External Firewall Interface and Restart Firewall. To enable the normal user without administrator permissions to activate or deactivate the interface, select the Enable Device Control for Non-root User via KInternet.

Details opens a dialog in which to implement more complex connection schemes which are not relevant for normal home users. Leave the Details dialog by selecting OK.

In the next dialog, configure IP address settings. If you have not been given a static IP by your provider, select Dynamic IP Address. Otherwise, use the fields provided to enter your host's local IP address and the remote IP address according to the specifications of your ISP. If the interface should be the default route to the Internet, select Default Route. Each host can only have one interface configured as the default route. Leave this dialog by selecting Next.

The following dialog allows you to set your country and select an ISP. The ISPs included in the list are call-by-call providers only. If your ISP is not in the list, select New. This opens the Provider Parameters dialog in which to enter all the details for your ISP. When entering the phone number, do not include any blanks or commas among the digits. Finally, enter your login and the password as provided by the ISP. When finished, select Next.

To use Dial on Demand on a stand-alone workstation, specify the name server (DNS server) as well. Most ISPs support dynamic DNS, which means the IP address of a name server is sent by the ISP each time you connect. For a single workstation, however, you still need to provide a placeholder address like 192.168.22.99. If your ISP does not support dynamic DNS, specify the name server IP addresses of the ISP. If desired, specify a time-out for the connection—the period of network inactivity (in seconds) after which the connection should be automatically terminated. Confirm your settings with Next. YaST displays a summary of the configured interfaces. To activate these settings, select OK.

Tip: IBM System z: Cable Modem

The configuration of this type of hardware is not supported on IBM System z platforms.

In some countries it is quite common to access the Internet through the TV cable network. The TV cable subscriber usually gets a modem that is connected to the TV cable outlet on one side and to a computer network card on the other (using a 10Base-TG twisted pair cable). The cable modem then provides a dedicated Internet connection with a fixed IP address.

Depending on the instructions provided by your ISP, when configuring the network card either select Dynamic Address or Statically Assigned IP Address. Most providers today use DHCP. A static IP address often comes as part of a special business account.

Tip: IBM System z: DSL

The configuration of this type of hardware is not supported on IBM System z platforms.

To configure your DSL device, select the DSL module from the YaST Network Devices section. This YaST module consists of several dialogs in which to set the parameters of DSL links based on one of the following protocols:

In the DSL Devices tab of the DSL Configuration Overview dialog, you will find a list of installed DSL devices. To change the configuration of a DSL device, select it in the list and click Edit. If you click Add, you can manually configure a new DSL device.

The configuration of a DSL connection based on PPPoE or PPTP requires that the corresponding network card be set up in the correct way. If you have not done so yet, first configure the card by selecting Configure Network Cards (see Section 22.4.1, “Configuring the Network Card with YaST”). In the case of a DSL link, addresses may be assigned automatically but not via DHCP, which is why you should not enable the option Dynamic Address. Instead, enter a static dummy address for the interface, such as 192.168.22.1. In Subnet Mask, enter 255.255.255.0. If you are configuring a stand-alone workstation, leave Default Gateway empty.

Tip

Values in IP Address and Subnet Mask are only placeholders. They are only needed to initialize the network card and do not represent the DSL link as such.

In the first DSL configuration dialog (see Figure 22.7, “DSL Configuration”), select the PPP Mode and the Ethernet Card to which the DSL modem is connected (in most cases, this is eth0). Then use Activate Device to specify whether the DSL link should be established during the boot process. Click Enable Device Control for Non-root User via KInternet to authorize the normal user without root permissions to activate or deactivate the interface with KInternet.

In the next dialog select your country and choose from a number of ISPs operating in it. The details of any subsequent dialogs of the DSL configuration depend on the options set so far, which is why they are only briefly mentioned in the following paragraphs. For details on the available options, read the detailed help available from the dialogs.

Figure 22.7: DSL Configuration #

To use Dial on Demand on a stand-alone workstation, also specify the name server (DNS server). Most ISPs support dynamic DNS—the IP address of a name server is sent by the ISP each time you connect. For a single workstation, however, provide a placeholder address like 192.168.22.99. If your ISP does not support dynamic DNS, enter the name server IP address provided by your ISP.

Idle Time-Out (seconds) defines a period of network inactivity after which to terminate the connection automatically. A reasonable time-out value is between 60 and 300 seconds. If Dial on Demand is disabled, it may be useful to set the time-out to zero to prevent automatic hang-up.

The configuration of T-DSL is very similar to the DSL setup. Just select T-Online as your provider and YaST opens the T-DSL configuration dialog. In this dialog, provide some additional information required for T-DSL—the line ID, the T-Online number, the user code and your password. All of these should be included in the information you received after subscribing to T-DSL.

SUSE Linux Enterprise Server for IBM System z supports several different types of network interfaces. YaST can be used to configure all of them.

22.4.6.3 The ctc Device #

To add a ctc (IBM parallel CTC Adapter) interface to the installed system, start the Network Devices › Network Settings module in YaST. Select one of the devices marked IBM Parallel CTC Adapter to use as your read channel and click Configure. Choose the Device Settings that fit your devices (usually this would be Compatibility Mode). Specify both your IP address and the IP address of the remote partner. If needed, adjust the MTU size with Advanced › Detailed Settings. Leave the network configuration with Next and OK.

Warning

The use of this interface is deprecated. This interface will not be supported in future versions of SUSE Linux Enterprise Server.

22.4.6.5 The IUCV Device #

To add an iucv (IUCV) interface to the installed system, start the Network Devices › Network Settings module in YaST. Select a device marked IUCV and click Edit. YaST prompts you for the name of your IUCV partner (Peer). Enter the name (this entry is case-sensitive) and select Next. Specify both the IP Address and the Remote IP Address of your partner. If needed, Set MTU size on General tab. Leave the network configuration with Next and OK.

Warning

The use of this interface is deprecated. This interface will not be supported in future versions of SUSE Linux Enterprise Server.

However, NetworkManager is not a suitable solution for all cases, so you can still choose between the traditional method for managing network connections (ifup) and NetworkManager. If you want to manage your network connection with NetworkManager, enable NetworkManager in the YaST Network Settings module as described in Section 27.2, “Enabling or Disabling NetworkManager” and configure your network connections with NetworkManager. For a list of use cases and a detailed description of how to configure and use NetworkManager, refer to Chapter 27, Using NetworkManager.

Some differences between ifup and NetworkManager include:

The individual network connection settings created with NetworkManager are stored in configuration profiles. The system connections configured with either NetworkManager or YaST are saved in /etc/networkmanager/system-connections/* or in /etc/sysconfig/network/ifcfg-*. Any user-defined connections are stored in GConf for GNOME or $HOME/.kde4/share/apps/networkmanagement/* for KDE.

In case no profile is configured, NetworkManager automatically creates one and names it Auto $INTERFACE-NAME. That is made in an attempt to work without any configuration for as many cases as (securely) possible. If the automatically created profiles do not suit your needs, use the network connection configuration dialogs provided by KDE or GNOME to modify them as desired. For more information, refer to Section 27.3, “Configuring Network Connections”.

On centrally administered machines, certain NetworkManager features can be controlled or disabled with PolicyKit, for example if a user is allowed to modify administrator defined connections or if a user is allowed to define his own network configurations. To view or change the respective NetworkManager policies, start the graphical Authorizations tool for PolicyKit. In the tree on the left side, find them below the network-manager-settings entry. For an introduction to PolicyKit and details on how to use it, refer to Chapter 9, PolicyKit.

This section provides an overview of the network configuration files and explains their purpose and the format used.

# Destination     Dummy/Gateway     Netmask            Device
#
127.0.0.0         0.0.0.0           255.255.255.0      lo
204.127.235.0     0.0.0.0           255.255.255.0      eth0
default           204.127.235.41    0.0.0.0            eth0
207.68.156.51     207.68.145.45     255.255.255.255    eth1
192.168.0.0       207.68.156.51     255.255.0.0        eth1

prefix/lengthgateway -            [interface]

prefixgatewaylength       [interface]

ipv4-networkgatewayipv4-netmask [interface]

2001:db8:abba:cafe::/64 2001:db8:abba:cafe::dead  -            eth0
208.77.188.0/24         208.77.188.166            -            eth0

2001:db8:abba:cafe::    2001:db8:abba:cafe::dead 64            eth0
208.77.188.0            208.77.188.166           24            eth0

208.77.188.0            208.77.188.166           255.255.255.0 eth0

# Our domain
search example.com
#
# We use dns.example.com (192.168.1.116) as name server
nameserver 192.168.1.116

127.0.0.1 localhost
192.168.2.100 jupiter.example.com jupiter
192.168.2.101 venus.example.com venus

loopback     127.0.0.0
localnet     192.168.0.0

# We have named running
order hosts bind
# Allow multiple address
multi on

passwd:     compat
group:      compat

hosts:      files dns
networks:   files dns

services:   db files
protocols:  db files
rpc:        files
ethers:     files
netmasks:   files
netgroup:   files nis
publickey:  files

bootparams: files
automount:  files nis
aliases:    files nis
shadow:     compat

Before you write your configuration to the configuration files, you can test it. To set up a test configuration, use the ip command. To test the connection, use the ping command. Older configuration tools, ifconfig and route, are also available.

The commands ip, ifconfig and route change the network configuration directly without saving it in the configuration file. Unless you enter your configuration in the correct configuration files, the changed network configuration is lost on reboot.

22.6.2.2 Testing a Connection with ping #

The ping command is the standard tool for testing whether a TCP/IP connection works. It uses the ICMP protocol to send a small data packet, ECHO_REQUEST datagram, to the destination host, requesting an immediate reply. If this works, ping displays a message to that effect, which indicates that the network link is basically functioning.

ping does more than only test the function of the connection between two computers: it also provides some basic information about the quality of the connection. In Example 22.10, “Output of the Command ping”, you can see an example of the ping output. The second-to-last line contains information about the number of transmitted packets, packet loss, and total time of ping running.

As the destination, you can use a hostname or IP address, for example, ping example.com or ping 192.168.3.100. The program sends packets until you press Ctrl–C.

If you only need to check the functionality of the connection, you can limit the number of the packets with the -c option. For example to limit ping to three packets, enter ping -c 3 example.com.

Example 22.10: Output of the Command ping #

ping -c 3 example.com
PING example.com (192.168.3.100) 56(84) bytes of data.
64 bytes from example.com (192.168.3.100): icmp_seq=1 ttl=49 time=188 ms
64 bytes from example.com (192.168.3.100): icmp_seq=2 ttl=49 time=184 ms
64 bytes from example.com (192.168.3.100): icmp_seq=3 ttl=49 time=183 ms
--- example.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2007ms
rtt min/avg/max/mdev = 183.417/185.447/188.259/2.052 ms

The default interval between two packets is one second. To change the interval, ping provides the option -i. For example, to increase the ping interval to ten seconds, enter ping -i 10 example.com.

In a system with multiple network devices, it is sometimes useful to send the ping through a specific interface address. To do so, use the -I option with the name of the selected device, for example, ping -I wlan1 example.com.

For more options and information about using ping, enter ping -h or see the ping (8) man page.

Tip: Pinging IPv6 Addresses

For IPv6 addresses use the ping6 command. Note, to ping link-local addresses, you must specify the interface with -I. The following command works, if the address is reachable via eth1:

ping6 -I eth1 fe80::117:21ff:feda:a425

22.6.2.3 Configuring the Network with ifconfig #

ifconfig is a network configuration tool.

Note: ifconfig and ip

The ifconfig tool is obsolete. Use ip instead. In contrast to ip, you can use ifconfig only for interface configuration. It limits interface names to 9 characters.

Without arguments, ifconfig displays the status of the currently active interfaces. As you can see in Example 22.11, “Output of the ifconfig Command”, ifconfig has very well-arranged and detailed output. The output also contains information about the MAC address of your device (the value of HWaddr) in the first line.

Example 22.11: Output of the ifconfig Command #

eth0      Link encap:Ethernet  HWaddr 00:08:74:98:ED:51
          inet6 addr: fe80::208:74ff:fe98:ed51/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:634735 errors:0 dropped:0 overruns:4 frame:0
          TX packets:154779 errors:0 dropped:0 overruns:0 carrier:1
          collisions:0 txqueuelen:1000
          RX bytes:162531992 (155.0 Mb)  TX bytes:49575995 (47.2 Mb)
          Interrupt:11 Base address:0xec80

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8559 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8559 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:533234 (520.7 Kb)  TX bytes:533234 (520.7 Kb)    

wlan1     Link encap:Ethernet  HWaddr 00:0E:2E:52:3B:1D
          inet addr:192.168.2.4  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::20e:2eff:fe52:3b1d/64 Scope:Link
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:50828 errors:0 dropped:0 overruns:0 frame:0
          TX packets:43770 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:45978185 (43.8 Mb)  TX bytes:7526693 (7.1 MB)

For more options and information about using ifconfig, enter ifconfig -h or see the ifconfig (8) man page.

22.6.2.4 Configuring Routing with route #

route is a program for manipulating the IP routing table. You can use it to view your routing configuration and to add or remove routes.

Note: route and ip

The program route is obsolete. Use ip instead.

route is especially useful if you need quick and comprehensible information about your routing configuration to determine problems with routing. To view your current routing configuration, enter route -n as root.

Example 22.12: Output of the route -n Command #

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.20.0.0       *               255.255.248.0   U         0 0          0 eth0
link-local      *               255.255.0.0     U         0 0          0 eth0
loopback        *               255.0.0.0       U         0 0          0 lo
default         styx.exam.com   0.0.0.0         UG        0 0          0 eth0

For more options and information about using route, enter route -h or see the route (8) man page.

Apart from the configuration files described above, there are also various scripts that load the network programs while the machine is booting. These are started as soon as the system is switched to one of the multiuser runlevels. Some of these scripts are described in Table 22.9, “Some Start-Up Scripts for Network Programs”.

In specific network environments (such as High Availability), there are cases when you need to replace a bonding slave interface with another one. The reason may be a constantly failing network device. The solution is to set up hotplugging of bonding slaves.

The bond is configured as usual (according to man 5 ifcfg-bonding), for example:

ifcfg-bond0   
          STARTMODE='auto' # or 'onboot'  
          BOOTPROTO='static'   
          IPADDR='192.168.0.1/24'   
          BONDING_MASTER='yes'   
          BONDING_SLAVE_0='eth0'   
          BONDING_SLAVE_1='eth1'   
          BONDING_MODULE_OPTS='mode=active-backup miimon=100'

but the slaves are specified with STARTMODE=hotplug and BOOTPROTO=none:

ifcfg-eth0   
          STARTMODE='hotplug'   
          BOOTPROTO='none'   

ifcfg-eth1   
          STARTMODE='hotplug'   
          BOOTPROTO='none'

BOOTPROTO=none uses the ethtool options (when provided), but does not set the link up on ifup eth0. The reason is that the slave interface is controlled by the bond master.

STARTMODE=hotplug causes the slave interface to join the bond automatically as soon as it is available.

The udev rules in /etc/udev/rules.d/70-persistent-net.rules have to be changed to match the device by bus ID (udev KERNELS keyword equal to "SysFS BusID" as visible in hwinfo --netcard) instead of by MAC address to allow to replacement of defective hardware (a network card in the same slot but with a different MAC), and to avoid confusion as the bond changes the MAC address of all its slaves.

For example:

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
KERNELS=="0000:00:19.0", ATTR{dev_id}=="0x0", ATTR{type}=="1",
KERNEL=="eth*", NAME="eth0"

At boot time, /etc/init.d/network does not wait for the hotplug slaves, but for the bond to become ready, which requires at least one available slave. When one of the slave interfaces gets removed (unbind from NIC driver, rmmod of the NIC driver or true PCI hotplug remove) from the system, the kernel removes it from the bond automatically. When a new card is added to the system (replacement of the hardware in the slot), udev renames it using the bus-based persistent name rule to the name of the slave, and calls ifup for it. The ifup call automatically joins it into the bond.

The connections provided by smpppd are automatically configured by YaST. The actual dial-up programs KInternet and cinternet are also pre-configured. Manual settings are only required to configure additional features of smpppd such as remote control.

The configuration file of smpppd is /etc/smpppd.conf. By default, it does not enable remote control. The most important options of this configuration file are:

More information about smpppd is available in the smpppd(8) and smpppd.conf(5) man pages.

cinternet can be used to control a local or remote smpppd. cinternet is the command-line counterpart to the graphical KInternet. To prepare these utilities for use with a remote smpppd, edit the configuration file /etc/smpppd-c.conf manually or using cinternet. This file only uses four options:

If smpppd is active, try to access it. For example, with cinternet --verbose --interface-list. In case of difficulties at this point, refer to the smpppd-c.conf(5) and cinternet(8) man pages.