Managing network interfaces and routes

Now that we've discussed network addressing and transfer protocols, we'll have to learn how to configure and manage network interfaces and routes to ensure reliable connectivity. Most modern Linux distributions would do a pretty good job of automatically pointing a standard network interface device like an ethernet card to a DHCP server during the installation process. However, there will definitely be times when you'll need a non-standard connectivity profile, and for that, you're going to have to know both what to configure and how. First of all, it'll be helpful to understand how Linux identifies network interfaces. Depending on the specific distribution you're using, an ethernet interface might be called some variation of eth0, eth1, eth2, or em0, em1, and so on. While wireless interfaces are likely designated as wlan0 or wlan1. If you'd like to see which interfaces are currently active on your system, you could run ifconfig, or on newer systems, ip a. This shows us a device called eth0, its mac or hardware address, and IPv4 and IPv6 IP addresses. If the interface you're looking for doesn't show up, perhaps because something is keeping it from being loaded at boot time, you can search through dmesg greping for possible names. If you're confident that your interface is properly configured, you can bring it up using either ifup or ip link set dev, which applies the set command to the object and type link specifying eth1 as the link and telling Linux to bring the device up. If your interface has not been configured, you can do that either from the command line, as we'll see in a moment, or by editing a configurable file. On Ubuntu, for instance, the /etc/network/interfaces file contains editable settings for each device. On Fedora, you'll find individual files in the /etc/sys/config/network-scripts directory.

As I mentioned just before, you can also configure an interface directly from the command line. Using ip, you can add a static IP address and set its netmask using ip a add followed by the address, a slash, and then the netmask. In this case, that's 255.255.255.0. You then specify the device name, eth1 in our case. Since I don't actually have a device named eth1 in this system, this command will obviously fail. Assuming that eth1 did exist, you would now need to restart the interface using ip link set dev. If you'd like to shut an interface down, perhaps in order to change its configuration or to restart it if it's not responding the way it should, you can use ip link set dev eth1 down. As we mentioned earlier, these last two functions can also be performed using a lot fewer keystrokes using ifup and ifdown. I would note that if you're logged in remotely to a server through SSH, you've got to be very careful bringing interfaces up or down as it could easily kill your current session and force you to travel to the server to restart it.

Let's review. ifconfig by itself will display information on all the network interfaces currently running on your system. ip a is a newer way of doing the same thing. ifup and ifdown or ip link set dev/eth1 up or down will start or stop an interface.

Configuring network routes and aliases

Interface information is kept in files like etc/network/interfaces on Debian systems and within the etc/sysconfig/networkscripts directory on others. You can use ip a add to set a value for a device from the command line. To be properly configured, a device needs an IP address and a subnet, both of which we've already discussed, but it also requires a default gateway router address so processes can find their way out of the computer and on to the wider network, and in some cases, an identifiable host name.

We'll talk about both of those now. The route command will display the current system route table. In this case, we can see that the network gateway runs through 10.0.31 using eth0. If we wanted to manually change the default route, we would run the route add default command entering the IP address of the new route that we would like to use. GW, by the way, stands for gateway. Using ip, you would use route add default via followed by the new route IP address. If you're trying to connect to a new router using DHCP, meaning you'd like the router to assign your computer a dynamic IP address, you might have to run dhclient from the command line to start that process off manually. dhclient, by the way, stands for dynamic host configuration protocol client. So that local processes and authorized network clients should be able to properly identify your computer, it should have a host name. This name, often the name you gave your computer during installation, is contained in a very simple file in the etc directory called host name. You can edit this file whenever you like, but you should also remember to update another file, /etc/host, which maps your host name to appropriate IP addresses. In this case, 127.0.1.1. You can add an alias name to the same line if you like. You can also add ip alias pairs to this file to make external connections easier. This example will make the letter G an alias for the IP address of Google.com. You can then simply run any local command, say, wget g and access the site. Finally, the etc/nsswitch.conf file contains pointers to various system configuration files. It also tells you the order by which resources will be consulted by the system. So in our case, the system is looking for a mac address known here as ethers. We'd first look through a DB (files like /etc/passwd or /etc/shadow are considered DBs for this purpose), and then through system files. The "compat" method, will sync entries in a file like passwd by following inline instructions (usually a leading + or - sign).

Let's do some review. Route will display your current routing information, while route add default gw or ip route add default via will edit it. dhclient can be used to manually establish your computer as a DHCP client. The /etc/hosting file contains your system's host name, and /etc/host maps DNS names and aliases to IP addresses. The etc/nsswitch.conf file points to various kinds of configuration data.

Working with AWS Virtual Private Clouds (VPCs)

Now is probably a good time to take a quick look at Amazon Web Services Virtual Private Clouds, VPCs. VPCs are AWS's primary networking architecture and are designed to help you effectively and securely manage all a project's compute resources. Any traffic moving within a VPC or to or from any external networks must successfully pass through a number of layers before it can reach its target, starting from the outer edge as an Internet gateway, which must be referenced by a route table before allowing anything through. Route tables in turn can be connected to individual subnets, whose access is controlled by access control lists, ACLs. Once past an ACL into a subnet, traffic will still fail to reach a computer database instance unless it's allowed by the rules of that instance's security group. And of course, as we've seen, you can further take advantage of various local security tools within an instance, which after all, is nothing more or less than a server.