Docker Networking Cookbook
By Jon Langemak
()
About this ebook
Related to Docker Networking Cookbook
Related ebooks
WebRTC Cookbook Rating: 0 out of 5 stars0 ratingsMonitoring Docker Rating: 0 out of 5 stars0 ratingsLearning Puppet for Windows Server Rating: 0 out of 5 stars0 ratingsLearning CoreOS Rating: 0 out of 5 stars0 ratingsOpenStack Essentials Rating: 0 out of 5 stars0 ratingsRaspberry Pi Server Essentials Rating: 0 out of 5 stars0 ratingsExtending Docker Rating: 0 out of 5 stars0 ratingsNode.js High Performance Rating: 0 out of 5 stars0 ratingsRust Servers, Services, and Apps Rating: 0 out of 5 stars0 ratingsRust Web Development: With warp, tokio, and reqwest Rating: 0 out of 5 stars0 ratingsMastering Ubuntu Server Rating: 5 out of 5 stars5/5WebRTC Integrator's Guide Rating: 5 out of 5 stars5/5SELinux System Administration - Second Edition Rating: 0 out of 5 stars0 ratingsDNS in Action Rating: 0 out of 5 stars0 ratingsSELinux Cookbook Rating: 0 out of 5 stars0 ratingsI am Linux : Being A Ultra Linux User Rating: 0 out of 5 stars0 ratingsHyperledger Fabric A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsLearning Linux Binary Analysis Rating: 4 out of 5 stars4/5Mastering the Nmap Scripting Engine Rating: 0 out of 5 stars0 ratingsHow to Do Everything: Ubuntu: Ubuntu Linux Rating: 0 out of 5 stars0 ratingsInstant Netcat Starter Rating: 4 out of 5 stars4/5Building Games with Ethereum Smart Contracts: Intermediate Projects for Solidity Developers Rating: 0 out of 5 stars0 ratingsSquid Proxy Server 3.1 Beginner's Guide Rating: 3 out of 5 stars3/5Instant Traffic Analysis with Tshark How-to Rating: 0 out of 5 stars0 ratingsLINUX FOR NOVICES: A Beginner's Guide to Mastering the Linux Operating System (2023) Rating: 0 out of 5 stars0 ratingsDesigning and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filter Rating: 0 out of 5 stars0 ratingsArch Linux: Fast and Light! Rating: 3 out of 5 stars3/5
Operating Systems For You
Linux Bible Rating: 0 out of 5 stars0 ratingsMake Your PC Stable and Fast: What Microsoft Forgot to Tell You Rating: 4 out of 5 stars4/5Bash Command Line Pro Tips Rating: 5 out of 5 stars5/5Linux Command-Line Tips & Tricks Rating: 0 out of 5 stars0 ratingsExcel : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Excel Programming: 1 Rating: 5 out of 5 stars5/5Linux: Learn in 24 Hours Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5OneNote: The Ultimate Guide on How to Use Microsoft OneNote for Getting Things Done Rating: 1 out of 5 stars1/5Linux Command Line and Shell Scripting Bible Rating: 3 out of 5 stars3/5Windows 11 For Dummies Rating: 0 out of 5 stars0 ratingsPowerShell: A Comprehensive Guide to Windows PowerShell Rating: 4 out of 5 stars4/5Exploring Windows 11: The Illustrated, Practical Guide to Using Microsoft Windows Rating: 0 out of 5 stars0 ratingsLinux All-In-One For Dummies Rating: 2 out of 5 stars2/5The Linux Command Line Beginner's Guide Rating: 4 out of 5 stars4/5macOS Sonoma For Dummies Rating: 0 out of 5 stars0 ratingsThe Mac Terminal Reference and Scripting Primer Rating: 4 out of 5 stars4/5iPhone 12, iPhone Pro, and iPhone Pro Max For Senirs: A Ridiculously Simple Guide to the Next Generation of iPhone and iOS 14 Rating: 0 out of 5 stars0 ratingsiPhone For Dummies Rating: 0 out of 5 stars0 ratingsXDA Developers' Android Hacker's Toolkit: The Complete Guide to Rooting, ROMs and Theming Rating: 2 out of 5 stars2/5Raspberry Pi for Secret Agents - Second Edition Rating: 3 out of 5 stars3/5Windows 11 All-in-One For Dummies Rating: 5 out of 5 stars5/5The Windows Command Line Beginner's Guide: Second Edition Rating: 4 out of 5 stars4/5Mac Unlocked: Everything You Need to Know to Get Cracking in macOS Big Sur Rating: 0 out of 5 stars0 ratingsNetworking for System Administrators: IT Mastery, #5 Rating: 5 out of 5 stars5/5Learn SQL Server Administration in a Month of Lunches Rating: 3 out of 5 stars3/5Getting Started With MacBook Air (2020 Model): A Guide For New MacOS Users Rating: 0 out of 5 stars0 ratings
Reviews for Docker Networking Cookbook
0 ratings0 reviews
Book preview
Docker Networking Cookbook - Jon Langemak
Table of Contents
Docker Networking Cookbook
Credits
About the Author
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and more
Why Subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
1. Linux Networking Constructs
Introduction
Working with interfaces and addresses
Getting ready
How to do it…
Configuring Linux host routing
Getting ready
How to do it…
Exploring bridges
Getting ready
How to do it…
Making connections
Getting ready
How to do it…
Exploring network namespaces
Getting ready
How to do it…
2. Configuring and Monitoring Docker Networks
Introduction
Verifying host-level settings that impact Docker networking
Getting ready
How to do it…
Connecting containers in bridge mode
Getting ready
How to do it…
Exposing and publishing ports
Getting ready
How to do it…
Connecting containers to existing containers
Getting ready
How to do it…
Connecting containers in host mode
Getting ready
How to do it…
Configuring service-level settings
Getting ready
How to do it…
docker0 bridge addressing
Docker interface binding for published ports
Container interface MTU
Container default gateway
3. User-Defined Networks
Introduction
Viewing the Docker network configuration
Getting ready
How to do it…
Bridge
None
Host
Creating user-defined networks
Getting ready
How to do it…
Connecting containers to networks
Getting ready
How to do it…
Defining a user-defined bridge network
Getting ready
How to do it…
Example 1
Example 2
Creating a user-defined overlay network
Getting ready
A key-value store
Linux kernel version of 3.16
Open ports
Docker service configuration options
How to do it…
Isolating networks
Getting ready
How to do it…
Creating internal user-defined bridges
Creating internal user-defined overlays
4. Building Docker Networks
Introduction
Manually networking containers
Getting ready
How to do it…
Specifying your own bridge
Getting ready
How to do it…
Using an OVS bridge
Getting ready
How to do it…
Using an OVS bridge to connect Docker hosts
Getting ready
How to do it…
OVS and Docker together
Getting ready
How to do it…
5. Container Linking and Docker DNS
Introduction
Verifying a host-based DNS configuration inside a container
Getting ready
How to do it…
Overriding the default name resolution settings
Getting ready
How to do it…
Configuring links for name and service resolution
Getting ready
How to do it…
Leveraging Docker DNS
Getting ready
How to do it…
Creating Docker DNS aliases
Getting ready
How to do it…
6. Securing Container Networks
Introduction
Enabling and disabling ICC
Getting ready
How to do it…
Disabling outbound masquerading
Getting ready
How to do it…
Managing netfilter to Docker integration
Getting ready
How to do it…
Manually creating the required iptables rules
Creating custom iptables rules
Getting ready
How to do it…
Exposing services through a load balancer
Getting ready
How to do it…
7. Working with Weave Net
Introduction
Installing and configuring Weave
Getting ready
How to do it…
Running Weave-connected containers
Getting ready
How to do it…
Understanding Weave IPAM
Getting ready
How to do it…
Working with WeaveDNS
Getting ready
How to do it…
Weave security
Getting ready
How to do it…
Using the Weave network plugin
Getting ready
How to do it…
8. Working with Flannel
Introduction
Installing and configuring Flannel
Getting ready
How to do it…
Integrating Flannel with Docker
Getting ready
How to do it…
Using the VXLAN backend
Getting ready
How to do it…
Using the host gateway backend
Getting ready
How to do it…
Specifying Flannel options
Getting ready
How to do it…
9. Exploring Network Features
Introduction
Working with prerelease versions of Docker
Getting ready
How to do it…
Understanding MacVLAN interfaces
Getting ready
How to do it…
Working with the Docker MacVLAN network driver
Getting ready
How to do it…
Understanding IPVLAN interfaces
Getting ready
How to do it…
Working with the Docker IPVLAN network driver
Getting ready
How to do it…
Tagging VLAN IDs with MacVLAN and IPVLAN networks
Getting ready
How to do it…
10. Leveraging IPv6
Introduction
IPv6 command-line basics
Getting ready
How to do it…
Enabling IPv6 capabilities in Docker
Getting ready
How to do it…
Working with IPv6-enabled containers
Getting ready
How to do it…
Configuring NDP proxying
Getting ready
How to do it…
User-defined networks and IPv6
Getting ready
How to do it…
11. Troubleshooting Docker Networks
Introduction
Using tcpdump to verify network paths
Getting ready
How to do it…
Verifying VETH pairs
Getting ready
How to do it…
Verifying published ports and outbound masquerading
Getting ready
How to do it…
Verifying name resolution
Getting ready
How to do it…
Building a test container
Getting ready
How to do it…
Resetting the local Docker network database
Getting ready
How to do it…
Index
Docker Networking Cookbook
Docker Networking Cookbook
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: November 2016
Production reference: 1231116
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78646-114-8
www.packtpub.com
Credits
Author
Jon Langemak
Reviewer
Francisco Souza
Commissioning Editor
Priya Singh
Acquisition Editor
Rahul Nair
Content Development Editor
Rashmi Suvarna
Technical Editor
Mohd Riyan Khan
Copy Editor
Dipti Mankame
Project Coordinator
Judie Jose
Proofreader
Safis Editing
Indexer
Pratik Shirodkar
Graphics
Kirk D'Penha
Production Coordinator
Deepika Naik
Cover Work
Deepika Naik
About the Author
Jon Langemak has over 10 years of experience in designing, building, and maintaining high-performance networks. He is passionate about network operations, automation, and open source tooling. His current focus is on disruptive technologies and the impact they have on network operations. Outside of work, Jon blogs at dasblinkenlichten.com and enjoys collaborating with others in the network community on new ideas and concepts.
I would like to thank my wife for her encouragement and for tolerating the countless days of late night writing. I would also like to thank all of the amazing people in the networking community I've had the privilege to meet over the past few years. I consider myself lucky to call many of you friends and appreciate all the support and inspiration you continue to provide me. And finally, I'd like to thank my parents, who piqued my interest in computing by giving me my first computer in elementary school. Thank you for supporting my interests and ambitions; you have always been there for me.
About the Reviewer
Francisco Souza is a senior software engineer working with video publishing platforms at The New York Times. Prior to that, he worked with the open source PaaS Tsuru, created back in 2012 and later adapted to leverage Docker for container management. Francisco is also a Docker Captain, and he likes to explore topics such as concurrency, parallelism, and distributed systems.
He has also worked as a reviewer in the book Extending Docker, Russ McKendrick, Packt publishing.
www.PacktPub.com
eBooks, discount offers, and more
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www.packtpub.com/mapt
Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.
Why Subscribe?
Fully searchable across every book published by Packt
Copy and paste, print, and bookmark content
On demand and accessible via a web browser
Preface
The aim of this book is to provide you with in-depth knowledge of how Docker implements container networking. Whether you use Docker every day or are just getting started, this book will introduce you to how Docker uses Linux networking primitives to network containers. Through numerous examples, we’ll cover everything from the fundamentals of Linux networking to the latest Docker networking drivers. Along the way, we’ll also look at integrating existing networking constructs and third-party plugins into Docker. The end goal is for you to be comfortable with the process Docker uses to provide networking capabilities to containers.
Like many open source projects, Docker is a fast-moving piece of software. At the time of publication, the most recent version of Docker was 1.12. I’ve done my best to ensure that the content in this book reflects the most up-to-date features and configurations based on this version. Regardless of the version, many of these features have existed in one form or another since the very early versions of Docker. So while there have been significant changes in Docker networking over the last couple of years, much of the network functionality is still implemented in the same manner. It is for this reason that I believe the majority of the content in this book will remain relevant for a long time to come.
What this book covers
Chapter 1, Linux Networking Constructs, will focus on introducing you to Linux networking primitives. Topics such as interface creation, addressing, and general connectivity will be discussed in detail. You will also be introduced to common Linux command-line syntax and tooling as it relates to Linux host network configuration. Understanding these basic constructs will greatly increase your ability to understand how Docker handles container networking.
Chapter 2, Configuring and Monitoring Docker Networks, explains the default means in which Docker handles container networking. These include bridge, host, and mapped container modes of Docker network operation. We’ll also begin our exploration of how Docker handles mapping container-based services to the outside or external network. There will also be discussion around Linux host requirements for Docker networking and some of the possible Docker service-level parameters that can be modified.
Chapter 3, User-Defined Networks, begins our discussion on Docker user-defined networks. The advent of user-defined networks has greatly increased the flexibility of Docker networking providing the end user far more possibilities in regard to container connectivity. We’ll discuss the syntax required to create user-defined networks as well as show examples of how to create user-defined bridge and overlay-based networks. Finally, we’ll cover some options to isolate network segments within Docker.
Chapter 4, Building Docker Networks, begins with a deep dive into how Docker provides container connectivity. Starting with a container that was provisioned without a network interface, we’ll cover all the steps required in order to get the container communicating on the network. We’ll then move on to discuss other options to use custom bridges with Docker and cover multiple use cases related to using OVS in conjunction with Docker.
Chapter 5, Container Linking and Docker DNS, discusses the available options for container name resolution. This includes both the default name resolution behavior as well as the new embedded DNS server functionality that exists with user-defined networks. You will become comfortable with the process used to determine name server assignment in each of these scenarios.
Chapter 6, Securing Container Networks, shows a variety of features and strategies that are related to container security. You will be exposed to several options to limit the scope of container exposure and connectivity. We’ll also discuss options to implement a container-based load balancer that utilizes a user-defined overlay network.
Chapter 7, Working with Weave Net, will be our first look at a third-party networking solution that integrates with Docker. Weave provides multiple methods to integrate with Docker including its own CLI tool as well as a full-blown Docker driver. An example of using Weave to provide network isolation will also be demonstrated.
Chapter 8, Working with Flannel, examines the third-party network plugin built by the team at CoreOS. Flannel is an interesting example of how a networking plugin can be integrated into Docker just by changing Docker service-level parameters. In addition to providing overlay type networking, Flannel also offers a host gateway backend that allows the hosts to route directly to each other so long as they meet certain requirements.
Chapter 9, Exploring Network Features, focuses on how newer networking features are integrated into Docker. We’ll examine how you can gain access to and test these new features by evaluating different versions of Docker engine. Through the course of the chapter, we’ll also examine the now integrated MacVLAN network driver as well as the IPVLAN network driver, which is still in testing.
Chapter 10, Leveraging IPv6, covers IPv6 and Docker’s support of it. IPv6 is a big topic and one that deserves a great amount of attention considering the current state of IPv4. In this chapter, we’ll review some of the basics of working with IPv6 on a Linux system. We’ll then spend some time reviewing how Docker supports IPv6 and discuss some of the options you have around deployment.
Chapter 11, Troubleshooting Docker Networks, examines some of the common steps you might take when troubleshooting Docker networking. The focus will be on validating the configuration, but you’ll also learn some steps you can take to prove that the configuration is working as intended.
What you need for this book
All of the labs shown in this book were performed on Ubuntu Linux hosts running version 16.04 and Docker engine version 1.12.
Note
You’ll note that the network interface names used on the hosts in this book use the familiar eth (eth0, eth1, and so on) naming convention. While this is still the standard on many versions of Linux, newer versions that run systemd (such as Ubuntu 16.04) now use something called Predictable Network Interface Names (PNIN). With PNIN, the network interface uses more predictable names based on the information about the interface itself. In these cases, the interface names will show up using different names, such as ens1 or ens32. For the sake of making the content in this book easier to understand, I chose to disable PNIN on all of the hosts. If you’re interested in doing the same instructions can be found by doing a web search for ‘Ubuntu disable predictable interface names’. If you chose not to, just know that your interface names will show up differently than mine do in the examples.
The requirements for labs shown in this book are included at the beginning of each recipe. Later recipes may build on configurations shown in earlier recipes.
Who this book is for
This book is for people who are interested in learning more about how Docker implements container networking. While the recipes cover many of the basics required to get you up and running, it is assumed that you have a working knowledge of Linux and Docker. It is also assumed that you have a basic understanding of networking.
Conventions
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, file paths, and executables are shown as follows:
Interfaces on the host can be seen by using the ip link show command
.
Any command-line input or output is written as follows:
user@net1:~$ sudo ifdown eth1 && sudo ifup eth1
When possible any multiline command-line input will be written using the Linux line continuation method of including a trailing \ at the end of the line to be continued:
user@net1:~$ sudo ip netns exec ns_1 ip link set \
dev edge_veth1 master edge_bridge1
In some cases command-line output will also be multiline. In those cases, formatting was done in an effort to make the output easily readable.
When we wish to draw your attention to a particular part of command-line output, the relevant lines or items are set in bold:
user@net2:~$ ip addr show eth0
2: eth0:
link/ether 00:0c:29:59:ca:ca brd ff:ff:ff:ff:ff:ff
inet
172.16.10.2/26
brd 172.16.10.63 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe59:caca/64 scope link
valid_lft forever preferred_lft forever
user@net2:~$
Note
Warnings or important notes appear in a box like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <[email protected]>, and mention the book’s title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
Questions
If you have a problem with any aspect of this book, you can contact us at <[email protected]>, and we will do our best to address the problem.
Chapter 1. Linux Networking Constructs
In this chapter, we will cover the following recipes:
Working with interfaces and addresses
Configuring Linux host routing
Exploring bridges
Making connections
Exploring network namespaces
Introduction
Linux is a powerful operating system with many robust networking constructs. Much like any networking technology, they are powerful individually but become much more powerful when combined in creative ways. Docker is a great example of a tool that combines many of the individual components of the Linux network stack into a complete solution. While Docker manages most of this for you, it's still helpful to know your way around when looking at the Linux networking components that Docker uses.
In this chapter, we'll spend some time looking at these constructs individually outside of Docker. We'll learn how to make network configuration changes on Linux hosts and validate the current state of the network configuration. While this chapter is not dedicated to Docker itself, it is important to understand the primitives for later chapters, where we discuss how Docker uses these constructs to network containers.
Working with interfaces and addresses
Understanding how Linux handles networking is an integral part of understanding how Docker handles networking. In this recipe, we'll focus on Linux networking basics by learning how to define and manipulate interfaces and IP addresses on a Linux host. To demonstrate the configuration, we'll start building a lab topology in this recipe and continue it through the other recipes in this chapter.
Getting ready
In order to view and manipulate networking settings, you'll want to ensure that you have the iproute2 toolset installed. If it's not present on the system, it can be installed using the following command:
sudo apt-get install iproute2
In order to make network changes to the host, you'll also need root-level access.
For the purpose of demonstration in this chapter, we'll be using a simple lab topology. The initial network layout of the host looks like this:
In this case, we have three hosts, each with a single eth0 interface already defined:
net1: 10.10.10.110/24 with a default gateway of 10.10.10.1
net2: 172.16.10.2/26
net3: 172.16.10.66/26
How to do it…
The network configuration on most end hosts is generally limited to the IP address, the subnet mask, and the default gateway of a single interface. This is because most hosts are network endpoints offering a discrete set of services on a single IP interface. But what happens if we want to define more interfaces or manipulate the existing one? To answer that question, let's first look at simple single-homed server such as net2 or net3 in the preceding example.
On Ubuntu hosts, all of the interface configuration is done in the /etc/network/interfaces file. Let's examine that file on the host net2:
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 172.16.10.2
netmask 255.255.255.192
We can see that this file defines two interfaces—the local loopback interface and the interface eth0. The eth0 interface defines the following information:
address: The IP address of the hosts interface
netmask : The subnet mask associated with the IP interface
The information in this file will be processed each time the interface attempts to come into the up or operational state. We can validate that this configuration file was processed at system boot by checking the current IP address of the interface eth0 with the ip addr show
user@net2:~$ ip addr show eth0
2: eth0:
link/ether 00:0c:29:59:ca:ca brd ff:ff:ff:ff:ff:ff
inet 172.16.10.2/26 brd 172.16.10.63 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe59:caca/64 scope link
valid_lft forever preferred_lft forever
user@net2:~$
Now that we've reviewed a single-homed configuration, let's take a look and see what it would take to configure multiple interfaces on a single host. As things stand, the net1 host is the only host that has any sort of reachability off its local subnet. This is because it has a defined default gateway pointing back to the rest of the network. In order to make net2 and net3 reachable we need to find a way to connect them back to the rest of the network as well. To do this, let's assume that the host net1 has two additional network interfaces that we can connect directly to hosts net2 and net3:
Let's walk through how to configure additional interfaces and IP addresses on the net1 to complete the topology.
The first thing we want to do is verify that we have additional interfaces available to work with on net1. To do this, we would use the ip link show command:
user@net1:~$ ip link show
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2:
eth0
:
link/ether 00:0c:29:2d:dd:79 brd ff:ff:ff:ff:ff:ff
3:
eth1
:
link/ether 00:0c:29:2d:dd:83 brd ff:ff:ff:ff:ff:ff
4:
eth2
:
link/ether 00:0c:29:2d:dd:8d brd ff:ff:ff:ff:ff:ff
user@net1:~$
We can see from the output that in addition to the eth0 interface, we also have interfaces eth1 and eth2 available to us. To see which interfaces have IP addresses associated with them, we can use the ip address show command:
user@net1:~$ ip address show
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0:
link/ether 00:0c:29:2d:dd:79 brd ff:ff:ff:ff:ff:ff
inet
10.10.10.110/24
brd 10.10.10.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2d:dd79/64 scope link
valid_lft forever preferred_lft forever
3: eth1:
link/ether 00:0c:29:2d:dd:83 brd ff:ff:ff:ff:ff:ff
4: eth2:
link/ether 00:0c:29:2d:dd:8d brd ff:ff:ff:ff:ff:ff
user@net1:~$
The preceding output proves that we currently only have a single IP address allocated on the interface eth0. This means that we can use the interface eth1 for connectivity to server net2 and eth2 for connectivity to the server net3.
There are two ways we can configure these new interfaces. The first is to update the network configuration file on net1 with the relevant IP address information. Let's do that for the link facing the host net2. To configure this connectivity, simply edit the file /etc/network/interfaces and add the relevant configuration for both interfaces. The finished configuration should look like this:
# The primary network interface
auto eth0
iface eth0 inet static
address 10.10.10.110
netmask 255.255.255.0
gateway 10.10.10.1
auto eth1 iface eth1 inet static address 172.16.10.1 netmask 255.255.255.192
Once the file is saved, you need to find a way to tell the system to reload the configuration file. One way to do this would be to reload the system. A simpler method would be to reload the interfaces. For instance, we could execute the following commands to reload interface eth1:
user@net1:~$ sudo ifdown eth1 && sudo ifup eth1
ifdown: interface eth1 not configured
user@net1:~$
Note
While not required in this case, bringing the interface down and up at the same time is a good habit to get into. This ensures that you don't cut yourself off if you take down the interface you're managing the host from.
In some cases, you may find that this method of updating the interface configuration doesn't work as expected. Depending on your version of Linux, you may experience a condition where the previous IP address is not removed from the interface causing the interface to have multiple IP addresses. To resolve this, you can manually delete the old IP address or alternatively reboot the host, which will prevent legacy configurations from persisting.
After the commands are executed, we should be able to see that the interface eth1 is now properly addressed:
user@net1:~$ ip addr show dev eth1
3:
eth1
:
link/ether 00:0c:29:2d:dd:83 brd ff:ff:ff:ff:ff:ff
inet
172.16.10.1/26
brd 172.16.10.63 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2d:dd83/64 scope link
valid_lft forever preferred_lft forever
user@net1:~$
To configure the interface eth2 on host net1, we'll use a different approach. Rather than relying on configuration files, we'll use the iproute2 command-line to update the configuration of the interface. To do this, we simply execute the following commands:
user@net1:~$ sudo ip address add 172.16.10.65/26 dev eth2
user@net1:~$ sudo ip link set eth2 up
It should be noted here that this configuration is not persistent. That is, since it's not part of a configuration file that's loaded at system initialization, this configuration will be lost on reboot. This is the same case for any network-related configuration done manually with the iproute2 or other command-line toolsets.
Note
It is the best practice to configure interface information and addressing in the network configuration file. Altering interface configuration outside of the configuration file is done in these recipes for the purpose of example only.
Up to this point, we've only modified existing interfaces by adding IP information to them. We have not actually added a new interface to any of the systems. Adding interfaces is a fairly common task, and, as later