CentOS 7 IPv4 and IPv6 network configuration

This is a typical interface configuration file in CentOS 7 which shows the following:

1- Which directives have to be commented out (if they exist)

2- The value of important parameters is highlighted ( BOOTPROTO, IPV6INIT, ONBOOT)

3- How multiple IPv4 can be added to the interface ( IPADDR0, PREFIX0, IPADDR1, PREFIX1, etc.)

4- How multiple IPv6 can be added to the interface ( IPV6ADDR_SECONDARIES )

[root@Node227 network-scripts]# cd /etc/sysconfig/network-scripts/

[root@Node227 network-scripts]# vi ifcfg-eno1

TYPE=Ethernet

BOOTPROTO=static

# DEFROUTE=yes

# IPV4_FAILURE_FATAL=no

IPV6INIT=yes

# IPV6_AUTOCONF=yes

# IPV6_DEFROUTE=yes

# IPV6_FAILURE_FATAL=no

NAME=eno1

UUID=e274defc-5b1e-4ce1-b171-24e84131b002

ONBOOT=yes

HWADDR=00:1E:C9:BA:AC:23

IPADDR0=199.x.x.x

PREFIX0=23

IPADDR1=199.x.x.x

PREFIX1=23

IPADDR2=199.x.x.x

PREFIX2=23

IPV6ADDR=26xx:xxxx:0:2::227/64

IPV6ADDR_SECONDARIES=”26xx:xxxx:0:2::2227/64 26xx:xxxx:0:2::4227/64″

# GATEWAY0=199.x.x.x

# DNS1=208.x.x.x

# DNS2=208.x.x.x

# IPV6_PEERDNS=yes

# IPV6_PEERROUTES=yes

In order for the changes to take effect we have to restart the network service.

# service network restart

—————————————————————————————————-

With the above configuration we verify both IPv4 and IPv6 on interface eno1

[root@Node227 network-scripts]# ip -4 addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000

    inet 199.x.x.x/23 brd 199.x.x.255 scope global eno1

       valid_lft forever preferred_lft forever

    inet 199.x.x.x/23 brd 199.x.x.255 scope global secondary eno1

       valid_lft forever preferred_lft forever

    inet 199.x.x.x/23 brd 199.x.x.255 scope global secondary eno1

       valid_lft forever preferred_lft forever

 

[root@Node227 network-scripts]# ip -6 addr

 

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000

    inet6 26xx:xxxx:0:2::4227/64 scope global

       valid_lft forever preferred_lft forever

    inet6 26xx:xxxx:0:2::2227/64 scope global

       valid_lft forever preferred_lft forever

    inet6 26xx:xxxx:0:2::227/64 scope global

       valid_lft forever preferred_lft forever

    inet6 fe80::21e:c9ff:feba:ac23/64 scope link

       valid_lft forever preferred_lft forever

 

If multiple IPv4 are added to interface script they don’t show up in ifconfig but they are shown by ip addr show.

The other alternative is to create alias interfaces.

 

# cp  ifcfg-eno1  ifcfg-eno1:1

# vi ifcfg-eno1:1

 TYPE=Ethernet

BOOTPROTO=static

IPV6INIT=yes

NAME=eno1:1

# UUID=e274defc-5b1e-4ce1-b171-24e84131b002

ONBOOT=yes

HWADDR=00:1E:C9:BA:AC:23

IPADDR=199.x.x.x

PREFIX=23

[broadcast=199.x.x.255]

And if we want to do it from command line:

# ip addr add 199.x.x.x/23 [broadcast 199.x.x.255] dev eno1 label eno1:1

adding the broadcast address for alias interface is optional.

# ip -4 addr sh dev eno1

 2: eno1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000

    inet 199.x.x.x/23 brd 199.x.x.255 scope global eno1

       valid_lft forever preferred_lft forever

    inet 199.x.x.x/23 brd 199.x.x.255 scope global secondary eno1

       valid_lft forever preferred_lft forever

    inet 199.x.x.149/23 scope global secondary eno1:1

       valid_lft forever preferred_lft forever

————————————————————————————————————————

Configuring Gateway and DNS

In order to configure Gateway and DNS resolver we edit the file /etc/sysconfig/network

[root@Node227 network-scripts]# vi /etc/sysconfig/network

# Created by anaconda

GATEWAY=199.x.x.x

DNS1=208.x.x.x

DNS2=208.x.x.x

NETWORKING_IPV6=yes

IPV6_DEFAULTGW=26xx:x.x.x.x:0:2::1

IPV6_AUTOCONF=no

In order for the changes to take effect we have to restart the network service.

# service network restart

 —————————————————————————————————————————-

Setting Hostname

In order to set the hostname we edit the file /etc/hostname

[root@Node227 network-scripts]# vi /etc/hostname

Node227

In order for this change to take effect the server has to be rebooted.

[root@Node227 network-scripts]# hostnamectl status

   Static hostname: Node227          Icon name: computer-server            Chassis: server         Machine ID: f2c53cccb43c46cd9929dd58a0166023            Boot ID: 6d022c29c773440ea18c24659fea08d5   Operating System: CentOS Linux 7 (Core)        CPE OS Name: cpe:/o:centos:centos:7             Kernel: Linux 3.10.0-229.11.1.el7.x86_64       Architecture: x86_64

—————————————————————————————————————————

Disabling IPv6

If we want to disable IPv6 we remove all IPv6 configuration and change the following parameters

1- Set the value of parameter IPV6INIT in interface configuration file to “No”

2- set the value of the parameter NETWORKING_IPV6 in /etc/sysconfig/network  to “No”

————————————————————————————————————-

In order for the changes in interface configuration file and /etc/sysconfig/network to take effect the network service has to be restarted:

[root@Node227 network-scripts]# service network restart

Restarting network (via systemctl):                        [  OK  ]

or

[root@Node227 network-scripts]# systemctl restart network

[root@Node227 ~]# systemctl status network

network.service – LSB: Bring up/down networking

   Loaded: loaded (/etc/rc.d/init.d/network)

   Active: active (exited) since Fri 2015-08-07 12:40:54 EDT; 2s ago

  Process: 2458 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=0/SUCCESS)

Aug 07 12:40:54 Node227 network[2458]: RTNETLINK answers: File exists

Aug 07 12:40:54 Node227 network[2458]: RTNETLINK answers: File exists

Aug 07 12:40:54 Node227 network[2458]: RTNETLINK answers: File exists

Aug 07 12:40:54 Node227 network[2458]: RTNETLINK answers: File exists

Aug 07 12:40:54 Node227 network[2458]: RTNETLINK answers: File exists

Aug 07 12:40:54 Node227 network[2458]: RTNETLINK answers: File exists

Aug 07 12:40:54 Node227 network[2458]: RTNETLINK answers: File exists

Aug 07 12:40:54 Node227 network[2458]: RTNETLINK answers: File exists

Aug 07 12:40:54 Node227 network[2458]: RTNETLINK answers: File exists

Aug 07 12:40:54 Node227 systemd[1]: Started LSB: Bring up/down networking.

———————————————————————————————————————–

Some advanced remarks that re not needed in a normal IP configuration but might be useful in some situations:

IPv4 range

In order to add an IPv4 range we can create the range interface.

However this seems to be buggy, it is not recommended.

[root@Node227 network-scripts]# cp ifcfg-eno1 ifcfg-eno1-range1

[root@Node227 network-scripts]# vi ifcfg-eno1-range1

TYPE=Ethernet

BOOTPROTO=static

NAME=eno1

UUID=e274defc-5b1e-4ce1-b171-24e84131b002

ONBOOT=yes

HWADDR=00:1E:C9:BA:AC:23

IPADDR_START=192.168.0.100

IPADDR_END=192.168.0.110

CLONENUM_START=1

PREFIX=24

In order for this to work we need to have IPV6ADDR_SECONDARIES defined in the main interface configuration in two lines as shown below:

IPV6ADDR_SECONDARIES=”26xx:xxxx:0:2::2227/64 26xx:xxxx:0:2::3227/64 \

26xx:xxxx:0:2::4227/64″

———————————————————————————————————————-

Disabling NetworkManager

[root@Node227 ~]# service NetworkManager stop

Redirecting to /bin/systemctl stop  NetworkManager.service

[root@Node227 ~]# chkconfig NetworkManager off

Note: Forwarding request to ‘systemctl disable NetworkManager.service’.

rm ‘/etc/systemd/system/multi-user.target.wants/NetworkManager.service’

rm ‘/etc/systemd/system/dbus-org.freedesktop.NetworkManager.service’

rm ‘/etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service’

[root@Node227 ~]# systemctl status NetworkManager

NetworkManager.service – Network Manager

   Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; disabled)

   Active: inactive (dead)

We also add the following directive to the interface configuration:

NM_CONTROLLED=no

By default the value of this parameter is “yes”

——————————————————————————————————-

Completely disabling IPv6

And there’s another problem…for some reason IPV6_AUTOCONF=no does not completely disable autoconf, it is still added to the interface when network is restarted (it is not added on the first interface activation). So I added some additional lines to my /sbin/ifup-pre-local:

if [ “$IPV6_AUTOCONF” = “no” ]; then

        echo “0” > /proc/sys/net/ipv6/conf/default/autoconf

else

        echo “1” > /proc/sys/net/ipv6/conf/default/autoconf

fi

net.ipv6.conf.default.autoconf in sysctl.conf

Disabling auto configuration; without setting the accept_ra, the system will autoconfigure using the Link local adress (fe80..)

sudo sysctl -w net.ipv6.conf.default.autoconf=0

sudo sysctl -w net.ipv6.conf.default.accept_ra=0

https://www.centos.org/forums/viewtopic.php?t=26754

——————————————————————————————————

IPv4 and/or IPv6 forwarding

If forwarding is enabled, OS processes packets that their destination IP address doesn’t exist on the server and can pass a packet that has entered from one interface to another interface. This is vital for any kind of routing.

For IPv4:

# sysctl -w net.ipv4.ip_forward=1

or

# echo 1 > /proc/sys/net/ipv4/ip_forward

And in order to make it permanent we must add the following directive to /etc/sysctl.conf

net.ipv4.ip_forward = 1

# service network restart

For IPv6

We add the following directive to to/etc/sysconfig/network

IPv6FORWARDING=yes

# service network restart

This changes parameters such as net.ipv6.conf.all.forwarding and net.ipv6.conf.eth0.forwarding to 1. By default these parameters are zero and forwarding is disabled.