home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  


Book HomeTCP/IP Network AdministrationSearch this book

Chapter 6. Configuring the Interface

When networking protocols work only with a single kind of physical network, there is no need to identify the network interface to the software. The software knows what the interface must be; no configuration issues are left for the administrator. However, one important strength of TCP/IP is its flexible use of different physical networks. This flexibility adds complexity to the system administrator's task, because you must tell TCP/IP which interfaces to use, and you must define the characteristics of each interface.

Because TCP/IP is independent of the underlying physical network, IP addresses are implemented in the network software -- not in the network hardware. Unlike Ethernet addresses, which are determined by the Ethernet hardware, the system administrator assigns an IP address to each network interface.

In this chapter, we use the ifconfig (interface configure) command to identify the network interface to TCP/IP and to assign the IP address, subnet mask, and broadcast address to the interface. We also configure a network interface to run Point-to-Point Protocol (PPP), which is the standard Network Access Layer protocol used to run TCP/IP over modem connections.

During a real installation the system administrator is isolated from most of the details of the network configuration. The installation program prompts the administrator for information, places that information in script files, and then uses the scripts to configure the interface at every boot. In this chapter we look beyond the superficial to see how things actually work by examining the details of the ifconfig command and the scripts that invoke the command. Let's begin with a discussion of ifconfig.

6.1. The ifconfig Command

The ifconfig command sets, or checks, configuration values for network interfaces. Regardless of the vendor or version of Unix, the ifconfig command sets the IP address, the subnet mask, and the broadcast address for each interface. Its most basic function is assigning the IP address.

Here is the ifconfig command that configures the Ethernet interface on a Solaris system:

# ifconfig dnet0 172.16.12.2 netmask 255.255.255.0 broadcast 172.16.12.255

Many other arguments can be used with the ifconfig command; we discuss several of these later. But a few important arguments provide the basic information required by TCP/IP for every network interface. These are:

interface

The name of the network interface that you want to configure for TCP/IP. In the example above, this is the Ethernet interface dnet0.

address

The IP address assigned to this interface. Enter the address as either an IP address (in dotted decimal form) or as a hostname. If you use a hostname, place the hostname and its address in the /etc/hosts file. Your system must be able to find the hostname in /etc/hosts because ifconfig usually executes before DNS starts. The example uses the numeric IP address 172.16.12.2 as the address value.

netmask mask

The address mask for this interface. Ignore this argument only if you're using the default mask derived from the traditional address class structure. The address mask chosen for our imaginary network is 255.255.255.0, so that is the value assigned to interface dnet0. See Chapter 2, "Delivering the Data" and Chapter 4, "Getting Started" for information on address masks.

broadcast address

The broadcast address for the network. Most systems default to the standard broadcast address, which is an IP address with all host bits set to 1. In the ifconfig example we explicitly set the broadcast address to 172.16.12.255 to avoid any confusion, despite the fact that a Solaris 8 system will set the correct broadcast address by default. Every system on the subnet must agree on the broadcast address.

In the example above, we use keyword/value pairs because this makes explaining and understanding the syntax easier. However, Solaris does not require that syntax. The following (much shorter) command does exactly the same thing as the previous one:

# ifconfig dnet0 172.16.12.2/24

In this command the network mask is defined with an address prefix and the broadcast address is allowed to default. A prefix length of 24 is the same as 255.255.255.0. The default broadcast address given that prefix length is 172.16.12.255.

The network administrator provides the values for the address, subnet mask, and broadcast address. The values in our example are taken directly from the plans we developed in Chapter 4, "Getting Started". But the name of the interface, the first argument on every ifconfig command line, is determined by the system during startup.

6.1.1. The Interface Name

In Chapter 5, "Basic Configuration ", we saw that Ethernet network interfaces come in many varieties and that different Ethernet cards usually have different interface names. You can usually determine which interface is used on a system from the messages displayed on the console during a boot. On many systems these messages can be examined with the dmesg command. The following example shows the output of the dmesg command on two different systems:

$ dmesg | grep ether
Oct  1 13:07:23 crab gld: [ID 944156 kern.info] dnet0: DNET 21x4x:
 type "ether" mac address 00:00:c0:dd:d4:da
 
$ dmesg | grep eth 
eth0: SMC EtherEZ at 0x240, 00 00 C0 9A 72 CA,assigned  IRQ 5 programmed-I/O mode.

The first dmesg command in the example shows the message displayed when an Ethernet interface is detected during the boot of a Solaris 8 system. The string type "ether" makes it clear that dnet0 is an Ethernet interface. The Ethernet address (00:00:c0:dd:d4:da) is also displayed.

The second dmesg example, which comes from a PC running Linux, provides even more information. On Linux systems, the Ethernet interface name starts with the string "eth", so we look for a message containing that string. The message from the Linux system displays the Ethernet address (00:00:c0:9a:72:ca) and the make and model (SMC EtherEZ) of the network adapter card.

It is not always easy to determine all available interfaces on your system by looking at the output of dmesg. These messages show only the physical hardware interfaces. In the TCP/IP protocol architecture, the Network Access Layer encompasses all functions that fall below the Internet Layer. This can include all three lower layers of the OSI Reference Model: the Physical Layer, the Data Link Layer, and the Network Layer. IP needs to know the specific interface in the Network Access Layer where packets should be passed for delivery to a particular network. This interface is not limited to a physical hardware driver. It could be a software interface into the network layer of another protocol suite. So what other methods can help you determine the network interfaces available on a system? Use the netstat and the ifconfig commands. For example, to see all network interfaces that are already configured, enter:

# netstat -in
Name  Mtu  Net/Dest     Address      Ipkts Ierrs Opkts Oerrs Collis Queue
lo0   8232 127.0.0.0    127.0.0.1    4504  0     4504  0     0      0
dnet0 1500 172.16.12.0  172.16.12.1  366   0     130   0     0      0 

The -i option tells netstat to display the status of all configured network interfaces, and the -n tells netstat to display its output in numeric form. In the Solaris 8 example shown above, the netstat -in command displays the following fields:

Name

The Interface Name field shows the actual name assigned to the interface. This is the name you give to ifconfig to identify the interface. An asterisk (*) in this field indicates that the interface is not enabled; i.e., the interface is not "up."

Mtu

The Maximum Transmission Unit shows the longest frame (packet) that can be transmitted by this interface without fragmentation. The MTU is displayed in bytes and is discussed in more detail later in this chapter.

Net/Dest

The Network/Destination field shows the network or the destination host to which the interface provides access. In our Ethernet examples, this field contains a network address. The network address is derived from the IP address of the interface and the subnet mask. This field contains a host address if the interface is configured for a point-to-point (host-specific) link. The destination address is the address of the remote host at the other end of the point-to-point link.[50] A point-to-point link is a direct connection between two computers. You can create a point-to-point link with the ifconfig command. How this is done is covered later in this chapter.

[50]See the description of the H flag in Section 2.4, "The Routing Table".

Address

The IP Address field shows the Internet address assigned to this interface.

Ipkts

The Input Packets field shows how many packets this interface has received.

Ierrs

The Input Errors field shows how many damaged packets the interface has received.

Opkts

The Output Packets field shows how many packets were sent out by this interface.

Oerrs

The Output Errors field shows how many of the packets caused an error condition.

Collis

The Collisions field shows how many Ethernet collisions were detected by this interface. Ethernet collisions are a normal condition caused by Ethernet traffic contention. This field is not applicable to non-Ethernet interfaces.

Queue

The Packets Queued field shows how many packets are in the queue, awaiting transmission via this interface. Normally this is zero.

The output of a netstat -in command on a Linux system appears quite different:

$ netstat -in
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR  TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500   0  2234    280      0      0   1829      0      0      0 BRU
lo  16436   0    10      0      0      0     10      0      0      0 LRU

This output appears different, but as is often the case, appearances can fool you. Again we have the interface name, the MTU, and the packet statistics.[51] Here RX-OK is the total number of input packets, while RX-ERR (errors), RX-DRP (drops), and RX-OVR (overruns) added together give the total number of input errors. The total number of output packets is TX-OK, and the TX-ERR, TX-DRP, and TX-OVR counters provide the total number of output errors. Only two fields, Net/Dest and Address, that are provided in the Solaris output are not provided here. On the other hand, this display has two fields not used in the Solaris output. The Met field contains the routing metric assigned to this interface. The Flg field shows the interface flags:

[51]The packet statistics displayed by netstat are used in Chapter 13, " Troubleshooting TCP/IP".

  • R means the interface is running.

  • U means the interface is up.

  • B means it is a broadcast-capable interface.

  • L means it is a loopback interface.

This display shows that this workstation has only two network interfaces. In this case it is easy to identify each network interface. The lo0 interface is the loopback interface, which every TCP/IP system has. It is the same loopback device discussed in Chapter 5, "Basic Configuration ". eth0 is the Ethernet interface, also discussed previously.

On most systems, the loopback interface is part of the default configuration, so you won't need to configure it. If you do need to configure lo0 on a Solaris system, use the following command:

# ifconfig lo0 plumb 127.0.0.1 up

This example is specific to Solaris because it contains the plumb option. This option literally creates the "plumbing" required by the network interface the first time it is configured. Subsequent reconfigurations of this interface do not require the plumb option, and other systems, such as Linux, do not use this option.

The configuration of the Ethernet interface requires more attention than the loopback interface. Many systems use an installation script to install Unix. This script requests the host address, which it then uses to configure the interface. Later we'll look at these scripts and what to do when the user does not successfully set up the interface with the installation script.

The ifconfig command can also be used to find out what network interfaces are available on a system. The netstat command shows only interfaces that are configured. On some systems the ifconfig command can be used to show all interfaces, even those that have not yet been configured. On Solaris 8 systems, ifconfig -a does this; on a Linux 2.0.0 system, entering ifconfig without any arguments will list all of the network interfaces.

While most hosts have only one real network interface, some hosts and all gateways have multiple interfaces. Sometimes all interfaces are the same type; e.g., a gateway between two Ethernets may have two Ethernet interfaces. netstat on a gateway like this might display lo0, eth0, and eth1. Deciphering a netstat display with multiple interfaces of the same type is still very simple. But deciphering a system with many different types of network interfaces is more difficult. You must rely on documentation that comes with optional software to choose the correct interface. When installing new network software, always read documentation carefully.

This long discussion about determining the network interface is not meant to overshadow the important ifconfig functions of assigning the IP address, subnet mask, and broadcast address. So let's return to these important topics.

6.1.2. Checking the Interface with ifconfig

As noted previously, the Unix installation script configures the network interface. However, this configuration may not be exactly what you want. Check the configuration of an interface with ifconfig. To display the current values assigned to the interface, enter ifconfig with an interface name and no other arguments. For example, to check interface dnet0:

% ifconfig dnet0 
dnet0: flags=1000843<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 172.16.12.2 netmask ffff0000 broadcast 172.16.255.255

When used to check the status of an interface on a Solaris system, the ifconfig command displays two lines of output. The first line shows the interface name, the flags that define the interface's characteristics, and the Maximum Transmission Unit (MTU) of this interface.[52] In our example the interface name is dnet0, and the MTU is 1500 bytes. The flags are displayed as both a numeric value and a set of keywords.

[52]index is an interface characteristic that is specific to Solaris. It is an internal number used to uniquely identify the interface. The number does not have meaning to TCP/IP.

The interface's flags have the numeric value 1000843, which corresponds to:

UP

The interface is enabled for use.

BROADCAST

The interface supports broadcasts, which means it is connected to a network that supports broadcasts, such as an Ethernet.

NOTRAILERS

This interface does not support trailer encapsulation.

RUNNING

This interface is operational.

MULTICAST

This interface supports multicasting.

IPv4

This interface supports TCP/IP version 4, which is the standard version of TCP/IP used on the Internet and described in this book.

The second line of ifconfig output displays information that directly relates to TCP/IP. The keyword inet is followed by the Internet address assigned to this interface. Next comes the keyword netmask, followed by the address mask written in hexadecimal. Finally, the keyword broadcast and the broadcast address are displayed.

On a Linux system the ifconfig command displays up to seven lines of information for each interface instead of the two lines displayed by the Solaris system. The additional information includes the Ethernet address, the PC IRQ, I/O Base Address and memory address, and packet statistics. The basic TCP/IP configuration information is the same on both systems.

> ifconfig eth0 
eth0  Link encap:Ethernet  HWaddr 00:00:C0:9A:D0:DB 
      inet addr:172.16.55.106  Bcast:172.16.55.255  Mask:255.255.255.0 
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1 
      RX packets:844886 errors:0 dropped:0 overruns:0 frame:0
      TX packets:7668 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:100
      Interrupt:11 Base address:0x7c80 Memory:c0000-c2000

Refer to the Solaris ifconfig dnet0 example at the beginning of this section, and check the information displayed in that example against the subnet configuration planned for our imaginary network. You'll see that the interface needs to be reconfigured. The configuration done by the user during the Unix installation did not provide all of the values we planned. The address (172.16.12.2) is correct, but the address mask (ffff0000 or 255.255.0.0) and the broadcast address (172.16.0.0) are incorrect. Let's look at the various ways values are assigned, and how to correct them.

6.1.3. Assigning an Address

The IP address can be assigned directly on the ifconfig command line or indirectly from a file. The ifconfig examples seen earlier in this chapter had an IP address written in standard dotted decimal notation directly on the command line. An alternative is to use a hostname from the /etc/hosts file on the ifconfig command line to provide the address. For example:

# ifconfig dnet0 crab netmask 255.255.255.0

Most administrators are very comfortable with using hostnames in place of addresses. Vendor configurations, however, tend to take address assignment to another level of indirection. The ifconfig command in the startup script references a file. The file contains a hostname and the hostname maps to an address. Solaris systems place the hostname in a file named /etc/hostname. interface, where interface is the name of the interface being configured. On our sample system the file is called /etc/hostname.dnet0. The hostname.dnet0 file created by a standard Solaris installation contains only a simple hostname:

$ cat /etc/hostname.dnet0
crab
$ grep crab /etc/hosts
172.16.12.1    crab    crab.wrotethebook.com       loghost

The example shows that the Solaris configuration created the hostname.dnet0 file and the necessary entry in the /etc/hosts file to map the name from hostname.dnet0 to an IP address. The Solaris boot first gets the hostname from a file and then gets the address associated with that hostname from a second file. Both of these entries are required for the configuration.

Linux also uses indirection for the ifconfig configuration. Several Linux systems, including Red Hat, Mandrake, and Caldera, place the values used to configure the network interface in a file named ifcfg.interface, where interface is the name of the interface.[53]

[53]Our sample Red Hat system places the file ifcfg.eth0 in the directory /etc/sysconfig/network-scripts.

For example, ifcfg.eth0 contains the configuration values for the Ethernet interface eth0.

$ cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
BROADCAST=172.16.12.255
NETWORK=172.16.12.0
NETMASK=255.255.255.0
IPADDR=172.16.12.2
USERCTL=no

This file makes the configuration very easy to see.

  • DEVICE defines the device name, in this case eth0.

  • ONBOOT specifies whether the interface is initialized when the system boots. Normally an Ethernet interface is brought up and running every time the system boots.

  • BOOTPROTO identifies the configuration service used to configure the interface. In this case it is none, meaning that the interface is configured locally. Alternates are bootp if an old-fashioned BootP server is used, or dhcp if a DHCP server is used. If either DHCP or BootP is used, the specific configuration values listed below are not found in this file.

  • BROADCAST defines the broadcast address used by ifconfig.

  • NETWORK defines the network address.

  • NETMASK defines the address mask used by ifconfig.

  • IPADDR defines the IP address used by ifconfig.

  • USERCTL specifies whether users can run usernetctl to bring the interface up or down. The usernetctl command is found on only a few versions of Linux. In this case, the value no prevents the user from downing the interface.

Most systems take advantage of the fact that the IP address, subnet mask, and broadcast address can be set indirectly to reduce the extent that startup files need to be customized. Reducing customization lessens the chance that a system might hang while booting because a startup file was improperly edited, and it makes it possible to preconfigure these files for all of the systems on the network. Solaris systems have the added advantage that the hosts, networks, and netmasks files, which provide input to the ifconfig command, all produce NIS maps that can be centrally managed at sites using NIS.

A disadvantage of setting the ifconfig values indirectly is that it can make troubleshooting more cumbersome. If all values are set in the boot file, you only need to check the values there. When network configuration information is supplied indirectly, you may need to check several files to find the problem. An error in any of these files could cause an incorrect configuration. To make debugging easier, a few operating systems set the configuration values directly on the ifconfig command line in the boot file.

My advice is that you follow the standard model used on your system. If you use a Solaris system, set the address in /etc/hostname.dnet0 and /etc/hosts. If you use a Red Hat system, set the address in the /etc/sysconfig/network-scripts/ifcfg.eth0 file. If you use a Slackware system, set the address directly in the rc.inet boot file. Following the standard procedure for your system makes it easier for others to troubleshoot your computer. We'll see more of these alternatives as we assign the remaining interface configuration values.

6.1.4. Assigning a Subnet Mask

In order to function properly, every interface on a specific physical network segment must have the same address mask. For crab and rodent, the netmask value is 255.255.255.0 because both systems are attached to the same subnet. However, although crab's local network interface and its external network interface are parts of the same computer, they use different netmasks because they are on different networks.

To assign an address mask, write the mask value after the keyword netmask on the ifconfig command line or as a prefix attached to the address. When written as a prefix, the address mask is a decimal number that defines the number of bits in the address mask. For example, 172.16.12.2/24 defines a 24-bit address mask. When the subnet mask follows the keyword netmask, it is usually written in the dotted decimal form used for IP addresses.[54]

[54]Hexadecimal notation can also be used for the address mask. To enter a netmask in hexadecimal form, write the value as a single hex number starting with a leading 0x. For example, the hexadecimal form of 255.255.255.0 is 0xffffff00. Choose the form that is easier for you to understand.

For example, the following command assigns the correct subnet mask to the dnet0 interface on rodent:

# ifconfig le0 172.16.12.2 netmask 255.255.255.0

Putting the netmask value directly on the ifconfig command line is the most common, the simplest, and the best way to assign the mask to an interface manually. But it is rare for the mask to be assigned manually. Like addresses, address masks are made part of the configuration during the initial installation. To simplify configuration, ifconfig is able to take the netmask value from a file instead of from the command line. Conceptually, this is similar to using a hostname in place of an IP address. The administrator can place the mask value in either the hosts file or the networks file and then reference it by name. For example, the books-net administrator might add the following entry to /etc/networks:

 books-mask 255.255.255.0

Once this entry has been added, you can use the name books-mask on the ifconfig command line instead of the actual mask. For example:

# ifconfig dnet0 172.16.5.2 netmask books-mask

The name books-mask resolves to 255.255.255.0, which is the correct netmask value for our sample systems.

Personally, I avoid setting the address mask value indirectly from a file that is not primarily intended for this use. The hosts file is a particularly bad choice for storing mask values. The hosts file is heavily used by other programs, and placing a mask value in this file might confuse one of these programs. Setting the address mask directly on the command line or from a file that is dedicated to this purpose is probably the best approach.

On Solaris systems, the /etc/inet/netmasks file is specifically designed to set the subnet mask.[55] The /etc/inet/netmasks file is a table of one-line entries, each containing a network address separated from a mask by whitespace.[56]

[55]/etc/netmasks is symbolically linked to /etc/inet/netmasks.

[56]Use the official network address, not a subnet address.

If a Solaris system on books-net (172.16.0.0) has an /etc/inet/netmasks file that contains the entry:

 172.16.0.0 255.255.255.0

then the following ifconfig command can be used to set the address mask:

# ifconfig dnet0 172.16.5.1 netmask +

The plus sign after the keyword netmask causes ifconfig to take the mask value from /etc/inet/netmasks. ifconfig searches the file for a network address that matches the network address of the interface being configured. It then extracts the mask associated with that address and applies it to the interface.

Most Linux systems also set the address mask indirectly from a file. The ifcfg-eth0 file shown in the previous section contains the following line:

NETMASK=255.255.255.0

This line clearly defines the netmask value that is used by the ifconfig command. To modify the address mask on this Red Hat system, edit this line in the ifcfg-eth0 file.

6.1.5. Setting the Broadcast Address

RFC 919, Broadcasting Internet Datagrams, clearly defines the format of a broadcast address as an address with all host bits set to 1. Since the broadcast address is so precisely defined, ifconfig is able to compute it automatically, and you should always be able to use the default. Unfortunately, the user in the example under Section 6.1.2, "Checking the Interface with ifconfig "" used a broadcast address with all host bits set to 0 and didn't allow the broadcast address to be set by default.

Correct this mistake by defining a broadcast address for the network device with the ifconfig command. Set the broadcast address in the ifconfig command using the keyword broadcast followed by the correct broadcast address. For example, the ifconfig command to set the broadcast address for crab's dnet0 interface is:

# ifconfig dnet0 172.16.12.1 netmask 255.255.255.0 broadcast 172.16.12.255

Note that the broadcast address is relative to the local subnet. crab views this interface as connected to network 172.16.12.0; therefore, its broadcast address is 172.16.12.255. Depending on the implementation, a Unix system could interpret the address 172.16.255.255 as host address 255 on subnet 255 of network 172.16.0.0, or as the broadcast address for books-net as a whole. In neither case would it consider 172.16.255.255 the broadcast address for subnet 172.16.12.0.

Solaris systems can indirectly set the broadcast address from the netmask value defined in /etc/inet/netmasks, if that file is used. The previous section showed that netmask + takes the netmask value from a file. Likewise, the broadcast + syntax calculates the correct broadcast value using the netmask value from the netmasks file:

# ifconfig dnet0 172.16.12.1 netmask + broadcast +

Assume that the netmask defined in netmasks is 255.255.255.0. This tells the Solaris system that the first three bytes are network bytes and that the fourth byte contains the host portion of the address. Since the standard broadcast address consists of the network bits plus host bits of all 1s, Solaris can easily calculate that the broadcast address in this case is 172.16.12.255.

Linux makes it even easier. The ifcfg-eth0 file on our sample Red Hat system clearly defines the broadcast address with the line:

BROADCAST=172.16.12.255

Modify the broadcast address by modifying this line in the ifcfg-eth0 file.

6.1.6. The Other Command Options

We've used ifconfig to set the interface address, the subnet mask, and the broadcast address. These are certainly the most important functions of ifconfig, but it has other functions as well. It can enable or disable the address resolution protocol and the interface itself. ifconfig can set the routing metric used by the Routing Information Protocol (RIP) and the maximum transmission unit (MTU) used by the interface. We'll look at examples of each of these functions.

6.1.6.1. Enabling and disabling the interface

The ifconfig command has two arguments, up and down, for enabling and disabling the network interface. The up argument enables the network interface and marks it ready for use. The down argument disables the interface so that it cannot be used for network traffic.

Use the down argument when interactively reconfiguring an interface. Some configuration parameters -- for example, the IP address -- cannot be changed unless the interface is down. First, the interface is brought down. Then, the reconfiguration is done, and the interface is brought back up. For example, the following steps change the address for an interface:

# ifconfig eth0 down
# ifconfig eth0 172.16.1.2 up

After these commands execute, the interface operates with the new configuration values. The up argument in the second ifconfig command is not always required because it is the default on some systems. However, an explicit up is commonly used after the interface has been disabled, or when an ifconfig command is used in a script file to avoid problems because up is not the default on all systems.

6.1.6.2. ARP

Chapter 2, "Delivering the Data" discusses the Address Resolution Protocol (ARP), an important protocol that maps IP addresses to physical Ethernet addresses. Enable ARP with the ifconfig keyword arp and disable it with the keyword -arp. It is possible (though very unlikely) that a host attached to your network cannot handle ARP. This would only happen on a network using specialized equipment or developmental hardware. In these very rare circumstances, it may be necessary to disable ARP in order to interoperate with the nonstandard systems. By default, ifconfig enables ARP. Leave ARP enabled on all your systems.

6.1.6.3. Promiscuous mode

In Chapter 13, " Troubleshooting TCP/IP", promiscuous mode is used to examine the packets traveling on a local Ethernet. By default, an Ethernet interface passes only frames that are addressed to the local host up to the higher layer protocols. Promiscuous mode passes all frames up without regard to the address in those frames.

On a Linux system, promiscuous mode is enabled using the promisc option of the ifconfig command. For example:

$ ifconfig eth0 promisc

Promiscuous mode is disabled by using -promisc.[57] By default promiscuous mode is disabled. When it is enabled, the local system is forced to process many packets that are normally discarded by the Ethernet interface hardware. Promiscuous mode is enabled only for certain troubleshooting applications.

[57]On Solaris systems, promiscuous mode is enabled by programs that need it. It is not set by the ifconfig command.

6.1.6.4. Metric

On some systems, the ifconfig command creates an entry in the routing table for every interface that is assigned an IP address. Each interface is the route to a network. Even if a host isn't a gateway, its interface is still its "route" to the local network. ifconfig determines the route's destination network by applying the interface's address mask to the interface's IP address. For example, the dnet0 interface on crab has an address of 172.16.12.1 and a mask of 255.255.255.0. Applying this mask to the address provides the destination network, which is 172.16.12.0. The netstat -in display shows the destination address:

% netstat -in 
Name Mtu  Net/Dest    Address     Ipkts  Ierrs Opkts Oerrs Collis Queue 
le0  1500 172.16.12.0 172.16.12.1 1125826 16   569786  0    8914   0
lo0  1536 127.0.0.0   127.0.0.1   94280   0    94280   0    0      0

The Routing Information Protocol (RIP) is a routing protocol sometimes used by Unix. RIP does two things: it distributes routing information to other hosts, and it uses incoming routing information to build routing tables dynamically. The routes created by ifconfig are one source of the routing information distributed by RIP, and the ifconfig metric argument can be used to control how RIP uses this routing information.

RIP makes routing decisions based on the cost of a route. The route's cost is determined by a routing metric associated with the route. A routing metric is just a number. The lower the number, the lower the cost of the route; the higher the number, the higher the cost. When building a routing table, RIP favors low-cost routes over high-cost routes. Directly connected networks are given a very low cost. Therefore, the default metric is for a route through an interface to a directly attached network. However, you can use the metric argument to supply a different routing metric for an interface.

To increase the cost of an interface to 3, so that RIP prefers routes with values of 0, 1, or 2, use metric 3 on the ifconfig command line:

# ifconfig std0 10.104.0.19 metric 3

Use the metric option only if there is another route to the same destination and you want to use it as the primary route. We did not use this command on crab because it has only one interface connected to the outside world. If it had a second connection, say, through a higher-speed link, then the command shown above could be used to direct traffic through the higher-performance interface.

A related ifconfig parameter is available on Solaris systems. RIP builds the routing table by choosing the most economical routes, and it distributes the routing table information to other hosts. The metric parameter controls which routes RIP selects as the lowest cost. The private argument, available on Solaris systems, controls the routes that RIP distributes. If private is specified on the ifconfig command line, the route created by that ifconfig command is not distributed by RIP. The default value is -private, which permits the route to be distributed. The private parameter is not universally supported.

Additionally, not all systems make use of the metric argument. A Linux system doesn't create a routing table entry when it processes the ifconfig command. When configuring a Linux system, you add an explicit route command for each interface. (The route command is covered in the next chapter.) Linux systems reject the metric argument, as this example shows:

# ifconfig eth0 192.168.0.4 metric 3
SIOCSIFMETRIC: Operation not supported

Set the routing metric in a routing configuration file instead of on the ifconfig command line. This is the preferred method of providing routing information for newer routing software. We discuss the format of routing configuration files in the next chapter.

6.1.6.5. Maximum transmission unit

A network has a maximum transmission unit (MTU), which is the largest packet that can be transported over that physical network. On Ethernet, the maximum size is 1500 bytes, which is defined as part of the Ethernet standard. There is rarely any need to change the MTU on the ifconfig command line. By default, ifconfig chooses the optimum MTU, which is usually the largest legal MTU for a given type of network hardware. A large MTU is the default because it normally provides the best performance. However, a smaller MTU is helpful to achieve the following goals:

  • To avoid fragmentation. If the traffic travels from a network with a large MTU (such as an FDDI network with an MTU of 4500 bytes) through a network with a smaller MTU (like an Ethernet), the smaller MTU size may be best in order to avoid packet fragmentation. It is possible that specifying an MTU of 1500 on the interface connected to the FDDI may actually improve performance by avoiding fragmentation in the routers. This would be done only if fragmentation actually appeared to be the cause of a performance problem.

  • To reduce buffer overruns or similar problems. On serial line connections, it is possible to have equipment of such low performance that it cannot keep up with standard 1006-byte packets. In this case, it is possible to avoid buffer overruns or SILO overflows by using a smaller MTU. However, such solutions are temporary fixes. The real fix is to purchase the correct hardware for the application.

To change the MTU, use the mtu command-line argument:

# ifconfig fddi0 172.16.16.1 netmask 255.255.255.0 mtu 1500

This forces the FDDI interface on 172.16.16.1 to use an MTU of 1500 bytes.

6.1.6.6. Point-to-point

There are probably several more ifconfig command-line arguments available on your system. Linux has parameters to define the PC interrupt of the Ethernet hardware (irq) and the Ethernet hardware address (hw), and to enable multicasting (multicast) and promiscuous mode (promisc). Solaris has arguments to set up or tear down the streams for an interface (plumb/unplumb) and to use Reverse ARP (RARP) to obtain the IP address for an interface (auto-revarp). But most of these parameters are not standardized between versions of Unix.

One last feature that is available on most versions of Unix is the ability to define point-to-point connections with the ifconfig command. Point-to-point connections are network links that directly connect only two computers. Of course the computers at either end of the link could be gateways to the world, but only two computers are directly connected to the link. Examples of a point-to-point connection are two computers linked together by a leased telephone line, or two computers in an office linked together by a null modem cable.

To define a point-to-point link on a Solaris system:

# ifconfig zs0 172.16.62.1 172.16.62.2

This ifconfig command has two addresses immediately following the interface name. The first is the address of the local host. The second address, called the destination address, is the address of the remote host at the other end of the point-to-point link. The second address shows up as the Net/Dest value in a netstat -ni display.

On a Linux system, this same configuration looks slightly different:

$ ifconfig sl0 172.16.62.1 point-to-point 172.16.62.2

The syntax is different but the effect is the same. This enables the interface to run in point-to-point mode and identifies the hosts at both ends of the link.

Does this set up the Point-to-Point Protocol (PPP) used for TCP/IP serial line communication? No, it does not. These ifconfig parameters sometimes confuse people about how to set up PPP. There is much more to configuring PPP, which we cover later in this chapter.

Before moving on to PPP, you should note that the configuration entered on an ifconfig command line will not survive a system boot. For a permanent configuration, put ifconfig in a startup file.

6.1.6.7. Putting ifconfig in the startup scripts

The ifconfig command is normally executed at boot time by a startup file. The two basic Unix startup models, the BSD model and the System V model, were explained in Chapter 5, "Basic Configuration ". On BSD Unix systems, the ifconfig commands are usually located in /etc/rc.boot or /etc/rc.local.

To override a BSD system's default configuration, place a full ifconfig command in the rc.local script. rc.local executes at the end of the startup process. Any interface configuration values set in this file override the earlier interface configuration. For example, the following line placed in that file configures eth0 without regard to any earlier configuration:

ifconfig eth0 172.16.12.1 broadcast 172.16.12.255 netmask 255.255.255.0

The BSD startup model is used on BSD systems and SunOS systems. Linux and Solaris systems use the System V startup model. However, Red Hat Linux systems have an rc.local script in the /etc/rc.d directory. On a Red Hat system, place the custom ifconfig command in the rc.local file to override the default configuration.

Solaris does not have an rc.local script or a central directory of scripts for all runlevels. If you want to use an rc.local script on a Solaris system, you need to create your own and add it to the runlevel 3 directory. You need to name it properly to ensure it executes at the end of the Solaris startup process. For example, the file /etc/rc3.d/S99local would execute at the end of the standard Solaris runlevel 3 startup. Commands placed in this file would override the previous configuration.

If possible, however, configure the network with the standard tools and procedures provided with your system. Directly modifying startup scripts or adding nonstandard scripts can lead to lots of confusion for the people who help you maintain your systems.



Library Navigation Links

Copyright © 2002 O'Reilly & Associates. All rights reserved.