Linux Networking Essentials Every Admin Should Know

Understanding the Foundation of Modern Infrastructure

In today's interconnected digital landscape, networking knowledge isn't just a nice-to-have skill for Linux administrators—it's an absolute necessity. Whether you're managing a small business server or orchestrating a complex cloud infrastructure, the ability to diagnose, configure, and optimize network connections can mean the difference between seamless operations and catastrophic downtime. Every ping that fails, every connection that times out, and every packet that gets lost represents not just a technical problem but a potential impact on business continuity, user experience, and organizational reputation.

Linux networking encompasses the protocols, tools, commands, and configurations that enable communication between systems, services, and users across local networks and the internet. It's the invisible highway that carries your data, the security perimeter that protects your resources, and the performance bottleneck that can make or break application responsiveness. From the physical layer where cables connect to interfaces, through the transport protocols that ensure reliable delivery, to the application layer where services listen and respond—every component requires understanding and attention.

This comprehensive guide will equip you with the essential networking knowledge that separates competent administrators from exceptional ones. You'll discover the fundamental concepts that underpin all network operations, master the command-line tools that provide visibility into network behavior, learn troubleshooting methodologies that quickly isolate problems, and understand configuration patterns that ensure reliability and security. Whether you're preparing for your first sysadmin role or deepening expertise gained through years of experience, these networking essentials will enhance your capability to build, maintain, and optimize Linux-based network infrastructure.

Network Interface Configuration and Management

Network interfaces represent the connection points between your Linux system and the network infrastructure. Understanding how to configure, monitor, and troubleshoot these interfaces forms the bedrock of Linux networking competency. Modern Linux distributions offer multiple tools for interface management, and knowing when to use each tool—and understanding their differences—is crucial for effective administration.

The traditional ifconfig command has been the go-to tool for decades, but it's increasingly being replaced by the more powerful ip command from the iproute2 package. While ifconfig remains available on many systems for backward compatibility, the ip command provides more functionality, better performance, and cleaner syntax. Every administrator should be comfortable with both, as you'll encounter systems using either approach.

Viewing Network Interface Information

To see all network interfaces and their current status, use the ip command with the link option. This displays interface names, MAC addresses, MTU settings, and current state:

ip link show

For detailed information including IP addresses, broadcast addresses, and network masks, add the addr parameter:

ip addr show

The legacy equivalent using ifconfig would be:

ifconfig -a

Understanding the output is essential. Interface names follow patterns: eth0, eth1 for Ethernet devices; wlan0 for wireless; lo for the loopback interface; and modern systems may use predictable network interface names like enp3s0 or eno1 based on hardware topology.

"The network interface is where theory meets reality—every configuration decision you make here directly impacts connectivity, performance, and security."

Configuring IP Addresses

Assigning IP addresses can be done temporarily (until reboot) or permanently (through configuration files). For temporary configuration, the ip command provides straightforward syntax:

ip addr add 192.168.1.100/24 dev eth0

To remove an IP address:

ip addr del 192.168.1.100/24 dev eth0

Bringing interfaces up or down:

ip link set eth0 up
ip link set eth0 down

For permanent configuration, the approach varies by distribution. On Red Hat-based systems (RHEL, CentOS, Fedora), network configuration files reside in /etc/sysconfig/network-scripts/. On Debian-based systems (Debian, Ubuntu), the primary configuration file is /etc/network/interfaces or uses Netplan in newer Ubuntu versions.

Network Manager and Modern Interface Management

NetworkManager has become the standard network configuration daemon on most desktop and server Linux distributions. It provides both command-line (nmcli) and text-based UI (nmtui) interfaces for configuration, making it accessible for different administrative scenarios.

To view connection status with NetworkManager:

nmcli device status
nmcli connection show

Creating a new connection with static IP:

nmcli connection add type ethernet con-name eth0-static ifname eth0 ip4 192.168.1.100/24 gw4 192.168.1.1

Modifying DNS servers for a connection:

nmcli connection modify eth0-static ipv4.dns "8.8.8.8 8.8.4.4"

Activating a connection:

nmcli connection up eth0-static

Routing and Gateway Configuration

Routing determines the path packets take from source to destination. Every Linux system maintains a routing table that specifies where to send packets based on their destination addresses. Understanding and manipulating routing tables is fundamental to network connectivity, especially in complex environments with multiple network segments or VPN connections.

Viewing the Routing Table

The routing table shows all configured routes, including the default gateway (the router that handles traffic destined for networks not explicitly listed). View the routing table with:

ip route show

Or using the legacy command:

route -n

The output displays destination networks, gateways, interfaces, and metrics. The default route (or 0.0.0.0) represents the gateway used for all traffic that doesn't match more specific routes.

Adding and Removing Routes

To add a default gateway:

ip route add default via 192.168.1.1

Adding a route to a specific network:

ip route add 10.0.0.0/8 via 192.168.1.254 dev eth0

Removing a route:

ip route del 10.0.0.0/8

"Routing decisions happen millions of times per second on busy systems—understanding the routing table isn't optional, it's the difference between connectivity and isolation."

For permanent routes, add them to network configuration files or use NetworkManager. On RHEL-based systems, create route files like /etc/sysconfig/network-scripts/route-eth0 with content:

10.0.0.0/8 via 192.168.1.254 dev eth0

Policy-Based Routing

Advanced scenarios require policy-based routing, where routing decisions depend on factors beyond just destination address—such as source address, packet marking, or incoming interface. This uses routing policy database (RPDB) with multiple routing tables.

View routing rules:

ip rule show

Create a custom routing table (edit /etc/iproute2/rt_tables):

200 custom_table

Add routes to the custom table:

ip route add default via 192.168.2.1 table custom_table

Create a rule to use this table for specific source addresses:

ip rule add from 192.168.2.0/24 table custom_table

DNS Configuration and Name Resolution

Domain Name System (DNS) translates human-readable hostnames into IP addresses that computers use for communication. Proper DNS configuration ensures that applications can resolve names efficiently and reliably. Linux systems use several mechanisms for name resolution, and understanding their interaction is essential for troubleshooting connectivity issues that appear to be network problems but are actually DNS-related.

The Name Resolution Process

When an application needs to resolve a hostname, Linux follows a specific order defined in /etc/nsswitch.conf. The typical configuration prioritizes local files before DNS queries:

hosts: files dns

This means the system first checks /etc/hosts for static hostname mappings, then queries DNS servers if no match is found. The /etc/hosts file allows you to define local hostname-to-IP mappings:

127.0.0.1       localhost
192.168.1.10    server1.example.com server1
192.168.1.20    database.example.com database

DNS Server Configuration

DNS servers are configured in /etc/resolv.conf, which contains nameserver entries and optional search domains:

nameserver 8.8.8.8
nameserver 8.8.4.4
search example.com internal.example.com
options timeout:2 attempts:3

However, on systems using NetworkManager or systemd-resolved, directly editing /etc/resolv.conf may not be effective as it gets automatically regenerated. For NetworkManager, configure DNS through connection settings:

nmcli connection modify eth0 ipv4.dns "8.8.8.8 8.8.4.4"
nmcli connection modify eth0 ipv4.dns-search "example.com"

"Name resolution failures account for a significant percentage of connectivity complaints—master DNS configuration and you'll solve problems others can't even diagnose."

Testing DNS Resolution

Several tools help diagnose DNS issues. The nslookup command performs basic DNS queries:

nslookup www.example.com

The more powerful dig command provides detailed information about DNS queries and responses:

dig www.example.com
dig @8.8.8.8 www.example.com
dig +trace www.example.com

The host command offers a simpler interface for common queries:

host www.example.com
host 8.8.8.8

For testing the full resolution process including /etc/hosts and nsswitch.conf configuration, use getent:

getent hosts www.example.com

Systemd-Resolved

Modern distributions increasingly use systemd-resolved for DNS resolution, which provides DNS caching, DNSSEC validation, and integration with systemd-networkd. Check its status:

systemctl status systemd-resolved
resolvectl status

View DNS statistics and current servers:

resolvectl statistics
resolvectl dns

Flush the DNS cache:

resolvectl flush-caches

Firewall Configuration with iptables and nftables

Firewalls control network traffic based on defined rules, protecting systems from unauthorized access while allowing legitimate communication. Linux provides powerful packet filtering capabilities through netfilter, the kernel framework that underlies both the traditional iptables and the modern nftables systems. Understanding firewall configuration is non-negotiable for administrators responsible for security.

Iptables Fundamentals

Iptables organizes rules into tables (filter, nat, mangle, raw) and chains (INPUT, OUTPUT, FORWARD). The filter table with INPUT and OUTPUT chains handles most basic firewall needs. Rules are processed sequentially, and the first matching rule determines the action.

View current rules:

iptables -L -v -n

The default policy determines what happens to packets that don't match any rule. Set default policies:

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

Allow established connections (essential for allowing responses to outbound requests):

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

Allow loopback traffic:

iptables -A INPUT -i lo -j ACCEPT

Allow SSH access:

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Allow HTTP and HTTPS:

iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

"Firewall rules are like locks on doors—they're only effective if you understand what you're protecting and from whom."

Saving and Restoring Iptables Rules

Iptables rules are not persistent by default. Save current rules:

iptables-save > /etc/iptables/rules.v4

Restore rules:

iptables-restore < /etc/iptables/rules.v4

On Debian/Ubuntu, install iptables-persistent to automatically save and restore rules:

apt-get install iptables-persistent

On RHEL/CentOS, use:

service iptables save

Firewalld: A Higher-Level Interface

Firewalld provides a dynamic firewall management interface with support for zones, which are predefined rule sets for different trust levels. It's the default on RHEL/CentOS/Fedora systems and offers easier management than raw iptables.

Check firewalld status:

firewall-cmd --state
firewall-cmd --get-active-zones

Allow a service:

firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --zone=public --add-service=https --permanent
firewall-cmd --reload

Allow a specific port:

firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --reload

List all rules in a zone:

firewall-cmd --zone=public --list-all

Nftables: The Modern Replacement

Nftables replaces iptables, ip6tables, arptables, and ebtables with a single framework. It offers better performance, cleaner syntax, and more powerful features. While adoption is growing, iptables remains more common in existing deployments.

View current ruleset:

nft list ruleset

Create a basic filter table and chains:

nft add table inet filter
nft add chain inet filter input { type filter hook input priority 0 \; policy drop \; }
nft add chain inet filter output { type filter hook output priority 0 \; policy accept \; }

Add rules to allow established connections and SSH:

nft add rule inet filter input ct state established,related accept
nft add rule inet filter input tcp dport 22 accept

Network Diagnostic Tools and Troubleshooting

Effective troubleshooting requires a systematic approach and familiarity with diagnostic tools. Network issues can manifest in countless ways—connection timeouts, slow performance, intermittent failures, or complete outages. Having a methodical troubleshooting process and knowing which tools to use for each symptom dramatically reduces resolution time.

Connectivity Testing with Ping and Traceroute

The ping command tests basic connectivity by sending ICMP echo requests. It confirms that a remote host is reachable and provides round-trip time statistics:

ping -c 4 8.8.8.8
ping -c 4 www.example.com

Key information from ping output includes packet loss percentage and latency (round-trip time). Consistent packet loss indicates network congestion or routing issues, while high latency suggests performance problems.

The traceroute (or tracepath) command shows the path packets take to reach a destination, identifying each hop along the route:

traceroute www.example.com
tracepath www.example.com

This helps identify where in the network path problems occur. If traceroute shows timeouts or high latency at a specific hop, that indicates where to focus investigation.

"Network troubleshooting is detective work—gather evidence systematically, eliminate possibilities methodically, and the solution reveals itself."

Port and Service Testing

Testing whether specific ports are open and services are listening is crucial for diagnosing application connectivity issues. Several tools serve this purpose:

The telnet command tests TCP connectivity to a specific port:

telnet www.example.com 80

The more modern nc (netcat) provides similar functionality with more options:

nc -zv www.example.com 80
nc -zv 192.168.1.100 22-25

The nmap tool performs comprehensive port scanning and service detection:

nmap -p 80,443 www.example.com
nmap -sV 192.168.1.100

To see which services are listening on your local system, use netstat or the newer ss command:

netstat -tulpn
ss -tulpn

These commands show listening ports, the processes bound to them, and established connections. The options mean: t (TCP), u (UDP), l (listening), p (process), n (numeric, don't resolve names).

Analyzing Network Traffic with tcpdump

For deep packet inspection, tcpdump captures and displays network traffic. This powerful tool helps diagnose complex issues by showing exactly what's happening on the wire:

tcpdump -i eth0
tcpdump -i eth0 port 80
tcpdump -i eth0 host 192.168.1.100
tcpdump -i eth0 -w capture.pcap

Common use cases include verifying that traffic is reaching the interface, checking for malformed packets, analyzing protocol behavior, and capturing traffic for later analysis with tools like Wireshark.

Useful tcpdump filters:

tcpdump -i eth0 'tcp port 443'
tcpdump -i eth0 'src 192.168.1.100 and dst port 22'
tcpdump -i eth0 'icmp'
tcpdump -i eth0 -n 'tcp[tcpflags] & tcp-syn != 0'

Monitoring Network Performance

Several tools provide real-time network performance monitoring. The iftop command shows bandwidth usage by connection:

iftop -i eth0

The nethogs tool displays bandwidth usage per process:

nethogs eth0

For interface statistics, use ip or ifconfig:

ip -s link show eth0
watch -n 1 'ip -s link show eth0'

The ethtool command provides detailed information about network interface capabilities, settings, and statistics:

ethtool eth0
ethtool -S eth0

"Performance problems often hide in statistics—monitor consistently, establish baselines, and anomalies become obvious."

Socket and Connection Management

Understanding sockets—the endpoints for network communication—is essential for managing services and diagnosing application-level network issues. Every network connection involves a socket on both the client and server side, and being able to inspect and manage these connections provides critical visibility into system behavior.

Viewing Active Connections

The ss command (socket statistics) is the modern replacement for netstat, offering better performance and more detailed information:

ss -tan
ss -uan
ss -tulpn

Understanding the output is crucial. Connection states include ESTABLISHED (active connection), LISTEN (waiting for connections), TIME_WAIT (connection closed but waiting to ensure all packets are received), and others. A large number of connections in TIME_WAIT is normal, while many in SYN_SENT might indicate connection problems.

Filter connections by state:

ss -tan state established
ss -tan state listening

Show connections for a specific port:

ss -tan '( sport = :80 or dport = :80 )'

Display process information for connections:

ss -tulpn

Managing Connection Limits

Systems have limits on the number of open files (including sockets) per process and system-wide. View current limits:

ulimit -n
cat /proc/sys/fs/file-max

For services handling many connections (web servers, databases), you may need to increase these limits. Temporarily increase the per-process limit:

ulimit -n 65536

For permanent changes, edit /etc/security/limits.conf:

* soft nofile 65536
* hard nofile 65536

Adjust system-wide limits in /etc/sysctl.conf:

fs.file-max = 2097152
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_tw_reuse = 1

Apply sysctl changes:

sysctl -p

Network Security Best Practices

Security should be built into network configuration from the beginning, not added as an afterthought. Linux provides numerous mechanisms for securing network communications, and administrators must understand and implement appropriate controls based on their threat model and compliance requirements.

Disabling Unnecessary Services

Every listening service represents a potential attack surface. Identify all listening services:

ss -tulpn | grep LISTEN
netstat -tulpn | grep LISTEN

Disable unnecessary services using systemctl:

systemctl stop service_name
systemctl disable service_name

Verify the service is no longer listening:

ss -tulpn | grep port_number

Implementing Access Controls

TCP Wrappers provide host-based access control for network services. Configure allowed hosts in /etc/hosts.allow:

sshd: 192.168.1.0/24
sshd: .example.com

Deny all others in /etc/hosts.deny:

ALL: ALL

Note that TCP Wrappers only work with services compiled with libwrap support. Check if a service supports TCP Wrappers:

ldd /usr/sbin/sshd | grep libwrap

SSH Security Hardening

SSH is often the primary remote access method, making its security critical. Edit /etc/ssh/sshd_config with these recommendations:

PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
Port 2222
AllowUsers admin user1
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2

After making changes, validate the configuration and restart SSH:

sshd -t
systemctl restart sshd

"Security is not a product but a process—continuous monitoring, regular updates, and defense in depth are the only reliable strategies."

Kernel Network Parameters

The Linux kernel provides numerous tunable parameters that affect network security and performance. Configure these in /etc/sysctl.conf or files in /etc/sysctl.d/:

# IP forwarding (disable unless routing)
net.ipv4.ip_forward = 0

# Protect against SYN flood attacks
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048

# Disable ICMP redirect acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Disable source packet routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable reverse path filtering
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Log suspicious packets
net.ipv4.conf.all.log_martians = 1

Apply changes immediately:

sysctl -p

Virtual Networking and Network Namespaces

Modern Linux systems increasingly use virtualization and containerization technologies that rely on virtual networking. Understanding these concepts is essential for administrators working with virtual machines, containers, or complex network topologies.

Network Namespaces

Network namespaces provide isolated network stacks, each with its own interfaces, routing tables, and firewall rules. This isolation is fundamental to container technologies like Docker and Kubernetes.

List existing network namespaces:

ip netns list

Create a new namespace:

ip netns add test_ns

Execute commands in a namespace:

ip netns exec test_ns ip addr show
ip netns exec test_ns ping 8.8.8.8

Create a virtual Ethernet pair to connect namespaces:

ip link add veth0 type veth peer name veth1
ip link set veth1 netns test_ns

Configure interfaces in both the default and test namespace:

ip addr add 10.0.0.1/24 dev veth0
ip link set veth0 up
ip netns exec test_ns ip addr add 10.0.0.2/24 dev veth1
ip netns exec test_ns ip link set veth1 up

Bridge Interfaces

Linux bridges connect multiple network segments, similar to physical network switches. They're commonly used in virtualization to connect virtual machines to the physical network.

Create a bridge:

ip link add br0 type bridge
ip link set br0 up

Add interfaces to the bridge:

ip link set eth0 master br0
ip link set tap0 master br0

View bridge information:

bridge link show
bridge fdb show

Traditional tools also work with bridges:

brctl show
brctl showmacs br0

VLAN Configuration

Virtual LANs (VLANs) segment network traffic at layer 2, allowing multiple logical networks on the same physical infrastructure. Configure VLAN interfaces using the ip command:

ip link add link eth0 name eth0.100 type vlan id 100
ip addr add 192.168.100.1/24 dev eth0.100
ip link set eth0.100 up

This creates a VLAN interface for VLAN ID 100 on eth0. Traffic sent through eth0.100 will be tagged with VLAN 100.

Network Performance Tuning

Default network settings work well for typical workloads, but high-performance applications or specific use cases often benefit from tuning. Understanding what parameters affect performance and how to adjust them can dramatically improve throughput, latency, and reliability.

TCP Tuning Parameters

TCP behavior is controlled by numerous kernel parameters. Key settings for performance:

# Increase TCP buffer sizes for high-bandwidth networks
net.core.rmem_max = 134217728
net.core.wmem_max = 134217728
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864

# Enable TCP window scaling
net.ipv4.tcp_window_scaling = 1

# Increase the maximum number of queued connections
net.core.somaxconn = 1024
net.ipv4.tcp_max_syn_backlog = 2048

# Enable TCP Fast Open
net.ipv4.tcp_fastopen = 3

# Congestion control algorithm
net.ipv4.tcp_congestion_control = bbr

The BBR (Bottleneck Bandwidth and RTT) congestion control algorithm, developed by Google, often provides better performance than the default cubic, especially on high-latency or lossy networks.

"Performance tuning is about understanding your workload—measure first, tune second, and always validate improvements with real metrics."

Network Interface Tuning

Network interface cards (NICs) have various tunable parameters that affect performance. View current settings:

ethtool -k eth0
ethtool -g eth0

Adjust ring buffer sizes:

ethtool -G eth0 rx 4096 tx 4096

Enable or disable offload features:

ethtool -K eth0 tso on
ethtool -K eth0 gso on
ethtool -K eth0 lro on

For multi-queue NICs, configure receive packet steering (RPS) and receive flow steering (RFS) to distribute packet processing across CPUs:

echo f > /sys/class/net/eth0/queues/rx-0/rps_cpus
echo 32768 > /sys/class/net/eth0/queues/rx-0/rps_flow_cnt

Monitoring Performance Metrics

Continuous monitoring helps identify performance issues before they become critical. Key metrics to track include throughput, packet loss, latency, and connection counts. Use tools like sar (from sysstat package) for historical data:

sar -n DEV 1 10
sar -n EDEV 1 10

This shows network device statistics every second for 10 intervals, including packets per second, bytes per second, and error rates.

IPv6 Configuration and Coexistence

IPv6 adoption continues to grow, and modern networks increasingly operate in dual-stack mode with both IPv4 and IPv6. Administrators must understand IPv6 configuration, addressing, and how it coexists with IPv4 infrastructure.

IPv6 Addressing

IPv6 uses 128-bit addresses written in hexadecimal, separated by colons. Understanding address types is essential:

• 🌐 Global Unicast: Routable on the internet (2000::/3)
• 🏠 Link-Local: Valid only on the local network segment (fe80::/10)
• 🔒 Unique Local: Private addresses not routed on the internet (fc00::/7)
• 📡 Multicast: One-to-many communication (ff00::/8)
• 🔁 Loopback: Local system communication (::1/128)

View IPv6 addresses:

ip -6 addr show
ifconfig | grep inet6

Configuring IPv6

IPv6 addresses can be assigned statically or through autoconfiguration (SLAAC - Stateless Address Autoconfiguration). For static configuration:

ip -6 addr add 2001:db8::1/64 dev eth0
ip -6 route add default via 2001:db8::ffff

Enable IPv6 forwarding (for routers):

sysctl -w net.ipv6.conf.all.forwarding=1

Disable IPv6 if not needed (add to /etc/sysctl.conf):

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

IPv6 Firewall Configuration

IPv6 requires separate firewall rules from IPv4. Using iptables, IPv6 rules are managed with ip6tables:

ip6tables -L -v -n
ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
ip6tables -P INPUT DROP

With firewalld, IPv6 is automatically included in zone configurations. With nftables, the inet family handles both IPv4 and IPv6:

nft add table inet filter
nft add chain inet filter input { type filter hook input priority 0 \; }

Testing IPv6 Connectivity

Test IPv6 connectivity using the same tools as IPv4, with IPv6 addresses:

ping6 2001:4860:4860::8888
traceroute6 www.google.com
dig AAAA www.google.com

Network Bonding and Teaming

Network bonding (or teaming) combines multiple network interfaces into a single logical interface, providing redundancy and increased bandwidth. This is critical for high-availability systems and servers requiring maximum network throughput.

Bonding Modes

Linux supports several bonding modes, each with different characteristics:

• Mode 0 (balance-rr): Round-robin load balancing
• Mode 1 (active-backup): Fault tolerance with one active interface
• Mode 2 (balance-xor): XOR load balancing
• Mode 3 (broadcast): All traffic sent on all interfaces
• Mode 4 (802.3ad/LACP): Dynamic link aggregation
• Mode 5 (balance-tlb): Adaptive transmit load balancing
• Mode 6 (balance-alb): Adaptive load balancing

Configuring Bonding

Load the bonding module:

modprobe bonding

Create a bond interface using ip commands:

ip link add bond0 type bond mode 802.3ad
ip link set eth0 master bond0
ip link set eth1 master bond0
ip link set bond0 up

For permanent configuration on RHEL/CentOS, create /etc/sysconfig/network-scripts/ifcfg-bond0:

DEVICE=bond0
TYPE=Bond
BONDING_MASTER=yes
BOOTPROTO=none
IPADDR=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
BONDING_OPTS="mode=802.3ad miimon=100 lacp_rate=fast"

Configure slave interfaces (ifcfg-eth0, ifcfg-eth1):

DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=none
MASTER=bond0
SLAVE=yes

Network Teaming

Network teaming is a newer alternative to bonding, offering better performance and flexibility. Configure using NetworkManager:

nmcli connection add type team con-name team0 ifname team0 config '{"runner": {"name": "activebackup"}}'
nmcli connection add type ethernet slave-type team con-name team0-port1 ifname eth0 master team0
nmcli connection add type ethernet slave-type team con-name team0-port2 ifname eth1 master team0

View team status:

teamdctl team0 state

Network Monitoring and Logging

Continuous monitoring and comprehensive logging are essential for maintaining network health, diagnosing issues, and detecting security incidents. Establishing robust monitoring practices provides visibility into network behavior and creates a historical record for troubleshooting and forensics.

System Logging Configuration

Network events are logged through the system logging daemon (rsyslog or systemd-journal). Configure rsyslog to capture network-related messages in /etc/rsyslog.conf:

kern.* /var/log/kernel.log
*.info;mail.none;authpriv.none;cron.none /var/log/messages

For firewall logging with iptables, add LOG targets:

iptables -A INPUT -j LOG --log-prefix "INPUT-DROP: " --log-level 4
iptables -A INPUT -j DROP

View logs using journalctl:

journalctl -u NetworkManager
journalctl -k | grep -i network
journalctl --since "1 hour ago" | grep -i eth0

SNMP Monitoring

Simple Network Management Protocol (SNMP) enables centralized monitoring of network devices and servers. Install and configure the SNMP daemon:

yum install net-snmp net-snmp-utils
apt-get install snmpd snmp

Configure /etc/snmp/snmpd.conf:

rocommunity public 192.168.1.0/24
syslocation "Server Room"
syscontact admin@example.com

Test SNMP queries:

snmpwalk -v 2c -c public localhost system
snmpget -v 2c -c public localhost IF-MIB::ifInOctets.2

Network Flow Monitoring

NetFlow, sFlow, and IPFIX provide detailed information about network traffic patterns. Tools like nfdump process flow data:

nfcapd -w -D -l /var/cache/nfdump
nfdump -R /var/cache/nfdump -s ip/bytes

How do I check if a specific port is open on a remote server?

Use tools like telnet, netcat (nc), or nmap to test port connectivity. For example: nc -zv remote_server 80 tests if port 80 is open. The -z flag scans without sending data, and -v provides verbose output. Alternatively, nmap -p 80 remote_server performs a more comprehensive scan. If the port is open, you'll see confirmation; if closed or filtered, you'll receive a timeout or rejection message.

What's the difference between iptables and firewalld?

Iptables is the traditional low-level firewall management tool that directly manipulates netfilter rules. Firewalld is a higher-level dynamic firewall manager that provides zones, services, and easier rule management without requiring a complete firewall reload for changes. Firewalld actually uses iptables (or nftables) as its backend. For simple static configurations, iptables is sufficient, but for dynamic environments or easier management, firewalld offers advantages. Both can coexist, but using both simultaneously can cause conflicts.

How can I permanently set a static IP address?

The method depends on your distribution. On RHEL/CentOS, edit files in /etc/sysconfig/network-scripts/ or use NetworkManager with nmcli connection modify. On Ubuntu with Netplan, edit YAML files in /etc/netplan/. On Debian, modify /etc/network/interfaces. After making changes, restart networking services or reboot. Always test temporary configurations with ip addr add before making permanent changes to avoid losing connectivity.

Why can I ping an IP address but not resolve hostnames?

This indicates a DNS resolution problem, not a network connectivity issue. Check /etc/resolv.conf for correct nameserver entries. Test DNS with dig or nslookup to see if queries reach DNS servers and receive responses. Verify that DNS servers are reachable with ping. Check if a firewall is blocking DNS traffic (UDP/TCP port 53). Use getent hosts hostname to test the full resolution process including /etc/hosts and nsswitch configuration.

How do I increase network performance for high-bandwidth applications?

Start by increasing TCP buffer sizes in /etc/sysctl.conf with parameters like net.core.rmem_max and net.ipv4.tcp_rmem. Enable TCP window scaling and consider switching to the BBR congestion control algorithm. Increase NIC ring buffer sizes with ethtool -G. Enable hardware offload features like TSO and GSO. For multi-queue NICs, configure receive packet steering (RPS). Always measure baseline performance before tuning, make one change at a time, and validate improvements with tools like iperf.

What should I check first when troubleshooting network connectivity issues?

Follow a systematic bottom-up approach: First, verify physical connectivity (cables, link lights). Check if the interface is up with ip link show. Verify IP configuration with ip addr show. Test local connectivity by pinging the gateway. Check routing with ip route show. Test DNS resolution with nslookup or dig. Verify firewall rules aren't blocking traffic. Check if the target service is actually listening with ss -tulpn. Review system logs for error messages. This methodical approach quickly isolates the problem layer.