Networking tips

Tips n' tricks for Gentoo Linux, but should be easily adapted for other distros, and probably other unices.

NAT with DHCP

This is basically what home routers do by default: use a single external IP address, and give internal addresses dynamically to the connected machines. I've used a simple NAT a lot, and I wanted to add the DHCP for some extra convenience. Good for your guests as well as your own experiments with LiveCDs etc.

I've managed a proper dhcpd before, but this called for something simple. Busybox was already installed on my Gentoo, and it includes a simple dhcpd. The script sets up NAT and starts udhcpd, which needs its own configuration file.

• net-sharing.sh
• /etc/udhcpd.conf

Like a br0 over troubled Cam

If you deal with networks, you probably already have a bridge in your setup, though you probably call it a switch. 'Bridge' is the more proper and general networking term. With 2 or more NICs on a Linux box, you can make your own bridge. With lots of NICs it won't be as fast as a dedicated hardware bridge (aka switch), but in some cases it's pretty handy.

For example, my server has two onboard gigabit NICs, and I use them to extend my network that already has a switch. This is the /etc/conf.d/net entry:

bridge_br0="eth0 eth1"
brctl_br0=( "stp on" )
config_eth0="null"
config_eth1="null"
config_br0="dhcp 192.168.4.1/24"
dhcpcd_br0="-t 100"

• The two NICs are added to the bridge br0. After that you can't use either NIC directly. From then on you use br0, which you can think of as the third, internal port in the virtual switch.
• "stp on" is needed when there are other switches in the network, so br0 knows how to route things properly.
• DHCP timeout is increased, because it takes some time to set up the bridge, especially with STP and multiple bridges. There are other solutions which speed up the bridge setup instead, but this way is probably safer and simpler.

You need to enable bridging in the kernel (Networking options -> 802.1d Ethernet Bridging), and install bridge-utils. Also note that you'll generally need a crossover cable to connect two computers directly by their NICs. But many NICs can automatically change their polarity, and this includes all gigabit adapters.

With spanning tree protocol, you can even set up redundant links, but throughput cannot be increased this way. For that you need bonding....

Load balancing with 2 or more ISPs

With this script you can use two or more Internet connections for redundancy, and possibly increased throughput. It won't speed up everything you do over the net, because a single connection only goes through a single link. However, P2P applications such as Bittorrent will generally benefit from this, as they use multiple connections anyway. Even web browsing may improve, if images and other pieces of content are loaded from different servers.

By default, the script uses the network interfaces ppp0 and eth0. They need to be up, with their respective default gateways. Alternatively you can specify the interfaces, for example

# isp-loadbalance.sh eth0 eth1 wlan0

The script is based on HolSon's 2-ISP version. I did a minor fixup and generalized it for any number of links.

Caveats

Routes are cached. In other words, subsequent connections to an IP address will use the same route. So you won't gain any speed in multiple downloads from the same IP.

If you actually use different ISPs, rather than two links from the same ISP, you may encounter problems related to the following:

• DNS servers in /etc/resolv.conf
• Outgoing mail servers (SMTP) -- this should be easy to configure so that the correct ISP's route is used for its server.

Furthermore, the problem of presenting your own servers to the outside world is left as an exercise. Most servers will probably only listen on the IP addresses that were up as they started. Sys Admin magazine has more detailed info that also deals with this issue.

If you do use two links to the same ISP, you might try bonding instead. It should also work within a LAN.

Channel bonding

Bonding is like RAID for networks. It can increase both throughput and error resiliency. It makes the most sense within a network under your full control, but it may even work for separate links from an ISP. In that case it would be much better than the above load-balancing setup.

While I'm referring people to channel bonding, I haven't got it working myself, partly due to a lack of hardware:

• 802.11b/g with WPA keeps dissociating and reassociating with the access point, when used as a part of the bond.
• Firewire network (eth1394) has a different ether type from Ethernet, so the two cannot be bonded.

So basically I'd need two Ethernet adapters on both computers. Only my server has two, and a bonded link to a switch wouldn't help much in this case. (Redundancy could also be provided by bridging with two links and STP.)

Of course, for different links you can always use the above load-balancing script, even on the same network. In fact I did it back in 2003 when I didn't even know about bonding :) But for your own experiments, keep on reading:

• Gentoo wiki on bonding
• Gentoo handbook entry on network modules
• /usr/src/linux/Documentation/networking/bonding.txt
• Wikipedia entry

---

Risto A. Paju