Linux networking


order hosts,bind
multi on
nospoof on
spoofalert on
spoof  warn
reorder on

FIXME Description of upper configuration!

TCP Tunning (linux kernel)

Change initial tcp window:

ip route | while read p; do ip route change $p initcwnd 20 initrwnd 20; done 

Linux as bridge

more at:, Performance Evaluation of Linux bridge

 # brctl addbr "bridgename"
 # brctl addif bridgename device

See MAC table

 # brctl showmacs

VLANs on bridge interfaces

Interface must be UP

 # ifconfig <bridgename> up
 # vconfig add <bridgename> [vlanid]

configuration above should work with applying this (bridge.diff) patch to your linux kernel. Otherwise you need to do this like this

# ifconfig ethX up
# ifconfig ethY up
# vconfig add ethX [vlanid]
# vconfig add ethY [vlanid]
# brctl addbr "bridgename"
# brctl addif <bridgename> ethX.vlanID
# brctl addif <bridgename> ethY.vlanID

VLAN's in Fedora

There are many ways to create VLAN's on Linux. By far the most cumbersome is by various rc.* scripts that later must be maintained. A “8201q” module must be loaded, ethernet interface must be brought up in order to create particular VLAN using “vconfig”. Lastly, an “ifconfig” must be used to fill in IP address, possibly even “route” command to create some default route.

RedHat Fedora (and possibly other RedHad distro) have automatic setup possible via scripts in /etc/sysconfig/network-scripts directory.

Creating file in that directory with the name eg. “ifcfg-eth1.222” will eventually be file for the VLAN with the tag 222.

Content of the file /etc/sysconfig/network-scripts/ifcfg-eth1.222 may be something like this:



This file will do it all regarding VLAN creation during boot process. No rc.* scripts necessary, and the VLAN setting is completely in line with the Fedora specifications.



plugin nic-novoime
pise nekje v /usr/share/doc/pppd/
na koncu enga fajla, mislim da README.Debian
sicer pa uporabljam ifrename, ne nameif
ifrename ce mas hotplug v kernelu avtomatsko dela ne da bi rabu kaj poganjat
samo v /etc/iftab vpises kar hoces

Working with VLANs (Debian)


auto vlan667
iface vlan667 inet static
  vlan_raw_device eth1

Ethernet bonding

Ethernet bonding refers to aggregating multiple ethernet channels together to form a single channel. This is primarily used for redundancy in ethernet paths or for load balancing. This page refers in particular to performing ethernet bonding under Linux, and so does not limit itself to discussion of 802.3ad Trunk Aggregation.

Ethernet Bonding Types

mode=0 (balance-rr)Round-robin policy: Transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.
mode=1 (active-backup)One slave interface is active at any time. If one interface fails, another interface takes over the MAC address and becomes the active interface. Provides fault tolerance only. Doesn’t require special switch support
mode=2 (balance-xor)Tranmissions are balanced across the slave interfaces based on 1) modula slave count. The same slave is selected for each destination MAC. Provides load balancing and fault tolerance. Slave selection for outgoing traffic is done according to the transmit hash policy, which may be changed from the default simple XOR policy via the xmit_hash_policy option.
mode=3 (broadcast)Transmits everything on all slave interfaces. Provides fault tolerance.
mode=4 (802.3ad)This is classic IEEE 802.3ad Dynamic link aggregation. This requires 802.3ad support in the switch and driver support for retrieving the speed and duplex of each slave.
mode=5 (balance-tlb)Adaptive Transmit Load Balancing. Incoming traffic is received on the active slave only, outgoing traffic is distributed according to the current load on each slave. Doesn’t require special switch support
mode=6 (balance-alb)Adaptive Load Balancing - provides both transmit load balancing (TLB) and receive load balancing for IPv4 via ARP negotiation. Doesn’t require special switch support, but does require the ability to change the MAC address of a device while it is open.


To use Bonding Ethernet for High-Availability (fail-over) on Debian Lenny you need to:

 apt-get install ifenslave-2.6

Edit /etc/network/interfaces to look like this:

iface bond0 inet static
	up /sbin/ifenslave bond0 eth0 eth1
  	down /sbin/ifenslave -d bond0 eth0 eth1

Add the following lines to your /etc/modprobe.d/arch/i386:

 alias bond0 bonding
 options bonding mode=5 miimon=100 downdelay=200 updelay=200

Joining interfaces for bandwidth

The following section describes how to bond two or more interfaces to provide shared bandwidth and reliablity. We have two options for this, using the mode 0 (balanced-rr) or mode 4 (802.3ad or LACP). If the server is connected to a Cisco switch, I recommend using balanced-rr as described below.

First we have to configure the module in /etc/modprobe.d/aliases

alias bond0 bonding
alias eth0 tg3
alias eth1 e1000
options bonding mode=0 miimon=100

Then, we configure the bonding interface:

auto bond0
iface bond0 inet static
        hwaddress ether 00:19:BB:C5:0B:35
        up ifenslave bond0 eth0 eth1
        down ifenslave -d bond0 eth0 eth1

On the Cisco side, we also have to configure the appropriate physical interfaces and the PortChannel interface:

interface Port-Channel 1
 switchport mode access
 spanning-tree portfast

interface FastEthernet 0/4
  !you might need this options
  !no switchport
  !no ip address
  channel-group 1 mode on

interface FastEthernet 0/5
  !you might need this options
  !no switchport
  !no ip address
  channel-group 1 mode on
  !channel-group 1 mode active
source MAC) XOR (dest MAC
linux/networking.txt · Last modified: 2014/09/24 16:29 by mrizvic
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready