This guide is as an overview of the IP networking capabilities of linux kernels 2.2 and 2.4. The target audience is any beginning to advanced network administrator who wants practical examples and explanation of rumoured features of linux. As the Internet is lousy with documentation on the nooks and crannies of linux networking support, I have tried to provide links to existing documentation on IP networking with linux. The documentation you'll find here covers kernels 2.2 and 2.4, although a good number of the examples and concepts may also apply to older kernels. In the event that I cover a feature that is only present or supported under a particular kernel, I'll identify which kernel supports that feature.

I assume a few things about the reader. First, the reader has a basic understanding (at least) of IP addressing and networking. If this is not the case, or the reader has some trouble following my networking examples, I have provided a section of links to IP layer tutorials and general introductory documentation in the appendix. Second, I assume the reader is comfortable with command line tools and the Linux, Unix, or BSD environments. Finally, I assume the reader has working network cards and a Linux OS. For assistance with Ethernet cards, the there exists a good Ethernet HOWTO. The examples I give are intended as tutorial examples only. The user should understand and accept the ramifications of using these examples on his/her own machines. I recommend that before running any example on a production machine, the user test in a controlled environment. I accept no responsibility for damage, misconfiguration or loss of any kind as a result of referring to this documentation. Proceed with caution at your own risk. This guide has been written primarily as a companion reference to IP networking on Ethernets. Although I do allude to other link layer types occasionally in this book, the focus has been IP as used in Ethernet. Ethernet is one of the most common networking devices supported under linux, and is practically ubiquitous.

This text was written in DocBook with vim. All formatting has been applied by xsltproc based on DocBook and LDP XSL stylesheets. Typeface formatting and display conventions are similar to most printed and electronically distributed technical documentation. A brief summary of these conventions follows below. The interactive shell prompt will look like [root@hostname]# for the root user and [user@hostname]$ for non-root users, although most of the operations we will be discussing will require root privileges. Any commands to be entered by the user will always appear like { echo "Hi, I am exiting with a non-zero exit code."; exit 1 } Output by any program will look something like this: Hi, I am exiting with a non-zero exit code. Where possible, an additional convention I have used is the suppression of all hostname lookup. DNS and other naming based schemes often confuse the novice and expert alike, particularly when the name resolver is slow or unreachable. Since the focus of this guide is IP layer networking, DNS names will be used only where absolutely unambiguous.

Perhaps this should be called things that are wrong with this document, or things which should be improved. See the src/ROADMAP for notes on what is likely to be forthcoming in subsequent releases. The internal document linking, while good, but could be better. Especially lame is the lack of an index. External links should be used more commonly where appropriate instead of sending users to the links page. If you are looking for LARTC topics, you may find some LAR topics here, but you should try the LARTC page itself if you have questions that are more TC than LAR. Consult for further references to available documentation.

There are many tools available under linux which are also available under other unix-like operating systems, but there are additional tools and specific tools which are available only to users of linux. This guide represents an effort to identify some of these tools. The most concrete example of the difference between linux only tools and generally available unix-like tools is the difference between the traditional ifconfig and route commands, available under most variants of unix, and the &iproute2; command suite, written specificially for linux. Because this guide concerns itself with the features, strengths, and peculiarities of IP networking with linux, the &iproute2; command suite assumes a prominent role. The &iproute2; tools expose the strength, flexibility and potential of the linux networking stack. Many of the tools introduced and concepts introduced are also detailed in other HOWTOs and guides available at The Linux Documentation Project in addition to many other places on the Internet and in printed books.

As with many human endeavours, this work is made possible by the efforts of others. For me, this effort represents almost four years of learning and network administration. The knowledge collected here is in large measure a repackaging of disparate resources and my own experiences over time. Without the greater linux community, I would not be able to provide this resource. I would like to take this opportunity to make a plug for my employer, SecurePipe, Inc. which has provided me stable and challenging employment for these (almost) four years. SecurePipe is a managed security services provider specializing in managed firewall, VPN, and IDS services to small and medium sized companies. They offer me the opportunity to hone my networking skills and explore areas of linux networking unknown to me. Thanks also to SecurePipe, Inc. for hosting this cost-free on their servers. Over the course of the project, many people have contributed suggestions, modifications, corrections and additions. I'll acknowledge them briefly here. For full acknowledgements, see src/ACKNOWLEDGEMENTS in the DocBook source tree. Russ Herrold, 2002-09-22 Yann Hirou, 2002-09-26 Julian Anastasov, 2002-10-29 Bert Hubert, 2002-11-14 Tony Kapela, 2002-11-30 George Georgalis, 2003-01-11 Alex Russell, 2003-02-02 giovanni, 2003-02-06 Gilles Douillet, 2003-02-28 Please feel free to point out any irregularities, factual errors, typographical errors, or logical gaps in this documentation. If you have rants or raves about this documentation, please mail me directly at mabrown@securepipe.com. Now, let's begin! Let me welcome you to the pleasure and reliability of IP networking with linux.