Slackware Network Configuration
===============================

Networking in Slackware is configured by the /etc/rc.d/rc.inet1 script, and the 
configuration file /etc/rc.d/rc.inet1.conf.  Wireless interfaces are configured 
just like any network interface, but accept many more configuration parameters.

The rc.inet1.conf file contains a series of variable array definitions, with 
each array index corresponding to a single network interface.  This means that 
each set of parameters with an index of 0 configure the first interface (since 
indexing starts at 0), parameters with an index of 1 configure the second 
interface, and so on.  Not all parameters need to be set for each type of 
interface, or interface number.  This is better illustrated with examples, 
which you will find in the documentation below.


Starting and Stopping Interfaces
--------------------------------
The way to start networking (configuring all NICs, bringing the interfaces up, 
and creating a default route, if required) is by running the command:
    /etc/rc.d/rc.inet1 start
This command will configure all networking interfaces which are defined in the 
configuration file, and is used at boot time to bring networking up.

The counterpart to this is the:
    /etc/rc.d/rc.inet1 stop
command, which will bring all networking to a stop.  It is advised to use this 
with caution as it can make your host completely inaccessable from the network.

Restarting the whole network (all available network interfaces) and resetting 
the default gateway (if set) is done in a similar fashion to starting it:
    /etc/rc.d/rc.inet1 restart
And will first deconfigure all interfaces, before bringing them back up - which
is functionally equalivant to a 'stop' and 'start' operation.

More specifically speaking, you can start/stop/restart any network interface on 
an individual basis using the commands:
       /etc/rc.d/rc.inet1 <interface>_start
       /etc/rc.d/rc.inet1 <interface>_stop
       /etc/rc.d/rc.inet1 <interface>_restart
where <interface> is the name of an existing network interface (eth0, eth1, 
wlan0, etc).


Guided Networking Configuration
-------------------------------
The 'netconfig' script is capable of configuring basic networking parameters for 
the first ethernet interface of the system, and writing an annotated 
/etc/rc.d/rc.inet1.conf configuration file.  'netconfig' is usually invoked 
during installation to configure the first ethernet interface of your freshly 
installed system.

'netconfig' is capable of configuring a set of IPv4 and/or IPv6 addresses for an 
interface, or setting the interface to be configured using DHCP (both DHCPv4 and 
DHCPv6) and IPv6 StateLess Address Auto Configuration (SLAAC).  The default 
gateways and nameservers can also be configured through the guided interface.

The option to use NetworkManager for interface configuration (instead of 
rc.inet1.conf) is also available.

For most users with a single ethernet interface, and simple IP configuration 
requirements, 'netconfig' can completely configure the networking sub-system for 
you.


Deprecated and New IPv4 Configuration Syntax
--------------------------------------------
With the release of Slackware 15.0, several parameters used in older 
rc.inet1.conf configurations have become deprecated and are substituted by a 
new, singular, IP parameter for v4 addresses.

Specifically, the following parameters used in previous rc.inet1.conf 
configurations to configure IPv4 addresses have become deprecated:
    IPADDR[x]=""
    NETMASK[x]=""
    IPALIASES[x]=""
These parameters should no longer be used in new configurations.

New configurations should use the updated syntax parameter:
    IPADDRS[x]=""
which can hold multiple, space delimited, IPv4 addresses with their CIDR 
masks in order to configure an interface.

The format for the addresses specified in this new parameter is:
    IP-address/mask
For example:
    IPADDRS[0]="192.168.0.1/24 10.10.10.10/8"
which would be the equilivant of old syntax:
    IPADDR[0]="192.168.0.1"
    NETMASK[0]="255.255.255.0"
    IPALIASES[0]="10.10.10.10/8"

If a mask (in CIDR notation) is not provided with the IP address in IPADDRS, it
is assumed to be /24 (aka, 255.255.255.0).  A warning will also be emitted about 
the missing mask.

rc.inet1 is fully backwards compatible with the older syntax - old configuration 
files will contiinue to be accepted for the foreseeable future, but 'netconfig' 
has been adjusted to output the new syntax.

Notes:
  * When DHCP or SLAAC is used to dynamically configure the interface, IP 
    addresses specified in IPADDRS will be added to the interface as alias IPs.
    However, any address specified in IPADDR is *not* added to the interface in
    order to maintain backwards semantics with the pre 15.0 rc.inet1.
  * Should an rc.inet1.conf contain both the IPADDR and IPADDRS parameters 
    (without DHCP or SLAAC being in use) the addresses listed in IPADDRS will be 
    added to the interface after the IPADDR address is set.


Manual Networking Configuration
-------------------------------
FIXME


IPv6
----
  Overview
  ~~~~~~~~

  With the new IPv4 syntax detailed above, there is the addition of optional
  configuration semantics for IPv6.

  The IPv6 capabilities in Slackware 15.0+ are as follows:
    * Dual stack.  Interfaces can be configured with an IPv4 address or an IPv6 
      address, or both.
    * Each interface can have single or multiple v4 and/or v6 IPs.
    * Optional StateLess Address Auto Configuration (SLAAC) of v6 IP addresses, 
      for quick and easy IPv6 configuration on supported networks.
    * DHCPv6 support for server controlled dynamic address configuration.
    * Fixed IPv6 addresses configured interfaces.

  'netconfig' can be used for guided configuration of all of the above features, 
  or they can be configured manually using the options below.


  IPv6 Parameters
  ~~~~~~~~~~~~~~~
  v6 IPs can be configured via SLAAC, DHCP6 or statically using the following
  new options for rc.inet1.conf:
    USE_SLAAC[x]=""     Allow StateLess Address Auto Configuration of a
                        (potentially) globally routable v6 IP.  With this 
                        parameter set to "yes", the interface's v6 IP will ONLY 
                        be configured via SLAAC, even if Router Advertisment 
                        indicates DHCPv6 is available on the network - if SLAAC 
                        is not available on the network, no IPv6 address will be 
                        assigned.

                        Since 'dhcpcd' is capable of handling SLAAC as well as
                        DHCPv6, it is better practice to set USE_DHCP6[x]="yes" 
                        to perform full auto configuration instead.

    USE_DHCP6[x]=""     Use 'dhcpcd' to configure the interface.  This will 
                        bring up the interface using DHCPv6, falling back to 
                        SLAAC (if supported on the network), or will leave the 
                        interface unconfigured after a timeout.  When this 
                        parameter is set to "yes", the USE_SLAAC[x] option is 
                        ignored.

                        This is the preferred option to configure an interface
                        dynamically - whether the network is setup for DHCPv6 or
                        SLAAC, 'dhcpcd' will be able to configure the interface.

    IP6ADDRS[x]=""      The static v6 IP addresses for the interface.  This
                        parameter takes a list of v6 IP addresses and prefix
                        lengths in CIDR notation, in a space delimited list.
                        For example: IP6ADDRS[x]="a:b:c:d:e::1/48 1:2:3:4::5/64"

                        If a prefix length is not given (separated from the IP
                        address with a /), a length of 64 will be assumed, and
                        a warning emitted about the unset value.

                        When either the USE_DHCP6[x] or USE_SLAAC[x] options are
                        set to "yes", the IP addresses listed in this parameter 
                        are also added to the interface, but only upon sucessful 
                        assigning of the dynamic IP address.

  A static gateway can be configured using this parameter:
    GATEWAY6=""         The default IPv6 gateway for the network.  This is a
                        single IPv6 address in standard format, without a 
                        prefix suffix.

  The following lesser used misc options can be used for tailouring of the IPv6
  configuration process:
    USE_RA[x]=""        Normally, unless USE_SLAAC[x]="yes" is set, Router
                        Advertisment (RA) is disabled for the interface as it
                        can result in extraneous routes being added to the
                        routing table.  With this option set to "yes", RA
                        packets will be accepted on the interface even when DHCP
                        or fixed IP addressing is used, and the routes
                        advertised by the router will be added to the table.

                        Conversely, if this parameter is explicitly set to "no", 
                        RA will be disabled at all times - meaning SLAAC cannot 
                        be performed even when USE_SLAAC[x]="yes" is set. The
                        default (unset) is to enable RA when SLAAC is in use,
                        and to disable it otherwise.

                        The use of this parameter should rarely be required as
                        rc.inet1 will do the right thing.

    SLAAC_TIMEOUT[x]="" The time to wait (in seconds) for an interface to be
                        configured by SLAAC.  When unset, the default is 15.
                        Some networks may require a longer period for the router
                        to broadcast an advertisement packet on the network, so
                        may need to increase this value.


  Disabling IPv6
  ~~~~~~~~~~~~~~
  For some use cases, where IPv6 support is not required at all, disabling IPv6
  may be a better option than leaving the interface unconfigured.

  There are two similar methods which can be used to disable IPv6.  Both of the
  options involve creating (or replacing the content if it already exists in) 
  the file:
      /etc/modprobe.d/ipv6.conf
  (which overrides any configuration in the /lib/modprobe.d/ipv6.conf file), 
  with the content:
      alias ipv6 off
      alias net-pf-10 off
  Or:
      install ipv6 /bin/true
      install net-pf-10 /bin/true

  It is important to disable both the 'ipv6' and 'net-pf-10' modules since the
  module can be automatically loaded by either name.


  Changes From Previous Behaviour
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  * Previous to Slackware 15.0, if the network the host is connecting to is set 
    up for StateLess Address Auto Configuration (SLAAC), the host would bring up 
    an interface with a (potentially) globally routable IPv6 address with no
    configuration by the user.  This has been changed so that all network
    configuration must be explicitly enabled.  Thus, interfaces will no longer
    automatically come up with a valid IPv6 address on networks which support 
    auto configuration, without enabling the USE_SLAAC[x]="yes" parameter for 
    the interface.  This is a security enhancement.

  * Unless RA is explicitly enabled using the USE_RA[x]="yes" option, rc.inet1 
    now disables RA (via the accept_ra tunable in /proc) for an interface before
    trying to add any IPs configured for it.  This prevents RA on the network 
    from automatically adding any routes to the table.  When USE_SLAAC[x]="yes" 
    is set, RA is implicitly re-enabled for the interface (since SLAAC and RA 
    are usually used together on a network), unless explicitly disabled with 
    USE_RA[x]="no".  This is a change from previous versions of Slackware, which 
    would auto configure routes without any user intevention.  This is a 
    security enhancement.


  Caveats
  ~~~~~~~
  * When being configured with the USE_DHCP[x]="yes" and USE_DHCP6[x]="yes" 
    parameters for an interface (that is, configured to obtain both a v4 and v6 
    addresses via DHCP), 'dhcpcd' will only wait until one type of IP is 
    obtained before backgrounding - it will not wait for both a v4 AND v6 to be 
    configured.  This means there is no way to know if the interface has been 
    completely configured for both types of IP, as one type will continue to be 
    sought in the background; but MAY ultimately fail.  This is an issue with 
    the way dhcpcd operates, not an issue with rc.inet1.


Bonding / Link Aggregation
--------------------------
  Overview
  ~~~~~~~~
  Bonding (or Link Aggregation) is a teccnique for combining two or more 
  physical interfaces into a single, logical, interface; a logical interface 
  which has all the capabilities of a single physical interface.

  The Slackware bonding options provide full support for the features offered by 
  the bonding kernel module, in the familiar Slackware parameter configuration 
  syntax.  Included is the ability to select the bonding mode, easy addition of
  interfaces to a bond using a new parameter in rc.inet1.conf, and the setting 
  of bonding module options via a new, generic, IFOPTS[x] parameter.

  At this time 'netconfig' is unable to configure bonded interfaces, so they 
  must be configured manually with the parameters detailed below.


  Bonding Parameters
  ~~~~~~~~~~~~~~~~~~
  Bonded interfaces can be configured via two new bond specific parameters for 
  use in rc.inet1.conf, plus the new, generic, IFOPTS[x] parameter.  The new 
  bonding parameters are:
    BONDNICS[x]=""      The space delimited list of interfaces to add to this
                        bond.  The interfaces will be brought up and configured
                        while bringing up the interface, so do not need to be
                        previously defined in rc.inet1.conf.  A bond can be
                        created with only 1 interface, but does not become
                        useful until at least 2 interfaces are configured.

    BONDMODE[x]=""      This parameter sets the bonding mode for the logical
                        interface.  If not specified when BONDNICS[x] has been
                        used, the default is 'balance-rr'.  See below for a
                        list of all bonding modes available.


  Bonding Modes
  ~~~~~~~~~~~~~
  When a bonded logical interface is created, it needs to operate in a 
  particular mode.  By default that mode is 'balance-rr'.  The following modes, 
  along with details of their functionallity, are available using the kernel 
  bonding driver:
    802.3ad             Also known as LACP.  This mode requires a switch that 
                        supports an IEEE 802.3ad.  The physical interfaces must
                        share the same speed and duplex settings and form a 
                        logical interface which provides fault tolerance and 
                        load balancing.
    active-backup       When in this mode only one interface set to active,
                        while all other interfaces are in the backup state.  If
                        the active interface fails, a backup interface replaces
                        it as the only active interface in the bond.  This mode
                        only provides fault tolerance, no load balancing.
                        This mode requires that the 'primary <interface>'
                        option be configured with the IFOPTS[x]="" parameter.
    balance-alb         The receiving packets are load balanced through Address
                        Resolution Protocol (ARP) negotiation.  This mode
                        provides fault tolerance and load balancing.
    balance-rr          This mode is also known as round-robin mode.  Packets
                        are sequentially transmitted and received through each
                        interface one by one.  This mode provides load
                        balancing functionality along with fault tolerance.
                        This is the default mode of operation.
    balance-tlb         This mode ensures that outgoing traffic is distributed
                        according to the load on each physical interface.  If 
                        one interface fails to receive traffic, another 
                        interface is assigned to the receiving role.  This mode
                        provides fault tolerance and load balancing.
    balance-xor         The source MAC address uses eXclusive OR (XOR) logic
                        with the destination MAC address in order to determine 
                        which physical interface the packet should be sent via.  
                        This calculation ensures that the same physical (slave) 
                        interface is selected for each destination host.  If the 
                        physical interface to be used is in a failed state, one 
                        of the backup interfaces is used instead.  This mode
                        provides fault tolerance and load balancing.
    broadcast           All packets are sent to all the physical (slaved) 
                        interfaces at once.  This mode provides fault tolerence 
                        but may result in duplicate packets arriving at the 
                        destination host, assuming they are not screened out by 
                        networking hardware.


  Bonding Options
  ~~~~~~~~~~~~~~~
  Bonding specific options can be set using the the IFOPTS[x]="" paramter (which
  takes a pipe (|) delimited list of options) for the interface being 
  configured.  The following are the most useful options (but not an exhaustive 
  list - see "Further Reading" below for more information) which can be set:
    lacp_rate           This option specifies the rate at which the host will 
                        ask the switch to transmit LACPDU packets in 802.3ad 
                        mode.   Possible values are:
                            slow          Transmit LACPDUs every 30 seconds.
                            fast          Transmit LACPDUs every 1 second.
                        The default is slow, but fast is recommended for rapid
                        recovery after a physical link failure.
    miimon              Specifies the MII link monitoring frequency in 
                        milliseconds.  This determines how often the link state 
                        of each physical (slaved) interface is checked for link 
                        failures.  A value of zero disables MII link monitoring, 
                        but this is NOT advised.  A value of 100 is a good 
                        starting point.  The default value is 0, so be sure to 
                        set this option with ALL bonding modes.
    primary             The physical (slave) interface (eth0, eth1, etc) which 
                        is to be used as the primary interface.  The specified 
                        interface will always be the active slave while it is 
                        available.  Only when the primary interface is off-line 
                        will alternate interfaces be used.  This is useful when 
                        one interface is preferred over another (e.g. when one
                        interface has higher throughput than another).  This 
                        option is only valid for "active-backup", "balance-tlb", 
                        and "balance-alb" bonding modes.
    xmit_hash_policy    Selects the transmit hash policy to use for interface 
                        selection in "balance-xor", "802.3ad", and "balance-tlb" 
                        bonding modes.  Possible values are:
                            layer2        Use eXclusive OR (XOR) of source and 
                                          destination MAC addresses and packet 
                                          type ID fields to generate the hash.
                                          This algorithm will place all traffic 
                                          to a particular destination on the 
                                          same phydivsl (slave) interface.
                            layer2+3      Use a combination of layer2 and 
                                          layer3 protocol information (MAC 
                                          addresses and IP addresses) to 
                                          generate the hash.  This algorithm 
                                          will place all traffic to a particular 
                                          destination on the same physical 
                                          (slave) interface.  This policy is 
                                          intended to provide a more balanced 
                                          distribution of traffic than layer2 
                                          alone.
                            layer3+4      This policy uses upper layer protocol
                                          information, when available, to 
                                          generate the  hash.  This allows for 
                                          traffic to a particular destination to 
                                          span multiple physical (slave) 
                                          interfaces, although a single 
                                          connection will not span multiple 
                                          slaves.
                        The default value is layer2.  Additional (lesser used) 
                        policies are available - see the "Further Reading" 
                        section below for further details.


  Caveats
  ~~~~~~~
  * The IFOPTS[x]="" parameter should always include the 'miimon' option - not 
    using this option will result in network degradation.
  * In "active-backup" mode, the "primary" option should also always be 
    supplied.
  * When using "802.3ad" mode, set "lacp_rate fast" for faster recovery from an
    interface failure.  In other modes, the 'xmit_hash_policy' should be set.


  Examples
  ~~~~~~~~
  FIXME: Add examples.


  Further Reading
  ~~~~~~~~~~~~~~~
  Full documentation of the bonding layer is available in the kernel source
  documentation at: /usr/src/linux/Documentation/networking/bonding.txt.


VLANs (a.k.a, 802.1q)
---------------------
  Overview
  ~~~~~~~~
  Virtual LANs (VLANs) allow the segmentation of physical networks into 
  multiple, isolated, private virtual networks, whilst using shared network 
  switches and hardware.

  VLANs work by applying tags to network frames to form virtual private LANs.
  In this way, VLANs can keep network applications separate despite being 
  connected to the same physical network, and without requiring multiple sets of 
  cabling and networking devices to be deployed.

  In essence, a VLAN is a collection of devices or network hosts that 
  communicate with one another as if they make up a single LAN, but utilising
  shared network hardware.

  Because VLAN frames are tagged with a VLAN ID, it is possible to 'cherry-pick' 
  those frames from the network by use of a VLAN interface on the host.

  Slackware now allows configuration of such interfaces in order to allow a host 
  to join a specific VLAN or VLANs.  The guided deployment in 'netconfig' has 
  been updated to support the creation of such VLAN interfaces.

  The configuration in rc.inet1.conf for VLANs is a simple modification of the 
  existing support for declaration of a network interface using the standard 
  Slackware IFNAME[x] parameter.  As shown in the examples below, VLANs 
  interfaces can be built on top on top of regular, physical, interfaces, or on 
  top of a bond interface to allow for link aggregation.

  The new IFOPT[x] generic interface options parameter can be used to customise 
  the usage and configuration of the VLAN interfaces, but is not required in a 
  normal configuration setting.


  Exposing VLANs
  ~~~~~~~~~~~~~~
  Configuring VLAN interfaces utilises the standard Slackware networking 
  configuration syntax in rc.inet1.conf; with setting up an interface as simple
  as changing the IFNAME[x]="" parameter.

  VLAN interfaces can be configured quite simply in rc.inet1.conf, in the 
  standard Slackware way of defining an interface.  The key to the configuration 
  is to use the correct IFNAME[x]="" parameter for the underlying physical (or 
  bond) interface and the tagged VLAN ID that should be exposed.  For example:
      IFNAME[0]="eth0.10"
      IFOPTS[0]=""
      IPADDRS[0]="192.168.10.1/24"

  The VLAN ID is taken from the full interface name, as set in the IFNAME[x] 
  parameter which is comprised of the underlying physical (or bond) interface 
  name, a period (.) and the VLAN ID to expose.  The above example would use the 
  physical interface 'eth0', and expose the VLAN with ID 10, and configure the
  interface with the IPv4 address 192.168.10.1 with a mask of 24.

  IFOPTS[x]="" is a pipe (|) delimited list of VLAN kernel module specific 
  settings to be applied to the interface.  The ip-link(8) man page contains 
  details of exactly what settings can be used with this option (search for 
  "VLAN Type Support").  For example:
      IFOPTS[x]="protocol 802.1ad | reorder_hdr off"
  Under normal circumstances, where a standard VLAN interface is required, no
  options need be supplied.


  Examples
  ~~~~~~~~
  FIXME: Add examples.


Bridges
-------


Wireless (WiFi) Network Interfaces
----------------------------------


TUN/TAP
-------


Advanced networking configuration
---------------------------------
(stacking interface configs - bond, then VLAN, then bridge)

  It is also possible to use a bond as the underlying interface, which allows
  link aggregated VLAN interfaces to be created for network redundancy.  For 
  example:
      IFNAME[0]="bond0"
      BONDNICS[0]="eth0 eth1"
      BONDMODE[0]="active-backup"
      IFOPTS[0]="miimon 100 | primary eth0"
      IFNAME[1]="bond0.5"
      IFNAME[2]="br0"
      BRNICS[2]="bond0.5"
      IPADDRS[2]="192.168.5.10/24"
      IP6ADDRS[2]="a:b:c:d::1/64"
  Would create a bond interface using the eth0 and eth1 physical ethernet 
  interfaces, in an "active-backup" redundancy configuration with the primary 
  interface being "eth0", exposing VLAN ID 5 and setting an IPv4 address of 
  "192.168.5.10" mask "24", plus an IPv6 address of "a:b:c:d::1" prefix "64" 
  for the interface.


General Caveats
---------------

       The  network interface definitions are stored in variable arrays.  The bash shell has no facilities to retrieve the largest array index used.  There-
       fore, the rc.inet1 script makes the assumption that array indexes stay below the value of 6.  Effectively this means that you can configure up  to  6
       network interfaces in rc.inet1.conf by default.

       If  you  want  to  configure more than six network interfaces, you will have to edit the file /etc/rc.d/rc.inet1.conf and change the value `6' in the
       line:
         #MAXNICS="6"
       (at the very bottom of the file) to a value that is larger than the largest index value you use, and uncomment the line.

       The /etc/rc.d/rc.wireless script is not meant to be run on its own by the user!


rc.inet1 does not keep a record of how an interface was configured.  If the 
interface config is changed in rc.inet1.conf from, say, DHCP to static IP, 
restarting networking may fail because the previous type of interface config 
cannot be stopped (because its type is unknown).  In this instance, it is easier 
to reboot to start from fresh.  However, if reboot is not possible, it may be 
required to bring the interface down manually (either by deconfiguring the IPs, 
or killing dhcpcd) before trying to restart the interface.