how to set ip address in rhel 6

UNIX for Dummies Questions & Answers

How can i change the ip address in rhel 6.

10 More Discussions You Might Find Interesting

1. ip networking, cannot change mac address, discussion started by: arpagon, 2. unix for dummies questions & answers, nofiles & nproc change on rhel not taking effect, discussion started by: rsheikh01, 3. unix for dummies questions & answers, change partition name in rhel, discussion started by: lhareigh890, right way to change time for a rhel server, discussion started by: rhce, 5. programming, [c] change ip and mac address, discussion started by: gilby985, 6. shell programming and scripting, change from address in mailx, discussion started by: koti_rama, 7. ip networking, change a unix ip address, discussion started by: randy1, 8. ip networking, how to change ip address, discussion started by: itservices, rhel 3 - how to change the snmp community strings, discussion started by: bg_jradmin, 10. ip networking, change my current ip address, discussion started by: tamemi, member badges and information modal.

How to Change HostName and IP-Address in CentOS / RedHat Linux

You can use any one of the following methods to change the hostname and/or ip-address on RedHat related distributions.

If you want to change only the hostname you can either do it from command line, or from GUI as explained below.

To change the ip-address along with the hostname, follow the steps shown below.

I. Change HostName From Command Line

1. use hostname command to change hostname.

In this example, we’ll change the hostname from dev-server to prod-server.

hostname command by default will display the current hostname as shown below:

The following will change the hostname to prod-server.

Once the hostname is changed, verify that it has changed the hostname successfully. As you see below, it has changed the hostname to prod-server

2. Modify the /etc/hosts file

If you have entries in the /etc/hosts file with the old hostname, you should modify it.

For example, the entry for 127.0.0.1 line in the /etc/hosts file will still show the old hostname. In this example, it shows as dev-server.

Modify this file, and set the new hostname here. For example, change dev-server to prod-server as shown below.

3. Modify the /etc/sysconfig/network file

The /etc/sysconfig/network file also has an entry for HOSTNAME. Change the value here as shown below.

4. Restart the Network

Restart the network service, if you want any other services that are using the hostname to pickup the changes.

If this is not a production system, you can also reboot the system to make sure the hostname is changed properly, and the system is picking it up properly during startup.

II. Change Hostname from UI

If you have desktop related utilities installed on your system, you can change the hostname from the GUI.

Execute system-config-network from the command line.

This will display the “Network Configuration” GUI. Go to the “DNS” tab and change the hostname from here as shown below.

III. Change the IP-Address

1. change ip-address temporarily using ifconfig.

You can change the ip-address of the server using ifconfig command as we discussed earlier. For example, the following changes the ip-address of the server on eth0 interface to 192.168.1.2

2. Change ip-address Permanently

Under the /etc/sysconfig/network-scripts directory, you’ll see file for every network interface on your system. For example, if your interface is “eth0”, you’ll see ifcfg-eth0 file under this directory.

Modify the ifcfg-eth0 file and change the IPADDR field accordingly as shown below to change the ip-address.

3. Modify /etc/hosts file

If you’ve defined the ip-address in the /etc/hosts file, make sure to change those also. For example, if you have a FQDN that was pointing to the old ip-address in the /etc/hosts file, change it to the new ip-address. Depending on how you’ve configured your system, you might not have to do this step.

Finally, restart the network service, for the system to pick-up the changes.

If this is not a production system, you can also reboot the system to make sure the hostname and ip-address is changed properly, and the system is picking it up properly during startup.

If you enjoyed this article, you might also like..

Comments on this entry are closed.

Will this work for VM also? I am looking to make my VM’s IP public. Is that possible using the above mechanism.

Simple but very useful material

Please note that just changing the host name as described in 1 will not survive a reboot. That would change the host name only on that session.

The other options are valid.

Nice Article ..

Good stuff. I noticed one spelling mistake…

II. Change Hostname from UI –> I think it should be GUI. Can you please correct it?

Don’t forget that to ensure that the hostname is persistent against reboots that you will also have to change the hostname in the /etc/sysconfig/network file on RHEL/CENTOS systems.

Thanks dear, it help lot for me.

Helpful material.

system-config-network is the best way to setup the hostname permanently, this would be ideal if you are you RHEL also you do not need any script in startup to save the changes permanently.

#cat /etc/hosts (to change the hostname )

before ediitng any file we have to take the back up

#cat /etc/sysconfig/network-scripts/ifcgf-eth0

here u have to modify the ipaddress,gateway,subnetmask

#cat /etc/sysconfig/network

here we have to modify the

Next post: How Much Swap Space to Add for Oracle Database on Linux

Previous post: How to Monitor MongoDB using Nagios check_mongodb Python Plugin

Bash 101 Hacks eBook - Take Control of Your Bash Command Line and Shell Scripting
Sed and Awk 101 Hacks eBook - Enhance Your UNIX / Linux Life with Sed and Awk
Vim 101 Hacks eBook - Practical Examples for Becoming Fast and Productive in Vim Editor
Nagios Core 3 eBook - Monitor Everything, Be Proactive, and Sleep Well

About The Geek Stuff

Linglom.com

How to change ip address on linux redhat.

Most of the time, I work in Windows environment. But I sometimes have to work on Linux platform, too. So I decide to note it down this topic to remind myself.

There are many ways to change IP Address on Linux. First one is the easiest way that configure on GUI because it’s like on Windows platform. The second way is configure on command-line but it is only temporary, it’ll reload to the old configuration when the network service is restart. And the last one is also configure on command-line to change IP Address permanently.

Configure on GUI (Permanently)

Configure on commad-line (temporary), configure on commad-line by edit configuration file (permanently), step-by-step to change ip address on linux redhat.

Note: This way change IP Address only temporary . When you restart network service, it’ll load from configuration file to replace this configuration.

Open Terminal.

ifconfig -a

ifconfig eth0 192.168.125.10 netmask 255.255.255.0 up

route add default gw [gateway address] .

vi /etc/sysconfig/network-scripts/ifcfg-eth0

BOOTPROTO=static IPADDR=192.168.125.10 NETMASK=255.255.255.0

GATEWAY=[number] TYPE=Ethernet NETWORK=[number] BROADCAST=[number]

service network restart

Enable remote desktop on linux using vnc, how to change hostname on centos 6.6, how to install vmware server on linux red hat, how to setup stand-alone kaspersky anti-virus 5.7 workstation on linux redhat, 13 comments.

Today it is easy updating IP Address when we are using GUI mode. Previous my favourite command was ifconfig down and ifconfig up.

give me some infomation abt linux opresting system i want to be learn Thankyou

That was a excellent step by step instruction on how to change the IP. Most other sites get a bit too technical and spin off a load of jargon. I found this very easy to follow. Thanks

Thanks man, this was by far the easiest instructions I found on how to do it.

It was useful for me , Thank you .

Thanks .. that was like a quick refresh ..

Thank you saved me a lot of time in man pages.

Thanks for being knowledgeable, concise, and comparative with the example and for helping others in an intelligent thoughtful manner.

Concise, no gimmicks. Thank you

Well, have to say thanks for the perfect tutorial!! really thanks!!!

Good info. One question though.. where do we put DNS entries (Primary and preferred)? usually in Windows and Linux GUI we can put those addresses right on same window?

To add DNS entries on Linux GUI, you can use comma to separate multiple DNS entries.

To add DNS entries on Linux command-line, open network configuration file, for example, ifcfg-eth0, then add the following line:

DNS1 = your-DNS-IP-ADDRESS DNS2 = your-DNS-IP-ADDRESS

Save the file and restart network service.

Thank you very much for the post the God Almighty bless you and give to the world wisdom,I connecy successful .Thank you again.

thanks . working

Privacy Overview

Select Your Language

Infrastructure and management.

Red Hat Enterprise Linux
Red Hat Satellite
Red Hat Subscription Management
Red Hat Insights
Red Hat Ansible Automation Platform

Cloud Computing

Red Hat OpenShift
Red Hat OpenStack Platform
Red Hat OpenShift Container Platform
Red Hat OpenShift Data Science
Red Hat OpenShift Dedicated
Red Hat Advanced Cluster Security for Kubernetes
Red Hat Advanced Cluster Management for Kubernetes
Red Hat Quay
OpenShift Dev Spaces
Red Hat OpenShift Service on AWS
Red Hat Gluster Storage
Red Hat Hyperconverged Infrastructure
Red Hat Ceph Storage
Red Hat OpenShift Data Foundation
Red Hat Runtimes
Red Hat JBoss Enterprise Application Platform
Red Hat Data Grid
Red Hat JBoss Web Server
Red Hat Single Sign On
Red Hat support for Spring Boot
Red Hat build of Node.js
Red Hat build of Quarkus

Integration and Automation

Red Hat Application Foundations
Red Hat Fuse
Red Hat AMQ
Red Hat 3scale API Management
Single-page

Language and Page Formatting Options

Red hat training.

A Red Hat training course is available for Red Hat Enterprise Linux

11.2. Interface Configuration Files

11.2.1. ethernet interfaces.

none — No boot-time protocol should be used.
bootp — The BOOTP protocol should be used.
dhcp — The DHCP protocol should be used.
yes — Use DHCP to obtain an IPv6 address for this interface.
no — Do not use DHCP to obtain an IPv6 address for this interface. This is the default value.
-P — Enable IPv6 prefix delegation.
-S — Use DHCP to obtain stateless configuration only, not addresses, for this interface.
-N — Restore normal operation after using the -T or -P options.
-T — Use DHCP to obtain a temporary IPv6 address for this interface.
-D — Override the default when selecting the type of DHCP Unique Identifier ( DUID ) to use. By default, the DHCP client (dhclient) creates a DHCP Unique Identifier ( DUID ) based on the link-layer address (DUID-LL) if it is running in stateless mode (with the -S option, to not request an address), or it creates an identifier based on the link-layer address plus a timestamp (DUID-LLT) if it is running in stateful mode (without -S , requesting an address). The -D option overrides this default, with a value of either LL or LLT .
yes — This device should be activated when it is hot-plugged (this is the default option).
no — This device should not be activated when it is hot-plugged.
Persistent device names are now handled by /etc/udev/rules.d/70-persistent-net.rules .
HWADDR must not be used with System z network devices.
See Section 25.3.3, "Mapping subchannels and network device names", in the Red Hat Enterprise Linux 6 Installation Guide .
yes — Initialize this interface for IPv6 addressing.
no — Do not initialize this interface for IPv6 addressing. This is the default value. This setting is required for IPv6 static and DHCP assignment of IPv6 addresses. It does not affect IPv6 Stateless Address Autoconfiguration ( SLAAC ) as per RFC 4862 . See Section D.1.14, “/etc/sysconfig/network” for information on disabling IPv6 .
yes — Enable IPv6 autoconf configuration for this interface.
no — Disable IPv6 autoconf configuration for this interface.
If IPV6FORWARDING = yes , then IPV6_AUTOCONF will default to no .
If IPV6FORWARDING = no , then IPV6_AUTOCONF will default to yes and IPV6_ROUTER has no effect.
yes — NetworkManager is permitted to configure this device. This is the default behavior and can be omitted.
no — NetworkManager is not permitted to configure this device.
yes — This device should be activated at boot-time.
no — This device should not be activated at boot-time.
yes — Modify /etc/resolv.conf if the DNS directive is set, if using DHCP , or if using Microsoft's RFC 1877 IPCP extensions with PPP . In all cases yes is the default.
no — Do not modify /etc/resolv.conf .
yes — This device is controlled by the channel bonding interface specified in the MASTER directive.
no — This device is not controlled by the channel bonding interface specified in the MASTER directive.
yes — Non- root users are allowed to control this device.
no — Non- root users are not allowed to control this device.

RHEL6 Network Configuration

In RHEL5 you can remove NetworkManager. Which is the default configuration tool for the entire networking stack including DNS resolution.

One interesting problem with Network manager is that in default installation if you use static IP setup it happily overwrites /etc/resolv.conf putting the end to the Unix era during which you can assume that if you write something into config file it will be intact.

You can simply deinstall RPM and use "classic" network configuration for RHEL6 using net-tools.

The first step in configuring RHEL6 TCP-IP stack is configuring the network card interface. You can configure network card by editing text files stored in /etc/sysconfig/network-scripts/ directory. First change directory to /etc/sysconfig/network-scripts/ :

# cd /etc/sysconfig/network-scripts/

You need to edit /etc/sysconfig/network-scripts files as follows:

/etc/sysconfig/network-scripts/ifcfg-eth0 : First Ethernet card configuration file
/etc/sysconfig/network-scripts/ifcfg-eth1 : Second Ethernet card configuration file

To set IP IP address and network mask: /sbin/ifconfig -a eth0 192.168.1.5 netmask 255.255.255.0

Verify the settings with /sbin/ifconfig eth0 .

Add the default gateway: /sbin/route add default gw 192.168.1.254

Verify the gateway setting: /sbin/route . The line beginning with default should have your gateway under the gateway column.

Alternately, you can edit the file /etc/sysconfig/network-scripts/ifcfg-eth0 to look like (replace with your network numbers)

and the file /etc/sysconfig/network to look like (replace with your network numbers and hostname):

Please note that for static IP addressing you need to define either routes or default gateway and hostname in /etc/sysconfig/network file. For example if you do not plan to use IPv6, the setup can be something like:

NETWORKING=yes NETWORKING_IPV6=no HOSTNAME=yourhost GATEWAY=192.168.1.254

To make changes you made in files active you need to restart networking using network RC script

/etc/init.d/network restart

You also need to define DNS in /etc/resolv.conf file

Ping the gateway and a few other computers on the network to verify your settings are correct before and after the reboot.

Try using NFSv3 if you are currently using NFSv2. There can be very significant performance increases with this change. Increasing the read write block size. This is done with the rsize and wsize mount options. They need to the mount options used by the NFS clients. Values of 4096 and 8192 reportedly increase performance alot. But see the notes in the HOWTO about experimenting and measuring the performance implications. The limits on these are 8192 for NFSv2 and 32768 for NFSv3 Another approach is to increase the number of nfsd threads running. This is normally controlled by the nfsd init script. On Red Hat Linux machines, the value "RPCNFSDCOUNT" in the nfs init script controls this value. The best way to determine if you need this is to experiment. The HOWTO mentions a way to determin thread usage, but that doesn't seem supported in all kernels. Another good tool for getting some handle on NFS server performance is `nfsstat`. This util reads the info in /proc/net/rpc/nfs[d] and displays it in a somewhat readable format. Some info intended for tuning Solaris, but useful for it's description of the nfsstat format See also the tcp tuning info

Apache config

Make sure you starting a ton of initial daemons if you want good benchmark scores. Something like: ####### MinSpareServers 20 MaxSpareServers 80 StartServers 32 # this can be higher if apache is recompiled MaxClients 256 MaxRequestsPerChild 10000 Note: Starting a massive amount of httpd processes is really a benchmark hack. In most real world cases, setting a high number for max servers, and a sane spare server setting will be more than adequate. It's just the instant on load that benchmarks typically generate that the StartServers helps with. The MaxRequestPerChild should be bumped up if you are sure that your httpd processes do not leak memory. Setting this value to 0 will cause the processes to never reach a limit. One of the best resources on tuning these values, especially for app servers, is the mod_perl performance tuning documentation. Bumping the number of available httpd processes Apache sets a maximum number of possible processes at compile time. It is set to 256 by default, but in this kind of scenario, can often be exceeded. To change this, you will need to chage the hardcoded limit in the apache source code, and recompile it. An example of the change is below: --- apache_1.3.6/src/include/httpd.h.prezab Fri Aug 6 20:11:14 1999 +++ apache_1.3.6/src/include/httpd.h Fri Aug 6 20:12:50 1999 @@ -306,7 +306,7 @@ * the overhead. */ #ifndef HARD_SERVER_LIMIT -#define HARD_SERVER_LIMIT 256 +#define HARD_SERVER_LIMIT 4000 #endif /* To make useage of this many apache's however, you will also need to boost the number of processes support, at least for 2.2 kernels. See the section on kernel process limits for info on increasing this. The biggest scalability problem with apache, 1.3.x versions at least, is it's model of using one process per connection. In cases where there large amounts of concurent connections, this can require a large amount resources. These resources can include RAM, schedular slots, ability to grab locks, database connections, file descriptors, and others. In cases where each connection takes a long time to complete, this is only compunded. Connections can be slow to complete because of large amounts of cpu or i/o usage in dynamic apps, large files being transfered, or just talking to clients on slow links. There are several strategies to mitigate this. The basic idea being to free up heavyweight apache processes from having to handle slow to complete connections. Static Content Servers If the servers are serving lots of static files (images, videos, pdf's, etc), a common approach is to serve these files off a dedicated server. This could be a very light apache setup, or any many cases, something like thttpd, boa, khttpd, or TUX. In some cases it is possible to run the static server on the same server, addressed via a different hostname. For purely static content, some of the other smaller more lightweight web servers can offer very good performance. They arent nearly as powerful or as flexible as apache, but for very specific performance crucial tasks, they can be a big win. Boa: http://www.boa.org/ thttpd: http://www.acme.com/software/thttpd/ mathopd: http://mathop.diva.nl/ If you need even more ExtremeWebServerPerformance, you probabaly want to take a look at TUX, written by Ingo Molnar . This is the current world record holder for SpecWeb99 . It probabaly owns the right to be called the worlds fastest web server. Proxy Usage For servers that are serving dynamic content, or ssl content, a better approach is to employ a reverse-proxy. Typically, this would done with either apache's mod_proxy, or Squid. There can be several advantages from this type of configuration, including content caching, load balancing, and the prospect of moving slow connections to lighter weight servers. The easiest approache is probabaly to use mod_proxy and the "ProxyPass" directive to pass content to another server. mod_proxy supports a degree of caching that can offer a significant performance boost. But another advantage is that since the proxy server and the web server are likely to have a very fast interconnect, the web server can quickly serve up large content, freeing up a apache process, why the proxy slowly feeds out the content to clients. This can be further enhanced by increasing the amount of socket buffer memory thats for the kernel. See the section on tcp tuning for info on this. proxy links Info on using mod_proxy in conjuction with mod_perl webtechniques article on using mod_proxy mod_proxy home page Squid Using mod_proxy with Zope ListenBacklog One of the most frustrating thing for a user of a website, is to get "connection refused" error messages. With apache, the common cause of this is for the number of concurent connections to exceed the number of available httpd processes that are available to handle connections. The apache ListenBacklog paramater lets you specify what backlog paramater is set to listen(). By default on linux, this can be as high as 128. Increasing this allows a limited number of httpd's to handle a burst of attempted connections. There are some experimental patches from SGI that accelerate apache. More info at: http://oss.sgi.com/projects/apache/ I havent really had a chance to test the SGI patches yet, but I've been told they are pretty effective.

Samba Tuning

Depending on the type of tests, there are a number of tweaks you can do to samba to improve its performace over the default. The default is best for general purpose file sharing, but for extreme uses, there are a couple of tweaks. The first one is to rebuild it with mmap support. In cases where you are serving up a large amount of small files, this seems to be particularly useful. You just need to add a "--with-mmap" to the configure line. You also want to make sure the following options are enabled in the /etc/smb.conf file: read raw = no read prediction = true level2 oplocks = true One of the better resources for tuning samba is the "Using Samba" book from O'reily. The chapter on performance tuning is available online.

Openldap tuning

The most important tuning aspect for OpenLDAP is deciding what attributes you want to build indexes on. I use the values: cachesize 10000 dbcachesize 100000 sizelimit 10000 loglevel 0 dbcacheNoWsync index cn,uid index uidnumber index gid index gidnumber index mail If you add the following parameters to /etc/openldap/slapd.conf before entering the info into the database, they will all get indexed and performance will increase.

Since this document is primarily concerned with network servers, the `netstat` command can often be very useful. It can show status of all incoming and outgoing sockets, which can give very handy info about the status of a network server. One of the more useful options is: netstat -pa The `-p` options tells it to try to determine what program has the socket open, which is often very useful info. For example, someone nmap's their system and wants to know what is using port 666 for example. Running netstat -pa will show you its satand running on that tcp port. One of the most twisted, but useful invocations is: netstat -a -n|grep -E "^(tcp)"| cut -c 68-|sort|uniq -c|sort -n This will show you a sorted list of how many sockets are in each connection state. For example: 9 LISTEN 21 ESTABLISHED

[Oct 27, 2018] Linux Kernel /etc/sysctl.conf Security Hardening

Oct 23, 2018 | www.cyberciti.biz ... ... ... sysctl is an interface that allows you to make changes to a running Linux kernel. With /etc/sysctl.conf you can configure various Linux networking and system settings such as: Limit network-transmitted configuration for IPv4 Limit network-transmitted configuration for IPv6 Turn on execshield protection Prevent against the common 'syn flood attack' Turn on source IP address verification Prevents a cracker from using a spoofing attack against the IP address of the server. Logs several types of suspicious packets, such as spoofed packets, source-routed packets, and redirects. Linux Kernel /etc/sysctl.conf Security Hardening with sysctl The sysctl command is used to modify kernel parameters at runtime. /etc/sysctl.conf is a text file containing sysctl values to be read in and set by sysct at boot time. To view current values, enter: # sysctl -a # sysctl -A # sysctl mib # sysctl net.ipv4.conf.all.rp_filter # sysctl -a --pattern 'net.ipv4.conf.(eth|wlan)0.arp' To load settings, enter: # sysctl -p Sample /etc/sysctl.conf for Linux server hardening Edit /etc/sysctl.conf or /etc/sysctl.d/99-custom.conf and update it as follows. The file is documented with comments. However, I recommend reading the official Linux kernel sysctl tuning help file (see below): # The following is suitable for dedicated web server, mail, ftp server etc. # --------------------------------------- # BOOLEAN Values: # a) 0 (zero) - disabled / no / false # b) Non zero - enabled / yes / true # -------------------------------------- # Controls IP packet forwarding net.ipv4.ip_forward = 0 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename # Useful for debugging multi-threaded applications kernel.core_uses_pid = 1 # Controls the use of TCP syncookies # Turn on SYN-flood protections net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_synack_retries = 5 ########## IPv4 networking start ############## # Send redirects, if router, but this is just server # So no routing allowed net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 # Accept packets with SRR option? No net.ipv4.conf.all.accept_source_route = 0 # Accept Redirects? No, this is not router net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 # Log packets with impossible addresses to kernel log? yes net.ipv4.conf.all.log_martians = 1 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.default.secure_redirects = 0 # Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast net.ipv4.icmp_echo_ignore_broadcasts = 1 # Prevent against the common 'syn flood attack' net.ipv4.tcp_syncookies = 1 # Enable source validation by reversed path, as specified in RFC1812 net.ipv4.conf.all.rp_filter = 1 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 ########## IPv6 networking start ############## # Number of Router Solicitations to send until assuming no routers are present. # This is host and not router net.ipv6.conf.default.router_solicitations = 0 # Accept Router Preference in RA? net.ipv6.conf.default.accept_ra_rtr_pref = 0 # Learn Prefix Information in Router Advertisement net.ipv6.conf.default.accept_ra_pinfo = 0 # Setting controls whether the system will accept Hop Limit settings from a router advertisement net.ipv6.conf.default.accept_ra_defrtr = 0 #router advertisements can cause the system to assign a global unicast address to an interface net.ipv6.conf.default.autoconf = 0 #how many neighbor solicitations to send out per address? net.ipv6.conf.default.dad_transmits = 0 # How many global unicast IPv6 addresses can be assigned to each interface? net.ipv6.conf.default.max_addresses = 1 ########## IPv6 networking ends ############## #Enable ExecShield protection #Set value to 1 or 2 (recommended) #kernel.exec-shield = 2 #kernel.randomize_va_space=2 # TCP and memory optimization # increase TCP max buffer size setable using setsockopt() #net.ipv4.tcp_rmem = 4096 87380 8388608 #net.ipv4.tcp_wmem = 4096 87380 8388608 # increase Linux auto tuning TCP buffer limits #net.core.rmem_max = 8388608 #net.core.wmem_max = 8388608 #net.core.netdev_max_backlog = 5000 #net.ipv4.tcp_window_scaling = 1 # increase system file descriptor limit fs.file-max = 65535 #Allow for more PIDs kernel.pid_max = 65536 #Increase system IP port limits net.ipv4.ip_local_port_range = 2000 65000 # RFC 1337 fix net.ipv4.tcp_rfc1337=1 Reboot the machine soon after a kernel panic kernel.panic=10 Addresses of mmap base, heap, stack and VDSO page are randomized kernel.randomize_va_space=2 Ignore bad ICMP errors net.ipv4.icmp_ignore_bogus_error_responses=1 Protects against creating or following links under certain conditions fs.protected_hardlinks=1 fs.protected_symlinks=1 How do I tune Linux VM subsystem? See FAQ: Linux Tuning The VM (memory) Subsystem How do I tune Linux network stack? See FAQ: Linux Tune Network Stack (Buffers Size) To Increase Networking Performance Other Linux security tips Linux Server Hardening Security Tips

[Aug 05, 2017] Disabling NetworkManager on RHEL 7

Aug 01, 2017 | superuser.com Andrew 46 I was setting up a RHEL7 server in vmware vSphere and I'm having trouble getting it on the network without NetworkManager. I configured the server to have a static IP during the install process and it set everything up using NetworkManager. While this does work we do not use NetworkManager in my office, so I went and entered what we usually put the config file to get RHEL6 servers online without NetworkManager. /etc/sysconfig/network-scripts/ifcfg-ens192 is the following: NAME=ens192 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=static IPADDR=10.0.2.15 PREFIX=24 GATEWAY=10.0.2.2

However when I disable NetworkManager the network service fails to start with the following error

#service network restart

Restarting network (via systemctl): Job for network.service failed. See 'systemctl status network.service' and 'journalctl -xn' for details.

And both commands output the following:

network[1838]: RTNETLINK answers: File exists network[1838]: RTNETLINK answers: File exists network[1838]: RTNETLINK answers: File exists network[1838]: RTNETLINK answers: File exists network[1838]: RTNETLINK answers: File exists network[1838]: RTNETLINK answers: File exists network[1838]: RTNETLINK answers: File exists systemd[1]: network.service: control process exited, code=exited status=1 systemd[1]: Failed to start LSB: Bring up/down networking

Also, here's what the command 'ip addr' outputs:

1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens192: mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 08:00:27:98:8e:df brd ff:ff:ff:ff:ff:ff asked Jul 11 '14 at 22:19

Pavel Šimerda Apr 5 '15 at 5:40

I recently debugged an issue with network.service and the best way to track the ip commands was strace . You shouldn't generally get this type of error. It might be worth reporting (ideally via support). –

Check your MAC Address for the VM. It should be 08:00:27:98:8e:df since that is what is shown you ran ip addr. If it's anything else, you will need to set it in your ifcfg-ens192 file with the following, but replace the address with the actual.

I had the same issue and this solved it for me.

Pavel Šimerda Apr 5 '15 at 5:43

The configuration file in the Question apparently relies on NAME=ens192 without any MAC address matching.

Dec 30 '14 at 14:46 0ldd0g

All I found that it takes to resolve this is that MAC in the Config NAME=ens192 TYPE=Ethernet ONBOOT=yes HWADDR="08:00:27:98:8e:df" NM_CONTROLLED=no BOOTPROTO=static IPADDR=10.0.2.15 PREFIX=24 GATEWAY=10.0.2.2 If you are not sure of the hardware address you can find it in. cat /sys/class/net/ens192/address

Try to go to the virtual machine network settings and make sure the network cable is connected and check if you have blocked this with a firewall

systemctl disable doesn't stop a service, nor does chkconfig ... off which basically translates to the same command anyway. – Pavel Šimerda

To network-scripts/ifcfg-eth0 added

Removed unnecessary ifcfg-* files which NetworkManager has left behind

This will solve the problem! # rm /etc/udev/rules.d/70-persistent-ipoib.rules # reboot Now edit /etc/sysconfig/network-scripts/ifcfg-eth0, Add new HWADDR generated or remove it Remove UUID line -Restart the networking service #systemctl restart network.service NOW! Working.

I was having the same issue. So I just delete the backup files I made in /etc/sysconfig/network-scripts , such as ifcfg-Bridge_connection_1.home and ifcfg-Bridge_connection_1.office which I created for backup usage. They should not be created there. The /etc/init.d/network restart could work well after delete those useless ifcfg-*.

[Aug 04, 2017] Disabling Network Manager

Aug 04, 2017 | access.redhat.com OpenStack networking currently does not work on systems that have the Network Manager ( NetworkManager ) service enabled. The Network Manager service is currently enabled by default on Red Hat Enterprise Linux installations where one of these package groups was selected during installation: Desktop Software Development Workstation The Network Manager service is not currently enabled by default on Red Hat Enterprise Linux installations where one of these package groups was selected during installation: Basic Server Database Server Web Server Identity Management Server Virtualization Host Minimal Install Follow the steps listed in this procedure while logged in as the root user on each system in the environment that will handle network traffic. This includes the system that will host the OpenStack Networking service, all network nodes, and all compute nodes. These steps ensure that the NetworkManager service is disabled and replaced by the standard network service for all interfaces that will be used by OpenStack Networking. Verify Network Manager is currently enabled using the chkconfig command. # chkconfig --list NetworkManager The output displayed by the chkconfig command inicates whether or not the Network Manager service is enabled. The system displays an error if the Network Manager service is not currently installed: error reading information on service NetworkManager: No such file or directory If this error is displayed then no further action is required to disable the Network Manager service. The system displays a list of numerical run levels along with a value of on or off indicating whether the Network Manager service is enabled when the system is operating in the given run level. NetworkManager 0:off 1:off 2:off 3:off 4:off 5:off 6:off If the value displayed for all run levels is off then the Network Manager service is disabled and no further action is required. If the value displayed for any of the run levels is on then the Network Manager service is enabled and further action is required. Ensure that the Network Manager service is stopped using the service command. # service NetworkManager stop Ensure that the Network Manager service is disabled using the chkconfig command. # chkconfig NetworkManager off Open each interface configuration file on the system in a text editor. Interface configuration files are found in the /etc/sysconfig/network-scripts/ directory and have names of the form ifcfg- X where X is replaced by the name of the interface. Valid interface names include eth0 , p1p5 , and em1 . In each file ensure that the NM_CONTROLLED configuration key is set to no and the ON_BOOT configuration key is set to yes . NM_CONTROLLED=no ONBOOT=yes This action ensures that the standard network service will take control of the interfaces and automatically activate them on boot. Ensure that the network service is started using the service command. # service network start Ensure that the network service is enabled using the chkconfig command. # chkconfig network on The Network Manager service has been disabled. The standard network service has been enabled and configured to control the required network interfaces.

[Aug 02, 2017] Issue with RHEL7 and disabling NetworkManager

Aug 02, 2017 | serverfault.com cjmaio Jul 2 '14 at 15:14 Okay community, let's see if we can figure this one out, cause I'm out of answers. Where I work I am setting up a bunch of RedHat Enterprise Linux servers. There is a collection of RHEL6 and RHEL7 servers. On the RHEL6 servers, I am using the standard network configuration tool by configuring it in /etc/sysconfig/network-scripts/ifcfg-eth0 and a dhclient configuration file in /etc/dhclient-eth0.conf . Everything works properly, I am assigned the custom FQDN by our DNS servers (e.g. hostname.ad.company.tld ) and when the DHCP lease is up, it is renewed automatically. Here is the issue: In RHEL7, NetworkManager is enabled by default. On our Kickstart, I have removed NetworkManager and went back to configuring network and dhcp the way it is done in RHEL6. All of the configuration is the same (sans using /etc/sysconfig/network-scripts/ifcfg-ens192 instead of eth0) and works fine for the first DHCP lease. Once the lease is up, it seemingly doesn't renew it until I issue a systemctl restart network command. I have looked and looked and I am coming up short. There must be something different in RHEL7 or something not configured when you disable NetworkManager , but I cannot for the life of me figure it out. Anyone have any thoughts? As I know these usually help, I'll post my RHEL7 configuration files, and the snippet from the logs where it loses the DHCP lease. /etc/sysconfig/network-scripts/ifcfg-ens192 # Generated by dracut initrd DEVICE="ens192" ONBOOT=yes NETBOOT=yes UUID="c23045ff-7b60-4dff-b052-30a61923a852" IPV6INIT=yes BOOTPROTO=dhcp HWADDR="00:0c:29:b6:d8:cc" TYPE=Ethernet NAME="ens192" NM_CONTROLLED=no /etc/dhclient-ens192.conf send host-name "hostname"; send fqdn.fqdn "hostname.ad.company.tld"; send fqdn.server-update off; /var/log/messages Jun 27 23:06:09 sa-kbwiki01 avahi-daemon[591]: Withdrawing address record for 129.89.78.221 on ens192. Jun 27 23:06:09 sa-kbwiki01 avahi-daemon[591]: Leaving mDNS multicast group on interface ens192.IPv4 with address xxx.xx.xx.xxx. Jun 27 23:06:09 sa-kbwiki01 avahi-daemon[591]: Interface ens192.IPv4 no longer relevant for mDNS.

That log snippet doesn't show your DHCP lease being lost. Keep looking, there should be other more relevant entries. – Michael Hampton ♦ Jul 2 '14 at 15:24

From what I recall hearing pre-launch is that networkManager is not the same PoS it was years ago and Red Hat more or less forces you to learn to live with it. Having said that, the documentation mentions that NetworkManager has been made responsible for starting dhclient, so it could be that without NM, dhclient is run with the -1 option and doesn't become a daemon. – HBruijn ♦ Jul 2 '14 at 15:36

@MichaelHampton I do not see anything else in /var/log/messages. Other things that use the network are operating fine until that line, at which point everything starts saying no network available. – cjmaio Jul 2 '14 at 15:59

@HBruijn That gives me somewhere to start... though when doing a ps aux | grep dhclient I do see that the -1 flag is being set... is there anywhere else that dhclient would log to other than /var/log/messages ? – cjmaio Jul 2 '14 at 16:00

Yeah, NM is fairly safe to use these days unless you have a very complicated setup. I do wonder why you're running Avahi though. – Michael Hampton ♦ Jul 2 '14 at 16:01

[Aug 26, 2015] Changing timezone in RHEL6 from the command line

[apr 29, 2011] disabling avahi-daemon len.

One of the things I quickly found to be bothering me is the fact that there was an apparently long and unexplicable delay for all new network connections which resembled to a dns resolving. No reason for lengthy dns resolving though. So I did a strace: socket(PF_FILE, SOCK_STREAM, 0) = 4 fcntl64(4, F_GETFD) = 0 fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 connect(4, {sa_family=AF_FILE, path="/var/run/avahi-daemon/socket"}, 110) = 0 fcntl64(4, F_GETFL) = 0x2 (flags O_RDWR) fstat64(4, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f35000_ llseek(4, 0, 0xbfa7d918, SEEK_CUR) = -1 ESPIPE (Illegal seek) write(4, "RESOLVE-ADDRESS 10.0.0.6\n", 25) = 25read(4, <unfinished ...> the results shows a connection to a avahi-daemon which I have no ideea what is good for so I should not need it. I disabled it in /etc/default/avahi-daemon cat /etc/default/avahi-daemon # 0 = don't start, 1 = start AVAHI_DAEMON_START=0 Hope it helps.

[Jul 25, 2010] Configure The Network Card In Redhat 5.3 Advanced Server

Edit The Network Configuration Files Directly From a terminal window type: cd /etc/sysconfig/networking-scripts You will need to edit the following filess: /etc/sysconfig/network-scripts/ifcfg-eth0 (and eth1 if you have another card.) /etc/sysconfig/network-scripts/ifcfg-eth0 Change or Add New Info cd /etc/sysconfig/network-scripts/ vi ifcfg-eth0 Change or Add The Following Lines # Xen Virtual Ethernet DEVICE=eth0 BOOTPROTO=none BROADCAST=10.10.1.255 HWADDR=56:36:DC:8F:D5:59 IPADDR=10.10.1.73 NETMASK=255.255.255.0 NETWORK=10.10.1.0 ONBOOT=yes GATEWAY=10.10.1.1 TYPE=Ethernet Setup A Default Gateway vi /etc/sysconfig/network NETWORKING=yes NETWORKING_IPV6=no HOSTNAME=myhostname GATEWAY=10.10.1.1 Make sure your DNS entries are correct. Set them to the correct values, whatever those are. For example: vi /etc/resolv.conf nameserver 10.10.1.13 nameserver 10.10.1.14 search mydomain.com Save the file & restart the network service: service network restart The GUI Tool You can also launch the system-config-network tool in GUI mode. From a command line where you are running X-Windows, type system-config-network , or chose System / Administration / Network from the menu

Linux Network Administrator's Guide, 2nd Edition Chapter 5 Configuring TCP-IP Networking

A couple of commands are used to configure the network interfaces and initialize the routing table. These tasks are usually performed from the network initialization script each time you boot the system. The basic tools for this process are called ifconfig (where "if" stands for interface) and route . ifconfig is used to make an interface accessible to the kernel networking layer. This involves the assignment of an IP address and other parameters, and activation of the interface, also known as "bringing up" the interface. Being active here means that the kernel will send and receive IP datagrams through the interface. The simplest way to invoke it is with: ifconfig interface ip-address

This command assigns ip-address to interface and activates it. All other parameters are set to default values. For instance, the default network mask is derived from the network class of the IP address, such as 255.255.0.0 for a class B address. ifconfig is described in detail in the section "All About ifconfig".

route allows you to add or remove routes from the kernel routing table. It can be invoked as:

route [add|del] [-net|-host] target [ if ]

The add and del arguments determine whether to add or delete the route to target . The -net and -host arguments tell the route command whether the target is a network or a host (a host is assumed if you don't specify). The if argument is again optional, and allows you to specify to which network interface the route should be directed -- the Linux kernel makes a sensible guess if you don't supply this information. This topic will be explained in more detail in succeeding sections.

The Loopback Interface

The very first interface to be activated is the loopback interface:

# ifconfig lo 127.0.0.1

Occasionally, you will see the dummy hostname localhost being used instead of the IP address. ifconfig will look up the name in the hosts file, where an entry should declare it as the hostname for 127.0.0.1 :

# Sample /etc/hosts entry for localhost localhost 127.0.0.1

To view the configuration of an interface, you invoke ifconfig , giving it only the interface name as argument:

$ ifconfig lo lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 Collisions:0

As you can see, the loopback interface has been assigned a netmask of 255.0.0.0 , since 127.0.0.1 is a class A address.

Now you can almost start playing with your mini-network. What is still missing is an entry in the routing table that tells IP that it may use this interface as a route to destination 127.0.0.1 . This is accomplished by using:

# route add 127.0.0.1

Again, you can use localhost instead of the IP address, provided you've entered it into your /etc/hosts .

Next, you should check that everything works fine, for example by using ping .

# ping localhost PING localhost (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=0.4 ms 64 bytes from 127.0.0.1: icmp_seq=1 ttl=255 time=0.4 ms 64 bytes from 127.0.0.1: icmp_seq=2 ttl=255 time=0.4 ms ^C --- localhost ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.4/0.4/0.4 ms #

When you invoke ping as shown here, it will continue emitting packets forever, unless interrupted by the user. The ^C marks the place where we pressed Ctrl-C.

The previous example shows that packets for 127.0.0.1 are properly delivered and a reply is returned to ping almost instantaneously. This shows that you have successfully set up your first network interface.

If the output you get from ping does not resemble that shown in the previous example, you are in trouble. Check any errors if they indicate that some file hasn't been installed properly. Check that the ifconfig and route binaries you use are compatible with the kernel release you run, and above all, that the kernel has been compiled with networking enabled (you see this from the presence of the /proc/net directory). If you get an error message saying "Network unreachable," you probably got the route command wrong. Make sure you use the same address you gave to ifconfig .

The steps previously described are enough to use networking applications on a standalone host. After adding the lines mentioned earlier to your network initialization script and making sure it will be executed at boot time, you may reboot your machine and try out various applications. For instance, telnet localhost should establish a telnet connection to your host, giving you a login: prompt.

However, the loopback interface is useful not only as an example in networking books, or as a test bed during development, but is actually used by some applications during normal operation.[ 5 ] Therefore, you always have to configure it, regardless of whether your machine is attached to a network or not.

[5] For example, all applications based on RPC use the loopback interface to register themselves with the portmapper daemon at startup. These applications include NIS and NFS.

Ethernet Interfaces

Configuring an Ethernet interface is pretty much the same as the loopback interface; it just requires a few more parameters when you are using subnetting.

At the Virtual Brewery, we have subnetted the IP network, which was originally a class B network, into class C subnetworks. To make the interface recognize this, the ifconfig incantation would look like this:

# ifconfig eth0 vstout netmask 255.255.255.0

This command assigns the eth0 interface the IP address of vstout ( 172.16.1.2 ). If we omitted the netmask, ifconfig would deduce the netmask from the IP network class, which would result in an incorrect netmask of 255.255.0.0 . Now a quick check shows:

# ifconfig eth0 eth0 Link encap 10Mps Ethernet HWaddr 00:00:C0:90:B3:42 inet addr 172.16.1.2 Bcast 172.16.1.255 Mask 255.255.255.0 UP BROADCAST RUNNING MTU 1500 Metric 1 RX packets 0 errors 0 dropped 0 overrun 0 TX packets 0 errors 0 dropped 0 overrun 0

You can see that ifconfig automatically sets the broadcast address (the Bcast field) to the usual value, which is the host's network number with all the host bits set. Also, the maximum transmission unit (the maximum size of IP datagrams the kernel will generate for this interface) has been set to the maximum size of Ethernet packets: 1,500 bytes. The defaults are usually what you will use, but all these values can be overidden if required, with special options that will be described under "All About ifconfig".

Just as for the loopback interface, you now have to install a routing entry that informs the kernel about the network that can be reached through eth0 . For the Virtual Brewery, you might invoke route as:

# route add -net 172.16.1.0

At first this looks a little like magic, because it's not really clear how route detects which interface to route through. However, the trick is rather simple: the kernel checks all interfaces that have been configured so far and compares the destination address ( 172.16.1.0 in this case) to the network part of the interface address (that is, the bitwise AND of the interface address and the netmask). The only interface that matches is eth0 .

Now, what's that -net option for? This is used because route can handle both routes to networks and routes to single hosts (as you saw before with localhost ). When given an address in dotted quad notation, route attempts to guess whether it is a network or a hostname by looking at the host part bits. If the address's host part is zero, route assumes it denotes a network; otherwise, route takes it as a host address. Therefore, route would think that 172.16.1.0 is a host address rather than a network number, because it cannot know that we use subnetting. We have to tell route explicitly that it denotes a network, so we give it the -net flag.

Of course, the route command is a little tedious to type, and it's prone to spelling mistakes. A more convenient approach is to use the network names we defined in /etc/networks . This approach makes the command much more readable; even the -net flag can be omitted because route knows that 172.16.1.0 denotes a network:

# route add brew-net

Now that you've finished the basic configuration steps, we want to make sure that your Ethernet interface is indeed running happily. Choose a host from your Ethernet, for instance vlager , and type:

# ping vlager PING vlager: 64 byte packets 64 bytes from 172.16.1.1: icmp_seq=0. time=11. ms 64 bytes from 172.16.1.1: icmp_seq=1. time=7. ms 64 bytes from 172.16.1.1: icmp_seq=2. time=12. ms 64 bytes from 172.16.1.1: icmp_seq=3. time=3. ms ^C ----vstout.vbrew.com PING Statistics---- 4 packets transmitted, 4 packets received, 0 round-trip (ms) min/avg/max = 3/8/12

If you don't see similar output, something is broken. If you encounter unusual packet loss rates, this hints at a hardware problem, like bad or missing terminators. If you don't receive any replies at all, you should check the interface configuration with netstat described later in "The netstat Command". The packet statistics displayed by ifconfig should tell you whether any packets have been sent out on the interface at all. If you have access to the remote host too, you should go over to that machine and check the interface statistics. This way you can determine exactly where the packets got dropped. In addition, you should display the routing information with route to see if both hosts have the correct routing entry. route prints out the complete kernel routing table when invoked without any arguments ( -n just makes it print addresses as dotted quad instead of using the hostname):

# route -n Kernel routing table Destination Gateway Genmask Flags Metric Ref Use Iface 127.0.0.1 * 255.255.255.255 UH 1 0 112 lo 172.16.1.0 * 255.255.255.0 U 1 0 10 eth0

The detailed meaning of these fields is explained later in "The netstat Command". The Flags column contains a list of flags set for each interface. U is always set for active interfaces, and H says the destination address denotes a host. If the H flag is set for a route that you meant to be a network route, you have to reissue the route command with the -net option. To check whether a route you have entered is used at all, check to see if the Use field in the second to last column increases between two invocations of ping .

Routing Through a Gateway

In the previous section, we covered only the case of setting up a host on a single Ethernet. Quite frequently, however, one encounters networks connected to one another by gateways. These gateways may simply link two or more Ethernets, but may also provide a link to the outside world, such as the Internet. In order to use a gateway, you have to provide additional routing information to the networking layer.

The Ethernets of the Virtual Brewery and the Virtual Winery are linked through such a gateway, namely the host vlager . Assuming that vlager has already been configured, we just have to add another entry to vstout 's routing table that tells the kernel it can reach all hosts on the Winery's network through vlager . The appropriate incantation of route is shown below; the gw keyword tells it that the next argument denotes a gateway:

# route add wine-net gw vlager

Of course, any host on the Winery network you wish to talk to must have a routing entry for the Brewery's network. Otherwise you would only be able to send data to the Winery network from the Brewery network, but the hosts on the Winery would be unable to reply.

This example describes only a gateway that switches packets between two isolated Ethernets. Now assume that vlager also has a connection to the Internet (say, through an additional SLIP link). Then we would want datagrams to any destination network other than the Brewery to be handed to vlager . This action can be accomplished by making it the default gateway for vstout :

# route add default gw vlager

The network name default is a shorthand for 0.0.0.0 , which denotes the default route. The default route matches every destination and will be used if there is no more specific route that matches. You do not have to add this name to /etc/networks because it is built into route .

If you see high packet loss rates when pinging a host behind one or more gateways, this may hint at a very congested network. Packet loss is not so much due to technical deficiencies as to temporary excess loads on forwarding hosts, which makes them delay or even drop incoming datagrams.

Configuring a Gateway

Configuring a machine to switch packets between two Ethernets is pretty straightforward. Assume we're back at vlager , which is equipped with two Ethernet cards, each connected to one of the two networks. All you have to do is configure both interfaces separately, giving them their respective IP addresses and matching routes, and that's it.

It is quite useful to add information on the two interfaces to the hosts file as shown in the following example, so we have handy names for them, too:

172.16.1.1 vlager.vbrew.com vlager vlager-if1 172.16.2.1 vlager-if2

The sequence of commands to set up the two interfaces is then:

# ifconfig eth0 vlager-if1 # route add brew-net # ifconfig eth1 vlager-if2 # route add wine-net

If this sequence doesn't work, make sure your kernel has been compiled with support for IP forwarding enabled. One good way to do this is to ensure that the first number on the second line of /proc/net/snmp is set to 1 .

IBM Redbooks Linux Performance and Tuning Guidelines

Abstract Over the past few years, Linux has made its way into the data centers of many corporations all over the globe. The Linux operating system has become accepted by both the scientific and enterprise user population. Today, Linux is by far the most versatile operating system. You can find Linux on embedded devices such as firewalls and cell phones and mainframes. Naturally, performance of the Linux operating system has become a hot topic for both scientific and enterprise users. However, calculating a global weather forecast and hosting a database impose different requirements on the operating system. Linux has to accommodate all possible usage scenarios with the most optimal performance. The consequence of this challenge is that most Linux distributions contain general tuning parameters to accommodate all users. IBM® has embraced Linux, and it is recognized as an operating system suitable for enterprise-level applications running on IBM systems. Most enterprise applications are now available on Linux, including file and print servers, database servers, Web servers, and collaboration and mail servers. With use of Linux in an enterprise-class server comes the need to monitor performance and, when necessary, tune the server to remove bottlenecks that affect users. This IBM Redpaper describes the methods you can use to tune Linux, tools that you can use to monitor and analyze server performance, and key tuning parameters for specific server applications. The purpose of this redpaper is to understand, analyze, and tune the Linux operating system to yield superior performance for any type of application you plan to run on these systems. The tuning parameters, benchmark results, and monitoring tools used in our test environment were executed on Red Hat and Novell SUSE Linux kernel 2.6 systems running on IBM System x servers and IBM System z servers. However, the information in this redpaper should be helpful for all Linux hardware platforms. Update 4/2008: Typos corrected

[Feb 25, 2009] How to troubleshoot RHEL performance bottlenecks by Ken Milberg

09.30.2008 You've just had your first cup of coffee and have received that dreaded phone call. The system is slow. What are you going to do? This article will discuss performance bottlenecks and optimization in Red Hat Enterprise Linux (RHEL5). Before getting into any monitoring or tuning specifics, you should always use some kind of tuning methodology. This is one which I've used successfully through the years: 1. Baseline – The first thing you must do is establish a baseline, which is a snapshot of how the system appears when it's performing well. This baseline should not only compile data, but also document your system's configuration (RAM, CPU and I/O). This is necessary because you need to know what a well-performing system looks like prior to fixing it. 2. Stress testing and monitoring – This is the part where you monitor and stress your systems at peak workloads. It's the monitoring which is key here – as you cannot effectively tune anything without some historic trending data. 3. Bottleneck identification – This is where you come up with the diagnosis for what is ailing your system. The primary objective of section 2 is to determine the bottleneck. I like to use several monitoring tools here. This allows me to cross-reference my data for accuracy. 4. Tune – Only after you've identified the bottleneck can you tune it. 5. Repeat – Once you've tuned it, you can start the cycle again – but this time start from step 2 (monitoring) – as you already have your baseline. It's important to note that you should only make one change at a time. Otherwise, you'll never know exactly what impacted any changes which might have occurred. It is only by repeating your tests and consistently monitoring your systems that you can determine if your tuning is making an impact. RHEL monitoring tools Before we can begin to improve the performance of our system, we need to use the monitoring tools available to us to baseline. Here are some monitoring tools you should consider using: Oprofile This tool (made available in RHEL5) utilizes the processor to retrieve kernel system information about system executables. It allows one to collect samples of performance data every time a counter detects an interrupt. I like the tool also because it carries little overhead – which is very important because you don't want monitoring tools to be causing system bottlenecks. One important limitation is that the tool is very much geared towards finding problems with CPU limited processes. It does not identify processes which are sleeping or waiting on I/O. The steps used to start up Oprofile include setting up the profiler, starting it and then dumping the data. First we'll set up the profile. This option assumes that one wants to monitor the kernel. # opcontrol --setup –vmlinux=/usr/lib/debug/lib/modules/'uname -r'/vmlinux Then we can start it up. # opcontrol --start Finally, we'll dump the data. # opcontrol --stop/--shutdown/--dump SystemTap This tool (introduced in RHEL5) collects data by analyzing the running kernel. It really helps one come up with a correct diagnosis of a performance problem and is tailor-made for developers. SystemTap eliminates the need for the developer to go through the recompile and reinstallation process to collect data. Frysk This is another tool which was introduced by Red Hat in RHEL5. What does it do for you? It allows both developers and system administrators to monitor running processes and threads. Frysk differs from Oprofile in that it uses 100% reliable information (similar to SystemTap) - not just a sampling of data. It also runs in user mode and does not require kernel modules or elevated privileges. Allowing one to stop or start running threads or processes is also a very useful feature. Some more general Linux tools include top and vmstat . While these are considered more basic, often I find them much more useful than more complex tools. Certainly they are easier to use and can help provide information in a much quicker fashion. Top provides a quick snapshot of what is going on in your system – in a friendly character-based display. It also provides information on CPU, Memory and Swap Space. Let's look at vmstat – one of the oldest but more important Unix/Linux tools ever created. Vmstat allows one to get a valuable snapshot of process, memory, sway I/O and overall CPU utilization. Now let's define some of the fields: Memory swpd – The amount of virtual memory free – The amount of free memory buff – Amount of memory used for buffers cache – Amount of memory used as page cache Process r – number of run-able processes b – number or processes sleeping. Make sure this number does not exceed the amount of run-able processes, because when this condition occurs it usually signifies that there are performance problems. Swap si – the amount of memory swapped in from disk so – the amount of memory swapped out. This is another important field you should be monitoring – if you are swapping out data, you will likely be having performance problems with virtual memory. CPU us – The % of time spent in user-level code. It is preferable for you to have processes which spend more time in user code rather than system code. Time spent in system level code usually means that the process is tied up in the kernel rather than processing real data. sy – the time spent in system level code id – the amount of time the CPU is idle wa – The amount of time the system is spending waiting for I/O. If your system is waiting on I/O – everything tends to come to a halt. I start to get worried when this is > 10. There is also: Free – This tool provides memory information, giving you data around the total amount of free and used physical and swap memory. Now that we've analyzed our systems – lets look at what we can do to optimize and tune our systems. CPU Overhead – Shutting Running Processes Linux starts up all sorts of processes which are usually not required. This includes processes such as autofs, cups, xfs, nfslock and sendmail. As a general rule, shut down anything that isn't explicitly required. How do you do this? The best method is to use the chkconfig command. Here's how we can shut these processes down. [root ((Content component not found.)) _29_140_234 ~]# chkconfig --del xfs You can also use the GUI - /usr/bin/system-config-services to shut down daemon process. Tuning the kernel To tune your kernel for optimal performance, start with: sysctl – This is the command we use for changing kernel parameters. The parameters themselves are found in /proc/sys/kernel Let's change some of the parameters. We'll start with the msgmax parameter. This parameter specifies the maximum allowable size of a single message in an IPC message queue. Let's view how it currently looks. [root ((Content component not found.)) _29_139_52 ~]# sysctl kernel.msgmax kernel.msgmax = 65536 [root ((Content component not found.)) _29_139_52 ~]# There are three ways to make these kinds of kernel changes. One way is to change this using the echo command. [root ((Content component not found.)) _29_139_52 ~]# echo 131072 >/proc/sys/kernel/msgmax [root ((Content component not found.)) _29_139_52 ~]# sysctl kernel.msgmax kernel.msgmax = 131072 [root ((Content component not found.)) _29_139_52 ~]# Another parameter that is changed quite frequently is SHMMAX , which is used to define the maximum size (in bytes) for a shared memory segment. In Oracle this should be set large enough for the largest SGA size. Let's look at the default parameter: # sysctl kernel.shmmax kernel.shmmax = 268435456 This is in bytes – which translates to 256 MG. Let's change this to 512 MG, using the -w flag. [root ((Content component not found.)) _29_139_52 ~]# sysctl -w kernel.shmmax=5368709132 kernel.shmmax = 5368709132 [root ((Content component not found.)) _29_139_52 ~]# The final method for making changes is to use a text editor such as vi – directly editing the /etc/sysctl.conf file to manually make our changes. To allow the parameter to take affect dynamically without a reboot, issue the sysctl command with the -p parameter. Obviously, there is more to performance tuning and optimization than we can discuss in the context of this small article – entire books have been written on Linux performance tuning. For those of you first getting your hands dirty with tuning, I suggest you tread lightly and spend time working on development, test and/or sandbox environments prior to deploying any changes into production. Ensure that you monitor the effects of any changes that you make immediately; it's imperative to know the effect of your change. Be prepared for the possibility that fixing your bottleneck has created another one. This is actually not a bad thing in itself, as long as your overall performance has improved and you understand fully what is happening. Performance monitoring and tuning is a dynamic process which does not stop after you have fixed a problem. All you've done is established a new baseline. Don't rest on your laurels, and understand that performance monitoring must be a routine part of your role as a systems administrator. About the author: Ken Milberg is a systems consultant with two decades of experience working with Unix and Linux systems. He is a SearchEnterpriseLinux.com Ask the Experts advisor and columnist.

[Feb 23, 2009] Deployment_Guide /Gathering System Information

Before you learn how to configure your system, you should learn how to gather essential system> information. For example, you should know how to find the amount of free memory, the amount of available hard drive space, how your hard drive is partitioned, and what processes are running. This chapter discusses how to retrieve this type of information from your Red Hat Enterprise Linux system using simple commands and a few simple programs. 1. System Processes The ps ax command displays a list of current system processes, including processes owned by other users. To display the owner alongside each process, use the ps aux command. This list is a static list; in other words, it is a snapshot of what was running when you invoked the command. If you want a constantly updated list of running processes, use top as described below. The ps output can be long. To prevent it from scrolling off the screen, you can pipe it through less: ps aux | less You can use the ps command in combination with the grep command to see if a process is running. For example, to determine if Emacs is running, use the following command: ps ax | grep emacs The top command displays currently running processes and important information about them including their memory and CPU usage. The list is both real-time and interactive. An example of output from the top command is provided as follows: To exit top press the q key. Useful interactive commands that you can use: Space Immediately refresh the display h Display a help screen k Kill a process. You are prompted for the process ID and the signal to send to it. n Change the number of processes displayed. You are prompted to enter the number. u Sort by user. M Sort by memory usage. P Sort by CPU usage. For more information, refer to the top (1) manual page.

CentOS / RHEL 6 : How to add/remove additional IP addresses to a network interface

There are two ways to add another IP address to an interface. The old way creates a new virtual interface named in the style of ethX:Y where X and Y are numbers, for instance, eth0:1. Each interface has one IP address. It appears in ifconfig output as an ordinary interface and in ip output with a label attached.

The new way adds a secondary address to the main interface. So, instead of having one interface per IP address, it is possible to add many addresses to the real interface. However, ifconfig tool is too old and can’t see the additional IP addresses, so in this case, the ip tool must be used instead. This is the preferred way nowadays.

Add/Remove additional IP manually

1. Use the ip command to display the current ip address configuration of the interface eth0 :

2. To delete an existing IP

3. To add an IP address:

Add/Remove Additional IP persistently

To add or remove additional IP adresses and keep the configuration persistent, we need to Edit the corresponding /etc/sysconfig/network-scripts/ifcfg-eth[x] configuration file and add/remove as many additional IPADDR[n] and PREFIX[n] entries as additional IP addresses are required.

For example the following configuration file:

would give the following result:

The following additional entries are possible: