Set network interface speed with systemd-networkd

Sometimes automation is your best friend and sometimes it isn’t. Typically, when two devices are connected via ethernet cables, they negotiate the best speed they can manage across a network link. They also try to agree on whether they can run full or half duplex across the network link. Most of the time, this works beautifully. It can break down with strange networking configs, damaged adapters, or finicky cables....

2021-08-20 · 3 min · Major Hayden

DHCPv6 prefix delegation with systemd-networkd

My home internet comes from Spectrum (formerly Time Warner Cable) and they offer IPv6 addresses for cable modem subscribers. One of the handy features they provide is DHCPv6 prefix delegation. If you’re not familiar with that topic, here’s a primer on how you get IPv6 addresses: SLAAC: Your machine selects an IPv6 address based on router advertisements DHCPv6: Your machine makes a DHCPv6 request (a lot like DHCP requests) and gets an address back to use DHCPv6 with prefix delegation: Your machine makes a special DHCPv6 request where you provide a hint about the size of the IPv6 network prefix you want....

2021-07-28 · 4 min · Major Hayden

Get a /56 from Spectrum using wide-dhcpv6

After writing my last post on my IPv6 woes with my Pixel 3, some readers asked how I’m handling IPv6 on my router lately. I wrote about this previously when Spectrum was Time Warner Cable and I was using Mikrotik network devices. There is a good post from 2015 on the blog and it still works today: Time Warner Road Runner, Linux, and large IPv6 subnets I am still using that same setup today, but some readers found it difficult to find the post since Time Warner Cable has renamed to Spectrum....

2019-03-19 · 1 min · Major Hayden

Pixel 3 Wi-Fi drops constantly

We have two Google Pixel phones in our house: a Pixel 2 and a Pixel 3. Both of them drop off our home wireless network regularly. It causes lots of problems with various applications on the phones, especially casting video via Chromecast. At the time when I first noticed the drops, I was using a pair of wireless access points (APs) from Engenius: EAP600 EAP1200H Also, here’s what I knew at the time:...

2019-03-17 · 7 min · Major Hayden

Allow a port range with firewalld

Managing iptables gets a lot easier with firewalld. You can manage rules for the IPv4 and IPv6 stacks using the same commands and it provides fine-grained controls for various “zones” of network sources and destinations. Quick example Here’s an example of allowing an arbitrary port (for netdata) through the firewall with iptables and firewalld on Fedora: ## iptables iptables -A INPUT -j ACCEPT -p tcp --dport 19999 ip6tables -A INPUT -j ACCEPT -p tcp --dport 19999 service iptables save service ip6tables save ## firewalld firewall-cmd --add-port=19999/tcp --permanent In this example, firewall-cmd allows us to allow a TCP port through the firewall with a much simpler interface and the change is made permanent with the --permanent argument....

2019-01-04 · 2 min · Major Hayden

Ensuring keepalived starts after the network is ready

After a recent OpenStack-Ansible (OSA) deployment on CentOS, I found that keepalived was not starting properly at boot time: Keepalived_vrrp[801]: Cant find interface br-mgmt for vrrp_instance internal !!! Keepalived_vrrp[801]: Truncating auth_pass to 8 characters Keepalived_vrrp[801]: VRRP is trying to assign ip address 172.29.236.11/32 to unknown br-mgmt interface !!! go out and fix your conf !!! Keepalived_vrrp[801]: Cant find interface br-mgmt for vrrp_instance external !!! Keepalived_vrrp[801]: Truncating auth_pass to 8 characters Keepalived_vrrp[801]: VRRP is trying to assign ip address 192....

2017-12-15 · 2 min · Major Hayden

OpenStack-Ansible networking on CentOS 7 with systemd-networkd

Although OpenStack-Ansible doesn’t fully support CentOS 7 yet, the support is almost ready. I have a four node Ocata cloud deployed on CentOS 7, but I decided to change things around a bit and use systemd-networkd instead of NetworkManager or the old rc scripts. This post will explain how to configure the network for an OpenStack-Ansible cloud on CentOS 7 with systemd-networkd. Each one of my OpenStack hosts has four network interfaces and each one has a specific task:...

2017-04-13 · 3 min · Major Hayden

systemd-networkd on Ubuntu 16.04 LTS (Xenial)

My OpenStack cloud depends on Ubuntu, and the latest release of OpenStack-Ansible (what I use to deploy OpenStack) requires Ubuntu 16.04 at a minimum. I tried upgrading the servers in place from Ubuntu 14.04 to 16.04, but that didn’t work so well. Those servers wouldn’t boot and the only recourse was a re-install. Once I finished re-installing them (and wrestling with several installer bugs in Ubuntu 16.04), it was time to set up networking....

2017-01-15 · 3 min · Major Hayden

Talk Recap: Holistic Security for OpenStack Clouds

Thanks to everyone who attended my talk at the OpenStack Summit in Barcelona! I really enjoyed sharing some tips with the audience and it was great to meet some attendees in person afterwards. If you weren’t able to make it, don’t fret! This post will cover some of the main points of the talk and link to the video and slides. Purpose OpenStack clouds are inherently complex. Operating a cloud involves a lot of moving pieces in software, hardware, and networking....

2016-10-31 · 3 min · Major Hayden

HTTP/2 for the blog and icanhazip.com

I’ve recently updated this blog and icanhazip.com to enable HTTP/2! This probably won’t have much of an effect on users who query icanhazip.com with automated tools, but it should deliver the content on this blog a little faster. If you’re using an older, non-HTTP/2 client - don’t worry. All of the sites will continue working for you as they always have. Head on over to Wikipedia to learn more about HTTP/2 and its benefits....

2016-09-13 · 1 min · Major Hayden