Documentation Networking Beat

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(NM mobile broadband)
(39 intermediate revisions by 10 users not shown)
Line 1: Line 1:
== Networking ==
+
{{header|docs}}
 +
{{Docs_beat_open}}
 +
= federated VOIP=
  
=== NetworkManager with system wide connections and enhanced support for Mobile Broadband ===
+
= Improved Mobile Broadband Support =
 +
Fedora 19 includes a new, more capable version of ModemManager for interacting with mobile broadband devices. This version provides better support for multi-mode devices like Qualcomm Gobi WWAN cards and other devices that support both CDMA/EVDO/LTE and/or GSM/UMTS/LTE simultaneously. To provide this support, the D-Bus API of ModemManager has changed, which may require updates in applications that interact with ModemManager to control WWAN devices.
  
NetworkManager can now create and edit system-wide network connections in /etc/sysconfig. NetworkManager has been able to read information about system-wide network connections from /etc/sysconfig for a while. Now we have enabled full read-write support for system connections. The ability to create or modify new system connections will be controlled by PolicyKit policies. Initially, only wired/wireless connections will be supported. Later on, vpn connections will follow. For connections that require secrets, those will be stored in .keys files in /etc/sysconfig.
+
Many devices will connect and authenticate using the NetworkManager GUI. `nm-cli` has added features to configure mobile connections. For more detailed usage information, consult http://fedoraproject.org/wiki/Features/MoreMobileBroadband .
  
By providing a database of preconfigured mobile broadband providers, supporting more hardware and permit to scan GSM networks, NetworkManager makes the use of mobile broadband much easier. Your broadband provider will be automatically recognized by NetworkManager and it will make it easy to just plug it your USB device and get you online within minutes.  
+
= firewalld =
 +
== locking the firewall ==
 +
Dynamic firewall configuration by application can now be locked down completely, or limited to a whitelist. The whitelist can contain commands, users, UIDs, and selinux contexts.
 +
<!-- asked for manpages at https://bugzilla.redhat.com/show_bug.cgi?id=952364 -->
  
 +
To lock down the firewall, set `Lockdown=yes` in `/etc/firewalld/firewalld.conf`
  
=== Enhanced IPV6 Support in NetworkManager ===
+
Whitelist definitions are kept in `/etc/firewalld/lockdown-whitelist.xml`. This example whitelist allows `firewall-cmd` to configure the firewall:
 +
<whitelist>
 +
<command name="/usr/bin/python /usr/bin/firewall-cmd"
 +
</whitelist>
  
For non GUI users, and those that use ifcfg files directly, NetworkMangaer should bring up the interface with IPv6 connectivity correctly at boot. No modification of the ifcfg files should be necessary.
+
The firewall must be reloaded to refresh the whitelist:
 +
firewall-cmd --reload
  
For GUI users, a new IPv6 tab will appear in the connection editor which will allow for control if the IPv6 settings similar to control of IPv4 settings already. After selecting the configuration method ("auto" is the default, which will honor router-advertisements and attempt to retrieve DNS information with DHCPv6 information-only mode) and entering any additional settings they may wish to use, then saving the connection, activating that connection should configure the interface fully with IPv6 as requested by the user.  
+
== configuring the firewall ==
 +
Configuring firewalld is now possible using high level, human readable language. firewalld's XML rule definitions make advanced configuration easy. For more information, read the feature page at http://fedoraproject.org/wiki/Features/FirewalldRichLanguage .
  
 +
= BIND10 =
 +
The latest versions of the  popular nameserver `bind` and dhcp server `dhcpd` server are now available for Fedora. The BIND10 suite features include a RESTful configuration API and sqlite database backend for `named` and SQL backend for `dhcpd`.
  
=== NetworkManager System Connections ===
+
For more information, consult the `bind10` manual at http://bind10.isc.org/docs/bind10-guide.html .
 
+
NetworkManager has been able to read information about system-wide network connections from /etc/sysconfig for a while. This feature is about enabling full read-write support for system connections. The ability to create or modify new system connections will be controlled by PolicyKit policies.
+
= stable network interface naming =
 
+
The udevd service has a long history of providing predictable names for block devices and others. Fedora will now also use udev naming for network interfaces by default, providing more reliable interface names on systems with multiple network devices. Alternative naming schemes, such as custom udev rules or biosdevname, will override this default. Users upgrading from previous releases may need to update the device names referenced in `/etc/system/network-scripts`, although in most cases `biosdevname` will continue to manage naming.
Initially, only wired/wireless connections will be supported. Later on, vpn connections will follow.
+
 
+
For connections that require secrets, those will be stored in .keys files in /etc/sysconfig.
+
 
+
 
+
=== Network Interface Management ===
+
 
+
Configuring the network interfaces on a machine for moderately complicated
+
yet common scenarios is generally only accessible to advanced users, and
+
very poorly supported by existing tools. Such scenarios include creating a
+
bridge and enslaving a physical NIC to it, or bonding two NIC's, adding a
+
VLAN interface to the bond and enslaving that to a bridge.
+
 
+
Complicated bridge setups are commonly needed on virtualized hosts, and
+
often have to be performed remotely by higher-level management tools,
+
rather than a human user.
+
 
+
This feature addresses these needs by providing a general-purpose network
+
configuration library ([http://fedorahosted.org/netcf netcf]) and additions
+
to the [http://libvirt.org libvirt API] to expose netcf's local API through
+
libvirt's remoting facilities.
+
 
+
With <code>netcf</code>, a logical network interface (e.g. a bridge and its
+
slaves) is described as a unit, and <code>netcf</code> takes care of
+
translating that description into the appropriate <code>ifcfg-*</code>
+
files. To guarantee the happy coexistence of <code>netcf</code> with other
+
network configuration utilities, including <code>vi</code>,
+
<code>netcf</code> is bidirectional: it modifies <code>ifcfg-*</code> files
+
based on a <code>netcf</code> interface description, but also reads
+
<code>ifcfg-*</code> files to generate such a description. It is therefore
+
possible to use <code>netcf</code> side-by-side with any other method of
+
changing network configuration, and many of the pitfalls of earlier
+
attempts to do this, e.g., the Xen networking scripts, are avoided.
+
 
+
It is planned to switch NetworkManager to <code>netcf</code> as the backend
+
for system-wide network configuration in a future release; while it's not part of this feature,
+
it will further unify the user experience around network configuration. In
+
the same vein, it is planned to expose network configuration functionality
+
in a future release of [http://virt-manager.et.redhat.com/ virt-manager]
+
 
+
 
+
=== Bluetooth Service On Demand ===
+
 
+
In order to support bluetooth devices, bluetooth background service was started by default in previous versions of Fedora. In this release, bluetooth service is started on demand when needed and automatically stops 30 seconds after last device use instead reducing initial startup time and resources.
+
 
+
 
+
=== NFS V4 Default ===
+
 
+
The latest version of the NFS protocol is version 4, which was first introduced in Fedora F-2 (the first distro to have such support). The current default NFS version is version 3. Meaning when an simple NFS mount is done (i.e. mount server:/export /mnt) version 3 is the first protocol version that is tried.
+
 
+
In Fedora 12, version 4 is tried first. If the server does not support version 4, the mount would then try version 3.
+
 
+
  
 +
For more information, read http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames .
  
 
[[Category:Docs Project]]
 
[[Category:Docs Project]]
 
[[Category:Draft documentation]]
 
[[Category:Draft documentation]]
 +
[[Category:Documentation beats]]

Revision as of 20:08, 15 April 2013

DocsProject Header docTeam1.png
Note.png
Beat is open
This beat is now ready to have Fedora 21 content added by the beat writer

Contents

federated VOIP

Improved Mobile Broadband Support

Fedora 19 includes a new, more capable version of ModemManager for interacting with mobile broadband devices. This version provides better support for multi-mode devices like Qualcomm Gobi WWAN cards and other devices that support both CDMA/EVDO/LTE and/or GSM/UMTS/LTE simultaneously. To provide this support, the D-Bus API of ModemManager has changed, which may require updates in applications that interact with ModemManager to control WWAN devices.

Many devices will connect and authenticate using the NetworkManager GUI. `nm-cli` has added features to configure mobile connections. For more detailed usage information, consult http://fedoraproject.org/wiki/Features/MoreMobileBroadband .

firewalld

locking the firewall

Dynamic firewall configuration by application can now be locked down completely, or limited to a whitelist. The whitelist can contain commands, users, UIDs, and selinux contexts.

To lock down the firewall, set `Lockdown=yes` in `/etc/firewalld/firewalld.conf`

Whitelist definitions are kept in `/etc/firewalld/lockdown-whitelist.xml`. This example whitelist allows `firewall-cmd` to configure the firewall:

<whitelist>
<command name="/usr/bin/python /usr/bin/firewall-cmd"
</whitelist>

The firewall must be reloaded to refresh the whitelist:

firewall-cmd --reload

configuring the firewall

Configuring firewalld is now possible using high level, human readable language. firewalld's XML rule definitions make advanced configuration easy. For more information, read the feature page at http://fedoraproject.org/wiki/Features/FirewalldRichLanguage .

BIND10

The latest versions of the popular nameserver `bind` and dhcp server `dhcpd` server are now available for Fedora. The BIND10 suite features include a RESTful configuration API and sqlite database backend for `named` and SQL backend for `dhcpd`.

For more information, consult the `bind10` manual at http://bind10.isc.org/docs/bind10-guide.html .

stable network interface naming

The udevd service has a long history of providing predictable names for block devices and others. Fedora will now also use udev naming for network interfaces by default, providing more reliable interface names on systems with multiple network devices. Alternative naming schemes, such as custom udev rules or biosdevname, will override this default. Users upgrading from previous releases may need to update the device names referenced in `/etc/system/network-scripts`, although in most cases `biosdevname` will continue to manage naming.

For more information, read http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames .