Admin: ch05: fill in more networking stuff

1 files changed, 82 insertions, 4 deletions

diff --git a/src/admin/5_networking.xml b/src/admin/5_networking.xml
index a658ffb..8419fac 100644
--- a/src/admin/5_networking.xml
+++ b/src/admin/5_networking.xml
@@ -20,13 +20,26 @@
     <section>
         <title>Wired connections</title>
         <para>For the purposes of this handbook, a <firstterm>wired connection</firstterm> is a connection to a network that utilises Ethernet.  While the Adélie Linux system supports ATM, CAN bus, IEEE 1394, and Token Ring networking, these connection types are exceedingly rare and out of the scope of this handbook.</para>
-        <section>
+        <section id="how2dhcp">
             <title>Dynamic addressing</title>
-            <para></para>
+            <para>To explicitly configure an interface to use dynamic addressing via DHCP, set <varname>config_<replaceable>IFACE</replaceable></varname>=<literal>"dhcp"</literal>, where <replaceable>IFACE</replaceable> is the interface you wish to use dynamic addressing.</para>
         </section>
-        <section>
+        <section id="how2static">
             <title>Static addressing</title>
             <para></para>
+            <section id="how2dns">
+                <title>Configuring DNS resolution</title>
+                <para>When you use static addressing, you additionally need to configure DNS resolution.  To do this, you must add one or more <firstterm>nameserver</firstterm>s (DNS resolution systems) in <filename>/etc/resolv.conf</filename>.  (Note that there is no 'e' at the end of <filename>resolv.conf</filename>.)  Adding more than one server will allow your system to have a fallback if one nameserver is down or not responding.</para>
+                <para>There are a few nameservers on the Internet that respect user privacy, including <ulink url="https://labs.ripe.net/Members/stephane_bortzmeyer/quad9-a-public-dns-resolver-with-security">Quad9</ulink> and <ulink url="https://dns.watch/">DNS.WATCH</ulink>.  In this example, we will configure our system to use Quad9 over IPv6, with Quad9 and DNS.WATCH over IPv4 as fallbacks:</para>
+                <example>
+                    <title><filename>/etc/resolv.conf</filename> file using Quad9 and DNS.WATCH</title>
+<programlisting>
+nameserver 2620:fe::fe
+nameserver 9.9.9.9
+nameserver 84.200.69.80
+</programlisting>
+                </example>
+            </section>
         </section>
     </section>
     <section>
@@ -66,7 +79,47 @@
         </section>
         <section>
             <title>Sharing a host network with guests</title>
-            <para></para>
+            <para>The Adélie Linux system can be configured to provide bridged networking to a QEMU virtual machine or KVM guest using TAP networking.  You will need the <package>iproute2</package> package installed.</para>
+            <para>First, we will need to add a <firstterm>bridge</firstterm> to netifrc.  A bridge allows multiple network adaptors to combine multiple network segments into a single aggregate.  For our purposes, we will be combining the physical network adaptor on the host with the virtual network adaptors on each guest.  The bridge will have your physical network adaptor as its first member.  This way, no network reconfiguration will be required when you start or stop virtual machines.  You will need to move the configuration for your physical network adaptor to the bridge, so that all members of the bridge may share that connection.  In the following example, the interface <literal>eth0</literal> is the physical adaptor and the bridge is set to use a static IPv6 address, which will then be used by the physical adaptor as well.</para>
+            <example>
+                <title>Configuring <filename>/etc/conf.d/net</filename> to use bridged networking</title>
+<programlisting>
+config_eth0="null"
+
+bridge_br0="eth0"
+config_br0="2001:db8::2/32"
+routes_br0="default via 2001:db8::1"
+</programlisting>
+            </example>
+            <para>Note that the physical adaptor must still be specified with a <literal>"null"</literal> configuration.  This ensures that the link will still be activated and network traffic will still flow.  If you are using DHCP, you may simply use <code>config_br0="dhcp"</code>.</para>
+            <para>You will then need to replace your <literal>net.<replaceable>IFACE</replaceable></literal> file with a <literal>net.br0</literal> file in <filename class="directory">/etc/init.d</filename>.  For example:</para>
+            <example>
+                <title>Replacing a physical adaptor with bridged adaptor in OpenRC</title>
+<screen>
+computer ~ # rc-update del net.eth0
+computer ~ # service net.eth0 stop
+computer ~ # mv /etc/init.d/net.eth0 /etc/init.d/net.br0
+computer ~ # rc-update add net.br0 default
+computer ~ # service net.br0 start
+</screen>
+            </example>
+            <warning><title>Warning</title><para>You will momentarily lose network connectivity after stopping net.<replaceable>IFACE</replaceable>.  Do not perform these steps while connected to the machine over the network.</para></warning>
+            <para>Now we need to create scripts for QEMU (or KVM) to use.  The <filename>/etc/qemu-ifup</filename> script should be created as follows:</para>
+<programlisting language="shell">
+#!/bin/sh
+ip tuntap add mode tap name $1
+ip link set dev $1 master br0
+ifconfig $1 up
+</programlisting>
+            <para>The <filename>/etc/qemu-ifdown</filename> script should be created as follows:</para>
+<programlisting language="shell">
+#!/bin/sh
+ifconfig $1 down
+ip tuntap del name $1
+</programlisting>
+            <para>You may now start your QEMU or KVM virtual machines with network access by adding <literal>-net tap</literal> to the command line.  Note that if you have more than one guest that needs network access, you will need to set a custom MAC address for each NIC.  Otherwise there will be MAC collisions and networking may not work correctly.  For example:</para>
+            <informalexample><para><code>qemu-system-ppc64 -accel kvm -m 768 -drive file=/dev/gwyn/testvm,format=raw -net nic,model=virtio,macaddr=02:00:00:00:00:01 -net tap -machine pseries-2.12</code></para></informalexample>
+            <para>This will start a machine with network access and a MAC address of <literal>02:00:00:00:00:01</literal>.</para>
         </section>
     </section>
     <section>
@@ -89,5 +142,30 @@
             <title>Advanced: 802.1X authentication</title>
             <para></para>
         </section>
+        <section>
+            <title>Advanced: Customising dynamic addressing</title>
+            <para>You may use the <varname>dhcp_<replaceable>IFACE</replaceable></varname> variable to control how DHCP is used.  Valid options include:</para>
+            <table>
+                <title><varname>dhcp_<replaceable>IFACE</replaceable></varname> options</title>
+                <tgroup cols="2" align="left" colsep="1" rowsep="1">
+                <thead>
+                    <row>
+                        <entry>Option</entry>
+                        <entry>Meaning</entry>
+                    </row>
+                </thead>
+                <tbody>
+                    <row>
+                        <entry><code>nodns</code></entry>
+                        <entry>Setting this option will cause the <filename>/etc/resolv.conf</filename> to remain unmodified.  This allows for static DNS and nameserver configuration even with dynamic addressing.</entry>
+                    </row>
+                    <row>
+                        <entry><code>nontp</code></entry>
+                        <entry>Setting this option will cause the <filename>/etc/ntp.conf</filename> to remain unmodified, even if the DHCP server sends NTP configuration information.</entry>
+                    </row>
+                </tbody>
+                </tgroup>
+            </table>
+        </section>
     </section>
 </chapter>