All Products
Search

This Product

    :Methods and impacts of switching the network service for instances that run Alibaba Cloud Linux 2

    Document Center

    :Methods and impacts of switching the network service for instances that run Alibaba Cloud Linux 2

    Last Updated:Jul 26, 2021

    Overview

    This topic describes the impacts of using the traditional network-scripts network service and the systemd-networkd network service and the methods of changing the relevant configurations of instances that run Alibaba Cloud Linux 2.

    Background information

    Take note of the following items:

    • Before you perform high-risk operations such as modifying instance configurations or data, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
    • You can modify the configurations and data of instances including Elastic Compute Service (ECS) and ApsaraDB RDS instances. We recommend that you create snapshots or enable RDS log backup before you modify instance configurations or data.
    • If you have authorized or submitted sensitive information such as the logon account and password in Alibaba Cloud Management console, we recommend that you modify the information in a timely manner.

    The network service used by Alibaba Cloud Linux 2 instances

    By default, the network service of instances that use Alibaba Cloud Linux 2 images of the following versions is switched from systemd-networkd to network-scripts to suit your configuration habits and improve compatibility. The existing instances that run Alibaba Cloud Linux 2 use the systemd-networkd network configuration mode because the network service of these existing instances cannot be automatically switched. For more information about how to switch the network service of existing instances that run Alibaba Cloud Linux 2 to the network-scripts network service, see the "Method of switching the network service from systemd-networkd to network-scripts" section of this topic.

    • Base image: aliyun_2_1903_x64_20G_alibase_20210208.vhd
    • AMD-compatible image: aliyun_2_1903_x64_20G_uefi_alibase_20210218.vhd
    • Local image: aliyun_2_1903_x64_20G_nocloud_alibase_20210218.vhd
    • Trusted image: aliyun_2_1903_x64_20G_secured_alibase_20210218.vhd
    • Quick Start image: aliyun_2_1903_x64_20G_qboot_alibase_20210218.vhd
    • Level 3 of MLPS 2.0 image: aliyun_2_1903_x64_20G_dengbao_alibase_20210218.vhd

    Method of switching the network service from systemd-networkd to network-scripts

    Impacts of switching the network service

    • Impact on existing instances
      If you purchase new instances, the network configuration mode of the existing instances is different from that of new instances. We recommend that you switch the network service of existing instances from systemd-networkd to network-scripts.
    • Impact on the startup speed
      • Instances that have the traditional network-scripts network service configured use Shell scripts to configure network. This reduces executing efficiency. If no special configurations are applied to the network interface controllers (NICs) of these instances, these instances take 2 to 4 seconds longer to start than instances that have the systemd-networkd network service configured during the instance startup process from instance creation to instance logon by using SSH.
      • If you cannot accept a lower startup and can accept the network configuration mode that is incompatible with network-scripts, you can go to the "Method of switching the network service from network-scripts to systemd-networkd" section of this topic to switch the network service to systemd-networkd. For more information about issues related to systemd-networkd, see the "Common issues and solutions of systemd-networkd" section of this topic.
    • Impact on the path of the network configuration file
      Before the network service is switched, the original path is /etc/systemd/network. If you want to switch the network service to network-scripts, you must switch back to the traditional /etc/sysconfig/network-scripts/ path. For more information about configuration item differences between the two configuration files, see the "Configuration item differences between network-scripts and systemd-networkd" section of this topic.
    • Impact on the restart command of the network service
      • For instances that have systemd-networkd configured, run the following command to restart the network service:
        sudo systemctl restart systemd-networkd
      • For instances that have network-scripts configured, run the following command to restart the network service:
        sudo systemctl restart network

    Switch the network service of existing instances to network-scripts

    Before you perform the following operations, make sure that you understand the impacts of switching the network service.

    Note: The following operations involve network configurations. Accidental operations may cause network disconnections. To avoid the data security and network risks caused by accidental operations, create a snapshot for the system disk of the Linux instance. For more information about how to create a snapshot, see Create a snapshot for a disk.

    1. Run the following commands to complete the configuration based on whether the original resolv.conf configuration file is retained.
      • If the original resolv.conf configuration file is retained, perform the following operations:
        1. Run the following command to back up the resolv.conf symbolic link file: 
          mv /etc/resolv.conf /etc/resolv.conf.bak
        2. Run the following command to write the content of the backup file to the new resolv.conf configuration file: 
          cat /etc/resolv.conf.bak > /etc/resolv.conf
        3. Run the following command to lock the resolv.conf configuration file to protect the resolv.conf configuration file: 
          chattr +i /etc/resolv.conf
      • If the original resolv.conf configuration file is not retained, perform the following operations to delete the original resolv.conf configuration file: 
        rm /etc/resolv.conf
        Note:
    2. Run the following commands in sequence to switch the network service: 
      systemctl enable network
      systemctl disable systemd-networkd
      systemctl disable systemd-resolved
    3. Run the following command to restart the instance: 
      reboot
    4. Run the following command to check whether the network service of the instance is switched to network-scripts:
      systemctl status network

    Method of switching the network service from network-scripts to systemd-networkd

    If you want a faster startup and specify the known issues and risks of the sytemd-networkd network service, you can perform the following operations to switch the network service from network-scripts to systemd-networkd.

    Note: The following operations involve network configurations. Accidental operations may cause network disconnections. To avoid the data security and network risks caused by accidental operations, create a snapshot for the system disk of the Linux instance. For more information about how to create a snapshot, see Create a snapshot for a disk.

    1. Run the following commands to complete the configuration based on whether the original resolv.conf configuration file is retained.
      • If the original resolv.conf configuration file is retained, perform the following operations:
        1. Run the following command to back up the resolv.conf symbolic link file: 
          cp /etc/resolv.conf /etc/resolv.conf.bak
        2. Run the following command to lock the resolv.conf configuration file to protect the resolv.conf configuration file: 
          chattr +i /etc/resolv.conf
      • If the original resolv.conf configuration file is not retained, perform the following operations:
        1. Run the following command to delete the original resolv.conf configuration file: 
          rm /etc/resolv.conf
        2. Run the following command to generate the symbolic link of the resolv.conf configuration file:
          ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
    2. Run the following command to confirm that the network interface configuration file exists and is valid:
      cat /etc/systemd/network/10-eth0.network
      A command output similar to the following one is returned:
      [Match]
      Name=eth0

      [Network]
      DHCP=yes

      [DHCP]
      UseDNS=yes
    3. Run the commands in sequence to switch the network service: 
      systemctl disable network.service
      systemctl enable systemd-networkd
      systemctl enable systemd-resolved
    4. Run the following command to restart the instance: 
      reboot
    5. Run the following command to confirm that the systemd-networkd network service is started:
      systemctl status systemd-networkd

    Common issues and solutions of systemd-networkd

    The following section describes common issues and solutions of using the systemd-networkd network service. You can choose the corresponding solution based on your issue.

    Default route configurations for multiple NICs

    Description Solution

    If the following network configurations are used in the [Match] section in the /etc/systemd/network/XX-ethN.network configuration file, systemd-networkd automatically configures default routes to all NICs, which overwrites designated route configurations and results in network disconnections.

    [Match]
    Name=eth*

    [Network]
    DHCP=yes

    [DHCP]
    UseDNS=yes
    		 For more information, see the "Configure ENIs for instances that run Alibaba Cloud Linux 2" section of the Configure ENIs topic. Separately configure each NIC based on your needs to avoid automatically configuring default routes on designated NICs.

    UDP port 5355 occupied by systemd-resolved

    Description Solution

    By default, systemd-resolved enables the Domain Name System (DNS) service to listen to and occupy port 5355.

    If you want to close port 5355, replace LLMNR=yes with LLMNR=no in the /etc/systemd/resolved.conf configuration file.

    [Resolve]
    #DNS=
    #FallbackDNS=XXXXX
    LLMNR=yes

    Note:

    • If the LLMNR=yes line is commented out, delete the number sign (#) in front of the line.
    • If the configuration file does not contain the LLMNR=yes line, add the LLMNR=yes line in the [Resolve] section.

    Intermittent timeout of DNS domain name resolution

    Description Cause Solution
    • When intermittent timeout of DNS domain name resolution occurs on instances that run Alibaba Cloud Linux 2 or CentOS, the Name or service not known message appears. This is a known issue, and the solution is provided. For more information, see the "How do I handle a CentOS DNS resolution timeout" section of the Image FAQ topic.
    • If you add the options timeout:2 attempts:3 rotate single-request-reopen Alibaba Cloud options configuration in the etc/resolv.conf file, the configuration cannot be persistent on the Alibaba Cloud Linux 2 instances that have systemd-resolved configured. After you restart the instance or the systemd-resolved network service, the configuration is invalid.

     
    • The systemd-resolved network management tool depends on systemd-resolved to manage DNS domain name resolution configuration. However, systemd-resolved cannot automatically configure the preceding options parameter. You can only manually configure it in the /etc/resolv.conf file.
    • The /etc/resolv.conf file is the symbolic link file of the /run/systemd/resolve/resolv.conf file by default. The /etc/resolv.conf file cannot be locked by the chattr +i command. If you restart the instance or network service, the information written to the /etc/resolv.conf file is lost.

     

     

     

     

    IP forwarding configuration failure

    Description Cause Solution

    The default network forwarding configuration of sysconfig is default.forwarding==1. However, the forwarding parameter of new NICs is automatically set to 0, which causes IP forwarding failures of new NICs.

    The systemd-networkd configuration do not contain IPForward=no, which causes the normal initialization forwarding=$default of inetdev_init is set to forwarding=0.

    You can perform the following operations to add a new IP forwarding configuration and enable the forwarding feature:

    1. Add the IPForward=yes line in the [Network] section in the /etc/systemd/network/10-eth0.network configuration file, as shown in the following section: 
      [Match]
Name=eth0

[Network]
DHCP=yes
IPForward=yes

[DHCP]
UseDNS=yes
    2. Run the following command to restart systemd-networkd: 
      systemctl restart systemd-networkd

    Configuration item differences between network-scripts and systemd-networkd

    Configuration item

    network-scripts

    systemd-networkd

    Note

    IP

    Configuration file: /etc/sysconfig/network-scripts/ifcfg-eth0

    DEVICE=eth0 #Custom name of the NIC
    BOOTPROTO=dhcp #Method to obtain IP addresses:
        static: static IP addresses 
    ·    dhcp: Dynamic Host Configuration Protocol (DHCP) 
    ·    bootp: Bootstrap Protocol (BOOTP) 
    ONBOOT=yes #whether to activate the instance on system startup

    Configuration file: /etc/systemd/network/10-eth0.network

    [Match]
    ·    Name=eth0
    [Network]
    ·    DHCP=yes
    [DHCP]
    ·    UseDNS=yes
    • For instances that have network-scripts configured, the network configuration service is enabled, and the default configuration files are automatically generated.
    • For instances that have systemd-networkd configured, you must manually add the default configuration files.

    Gateway

    Configuration file: /etc/sysconfig/network

    NETWORKING=yes
    HOSTNAME=xxx
    GATEWAY=192.168.X.X

    Configuration file: /etc/systemd/network/10-eth0.network

    [Network]
    ·    Gateway=192.168.X.X
    ·    DNS=

    		 N/A

    DNS

    Configuration file: /etc/resolv.conf

    nameserver

    Configuration file: /etc/resolv.conf

    Note: The file is the symbolic link that points to /run/systemd/resolve/resolv.conf file. For more information, see the "Intermittent timeout of DNS domain name resolution" section of this topic.

    nameserver

    For more information about how to modify DNS, see How do I use the /etc/resolv.conf file to customize DNS configuration on an Alibaba Cloud Linux 2 instance.

    Applicable scope

    • ECS