+
clickhouse
+
+
pinecone
+
+
notepad++
+
+
babel
f#
sql
composer
unix
+
+
strapi
json
+
smtp
mysql
meteor
+
soap
+
+
+
+
+
+
tcl
+
vercel
<=
+
+
+
nvim
*
keras
+
+
node
flask
+
s3
tcl
r
+
+
unix
spacy
+
java
lua
+
+
webstorm
+
nuxt
+
+
+
+
cobol
mxnet
swift
supabase
+
+
+
+
+
webpack
+
koa
+
+
+
lua
+
+
+
php
+=
Back to Blog
Network Configuration Best Practices on Rocky Linux
Rocky Linux System Administration Networking

Network Configuration Best Practices on Rocky Linux

Published Jul 26, 2025

Master network configuration on Rocky Linux with this comprehensive guide covering NetworkManager, static IPs, VLANs, bonding, IPv6, security best practices, and troubleshooting techniques.

20 min read
0 views
Table of Contents

Proper network configuration is essential for any Rocky Linux system, whether it’s a personal workstation, development server, or production environment. This comprehensive guide covers network configuration best practices, from basic setup to advanced configurations, ensuring your Rocky Linux system has reliable, secure, and optimized network connectivity.

Understanding Rocky Linux Networking

Rocky Linux inherits its networking stack from Red Hat Enterprise Linux, providing enterprise-grade networking capabilities. The system uses NetworkManager as the default network configuration daemon, offering both command-line and graphical tools for network management.

Key Components

  • NetworkManager: The primary network configuration service
  • nmcli: Command-line interface for NetworkManager
  • nmtui: Text-based user interface for NetworkManager
  • systemd-networkd: Alternative networking daemon
  • Network Scripts: Legacy configuration method (deprecated)

Network Configuration Files

Important configuration files and directories:

/etc/NetworkManager/           # NetworkManager configuration
/etc/sysconfig/network-scripts/  # Legacy network scripts
/etc/hosts                     # Static hostname mappings
/etc/resolv.conf              # DNS resolver configuration
/etc/hostname                 # System hostname
/proc/sys/net/                # Kernel network parameters

NetworkManager vs Network Scripts

NetworkManager is the modern, recommended approach for network configuration in Rocky Linux:

Advantages:

  • Dynamic network management
  • Better laptop/mobile device support
  • Integrated VPN support
  • D-Bus API for applications
  • Automatic network detection

Check NetworkManager status:

sudo systemctl status NetworkManager
sudo nmcli general status

Network Scripts (Legacy)

While still supported, network scripts are considered legacy:

# Legacy configuration files
/etc/sysconfig/network-scripts/ifcfg-*

Basic Network Configuration

Using nmcli

The nmcli command provides comprehensive network management:

# Show all connections
nmcli connection show

# Show device status
nmcli device status

# Show detailed device information
nmcli device show

# Show general NetworkManager status
nmcli general status

Basic Connection Management

# List all connections
nmcli con show

# Show specific connection details
nmcli con show "connection-name"

# Activate a connection
nmcli con up "connection-name"

# Deactivate a connection
nmcli con down "connection-name"

# Delete a connection
nmcli con delete "connection-name"

Using nmtui

For a text-based interface:

# Launch NetworkManager TUI
sudo nmtui

# Directly edit connections
sudo nmtui edit

# Activate connections
sudo nmtui connect

Static IP Configuration

Method 1: Using nmcli

Create a new connection with static IP:

# Create new connection with static IP
sudo nmcli con add type ethernet con-name "static-eth0" ifname eth0 \
  ipv4.addresses 192.168.1.100/24 \
  ipv4.gateway 192.168.1.1 \
  ipv4.dns "8.8.8.8,8.8.4.4" \
  ipv4.method manual

# Activate the connection
sudo nmcli con up "static-eth0"

Method 2: Modifying Existing Connection

# Modify existing connection to static IP
sudo nmcli con mod "System eth0" \
  ipv4.addresses 192.168.1.100/24 \
  ipv4.gateway 192.168.1.1 \
  ipv4.dns "8.8.8.8,8.8.4.4" \
  ipv4.method manual

# Apply changes
sudo nmcli con up "System eth0"

Method 3: Using Configuration Files

Edit NetworkManager connection files:

# Create/edit connection file
sudo nano /etc/NetworkManager/system-connections/static-eth0.nmconnection

Example configuration:

[connection]
id=static-eth0
type=ethernet
interface-name=eth0

[ethernet]

[ipv4]
method=manual
addresses=192.168.1.100/24
gateway=192.168.1.1
dns=8.8.8.8;8.8.4.4;

[ipv6]
method=ignore

Apply changes:

sudo chmod 600 /etc/NetworkManager/system-connections/static-eth0.nmconnection
sudo nmcli con reload
sudo nmcli con up static-eth0

Network Bonding and Teaming

Network Bonding

Bonding combines multiple network interfaces for redundancy or increased throughput:

# Create bond master
sudo nmcli con add type bond con-name bond0 ifname bond0 \
  bond.options "mode=active-backup,miimon=100"

# Add slave interfaces
sudo nmcli con add type ethernet con-name bond0-slave1 \
  ifname eth0 master bond0

sudo nmcli con add type ethernet con-name bond0-slave2 \
  ifname eth1 master bond0

# Configure IP for bond
sudo nmcli con mod bond0 \
  ipv4.addresses 192.168.1.100/24 \
  ipv4.gateway 192.168.1.1 \
  ipv4.dns 8.8.8.8 \
  ipv4.method manual

# Activate bond
sudo nmcli con up bond0

Bond Modes

Common bonding modes:

# Mode 0: Round-robin (load balancing)
bond.options "mode=balance-rr"

# Mode 1: Active-backup (failover)
bond.options "mode=active-backup"

# Mode 2: XOR (load balancing)
bond.options "mode=balance-xor"

# Mode 4: 802.3ad (LACP)
bond.options "mode=802.3ad,lacp_rate=fast"

# Mode 6: Adaptive load balancing
bond.options "mode=balance-alb"

Network Teaming (Alternative to Bonding)

Teaming is a newer alternative to bonding:

# Install teamd
sudo dnf install teamd

# Create team interface
sudo nmcli con add type team con-name team0 ifname team0 \
  team.config '{"runner": {"name": "activebackup"}}'

# Add team slaves
sudo nmcli con add type ethernet con-name team0-port1 \
  ifname eth0 master team0

sudo nmcli con add type ethernet con-name team0-port2 \
  ifname eth1 master team0

# Monitor team status
sudo teamdctl team0 state

VLAN Configuration

Creating VLANs

Configure VLAN tagging for network segmentation:

# Create VLAN interface
sudo nmcli con add type vlan con-name vlan10 \
  dev eth0 id 10

# Configure IP for VLAN
sudo nmcli con mod vlan10 \
  ipv4.addresses 192.168.10.100/24 \
  ipv4.method manual

# Activate VLAN
sudo nmcli con up vlan10

Multiple VLANs on Single Interface

# VLAN 10
sudo nmcli con add type vlan con-name vlan10 \
  dev eth0 id 10 \
  ipv4.addresses 192.168.10.100/24 \
  ipv4.method manual

# VLAN 20
sudo nmcli con add type vlan con-name vlan20 \
  dev eth0 id 20 \
  ipv4.addresses 192.168.20.100/24 \
  ipv4.method manual

# Activate both
sudo nmcli con up vlan10
sudo nmcli con up vlan20

IPv6 Configuration

Enable IPv6

# Check IPv6 status
sudo sysctl net.ipv6.conf.all.disable_ipv6

# Enable IPv6 globally
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0

Static IPv6 Configuration

# Add IPv6 address
sudo nmcli con mod "System eth0" \
  ipv6.addresses "2001:db8::100/64" \
  ipv6.gateway "2001:db8::1" \
  ipv6.dns "2001:4860:4860::8888" \
  ipv6.method manual

# Apply changes
sudo nmcli con up "System eth0"

IPv6 Autoconfiguration

# Enable SLAAC (Stateless Address Autoconfiguration)
sudo nmcli con mod "System eth0" \
  ipv6.method auto

# Enable DHCPv6
sudo nmcli con mod "System eth0" \
  ipv6.method dhcp

IPv6 Privacy Extensions

# Enable privacy extensions
sudo nmcli con mod "System eth0" \
  ipv6.ip6-privacy 2

# Values:
# 0 = disabled
# 1 = enabled (prefer public address)
# 2 = enabled (prefer temporary address)

Network Security Best Practices

1. Firewall Configuration

# Enable firewalld
sudo systemctl enable --now firewalld

# Check firewall status
sudo firewall-cmd --state

# List active zones
sudo firewall-cmd --get-active-zones

# Add service to firewall
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

2. Disable Unnecessary Services

# List network services
sudo ss -tulpn

# Disable unnecessary services
sudo systemctl disable --now telnet.socket
sudo systemctl disable --now rsh.socket
sudo systemctl disable --now rlogin.socket

3. Network Parameter Hardening

Create security sysctl configuration:

sudo nano /etc/sysctl.d/99-network-security.conf

Add security parameters:

# IP Spoofing protection
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Ignore ICMP redirects
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0

# Ignore send redirects
net.ipv4.conf.all.send_redirects = 0

# Disable source packet routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0

# Log Martians
net.ipv4.conf.all.log_martians = 1

# Ignore ICMP ping requests
net.ipv4.icmp_echo_ignore_all = 0

# Ignore Directed pings
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable TCP/IP SYN cookies
net.ipv4.tcp_syncookies = 1

# Enable TCP time stamps
net.ipv4.tcp_timestamps = 1

Apply settings:

sudo sysctl -p /etc/sysctl.d/99-network-security.conf

4. SELinux Network Policies

# Check SELinux status
getenforce

# View network-related SELinux booleans
sudo getsebool -a | grep network

# Example: Allow httpd network connections
sudo setsebool -P httpd_can_network_connect on

Performance Optimization

1. Network Buffer Tuning

sudo nano /etc/sysctl.d/99-network-performance.conf

Add performance parameters:

# Increase Linux autotuning TCP buffer limits
net.core.rmem_max = 134217728
net.core.wmem_max = 134217728
net.ipv4.tcp_rmem = 4096 87380 134217728
net.ipv4.tcp_wmem = 4096 65536 134217728

# Increase netdev budget
net.core.netdev_budget = 50000
net.core.netdev_budget_usecs = 5000

# Increase the maximum amount of option memory buffers
net.core.optmem_max = 25165824

# Increase the maximum number of incoming connections
net.core.somaxconn = 65535

# Increase the maximum backlog
net.core.netdev_max_backlog = 50000

Apply settings:

sudo sysctl -p /etc/sysctl.d/99-network-performance.conf

2. NIC Offloading

# Check offload settings
sudo ethtool -k eth0

# Enable offloading features
sudo ethtool -K eth0 tx on rx on
sudo ethtool -K eth0 gso on gro on
sudo ethtool -K eth0 tso on

3. Interrupt Coalescing

# Check current settings
sudo ethtool -c eth0

# Adjust interrupt coalescing
sudo ethtool -C eth0 adaptive-rx on adaptive-tx on

4. CPU Affinity for Network Interrupts

# Show interrupt assignments
cat /proc/interrupts | grep eth0

# Set CPU affinity
echo 2 > /proc/irq/24/smp_affinity_list

Troubleshooting Network Issues

Basic Diagnostic Commands

# Check IP configuration
ip addr show
ip route show

# Test connectivity
ping -c 4 google.com
ping6 -c 4 google.com

# DNS resolution
nslookup google.com
dig google.com
host google.com

# Trace route
traceroute google.com
tracepath google.com

# Show network statistics
ss -tuln
netstat -tuln

# Show network connections
ss -tp

NetworkManager Troubleshooting

# View NetworkManager logs
sudo journalctl -u NetworkManager

# Enable debug logging
sudo nmcli general logging level DEBUG

# Monitor NetworkManager events
sudo nmcli monitor

# Check connection profile
nmcli -f all con show "connection-name"

Common Issues and Solutions

1. Connection Not Working After Reboot

# Ensure connection auto-connects
sudo nmcli con mod "connection-name" connection.autoconnect yes

# Check if NetworkManager is enabled
sudo systemctl enable NetworkManager

2. DNS Resolution Issues

# Check DNS servers
cat /etc/resolv.conf

# Test specific DNS server
dig @8.8.8.8 google.com

# Flush DNS cache
sudo systemctl restart systemd-resolved

3. Network Interface Not Detected

# List all network interfaces
ip link show

# Check if interface is managed by NetworkManager
nmcli device status

# Rescan for devices
sudo nmcli device reapply eth0

4. Slow Network Performance

# Check for errors
ip -s link show eth0

# Test network speed
sudo dnf install iperf3
iperf3 -s  # On server
iperf3 -c server_ip  # On client

# Check MTU settings
ip link show eth0 | grep mtu

# Adjust MTU if needed
sudo nmcli con mod "connection-name" ethernet.mtu 9000

Advanced Configurations

Network Bridges

Create a bridge for virtualization:

# Create bridge
sudo nmcli con add type bridge con-name br0 ifname br0

# Add physical interface to bridge
sudo nmcli con add type ethernet con-name br0-slave \
  ifname eth0 master br0

# Configure bridge IP
sudo nmcli con mod br0 \
  ipv4.addresses 192.168.1.100/24 \
  ipv4.gateway 192.168.1.1 \
  ipv4.dns 8.8.8.8 \
  ipv4.method manual

# Enable STP (Spanning Tree Protocol)
sudo nmcli con mod br0 bridge.stp yes

# Activate bridge
sudo nmcli con up br0

Policy-Based Routing

# Add routing table
echo "200 custom" | sudo tee -a /etc/iproute2/rt_tables

# Add routing rules
sudo ip rule add from 192.168.1.0/24 table custom
sudo ip route add default via 192.168.1.1 dev eth0 table custom

# Make persistent with NetworkManager
sudo nmcli con mod "connection-name" \
  ipv4.routes "192.168.2.0/24 192.168.1.1" \
  ipv4.route-metric 100

WireGuard VPN

# Install WireGuard
sudo dnf install wireguard-tools

# Generate keys
wg genkey | tee privatekey | wg pubkey > publickey

# Create configuration
sudo nano /etc/wireguard/wg0.conf

Example WireGuard configuration:

[Interface]
PrivateKey = <private_key>
Address = 10.0.0.1/24
ListenPort = 51820

[Peer]
PublicKey = <peer_public_key>
AllowedIPs = 10.0.0.2/32
Endpoint = peer.example.com:51820

Start WireGuard:

sudo systemctl enable --now wg-quick@wg0

Network Namespaces

# Create network namespace
sudo ip netns add isolated

# Create veth pair
sudo ip link add veth0 type veth peer name veth1

# Move interface to namespace
sudo ip link set veth1 netns isolated

# Configure interfaces
sudo ip addr add 192.168.100.1/24 dev veth0
sudo ip link set veth0 up

sudo ip netns exec isolated ip addr add 192.168.100.2/24 dev veth1
sudo ip netns exec isolated ip link set veth1 up

Best Practices Summary

  1. Use NetworkManager: It’s the modern, supported method for network configuration
  2. Document Your Configuration: Keep records of network settings and changes
  3. Test Before Production: Always test network changes in a non-production environment
  4. Enable Monitoring: Set up network monitoring to detect issues early
  5. Regular Updates: Keep your system and NetworkManager updated
  6. Security First: Implement firewall rules and network hardening
  7. Backup Configurations: Keep backups of working network configurations
  8. Use Meaningful Names: Give connections descriptive names for easy management
  9. Automate Where Possible: Use scripts for repetitive network tasks
  10. Monitor Performance: Regularly check network performance metrics

Conclusion

Proper network configuration is crucial for Rocky Linux systems. By following these best practices, you can ensure reliable, secure, and high-performance networking. Remember to:

  • Always test changes before applying to production
  • Keep security as a top priority
  • Document your network architecture
  • Monitor network performance and health
  • Stay updated with the latest networking features and security patches

Whether you’re managing a single server or a complex network infrastructure, these practices will help you maintain robust network connectivity on Rocky Linux.