Methods and impacts of switching the network service for instances that run Alibaba Cloud Linux 2 -

Overview

This topic describes the impacts of using the traditional network-scripts network service and the systemd-networkd network service and the methods of changing the relevant configurations of instances that run Alibaba Cloud Linux 2.

Background information

Note

Take note of the following items:

Before you perform high-risk operations such as modifying instance configurations or data, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
You can modify the configurations and data of instances including Elastic Compute Service (ECS) and ApsaraDB RDS instances. We recommend that you create snapshots or enable RDS log backup before you modify instance configurations or data.
If you have authorized or submitted sensitive information such as the logon account and password in Alibaba Cloud Management console, we recommend that you modify the information in a timely manner.

The network service used by Alibaba Cloud Linux 2 instances

By default, the network service of instances that use Alibaba Cloud Linux 2 images of the following versions is switched from systemd-networkd to network-scripts to suit your configuration habits and improve compatibility. The existing instances that run Alibaba Cloud Linux 2 use the systemd-networkd network configuration mode because the network service of these existing instances cannot be automatically switched. For more information about how to switch the network service of existing instances that run Alibaba Cloud Linux 2 to the network-scripts network service, see the "Method of switching the network service from systemd-networkd to network-scripts" section of this topic.

Base image: aliyun_2_1903_x64_20G_alibase_20210208.vhd
AMD-compatible image: aliyun_2_1903_x64_20G_uefi_alibase_20210218.vhd
Local image: aliyun_2_1903_x64_20G_nocloud_alibase_20210218.vhd
Trusted image: aliyun_2_1903_x64_20G_secured_alibase_20210218.vhd
Quick Start image: aliyun_2_1903_x64_20G_qboot_alibase_20210218.vhd
Level 3 of MLPS 2.0 image: aliyun_2_1903_x64_20G_dengbao_alibase_20210218.vhd

Method of switching the network service from systemd-networkd to network-scripts

Impacts of switching the network service

Impact on existing instances If you purchase new instances, the network configuration mode of the existing instances is different from that of new instances. We recommend that you switch the network service of existing instances from systemd-networkd to network-scripts.
Impact on the startup speed
- Instances that have the traditional network-scripts network service configured use Shell scripts to configure network. This reduces executing efficiency. If no special configurations are applied to the network interface controllers (NICs) of these instances, these instances take 2 to 4 seconds longer to start than instances that have the systemd-networkd network service configured during the instance startup process from instance creation to instance logon by using SSH.
- If you cannot accept a lower startup and can accept the network configuration mode that is incompatible with network-scripts, you can go to the "Method of switching the network service from network-scripts to systemd-networkd" section of this topic to switch the network service to systemd-networkd. For more information about issues related to systemd-networkd, see the "Common issues and solutions of systemd-networkd" section of this topic.
Impact on the path of the network configuration file Before the network service is switched, the original path is /etc/systemd/network. If you want to switch the network service to network-scripts, you must switch back to the traditional /etc/sysconfig/network-scripts/ path. For more information about configuration item differences between the two configuration files, see the "Configuration item differences between network-scripts and systemd-networkd" section of this topic.
Impact on the restart command of the network service
- For instances that have systemd-networkd configured, run the following command to restart the network service: sudo systemctl restart systemd-networkd
- For instances that have network-scripts configured, run the following command to restart the network service: sudo systemctl restart network

Switch the network service of existing instances to network-scripts

Before you perform the following operations, make sure that you understand the impacts of switching the network service.

Note

Note: The following operations involve network configurations. Accidental operations may cause network disconnections. To avoid the data security and network risks caused by accidental operations, create a snapshot for the system disk of the Linux instance. For more information about how to create a snapshot, see Create a snapshot.

Run the following commands to complete the configuration based on whether the original resolv.conf configuration file is retained.
- If the original resolv.conf configuration file is retained, perform the following operations:
  1. Run the following command to back up the resolv.conf symbolic link file:
```
mv /etc/resolv.conf /etc/resolv.conf.bak
```
  2. Run the following command to write the content of the backup file to the new resolv.conf configuration file:
```
cat /etc/resolv.conf.bak > /etc/resolv.conf
```
  3. Run the following command to lock the resolv.conf configuration file to protect the resolv.conf configuration file:
```
chattr +i /etc/resolv.conf
```
- If the original resolv.conf configuration file is not retained, perform the following operations to delete the original resolv.conf configuration file:
```
rm /etc/resolv.conf
```
  Note
  Note:
  After network.service is enabled, the system automatically generates the new resolv.conf file.
  For more information about systemd-resolved, see systemd-resolved domain name resolution service.

Run the following commands in sequence to switch the network service:

systemctl enable network
systemctl disable systemd-networkd
systemctl disable systemd-resolved

Run the following command to restart the instance:
```
reboot
```
Run the following command to check whether the network service of the instance is switched to network-scripts:
```
systemctl status network
```

Method of switching the network service from network-scripts to systemd-networkd

If you want a faster startup and specify the known issues and risks of the sytemd-networkd network service, you can perform the following operations to switch the network service from network-scripts to systemd-networkd.

Note

Run the following commands to complete the configuration based on whether the original resolv.conf configuration file is retained.
- If the original resolv.conf configuration file is retained, perform the following operations:
  1. Run the following command to back up the resolv.conf symbolic link file:
```
cp /etc/resolv.conf /etc/resolv.conf.bak
```
  2. Run the following command to lock the resolv.conf configuration file to protect the resolv.conf configuration file:
```
chattr +i /etc/resolv.conf
```
- If the original resolv.conf configuration file is not retained, perform the following operations:
  1. Run the following command to delete the original resolv.conf configuration file:
```
rm /etc/resolv.conf
```
  2. Run the following command to generate the symbolic link of the resolv.conf configuration file:
```
ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
```
Run the following command to confirm that the network interface configuration file exists and is valid:
```
cat /etc/systemd/network/10-eth0.network
```
A command output similar to the following one is returned:
```
[Match]
Name=eth0

[Network]
DHCP=yes

[DHCP]
UseDNS=yes
```

Run the commands in sequence to switch the network service:

systemctl disable network.service
systemctl enable systemd-networkd
systemctl enable systemd-resolved

Run the following command to restart the instance:
```
reboot
```
Run the following command to confirm that the systemd-networkd network service is started:
```
systemctl status systemd-networkd
```

Common issues and solutions of systemd-networkd

The following section describes common issues and solutions of using the systemd-networkd network service. You can choose the corresponding solution based on your issue.

Default route configurations for multiple NICs
UDP port 5355 occupied by systemd-resolved
Intermittent timeout of DNS domain name resolution
IP forwarding configuration failure

Default route configurations for multiple NICs

Description

Solution

If the following network configurations are used in the [Match] section in the /etc/systemd/network/XX-ethN.network configuration file, systemd-networkd automatically configures default routes to all NICs, which overwrites designated route configurations and results in network disconnections.

[Match]
Name=eth*

[Network]
DHCP=yes

[DHCP]
UseDNS=yes

For more information, see Configure a secondary ENI. Separately configure each NIC based on your needs to avoid automatically configuring default routes on designated NICs.

UDP port 5355 occupied by systemd-resolved

Description

Solution

By default, systemd-resolved enables the Domain Name System (DNS) service to listen to and occupy port 5355.

If you want to close port 5355, replace LLMNR=yes with LLMNR=no in the /etc/systemd/resolved.conf configuration file.

[Resolve]
#DNS=
#FallbackDNS=XXXXX
LLMNR=yes

Note

Note:

If the LLMNR=yes line is commented out, delete the number sign (#) in front of the line.
If the configuration file does not contain the LLMNR=yes line, add the LLMNR=yes line in the [Resolve] section.

Intermittent timeout of DNS domain name resolution

Description

Cause

Solution

When intermittent timeout of DNS domain name resolution occurs on instances that run Alibaba Cloud Linux 2 or CentOS, the Name or service not known message appears. This is a known issue, and the solution is provided. For more information, see the "How do I handle a CentOS DNS resolution timeout" section of the FAQ about image lifecycle topic.
If you add the options timeout:2 attempts:3 rotate single-request-reopen Alibaba Cloud options configuration in the etc/resolv.conf file, the configuration cannot be persistent on the Alibaba Cloud Linux 2 instances that have systemd-resolved configured. After you restart the instance or the systemd-resolved network service, the configuration is invalid.

The systemd-resolved network management tool depends on systemd-resolved to manage DNS domain name resolution configuration. However, systemd-resolved cannot automatically configure the preceding options parameter. You can only manually configure it in the /etc/resolv.conf file.
The /etc/resolv.conf file is the symbolic link file of the /run/systemd/resolve/resolv.conf file by default. The /etc/resolv.conf file cannot be locked by the chattr +i command. If you restart the instance or network service, the information written to the /etc/resolv.conf file is lost.

If you want to permanently solve the problem, switch the network service to network-scripts. For more information, see the "Method of switching the network service from systemd-networkd to network-scripts" section of this topic,
or see How do I use the /etc/resolv.conf file to customize DNS configuration in an Alibaba Cloud Linux 2 instance to persistently store DNS configuration information.
Note
If you use the method to persistently store DNS configurations, systemd-resolved cannot automatically update the /etc/resolv.conf configuration file. If the DNS configurations need to be updated, manually update the persistent /etc/resolv.conf configuration file.

IP forwarding configuration failure

Description

Cause

Solution

The default network forwarding configuration of sysconfig is default.forwarding==1. However, the forwarding parameter of new NICs is automatically set to 0, which causes IP forwarding failures of new NICs.

The systemd-networkd configuration do not contain IPForward=yes, which causes the normal initialization forwarding=$default of inetdev_init is set to forwarding=0.

You can perform the following operations to add a new IP forwarding configuration and enable the forwarding feature:

Add the IPForward=yes line in the [Network] section in the /etc/systemd/network/10-eth0.network configuration file, as shown in the following section:
```
[Match]
Name=eth0

[Network]
DHCP=yes
IPForward=yes

[DHCP]
UseDNS=yes
```
Run the following command to restart systemd-networkd:
```
systemctl restart systemd-networkd
```

Configuration item differences between network-scripts and systemd-networkd

Configuration item

network-scripts

systemd-networkd

Note

Configuration file: /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0 #Custom name of the NIC
BOOTPROTO=dhcp #Method to obtain IP addresses:
    static: static IP addresses 
·    dhcp: Dynamic Host Configuration Protocol (DHCP) 
·    bootp: Bootstrap Protocol (BOOTP) 
ONBOOT=yes #whether to activate the instance on system startup

Configuration file: /etc/systemd/network/10-eth0.network

[Match]
·    Name=eth0
[Network]
·    DHCP=yes
[DHCP]
·    UseDNS=yes

For instances that have network-scripts configured, the network configuration service is enabled, and the default configuration files are automatically generated.
For instances that have systemd-networkd configured, you must manually add the default configuration files.

Gateway

Configuration file: /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=xxx
GATEWAY=192.168.X.X

Configuration file: /etc/systemd/network/10-eth0.network

[Network]
·    Gateway=192.168.X.X
·    DNS=

N/A

DNS

Configuration file: /etc/resolv.conf

nameserver

Configuration file: /etc/resolv.conf

Note

Note: The file is the symbolic link that points to /run/systemd/resolve/resolv.conf file.

nameserver

For more information about how to modify DNS, see How do I use the /etc/resolv.conf file to customize DNS configuration on an Alibaba Cloud Linux 2 instance.

:Methods and impacts of switching the network service for instances that run Alibaba Cloud Linux 2

Overview

Background information

Applicable scope