Debating ifupdown replacements for Debian trixie
Debian does not have an official way to configure networking. Instead, it has four recommended ways to configure networking, one of which is the venerable ifupdown, which has been part of Debian since the turn of the century and is showing its age. A conversation about its maintainability and possible replacement with ifupdown‑ng has led to discussions about the default network-management tools for Debian "trixie" (Debian 13, which is expected in 2025) and beyond. No route to consensus has been found, yet.
Time to retire ifupdown?
The classic ifupdown is a set of custom scripts for configuring networking in Debian that became a project in its own right after the Debian "potato" release in 2000. Debian now has not one, but several implementations of ifupdown. In addition to ifupdown-ng, there is ifupdown2, which is an implementation in Python with a largely closed development model involving a private repository where changes are later pushed into a public repository. BusyBox has its own ifupdown implementation as well.
The network-tool debate had its genesis in an off-list discussion
that included Martin-Éric Racine and Santiago Ruano Rincón, who is the current
maintainer of ifupdown. Racine explained
that the private discussion had been about "the plethora of unresolved issues with
ifupdown and Santiago's limited time to devote to its
maintenance
". Racine said that Ruano Rincón had
asked if he would be interested in maintaining ifupdown, and then had
questioned the need for multiple implementations of it. The conclusion
was that one implementation of ifupdown, maintained by a team, would
be better than many implementations.
Racine had sent the conclusion to Daniel Gröber, one of the
maintainers of ifupdown-ng. He forwarded
snippets of the off-list conversation to debian-devel on July 7, saying that
"I don't think we should be having this/these discussions in
private
". In the email, Gröber asked Ruano Rincón
about the future maintenance of ifupdown and replacing it
with ifupdown‑ng; he made the case that ifupdown-ng had a
better core design, modern code, an active upstream, and a test suite.
Overall, he said, ifupdown-ng has "the potential to fully replace
ifupdown without breaking anyone's system doing it
". He
acknowledged that it was not fully compatible but he was working
on it and was optimistic it could be.
Ruano Rincón replied that he had hit design issues with ifupdown and that it would make sense to focus efforts on ifupdown‑ng as a replacement, but only once it was a drop-in replacement for ifupdown, and it is not there yet. He ruled out ifupdown2 as the replacement due to its Python dependencies, lack of upstream community, and failure to support basics like DHCP for IPv6. He also asked for guidance on an unresolved discussion that began in June 2023 about changing the recommended DHCP client from ISC DHCP (which is no longer being developed) to dhcpcd.
On July 9, Racine followed
up to say that he had looked at ifupdown-ng and that its syntax
was not a drop-in replacement for ifupdown. Marco d'Itri agreed:
"either it's drop-in compatible or we may as well switch the
default to NM [NetworkManager] and/or systemd‑networkd
".
Popping open Pandora's box
After the topic of replacing ifupdown had been broached by d'Itri,
Matthias Urlichs said:
"Well, here's a heretical thought: why don't we do that anyway, at
least for new installations?
" That sparked a lively discussion
about the idea. Simon McVittie noted
that Debian was already there to an extent. New laptop and desktop
installs default to NetworkManager, and he argued that
systemd‑networkd would be a better choice for server and embedded
installations. The need for Debian to have its own network tools had
passed, he said, "and we now have non‑distro‑specific network
management components that can do just as good a job (if not
better)
". Even better, systemd‑networkd and NetworkManager were used
"outside the Debian bubble
", and that meant many more people
were responsible for their maintenance.
A switch to NetworkManager or systemd‑networkd, Michael Biebl pointed
out, would require modifying the Debian installer. Lukas Märdian made
a pitch for adopting Netplan, a project sponsored by
Canonical for generating network configurations for multiple tools,
such as systemd‑networkd or NetworkManager, from a YAML description of the network
interfaces. He said support for Netplan was "pretty close
" to being
merged into the Debian installer: "Netplan should be considered a
unification layer on top of those networking daemons, which allows
Debian as a project to use common language around networking.
"
Simon Richter complained
that systemd's roadmap was unclear and that support for features they
depend on "could be discontinued at any moment, and it would not be
the first time a feature Debian relied on was removed
". Debian is
a volunteer project that cannot afford to be in
"perpetual firefighting mode
". He asked if it would be possible
to put in place a process to deal with breaking changes, and suggested that
"a long-term support commitment from upstream
" would
significantly reduce the effort needed to plan for those changes.
What's wrong with ifupdown?
Gröber later asked
for specifics on problems with ifupdown's design or maintenance. Ruano Rincón pointed to
design problems with ifupdown such as the one described in this
bug report. The ifupdown utility refuses to configure IPv4 on an
interface if there is a configuration error for IPv6. That did
not convince Gröber, who said that he had only seen two technical
arguments against ifupdown and wanted to know what problems ifupdown
causes that require removing "all traces
" of it from a minimal Debian install.
Josh Triplett responded
that there was a simple answer: having multiple network tools
"trying to poke at the same network devices, *or* network tools
working around each other carefully
" should not be the
default. Installers should treat network-management tools as mutually
exclusive, and allow users to install more than one later if the user desired.
What about Netplan?
In early August, Märdian led a birds-of-a-feather (BoF) session
at DebConf 2024 about how
to "improve and homogenize
" the networking landscape in
Debian. He presented three scenarios, found in his slides,
dubbed "Status Quo++
", "Minimized
", and "Universal
", along with
his summary of the work that would still need to be done to make them possible. The
status quo scenario he proposed involved transitioning to ifupdown‑ng,
which would require switching to dhcpcd-base and making ifupdown‑ng
a drop-in replacement for ifupdown. The minimized scenario involved
switching to systemd‑networkd for base and server images, or
NetworkManager for desktop images. That would require work on the
Debian installer, migrating the existing ifupdown configurations,
dropping ifupdown, and enabling autopkgtest
support for those packages.
Finally, the universal scenario would keep ifupdown[-ng] in the
base installation, NetworkManager for desktop installs, and enable
systemd‑networkd on server installs. On top of those, it would add
Netplan as "a common configuration interface across
variants
". Users could fall back to any of the underlying tools
without fussing with Netplan configuration if desired. The only
remaining work for this, according to the slides, would be for
ftpmasters to
raise the priority of the netplan-generator package so that it is
installed by default.
Private to public
During the BoF, Märdian suggested setting a deadline for a decision of "six to eight weeks". He also committed to writing an email to debian-devel that summarized the BoF discussion for those not at DebConf. That did not quite go as planned. Before starting a public discussion on debian-devel, he had privately emailed networking maintainers to gauge their opinions. On August 20, Gröber forwarded parts of Märdian's email to debian-devel before Märdian took the discussion public.
In the email, Märdian had proposed a compromise that would make
systemd-networkd the recommended networking tool for minimal
installations. Either ifupdown, or ifupdown-ng if it could be made
drop-in compatible, would be a fallback and remain available for
existing installations that were upgrading to trixie. Then
ifupdown[-ng] would be dropped in "forky", the release following
trixie. Märdian had added, "I'd like to avoid drama and calling the
CTTE [Debian's technical committee] to make a decision on our behalf,
but rather find a compromise between us networking maintainers.
"
Gröber, reasonably, said that he was not interested in doing the work of getting
ifupdown-ng ready to be the default in trixie if it would be removed
in forky. He also said that the choice of network-configuration tools should be based on the wants of
the majority of Debian users, and not a technical decision among
maintainers. He suggested an informal vote to gauge the preference
of Debian developers and the wider community, and asked the list how
similar decisions had been made in the past. If a vote showed that he
was "alone in wanting Debian to retain [its] identity as
Debian
" he would step aside on the matter.
Märdian followed
up and said that it was fine for his points to be made public, but
he wanted to add the parts that Gröber had dropped from the original
mail. In his reply, he mentioned that he had formed a new Debian networking team
after discussions at the BoF at DebConf that would "bundle resources and help
each other out with critical maintenance & have a common channel for
communications
". However, no further details about that team and
its membership were shared.
He said that the decision about networking tools needed to be made
by developers, "because someone needs to do the work
":
Otherwise, we would be suffering the same way we did with classic ifupdown in the past years, as it's becoming harder and harder to maintain. We need a healthy upstream project and people willing to do the actual maintenance work in Debian.
To decide or not to decide
Gröber replied
that building a community around networking in Debian should happen in
public. "Who knows the publicity might just spawn some (much
needed) new contributors.
" He was "a bit peeved
" that
the Pandora's Box of removing ifupdown had been opened because it
impacted his ability to find people willing to work on preserving
it. It was also wrong to put time pressure on deciding, he said, when
release dates for trixie were not even announced. "Remember: it's done
when it's done. This is a big decision let's do it right.
"
The discussion continued with a number of people chiming in with
support for their favored networking tools. It also featured a fair amount of lobbying
for Netplan by Märdian, though some were
not convinced. For that matter, no consensus or plan of action
was reached—nor even an agreement that one was actually
needed. Thomas Goirand strongly
opposed the idea that it should be decided by a vote, though. "We do
not need another systemd vote
". He recommended involving Debian's
technical committee "if we can't agree reasonably, rather than
yet-another-GR
".
Ruano Rincón came
back to the conversation on September 8, and thanked Märdian for
taking care of the topic. He reiterated his interest in replacing
ifupdown with ifupdown-ng as soon as possible. The choice of a default
network-configuration tool was a secondary question, but he
suggested that Debian would benefit from "moving to something
shared with other distros
". He said that providing users with a
more modern, better-maintained tool was more important than retaining
Debian's identity through its choice of networking tool.
But he was unprepared to give a recommendation about
the right tool to choose. He had not had time to do a thorough review
and comparison of the tools, so he was not ready to give his opinion
on how to move forward yet. "Just please, let's make this the last
thread about the default network stack in future Debian
releases.
"
Thus far, there is no further discussion on the topic and the only consensus seems to be that "classic" ifupdown's days are numbered. Just how numbered, and what will replace it, seem no clearer today than when the discussions began in July. One hopes that the final outcome will be a clear consensus on Debian's default networking configuration tool or tools, as well as who makes that choice in the future.
Posted Sep 12, 2024 19:39 UTC (Thu)
by amarao (guest, #87073)
[Link] (5 responses)
The reason is that it does not track real state of interface, but instead rely on own opinion about the current state.
Every time I try to automate network configuration, the serious one (e.g. bond over two eth, vxlans, some dummy for bgp), I walk on a mine field. Any mistake on config leaves system in undefined state. Every config change can fail, because 'it's already configured'.
Insofarz the least problem were from systemd-networkd, although, it has own quirks.
Posted Sep 12, 2024 20:35 UTC (Thu)
by dw (subscriber, #12017)
[Link] (3 responses)
Compare that to systemd-networkd, where years on, it's still impossible to add a new peer to a Wireguard interface without restarting the whole (highly stateful) component or manually poking at the Wireguard state yourself, defeating the purpose of networkd's existence. I have on bricked boxes on numerous occasions due to the scope of networkd's state, the same is true of most of the fancier daemons.
I still try to use networkd but on a deeply religious level I still despise its design. It falls into the same trap as so much other software that by aiming for 100% coverage it manages to handle relatively common cases extremely poorly.
Posted Sep 12, 2024 20:48 UTC (Thu)
by amarao (guest, #87073)
[Link]
The same for restart. I remember writing some ugly hacks like ifdown eth3 | true, because I wasn't able to make a proper idempotent code to configure interface, which will work the same way for the first time and for reconfigurations.
Nope, sorry. Even systemd small wtfs (like clearing all rules from iproute) much better, because they can be learned and adjusted.
I'm taking as operator for 'cattles', machines I don't really care. Desktop milage for people with special configurations may differ.
Posted Sep 12, 2024 22:02 UTC (Thu)
by intelfx (subscriber, #130118)
[Link]
Sounds like a relatively easy fix. Definitely not something worth despising systemd-networkd for.
Posted Sep 13, 2024 6:00 UTC (Fri)
by Archimedes (subscriber, #125143)
[Link]
Posted Sep 13, 2024 18:00 UTC (Fri)
by rweikusat2 (subscriber, #117920)
[Link]
As documented in the ifup/ifdown manpage, ifupdown uses /etc/network/run/ifstate to record the state (configured or not yet configured) of interfaces managed by it. By default, it will not attempt to configure interface recorded as already configured in this file or deconfigure them if they're not recorded as already configured there. The --force command-line option can be used to override this. And it's obviously also possible to change the file itself in order to reflect the running configuration accurately.
Posted Sep 12, 2024 20:02 UTC (Thu)
by stephanlachnit (subscriber, #151361)
[Link] (26 responses)
Posted Sep 13, 2024 0:38 UTC (Fri)
by jhoblitt (subscriber, #77733)
[Link] (24 responses)
I keep hoping that networkd attracts more dev attention but for the moment, we are stuck with NetworkManager.
Posted Sep 13, 2024 8:00 UTC (Fri)
by bluca (subscriber, #118303)
[Link] (7 responses)
Posted Sep 13, 2024 10:08 UTC (Fri)
by evad (subscriber, #60553)
[Link] (5 responses)
Apparently the d-bus interface is limited to querying information and changing things on timedated and resolved; since the configuration of networkd is via static files (and any changes are reflected only after a networkctl reload and then a reconfigure of an interface) then there is no d-bus interface since it is not possible to dynamically change the configuration.
Posted Sep 13, 2024 10:12 UTC (Fri)
by evad (subscriber, #60553)
[Link] (4 responses)
Posted Sep 13, 2024 11:44 UTC (Fri)
by bluca (subscriber, #118303)
[Link] (3 responses)
Posted Sep 13, 2024 19:56 UTC (Fri)
by WolfWings (subscriber, #56790)
[Link] (2 responses)
Posted Sep 13, 2024 20:49 UTC (Fri)
by jhoblitt (subscriber, #77733)
[Link] (1 responses)
Posted Sep 14, 2024 9:23 UTC (Sat)
by Wol (subscriber, #4433)
[Link]
As far as I'm aware, I only have two vpns to mess with at work - the work one managed by IT, and the works guest one also managed by IT. And as far as I'm aware, the rule is - even with a desktop plugged into an RJ45 - ALL pcs must come in via a vpn. This is part of the "defence in depth all pcs could be compromised" strategy.
The only exceptions that MIGHT be made are the robots. They *might* have a hard-coded MAC-IP mapping but that's over wi-fi so they might not ... (and being embedded, chances are they are trusted not to be compromised).
Cheers,
Posted Sep 13, 2024 10:35 UTC (Fri)
by garyvdm (subscriber, #82325)
[Link]
Posted Sep 13, 2024 10:22 UTC (Fri)
by WolfWings (subscriber, #56790)
[Link] (15 responses)
I'm asking because I've had zero issues relying on iwd + systemd-networkd + systemd-resolved as my sole networking configuration and generally found it much simpler to setup than other network tools on both Debian laptops I have so I'm wondering what use-cases I'm not thinking of?
Posted Sep 13, 2024 12:22 UTC (Fri)
by mathstuf (subscriber, #69389)
[Link] (9 responses)
Posted Sep 13, 2024 22:42 UTC (Fri)
by NYKevin (subscriber, #129325)
[Link] (8 responses)
Somebody ought to write one of those "falsehoods programmers believe" articles for TCP, because this is just reflective of a broader trend of software that thinks it knows better than TCP, and usually does not. Here, I'll even get the ball rolling (remember, all of the following statements are *false* at least some of the time, but for some of these, perhaps not very often):
1. TCP is reliable, so everything I send will be received by the other end.
Explainer for 1-4: https://en.wikipedia.org/wiki/Two_Generals%27_Problem. TL;DR: If the connection breaks while an ACK is outstanding, the sender will have no way of knowing whether the segment was received, and this turns out to be an insoluble problem no matter how much complexity you pile on top of it. You need something resembling Paxos or Raft to get a guarantee like that, and that always requires a minimum of three nodes, so it can't be built on top of a single two-party TCP stream. See RFC 1047 for an SMTP-specific discussion of this problem (which still applies to modern SMTP, since RFC 2821 says that implementations MUST follow 1047's core advice), but note that some variation of this problem applies to literally every two-party TCP service (and for that matter, every UDP or IP service as well), regardless of how it works or what abstractions it introduces. SMTP is only special in that both sides are explicitly required to care about whether the message was received or not, which is marginally unusual for TCP services (compare and contrast: FTP file uploads, HTTP POST and PUT, etc., most of which omit significant discussion of client retry logic in favor of leaving it up to the application or end user).
15 is left as an exercise for the reader (hint: it is primarily of historical interest, but I'm not sure it's possible to entirely rule out modern counterexamples, since we don't know what weird stuff is going on in [any large organization]'s private network).
Posted Sep 14, 2024 12:24 UTC (Sat)
by paulj (subscriber, #341)
[Link] (4 responses)
One thing, unless I've misunderstood, I think you're being a bit /too/ strict and pessimistic about the consensus that is possible for 2 parties to reach over an unreliable (but non-malicious) link. It certainly is possible for 2 parties to reach a shared consensus that some /subset/ of the bytes have been received. I.e., I think your wording of 3 is too strict. There is a set of sent bytes (>= 0) where both sides can be sure that /both know/ those bytes were received, and a set of bytes following that set where they can not know. Your claim applies to the second set, but not the first set (with the caveat the first set may be 0 and remain at 0, but the size of the first set can only increase).
I.e, there /is/ a hard consensus set, and an ambiguous set. Your 3 is more that it is impossible to guarantee the consensus set will > 0, and that the ambiguous set will eventually reach 0. However, both sides can know what the consensus set is (including if it is 0).
It's a subtle difference, but you don't need Paxos for 2 parties to come to an agreement on a set of bytes having been transferred. You can't guarantee they reach a consensus on the success or failure of an attempted transfer (distinct from the ambiguity), but then I'm not sure Paxos/Raft can guarantee it either, at least in the sense of establishing that knowledge in the 2 parties (e.g., the sender may lose messages from the Paxos/Raft consensus protocol too).
Posted Sep 15, 2024 18:37 UTC (Sun)
by NYKevin (subscriber, #129325)
[Link] (3 responses)
Posted Sep 15, 2024 18:37 UTC (Sun)
by NYKevin (subscriber, #129325)
[Link] (2 responses)
Posted Sep 16, 2024 9:44 UTC (Mon)
by paulj (subscriber, #341)
[Link] (1 responses)
That two speakers /can/ establish consensus on the set of "definitely received and we both know it" bytes is quite useful and makes a lot of things possible. There is a set of bytes there-after in a grey zone, where the sender can't tell if they've been received, and the recipient can't know if the sender knows they've been received is an issue, but it's not catastrophic. That the first set can be built and (as the network permits) extended allows for useful and solid primitives to be created on top.
It's not quite as pessimistic as the point in your post above could have been read, perhaps. Distributed systems are still difficult, and it's very easy and very common for authors of them to fail to pay attention to the distinction above (leading to weird fail...), course. ;)
Posted Sep 21, 2024 22:19 UTC (Sat)
by NYKevin (subscriber, #129325)
[Link]
This is true, but I think it is also misleading. Let's use SMTP as an example:
1. You can get to a point where both sides agree that the email has been transmitted from the client to the server.
The purpose of Paxos and Raft is not to accomplish (2). It is to prevent (3).
Posted Sep 14, 2024 13:59 UTC (Sat)
by Wol (subscriber, #4433)
[Link] (1 responses)
Buffer bloat, of course, being a perfect example of routers breaking the congestion mechanism.
Cheers,
Posted Sep 14, 2024 21:06 UTC (Sat)
by josh (subscriber, #17465)
[Link]
Posted Sep 14, 2024 21:11 UTC (Sat)
by Sesse (subscriber, #53779)
[Link]
Posted Sep 13, 2024 12:26 UTC (Fri)
by josh (subscriber, #17465)
[Link] (4 responses)
Posted Sep 13, 2024 14:56 UTC (Fri)
by mussell (subscriber, #170320)
[Link] (3 responses)
Posted Sep 13, 2024 16:47 UTC (Fri)
by WolfWings (subscriber, #56790)
[Link] (2 responses)
iwd replaces outright wpa_supplicant, and exclusively handles the wifi card physical layer for attaching to SSIDs and credentials at that layer. SystemD has no knowledge of this layer of auth.
iwd really is key here for wifi, it's such a vividly better tool for managing wifi access point connections because it's designed to be, versus wpa_supplicant which is primarily a research tool that got drafted into being the AP management tool for Linux.
networkd then matches against what SSID I'm connected to too apply any specific configurations (my 'home' network enabling LLMNR + mDNS which is disabled by default for example), or defaults to 'DHCP + DHCPv6' with name resolution restricted as my fallback 'I guess you're connecting at an airport' settings.
Posted Sep 20, 2024 9:47 UTC (Fri)
by nim-nim (subscriber, #34454)
[Link] (1 responses)
Note that really depends on your hardware, I enabled iwd for a time and then it started triggering kernel panics, so I returned to wpa_supplicant (less cool but tested and supported by my distro).
If I had the time and energy I would have investigated but I didn’t have the time and not interested in making it just for the report to sit unread in an issue tracker somewhere and then get closed automatically after some aggressive automated nagging that I was wasting everyone’s time by not re-checking every day till someone had the time and will to read the report.
Posted Oct 5, 2024 12:03 UTC (Sat)
by mathstuf (subscriber, #69389)
[Link]
Ugh, I hate those bots. I wish they keyed on "did a developer even look at it" before asking the user to do anything about it.
Posted Sep 13, 2024 19:06 UTC (Fri)
by ebee_matteo (subscriber, #165284)
[Link]
Posted Sep 12, 2024 20:30 UTC (Thu)
by shemminger (subscriber, #5739)
[Link] (1 responses)
At this point networkd (Network Manager) is the most complete and broadly supported. The others should just fade away.
Posted Sep 13, 2024 10:36 UTC (Fri)
by garyvdm (subscriber, #82325)
[Link]
Posted Sep 12, 2024 21:09 UTC (Thu)
by ju3Ceemi (subscriber, #102464)
[Link] (8 responses)
Maybe ifupdown-ng is the more modern, better-maintained tool ? Maybe Debian's identity is better.
This strikes me as a looser's point of view, as if "some people do overwise" means that we sucks.
Sadly, the technical qualities of the choices are not considered : only their popularities.
Posted Sep 12, 2024 22:52 UTC (Thu)
by intelfx (subscriber, #130118)
[Link] (5 responses)
Well, it's not.
> Sadly, the technical qualities of the choices are not considered : only their popularities.
Popularity is an important *non-technical* quality, though. A popular tool is more likely to be well-maintained and more likely to be familiar to users. Pointless (== all else being equal) fragmentation carries a significant _negative_ value.
Posted Sep 13, 2024 5:23 UTC (Fri)
by smurf (subscriber, #17840)
[Link] (4 responses)
I'm afraid that this smells like the systemd discussion — except that now, instead of one widely-used replacement, we have two-and-a-half new tools that that come with a superset of ifupdown's features: systemd-networkd, NetworkManager, and netplan. Netplan is nice for learn-once-apply-anywhere configuration and NetworkManager is well-integrated with GUIs, while systemd-networkd integrates much better with the rest of the systemd universe.
The fact that its DBus interface and NM's are 100% incompatible as heck doesn't help either.
-- Matthias Urlichs
Posted Sep 13, 2024 15:37 UTC (Fri)
by intelfx (subscriber, #130118)
[Link] (3 responses)
Well, considering the density of recent articles talking about efforts to attract new blood to Debian, I'd hazard a guess that the first two demographics are _at least_ as important as the last one.
Posted Sep 13, 2024 15:39 UTC (Fri)
by ju3Ceemi (subscriber, #102464)
[Link] (2 responses)
Posted Sep 13, 2024 15:40 UTC (Fri)
by intelfx (subscriber, #130118)
[Link] (1 responses)
Well, clearly some projects are affected more and some are less. Otherwise the present article wouldn't exist.
Posted Sep 16, 2024 12:07 UTC (Mon)
by wtarreau (subscriber, #51152)
[Link]
Posted Sep 13, 2024 19:08 UTC (Fri)
by ebee_matteo (subscriber, #165284)
[Link] (1 responses)
> Maybe ifupdown-ng is the more modern, better-maintained tool ? Maybe Debian's identity is better.
I think the obvious implication that the original writer was making, is that ifupdown-ng is definitely NOT the more modern and better-maintained tool, and upholding Debian's identity is not a reason good enough to keep it alive.
Posted Sep 13, 2024 19:41 UTC (Fri)
by ballombe (subscriber, #9523)
[Link]
Personnally, I will pick whatever system let me configure my laptop as an access point when plugging additional
Posted Sep 13, 2024 10:59 UTC (Fri)
by detiste (subscriber, #96117)
[Link]
But I'm not willing to try soooo hard to sell it.
cron can continue running all those "[ ! -d /run/systemd/system ] || exit 0" until the end of the world...
Posted Sep 13, 2024 21:43 UTC (Fri)
by Hobart (subscriber, #59974)
[Link] (2 responses)
Since the Debian OS can run a Linux, FreeBSD, or HURD kernel, if the system's using Linux, I'd like to see it using the kernel's own, documented, iproute2 tools for configuration.
More practically, the tools need to interact properly with the distro's boot process, and indicate exactly which system interfaces / files they're working with.
I shouldn't need to break out strace to figure out what's happening. I want a userspace whose behaviors are expected - the NetworkManager delivered by Ubuntu and Red Hat's "surprise, we've swapped your DNS resolver!" toolsets heave been less than great to work with.
Posted Sep 14, 2024 5:50 UTC (Sat)
by wsy (subscriber, #121706)
[Link]
Posted Sep 14, 2024 21:07 UTC (Sat)
by jkingweb (subscriber, #113039)
[Link]
https://lists.debian.org/debian-devel/2023/07/msg00176.html
Hurd does remain a concern for such efforts, though.
Posted Sep 19, 2024 12:54 UTC (Thu)
by maniax (subscriber, #4509)
[Link] (4 responses)
network-scripts (ifcfg) is the second best.
All the rest also happen to be non-deterministic in some situations, which might be a problem if you're trying to work around some weird bug that requires interfaces to go in specific order in a bond
At some point you just say "screw this, I'll write a large and idempotent iproute2 script", but most people seem to be scared of those, and it's not trivial to convince customers that they should drop whatever the distro has and they have already configured.
Posted Oct 25, 2024 2:56 UTC (Fri)
by fest3er (guest, #60379)
[Link] (3 responses)
In my experience, the interface doesn't need to bounce. It seems that every time NM periodically wakes up, it 'deletes' everything it did not configure. (WTF!?! I just added those addresses! Where the eff dif they go?!?) It's akin to municipal residents going to the city park, setting up a badminton net and playing a match, only to have the park manager walk by, see the net and supports and remove them in the middle of the match because he did not set them up. (Kind-of foolhardy since the badminton players might start using *him* as the birdie, just as I have to kill NM when I'm using multiple IP addrs on an IF—and then figure out how to handle WiFi myself.)
Posted Oct 25, 2024 4:32 UTC (Fri)
by intelfx (subscriber, #130118)
[Link]
I thought that’s exactly how it worked :-)
Posted Oct 25, 2024 5:41 UTC (Fri)
by zdzichu (subscriber, #17118)
[Link]
NM *may* have some setting to ignore guerilla IP addresses (other tools, like systemd-network, have such settings), but I leave finding it as an excercise for the reader.
Posted Oct 29, 2024 10:42 UTC (Tue)
by taladar (subscriber, #68407)
[Link]
anything but ifupdown
anything but ifupdown
anything but ifupdown
> Compare that to systemd-networkd, where years on, it's still impossible to add a new peer to a Wireguard interface without restarting the whole (highly stateful) component
anything but ifupdown
anything but ifupdown
I don't know how often I had to debug things, where systemd-networkd had an opinion on the state of the network which was not correlated with the real state. (At least systemd-networkd was more reliable then systemd-resolved ...).
Until now (as I can not see into the Future) I removed/exchanged networkd, resolved, and systemd-timesyncd with IMHO better (and older) alternatives.
(The strange thing is that systemd by itself is not perfect but really good, but to many of the other tools in the systemd universe dont keep up with it.)
anything but ifupdown
> The reason is that it does not track real state of interface, but instead rely on own opinion about the
> current state. Every time I try to automate network configuration, the serious one (e.g. bond over two eth,
> vxlans, some dummy for bgp), I walk on a mine field. Any mistake on config leaves system in undefined state.
> Every config change can fail, because 'it's already configured'.
NetworkManager or networkd
NetworkManager or networkd
NetworkManager or networkd
NetworkManager or networkd
NetworkManager or networkd
NetworkManager or networkd
NetworkManager or networkd
NetworkManager or networkd
NetworkManager or networkd
Wol
NetworkManager or networkd
* Ways to provide custom gui login screens, e.g. NetworkManager-openvpn-gnome
* Ways to handle public wifi portals
NetworkManager or networkd
NetworkManager or networkd
NetworkManager or networkd
2. OK, mostly reliable.
3. OK, fine, it's not reliable (in the above sense of the word), but the sender and recipient will always eventually agree on exactly which bytes made it over the transport.
4. It is possible to create a guarantee analogous to (3) by building some message-oriented application-level protocol on top of TCP, such as HTTP or SMTP.
5. There is a such thing as a TCP packet.
6. There is no such thing as a TCP packet.
7. If we fail to connect to a well-known remote host, then we must be offline.
8. Nagle's algorithm is good.
9. Nagle's algorithm is bad.
10. I don't have to care about Nagle's algorithm.
11. This is all low-level pedantry. I can think of TCP like a two-way Unix pipe that goes over the network, and completely ignore how it is implemented.
12. If the network is transparent to TCP, then it must be transparent to IP.
13. If the network is transparent to HTTP/1.1, then it must be transparent to TCP.
14. Weird networks that are not transparent to standard protocols are an aberration. I can safely ignore them.
15. TCP is implemented in terms of IP.
NetworkManager or networkd
NetworkManager or networkd
NetworkManager or networkd
NetworkManager or networkd
NetworkManager or networkd
2. You can also get to a point where both sides agree that the server has assumed responsibility for delivering the email. This is the primary state transition that SMTP is designed to accomplish, so it is important that we can get to this point.
3. You cannot get (2) without first passing through a state where it is ambiguous who is currently responsible for delivering the email (and it is mathematically provable that no extension or modification of SMTP can fix this shortcoming - it is inherent in TCP, and for that matter in IP). If the connection breaks while we are in this state, we either duplicate the email or drop it. SMTP as written specifies that the email is duplicated, but I do not know the extent to which this has been tested on real implementations.
NetworkManager or networkd
Wol
NetworkManager or networkd
NetworkManager or networkd
NetworkManager or networkd
I (probably) have a similar setup. iwd handles authenticating to networks similar to wpa-supplicant, networkd does all other configuration such as assigning IP addresses through DHCP/SLAAC. networkd can match on an (B)SSID to apply settings for specific networks (see systemd.network(5)), I use it to enable mDNS only on my home network and can be used as a lightweight firewalld by using NFTSet to add the wireless interface to a set only on trusted networks. resolved is both a caching DNS resolver and an mDNS resolver. networkd and resolved are tightly coupled (networkd needs to tell resolved about DNS servers from DHCP), but as far as I can tell, iwd has no integration with networkd (or anything from systemd) specifically. iwd will put the wireless interface up after authentication and networkd will know through netlink.
NetworkManager or networkd
NetworkManager or networkd
NetworkManager or networkd
NetworkManager or networkd
NetworkManager or networkd
Too many choices
Too many choices
No technical comparaisons
No technical comparaisons
No technical comparaisons
No technical comparaisons
No technical comparaisons
No technical comparaisons
No technical comparaisons
No technical comparaisons
No technical comparaisons
USB wifi dongles with the less fuss. So far it is ifupdown.
Defaults are hard ...
Any solution that isn't a wrapper posing as a tool
Any solution that isn't a wrapper posing as a tool
Any solution that isn't a wrapper posing as a tool
ifupdown at least follows the principle of least surprise
(One of my pet peeves about NM is that if the interface flaps, it'll remove all IPs that were not added by it on the interface)
ifupdown at least follows the principle of least surprise
ifupdown at least follows the principle of least surprise
ifupdown at least follows the principle of least surprise
ifupdown at least follows the principle of least surprise