Network Configuration and Troubleshooting
This page covers host networking on Linux: interfaces, addresses, routes, DNS resolution, listening sockets, and basic reachability probes. It pairs with Packet capture and System calls.
Interfaces and Addresses
Section titled “Interfaces and Addresses”ip link showip addr showip -br addrUP/DOWN, MTU, and L2 state (carrier) explain “cable unplugged” or veth issues in Docker/Kubernetes nodes.
Routing
Section titled “Routing”ip route showip route get 203.0.113.1- Default gateway — Missing or wrong → no off-subnet reachability.
- Policy routing —
ip rule listfor multi-homing or VRF-style setups. - Asymmetric routing — Return path differs from outbound; TCP can break with stateful firewalls on only one path.
Correlate with cloud VPC route tables in AWS Networking.
DNS Client
Section titled “DNS Client”/etc/resolv.conf— nameserver and search domains (often managed by systemd-resolved, NetworkManager, or cloud-init).resolvectl status(systemd-resolved) — See which stub and upstream resolvers are used.- VPC — Many EC2 instances use the AmazonProvidedDNS address at the VPC base + 2.
Misconfiguration shows up as works with IP but fails with hostname.
Listening Sockets
Section titled “Listening Sockets”ss -tlnp # TCP listening, numeric, processesss -ulnp # UDPss -tp state establishedIf the app should listen but ss shows nothing, check bind address (127.0.0.1 vs 0.0.0.0), namespace (container vs host), and permissions.
Ping, Traceroute, mtr
Section titled “Ping, Traceroute, mtr”ping -c 3 203.0.113.1traceroute 203.0.113.1mtr -rwzbc 100 203.0.113.1ICMP may be blocked while TCP:443 works — a failed ping is not proof the host is down. Use curl, nc, or tcpdump for TCP/UDP path checks.
Firewalls (Overview)
Section titled “Firewalls (Overview)”| Stack | Notes |
|---|---|
| nftables | Modern default on many distros; iptables-nft bridge. |
| iptables | Legacy chains INPUT/FORWARD/OUTPUT. |
| firewalld | Zone-based; wraps nftables/iptables. |
| ufw | Simple frontend on Ubuntu. |
Cloud security groups still apply outside the instance — debug both host firewall and SG.
ip link show eth0ping -M do -s 1472 -c 1 203.0.113.1 # DF ping to probe PMTU ideasVPN and overlay networks often need lower MTU or MSS clamping. Symptoms: small requests work, large transfers hang.
Bonding and Teams (Brief)
Section titled “Bonding and Teams (Brief)”bond / team interfaces aggregate links for redundancy or throughput. ip link shows master / slave relationships. Cloud VMs often use single ENI; bonding appears more on bare metal.
Containers
Section titled “Containers”- Host — Check bridge / veth with
ip linkand iptables/nft FORWARD rules. - Namespace —
nsenter -n -t <pid>or run tools inside the pod network namespace for accuratess/ip.
Related
Section titled “Related”- Packet capture — tcpdump / Wireshark.
- System calls —
connect,bind, errno. - Network troubleshooting flow — End-to-end ordering.
- Docker networking — Bridge and port publish.