2007-04-10
A limitation of Debian's /etc/network/interfaces control file
Unless I am missing something, in Debian and Ubuntu there is no way to
bring up an interface without having it try to obtain an IP address in
some way. The interfaces(5) manpage suggests that 'auto ethN',
possibly with 'iface ethN inet manual' should work, but it doesn't
seem to go in my testing on Ubuntu.
You might rationally ask what use there is in bringing up an interface without an IP address. It turns out that there's a number of things that such up but unconfigured interfaces are either good for or necessary for (depending on your perspective), including:
- running
tcpdumpand similar packet capture programs to do traffic accounting and/or monitoring. - bringing up your DSL PPPoE connection, since PPPoE uses the Ethernet purely as a transport.
- bridging virtual guest machines onto an Ethernet (or VLAN) that the host machine is logically not on (although it clearly has physical access to them).
The Ubuntu machine I ran into this on was our traffic accounting system, and we definitely never want the monitoring interface to be assigned an IP address, or even respond to packets. (If we were being thorough, this means that we should turn off some normal Linux network settings so that the interface never responds to rogue ARPs for the machine's management IP address.)
The workaround we're currently using is to set 'iface ethN inet dhcp'.
There's no DHCP server on the monitoring segment that will ever respond
to the accounting machine's DHCP request; in fact, I believe that there
is basically no untagged traffic flowing over that network segment.
(And yes, if this ever changes we could get a peculiar surprise.)
Sidebar: setting up unconfigured but active interfaces in Fedora
To set up such an interface in Fedora (and probably Red Hat Enterprise),
you want the obvious minimal ifcfg-ethN control file:
DEVICE=ethN ONBOOT=yes
Put this in /etc/sysconfig/network-scripts and you're good to go.