红帽全球峰会第 18 章 Networking
The following chapters contain the most notable changes to networking between RHEL 9 and RHEL 10.
Network team driver was removed
The teamd service and the libteam library were removed in Red Hat Enterprise Linux 10. As a replacement, configure a bond instead of a network team.
Red Hat focuses its efforts on kernel-based bonding to avoid maintaining two features, bonds and teams, that have similar functions. The bonding code has a high customer adoption, is robust, and has an active community development. As a result, the bonding code receives enhancements and updates.
If you use RHEL 9 with a network team and plan to upgrade to RHEL 10, migrate the network team configuration to network bond before you upgrade.
Removed support for network configuration files in the ifcfg format
Starting with RHEL 9.0, RHEL stored newly created network configurations in a key file format in the /etc/NetworkManager/system-connections/ directory. The connections, for which the configurations had already been stored from previous times in the /etc/sysconfig/network-scripts/ directory in the old ifcfg format still worked uninterrupted. However, with the RHEL 10 release, the support for the ifcfg format based network configuration files was removed.
The dhclient utility was removed
The dhclient utility is a client program used to obtain IP addresses, network configuration, and other information from a DHCP server. Since dhclient is no longer developed as of early 2022, the utility was removed in Red Hat Enterprise Linux 10. As a consequence of the removal, you can no longer set dhcp=dhclient in /etc/NetworkManager.conf. As a replacement, use the dhcp=internal (default) in your NetworkManager configuration.
Removed NIC device drivers related to iPXE
Internet Preboot eXecution Environment (iPXE) firmware provides a range of boot options over a network often used in environments, where machines need to boot remotely. Among others, it contains a large number of device drivers. With the RHEL 10 release, the following will be removed:
-
The complete
ipxe-romssub-RPM package Binary files containing device drivers from
ipxe-bootimgs-x86sub-RPM package:-
/usr/share/ipxe/ipxe-i386.efi -
/usr/share/ipxe/ipxe-x86_64.efi -
/usr/share/ipxe/ipxe.dsk -
/usr/share/ipxe/ipxe.iso -
/usr/share/ipxe/ipxe.lkrn -
/usr/share/ipxe/ipxe.usb
-
Instead, iPXE now depends on the platform firmware to provide a NIC driver for the network boot. The /usr/share/ipxe/ipxe-snponly-x86_64.efi and /usr/share/ipxe/undionly.kpxe iPXE binary files are the part of the ipxe-bootimgs package and use the NIC driver provided by the platform firmware.
NetworkManager-initscripts-updown is not available
The NetworkManager-initscripts-updown sub-package is removed in RHEL 10 because the related network-scripts package had already been removed in RHEL 9.
Moving some kernel modules to kernel-modules-extra
All kernel modules related to the following utilities have been moved to the kernel-modules-extra package:
-
iptables -
ip6tables -
ipset -
ebtables -
arptables
ATM encapsulation has been removed
Asynchronous Transfer Mode (ATM) encapsulation enables Layer-2 (Point-to-Point Protocol, Ethernet) or Layer-3 (IP) connectivity for the ATM Adaptation Layer 5 (AAL-5). In RHEL 9, the ATM implementation was unsupported and deprecated. In RHEL 10, the kernel feature has been disabled in the kernel, and ATM is no longer available.
The PF_KEYv2 kernel API has been removed
In earlier RHEL versions, applications could configure the kernel’s IPsec implementation by using the deprecated PV_KEYv2 and the newer netlink API. PV_KEYv2 has not been actively maintained upstream and is missing important security features, such as modern ciphers, offload, and extended sequence number support. As a result, the PV_KEYv2 API has been removed in RHEL 10. If you used this kernel API in applications, migrate your applications to use the modern netlink API as an alternative.
The firewalld lockdown feature has been removed
The firewalld lockdown feature could not prevent processes that are running as root from adding themselves to the allow list. In RHEL 10, this feature has been removed.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}