Even the most experienced network administrator can get stumped when configuring Linux routers, says Tony Mancill,...
author of Linux Routers: A Primer for Network Administrators, 2nd Ed. from Prentice Hall PTR. There are significant differences in the configuration processes for Linux, Windows and Unix. In a recent interview with SearchEnterpriseLinux.com, he described the most important "dos and don'ts" for configuring Linux routers.
1. Do put on your Indiana Jones hat and start digging for documentation.
"The No. 1 challenge in configuring Linux routers is the lack of good-quality documentation for newer features and more advanced functionality," Mancill said. "Even when there is ample documentation, there may not be a single, canonical source for it."
On many Web sites, Linux and open-source community members offer router configuration tips, product reviews, how-tos and support. "This goes with the territory of using a community-supported operating system, but it does mean that you may have to spend extra time sifting through mailing list archives and multiple HOWTO documents to get what you're looking for," Mancill said. "In extreme cases, I've had to refer to the source code itself to determine exactly how a feature should be used."
2. Don't speak Windows-ese to a Linux router.
There's not one right way to configure routers on all platforms. Most Linux routers are configured differently than their traditional counterparts, Mancill said. Besides that, networking and routing configurations differ from one Linux distribution to the other.
For example, there may be multiple mechanisms for saving the configuration for each of the various subsystems, depending upon the various components used, Mancill said. One configuration could control the WAN interfaces, while another controls static routes, and yet another handles firewall rules.
3. Do repress your urge to use the kernel or configuration tool your pal TuxMan built.
"Stick to stock, stable versions of the kernel and various tool sets whenever possible," Mancill advised. "These represent the widest possible user base, and hence are least likely to cause you unnecessary grief."
Sure, you can go your own way. If you do, however, be prepared to play the Versions Game. Network managers who play the Versions Game tend to make their user and IT peer groups nervous. "You may find yourself needing a driver that is first supported in kernel version x.y.z, but the tool set you need for functionality Q only builds on x.y.z-2," Mancill said. "In that case, you may find yourself up to your elbows in source code."
4. Do keep it simple, or you could end up looking stupid.
"Don't load up your Linux router with every gee-gaw and gizmo available," Mancill said.
Sure, it's possible to configure a Linux box to do just about anything, but try to control yourself. After all, unused and extraneous server software may expose you to unnecessary security risks, Mancill said.
5. Do your compiling yourself, if you want it done right.
Compile your own kernels from source. "Distribution kernels are typically not configured for routers and almost always contain a great many more drivers than needed," Mancill said. "The additional drivers reduce the amount of memory available to other kernel data structures."
6. Don't let Joe WinAdmin foul your router nest.
Security starts at home, so pay attention to your IT shop's environmental and physical security. "The last thing you want to have happen is for an unsuspecting Win2k admin to walk up to your router and hit CTRL-ALT-DEL to try to log in," Mancill said. In fact, "if you have to share your system console with other machines, consider disabling the 'ctrlaltdel' entry in /etc/inittab."
7. Do use a journaling filesystem like ext3 or reiserfs.
"You'll be thankful for the time saved after an unexpected reboot," Mancill said.
8. Don't live in the moment, no matter what your Zen master says.
Plan ahead for future growth, functionality and changes. Routers often lie at the heart of the core operations of an entire enterprise, so it may be very difficult to schedule downtime for upgrades and changes, Mancill said. Build your router on up-to-date technologies, with an eye to compatibility with upcoming technologies. Try to plan six to 12 months ahead when scheduling any planned maintenance or configuration changes.
9. Don't trust your or your co-workers' instant recall abilities.
"Maintain detailed documentation about your base configuration and any subsequent configuration changes," Mancill said. "Even if you're the only administrator of the system(s), it's much better to have good documentation than having to reinvent the wheel a year down the road."
10. Do respect Murphy's Law.
Do make contingency plans. Also, make sure that spare preconfigured systems are available. "Linux routers are often much cheaper than their traditional counterparts, so use this to your advantage and budget for spares," Mancill said.
11. Don't be an isolationist. Join the router and routing community.
Subscribe to the mailing lists for the type of router and routing software you are using. Sign up for one or more general Linux security lists, too. "Staying current is important," Mancill said.
So is sharing, so take some time to answer others' questions when you're able to, Mancill said. "Goodwill is contagious."
FOR MORE INFORMATION:
FEEDBACK: Share your Linux router configuration tips.
Send your feedback to the SearchEnterpriseLinux.com news team.