# alinux-network

Part of **ALINUX**

<!-- intent-backlink:auto -->

> 💡 **Path Selection**: This skill is one implementation path for [Optimize network performance and connectivity](../../intent/alinux-optimize-performance/SKILL.md). If you're unsure which path to take, check the routing skill first.

# Alibaba Cloud Linux Networking Console Guide

## Operations Overview

| Operation | Console Entry | Prerequisites | Description |
|------|-----------|---------|------|
| Enable SMC Communication | Console > Elastic Compute Service (ECS) > Instances > Configure SMC | Create an ECS Instance that supports the Elastic RoCE Infrastructure (ERI) feature, Ensure the system kernel version is ANCK 5.10.134-16 or later, Install smc-tools and aliyun-smc-extensions utilities, Have eRDMA capability enabled on the target ENI or configure PNET ID for cross-interface association | Configure Shared Memory Communications (SMC) for high-performance networking using kernel modules and BPF policies. |
| Configure Network Access Control | Console > ECS > Instances > Network & Security | Already created VPC, Have RDS instance, Enabled Cloud Security Center service | Set up network ACLs, DDoS protection, RDS whitelists, firewall rules, and threat detection policies. |
| Manage IPv6 Configuration | ECS > Instances > Remote Connection | Instance type must support IPv6, Instance must be in a region that supports IPv6, Already set up IPv6 VPC | Enable or disable IPv6 networking on the system through configuration files and kernel parameters. |
| Monitor SMC Connections | Product Homepage > ECS > Instance Management > Shared Memory Communication Monitoring | Installed smc-tools package, Root or sudo privileges, eRDMA support enabled, SMC connections exist in net namespace | Track and monitor Shared Memory Communication connection status and performance metrics. |
| Diagnose Network Issues | Console > Network Management > Network Diagnosis | Enabled network diagnosis service, Access permissions to target network nodes | Perform general network diagnostics to identify connectivity or performance problems like jitter and packet loss. |
| Analyze Network Jitter | Console > ECS > Instances > System Diagnosis | Instance is created and running, Have system diagnosis permissions | Diagnose and measure network jitter issues affecting application performance using built-in diagnostic tools. |
| Detect Packet Loss | Console > ECS > Instances > System Diagnosis > Packet Loss Diagnosis | Instance is created and running, Have permissions to view and operate the instance (e.g., RAM role authorization) | Identify and troubleshoot network packet loss problems at the kernel level with detailed diagnostic reports. |

## Operation Steps

### Enable SMC Communication

**Navigation**: Console > Elastic Compute Service (ECS) > Instances > Configure SMC

**Prerequisites**:
- Create an ECS Instance that supports the Elastic RoCE Infrastructure (ERI) feature
- Ensure the system kernel version is ANCK 5.10.134-16 or later
- Install smc-tools and aliyun-smc-extensions utilities
- Have eRDMA capability enabled on the target ENI or configure PNET ID for cross-interface association

1. **Create Instance** (button) — top navigation bar
   - Notes: Select an instance type that supports ERI functionality.

2. **Remote Connect** (link) — instance details page top action bar
   - Notes: Use SSH to connect to the instance after creation.

3. Load the smc and smc_diag Kernel Modules
   - Element: **sudo modprobe smc** (text_input) — terminal/command line

4. Verify successful module loading
   - Element: **dmesg** (text_input) — terminal/command line
   - Notes: Look for output indicating 'smc: load SMC module with reserve_mode' and 'NET: Registered protocol family 43'.

5. Install smc-tools and aliyun-smc-extensions utilities
   - Element: **sudo yum install -y smc-tools** (text_input) — terminal/command line

6. Enable transparent socket conversion at net namespace level
   - Element: **sudo sysctl net.smc.tcp2smc=1** (text_input) — terminal/command line
   - Notes: This enables automatic conversion of TCP sockets to SMC sockets in the current net namespace.

7. Run a TCP application with SMC support
   - Element: **./<foo>** (text_input) — terminal/command line
   - Notes: Replace <foo> with your application name. The application's TCP sockets will be transparently converted to SMC sockets if conditions are met.

8. Use smc_run script for process-level transparent conversion
   - Element: **smc_run ./<foo>** (text_input) — terminal/command line
   - Notes: The smc_run script uses LD_PRELOAD to intercept socket() calls and convert TCP sockets to SMC sockets.

9. Load smc-ebpf policy
   - Element: **sudo smc-ebpf policy load** (text_input) — terminal/command line
   - Notes: Note: This does not affect existing connections; only new ones are affected.

10. Configure port-based SMC policy
    - Element: **sudo smc-ebpf policy config --port 80 --mode enable** (text_input) — terminal/command line
    - Notes: This allows SMC negotiation only on specified ports.

11. Start aliyunsmc-ueid service for one-click EID configuration
    - Element: **sudo systemctl start aliyunsmc-ueid** (text_input) — terminal/command line
    - Notes: Optional: Run 'sudo systemctl enable aliyunsmc-ueid' to make it persistent across reboots.

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| EID | text | No | — | Enterprise ID, used to control SMCv2 communication scope |
| PNET ID | text | No | — | Identifier used to associate Ethernet interfaces (ENI) with eRDMA interfaces (ERI) |
| Port Policy | dropdown | No | enable, disable | Controls whether specific ports allow SMC negotiation |
| IPv4 Address Policy | dropdown | No | enable, disable | Controls whether client sockets use SMC negotiation based on server IP address |

### Configure Network Access Control

**Navigation**: Console > ECS > Instances > Network & Security

**Prerequisites**:
- Already created VPC
- Have RDS instance
- Enabled Cloud Security Center service (for threat detection)

1. Navigate to RDS instance list
   - Element: **RDS Instances** (link) — main content area

2. Click instance ID to enter details page
   - Element: **Instance ID** (link) — instance list

3. Select **Whitelist Management** in left navigation panel
   - Element: **Whitelist Management** (tab) — left navigation panel

4. Click **Add** button
   - Element: **Add** (button) — top of Whitelist Management page

5. Enter ECS instance IP address or CIDR block
   - Element: **IP Address/CIDR Block** (text_input) — Add Whitelist form
   - Notes: Supports single IP or CIDR format.

6. Click **OK** to save settings
   - Element: **OK** (button) — bottom of form

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| IP Address/CIDR Block | text | Yes | — | ECS instance IP address or CIDR block allowed to access RDS instance |
| Description | text | No | — | Optional field to identify the purpose of this whitelist rule |

### Manage IPv6 Configuration

**Navigation**: ECS > Instances > Remote Connection

**Prerequisites**:
- Instance type must support IPv6
- Instance must be in a region that supports IPv6
- Already set up IPv6 VPC

1. **Remote Connect** (button) — instance list page
   - Notes: See related documentation for detailed connection steps.

2. Navigate to systemd network directory
   - Element: **cd /etc/systemd/network/** (text_input) — terminal command line

3. List .network files
   - Element: **ls** (text_input) — terminal command line
   - Notes: Example file: 50-dhcp.network.

4. Edit 50-dhcp.network file
   - Element: **vi /etc/systemd/network/50-dhcp.network** (text_input) — terminal command line

5. Enter insert mode and modify content
   - Element: **i** (link) — vi editor
   - Notes: Change DHCP=ipv4 to DHCP=yes under [Network].

6. Save and exit editor
   - Element: **:wq** (text_input) — vi editor
   - Notes: Press Esc then type :wq and Enter.

7. Enable IPv6 via sysctl command
   - Element: **sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0** (text_input) — terminal command line
   - Notes: Can target all interfaces or specific ones like eth0.

8. Edit /etc/sysctl.conf file
   - Element: **vi /etc/sysctl.conf** (text_input) — terminal command line

9. Enter insert mode and modify configuration
   - Element: **i** (link) — vi editor
   - Notes: Change disable_ipv6 value from 1 to 0.

10. Verify configuration file differences
    - Element: **diff -u /etc/sysctl.conf <(lsinitrd -f /etc/sysctl.conf)** (text_input) — terminal command line
    - Notes: If differences exist, regenerate initramfs.

11. Regenerate initramfs
    - Element: **sudo dracut -v -f** (text_input) — terminal command line

12. Reboot instance
    - Element: **sudo reboot** (text_input) — terminal command line

13. Check IPv6 status
    - Element: **ifconfig** (text_input) — terminal command line
    - Notes: If inet6 address appears, IPv6 is enabled.

### Monitor SMC Connections

**Navigation**: Product Homepage > ECS > Instance Management > Shared Memory Communication Monitoring

**Prerequisites**:
- Installed smc-tools package
- Root or sudo privileges
- eRDMA support enabled
- SMC connections exist in net namespace

1. Install smc-tools package
   - Element: **sudo yum install -y smc-tools** (text_input) — terminal command line

2. View SMC-R protocol stack statistics
   - Element: **smcr stats** (text_input) — terminal command line

3. View SMC-R link group statistics
   - Element: **smcr linkgroup** (text_input) — terminal command line
   - Notes: Observe #Conns and Sndbuf/RMB values.

4. View RDMA device information
   - Element: **smcr device** (text_input) — terminal command line

5. View SMC socket information
   - Element: **smcss** (text_input) — terminal command line
   - Notes: Focus on State and Mode fields.

6. View detailed SMC-R socket information
   - Element: **smcss -R** (text_input) — terminal command line
   - Notes: Focus on IB-device, Port, GID fields.

7. View all SMC sockets
   - Element: **smcss -a** (text_input) — terminal command line

8. Monitor SMC traffic rate and RPS
   - Element: **smc_monitor_ex speed -m smcr -i 1** (text_input) — terminal command line
   - Notes: Real-time traffic monitoring.

9. Monitor successful SMC or fallback TCP connections
   - Element: **smc_monitor_ex connection -m smcr -i 1** (text_input) — terminal command line
   - Notes: For connection stability monitoring.

### Diagnose Network Issues

**Navigation**: Console > Network Management > Network Diagnosis

**Prerequisites**:
- Enabled network diagnosis service
- Access permissions to target network nodes

1. Navigate to Network Diagnosis page
   - Element: **Network Diagnosis** (link) — left navigation panel

2. Select network path to diagnose
   - Element: **Select Network Path** (dropdown) — main content area
   - Notes: Supports cross-region, cross-VPC path diagnosis.

3. Click Start Diagnosis button
   - Element: **Start Diagnosis** (button) — top action bar
   - Notes: Diagnosis typically takes 1-5 minutes.

### Analyze Network Jitter

**Navigation**: Console > ECS > Instances > System Diagnosis

**Prerequisites**:
- Instance is created and running
- Have system diagnosis permissions

1. In left navigation panel, click **System Diagnosis**
   - Element: **System Diagnosis** (link) — left navigation panel

2. In diagnosis type list, select **Network Diagnosis**; in diagnosis item list, select **Network Jitter**; choose target instance ID and diagnosis duration, then click **Execute Diagnosis**
   - Element: **Execute Diagnosis** (button) — main content area
   - Notes: Ensure instance ID and diagnosis duration are correctly configured.

3. In diagnosis records area, click **View Report**
   - Element: **View Report** (button) — diagnosis records area
   - Notes: Diagnostic details chart shown in screenshot.

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| Diagnosis Type | dropdown | Yes | Network Diagnosis | Select diagnosis category |
| Diagnosis Item | dropdown | Yes | Network Jitter | Select specific diagnosis item |
| Instance ID | text_input | Yes | — | Specify ECS instance to diagnose |
| Diagnosis Duration | text_input | Yes | 10 minutes | Set diagnosis duration |

### Detect Packet Loss

**Navigation**: Console > ECS > Instances > System Diagnosis > Packet Loss Diagnosis

**Prerequisites**:
- Instance is created and running
- Have permissions to view and operate the instance (e.g., RAM role authorization)

1. In left navigation panel, click **System Diagnosis**
   - Element: **System Diagnosis** (menu) — left navigation panel

2. In diagnosis type list, select **Network Diagnosis**, in diagnosis item list select **Packet Loss Diagnosis**, enter target instance ID, then click **Execute Diagnosis**
   - Element: **Execute Diagnosis** (button) — main content area
   - Notes: Ensure entered instance ID is correct and belongs to current account.

3. In diagnosis records area, click **View Report**
   - Element: **View Report** (button) — diagnosis records area
   - Notes: Detailed diagnostic conclusions, recommendations, and data available after viewing report.

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| Diagnosis Type | dropdown | Yes | Network Diagnosis | Select diagnosis category |
| Diagnosis Item | dropdown | Yes | Packet Loss Diagnosis | Select specific diagnosis item |
| Instance ID | text_input | Yes | — | Enter unique identifier of ECS instance to diagnose |

## FAQ

Q: Where can I find the SMC configuration options in the console?
A: SMC configuration is primarily done via terminal commands after connecting to your ECS instance. First create an ERI-supported instance through Console > ECS > Instances, then use SSH to connect and run the required smc-tools commands.

Q: What happens if I leave the Description field empty when adding an RDS whitelist entry?
A: The whitelist rule will still be created successfully. The Description field is optional and only serves as a human-readable identifier for administrative purposes.

Q: Can I modify IPv6 settings after initial configuration without rebooting?
A: Some IPv6 settings can be changed temporarily using sysctl commands, but for persistent changes across reboots, you must modify configuration files and restart the instance as described in the guide.

Q: How long does network jitter diagnosis take to complete?
A: Network jitter diagnosis typically takes between 1-5 minutes to complete, though you can configure the duration up to 60 minutes maximum per diagnostic session.

Q: Do packet loss diagnostics work on stopped instances?
A: No, packet loss diagnostics require the instance to be in a running state since they analyze real-time kernel-level network activity and cannot function on stopped instances.

## Pricing & Billing

### Billing Model
All networking console operations described in this guide are free to use. These include SMC configuration, IPv6 management, DNS setup, NetworkManager adjustments, policy-based routing, and network diagnostics.

### Free Tier
- Network diagnosis: 10 free diagnostic sessions per month
- All other networking features: No usage charges apply as they are system-level configuration capabilities

### Billing Notes
- Network diagnosis tasks are billed per request at ¥0.01 per session after exceeding the free tier
- Failed diagnosis tasks still count toward your monthly quota
- All other networking configuration features are included with your ECS instance at no additional cost
- SMC, XPS, TCP monitoring, and similar kernel-level features do not incur separate charges beyond standard ECS pricing