Unable to change network interfaces in corporate environments

[willemavjc]

Context

Some very outdated service but yet critical is required to be upgraded in a corporate environment. Critical service operates on a RHEL. A proof of concept (PoC) on an upgrade procedure is being designed so that various testings may be run in order to ensure that no relevant issues may appear once the deep layers of the said service are upgraded.

Almalinux is the (guest) O.S. that has been chosen for this PoC.

The PoC is being designed both within the company's office and from homes connected to the company using a VPN solution.

Note: Packets transmission fails by default when using the VPN solution; this means when working from home. That failure comes from the default MTU size being too large for virtualized environments thus requiring to be decreased in order to get acknowledgements in time. Setting MTU size - from 1500 to 1400 - has been confirmed solving the issue on various Linux environments.

Issue

Such required modification cannot be performed on Almalinux when working remotely - i.e. from home - due to the lack of ifconfig and ip commands. Installation of those commands using dnf is impossible since dnf also suffers from packets loss/timeout since the MTU cannot be changed.

Note: Any change of a corporate policy has been denied so no solution on that side may be possible.

I personally spent quite some time googling for an alternative/native way to do so on Almalinux but failed to identify any other way than "Install the missing package using dnf" ...which is not possible since MTU is needed to be edited before to pass through the VPN.

Note: Corporate policies prevent any use of PCs without any valid and active VPN connection first. This means that no network switching "trick" may be used.

Expectations

Being able to change MTU size with any command that may work like the following:

ip link set dev eth0 mtu 1400

Perhaps have a minimal set of network commands to work with, like ip?

Example

[root@2edd0b057d25 /]# dnf upgrade -y
^CAlmaLinux 9 - AppStream                                                                   [                                                            ===                     ] ---  B/s |   0  B     --:-- ETAlmaLinux 9 - AppStream                                                                                                                                                          0.0  B/s |   0  B     00:20
Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: Interrupted by signal

[m10k]

Hey @willemavjc,

how is your container connected to the network?

Docker uses bridged networking by default, meaning that your docker container isn't using the host's network interfaces directly, but rather virtual interfaces. With bridged networking, traffic from the virtual interfaces is NATted/routed through the host's physical interfaces. As far as I can tell, this should work in your environment, unless your host is blocking traffic from/to the container network (or the host cannot connect to the Internet either).

However, if you really need to change the MTU of the interface in the container (and the container host can access the Internet), the one solution that comes to mind is to create a container image with iproute (the package containing /sbin/ip) installed using host networking.

You'll need a Dockerfile like the following (save as Dockerfile).

FROM almalinux/9-base

RUN dnf install -y iproute

You should be able to build it with the following command (executed in the directory where the Dockerfile is).

$ docker build -t alma-with-iproute --network host .

Passing --network host will make the container use the host's network stack. As long as host can connect to docker hub and the Alma mirror, this approach should work.

Best regards