Learning about slightly more advanced networking with linux

Paul Warren

Mastodon: @pwarren@mastodon.thewarrens.name

email: paul at thewarrens.name

© 2021 Paul Warren

CC BY-NC-SA

! WARNING !

I am not a network engineer, there are gaps in my knowledge

The words I use might not be the correct ones

Please don't blame me if your network stops networking

Maybe don't go and try building an ISP based off this talk :)

What even is a network?

Ethernet?

Token Ring?

IPX?

AX.25?

What even is a network?

ipv4?

ipv6?

tcp?

Allows connections between computers

Managed networks

Controls connections between computers

Scales connections between computers

Layers!

Like an onion!

That 7 layer thing from the OSI

Ethernet -> IP -> ICMP/TCP/UDP

Administrative overlays

VPNs and Tunnels

Layers

This means the Physical layers do not have to match the Logical connections

Networks are also a bit fractal in nature

For the purposes of this talk, we can ignore a lot of complexity

An easy one!

VLANS

Ethernet layer

Designed to limit broadcast storms

Can also separate IP networks on the same Ethernet

Tagged and Untagged/Default

IEEE 802.1Q

VLANs in linux

Are pretty easy!


	    ip link add link enp0s2 name enp0s2.2501 vlan id 2501
	    ip -6 addr add 2001:db8:2501::10/64 dev enp0s2.2501
	    ip link set dev enp0s2.2501 up
	    
	  

VLANs in linux

Various different methods of making it go in different distributions

Debian: in /etc/network/interfaces

	    auto enp1s0.2502
iface enp1s0.2502 inet dhcp
iface enp1s0.2502 inet6 auto
	  

OpenWRT has a nice GUI

VLANs in linux

Here's what I've done

What even is a router?

Two or more interfaces

Some logic to determine where a packet goes

Linux Routing

Add to sysctl config:


	      net.ipv4.ip_forward = 1
	      net.ipv6.conf.all.forwarding = 1
	      net.ipv6.conf.default.forwarding = 1
	    
	  

And we're done!

Yeah, not really :)

Static Routes

Manually added, or scripted routes that don't change


	      ip route add 172.17.0.0/24 via 172.16.0.254 dev wg0
	    
	  

Static Routes

ip -6 route add 2001:db8:2501::/64 via 2001:db8:2500::1 dev enp0s1
ip -6 route add 2001:db8:2502::/64 via 2001:db8:2500::1 dev enp0s1
ip -6 route add 2001:db8:2600:beef:/64 via 2001:db8:face::1 dev wg0
	  

Static Routes

Enter dynamic routes

Advertise your LANs

Discovering routes to other LANs

Optional: Do some logic

Add them to the routing table

Userspace daemons

talking to the kernel networking stack

Dynamic Routing

Open Shortest Path First (OSPF)

Uses Dijkstra's algorithm

RFC2328

RFC5340

For: Dynamic routes inside your networks

Dynamic Routing

Border Gateway Protocol (BGP)

RF4271

For: Sharing dynamic routes outside your network with other Autonomous Sytstems (AS)

"AS" is used a lot in the ISP world, and your ISP will have an assigned AS Number

The Userspace Daemons

BIRD: Berkeley Internet Routing Daemon

Quagga: Fork of Zebra

OpenBGPd/OpenOSPFd: from the OpenBSD project

Significant overlap, but they are different

I've not used Quagga, or the OpenBSD ones

There are probably others!

intro to bird

Powerful

Complex to configure

Use version control

Intro to bird configuration

/etc/bird.conf

router id 10.9.99.6;

log "/var/log/bird/bird.log" all;
debug protocols { states, routes, filters, interfaces }

protocol kernel {
        import none;
        export all;
}

protocol device {
        # defaults...
}
	    
	  

Intro to bird configuration

/etc/bird.conf

Each router needs a unique ID

Protocol blocks, There are lots of types

They are how bird knows what to talk to and how

Intro to bird configuration

protocol ospf {
        area 0 {
                interface "lo" {
                        stub;
                };
                interface "vlan1001" {
                };
                interface "vlan1034" {
                        stub;
                };
        };
		}
	      
	    

There are a lot more options than stub or default

BIRD documentation is really good

Intro to bird configuration

Import vs Export

Master Table

Logic in Pipes

A funky thing you can do with OSPF

A necessary service

Contained within a network

Data more efficiently obtained across local links

Can still get the costly versions if local goes down

A funky thing you can do with OSPF

An IP for a host that provides that service

Can use that same IP in two different places in the network

Confused routing?

OSPF to the rescue!

A funky thing you can do with OSPF

Why use a 'real' router

Linux based router:

NIC Hardware

-> whole packet to Driver memory

-> various kernel subsystems

Routing decision made

Then back out the same path

Why use a 'real' router

Enterprise level router

NIC Hardware

Just Enough Packet to get the address

-> routing silicon

Routing decision made

Silicon switched to forward packet out correct NIC Hardware

Why use a 'real' router

Performance

Some work being done on 'zero copy' networking in linux

io_uring also has some smarts for this

Why use a 'real' router

Other Considerations

Network Engineers are

Not familiar with linux networking

will have significant skills using commercial routing software

Hardware ruggedness, suitability for datacentre

power consumption

¿Por qué no los dos?

OpenWRT is a linux based distribution for real networking hardware

BGP

Sorry, didn't get to explore this as much as I'd like

Not too confident talking about it as yet

Is how the internet is put together

Bonus homework

Why did I use 2001::db8::/32?

Why did I use /64s?

I highly recommend going through KNorrie's network examples: https://github.com/knorrie/network-examples

OSPF Areas

Auth* for OSPF

Automatic transfers of internal aggregate networks to BGP (Something I've not investigated much)

Resources

These slides: https://gitea.pwarren.id.au/pwarren/SysAdmin2022

bird: https://bird.network.cz

Openwrt: https://openwrt.org/

The OpenWRT IRC channel, currently on the OFTC network

BenEater's "Why was facebook down for five hours"

802.1Q