SlideShare a Scribd company logo

Linux Networking Explained

Thomas Graf
Thomas Graf

Linux offers an extensive selection of programmable and configurable networking components from traditional bridges, encryption, to container optimized layer 2/3 devices, link aggregation, tunneling, several classification and filtering languages all the way up to full SDN components. This talk will provide an overview of many Linux networking components covering the Linux bridge, IPVLAN, MACVLAN, MACVTAP, Bonding/Team, OVS, classification & queueing, tunnel types, hidden routing tricks, IPSec, VTI, VRF and many others.

Software
1 of 27
Download to read offline
Linux Networking Explained LinuxCon 2016, Toronto Thomas Graf (@tgraf__) Kernel, Cilium & Open vSwitch Team Noiro Networks (Cisco)
Did you catch part I? ● Part II: LinuxCon, Toronto, 2016 Linux Networking Explained Network devices, Namespaces, Rou"ng, Veth, VLAN, IPVLAN, MACVLAN, MACVTAP, Bonding, Team, OVS, Bridge, BPF, IPSec ● Part I: LinuxCon, Sea,le, 2015 Kernel Networking Walkthrough The protocol stack, sockets, o/oads, TCP fast open, TCP small queues, NAPI, busy polling, RSS, RPS, memory accoun"ng h/p://goo.gl/ZKJpor
Network Devices ● Real / Physical Backed by hardware Example: Ethernet card, WIFI, USB, ... ● So7ware / Virtual Simula"on or virtual representa"on Example: Loopback (lo), Bridge (br), Virtual Ethernet (veth), ... $ ip link [...] $ ip link show enp1s0f1 4: enp1s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state [...] link/ether 90:e2:ba:61:e7:45 brd ff:ff:ff:ff:ff:ff
Addresses $ ip addr add 192.168.23.5/24 dev em1 $ ip address show dev em1 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP [...] link/ether 10:c3:7b:95:21:da brd ff:ff:ff:ff:ff:ff inet 192.168.23.5/24 brd 192.168.23.255 scope global em1 valid_lft forever preferred_lft forever inet6 fe80::12c3:7bff:fe95:21da/64 scope link valid_lft forever preferred_lft forever Do we need to consider a packet for local sockets? ip_forward() Local? Rou:ng Sockets ip_local_deliver() ip_output() net.ipv4.conf.all.forwarding = 1
Pro Tip: The Local Table $ ip route list table local type local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 192.168.23.5 dev em1 proto kernel scope host src 192.168.23.5 192.168.122.1 dev virbr0 proto kernel scope host src 192.168.122.1 List all accepted local addresses: H4x0r Tip: You can also modify this table a5er the generated local routes have been inserted.
Rou:ng $ ip route add 10.0.0.0/8 dev em1 $ ip route show 10.0.0.0/8 dev em1 scope link Device $ ip route add 20.10.0.0/16 via 10.0.0.1 $ ip route show 20.10.0.0/16 via 10.0.0.1 dev em1 Direct Route - endpoints are direct neighbours (L2) Nexthop Route - endpoints are behind another router (L3) DeviceSockets Device
Pro Trick: Simula:ng a Route Lookup $ ip route get 20.10.3.3 20.10.3.3 via 10.0.0.1 dev em1 src 192.168.23.5 cache How will a packet to 20.10.3.3 get routed? NOTE: This is not just $(ip route show | grep). It performs an actual route lookup on the speci8ed des"na"on address in the kernel.
Network Namespaces $ ip netns add blue $ ip link set tap0 netns blue $ ip netns exec blue ip address 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 19: tap0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 42:ad:d0:10:e0:67 brd ff:ff:ff:ff:ff:ff Namespace 2Namespace 1 NOTE: Not all data structures are namespace aware yet! eth0tap0 AddressesAddresses RoutesRoutes SocketsSockets Linux maintains resources and data structures per namespace
Virtual Network 2 Virtual Network 3 Virtual Network 1 VLAN Virtual Networks on Layer 2 $ ip link add link em1 vlan1 type vlan id 1 $ ip link set vlan1 up $ ip link show vlan1 15: vlan1@em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP [...] link/ether 10:c3:7b:95:21:da brd ff:ff:ff:ff:ff:ff VLAN1 VLAN1 VLAN2 VLAN2 VLAN3 VLAN3 L2 Ethernet VLAN IP Packet Headers:
Bonding / Team Link Aggrega:on $ cp /usr/share/doc/teamd-*/example_configs/activebackup_ethtool_1.conf . $ teamd -g -f activebackup_ethtool_1.conf -d [...] $ teamdctl team0 state [...] team0 ● Uses: – Redundant network cards (failover) – Connect to mul"ple ToR (LB) ● Implementa:ons: – Team (new, user/kernel) – Bonding (old, kernel only)
Namespace 1 Namespace 2 Veth Virtual Ethernet Cable ● Bidirec"onal FIFO ● O5en used to cross namespaces $ ip link add veth1 type veth peer name veth2 $ ip link set veth1 netns ns1 $ ip link set veth2 netns ns2 veth0 veth1
Bridge Virtual Switch ● Flooding: Clone packets and send to all ports. ● Learning: Learn who's behind which port to avoid <ooding ● STP: Detect wiring loops and disable ports ● Na:ve VLAN integra:on ● OFoad: Program HW based on FDB table $ ip link add br0 type bridge $ ip link set eth0 master br0 $ ip link set tap3 master br0 $ ip link set br0 up br0 port portport
Example Bridge + Team + Veth Namespace Host Namespace Container B Namespace Container A br0 veth1 team0 veth0 eth0eth0 eth1eth0
MACVLAN SimpliIed bridging for guests ● NOT 802.1Q VLANs ● Mul"ple MAC addresses on single interface ● KISS - no learning, no STP ● Modes: – VEPA (default): Guest to guest done on ToR, L3 fallback possible – Bridge: Guest to guest in so5ware – Private: Isolated, no guest to guest – Passthrough: A,aches VF (SR-IOV) $ ip link add link em1 name macvlan0 type macvlan mode bridge $ ip -d link show macvlan0 23: macvlan0@em1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN [...] link/ether f2:d8:91:54:d0:69 brd ff:ff:ff:ff:ff:ff promiscuity 0 macvlan mode bridge addrgenmode eui64 $ ip link set macvlan0 netns blue macvlan0 MAC1 Physical Device macvlan1 MAC2 master slaves
Example Team + MACVLAN Namespace Host Namespace Container B Namespace Container A team0 eth0 (macvlan) eth0 (macvlan) eth1eth0
IPVLAN MACVLAN for Layer 3 (L3) ● Can hide many containers behind a single MAC address. ● Shared L2 among slaves ● Mode: – L2: Like MACVLAN w/ single MAC – L3: L2 deferred to master namespace, no mul"cast/broadcast $ ip netns add blue $ ip link add link eth0 ipvl0 type ipvlan mode l3 $ ip link set dev ipvl0 netns blue $ ip netns exec blue ip link set dev ipvl0 up $ ip netns exec blue ip addr add 10.1.1.1/24 dev ipvl0 ipvlan0 IP1 Physical Device ipvlan1 IP2 master slaves
MACVLAN vs IPVLAN MACVLAN – ToR or NIC may have maximum MAC address limit – Doesn't work well with 802.11 (wireless) IPVLAN – DHCP based on MAC doesn't work, must use client ID – EUI-64 IPv6 addresses genera"on issues – No broadcast/mul"cast in L3 mode
TUN/TAP A gate to user space ● Character Device in user space ● Network device in kernel space ● L2 (TAP) or L3 (TUN) ● Uses: encryp"on, VPN, tunneling, virtual machines, ... tun0 tap0 fd = open("/dev/net/tun", O_RDWR); strncpy(ifr.ifr_name,“tap0”, IFNAMSIZ); ioctl(fd, TUNSETIFF, (void *) &ifr); $ ip tuntap add tun0 mode tun $ ip link set tun0 up $ ip link show tun0 18: tun0: <NO-CARRIER,POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500 qdisc fq_codel [...] link/none $ ip route add 10.1.1.0/24 dev tun0 user.c: File Descriptor File Descriptor kernel user
MACVTAP Bridge + TAP = MACVTAP ● A TAP with an integrated bridge ● Connects VM/container via L2 ● Same modes as MACVLAN macvtap2 MAC1 macvtap3 MAC2 $ ip link add link em1 name macvtap0 type macvtap mode vepa $ ip -d link show macvtap 20: macvtap0@em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP [...] link/ether 3e:cb:79:61:8c:4b brd ff:ff:ff:ff:ff:ff macvtap mode vepa addrgenmode eui64 $ ls -l /dev/tap20 crw-------. 1 root root 241, 1 Aug 8 21:08 /dev/tap20 /dev/tap3/dev/tap2 kernel user Physical Device
Virtual Network 2 Virtual Network 3 Virtual Network 1 Encapsula:on (Tunnels) Virtual Networks on Layer 3/4 $ ip link add vxlan42 type vxlan id 42 group 239.1.1.1 dev em1 dstport 4789 $ ip link set vxlan42 up $ ip link show vxlan42 31: vxlan42: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN [...] link/ether e6:fc:c8:7e:07:83 brd ff:ff:ff:ff:ff:ff vxlan1 vxlan1 vxlan2 vxlan2 vxlan3 vxlan3 L3/L4 Ethernet VXLANIP VXLAN Headers example: UDP Ethernet IP TCP Underlay Overlay
Authen:cated & Encrypted IPSec $ ip xfrm state add src 192.168.211.138 dst 192.168.211.203 proto esp spi 0x53fa0fdd mode transport reqid 16386 replay-window 32 auth "hmac(sha1)" 0x55f01ac07e15e437115dde0aedd18a822ba9f81e enc "cbc(aes)" 0x6aed4975adf006d65c76f63923a6265b sel src 0.0.0.0/0 dst 0.0.0.0/0 Socket Socket L3 Ethernet ESPIP Transport Mode TCP Tunnel Mode Ethernet ESPIP TCPIP Netdevice Netdevice ● AH: Authen"ca"on ● ESP: Authenica"on + encryp"on
ovs0 port portport ● Fully programmable L2-L4 virtual switch with APIs: OpenFlow and OVSDB ● Split into a user and kernel component ● Mul"ple control plane integra"ons: – OVN, ODL, Neutron, CNI, Docker, ... ... $ ovs-vsctl add-br ovs0 $ ovs-vsctl add-port ovs0 em1 $ ovs-ofctl add-flow ovs0 in_port=1,actions=drop $ ovs-vsctl show a425a102-c317-4743-b0ba-79d59ff04a74 Bridge "ovs0" Port "em1" Interface "em1" [...]
Kernel Userspace BPF Source Code Byte Code LLVM/clang Sockets netdevice Network StackTC Ingress TC Egress netdevice $ clang -O2 -target bpf -c code.c -o code.o $ tc qdisc add dev eth0 clsact $ tc filter add dev eth0 ingress bpf da obj code.o sec my-section1 $ tc filter add dev eth0 egress bpf da obj code.o sec my-section2 A/aching a BPF program to eth0 at ingress: VeriIer + JIT add eax,edx shl eax,2 add eax,edx shl eax,2
BPF Features (As of Aug 2016) ● Maps – Arrays (per CPU), hashtables (per CPU) ● Packet mangling ● Redirect to other device ● Tunnel metadata (encapsula"on) ● Cgroups integra"on ● Event no"8ca"ons via perf ring buJer
Kernel Userspace XDP – Express Data Path Source Code Byte Code LLVM/clang Sockets Netdevice Network Stack VeriIer + JIT add eax,edx shl eax,2 Driver Access to DMA buLer
Q&A Image Sources: ● Cover (Toronto) Rick Harris (h,ps://www.<ickr.com/photos/rickharris/) ● The Invisible Man Dr. Azzacov (h,ps://www.<ickr.com/photos/drazzacov/) ● Chicken JOHN LLOYD (h,ps://www.<ickr.com/photos/hugo90/) Learn more about networking with BPF: Fast IPv6-only Networking for Containers Based on BPF and XDP Wednesday August 24, 2016 4:35pm – 5:35pm, Queen's Quay Contact: ● Twi/er: @tgraf__ Mail: tgraf@tgraf.ch

Recommended

LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughLinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughThomas Graf
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network StackAdrien Mahieux
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network InterfacesKernel TLV
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingViller Hsiao
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecturehugo lu
 
netfilter and iptables
netfilter and iptablesnetfilter and iptables
netfilter and iptablesKernel TLV
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
 
Cilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPCilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPThomas Graf
 

Recommended

LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughLinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughThomas Graf
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network StackAdrien Mahieux
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network InterfacesKernel TLV
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingViller Hsiao
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecturehugo lu
 
netfilter and iptables
netfilter and iptablesnetfilter and iptables
netfilter and iptablesKernel TLV
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
 
Cilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPCilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPThomas Graf
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDPDaniel T. Lee
 
Intel dpdk Tutorial
Intel dpdk TutorialIntel dpdk Tutorial
Intel dpdk TutorialSaifuddin Kaijar
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machineAlexei Starovoitov
 
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughDevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughThomas Graf
 
Linux kernel tracing
Linux kernel tracingLinux kernel tracing
Linux kernel tracingViller Hsiao
 
introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack monad bobo
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)Brendan Gregg
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlanSuraj Deshmukh
 
DPDK In Depth
DPDK In DepthDPDK In Depth
DPDK In DepthKernel TLV
 
eBPF maps 101
eBPF maps 101eBPF maps 101
eBPF maps 101SUSE Labs Taipei
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and moreBrendan Gregg
 
The TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelThe TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelDivye Kapoor
 
Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Seung-Hoon Baek
 
FD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingFD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingKernel TLV
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDPlcplcp1
 
Understanding DPDK
Understanding DPDKUnderstanding DPDK
Understanding DPDKDenys Haryachyy
 
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThe Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
 
nl80211 and libnl
nl80211 and libnlnl80211 and libnl
nl80211 and libnlawkman
 
BPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathBPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathThomas Graf
 
Cilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDPCilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDPThomas Graf
 

More Related Content

What's hot

Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDPDaniel T. Lee
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machineAlexei Starovoitov
 
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughDevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughThomas Graf
 
Linux kernel tracing
Linux kernel tracingLinux kernel tracing
Linux kernel tracingViller Hsiao
 
introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack monad bobo
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)Brendan Gregg
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and moreBrendan Gregg
 
The TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelThe TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelDivye Kapoor
 
Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Seung-Hoon Baek
 
FD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingFD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingKernel TLV
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDPlcplcp1
 
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThe Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
 
nl80211 and libnl
nl80211 and libnlnl80211 and libnl
nl80211 and libnlawkman
 

What's hot (20)

Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDP
 
Intel dpdk Tutorial
Intel dpdk TutorialIntel dpdk Tutorial
Intel dpdk Tutorial
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet Processing
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machine
 
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughDevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking Walkthrough
 
Linux kernel tracing
Linux kernel tracingLinux kernel tracing
Linux kernel tracing
 
introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlan
 
DPDK In Depth
DPDK In DepthDPDK In Depth
DPDK In Depth
 
eBPF maps 101
eBPF maps 101eBPF maps 101
eBPF maps 101
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and more
 
The TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux KernelThe TCP/IP Stack in the Linux Kernel
The TCP/IP Stack in the Linux Kernel
 
Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조
 
FD.IO Vector Packet Processing
FD.IO Vector Packet ProcessingFD.IO Vector Packet Processing
FD.IO Vector Packet Processing
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDP
 
Understanding DPDK
Understanding DPDKUnderstanding DPDK
Understanding DPDK
 
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThe Next Generation Firewall for Red Hat Enterprise Linux 7 RC
The Next Generation Firewall for Red Hat Enterprise Linux 7 RC
 
nl80211 and libnl
nl80211 and libnlnl80211 and libnl
nl80211 and libnl
 

Viewers also liked

BPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathBPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathThomas Graf
 
Cilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDPCilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDPThomas Graf
 
Servicios de Red e Internet
Servicios de Red e InternetServicios de Red e Internet
Servicios de Red e InternetSergio Santos
 
Transferencia de archivos FTP
Transferencia de archivos FTPTransferencia de archivos FTP
Transferencia de archivos FTPingdianabaquero
 
Ubuntu. configurar tarjeta de red mediante lineas de comando
Ubuntu. configurar tarjeta de red mediante lineas de comandoUbuntu. configurar tarjeta de red mediante lineas de comando
Ubuntu. configurar tarjeta de red mediante lineas de comandoRpc Docucentro Cuevas
 
Linux Network commands
Linux Network commandsLinux Network commands
Linux Network commandsHanan Nmr
 
Manual de configuracion de redes
Manual de configuracion de redesManual de configuracion de redes
Manual de configuracion de redesmmri
 
Servidor ftp linux final
Servidor ftp linux finalServidor ftp linux final
Servidor ftp linux finalmtijerino78
 
Act. n°5 (dhcp, dns, http, ftp & ssh)
Act. n°5 (dhcp, dns, http, ftp & ssh)Act. n°5 (dhcp, dns, http, ftp & ssh)
Act. n°5 (dhcp, dns, http, ftp & ssh)Priscilla Yepes Correa
 
Tutorial de Instalación de Sistema y Servicios de Red en Lenny Debian 5
Tutorial de Instalación de Sistema y Servicios de Red en Lenny Debian 5Tutorial de Instalación de Sistema y Servicios de Red en Lenny Debian 5
Tutorial de Instalación de Sistema y Servicios de Red en Lenny Debian 5Black Moral Яesistance
 
Instalación ftp, telnet y ssh sobre linux
Instalación ftp, telnet y ssh sobre linuxInstalación ftp, telnet y ssh sobre linux
Instalación ftp, telnet y ssh sobre linuxGer Hernandez
 
Instalación y configuración de servidor ftp en ubuntu server 14
Instalación y configuración de servidor ftp en ubuntu server 14Instalación y configuración de servidor ftp en ubuntu server 14
Instalación y configuración de servidor ftp en ubuntu server 14Luis Carlos Silva Dias
 
Servicio FTP en Ubuntu
Servicio FTP en UbuntuServicio FTP en Ubuntu
Servicio FTP en UbuntuSergio Santos
 
Configuracion servidor web, dns, ftp, pop3 y smtp txt para linux
Configuracion servidor web, dns, ftp, pop3 y smtp txt para linuxConfiguracion servidor web, dns, ftp, pop3 y smtp txt para linux
Configuracion servidor web, dns, ftp, pop3 y smtp txt para linuxMohamed Diop
 
Instalación y configuración interfaz gráfica ubuntu server 12.04
Instalación y configuración interfaz gráfica ubuntu server 12.04Instalación y configuración interfaz gráfica ubuntu server 12.04
Instalación y configuración interfaz gráfica ubuntu server 12.04Willian Hoyos Argote
 
Apache: instalación y configuración en Ubuntu Server y Windows Server
Apache: instalación y configuración en Ubuntu Server y Windows ServerApache: instalación y configuración en Ubuntu Server y Windows Server
Apache: instalación y configuración en Ubuntu Server y Windows ServerNombre Apellidos
 

Viewers also liked (20)

BPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathBPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable Datapath
 
Cilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDPCilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDP
 
Servicios de Red e Internet
Servicios de Red e InternetServicios de Red e Internet
Servicios de Red e Internet
 
Transferencia de archivos FTP
Transferencia de archivos FTPTransferencia de archivos FTP
Transferencia de archivos FTP
 
Ubuntu. configurar tarjeta de red mediante lineas de comando
Ubuntu. configurar tarjeta de red mediante lineas de comandoUbuntu. configurar tarjeta de red mediante lineas de comando
Ubuntu. configurar tarjeta de red mediante lineas de comando
 
Linux Network commands
Linux Network commandsLinux Network commands
Linux Network commands
 
Instalación y configuración Servidor FTP y SSH
Instalación y configuración Servidor FTP y SSHInstalación y configuración Servidor FTP y SSH
Instalación y configuración Servidor FTP y SSH
 
Manual de configuracion de redes
Manual de configuracion de redesManual de configuracion de redes
Manual de configuracion de redes
 
Servidor ftp linux final
Servidor ftp linux finalServidor ftp linux final
Servidor ftp linux final
 
Manejo de-redes-linux
Manejo de-redes-linuxManejo de-redes-linux
Manejo de-redes-linux
 
Servidores de red
Servidores de redServidores de red
Servidores de red
 
Act. n°5 (dhcp, dns, http, ftp & ssh)
Act. n°5 (dhcp, dns, http, ftp & ssh)Act. n°5 (dhcp, dns, http, ftp & ssh)
Act. n°5 (dhcp, dns, http, ftp & ssh)
 
Tutorial de Instalación de Sistema y Servicios de Red en Lenny Debian 5
Tutorial de Instalación de Sistema y Servicios de Red en Lenny Debian 5Tutorial de Instalación de Sistema y Servicios de Red en Lenny Debian 5
Tutorial de Instalación de Sistema y Servicios de Red en Lenny Debian 5
 
Instalación ftp, telnet y ssh sobre linux
Instalación ftp, telnet y ssh sobre linuxInstalación ftp, telnet y ssh sobre linux
Instalación ftp, telnet y ssh sobre linux
 
Instalación y configuración de servidor ftp en ubuntu server 14
Instalación y configuración de servidor ftp en ubuntu server 14Instalación y configuración de servidor ftp en ubuntu server 14
Instalación y configuración de servidor ftp en ubuntu server 14
 
Servicio FTP en Ubuntu
Servicio FTP en UbuntuServicio FTP en Ubuntu
Servicio FTP en Ubuntu
 
Configuracion servidor web, dns, ftp, pop3 y smtp txt para linux
Configuracion servidor web, dns, ftp, pop3 y smtp txt para linuxConfiguracion servidor web, dns, ftp, pop3 y smtp txt para linux
Configuracion servidor web, dns, ftp, pop3 y smtp txt para linux
 
Configuracion del servidor vsftpd en linux
Configuracion del servidor vsftpd en linuxConfiguracion del servidor vsftpd en linux
Configuracion del servidor vsftpd en linux
 
Instalación y configuración interfaz gráfica ubuntu server 12.04
Instalación y configuración interfaz gráfica ubuntu server 12.04Instalación y configuración interfaz gráfica ubuntu server 12.04
Instalación y configuración interfaz gráfica ubuntu server 12.04
 
Apache: instalación y configuración en Ubuntu Server y Windows Server
Apache: instalación y configuración en Ubuntu Server y Windows ServerApache: instalación y configuración en Ubuntu Server y Windows Server
Apache: instalación y configuración en Ubuntu Server y Windows Server
 

Similar to Linux Networking Explained

Open stack advanced_part
Open stack advanced_partOpen stack advanced_part
Open stack advanced_partlilliput12
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Sam Kim
 
SDNDS.TW Mininet
SDNDS.TW MininetSDNDS.TW Mininet
SDNDS.TW MininetNCTU
 
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話upaa
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksLaurent Bernaille
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux NetworkingMaximilan Wilhelm
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux KernelKernel TLV
 
2015 FOSDEM - OVS Stateful Services
2015 FOSDEM - OVS Stateful Services2015 FOSDEM - OVS Stateful Services
2015 FOSDEM - OVS Stateful ServicesThomas Graf
 
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksDeeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksLaurent Bernaille
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network TroubleshootingOpen Source Consulting
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch YongKi Kim
 
Ngrep commands
Ngrep commandsNgrep commands
Ngrep commandsRishu Seth
 
13048671.ppt
13048671.ppt13048671.ppt
13048671.pptLyVu51
 
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDeep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDocker, Inc.
 
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Andriy Berestovskyy
 
Thebasicintroductionofopenvswitch
ThebasicintroductionofopenvswitchThebasicintroductionofopenvswitch
ThebasicintroductionofopenvswitchRamses Ramirez
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf
 
Openstack openswitch basics
Openstack openswitch basicsOpenstack openswitch basics
Openstack openswitch basicsnshah061
 
Skydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSkydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSylvain Afchain
 

Similar to Linux Networking Explained (20)

Open stack advanced_part
Open stack advanced_partOpen stack advanced_part
Open stack advanced_part
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1
 
SDNDS.TW Mininet
SDNDS.TW MininetSDNDS.TW Mininet
SDNDS.TW Mininet
 
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話
 
Deep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay NetworksDeep Dive in Docker Overlay Networks
Deep Dive in Docker Overlay Networks
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux Networking
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux Kernel
 
2015 FOSDEM - OVS Stateful Services
2015 FOSDEM - OVS Stateful Services2015 FOSDEM - OVS Stateful Services
2015 FOSDEM - OVS Stateful Services
 
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay NetworksDeeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay Networks
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting
 
Secure LXC Networking
Secure LXC NetworkingSecure LXC Networking
Secure LXC Networking
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch
 
Ngrep commands
Ngrep commandsNgrep commands
Ngrep commands
 
13048671.ppt
13048671.ppt13048671.ppt
13048671.ppt
 
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDeep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
 
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)
 
Thebasicintroductionofopenvswitch
ThebasicintroductionofopenvswitchThebasicintroductionofopenvswitch
Thebasicintroductionofopenvswitch
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
 
Openstack openswitch basics
Openstack openswitch basicsOpenstack openswitch basics
Openstack openswitch basics
 
Skydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSkydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integration
 

More from Thomas Graf

eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KernelThomas Graf
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemThomas Graf
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityThomas Graf
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelThomas Graf
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFThomas Graf
 
Cilium - Network security for microservices
Cilium - Network security for microservicesCilium - Network security for microservices
Cilium - Network security for microservicesThomas Graf
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPThomas Graf
 
Linux Native, HTTP Aware Network Security
Linux Native, HTTP Aware Network SecurityLinux Native, HTTP Aware Network Security
Linux Native, HTTP Aware Network SecurityThomas Graf
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containersCilium - BPF & XDP for containers
Cilium - BPF & XDP for containersThomas Graf
 
LinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVSLinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVSThomas Graf
 
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)Thomas Graf
 
Open vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NATOpen vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NATThomas Graf
 
SDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingSDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingThomas Graf
 

More from Thomas Graf (13)

eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux Kernel
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and SecurityCilium - Bringing the BPF Revolution to Kubernetes Networking and Security
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPF
 
Cilium - Network security for microservices
Cilium - Network security for microservicesCilium - Network security for microservices
Cilium - Network security for microservices
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
 
Linux Native, HTTP Aware Network Security
Linux Native, HTTP Aware Network SecurityLinux Native, HTTP Aware Network Security
Linux Native, HTTP Aware Network Security
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containersCilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
 
LinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVSLinuxCon 2015 Stateful NAT with OVS
LinuxCon 2015 Stateful NAT with OVS
 
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
Taking Security Groups to Ludicrous Speed with OVS (OpenStack Summit 2015)
 
Open vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NATOpen vSwitch - Stateful Connection Tracking & Stateful NAT
Open vSwitch - Stateful Connection Tracking & Stateful NAT
 
SDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingSDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center Networking
 

Recently uploaded

Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfkalichargn70th171
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareJim McKeeth
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 

Recently uploaded (20)

Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 

Linux Networking Explained

  • 1. Linux Networking Explained LinuxCon 2016, Toronto Thomas Graf (@tgraf__) Kernel, Cilium & Open vSwitch Team Noiro Networks (Cisco)
  • 2. Did you catch part I? ● Part II: LinuxCon, Toronto, 2016 Linux Networking Explained Network devices, Namespaces, Rou"ng, Veth, VLAN, IPVLAN, MACVLAN, MACVTAP, Bonding, Team, OVS, Bridge, BPF, IPSec ● Part I: LinuxCon, Sea,le, 2015 Kernel Networking Walkthrough The protocol stack, sockets, o/oads, TCP fast open, TCP small queues, NAPI, busy polling, RSS, RPS, memory accoun"ng h/p://goo.gl/ZKJpor
  • 3.
  • 4. Network Devices ● Real / Physical Backed by hardware Example: Ethernet card, WIFI, USB, ... ● So7ware / Virtual Simula"on or virtual representa"on Example: Loopback (lo), Bridge (br), Virtual Ethernet (veth), ... $ ip link [...] $ ip link show enp1s0f1 4: enp1s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state [...] link/ether 90:e2:ba:61:e7:45 brd ff:ff:ff:ff:ff:ff
  • 5. Addresses $ ip addr add 192.168.23.5/24 dev em1 $ ip address show dev em1 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP [...] link/ether 10:c3:7b:95:21:da brd ff:ff:ff:ff:ff:ff inet 192.168.23.5/24 brd 192.168.23.255 scope global em1 valid_lft forever preferred_lft forever inet6 fe80::12c3:7bff:fe95:21da/64 scope link valid_lft forever preferred_lft forever Do we need to consider a packet for local sockets? ip_forward() Local? Rou:ng Sockets ip_local_deliver() ip_output() net.ipv4.conf.all.forwarding = 1
  • 6. Pro Tip: The Local Table $ ip route list table local type local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 192.168.23.5 dev em1 proto kernel scope host src 192.168.23.5 192.168.122.1 dev virbr0 proto kernel scope host src 192.168.122.1 List all accepted local addresses: H4x0r Tip: You can also modify this table a5er the generated local routes have been inserted.
  • 7. Rou:ng $ ip route add 10.0.0.0/8 dev em1 $ ip route show 10.0.0.0/8 dev em1 scope link Device $ ip route add 20.10.0.0/16 via 10.0.0.1 $ ip route show 20.10.0.0/16 via 10.0.0.1 dev em1 Direct Route - endpoints are direct neighbours (L2) Nexthop Route - endpoints are behind another router (L3) DeviceSockets Device
  • 8. Pro Trick: Simula:ng a Route Lookup $ ip route get 20.10.3.3 20.10.3.3 via 10.0.0.1 dev em1 src 192.168.23.5 cache How will a packet to 20.10.3.3 get routed? NOTE: This is not just $(ip route show | grep). It performs an actual route lookup on the speci8ed des"na"on address in the kernel.
  • 9. Network Namespaces $ ip netns add blue $ ip link set tap0 netns blue $ ip netns exec blue ip address 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 19: tap0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 42:ad:d0:10:e0:67 brd ff:ff:ff:ff:ff:ff Namespace 2Namespace 1 NOTE: Not all data structures are namespace aware yet! eth0tap0 AddressesAddresses RoutesRoutes SocketsSockets Linux maintains resources and data structures per namespace
  • 10. Virtual Network 2 Virtual Network 3 Virtual Network 1 VLAN Virtual Networks on Layer 2 $ ip link add link em1 vlan1 type vlan id 1 $ ip link set vlan1 up $ ip link show vlan1 15: vlan1@em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP [...] link/ether 10:c3:7b:95:21:da brd ff:ff:ff:ff:ff:ff VLAN1 VLAN1 VLAN2 VLAN2 VLAN3 VLAN3 L2 Ethernet VLAN IP Packet Headers:
  • 11. Bonding / Team Link Aggrega:on $ cp /usr/share/doc/teamd-*/example_configs/activebackup_ethtool_1.conf . $ teamd -g -f activebackup_ethtool_1.conf -d [...] $ teamdctl team0 state [...] team0 ● Uses: – Redundant network cards (failover) – Connect to mul"ple ToR (LB) ● Implementa:ons: – Team (new, user/kernel) – Bonding (old, kernel only)
  • 12. Namespace 1 Namespace 2 Veth Virtual Ethernet Cable ● Bidirec"onal FIFO ● O5en used to cross namespaces $ ip link add veth1 type veth peer name veth2 $ ip link set veth1 netns ns1 $ ip link set veth2 netns ns2 veth0 veth1
  • 13. Bridge Virtual Switch ● Flooding: Clone packets and send to all ports. ● Learning: Learn who's behind which port to avoid <ooding ● STP: Detect wiring loops and disable ports ● Na:ve VLAN integra:on ● OFoad: Program HW based on FDB table $ ip link add br0 type bridge $ ip link set eth0 master br0 $ ip link set tap3 master br0 $ ip link set br0 up br0 port portport
  • 14. Example Bridge + Team + Veth Namespace Host Namespace Container B Namespace Container A br0 veth1 team0 veth0 eth0eth0 eth1eth0
  • 15. MACVLAN SimpliIed bridging for guests ● NOT 802.1Q VLANs ● Mul"ple MAC addresses on single interface ● KISS - no learning, no STP ● Modes: – VEPA (default): Guest to guest done on ToR, L3 fallback possible – Bridge: Guest to guest in so5ware – Private: Isolated, no guest to guest – Passthrough: A,aches VF (SR-IOV) $ ip link add link em1 name macvlan0 type macvlan mode bridge $ ip -d link show macvlan0 23: macvlan0@em1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN [...] link/ether f2:d8:91:54:d0:69 brd ff:ff:ff:ff:ff:ff promiscuity 0 macvlan mode bridge addrgenmode eui64 $ ip link set macvlan0 netns blue macvlan0 MAC1 Physical Device macvlan1 MAC2 master slaves
  • 16. Example Team + MACVLAN Namespace Host Namespace Container B Namespace Container A team0 eth0 (macvlan) eth0 (macvlan) eth1eth0
  • 17. IPVLAN MACVLAN for Layer 3 (L3) ● Can hide many containers behind a single MAC address. ● Shared L2 among slaves ● Mode: – L2: Like MACVLAN w/ single MAC – L3: L2 deferred to master namespace, no mul"cast/broadcast $ ip netns add blue $ ip link add link eth0 ipvl0 type ipvlan mode l3 $ ip link set dev ipvl0 netns blue $ ip netns exec blue ip link set dev ipvl0 up $ ip netns exec blue ip addr add 10.1.1.1/24 dev ipvl0 ipvlan0 IP1 Physical Device ipvlan1 IP2 master slaves
  • 18. MACVLAN vs IPVLAN MACVLAN – ToR or NIC may have maximum MAC address limit – Doesn't work well with 802.11 (wireless) IPVLAN – DHCP based on MAC doesn't work, must use client ID – EUI-64 IPv6 addresses genera"on issues – No broadcast/mul"cast in L3 mode
  • 19. TUN/TAP A gate to user space ● Character Device in user space ● Network device in kernel space ● L2 (TAP) or L3 (TUN) ● Uses: encryp"on, VPN, tunneling, virtual machines, ... tun0 tap0 fd = open("/dev/net/tun", O_RDWR); strncpy(ifr.ifr_name,“tap0”, IFNAMSIZ); ioctl(fd, TUNSETIFF, (void *) &ifr); $ ip tuntap add tun0 mode tun $ ip link set tun0 up $ ip link show tun0 18: tun0: <NO-CARRIER,POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500 qdisc fq_codel [...] link/none $ ip route add 10.1.1.0/24 dev tun0 user.c: File Descriptor File Descriptor kernel user
  • 20. MACVTAP Bridge + TAP = MACVTAP ● A TAP with an integrated bridge ● Connects VM/container via L2 ● Same modes as MACVLAN macvtap2 MAC1 macvtap3 MAC2 $ ip link add link em1 name macvtap0 type macvtap mode vepa $ ip -d link show macvtap 20: macvtap0@em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP [...] link/ether 3e:cb:79:61:8c:4b brd ff:ff:ff:ff:ff:ff macvtap mode vepa addrgenmode eui64 $ ls -l /dev/tap20 crw-------. 1 root root 241, 1 Aug 8 21:08 /dev/tap20 /dev/tap3/dev/tap2 kernel user Physical Device
  • 21. Virtual Network 2 Virtual Network 3 Virtual Network 1 Encapsula:on (Tunnels) Virtual Networks on Layer 3/4 $ ip link add vxlan42 type vxlan id 42 group 239.1.1.1 dev em1 dstport 4789 $ ip link set vxlan42 up $ ip link show vxlan42 31: vxlan42: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN [...] link/ether e6:fc:c8:7e:07:83 brd ff:ff:ff:ff:ff:ff vxlan1 vxlan1 vxlan2 vxlan2 vxlan3 vxlan3 L3/L4 Ethernet VXLANIP VXLAN Headers example: UDP Ethernet IP TCP Underlay Overlay
  • 22. Authen:cated & Encrypted IPSec $ ip xfrm state add src 192.168.211.138 dst 192.168.211.203 proto esp spi 0x53fa0fdd mode transport reqid 16386 replay-window 32 auth "hmac(sha1)" 0x55f01ac07e15e437115dde0aedd18a822ba9f81e enc "cbc(aes)" 0x6aed4975adf006d65c76f63923a6265b sel src 0.0.0.0/0 dst 0.0.0.0/0 Socket Socket L3 Ethernet ESPIP Transport Mode TCP Tunnel Mode Ethernet ESPIP TCPIP Netdevice Netdevice ● AH: Authen"ca"on ● ESP: Authenica"on + encryp"on
  • 23. ovs0 port portport ● Fully programmable L2-L4 virtual switch with APIs: OpenFlow and OVSDB ● Split into a user and kernel component ● Mul"ple control plane integra"ons: – OVN, ODL, Neutron, CNI, Docker, ... ... $ ovs-vsctl add-br ovs0 $ ovs-vsctl add-port ovs0 em1 $ ovs-ofctl add-flow ovs0 in_port=1,actions=drop $ ovs-vsctl show a425a102-c317-4743-b0ba-79d59ff04a74 Bridge "ovs0" Port "em1" Interface "em1" [...]
  • 24. Kernel Userspace BPF Source Code Byte Code LLVM/clang Sockets netdevice Network StackTC Ingress TC Egress netdevice $ clang -O2 -target bpf -c code.c -o code.o $ tc qdisc add dev eth0 clsact $ tc filter add dev eth0 ingress bpf da obj code.o sec my-section1 $ tc filter add dev eth0 egress bpf da obj code.o sec my-section2 A/aching a BPF program to eth0 at ingress: VeriIer + JIT add eax,edx shl eax,2 add eax,edx shl eax,2
  • 25. BPF Features (As of Aug 2016) ● Maps – Arrays (per CPU), hashtables (per CPU) ● Packet mangling ● Redirect to other device ● Tunnel metadata (encapsula"on) ● Cgroups integra"on ● Event no"8ca"ons via perf ring buJer
  • 26. Kernel Userspace XDP – Express Data Path Source Code Byte Code LLVM/clang Sockets Netdevice Network Stack VeriIer + JIT add eax,edx shl eax,2 Driver Access to DMA buLer
  • 27. Q&A Image Sources: ● Cover (Toronto) Rick Harris (h,ps://www.<ickr.com/photos/rickharris/) ● The Invisible Man Dr. Azzacov (h,ps://www.<ickr.com/photos/drazzacov/) ● Chicken JOHN LLOYD (h,ps://www.<ickr.com/photos/hugo90/) Learn more about networking with BPF: Fast IPv6-only Networking for Containers Based on BPF and XDP Wednesday August 24, 2016 4:35pm – 5:35pm, Queen's Quay Contact: ● Twi/er: @tgraf__ Mail: tgraf@tgraf.ch