SlideShare a Scribd company logo

L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack

Maximilan Wilhelm
Maximilan Wilhelm

This document provides an overview of networking concepts in Linux including layer 2 and layer 3 topics. It discusses link aggregation (LAGs), VLANs, bridges, routing tables, policy-based routing (PBR), VRFs, and network namespaces (NetNS). Key points covered include using LACP for LAGs, VLAN tagging formats, the purpose of bridges, routing tables other than the default main table, and how VRFs and NetNS provide layer 3 and layer 1 separation respectively. Real-world applications of tunnels and VPNs with VRFs are also highlighted.

Internet
1 of 36
Download to read offline
L2/L3 für Fortgeschrittene Helle und dunkle Magie imLinux-Netzwerkstack FrOSCon 13 Network Track Falk Stern, Maximilian Wilhelm 1 / 36
Agenda 1. Who are we 2. Layer 2 1. Link Aggregation 2. VLANs 3. Bridges 3. Layer 3 1. Policy based routing 2. VRFs 3. NetNS 2 / 36
Who's who Falk Stern Full Stack Infrastructure Engineer IPv6 fanboy Runs his own Kubernetes cluster in his basement Consultant @ Profi Engineering Systems AG Contact @wrf42 falk@fourecks.de 3 / 36
Who's who Maximilian Wilhelm Networker OpenSource Hacker Fanboy of (Debian) Linux ifupdown2 Occupation: By day: Senior Infrastructure Architect, Uni Paderborn By night: Infrastructure Archmage, Freifunk Hochstift In between: Freelance Solution Architect for hire Contact @BarbarossaTM max@sdn.clinic 4 / 36
Who's who Layer 2 Layer 2 / LAGs 5 / 36
Who's who Layer 2 LAGs Link Aggregation Combine one or more physical links between two peers to one virtual link, to increase over-all bandwidth create a redundant Layer 2 link both Also know as: LAG Bonding (Linux) Aggregated Ethernet (Juniper) Port-Channel (Cisco) Trunk (3Com, HP?) NIC-Teaming 6 / 36
Who's who Layer 2 LAGs Link Aggregation - Simple Linux bonding Just use multiple links and hope the peer does, too. Drawbacks: If media converters are involved a link-down event may not propagate No way to tell it the peer is configured the same way 7 / 36
Who's who Layer 2 LAGs Link Aggregation - LACP Link Aggregation Control Protocol (802.3ad / 802.1AX) De-facto standard within networking world Use LACP signalling to set up LAG with peer Maximum of 8 interface per LAG Keep alive every 1s (fast) or every 30s (slow) An interface can be on one of two modes: active: send out LACP packets to activly form the LAG passive: wait for and only then reply to LACP packets 8 / 36
Who's who Layer 2 LAGs Multi-Chassis Link Aggregation Groups Link Aggregation between more than two peers At least on peer as to do magic to make this work Also know as: MC-LAG MLAG Virtual Port-Channel (vPC) Source: Wikipedia 9 / 36
Who's who Layer 2 LAGs Loadbalancing Tra c over LAGs Round-Robin One packet on link 1, one on link 2, ..., and repeat Hashing of header elds Layer 2 (src MAC + dst MAC) Only useful if communication is to multiple stations within local subnet Layer 2+3 (src MAC + dst MAC + src IP + dst IP) Might be more useful for communication without local subnet Layer 3+4 (src IP + dst IP + src Port + dst Port) Probably most useful when communicating with multiple peers 10 / 36
Who's who Layer 2 LAGs Layer 2 / VLANs 11 / 36
Who's who Layer 2 LAGs VLANs Virtual Local Area Networks (VLANs) Used to separate broadcast domains in LANs VLAN transport between switches standardized as IEEE 802.1q after proprietary standards from Cisco, 3COM 12 bit VLAN Identifier only 4096 possible VLANs, ~100 reserved for internal switch functions 1 2 3 4 5 6 Destination MAC 1 2 3 4 5 6 Source MAC 1 2 3 4 802.1Q Header TPID=0x8100 PCP/DEI/VID 1 . . . n Payload 1 2 EtherType/ Size 1 2 3 4 CRC / FCS 1 2 3 4 5 6 Inter Frame Gap 7 8 9 10 11 12 1 2 3 4 5 6 Destination MAC 1 2 3 4 5 6 Source MAC 1 . . . n Payload 1 2 EtherType/ Size 1 2 3 4 CRC / FCS 1 2 3 4 5 6 Inter Frame Gap 7 8 9 10 11 12 n = 42–1500 n = 46–1500 1 2 3 4 5 6 Preamble 7 8 SFD 1 2 3 4 5 6 Preamble 7 8 SFD 12 / 36
Who's who Layer 2 LAGs VLANs QinQ - 802.1ad Double Tag Of course we can put VLANs into VLANs 1 2 3 4 5 6 Destination MAC 1 2 3 4 5 6 Source MAC 1 2 3 4 802.1Q Header TPID=0x 8100 PCP/DEI/VID 1 . . . n Payload 1 2 EtherType/ Size 1 2 3 4 CRC / FCS 1 2 3 4 5 6 Inter Frame Gap 7 8 9 10 11 12 1 2 3 4 5 6 Destination MAC 1 2 3 4 5 6 Source MAC 1 . . . n Payload 1 2 EtherType/ Size 1 2 3 4 CRC / FCS 1 2 3 4 5 6 Inter Frame Gap 7 8 9 10 11 12 n = 42–1500 n = 46–1500 1 2 3 4 5 6 Preamble 7 8 SFD 1 2 3 4 5 6 Preamble 7 8 SFD 1 2 3 4 5 6 Destination MAC 1 2 3 4 5 6 Source MAC 1 2 3 4 802.1Q Header TPID=0x 88A8 PCP/DEI/VID 1 . . . n Payload 1 2 EtherType/ Size 1 2 3 4 CRC / FCS 1 2 3 4 5 6 Inter Frame Gap 7 8 9 10 11 12 n = 38–1500 1 2 3 4 5 6 Preamble 7 8 SFD 1 2 3 4 802.1Q Header TPID=0x 8100 PCP/DEI/VID 13 / 36
Who's who Layer 2 LAGs VLANs Bridges Layer 2 / Bridges 14 / 36
Who's who Layer 2 LAGs VLANs Bridges Bridges The switch(es) within your Linux box Usage: ... bridge [ forward_delay FORWARD_DELAY ] [ hello_time HELLO_TIME ] [ max_age MAX_AGE ] [ ageing_time AGEING_TIME ] [ stp_state STP_STATE ] [ vlan_filtering VLAN_FILTERING ] [ vlan_default_pvid VLAN_DEFAULT_PVID ] [ mcast_snooping MULTICAST_SNOOPING ] [...] [ nf_call_iptables NF_CALL_IPTABLES ] [ nf_call_ip6tables NF_CALL_IP6TABLES ] [ nf_call_arptables NF_CALL_ARPTABLES ] ip link add br0 type bridge ip link set br0 up ip link set eth0 master br0 15 / 36
Who's who Layer 2 LAGs VLANs Bridges VLANs and Bridges Two options, both suck External trunk as bridge member External interface is part of the bridge All VLANs transported within the bridge All VLANs forwarded on any port External trunk with many bridges One interface per VLAN on trunk (e.g. bond0.2342) One bridge per VLAN (e.g. br2342) 16 / 36
Who's who Layer 2 LAGs VLANs Bridges VXLAN and Bridges One bridge per VNI Possibly multiple physical or virtual NICs within bridge, too VLAN interfaces VM interfaces (e.g. on KVM host) 17 / 36
Who's who Layer 2 LAGs VLANs Bridges Vlan-aware Bridges VLANs and bridges have been a challenge That ain't true no more Now it's a “regular switch” Configured with bridge utility from iproute Real World Use Case: Simple KVM/Qemu hook for VLAN assignment https://github.com/FreifunkHochstift/ffho-salt-public/blob/master/kvm/qemu-hook 18 / 36
Who's who Layer 2 LAGs VLANs Bridges Vlan-aware Bridges Port VLAN management bridge vlan { add | del } vid VLAN_ID dev DEV [ pvid ] [ untagged ] [ self ] [ master ] bridge vlan show [ dev DEV ] [ vid VLAN_ID ] Forwarding database bridge fdb [...] 19 / 36
Who's who Layer 2 LAGs VLANs Bridges Vlan-aware Bridges with ifupdown2 iface br0 bridge-ports bond0 bridge-vlan-aware yes bridge-vids 1013 4002 iface bond0 bridge-vids 100 101 200 201 1013 2000 [..] iface cr02_eth1 bridge-vids 1013 2000 2004 2006 3002 iface br0.1013 address 10.132.252.22/28 20 / 36
Who's who Layer 2 LAGs VLANs Bridges Vlan-aware Bridges and VXLAN Extending 24 bit to 36 bit 21 / 36
Who's who Layer 2 Layer 3 Layer 3 / Routing tables 22 / 36
Who's who Layer 2 Layer 3 Routing tables Every Linux box has a number of routing tables $ ip route help Usage: ip route { list | flush } SELECTOR ... SELECTOR := ... [ table TABLE_ID ] ... TABLE_ID := [ local | main | default | all | NUMBER ] By default routing table main is used So ip route show and ip route show table main show the same thing 23 / 36
Who's who Layer 2 Layer 3 Routing tables Table local Contains all routes to Locally connected IPs Broadcast addresses Table main Contains "usual" routes Locally connected subnets Routes to remote subnets Table default Usually empty 24 / 36
Who's who Layer 2 Layer 3 PBR Policy based routing Available since Linux 2.2 (1999) Defaut routing policy on every Linux box: $ ip rule 0: from all lookup local 32766: from all lookup main 32767: from all lookup default Drawbacks No mechanism for persitancy available Beware to close every loophole Rule for IPv4 Rule for IPv6 Rule for incoming interface 25 / 36
Who's who Layer 2 Layer 3 PBR VRFs Virtual Routing and Forwarding (VRFs) Independent routing instances L3-VPNs Usually in combination with MPLS Layer 3 separation VRF interface is master for “real” interfaces Defines routing table for VRF Since Kernel 4.[345] (use >= 4.9) 26 / 36
Who's who Layer 2 Layer 3 PBR VRFs Virtual Routing and Forwarding (VRFs) By foot ip link add vrf_external type vrf table 1023 ip link set eth0 master vrf_external ifupdown2 auto eth0 iface eth0 address 2002:db8:23:42::2/64 gateway 2001:db8:23:42::1/64 vrf vrf_external auto vrf_external iface vrf_external vrf-table 1023 Device routes move from table main and local to table 1023 27 / 36
Who's who Layer 2 Layer 3 PBR VRFs Connecting VRFs Requires vEth pair Like a virtual network cable within the box A end in main VRF, Z end in VRF “foo” Usual routing Static Bird talking BGP to itself 28 / 36
Who's who Layer 2 Layer 3 PBR VRFs Connecting VRFs By foot ip link add VETH_END1 type veth peer name VETH_END2 ifupdown2* iface veth_ext2int link-type veth veth-peer-name veth_int2ext vrf vrf_external iface veth_int2ext link-type veth veth-peer-name veth_ext2int * veth-peer-name not merged upstream yet (PR25) 29 / 36
Who's who Layer 2 Layer 3 PBR VRFs Real World Applications for VRFs External interface in VRF External interface is part of vrf_external GRE / OpenVPN tunnel sent / receive encapsulated packets over VRF Local tunnel endpoint is in main VRF Helpful sysctl /proc/sys/net/ipv4/tcp_l3mdev_accept l3mdev == Layer3 Master Device VRF info is added to socket Replies send out in VRF where request originated 30 / 36
Who's who Layer 2 Layer 3 PBR VRFs Real World Applications - Tunnels / GRE Outer and/or inner side of tunnel can be part of a VRF Send ip link add DEVICE type gre remote ADDR local ADDR dev PHYS_DEV If PHYS_DEV is within a VRF, all encapsulated packets are send/received in VRF That's how your internet access is built right now :) Pushing the inner side of a tunnel into a VRF is equally simple: ip link set DEVICE master VRF 31 / 36
Who's who Layer 2 Layer 3 PBR VRFs Real World Applications - Tunnel / OpenVPN Pushing the inner side of an OpenVPN tunnel into a VRF is a simple as before. Sending/receiving encapsulated packets into/from a VRF is more complicated But there's a patch since October 2016 https://github.com/OpenVPN/openvpn/pull/65 Used to glue remote POPs from Freifunk Hochstift together openvpn --config your_config.cfg --bind-dev VRF Now go and motivate Gert - Hi Gert! - to merge it, so we all can us it :) 32 / 36
Who's who Layer 2 Layer 3 PBR VRFs NetNS Network Namespaces (NetNS) Layer 1 separation Since Kernel 2.6.29 Own set of routing tables VRFs and PBR available within NetNS Own set of netfilter rules A process can be run in a special NetNS Two NetNS can be connected by vETH, too. 33 / 36
Who's who Layer 2 Layer 3 Takeaways Key takeaways Linux networking has evolved A LOT Linux today is a first class citizen wrt networking Vlan-aware bridges are great for virtualization hosts VRFs can help separte layer 3 domains nicely Tunneling technologies integrate accordingly 34 / 36
Who's who Layer 2 Layer 3 Takeaways Links Further Reading Contemporary Linux Networking - DENOG9 (2017) https://www.slideshare.net/BarbarossaTM/contemporary-linux-networking VRFs https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/ networking/vrf.txt https://cumulusnetworks.com/blog/vrf-for-linux/ https://de.slideshare.net/CumulusNetworks/operationalizing-vrf-in-the-data-center 35 / 36
Who's who Layer 2 Layer 3 Takeaways Links Questions Question? 36 / 36

Recommended

Routing fundamentals with mikrotik
Routing fundamentals with mikrotikRouting fundamentals with mikrotik
Routing fundamentals with mikrotikAchmad Mardiansyah
 
Network LACP/Bonding/Teaming with Mikrotik
Network LACP/Bonding/Teaming with MikrotikNetwork LACP/Bonding/Teaming with Mikrotik
Network LACP/Bonding/Teaming with MikrotikGLC Networks
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Cumulus Networks
 
Ifupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerIfupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerCumulus Networks
 
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017Bruno Teixeira
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotikAchmad Mardiansyah
 
Best Current Practice (BCP) 38 Ingress Filtering for Security
Best Current Practice (BCP) 38 Ingress Filtering for SecurityBest Current Practice (BCP) 38 Ingress Filtering for Security
Best Current Practice (BCP) 38 Ingress Filtering for SecurityGLC Networks
 
Network Monitoring with The Dude and Whatsapp
Network Monitoring with The Dude and WhatsappNetwork Monitoring with The Dude and Whatsapp
Network Monitoring with The Dude and WhatsappGLC Networks
 

Recommended

Routing fundamentals with mikrotik
Routing fundamentals with mikrotikRouting fundamentals with mikrotik
Routing fundamentals with mikrotikAchmad Mardiansyah
 
Network LACP/Bonding/Teaming with Mikrotik
Network LACP/Bonding/Teaming with MikrotikNetwork LACP/Bonding/Teaming with Mikrotik
Network LACP/Bonding/Teaming with MikrotikGLC Networks
 
Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Operationalizing EVPN in the Data Center: Part 2
Operationalizing EVPN in the Data Center: Part 2Cumulus Networks
 
Ifupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerIfupdown2: Network Interface Manager
Ifupdown2: Network Interface ManagerCumulus Networks
 
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017
Cisco Live! :: Cisco ASR 9000 Architecture :: BRKARC-2003 | Las Vegas 2017Bruno Teixeira
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotikAchmad Mardiansyah
 
Best Current Practice (BCP) 38 Ingress Filtering for Security
Best Current Practice (BCP) 38 Ingress Filtering for SecurityBest Current Practice (BCP) 38 Ingress Filtering for Security
Best Current Practice (BCP) 38 Ingress Filtering for SecurityGLC Networks
 
Network Monitoring with The Dude and Whatsapp
Network Monitoring with The Dude and WhatsappNetwork Monitoring with The Dude and Whatsapp
Network Monitoring with The Dude and WhatsappGLC Networks
 
Vxlan control plane and routing
Vxlan control plane and routingVxlan control plane and routing
Vxlan control plane and routingWilfredzeng
 
Bgp
BgpBgp
BgpFebrian ‎
 
OVS v OVS-DPDK
OVS v OVS-DPDKOVS v OVS-DPDK
OVS v OVS-DPDKMd Safiyat Reza
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesFebrian ‎
 
Nexus 7000 Series Innovations: M3 Module, DCI, Scale
Nexus 7000 Series Innovations: M3 Module, DCI, ScaleNexus 7000 Series Innovations: M3 Module, DCI, Scale
Nexus 7000 Series Innovations: M3 Module, DCI, ScaleTony Antony
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux KernelKernel TLV
 
Segment Routing Lab
Segment Routing Lab Segment Routing Lab
Segment Routing Lab Cisco Canada
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersBruno Teixeira
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Pavel Odintsov
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDPDaniel T. Lee
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalKwonSun Bae
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch YongKi Kim
 
Cisco hsrp configuration
Cisco hsrp configurationCisco hsrp configuration
Cisco hsrp configurationWahyu Nasution
 
Stable OSPF: choosing network type.pdf
Stable OSPF: choosing network type.pdfStable OSPF: choosing network type.pdf
Stable OSPF: choosing network type.pdfGLC Networks
 
Mikrotik Hotspot
Mikrotik HotspotMikrotik Hotspot
Mikrotik HotspotGLC Networks
 
Designing Multi-tenant Data Centers Using EVPN
Designing Multi-tenant Data Centers Using EVPNDesigning Multi-tenant Data Centers Using EVPN
Designing Multi-tenant Data Centers Using EVPNAnas
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISPWahyu Nasution
 
VLAN vs VXLAN
VLAN vs VXLANVLAN vs VXLAN
VLAN vs VXLANGLC Networks
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking ShapeBlue
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNAAli Layth
 
Switching
SwitchingSwitching
SwitchingCYBERINTELLIGENTS
 
Dc fabric path
Dc fabric pathDc fabric path
Dc fabric pathASHISH SEHGAL
 

More Related Content

What's hot

Vxlan control plane and routing
Vxlan control plane and routingVxlan control plane and routing
Vxlan control plane and routingWilfredzeng
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesFebrian ‎
 
Nexus 7000 Series Innovations: M3 Module, DCI, Scale
Nexus 7000 Series Innovations: M3 Module, DCI, ScaleNexus 7000 Series Innovations: M3 Module, DCI, Scale
Nexus 7000 Series Innovations: M3 Module, DCI, ScaleTony Antony
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux KernelKernel TLV
 
Segment Routing Lab
Segment Routing Lab Segment Routing Lab
Segment Routing Lab Cisco Canada
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersBruno Teixeira
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Pavel Odintsov
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDPDaniel T. Lee
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalKwonSun Bae
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch YongKi Kim
 
Cisco hsrp configuration
Cisco hsrp configurationCisco hsrp configuration
Cisco hsrp configurationWahyu Nasution
 
Stable OSPF: choosing network type.pdf
Stable OSPF: choosing network type.pdfStable OSPF: choosing network type.pdf
Stable OSPF: choosing network type.pdfGLC Networks
 
Designing Multi-tenant Data Centers Using EVPN
Designing Multi-tenant Data Centers Using EVPNDesigning Multi-tenant Data Centers Using EVPN
Designing Multi-tenant Data Centers Using EVPNAnas
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking ShapeBlue
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNAAli Layth
 

What's hot (20)

Vxlan control plane and routing
Vxlan control plane and routingVxlan control plane and routing
Vxlan control plane and routing
 
Bgp
BgpBgp
Bgp
 
OVS v OVS-DPDK
OVS v OVS-DPDKOVS v OVS-DPDK
OVS v OVS-DPDK
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & James
 
Nexus 7000 Series Innovations: M3 Module, DCI, Scale
Nexus 7000 Series Innovations: M3 Module, DCI, ScaleNexus 7000 Series Innovations: M3 Module, DCI, Scale
Nexus 7000 Series Innovations: M3 Module, DCI, Scale
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux Kernel
 
Segment Routing Lab
Segment Routing Lab Segment Routing Lab
Segment Routing Lab
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDP
 
Vxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 finalVxlan deep dive session rev0.5 final
Vxlan deep dive session rev0.5 final
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch
 
Cisco hsrp configuration
Cisco hsrp configurationCisco hsrp configuration
Cisco hsrp configuration
 
Stable OSPF: choosing network type.pdf
Stable OSPF: choosing network type.pdfStable OSPF: choosing network type.pdf
Stable OSPF: choosing network type.pdf
 
Mikrotik Hotspot
Mikrotik HotspotMikrotik Hotspot
Mikrotik Hotspot
 
Designing Multi-tenant Data Centers Using EVPN
Designing Multi-tenant Data Centers Using EVPNDesigning Multi-tenant Data Centers Using EVPN
Designing Multi-tenant Data Centers Using EVPN
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISP
 
VLAN vs VXLAN
VLAN vs VXLANVLAN vs VXLAN
VLAN vs VXLAN
 
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
Deploying CloudStack and Ceph with flexible VXLAN and BGP networking
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNA
 

Similar to L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack

Netzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IPNetzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IPMaximilan Wilhelm
 
Automatic topology detection in NAV
Automatic topology detection in NAVAutomatic topology detection in NAV
Automatic topology detection in NAVMorten Brekkevold
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2samis
 
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.pptLecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.pptabdnazar2003
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksAPNIC
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFMaximilan Wilhelm
 
Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.igede tirtanata
 
Tendencias de Uso y Diseño de Redes de Interconexión en Computadores Paralel...
Tendencias de Uso y Diseño de Redes de Interconexión en Computadores Paralel...Tendencias de Uso y Diseño de Redes de Interconexión en Computadores Paralel...
Tendencias de Uso y Diseño de Redes de Interconexión en Computadores Paralel...Facultad de Informática UCM
 
Westermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo Network Technologies
 
Meetup docker using software defined networks
Meetup docker using software defined networksMeetup docker using software defined networks
Meetup docker using software defined networksOCTO Technology
 

Similar to L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack (20)

Switching
SwitchingSwitching
Switching
 
Dc fabric path
Dc fabric pathDc fabric path
Dc fabric path
 
VLAN ON PACKET TRACER
VLAN ON PACKET TRACERVLAN ON PACKET TRACER
VLAN ON PACKET TRACER
 
VLAN on packet Tracer
VLAN on packet TracerVLAN on packet Tracer
VLAN on packet Tracer
 
VLAN ON PACKET TRACER
VLAN ON PACKET TRACERVLAN ON PACKET TRACER
VLAN ON PACKET TRACER
 
Switching
SwitchingSwitching
Switching
 
Netzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IPNetzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IP
 
Automatic topology detection in NAV
Automatic topology detection in NAVAutomatic topology detection in NAV
Automatic topology detection in NAV
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2
 
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.pptLecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
Lecture 2 Connecting LANs, Backbone Networks, and Virtual LANs.ppt
 
VXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building BlocksVXLAN BGP EVPN: Technology Building Blocks
VXLAN BGP EVPN: Technology Building Blocks
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
 
Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.
 
6.switching vla ns
6.switching vla ns6.switching vla ns
6.switching vla ns
 
Tendencias de Uso y Diseño de Redes de Interconexión en Computadores Paralel...
Tendencias de Uso y Diseño de Redes de Interconexión en Computadores Paralel...Tendencias de Uso y Diseño de Redes de Interconexión en Computadores Paralel...
Tendencias de Uso y Diseño de Redes de Interconexión en Computadores Paralel...
 
Vlan
Vlan Vlan
Vlan
 
Westermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet Networking
 
Switching
SwitchingSwitching
Switching
 
Meetup docker using software defined networks
Meetup docker using software defined networksMeetup docker using software defined networks
Meetup docker using software defined networks
 

More from Maximilan Wilhelm

This is the way - Holistic (Network) Automation
This is the way - Holistic (Network) AutomationThis is the way - Holistic (Network) Automation
This is the way - Holistic (Network) AutomationMaximilan Wilhelm
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Maximilan Wilhelm
 
Building your own CGN boxes with Linux
Building your own CGN boxes with LinuxBuilding your own CGN boxes with Linux
Building your own CGN boxes with LinuxMaximilan Wilhelm
 
Contemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ngContemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ngMaximilan Wilhelm
 
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3Maximilan Wilhelm
 
Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...Maximilan Wilhelm
 
Out-of-Band-Management für APU-Boards
Out-of-Band-Management für APU-BoardsOut-of-Band-Management für APU-Boards
Out-of-Band-Management für APU-BoardsMaximilan Wilhelm
 
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...Maximilan Wilhelm
 
Best Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learnedBest Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learnedMaximilan Wilhelm
 
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...Maximilan Wilhelm
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPMaximilan Wilhelm
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux NetworkingMaximilan Wilhelm
 
Building your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and pythonBuilding your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and pythonMaximilan Wilhelm
 
AS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and LinuxAS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and LinuxMaximilan Wilhelm
 
Software Defined Freifunk Backbones
Software Defined Freifunk BackbonesSoftware Defined Freifunk Backbones
Software Defined Freifunk BackbonesMaximilan Wilhelm
 

More from Maximilan Wilhelm (17)

This is the way - Holistic (Network) Automation
This is the way - Holistic (Network) AutomationThis is the way - Holistic (Network) Automation
This is the way - Holistic (Network) Automation
 
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
 
Building your own CGN boxes with Linux
Building your own CGN boxes with LinuxBuilding your own CGN boxes with Linux
Building your own CGN boxes with Linux
 
Contemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ngContemporary network configuration for linux - ifupdown-ng
Contemporary network configuration for linux - ifupdown-ng
 
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
Angewandte Netzwerkgrundlagen reloaded - von Layer 1 bis 3
 
Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...Intent driven, fully automated deployment of anycasted load balancers with ha...
Intent driven, fully automated deployment of anycasted load balancers with ha...
 
Anycast all the things
Anycast all the thingsAnycast all the things
Anycast all the things
 
Out-of-Band-Management für APU-Boards
Out-of-Band-Management für APU-BoardsOut-of-Band-Management für APU-Boards
Out-of-Band-Management für APU-Boards
 
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
Wie baue ich ein Freifunkbackbone - Was wir in den letzten 5 Jahren gelernt h...
 
Best Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learnedBest Current Operational Practices - Dos, Don’ts and lessons learned
Best Current Operational Practices - Dos, Don’ts and lessons learned
 
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
Overlays & IP-Fabrics - viele Wege führen nach Rom und warum Layer2 keine Lös...
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
 
IPv6 im Jahre 2018
IPv6 im Jahre 2018IPv6 im Jahre 2018
IPv6 im Jahre 2018
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux Networking
 
Building your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and pythonBuilding your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and python
 
AS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and LinuxAS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and Linux
 
Software Defined Freifunk Backbones
Software Defined Freifunk BackbonesSoftware Defined Freifunk Backbones
Software Defined Freifunk Backbones
 

Recently uploaded

定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 

Recently uploaded (20)

定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 

L2/L3 für Fortgeschrittene - Helle und dunkle Magie im Linux-Netzwerkstack

  • 1. L2/L3 für Fortgeschrittene Helle und dunkle Magie imLinux-Netzwerkstack FrOSCon 13 Network Track Falk Stern, Maximilian Wilhelm 1 / 36
  • 2. Agenda 1. Who are we 2. Layer 2 1. Link Aggregation 2. VLANs 3. Bridges 3. Layer 3 1. Policy based routing 2. VRFs 3. NetNS 2 / 36
  • 3. Who's who Falk Stern Full Stack Infrastructure Engineer IPv6 fanboy Runs his own Kubernetes cluster in his basement Consultant @ Profi Engineering Systems AG Contact @wrf42 falk@fourecks.de 3 / 36
  • 4. Who's who Maximilian Wilhelm Networker OpenSource Hacker Fanboy of (Debian) Linux ifupdown2 Occupation: By day: Senior Infrastructure Architect, Uni Paderborn By night: Infrastructure Archmage, Freifunk Hochstift In between: Freelance Solution Architect for hire Contact @BarbarossaTM max@sdn.clinic 4 / 36
  • 5. Who's who Layer 2 Layer 2 / LAGs 5 / 36
  • 6. Who's who Layer 2 LAGs Link Aggregation Combine one or more physical links between two peers to one virtual link, to increase over-all bandwidth create a redundant Layer 2 link both Also know as: LAG Bonding (Linux) Aggregated Ethernet (Juniper) Port-Channel (Cisco) Trunk (3Com, HP?) NIC-Teaming 6 / 36
  • 7. Who's who Layer 2 LAGs Link Aggregation - Simple Linux bonding Just use multiple links and hope the peer does, too. Drawbacks: If media converters are involved a link-down event may not propagate No way to tell it the peer is configured the same way 7 / 36
  • 8. Who's who Layer 2 LAGs Link Aggregation - LACP Link Aggregation Control Protocol (802.3ad / 802.1AX) De-facto standard within networking world Use LACP signalling to set up LAG with peer Maximum of 8 interface per LAG Keep alive every 1s (fast) or every 30s (slow) An interface can be on one of two modes: active: send out LACP packets to activly form the LAG passive: wait for and only then reply to LACP packets 8 / 36
  • 9. Who's who Layer 2 LAGs Multi-Chassis Link Aggregation Groups Link Aggregation between more than two peers At least on peer as to do magic to make this work Also know as: MC-LAG MLAG Virtual Port-Channel (vPC) Source: Wikipedia 9 / 36
  • 10. Who's who Layer 2 LAGs Loadbalancing Tra c over LAGs Round-Robin One packet on link 1, one on link 2, ..., and repeat Hashing of header elds Layer 2 (src MAC + dst MAC) Only useful if communication is to multiple stations within local subnet Layer 2+3 (src MAC + dst MAC + src IP + dst IP) Might be more useful for communication without local subnet Layer 3+4 (src IP + dst IP + src Port + dst Port) Probably most useful when communicating with multiple peers 10 / 36
  • 11. Who's who Layer 2 LAGs Layer 2 / VLANs 11 / 36
  • 12. Who's who Layer 2 LAGs VLANs Virtual Local Area Networks (VLANs) Used to separate broadcast domains in LANs VLAN transport between switches standardized as IEEE 802.1q after proprietary standards from Cisco, 3COM 12 bit VLAN Identifier only 4096 possible VLANs, ~100 reserved for internal switch functions 1 2 3 4 5 6 Destination MAC 1 2 3 4 5 6 Source MAC 1 2 3 4 802.1Q Header TPID=0x8100 PCP/DEI/VID 1 . . . n Payload 1 2 EtherType/ Size 1 2 3 4 CRC / FCS 1 2 3 4 5 6 Inter Frame Gap 7 8 9 10 11 12 1 2 3 4 5 6 Destination MAC 1 2 3 4 5 6 Source MAC 1 . . . n Payload 1 2 EtherType/ Size 1 2 3 4 CRC / FCS 1 2 3 4 5 6 Inter Frame Gap 7 8 9 10 11 12 n = 42–1500 n = 46–1500 1 2 3 4 5 6 Preamble 7 8 SFD 1 2 3 4 5 6 Preamble 7 8 SFD 12 / 36
  • 13. Who's who Layer 2 LAGs VLANs QinQ - 802.1ad Double Tag Of course we can put VLANs into VLANs 1 2 3 4 5 6 Destination MAC 1 2 3 4 5 6 Source MAC 1 2 3 4 802.1Q Header TPID=0x 8100 PCP/DEI/VID 1 . . . n Payload 1 2 EtherType/ Size 1 2 3 4 CRC / FCS 1 2 3 4 5 6 Inter Frame Gap 7 8 9 10 11 12 1 2 3 4 5 6 Destination MAC 1 2 3 4 5 6 Source MAC 1 . . . n Payload 1 2 EtherType/ Size 1 2 3 4 CRC / FCS 1 2 3 4 5 6 Inter Frame Gap 7 8 9 10 11 12 n = 42–1500 n = 46–1500 1 2 3 4 5 6 Preamble 7 8 SFD 1 2 3 4 5 6 Preamble 7 8 SFD 1 2 3 4 5 6 Destination MAC 1 2 3 4 5 6 Source MAC 1 2 3 4 802.1Q Header TPID=0x 88A8 PCP/DEI/VID 1 . . . n Payload 1 2 EtherType/ Size 1 2 3 4 CRC / FCS 1 2 3 4 5 6 Inter Frame Gap 7 8 9 10 11 12 n = 38–1500 1 2 3 4 5 6 Preamble 7 8 SFD 1 2 3 4 802.1Q Header TPID=0x 8100 PCP/DEI/VID 13 / 36
  • 15. Who's who Layer 2 LAGs VLANs Bridges Bridges The switch(es) within your Linux box Usage: ... bridge [ forward_delay FORWARD_DELAY ] [ hello_time HELLO_TIME ] [ max_age MAX_AGE ] [ ageing_time AGEING_TIME ] [ stp_state STP_STATE ] [ vlan_filtering VLAN_FILTERING ] [ vlan_default_pvid VLAN_DEFAULT_PVID ] [ mcast_snooping MULTICAST_SNOOPING ] [...] [ nf_call_iptables NF_CALL_IPTABLES ] [ nf_call_ip6tables NF_CALL_IP6TABLES ] [ nf_call_arptables NF_CALL_ARPTABLES ] ip link add br0 type bridge ip link set br0 up ip link set eth0 master br0 15 / 36
  • 16. Who's who Layer 2 LAGs VLANs Bridges VLANs and Bridges Two options, both suck External trunk as bridge member External interface is part of the bridge All VLANs transported within the bridge All VLANs forwarded on any port External trunk with many bridges One interface per VLAN on trunk (e.g. bond0.2342) One bridge per VLAN (e.g. br2342) 16 / 36
  • 17. Who's who Layer 2 LAGs VLANs Bridges VXLAN and Bridges One bridge per VNI Possibly multiple physical or virtual NICs within bridge, too VLAN interfaces VM interfaces (e.g. on KVM host) 17 / 36
  • 18. Who's who Layer 2 LAGs VLANs Bridges Vlan-aware Bridges VLANs and bridges have been a challenge That ain't true no more Now it's a “regular switch” Configured with bridge utility from iproute Real World Use Case: Simple KVM/Qemu hook for VLAN assignment https://github.com/FreifunkHochstift/ffho-salt-public/blob/master/kvm/qemu-hook 18 / 36
  • 19. Who's who Layer 2 LAGs VLANs Bridges Vlan-aware Bridges Port VLAN management bridge vlan { add | del } vid VLAN_ID dev DEV [ pvid ] [ untagged ] [ self ] [ master ] bridge vlan show [ dev DEV ] [ vid VLAN_ID ] Forwarding database bridge fdb [...] 19 / 36
  • 20. Who's who Layer 2 LAGs VLANs Bridges Vlan-aware Bridges with ifupdown2 iface br0 bridge-ports bond0 bridge-vlan-aware yes bridge-vids 1013 4002 iface bond0 bridge-vids 100 101 200 201 1013 2000 [..] iface cr02_eth1 bridge-vids 1013 2000 2004 2006 3002 iface br0.1013 address 10.132.252.22/28 20 / 36
  • 21. Who's who Layer 2 LAGs VLANs Bridges Vlan-aware Bridges and VXLAN Extending 24 bit to 36 bit 21 / 36
  • 22. Who's who Layer 2 Layer 3 Layer 3 / Routing tables 22 / 36
  • 23. Who's who Layer 2 Layer 3 Routing tables Every Linux box has a number of routing tables $ ip route help Usage: ip route { list | flush } SELECTOR ... SELECTOR := ... [ table TABLE_ID ] ... TABLE_ID := [ local | main | default | all | NUMBER ] By default routing table main is used So ip route show and ip route show table main show the same thing 23 / 36
  • 24. Who's who Layer 2 Layer 3 Routing tables Table local Contains all routes to Locally connected IPs Broadcast addresses Table main Contains "usual" routes Locally connected subnets Routes to remote subnets Table default Usually empty 24 / 36
  • 25. Who's who Layer 2 Layer 3 PBR Policy based routing Available since Linux 2.2 (1999) Defaut routing policy on every Linux box: $ ip rule 0: from all lookup local 32766: from all lookup main 32767: from all lookup default Drawbacks No mechanism for persitancy available Beware to close every loophole Rule for IPv4 Rule for IPv6 Rule for incoming interface 25 / 36
  • 26. Who's who Layer 2 Layer 3 PBR VRFs Virtual Routing and Forwarding (VRFs) Independent routing instances L3-VPNs Usually in combination with MPLS Layer 3 separation VRF interface is master for “real” interfaces Defines routing table for VRF Since Kernel 4.[345] (use >= 4.9) 26 / 36
  • 27. Who's who Layer 2 Layer 3 PBR VRFs Virtual Routing and Forwarding (VRFs) By foot ip link add vrf_external type vrf table 1023 ip link set eth0 master vrf_external ifupdown2 auto eth0 iface eth0 address 2002:db8:23:42::2/64 gateway 2001:db8:23:42::1/64 vrf vrf_external auto vrf_external iface vrf_external vrf-table 1023 Device routes move from table main and local to table 1023 27 / 36
  • 28. Who's who Layer 2 Layer 3 PBR VRFs Connecting VRFs Requires vEth pair Like a virtual network cable within the box A end in main VRF, Z end in VRF “foo” Usual routing Static Bird talking BGP to itself 28 / 36
  • 29. Who's who Layer 2 Layer 3 PBR VRFs Connecting VRFs By foot ip link add VETH_END1 type veth peer name VETH_END2 ifupdown2* iface veth_ext2int link-type veth veth-peer-name veth_int2ext vrf vrf_external iface veth_int2ext link-type veth veth-peer-name veth_ext2int * veth-peer-name not merged upstream yet (PR25) 29 / 36
  • 30. Who's who Layer 2 Layer 3 PBR VRFs Real World Applications for VRFs External interface in VRF External interface is part of vrf_external GRE / OpenVPN tunnel sent / receive encapsulated packets over VRF Local tunnel endpoint is in main VRF Helpful sysctl /proc/sys/net/ipv4/tcp_l3mdev_accept l3mdev == Layer3 Master Device VRF info is added to socket Replies send out in VRF where request originated 30 / 36
  • 31. Who's who Layer 2 Layer 3 PBR VRFs Real World Applications - Tunnels / GRE Outer and/or inner side of tunnel can be part of a VRF Send ip link add DEVICE type gre remote ADDR local ADDR dev PHYS_DEV If PHYS_DEV is within a VRF, all encapsulated packets are send/received in VRF That's how your internet access is built right now :) Pushing the inner side of a tunnel into a VRF is equally simple: ip link set DEVICE master VRF 31 / 36
  • 32. Who's who Layer 2 Layer 3 PBR VRFs Real World Applications - Tunnel / OpenVPN Pushing the inner side of an OpenVPN tunnel into a VRF is a simple as before. Sending/receiving encapsulated packets into/from a VRF is more complicated But there's a patch since October 2016 https://github.com/OpenVPN/openvpn/pull/65 Used to glue remote POPs from Freifunk Hochstift together openvpn --config your_config.cfg --bind-dev VRF Now go and motivate Gert - Hi Gert! - to merge it, so we all can us it :) 32 / 36
  • 33. Who's who Layer 2 Layer 3 PBR VRFs NetNS Network Namespaces (NetNS) Layer 1 separation Since Kernel 2.6.29 Own set of routing tables VRFs and PBR available within NetNS Own set of netfilter rules A process can be run in a special NetNS Two NetNS can be connected by vETH, too. 33 / 36
  • 34. Who's who Layer 2 Layer 3 Takeaways Key takeaways Linux networking has evolved A LOT Linux today is a first class citizen wrt networking Vlan-aware bridges are great for virtualization hosts VRFs can help separte layer 3 domains nicely Tunneling technologies integrate accordingly 34 / 36
  • 35. Who's who Layer 2 Layer 3 Takeaways Links Further Reading Contemporary Linux Networking - DENOG9 (2017) https://www.slideshare.net/BarbarossaTM/contemporary-linux-networking VRFs https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/ networking/vrf.txt https://cumulusnetworks.com/blog/vrf-for-linux/ https://de.slideshare.net/CumulusNetworks/operationalizing-vrf-in-the-data-center 35 / 36
  • 36. Who's who Layer 2 Layer 3 Takeaways Links Questions Question? 36 / 36