SlideShare a Scribd company logo
Contemporary network con guration for Linux
ifupdown-ng
Aaron A. Glenn, Maximilian Wilhelm
1 / 18
Agenda
1. Who's who
2. Why something new?
3. What we built
2 / 18
Who's who Aaron A. Glenn
Network Janitor & Internetworking Curmudgeon
Ask me about Re-programmable Networks
Managing Director, Predicted Paths BV & Network Service Associates
Contact
@networkservice / @aag@bsd.network
aag@bgp.beer
3 / 18
Who's who Maximilian Wilhelm
Senior Landscape Architect
OpenSource Hacker
Fanboy of
(Debian) Linux
IPv6
Occupation:
By day: Senior Infrastructure Architect, Uni Paderborn
By night: Infrastructure Archmage, Freifunk Hochstift
In between: Freelance Solution Architect for hire
Member of technical advisory board - Network Services Association
Contact
@BarbarossaTM
max@sdn.clinic
4 / 18
Who's who
Why?
Field Experience Leads to Strong Opinions
NSP customer has uncommon financial and logistical constraints
3300 site opportunity
Initial 45 sites are intentionally in "most difficult" (network) environment
Two vendors and six months have not led to any definition of success
Given:
MIPS64 devices
Ancient Linux kernel
Need:
Linux 5.4+
handle complex configuration scenarios
avoid dependency on Python/golang/Rust/etc.
5 / 18
Who's who
Why?
Strong Opinions Lead to New Code
New Opportunities
Alpine Linux project looking to modernize network configuration
'Complex' configurations are quite common!
Q: "where else might this be useful?"
New Thoughts
Disaggregated networking = Linux
"what if..."
6 / 18
Who's who
Why?
Network Services Linux
Linux distribution for networking devices
Based on Alpine Linux
MUSL, no glibc
Flexible contemporary network configuration required
Came with ifupdown1
Not state of the art
7 / 18
Who's who
Why?
Status quo - what's out there
iproute2
ifupdown
ifupdown1
ifupdown2
netplan
NetworkManager
systemd-networkd
RedHat universe
etc.
8 / 18
Who's who
Why?
Status quo - ifupdown universe
Two mostly compatible suites
ifupdown1
Used in Debian (plus derivates) for decades
Used in Alpine for years (as part of busybox)
Written in C
Monolithic
Can be extended through /etc/network/if-X.d
ifupdown2
Used in Cumulus Linux
Available for Debian (plus derivates)
Written in Python
Modular, easy to extend
9 / 18
Who's who
Why?
What we wanted
Compatible with ifupdown1/2
Support for contemporary features
Easy to extend
Small footprint
10 / 18
Who's who
Why?
What we built
11 / 18
Who's who
Why?
ifupdown-ng
Vision
Intended as a drop-in replacement for ifupdown1 and ifupdown2 installations
Today:
Alpine and Debian primary supported environments
Feature parity with ifupdown1
Dependency resolution
Extensible through executors
Meaningful documentation
Included in Alpine 3.13 and NSL 1
Planned:
Support for other Linux distributions and *BSD
Checking and reloading network configuration
Native executors using netlink
12 / 18
Who's who
Why?
ifupdown-ng
Architecture
Core:
Written in C
Config parser
Compatibility layer
Dependency resolution
Executors:
Written in whatever you like (up to now: shell)
create, set up, tear down links, tunnels, ...
configure IPs
13 / 18
Who's who
Why?
ifupdown-ng
Features
As of today:
static addresses (incl. pointopoint)
B.A.T.M.A.N. adv.
bonding / LAGs
(vlan-aware) bridges
DHCP
ethtool
dummy
PPP
tunnels (GRE, GRETAP, IP*, ...)
vEth
VRFs
VXLAN
Wireguard
14 / 18
Who's who
Why?
ifupdown-ng
Outlook
Features:
Checking running config against configuration on disk
Reloading network configuration (with minimum impact)
Phase-wise execution
Native executors (C, netlink)
Support for static routes + PBR rules on interfaces
Support:
Automated integration tests
Become a native Debian package
15 / 18
Who's who
Why?
ifupdown-ng
Visions
Managing WIFI interfaces
iface wlan0
wpa-ssid TwistedAir
wpa-psk muchsecure
ifmond daemon
Listens to netlink events
Network device added/removed
Cable plugged in or unplugged
Reacts to netlink events by (de)configuring interfaces as appropriate
Like udev, but for networking
-> Event-driven network management without blocking init
16 / 18
Who's who
Why?
ifupdown-ng
Links
Code: https://github.com/ifupdown-ng/ifupdown-ng/
Discussion: #ifupdown-ng at irc.as7007.net
17 / 18
Who's who
Why?
ifupdown-ng
Questions Questions?
18 / 18

More Related Content

What's hot

Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Maximilan Wilhelm
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Maximilan Wilhelm
 
Netzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IPNetzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IP
Maximilan Wilhelm
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Maximilan Wilhelm
 
6.Routing
6.Routing6.Routing
6.Routing
phanleson
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux Networking
Maximilan Wilhelm
 
Morphology of Modern Data Center Networks - YaC 2013
Morphology of Modern Data Center Networks - YaC 2013Morphology of Modern Data Center Networks - YaC 2013
Morphology of Modern Data Center Networks - YaC 2013
Cumulus Networks
 
Building your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and pythonBuilding your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and python
Maximilan Wilhelm
 
Operationalizing VRF in the Data Center
Operationalizing VRF in the Data CenterOperationalizing VRF in the Data Center
Operationalizing VRF in the Data Center
Cumulus Networks
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Jide Akintola JNCIE-M&T/SP #496 CCIE-SP#28552
 
Linux Native, HTTP Aware Network Security
Linux Native, HTTP Aware Network SecurityLinux Native, HTTP Aware Network Security
Linux Native, HTTP Aware Network Security
Thomas Graf
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPF
Thomas Graf
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF  & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF  & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
Thomas Graf
 
VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)
Netwax Lab
 
CCNA DUMPS 640-802
CCNA DUMPS 640-802CCNA DUMPS 640-802
CCNA DUMPS 640-802
rahul kumar verma
 
LF_DPDK_Mellanox bifurcated driver model
LF_DPDK_Mellanox bifurcated driver modelLF_DPDK_Mellanox bifurcated driver model
LF_DPDK_Mellanox bifurcated driver model
LF_DPDK
 
6 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 200802066 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 20080206
pauldeng
 
Linux Kernel Status Report for IEEE 802.15.4 & 6LoWPAN
Linux Kernel Status Report for IEEE 802.15.4 & 6LoWPANLinux Kernel Status Report for IEEE 802.15.4 & 6LoWPAN
Linux Kernel Status Report for IEEE 802.15.4 & 6LoWPAN
Samsung Open Source Group
 
6LoWPAN: An open IoT Networking Protocol
6LoWPAN: An open IoT Networking Protocol6LoWPAN: An open IoT Networking Protocol
6LoWPAN: An open IoT Networking Protocol
Samsung Open Source Group
 
VXLAN Distributed Service Node
VXLAN Distributed Service NodeVXLAN Distributed Service Node
VXLAN Distributed Service Node
David Lapsley
 

What's hot (20)

Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
Fun with PRB, VRFs and NetNS on Linux - What is it, how does it work, what ca...
 
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGPDynamische Routingprotokolle Aufzucht und Pflege - BGP
Dynamische Routingprotokolle Aufzucht und Pflege - BGP
 
Netzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IPNetzwerkgrundlagen - Von Ethernet bis IP
Netzwerkgrundlagen - Von Ethernet bis IP
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
 
6.Routing
6.Routing6.Routing
6.Routing
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux Networking
 
Morphology of Modern Data Center Networks - YaC 2013
Morphology of Modern Data Center Networks - YaC 2013Morphology of Modern Data Center Networks - YaC 2013
Morphology of Modern Data Center Networks - YaC 2013
 
Building your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and pythonBuilding your own sdn with debian linux salt stack and python
Building your own sdn with debian linux salt stack and python
 
Operationalizing VRF in the Data Center
Operationalizing VRF in the Data CenterOperationalizing VRF in the Data Center
Operationalizing VRF in the Data Center
 
Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_Xpress path vxlan_bgp_evpn_appricot2019-v2_
Xpress path vxlan_bgp_evpn_appricot2019-v2_
 
Linux Native, HTTP Aware Network Security
Linux Native, HTTP Aware Network SecurityLinux Native, HTTP Aware Network Security
Linux Native, HTTP Aware Network Security
 
Cilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPFCilium - API-aware Networking and Security for Containers based on BPF
Cilium - API-aware Networking and Security for Containers based on BPF
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF  & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF  & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
 
VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)VRF (virtual routing and forwarding)
VRF (virtual routing and forwarding)
 
CCNA DUMPS 640-802
CCNA DUMPS 640-802CCNA DUMPS 640-802
CCNA DUMPS 640-802
 
LF_DPDK_Mellanox bifurcated driver model
LF_DPDK_Mellanox bifurcated driver modelLF_DPDK_Mellanox bifurcated driver model
LF_DPDK_Mellanox bifurcated driver model
 
6 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 200802066 Lo Wpan Tutorial 20080206
6 Lo Wpan Tutorial 20080206
 
Linux Kernel Status Report for IEEE 802.15.4 & 6LoWPAN
Linux Kernel Status Report for IEEE 802.15.4 & 6LoWPANLinux Kernel Status Report for IEEE 802.15.4 & 6LoWPAN
Linux Kernel Status Report for IEEE 802.15.4 & 6LoWPAN
 
6LoWPAN: An open IoT Networking Protocol
6LoWPAN: An open IoT Networking Protocol6LoWPAN: An open IoT Networking Protocol
6LoWPAN: An open IoT Networking Protocol
 
VXLAN Distributed Service Node
VXLAN Distributed Service NodeVXLAN Distributed Service Node
VXLAN Distributed Service Node
 

Similar to Contemporary network configuration for linux - ifupdown-ng

Modern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinModern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - Berlin
Djalal Harouni
 
Rancher master class globalized edge workloads with k3s
Rancher master class   globalized edge workloads with k3sRancher master class   globalized edge workloads with k3s
Rancher master class globalized edge workloads with k3s
Joseph Marhee
 
Linux rumpkernel - ABC2018 (AsiaBSDCon 2018)
Linux rumpkernel - ABC2018 (AsiaBSDCon 2018)Linux rumpkernel - ABC2018 (AsiaBSDCon 2018)
Linux rumpkernel - ABC2018 (AsiaBSDCon 2018)
Hajime Tazaki
 
Pexip architecture
Pexip architecturePexip architecture
Pexip architecture
Matthieu LIENART
 
Spark China Summit 2015 Guancheng Chen
Spark China Summit 2015 Guancheng ChenSpark China Summit 2015 Guancheng Chen
Spark China Summit 2015 Guancheng Chen
Guancheng (G.C.) Chen
 
Colt VCPE and NFV at L123 SDN WC 2015
Colt VCPE and NFV at L123 SDN WC 2015Colt VCPE and NFV at L123 SDN WC 2015
Colt VCPE and NFV at L123 SDN WC 2015
Colt Technology Services
 
Snabb, a toolkit for building user-space network functions (ES.NOG 20)
Snabb, a toolkit for building user-space network functions (ES.NOG 20)Snabb, a toolkit for building user-space network functions (ES.NOG 20)
Snabb, a toolkit for building user-space network functions (ES.NOG 20)
Igalia
 
HOW Series: Knights Landing
HOW Series: Knights LandingHOW Series: Knights Landing
HOW Series: Knights Landing
Andrey Vladimirov
 
Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure
Brad Eckert
 
Heavy duty Abaqus structural analysis using HPC in the cloud
Heavy duty Abaqus structural analysis using HPC in the cloudHeavy duty Abaqus structural analysis using HPC in the cloud
Heavy duty Abaqus structural analysis using HPC in the cloud
hpcexperiment
 
OpenStack Tokyo 2015: Connecting the Dots with Neutron
OpenStack Tokyo 2015: Connecting the Dots with NeutronOpenStack Tokyo 2015: Connecting the Dots with Neutron
OpenStack Tokyo 2015: Connecting the Dots with Neutron
Phil Estes
 
Data Center Network in a Bundle
Data Center Network in a BundleData Center Network in a Bundle
Data Center Network in a Bundle
Dhiman Chowdhury
 
Docker cloud hybridation & orchestration
Docker cloud hybridation & orchestrationDocker cloud hybridation & orchestration
Docker cloud hybridation & orchestration
Adrien Blind
 
V.S.VamsiKrishna
V.S.VamsiKrishnaV.S.VamsiKrishna
V.S.VamsiKrishna
vamsisvk
 
AS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and LinuxAS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and Linux
Maximilan Wilhelm
 
Ansible for networks
Ansible for networksAnsible for networks
Ansible for networks
Scott van Kalken
 
Network services on Kubernetes on premise
Network services on Kubernetes on premiseNetwork services on Kubernetes on premise
Network services on Kubernetes on premise
Hans Duedal
 
Open Source Investments in Mainframe Through the Next Generation - Showcasing...
Open Source Investments in Mainframe Through the Next Generation - Showcasing...Open Source Investments in Mainframe Through the Next Generation - Showcasing...
Open Source Investments in Mainframe Through the Next Generation - Showcasing...
Open Mainframe Project
 
guna_2015.DOC
guna_2015.DOCguna_2015.DOC
guna_2015.DOC
Gunasekaran Subramani
 
From data centers to fog computing: the evaporating cloud
From data centers to fog computing: the evaporating cloudFrom data centers to fog computing: the evaporating cloud
From data centers to fog computing: the evaporating cloud
FogGuru MSCA Project
 

Similar to Contemporary network configuration for linux - ifupdown-ng (20)

Modern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinModern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - Berlin
 
Rancher master class globalized edge workloads with k3s
Rancher master class   globalized edge workloads with k3sRancher master class   globalized edge workloads with k3s
Rancher master class globalized edge workloads with k3s
 
Linux rumpkernel - ABC2018 (AsiaBSDCon 2018)
Linux rumpkernel - ABC2018 (AsiaBSDCon 2018)Linux rumpkernel - ABC2018 (AsiaBSDCon 2018)
Linux rumpkernel - ABC2018 (AsiaBSDCon 2018)
 
Pexip architecture
Pexip architecturePexip architecture
Pexip architecture
 
Spark China Summit 2015 Guancheng Chen
Spark China Summit 2015 Guancheng ChenSpark China Summit 2015 Guancheng Chen
Spark China Summit 2015 Guancheng Chen
 
Colt VCPE and NFV at L123 SDN WC 2015
Colt VCPE and NFV at L123 SDN WC 2015Colt VCPE and NFV at L123 SDN WC 2015
Colt VCPE and NFV at L123 SDN WC 2015
 
Snabb, a toolkit for building user-space network functions (ES.NOG 20)
Snabb, a toolkit for building user-space network functions (ES.NOG 20)Snabb, a toolkit for building user-space network functions (ES.NOG 20)
Snabb, a toolkit for building user-space network functions (ES.NOG 20)
 
HOW Series: Knights Landing
HOW Series: Knights LandingHOW Series: Knights Landing
HOW Series: Knights Landing
 
Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure
 
Heavy duty Abaqus structural analysis using HPC in the cloud
Heavy duty Abaqus structural analysis using HPC in the cloudHeavy duty Abaqus structural analysis using HPC in the cloud
Heavy duty Abaqus structural analysis using HPC in the cloud
 
OpenStack Tokyo 2015: Connecting the Dots with Neutron
OpenStack Tokyo 2015: Connecting the Dots with NeutronOpenStack Tokyo 2015: Connecting the Dots with Neutron
OpenStack Tokyo 2015: Connecting the Dots with Neutron
 
Data Center Network in a Bundle
Data Center Network in a BundleData Center Network in a Bundle
Data Center Network in a Bundle
 
Docker cloud hybridation & orchestration
Docker cloud hybridation & orchestrationDocker cloud hybridation & orchestration
Docker cloud hybridation & orchestration
 
V.S.VamsiKrishna
V.S.VamsiKrishnaV.S.VamsiKrishna
V.S.VamsiKrishna
 
AS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and LinuxAS201701 - Building an Internet backbone with pure 1he servers and Linux
AS201701 - Building an Internet backbone with pure 1he servers and Linux
 
Ansible for networks
Ansible for networksAnsible for networks
Ansible for networks
 
Network services on Kubernetes on premise
Network services on Kubernetes on premiseNetwork services on Kubernetes on premise
Network services on Kubernetes on premise
 
Open Source Investments in Mainframe Through the Next Generation - Showcasing...
Open Source Investments in Mainframe Through the Next Generation - Showcasing...Open Source Investments in Mainframe Through the Next Generation - Showcasing...
Open Source Investments in Mainframe Through the Next Generation - Showcasing...
 
guna_2015.DOC
guna_2015.DOCguna_2015.DOC
guna_2015.DOC
 
From data centers to fog computing: the evaporating cloud
From data centers to fog computing: the evaporating cloudFrom data centers to fog computing: the evaporating cloud
From data centers to fog computing: the evaporating cloud
 

Recently uploaded

怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
rtunex8r
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
thezot
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
Donato Onofri
 
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
dtagbe
 
cyber crime.pptx..........................
cyber crime.pptx..........................cyber crime.pptx..........................
cyber crime.pptx..........................
GNAMBIKARAO
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
APNIC
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
3a0sd7z3
 
How to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdfHow to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdf
Infosec train
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
Tarandeep Singh
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
3a0sd7z3
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
APNIC
 

Recently uploaded (11)

怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
 
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
 
cyber crime.pptx..........................
cyber crime.pptx..........................cyber crime.pptx..........................
cyber crime.pptx..........................
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
 
How to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdfHow to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdf
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
 

Contemporary network configuration for linux - ifupdown-ng

  • 1. Contemporary network con guration for Linux ifupdown-ng Aaron A. Glenn, Maximilian Wilhelm 1 / 18
  • 2. Agenda 1. Who's who 2. Why something new? 3. What we built 2 / 18
  • 3. Who's who Aaron A. Glenn Network Janitor & Internetworking Curmudgeon Ask me about Re-programmable Networks Managing Director, Predicted Paths BV & Network Service Associates Contact @networkservice / @aag@bsd.network aag@bgp.beer 3 / 18
  • 4. Who's who Maximilian Wilhelm Senior Landscape Architect OpenSource Hacker Fanboy of (Debian) Linux IPv6 Occupation: By day: Senior Infrastructure Architect, Uni Paderborn By night: Infrastructure Archmage, Freifunk Hochstift In between: Freelance Solution Architect for hire Member of technical advisory board - Network Services Association Contact @BarbarossaTM max@sdn.clinic 4 / 18
  • 5. Who's who Why? Field Experience Leads to Strong Opinions NSP customer has uncommon financial and logistical constraints 3300 site opportunity Initial 45 sites are intentionally in "most difficult" (network) environment Two vendors and six months have not led to any definition of success Given: MIPS64 devices Ancient Linux kernel Need: Linux 5.4+ handle complex configuration scenarios avoid dependency on Python/golang/Rust/etc. 5 / 18
  • 6. Who's who Why? Strong Opinions Lead to New Code New Opportunities Alpine Linux project looking to modernize network configuration 'Complex' configurations are quite common! Q: "where else might this be useful?" New Thoughts Disaggregated networking = Linux "what if..." 6 / 18
  • 7. Who's who Why? Network Services Linux Linux distribution for networking devices Based on Alpine Linux MUSL, no glibc Flexible contemporary network configuration required Came with ifupdown1 Not state of the art 7 / 18
  • 8. Who's who Why? Status quo - what's out there iproute2 ifupdown ifupdown1 ifupdown2 netplan NetworkManager systemd-networkd RedHat universe etc. 8 / 18
  • 9. Who's who Why? Status quo - ifupdown universe Two mostly compatible suites ifupdown1 Used in Debian (plus derivates) for decades Used in Alpine for years (as part of busybox) Written in C Monolithic Can be extended through /etc/network/if-X.d ifupdown2 Used in Cumulus Linux Available for Debian (plus derivates) Written in Python Modular, easy to extend 9 / 18
  • 10. Who's who Why? What we wanted Compatible with ifupdown1/2 Support for contemporary features Easy to extend Small footprint 10 / 18
  • 11. Who's who Why? What we built 11 / 18
  • 12. Who's who Why? ifupdown-ng Vision Intended as a drop-in replacement for ifupdown1 and ifupdown2 installations Today: Alpine and Debian primary supported environments Feature parity with ifupdown1 Dependency resolution Extensible through executors Meaningful documentation Included in Alpine 3.13 and NSL 1 Planned: Support for other Linux distributions and *BSD Checking and reloading network configuration Native executors using netlink 12 / 18
  • 13. Who's who Why? ifupdown-ng Architecture Core: Written in C Config parser Compatibility layer Dependency resolution Executors: Written in whatever you like (up to now: shell) create, set up, tear down links, tunnels, ... configure IPs 13 / 18
  • 14. Who's who Why? ifupdown-ng Features As of today: static addresses (incl. pointopoint) B.A.T.M.A.N. adv. bonding / LAGs (vlan-aware) bridges DHCP ethtool dummy PPP tunnels (GRE, GRETAP, IP*, ...) vEth VRFs VXLAN Wireguard 14 / 18
  • 15. Who's who Why? ifupdown-ng Outlook Features: Checking running config against configuration on disk Reloading network configuration (with minimum impact) Phase-wise execution Native executors (C, netlink) Support for static routes + PBR rules on interfaces Support: Automated integration tests Become a native Debian package 15 / 18
  • 16. Who's who Why? ifupdown-ng Visions Managing WIFI interfaces iface wlan0 wpa-ssid TwistedAir wpa-psk muchsecure ifmond daemon Listens to netlink events Network device added/removed Cable plugged in or unplugged Reacts to netlink events by (de)configuring interfaces as appropriate Like udev, but for networking -> Event-driven network management without blocking init 16 / 18