SysAdmin2022/index.html

<!doctype html>
<html>
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
    
    <title>SysAdmin2022</title>
    
    <link rel="stylesheet" href="dist/reset.css">
    <link rel="stylesheet" href="dist/reveal.css">
    <link rel="stylesheet" href="dist/theme/solarized.css">

    <style type="text/css">
      /* Copyright notice */
      #copyright {
	  position: absolute;
	  bottom: 0%;
	  left: 0%;
	  text-size: tiny;
      }
      .reveal .footer {
	  position: absolute;
	  bottom: 1em;
	  left: 1em;
	  font-size: 0.5em;
      }
    </style>
		  
    <!-- Theme used for syntax highlighted code -->
    <link rel="stylesheet" href="plugin/highlight/monokai.css">
  </head>
  <body>
    <div class="reveal">
      <div class="slides">
	<section>
	  <h2>Learning about slightly more advanced networking with linux</h2>
	  <p><b>Paul Warren</b></p>
	  <p>Mastodon: @pwarren@mastodon.thewarrens.name </p>
	  <p>email: paul at thewarrens.name </p>
	  <p>&copy; 2021 Paul Warren</p>
	  <p>CC BY-NC-SA<p>
	</section>

	<section><h2 style="color:red">! WARNING !</h2>
	  <p>I am not a network engineer, there are gaps in my knowledge</p>
	  <p>The words I use might not be the correct ones</p>
	  <p>Please don't blame me if your network stops networking</p>
	  <p class="fragment">Maybe don't go and try building an ISP based off this talk :)</p>
	</section>

	<section><h2>What even is a network?</h2>
	  <p class="fragment fade-in-then-out">Ethernet?</p>
	  <p class="fragment fade-in-then-out">Token Ring?</p>
	  <p class="fragment fade-in-then-out">IPX?</p>
	  <p class="fragment fade-in-then-out">AX.25?</p>
	</section>
	<section><h2>What even is a network?</h2>
	  <p class="fragment fade-in-then-out">ipv4?</p>
	  <p class="fragment fade-in-then-out">ipv6?</p>
	  <p class="fragment fade-in-then-out">tcp?</p>
	  <p class="fragment">Allows connections between computers</p>
	  <aside class="notes">
	    <p>We are going to mostly focus on Ethernet and IPv6</p>
	</section>
	
	<section><h2>Managed networks</h2>
	  <p class="fragment"><b>Controls</b> connections between computers</p>
	  <p class="fragment"><b>Scales</b> connections between computers</p>
	  <p class="fragment"><img src="3tier.png" /><p>
	    <aside class="notes">
	      <p>Most of us probably work in a managed network</p>
	      <p>Most of us probably have a pretty flat edge network at home</p>
	      <p>Diagram is nice, but hides complexities at each layer.<p>
	    </aside>
	</section>
	<section><h2>Layers!</h2>
	  <p class="fragment">Like an onion!</p>
	  <p class="fragment">That 7 layer thing from the OSI</p>
	  <p class="fragment">Ethernet -> IP -> ICMP/TCP/UDP</p>
	  <p class="fragment">Administrative overlays</p>
	  <p class="fragment">VPNs and Tunnels</p>
	  <aside class="notes">
	    <p>or a parfait</p>
	    <p>which you can mostly ignore, as what we generally use doesn't conform to it. But it does provide a good framework for assisting understanding</p>
	    <p>Like firewalls, web-proxies/SSL MITM, But also access rights etc</p>
	  </aside>
	</section>
	
	<section><h2>Layers</h2>
	  <p>This means the Physical layers do not have to match the Logical connections</p>
	  <p class="fragment">Networks are also a bit fractal in nature</p>
	  <p class="fragment">For the purposes of this talk, we can ignore a lot of complexity</p>
	</section>

	<section><h2>An easy one!</h2>
	  <p>VLANS</p>
	  <p class="fragment">Ethernet layer</p>
	  <p class="fragment">Designed to limit broadcast storms</p>
	  <p class="fragment">Can also separate IP networks on the same Ethernet</p>
	  <p class="fragment">Tagged and Untagged/Default</p>
	  <p class="fragment">IEEE 802.1Q</p>
	  <aside class="notes">
	    <p>beware of strange implementations, windows seems to take Router Advertisements from all vlans, regardless of tag</p>
	  </aside>
	</section>
	
	<section><h2>VLANs in linux</h2>
	  <p>Are pretty easy!</p>
	  <pre class="fragment"><code data-trim data-noescape>
	    ip link add link enp0s2 name enp0s2.2501 vlan id 2501
	    ip -6 addr add 2001:db8:2501::10/64 dev enp0s2.2501
	    ip link set dev enp0s2.2501 up
	    </code>
	  </pre>
	</section>

	<section><h2>VLANs in linux</h2>
	  <p>Various different methods of making it go in different distributions</p>
	  <p class="fragment">Debian: in /etc/network/interfaces</p>
	  <pre class="fragment">
	    <code>auto enp1s0.2502
iface enp1s0.2502 inet dhcp
iface enp1s0.2502 inet6 auto</code>
	  </pre>
	  <p class="fragment">OpenWRT has a nice GUI</p>

	  <aside class="notes">
	    <p>OpenWRT: can also use the hardware present on most hardware routers to assign vlans to specific ports</p>
	</section>
	
	<section><h2>What even is a router?</h2>
	  <p class="fragment">Two or more interfaces</p>
	  <p class="fragment">Some logic to determine where a packet goes</p>
	  <aside class="notes">
	    <p>Not necessarily physical</p>
	    <p>Sounds simple right?</p>
	  </aside>
	</section>
	
	<section><h2>Linux Routing</h2>
	  <p>Add to sysctl config:</p>
	  <pre class="fragment"><code data-trim data-noescape>
	      net.ipv4.ip_forward = 1
	      net.ipv6.conf.all.forwarding = 1
	      net.ipv6.conf.default.forwarding = 1
	    </code>
	  </pre>
	  <p class="fragment">And we're done!</p>
	  <p class="fragment">Yeah, not really :)</p>
	</section>
	
	<section><h2>Static Routes</h2>
	  <p>Manually added, or scripted routes that don't change</p>
	  <pre><code data-trim data-noescape>
	      ip route add 172.17.0.0/24 via 172.16.0.254 dev wg0
	    </code>
	  </pre>
	</section>
	
	<section><h2>Static Routes</h2>
	  <pre width="110%"><code width="110%">ip -6 route add 2001:db8:2501::/64 via 2001:db8:2500::1 dev enp0s1
ip -6 route add 2001:db8:2502::/64 via 2001:db8:2500::1 dev enp0s1
ip -6 route add 2001:db8:2600:beef:/64 via 2001:db8:face::1 dev wg0</code>
	  </pre>
	  <aside class="notes">
	    <p>As you can imagine this quickly becomes unwieldy with expanding networks</p>
	  </aside>
	</section>

	<section><h2>Static Routes</h2>
	  <img src="Diagrams/MyVLansExt.png"></img>
	</section>

	<section><h2>Enter dynamic routes</h2>
	  <p class="fragment">Advertise your LANs</p>
	  <p class="fragment">Discovering routes to other LANs</p>
	  <p class="fragment">Optional: Do some logic</p>
	  <p class="fragment">Add them to the routing table</p>
	  <p class="fragment">Userspace daemons</p>
	  <p class="fragment">talking to the kernel networking stack</p>
	</section>				   

	<section><h2>Dynamic Routing</h2>
	  <p>Open Shortest Path First (OSPF)</p>
	  <p>Uses Dijkstra's algorithm</p>
	  <p class="fragment">RFC2328</p>
	  <p class="fragment">RFC5340</p>
	  <p class="fragment">For: Dynamic routes inside your networks</p>
	</section>
	
	<section><h2>Dynamic Routing</h2>
	  <p>Border Gateway Protocol (BGP)</p>
	  <p class="fragment">RF4271</p>
	  <p class="fragment">For: Sharing dynamic routes outside your network with other Autonomous Sytstems (AS)</p>
	  <notes class="aside">
	    <p>"AS" is used a lot in the ISP world, and your ISP will have an assigned AS Number</p>
	  </notes>
	</section>

	<section><h2>The Userspace Daemons</h2>
	  <p>BIRD: Berkeley Internet Routing Daemon</p>
	  <p>Quagga: Fork of Zebra</p>
	  <p>OpenBGPd/OpenOSPFd: from the OpenBSD project</p>
	  <p class="fragment">Significant overlap, but they are different</p>
	  <p class="fragment">I've not used Quagga, or the OpenBSD ones</p>
	  <p class="fragment">There are probably others!</p>
	</section>
	
	<section><h2>intro to bird</h2>
	  <p>Powerful</p>
	  <p class="fragment">Complex to configure</p>
	  <p class="fragment">Use version control</p>
	  <aside class="notes">
	    <p>Not quite turing complete</p>
	    <p> git on /etc/bird or wherever your distor stores it.</p>
	  </aside>  
	</section>
	
	<section><h2>Intro to bird configuration</h2>
	  <p>/etc/bird.conf</p>
	  <p>Each router needs a unique ID</p>
	  <p>

	  <aside class="notes">
	    <p>Set BIRD's router ID. It's a world-wide unique identification of your router, usually one of router's IPv4 addresses. Default: the lowest IPv4 address of a non-loopback interface. <p>
	      
	</section>

	<section><h2>Intro to bird configuration</h2>
	  <p>KNorries diagram here</p>
	</section>

	
	<section>more detail on bird</section>

	<section>A Simple Network</section>
	
	<section>Multi Host IPs (Authoritative DNS example like in the facebook thing)</section>

	<section>Why use a 'real' router</section>

	<section><h2>¿Por qué no los dos?</h2>
	  <p>OpenWRT is a linux based distribution for real networking hardware</p>
	  <aside class="note">
	    <p>Consumer grade mostly, but some enterprise level routers are supported</p>
	</section>
	

	<section><h2>Bonus homework</h2>
	  <p>Why did I use 2001::db8::/32?</p>
	  <p>Why did I use /64s?</p>
	  <p>I highly recommend going through KNorrie's network examples: <a href="https://github.com/knorrie/network-examples">https://github.com/knorrie/network-examples</a></p>
	  <p>OSPF Areas</p>
	  <p>Automatic transfers of internal aggregates to BGP (Something I've not investigated much)</p>
	</section>
	
	<section><h2>Resources</h2>
	  <p>These slides: <a href="https://gitea.pwarren.id.au/pwarren/SysAdmin2022">https://gitea.pwarren.id.au/pwarren/SysAdmin2022</a></p>
	  <p>bird: <a href="https://bird.network.cz/">https://bird.network.cz</a></p>
	  <p>Openwrt: <a href="https://openwrt.org">https://openwrt.org/</a></p>
	  <p>The OpenWRT IRC channel, currently on the OFTC network</p>
	  <p>BenEater's <a href="https://www.youtube.com/watch?v=-wMU8vmfaYo">"Why was facebook down for five hours" </a></p>
	  <p>802.1Q: <a href="https://www.ieee802.org/1/pages/802.1Q-2014.html" /></p>
	</section>


	<section><h2>Unused Bits</h2></section>
	<section><h2>What I'm assuming we're familiar with</h2>
	  <p>Diagram showing standard leaf node of a network with a bit cloud containg "The rest of the org"</p>
	</section>

	<section><h2>What we're familiar with</h2>
	  <p>Diagram showing added storage and server network<p>
	</section>

	<section><h2>How things evolve</h2>
	  <p>Uh Oh, we've got a new Datacentre</p>
	</section>

	<section><h2>How things evolve</h2>
	  <p>which has its own lot of storage and servers</p>
	</section>

	<section><h2>How things evolve</h2>
	  <p>And now people want to work in Tasmania!</p>
	</section>


      </div>
    </div>
    
    <script src="dist/reveal.js"></script>
    <script src="plugin/notes/notes.js"></script>
    <script src="plugin/markdown/markdown.js"></script>
    <script src="plugin/highlight/highlight.js"></script>
    <script>
      // More info about initialization & config:
      // - https://revealjs.com/initialization/
      // - https://revealjs.com/config/
      Reveal.initialize({
	  hash: true,
	  
	  // Learn about plugins: https://revealjs.com/plugins/
	  plugins: [ RevealMarkdown, RevealHighlight, RevealNotes ]
      });
    </script>
  </body>
</html>