2021-09-29 21:52:51 +10:00
|
|
|
<!doctype html>
|
|
|
|
<html>
|
2021-09-29 23:04:50 +10:00
|
|
|
<head>
|
|
|
|
<meta charset="utf-8">
|
|
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
|
|
|
|
|
|
|
|
<title>SysAdmin2022</title>
|
|
|
|
|
|
|
|
<link rel="stylesheet" href="dist/reset.css">
|
|
|
|
<link rel="stylesheet" href="dist/reveal.css">
|
|
|
|
<link rel="stylesheet" href="dist/theme/solarized.css">
|
2021-10-06 21:06:23 +11:00
|
|
|
|
|
|
|
<style type="text/css">
|
|
|
|
/* Copyright notice */
|
|
|
|
#copyright {
|
|
|
|
position: absolute;
|
|
|
|
bottom: 0%;
|
|
|
|
left: 0%;
|
|
|
|
text-size: tiny;
|
|
|
|
}
|
|
|
|
.reveal .footer {
|
|
|
|
position: absolute;
|
|
|
|
bottom: 1em;
|
|
|
|
left: 1em;
|
|
|
|
font-size: 0.5em;
|
|
|
|
}
|
|
|
|
</style>
|
|
|
|
|
2021-09-29 23:04:50 +10:00
|
|
|
<!-- Theme used for syntax highlighted code -->
|
|
|
|
<link rel="stylesheet" href="plugin/highlight/monokai.css">
|
|
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<div class="reveal">
|
|
|
|
<div class="slides">
|
|
|
|
<section>
|
|
|
|
<h2>Learning about slightly more advanced networking with linux</h2>
|
|
|
|
<p><b>Paul Warren</b></p>
|
|
|
|
<p>Mastodon: @pwarren@mastodon.thewarrens.name </p>
|
|
|
|
<p>email: paul at thewarrens.name </p>
|
2021-10-06 21:06:23 +11:00
|
|
|
<p>© 2021 Paul Warren</p>
|
|
|
|
<p>CC BY-NC-SA<p>
|
2021-09-29 23:04:50 +10:00
|
|
|
</section>
|
2021-09-30 22:04:57 +10:00
|
|
|
|
|
|
|
<section><h2 style="color:red">! WARNING !</h2>
|
2021-10-06 20:39:47 +11:00
|
|
|
<p>I am not a network engineer, there are gaps in my knowledge</p>
|
|
|
|
<p>The words I use might not be the correct ones</p>
|
2021-09-30 22:04:57 +10:00
|
|
|
<p>Please don't blame me if your network stops networking</p>
|
|
|
|
<p class="fragment">Maybe don't go and try building an ISP based off this talk :)</p>
|
|
|
|
</section>
|
|
|
|
|
2021-09-29 23:04:50 +10:00
|
|
|
<section><h2>What even is a network</h2>
|
|
|
|
<p class="fragment fade-in-then-out">Ethernet?</p>
|
|
|
|
<p class="fragment fade-in-then-out">Token Ring?</p>
|
|
|
|
<p class="fragment fade-in-then-out">IPX?</p>
|
|
|
|
<p class="fragment fade-in-then-out">AX.25?</p>
|
|
|
|
</section>
|
|
|
|
<section><h2>What even is a network</h2>
|
|
|
|
<p class="fragment fade-in-then-out">ipv4?</p>
|
|
|
|
<p class="fragment fade-in-then-out">ipv6?</p>
|
2021-09-30 22:04:57 +10:00
|
|
|
<p class="fragment fade-in-then-out">tcp?</p>
|
2021-09-29 23:04:50 +10:00
|
|
|
<p class="fragment">Allows connections between computers</p>
|
2021-11-15 20:48:40 +11:00
|
|
|
<aside class="notes">
|
|
|
|
<p>We are going to mostly focus on Ethernet and IPv6</p>
|
2021-09-29 23:04:50 +10:00
|
|
|
</section>
|
|
|
|
|
|
|
|
<section><h2>Managed network?</h2>
|
|
|
|
<p class="fragment"><b>Controls</b> connections between computers</p>
|
2021-10-06 20:39:47 +11:00
|
|
|
<p class="fragment"><b>Scales</b> connections between computers</p>
|
2021-09-29 23:04:50 +10:00
|
|
|
<p class="fragment"><img src="3tier.png" /><p>
|
|
|
|
<aside class="notes">
|
2021-10-06 20:39:47 +11:00
|
|
|
<p>Most of us probably work in a managed network</p>
|
2021-11-15 20:48:40 +11:00
|
|
|
<p>Most of us probably have a pretty flat edge network at home</p>
|
2021-10-06 20:39:47 +11:00
|
|
|
<p>Diagram is nice, but hides complexities at each layer.<p>
|
2021-09-29 23:04:50 +10:00
|
|
|
</aside>
|
|
|
|
</section>
|
2021-09-30 22:04:57 +10:00
|
|
|
<section><h2>Layers!</h2>
|
2021-10-06 20:39:47 +11:00
|
|
|
<p class="fragment">Like an onion!</p>
|
|
|
|
<p class="fragment">That 7 layer thing from the OSI</p>
|
|
|
|
<p class="fragment">Administrative overlays</p>
|
2021-10-16 19:37:58 +11:00
|
|
|
<p class="fragment">VPNs and Tunnels</p>
|
2021-10-06 20:39:47 +11:00
|
|
|
<aside class="notes">
|
|
|
|
<p>or a parfait</p>
|
|
|
|
<p>which you can mostly ignore, as what we have doesn't conform to it. But it does provide a good framework for assisting understanding</p>
|
2021-10-16 19:37:58 +11:00
|
|
|
<p>Like firewalls, web-proxies/SSL MITM, But also access rights etc</p>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section><h2>Layers!</h2>
|
2021-10-20 16:41:25 +11:00
|
|
|
<p>This means the Physical layers do not have to match the Logical connections</p>
|
2021-10-16 19:37:58 +11:00
|
|
|
<p class="fragment">Networks are also a bit fractal in nature</p>
|
|
|
|
<p class="fragment">For the purposes of this talk, we can ignore a lot of complexity</p>
|
|
|
|
</section>
|
|
|
|
|
2021-11-15 20:48:40 +11:00
|
|
|
<section><h2>An easy one</h2>
|
|
|
|
<p>VLANS</p>
|
|
|
|
<p class="fragment">Ethernet layer</p>
|
|
|
|
<p class="fragment">Designed to limit broadcast storms</p>
|
|
|
|
<p class="fragment">Can also separate IP networks on the same Ethernet</p>
|
|
|
|
<p class="fragment">Tagged and Untagged or Default</p>
|
|
|
|
<aside class="notes">
|
|
|
|
<p>beware of
|
|
|
|
</section>
|
|
|
|
<section><h2>VLANs in linux</h2>
|
|
|
|
<p>Are pretty easy!</p>
|
|
|
|
<pre class="fragment">code data-trim data-noescape>
|
|
|
|
ip link add link enp0s2 name enp0s2.2501 vlan id 2501
|
|
|
|
ip -6 addr add 2001:db8:2501::10/64 dev enp0s2.2501
|
|
|
|
ip link set dev enp0s2.2501 up
|
|
|
|
</pre>
|
|
|
|
|
2021-10-25 15:59:55 +11:00
|
|
|
<section><h2>What even is a router?</h2>
|
|
|
|
<p class="fragment">Two or more interfaces</p>
|
|
|
|
<p class="fragment">Some logic to determine where a packet goes</p>
|
|
|
|
<aside class="notes">
|
|
|
|
<p>Not necessarily physical</p>
|
|
|
|
<p>Sounds simple right?</p>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section><h2>Linux Routing</h2>
|
|
|
|
<pre class="fragment"><code data-trim data-noescape>
|
|
|
|
net.ipv4.ip_forward = 1
|
|
|
|
net.ipv6.conf.all.forwarding = 1
|
|
|
|
net.ipv6.conf.default.forwarding = 1
|
|
|
|
</code>
|
|
|
|
</pre>
|
|
|
|
<p class="fragment">And we're done!</p>
|
|
|
|
<p class="fragment">Yeah, not really :)</p>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section><h2>Static Routes!</h2>
|
|
|
|
<p>Manually added, or scripted routes that don't change</p>
|
|
|
|
<pre><code data-trim data-noescape>
|
|
|
|
ip route add 172.17.0.0/24 via 172.16.0.254 dev wg0
|
|
|
|
</code>
|
|
|
|
</pre>
|
|
|
|
</section>
|
|
|
|
|
2021-10-20 16:41:25 +11:00
|
|
|
<section><h2>What I'm assuming we're familiar with</h2>
|
2021-10-16 19:37:58 +11:00
|
|
|
<p>Diagram showing standard leaf node of a network with a bit cloud containg "The rest of the org"</p>
|
|
|
|
</section>
|
|
|
|
|
2021-10-25 15:59:55 +11:00
|
|
|
<section><h2>What we're familiar with</h2>
|
2021-10-16 19:37:58 +11:00
|
|
|
<p>Diagram showing added storage and server network<p>
|
|
|
|
</section>
|
|
|
|
|
2021-10-25 15:59:55 +11:00
|
|
|
<section><h2>How things evolve</h2>
|
2021-10-16 19:37:58 +11:00
|
|
|
<p>Uh Oh, we've got a new Datacentre</p>
|
|
|
|
</section>
|
|
|
|
|
2021-10-25 15:59:55 +11:00
|
|
|
<section><h2>How things evolve</h2>
|
2021-10-16 19:37:58 +11:00
|
|
|
<p>which has its own lot of storage and servers</p>
|
2021-09-30 22:04:57 +10:00
|
|
|
</section>
|
2021-10-20 16:41:25 +11:00
|
|
|
|
|
|
|
<section><h2>How things evolve</h2>
|
|
|
|
<p>And now people want to work in Tasmania!</p>
|
2021-10-25 15:51:42 +11:00
|
|
|
</section>
|
2021-10-25 16:11:13 +11:00
|
|
|
|
|
|
|
<section><h2>Dynamic Routing</h2>
|
|
|
|
<p>Open Shortest Path First (OSPF)</p>
|
|
|
|
<p>The algorithm is pretty interesting</p>
|
|
|
|
<p class="fragment">RFC2328</p>
|
|
|
|
<p class="fragment">RFC5340</p>
|
|
|
|
</section>
|
2021-10-16 19:37:58 +11:00
|
|
|
|
2021-10-25 16:11:13 +11:00
|
|
|
<section><h2>Dynamic Routing</h2>
|
|
|
|
<p>Border Gateway Protocol (BGP)</p>
|
|
|
|
<p class="fragment">RF4271</p>
|
2021-09-29 23:04:50 +10:00
|
|
|
</section>
|
2021-10-25 16:11:13 +11:00
|
|
|
|
2021-09-29 23:04:50 +10:00
|
|
|
<section>more detail on what VLANs, OSPF and BGP are for</section>
|
|
|
|
<section>how to do these things in linux</section>
|
|
|
|
<section>intro to bird</section>
|
|
|
|
<section>more detail on bird</section>
|
|
|
|
<section>building out a virtual network with LXC</section>
|
|
|
|
<section>ergh, NAT</section>
|
|
|
|
<section>Why use a 'real' router</section>
|
|
|
|
<section>OpenWRT</section>
|
2021-10-16 19:37:58 +11:00
|
|
|
<section>Multi Host IPs (Authoritative DNS example like in the facebook thing)</section>
|
2021-10-20 16:41:25 +11:00
|
|
|
|
|
|
|
<section><h2>Bonus homework</h2>
|
|
|
|
<p>Why did I use 2001::db8::/32?</p>
|
|
|
|
<p>Why did I use /64s?</p>
|
|
|
|
<p>something ansible?</p>
|
2021-10-25 15:51:42 +11:00
|
|
|
<p>DSA is relatively new, nicer way if interacting with actual switch hardware</p>
|
2021-10-20 16:41:25 +11:00
|
|
|
</section>
|
2021-10-16 19:37:58 +11:00
|
|
|
|
2021-09-29 23:04:50 +10:00
|
|
|
<section><h2>Resources</h2>
|
|
|
|
<p>These slides: <a href="https://gitea.pwarren.id.au/pwarren/SysAdmin2022">https://gitea.pwarren.id.au/pwarren/SysAdmin2022</a></p>
|
|
|
|
<p>bird: <a href="https://bird.network.cz/">https://bird.network.cz</a></p>
|
|
|
|
<p>KNorrie's network examples: <a href="https://github.com/knorrie/network-examples">https://github.com/knorrie/network-examples</a></p>
|
|
|
|
<p>Openwrt: <a href="https://openwrt.org">https://openwrt.org/</a></p>
|
2021-09-30 22:04:57 +10:00
|
|
|
<p>The OpenWRT IRC channel, currently on the OFTC network</p>
|
2021-10-13 13:47:06 +11:00
|
|
|
<p>BenEater's <a href="https://www.youtube.com/watch?v=-wMU8vmfaYo">"Why was facebook down for five hours" </a>
|
|
|
|
</p>
|
2021-09-29 23:04:50 +10:00
|
|
|
</section>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<script src="dist/reveal.js"></script>
|
|
|
|
<script src="plugin/notes/notes.js"></script>
|
|
|
|
<script src="plugin/markdown/markdown.js"></script>
|
|
|
|
<script src="plugin/highlight/highlight.js"></script>
|
|
|
|
<script>
|
|
|
|
// More info about initialization & config:
|
|
|
|
// - https://revealjs.com/initialization/
|
|
|
|
// - https://revealjs.com/config/
|
|
|
|
Reveal.initialize({
|
|
|
|
hash: true,
|
|
|
|
|
|
|
|
// Learn about plugins: https://revealjs.com/plugins/
|
|
|
|
plugins: [ RevealMarkdown, RevealHighlight, RevealNotes ]
|
|
|
|
});
|
|
|
|
</script>
|
|
|
|
</body>
|
2021-09-29 21:52:51 +10:00
|
|
|
</html>
|