tagging, basic routing

This commit is contained in:
Paul Warren 2021-12-20 07:13:39 +11:00
parent 222bbd4812
commit ec997ed81c

View file

@ -96,7 +96,8 @@
<p class="fragment">Ethernet layer</p> <p class="fragment">Ethernet layer</p>
<p class="fragment">Designed to limit broadcast storms</p> <p class="fragment">Designed to limit broadcast storms</p>
<p class="fragment">Can also separate IP networks on the same Ethernet</p> <p class="fragment">Can also separate IP networks on the same Ethernet</p>
<p class="fragment">Tagged and Untagged or Default</p> <p class="fragment">Tagged and Untagged/Default</p>
<p class="fragment">IEEE 802.1Q</p>
<aside class="notes"> <aside class="notes">
<p>beware of strange implementations, windows seems to take Router Advertisements from all vlans, regardless of tag</p> <p>beware of strange implementations, windows seems to take Router Advertisements from all vlans, regardless of tag</p>
</section> </section>
@ -106,14 +107,24 @@
ip link add link enp0s2 name enp0s2.2501 vlan id 2501 ip link add link enp0s2 name enp0s2.2501 vlan id 2501
ip -6 addr add 2001:db8:2501::10/64 dev enp0s2.2501 ip -6 addr add 2001:db8:2501::10/64 dev enp0s2.2501
ip link set dev enp0s2.2501 up ip link set dev enp0s2.2501 up
</code>
</pre> </pre>
</section> </section>
<section><h2>VLANs in linux</h2> <section><h2>VLANs in linux</h2>
<p>Various different methods of making it go in different distributions</p> <p>Various different methods of making it go in different distributions</p>
<p class="fragment">Debian: in /etc/network/interfaces</p>
<pre class="fragment"><code data-trim data-noescape> <pre class="fragment"><code data-trim data-noescape>
auto enp1s0.2502
iface enp1s0.2502 inet dhcp
iface enp1s0.2502 inet6 auto
</code>
</pre>
<p class="fragment">OpenWRT has a nice GUI</p>
<aside class="notes">
<p>OpenWRT: can also use the hardware present on most hardware routers to assign vlans to specific ports</p>
</section>
<section><h2>What even is a router?</h2> <section><h2>What even is a router?</h2>
<p class="fragment">Two or more interfaces</p> <p class="fragment">Two or more interfaces</p>
@ -121,18 +132,19 @@
<aside class="notes"> <aside class="notes">
<p>Not necessarily physical</p> <p>Not necessarily physical</p>
<p>Sounds simple right?</p> <p>Sounds simple right?</p>
</aside>
</section> </section>
<section><h2>Linux Routing</h2> <section><h2>Linux Routing</h2>
<pre class="fragment"><code data-trim data-noescape> <pre class="fragment"><code data-trim data-noescape>
net.ipv4.ip_forward = 1 net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1 net.ipv6.conf.default.forwarding = 1
</code> </code>
</pre> </pre>
<p class="fragment">And we're done!</p> <p class="fragment">And we're done!</p>
<p class="fragment">Yeah, not really :)</p> <p class="fragment">Yeah, not really :)</p>
</section> </section>
<section><h2>Static Routes!</h2> <section><h2>Static Routes!</h2>
<p>Manually added, or scripted routes that don't change</p> <p>Manually added, or scripted routes that don't change</p>
@ -142,6 +154,23 @@ net.ipv6.conf.default.forwarding = 1
</pre> </pre>
</section> </section>
<section><h2>Static Routes!</h2>
<p>Harking back to our vlan</p>
<pre><code data-trim data-noescape>
ip -6 route add 2001:db8:2501::/64 via 2001:db8:2500::1 dev enp0s1
</code>
</pre>
<aside class="notes">
<p>As you can imagine this quickly becomes unwieldy with expanding networks</p>
</aside>
</section>
<section><h2>Enter dynamic routes</h2>
<p>Discovering routes to other networks</p>
<p>Add them to the kernel routing table</p>
<p>OSPF: RFC5430, RFC2328</p>
</section>
<section><h2>What I'm assuming we're familiar with</h2> <section><h2>What I'm assuming we're familiar with</h2>
<p>Diagram showing standard leaf node of a network with a bit cloud containg "The rest of the org"</p> <p>Diagram showing standard leaf node of a network with a bit cloud containg "The rest of the org"</p>
</section> </section>
@ -187,18 +216,16 @@ net.ipv6.conf.default.forwarding = 1
<section><h2>Bonus homework</h2> <section><h2>Bonus homework</h2>
<p>Why did I use 2001::db8::/32?</p> <p>Why did I use 2001::db8::/32?</p>
<p>Why did I use /64s?</p> <p>Why did I use /64s?</p>
<p>something ansible?</p> <p>I highly recommend going through KNorrie's network examples: <a href="https://github.com/knorrie/network-examples">https://github.com/knorrie/network-examples</a></p>
<p>DSA is relatively new, nicer way if interacting with actual switch hardware</p>
</section> </section>
<section><h2>Resources</h2> <section><h2>Resources</h2>
<p>These slides: <a href="https://gitea.pwarren.id.au/pwarren/SysAdmin2022">https://gitea.pwarren.id.au/pwarren/SysAdmin2022</a></p> <p>These slides: <a href="https://gitea.pwarren.id.au/pwarren/SysAdmin2022">https://gitea.pwarren.id.au/pwarren/SysAdmin2022</a></p>
<p>bird: <a href="https://bird.network.cz/">https://bird.network.cz</a></p> <p>bird: <a href="https://bird.network.cz/">https://bird.network.cz</a></p>
<p>KNorrie's network examples: <a href="https://github.com/knorrie/network-examples">https://github.com/knorrie/network-examples</a></p>
<p>Openwrt: <a href="https://openwrt.org">https://openwrt.org/</a></p> <p>Openwrt: <a href="https://openwrt.org">https://openwrt.org/</a></p>
<p>The OpenWRT IRC channel, currently on the OFTC network</p> <p>The OpenWRT IRC channel, currently on the OFTC network</p>
<p>BenEater's <a href="https://www.youtube.com/watch?v=-wMU8vmfaYo">"Why was facebook down for five hours" </a> <p>BenEater's <a href="https://www.youtube.com/watch?v=-wMU8vmfaYo">"Why was facebook down for five hours" </a></p>
</p> <p>802.1Q: <a href="https://www.ieee802.org/1/pages/802.1Q-2014.html" /></p>
</section> </section>
</div> </div>
</div> </div>