Paul Warren
Mastodon: @pwarren@mastodon.thewarrens.name
email: paul at thewarrens.name
© 2021 Paul Warren
CC BY-NC-SA
I am not a network engineer, there are gaps in my knowledge
The words I use might not be the correct ones
Please don't blame me if your network stops networking
Maybe don't go and try building an ISP based off this talk :)
Ethernet?
Token Ring?
IPX?
AX.25?
ipv4?
ipv6?
tcp?
Allows connections between computers
Controls connections between computers
Scales connections between computers
Like an onion!
That 7 layer thing from the OSI
Ethernet -> IP -> ICMP/TCP/UDP
Administrative overlays
VPNs and Tunnels
This means the Physical layers do not have to match the Logical connections
Networks are also a bit fractal in nature
For the purposes of this talk, we can ignore a lot of complexity
VLANS
Ethernet layer
Designed to limit broadcast storms
Can also separate IP networks on the same Ethernet
Tagged and Untagged/Default
IEEE 802.1Q
Are pretty easy!
ip link add link enp0s2 name enp0s2.2501 vlan id 2501
ip -6 addr add 2001:db8:2501::10/64 dev enp0s2.2501
ip link set dev enp0s2.2501 up
Various different methods of making it go in different distributions
Debian: in /etc/network/interfaces
auto enp1s0.2502
iface enp1s0.2502 inet dhcp
iface enp1s0.2502 inet6 auto
OpenWRT has a nice GUI
Here's what I've done
Two or more interfaces
Some logic to determine where a packet goes
Add to sysctl config:
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1
And we're done!
Yeah, not really :)
Manually added, or scripted routes that don't change
ip route add 172.17.0.0/24 via 172.16.0.254 dev wg0
ip -6 route add 2001:db8:2501::/64 via 2001:db8:2500::1 dev enp0s1
ip -6 route add 2001:db8:2502::/64 via 2001:db8:2500::1 dev enp0s1
ip -6 route add 2001:db8:2600:beef:/64 via 2001:db8:face::1 dev wg0
Advertise your LANs
Discovering routes to other LANs
Optional: Do some logic
Add them to the routing table
Userspace daemons
talking to the kernel networking stack
Open Shortest Path First (OSPF)
Uses Dijkstra's algorithm
RFC2328
RFC5340
For: Dynamic routes inside your networks
Border Gateway Protocol (BGP)
RF4271
For: Sharing dynamic routes outside your network with other Autonomous Sytstems (AS)
"AS" is used a lot in the ISP world, and your ISP will have an assigned AS Number
BIRD: Berkeley Internet Routing Daemon
Quagga: Fork of Zebra
OpenBGPd/OpenOSPFd: from the OpenBSD project
Significant overlap, but they are different
I've not used Quagga, or the OpenBSD ones
There are probably others!
Powerful
Complex to configure
Use version control
/etc/bird.conf
router id 10.9.99.6;
log "/var/log/bird/bird.log" all;
debug protocols { states, routes, filters, interfaces }
protocol kernel {
import none;
export all;
}
protocol device {
# defaults...
}
/etc/bird.conf
Each router needs a unique ID
Protocol blocks, There are lots of types
They are how bird knows what to talk to and how
protocol ospf {
area 0 {
interface "lo" {
stub;
};
interface "vlan1001" {
};
interface "vlan1034" {
stub;
};
};
}
There are a lot more options than stub or default
BIRD documentation is really good
OpenWRT is a linux based distribution for real networking hardware
Why did I use 2001::db8::/32?
Why did I use /64s?
I highly recommend going through KNorrie's network examples: https://github.com/knorrie/network-examples
OSPF Areas
Auth* for OSPF
Automatic transfers of internal aggregates to BGP (Something I've not investigated much)
These slides: https://gitea.pwarren.id.au/pwarren/SysAdmin2022
bird: https://bird.network.cz
Openwrt: https://openwrt.org/
The OpenWRT IRC channel, currently on the OFTC network
BenEater's "Why was facebook down for five hours"
Diagram showing standard leaf node of a network with a bit cloud containg "The rest of the org"
Diagram showing added storage and server network
Uh Oh, we've got a new Datacentre
which has its own lot of storage and servers
And now people want to work in Tasmania!