Learning about slightly more advanced networking with linux

Paul Warren

Mastodon: @pwarren@mastodon.thewarrens.name

email: paul at thewarrens.name

© 2021 Paul Warren

CC BY-NC-SA

! WARNING !

I am not a network engineer, there are gaps in my knowledge

The words I use might not be the correct ones

Please don't blame me if your network stops networking

Maybe don't go and try building an ISP based off this talk :)

What even is a network

Ethernet?

Token Ring?

IPX?

AX.25?

What even is a network

ipv4?

ipv6?

tcp?

Allows connections between computers

Managed network?

Controls connections between computers

Scales connections between computers

Layers!

Like an onion!

That 7 layer thing from the OSI

Administrative overlays

VPNs and Tunnels

Layers!

This means the Physical layers do not have to match the Logical connections

Networks are also a bit fractal in nature

For the purposes of this talk, we can ignore a lot of complexity

What even is a router?

Two or more interfaces

Some logic to determine where a packet goes

Linux Routing


net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1

And we're done!

Yeah, not really :)

Static Routes!

Manually added, or scripted routes that don't change


	      ip route add 172.17.0.0/24 via 172.16.0.254 dev wg0

What I'm assuming we're familiar with

Diagram showing standard leaf node of a network with a bit cloud containg "The rest of the org"

What we're familiar with

Diagram showing added storage and server network

How things evolve

Uh Oh, we've got a new Datacentre

How things evolve

which has its own lot of storage and servers

How things evolve

And now people want to work in Tasmania!

Bits and Pieces

VLAN

OSPF

more detail on what VLANs, OSPF and BGP are for
how to do these things in linux
intro to bird
more detail on bird
building out a virtual network with LXC
ergh, NAT
Why use a 'real' router
OpenWRT
Multi Host IPs (Authoritative DNS example like in the facebook thing)

Bonus homework

Why did I use 2001::db8::/32?

Why did I use /64s?

something ansible?

DSA is relatively new, nicer way if interacting with actual switch hardware

Resources

These slides: https://gitea.pwarren.id.au/pwarren/SysAdmin2022

bird: https://bird.network.cz

KNorrie's network examples: https://github.com/knorrie/network-examples

Openwrt: https://openwrt.org/

The OpenWRT IRC channel, currently on the OFTC network

BenEater's "Why was facebook down for five hours"