These are the days of VMs, containers, and service meshes. The network, for a long time the sysadmin’s mysterious domain, is now at the fore-front: providing overlays, security features, and headaches. It’s vital to be able to understand what’s going on under the hood of a cloud-native platform if you ever hope to debug it, but do you know a TAP from a TUN, let alone an ipvlanL3? This talk will take you through all the network interface types on modern linux, from good old eth0 to the vEths used by Docker and the tunnels used by Calico.
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Software Networking and Interfaces on Linux
1. Software Networking and Interfaces @mt165
Software Networking
and Interfaces
Matt Turner
SRECon, Singapore | June 2019
on Linux
@mt165 | mt165.co.uk
6. Software Networking and Interfaces @mt165
Ethernet and ARP
Ethernet - L2 protocol
MAC Address - Media Access Control Address - Ethernet address, eg
c0:ff:ee:be:ef:69
ARP - Address Resolution Protocol - DNS for ethernet: IP -> MAC
$ arp
Address HWtype HWaddress Flags Mask Iface
192.168.0.239 ether 48:3b:38:01:6a:23 C enp2s0
172.28.0.13 ether 02:42:ac:1c:00:0d C br-de368312f566
7. Software Networking and Interfaces @mt165
vLANs
Virtual LANs
IEEE 802.1q
Simulates multiple networks using one set of cables and switches
Each vLAN has a short numeric ID
Nested vLANs - IEEE 802.1ad, aka “q in q”
8. Software Networking and Interfaces @mt165
iptables
Linux kernel subsystem
Can do lots of things to packets as they pass through a system
Including: packet manipulation
10. Software Networking and Interfaces @mt165
Route tables
Gives the next hop for a destination subnet.
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default moon.lan 0.0.0.0 UG 3 0 0 enp2s0
loopback localhost 255.0.0.0 UG 0 0 0 lo
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
11. Software Networking and Interfaces @mt165
Classful Routing
Class A 8 bit 0.0.0.0 127.0.0.1
Class B 16 bit 128.0.0.0 191.255.0.0
Class C 24 bit 192.0.0.0 223.255.255.0
Class D - multicast 224.0.0.0 239.255.255.255
Class E - reserved 240.0.0.0 255.255.255.255
12. Software Networking and Interfaces @mt165
Private Address Ranges
The “24-bit block” 8 bit prefix 10.0.0.0 –
10.255.255.255
1 class A
The “20-bit block” 12 bit prefix 172.16.0.0 –
172.31.255.255
16 class Bs
The “16-bit block “ 16 bit prefix 192.168.0.0 –
192.168.255.255
256 class Cs
Loopback 8 bit prefix 127.0.0.0 -
127.255.255.255
1 class A
13. Software Networking and Interfaces @mt165
Classless Routing and CIDRs
Classless Inter-Domain Routing
Classful was too rigid and wasteful
Arbitrary ranges of addresses, notated as start address and size (as prefix mask)
CIDR notation: 192.168.42.0/24; 10.0.0.0/8
14. Software Networking and Interfaces @mt165
Address all, some, one host
● All hosts in a subnet
● Some hosts, which have opted in
● One arbitrary host from a set
Broadcast, Multicast, Anycast
15. Software Networking and Interfaces @mt165
DHCP
Asks a central server to allocate you an IP address
Based on an ethernet broadcast