SlideShare a Scribd company logo
1 of 67
Download to read offline
Software Networking and Interfaces @mt165
Software Networking
and Interfaces
Matt Turner
SRECon, Singapore | June 2019
on Linux
@mt165 | mt165.co.uk
Software Networking and Interfaces @mt165
Software Networking and Interfaces @mt165
Outline
● Networking 101
● Interfaces
● Bridges
● Emergent Systems
Software Networking and Interfaces @mt165
This is not about
● IP, TCP, addressing
● SDN
Software Networking and Interfaces @mt165
Networking 101
Software Networking and Interfaces @mt165
Ethernet and ARP
Ethernet - L2 protocol
MAC Address - Media Access Control Address - Ethernet address, eg
c0:ff:ee:be:ef:69
ARP - Address Resolution Protocol - DNS for ethernet: IP -> MAC
$ arp
Address HWtype HWaddress Flags Mask Iface
192.168.0.239 ether 48:3b:38:01:6a:23 C enp2s0
172.28.0.13 ether 02:42:ac:1c:00:0d C br-de368312f566
Software Networking and Interfaces @mt165
vLANs
Virtual LANs
IEEE 802.1q
Simulates multiple networks using one set of cables and switches
Each vLAN has a short numeric ID
Nested vLANs - IEEE 802.1ad, aka “q in q”
Software Networking and Interfaces @mt165
iptables
Linux kernel subsystem
Can do lots of things to packets as they pass through a system
Including: packet manipulation
Software Networking and Interfaces @mt165
NAT vs Routing
123.1.2.1
123.1.2.3
123.1.2.4
192.168.0.10
192.168.0.11
234.1.2.3
234.1.2.4
10.0.0.10
10.0.0.11
123.1.2.3 234.1.2.3
234.1.2.1
��
��
��
��
Software Networking and Interfaces @mt165
Route tables
Gives the next hop for a destination subnet.
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default moon.lan 0.0.0.0 UG 3 0 0 enp2s0
loopback localhost 255.0.0.0 UG 0 0 0 lo
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
Software Networking and Interfaces @mt165
Classful Routing
Class A 8 bit 0.0.0.0 127.0.0.1
Class B 16 bit 128.0.0.0 191.255.0.0
Class C 24 bit 192.0.0.0 223.255.255.0
Class D - multicast 224.0.0.0 239.255.255.255
Class E - reserved 240.0.0.0 255.255.255.255
Software Networking and Interfaces @mt165
Private Address Ranges
The “24-bit block” 8 bit prefix 10.0.0.0 –
10.255.255.255
1 class A
The “20-bit block” 12 bit prefix 172.16.0.0 –
172.31.255.255
16 class Bs
The “16-bit block “ 16 bit prefix 192.168.0.0 –
192.168.255.255
256 class Cs
Loopback 8 bit prefix 127.0.0.0 -
127.255.255.255
1 class A
Software Networking and Interfaces @mt165
Classless Routing and CIDRs
Classless Inter-Domain Routing
Classful was too rigid and wasteful
Arbitrary ranges of addresses, notated as start address and size (as prefix mask)
CIDR notation: 192.168.42.0/24; 10.0.0.0/8
Software Networking and Interfaces @mt165
Address all, some, one host
● All hosts in a subnet
● Some hosts, which have opted in
● One arbitrary host from a set
Broadcast, Multicast, Anycast
Software Networking and Interfaces @mt165
DHCP
Asks a central server to allocate you an IP address
Based on an ethernet broadcast
Software Networking and Interfaces @mt165
Interfaces and Bridges
Software Networking and Interfaces @mt165
Software Networking and Interfaces @mt165
eth0
enp0s2
Software Networking and Interfaces @mt165
eth0
enp0s2
192.168.0.10
Software Networking and Interfaces @mt165
eth0
enp0s2
192.168.0.10
ping
connect(“google.com”);
Software Networking and Interfaces @mt165
eth0
enp0s2
192.168.0.10
nginx
bind(“*:80”);
Software Networking and Interfaces @mt165
eth0
192.168.0.10
nginx
172.16.0.10
bind(“*:80”);
Software Networking and Interfaces @mt165
eth0
nginx
bind(“192.168.0.10:80”);
192.168.0.10
172.16.0.10
Software Networking and Interfaces @mt165
eth0
192.168.0.10
nginx
eth1
172.16.0.10
bind(“192.168.0.10:80”);
Software Networking and Interfaces @mt165
eth0
192.168.0.10
nginx
bind(“172.16.0.10:80”);
eth1
172.16.0.10
Software Networking and Interfaces @mt165
eth0
192.168.0.10e1000
Software Networking and Interfaces @mt165
e1000
eth0
192.168.0.10
hardware software
Software Networking and Interfaces @mt165
eth0
192.168.0.10e1000
foo0
Software Networking and Interfaces @mt165
eth0
192.168.0.10e1000
foo0
Software Networking and Interfaces @mt165
eth0
192.168.0.10e1000
foo0
packetd
Software Networking and Interfaces @mt165
eth0
192.168.0.10e1000
tun0
packetd172.16.0.10
Software Networking and Interfaces @mt165
eth0
192.168.0.10e1000
ping
tun0
packetd172.16.0.10
Software Networking and Interfaces @mt165
e1000
eth0
192.168.0.10
tun0
packetd172.16.0.10
Software Networking and Interfaces @mt165
eth0
192.168.0.10e1000
tun0
packetd172.16.0.10
NAT
Software Networking and Interfaces @mt165
eth0
192.168.0.10e1000
tun0
packetd172.16.0.10
ip_forward = 1
Software Networking and Interfaces @mt165
eth0
192.168.0.10e1000
tap0
packetd
172.16.0.10
DE:AD:BE:EF:00:00
Software Networking and Interfaces @mt165
eth0
e1000
tap0
packetd
br0
Software Networking and Interfaces @mt165
br0
eth0
e1000
tap0
packetd
Software Networking and Interfaces @mt165
br0
eth0
e1000
tap0
packetd
br0 192.168.0.10
Software Networking and Interfaces @mt165
ovs0
eth0
e1000
tap0
packetd
ovs0 192.168.0.10
Software Networking and Interfaces @mt165
br0
eth0
e1000
tap0
br0
192.168.0.10
qemu [+ kvm]
Software Networking and Interfaces @mt165
br0
eth0
e1000
tap0
br0
192.168.0.10
e1000
eth0
qemu
192.168.0.11
C0:FF:EE:C0:FF:EE
Software Networking and Interfaces @mt165
br0
eth0
e1000
tap0
br0
192.168.0.10
virtio_
net
eth0
qemu
192.168.0.11
C0:FF:EE:C0:FF:EE
Software Networking and Interfaces @mt165
br0
eth0
e1000
br0
192.168.0.10
Software Networking and Interfaces @mt165
br0
eth0
e1000
br0
192.168.0.10
Software Networking and Interfaces @mt165
br0
eth0
e1000
br0
192.168.0.10
nginx
ping
Software Networking and Interfaces @mt165
br0
eth0
e1000
br0
192.168.0.10
nginx
ping
veth0 veth1
Software Networking and Interfaces @mt165
br0
eth0
e1000
br0
192.168.0.10
nginx
ping
veth0 veth1
172.16.0.1 172.16.0.2
Software Networking and Interfaces @mt165
br0
eth0
e1000
br0
192.168.0.10
nginx
ping
veth0
veth1 172.16.0.2
Software Networking and Interfaces @mt165
br0
eth0
e1000
br0
192.168.0.10
nginx
ping
veth0
veth1
172.16.0.2
ftpd
Software Networking and Interfaces @mt165
br0
eth0
e1000
br0
192.168.0.10
nginx
ping
veth0
eth0
172.16.0.2
ftpd
Software Networking and Interfaces @mt165
br0
eth0
e1000
br0
192.168.0.10
nginx
ping
eth0
172.16.0.2
ftpd
Software Networking and Interfaces @mt165
eth0
e1000 192.168.0.10
eth0.42
172.16.0.2
ftpd
vlan : 42
ftpd
Software Networking and Interfaces @mt165
eth0
e1000 192.168.0.10
nginx
eth0.42
172.16.0.2
ftpd
vlan : 42
Software Networking and Interfaces @mt165
eth0e1000
C0:FF:EE
192.168.0.10
eth1
192.168.0.11
ftpd
eth2
192.168.0.12
Software Networking and Interfaces @mt165
eth0e1000
F0:00:01 192.168.0.10
eth1
192.168.0.11
ftpd
macvlan
F0:0B:4R
eth2
192.168.0.12
macvlan
F0:07:07
Software Networking and Interfaces @mt165
eth0e1000
F0:00:01 192.168.0.10
eth1
192.168.0.11
ftpd
macvlan
F0:0B:4R
eth2
192.168.0.12
macvlan
F0:07:07
Software Networking and Interfaces @mt165
eth0e1000
F0:00:01 192.168.0.10
eth1
192.168.0.11
ftpd
macvlan
F0:0B:4R
eth2
192.168.0.12
macvlan
F0:07:07
Software Networking and Interfaces @mt165
eth0e1000
F0:00:01 192.168.0.10
eth1
192.168.0.11
ftpd
macvlan
F0:0B:4R
eth2
192.168.0.12
macvlan
F0:07:07
Software Networking and Interfaces @mt165
br0
eth0e1000
F0:00:01 192.168.0.10
macvlan0
ftpd
macvlan
F0:0B:4R
macvtap
F0:07:07
qemu
tap0
qemu
macvtap0
Software Networking and Interfaces @mt165
eth0e1000
C0:FF:EE 192.168.0.10
eth1
192.168.0.11
ftpd
ipvlan
C0:FF:EE
eth2
192.168.0.12
ipvlan
C0:FF:EE
Software Networking and Interfaces @mt165
eth0e1000
C0:FF:EE 192.168.0.10
eth1
192.168.1.10
ftpd
ipvlan L3
eth2
192.168.2.10ipvlan L3
Software Networking and Interfaces @mt165
eth0e1000
C0:FF:EE 192.168.0.10
192.168.1.10ipvlan L3
ipvlan L3
BIRD
Calico
192.168.1.10 nodejs
Software Networking and Interfaces @mt165
K8s etcd
K8s API
plugin
Calico etcd
calico-node
felix
confd
BIRD
eth0 (192.168.0.1)
vEth-xxxx (no IP)
vEth pair
L2 broadcast domain (routing by ARP),
Or, L3 network (routing by BGP peering)
eth0 eth0
iptables (outside namespace)
Linux kernel
ip_forwardin
g
Kernel
route
table
BGP
(mesh up to 100 nodes)
workload
workload
i.e. no in-host
broadcast
domain switch
No multi-host
broadcast
domain
overlay
Software Networking and Interfaces @mt165
Recap - Interface Types
● Loopback
● Dummy
● “real”
● (multiple L3 addresses)
● TAP / TUN
● vEth
● Vlan
● Macvlan / macvtap
● Ipvlan / ipvtap L2
● Ipvlan / ipvtap L3
Software Networking and Interfaces @mt165
Recap - Bridge Types
● Linux Bridge
● Open vSwitch (inc DPDK)
● Macvtap
● (netmap / VALE)
● (snabbswitch)
● (SR-IOV NIC, Cisco vNIC)
Software Networking and Interfaces @mt165
Thanks!
@mt165
Slides
Videos
Demo code
mt165.co.uk

More Related Content

What's hot

Offloading TC Rules on OVS Internal Ports
Offloading TC Rules on OVS Internal Ports Offloading TC Rules on OVS Internal Ports
Offloading TC Rules on OVS Internal Ports Netronome
 
HTTP/3 over QUIC. All is new but still the same!
HTTP/3 over QUIC. All is new but still the same!HTTP/3 over QUIC. All is new but still the same!
HTTP/3 over QUIC. All is new but still the same!Daniel Stenberg
 
Quality of Service Ingress Rate Limiting and OVS Hardware Offloads
Quality of Service Ingress Rate Limiting and OVS Hardware OffloadsQuality of Service Ingress Rate Limiting and OVS Hardware Offloads
Quality of Service Ingress Rate Limiting and OVS Hardware OffloadsNetronome
 
Asterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus Gateway
Asterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus GatewayAsterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus Gateway
Asterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus GatewayAlessandro Polidori
 
Nxll09 access list
Nxll09 access listNxll09 access list
Nxll09 access listNetwax Lab
 
How to configure Dynamic nat
How to configure Dynamic natHow to configure Dynamic nat
How to configure Dynamic nattcpipguru
 
Eincop Netwax Lab: Site 2 Site VPN with Routing Protocols
Eincop Netwax Lab: Site 2 Site VPN with Routing ProtocolsEincop Netwax Lab: Site 2 Site VPN with Routing Protocols
Eincop Netwax Lab: Site 2 Site VPN with Routing ProtocolsNetwax Lab
 
Ubuntu: Setup development environment for ruby on rails
Ubuntu:  Setup development environment for ruby on railsUbuntu:  Setup development environment for ruby on rails
Ubuntu: Setup development environment for ruby on railsGanesh Kunwar
 
Nxll17 dynamic routing with asa
Nxll17 dynamic routing with asaNxll17 dynamic routing with asa
Nxll17 dynamic routing with asaNetwax Lab
 
Nxll25 hsrp with failover
Nxll25 hsrp with failoverNxll25 hsrp with failover
Nxll25 hsrp with failoverNetwax Lab
 

What's hot (17)

Webrtc puzzle
Webrtc puzzleWebrtc puzzle
Webrtc puzzle
 
5th tf webrtc-welcome
5th tf webrtc-welcome5th tf webrtc-welcome
5th tf webrtc-welcome
 
Offloading TC Rules on OVS Internal Ports
Offloading TC Rules on OVS Internal Ports Offloading TC Rules on OVS Internal Ports
Offloading TC Rules on OVS Internal Ports
 
HTTP/3 over QUIC. All is new but still the same!
HTTP/3 over QUIC. All is new but still the same!HTTP/3 over QUIC. All is new but still the same!
HTTP/3 over QUIC. All is new but still the same!
 
Quality of Service Ingress Rate Limiting and OVS Hardware Offloads
Quality of Service Ingress Rate Limiting and OVS Hardware OffloadsQuality of Service Ingress Rate Limiting and OVS Hardware Offloads
Quality of Service Ingress Rate Limiting and OVS Hardware Offloads
 
Asterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus Gateway
Asterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus GatewayAsterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus Gateway
Asterisk WebRTC frontier: realize client SIP Phone with sipML5 and Janus Gateway
 
Nat
NatNat
Nat
 
How to Cisco ACI Multi-Pod
How to Cisco ACI Multi-PodHow to Cisco ACI Multi-Pod
How to Cisco ACI Multi-Pod
 
Nxll09 access list
Nxll09 access listNxll09 access list
Nxll09 access list
 
IPSec VPN
IPSec VPNIPSec VPN
IPSec VPN
 
Neutron Deep Dive
Neutron Deep Dive Neutron Deep Dive
Neutron Deep Dive
 
Nxll23 i pv6
Nxll23 i pv6Nxll23 i pv6
Nxll23 i pv6
 
How to configure Dynamic nat
How to configure Dynamic natHow to configure Dynamic nat
How to configure Dynamic nat
 
Eincop Netwax Lab: Site 2 Site VPN with Routing Protocols
Eincop Netwax Lab: Site 2 Site VPN with Routing ProtocolsEincop Netwax Lab: Site 2 Site VPN with Routing Protocols
Eincop Netwax Lab: Site 2 Site VPN with Routing Protocols
 
Ubuntu: Setup development environment for ruby on rails
Ubuntu:  Setup development environment for ruby on railsUbuntu:  Setup development environment for ruby on rails
Ubuntu: Setup development environment for ruby on rails
 
Nxll17 dynamic routing with asa
Nxll17 dynamic routing with asaNxll17 dynamic routing with asa
Nxll17 dynamic routing with asa
 
Nxll25 hsrp with failover
Nxll25 hsrp with failoverNxll25 hsrp with failover
Nxll25 hsrp with failover
 

Similar to Software Networking and Interfaces on Linux

Mạng máy tính nâng cao_Chapter01 overview
Mạng máy tính nâng cao_Chapter01 overviewMạng máy tính nâng cao_Chapter01 overview
Mạng máy tính nâng cao_Chapter01 overviewJackie Tran
 
Practice exam #2
Practice exam #2Practice exam #2
Practice exam #2Kris Mofu
 
Network configuration in Linux
Network configuration in LinuxNetwork configuration in Linux
Network configuration in LinuxMohammed Yazdani
 
Ip Addressing Basics
Ip Addressing BasicsIp Addressing Basics
Ip Addressing Basicstmavroidis
 
Ccna 4 Final 4 Version 4.0 Answers
Ccna 4 Final 4 Version 4.0 AnswersCcna 4 Final 4 Version 4.0 Answers
Ccna 4 Final 4 Version 4.0 AnswersCCNA4Answers
 
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAMCMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAMHamesKellor
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion PacketsAmazon Web Services
 
103 Basic network concepts
103 Basic network concepts103 Basic network concepts
103 Basic network conceptsSsendiSamuel
 
Ccna 4 final exam answer v5
Ccna 4 final exam answer v5Ccna 4 final exam answer v5
Ccna 4 final exam answer v5friv4schoolgames
 
Final presentation phases1_2_3
Final presentation phases1_2_3Final presentation phases1_2_3
Final presentation phases1_2_3TommyBtown
 
Ccna1 v6.0 pretest exam answers 2018
Ccna1 v6.0 pretest exam answers 2018Ccna1 v6.0 pretest exam answers 2018
Ccna1 v6.0 pretest exam answers 2018Download Mipdfcom
 
IP_Addressing_and Subnetting.pdf
IP_Addressing_and Subnetting.pdfIP_Addressing_and Subnetting.pdf
IP_Addressing_and Subnetting.pdfSayusAli
 
Network Design on cisco packet tracer 6.0
Network Design on cisco packet tracer 6.0Network Design on cisco packet tracer 6.0
Network Design on cisco packet tracer 6.0Saurav Pandey
 
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docxAll contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docxgalerussel59292
 

Similar to Software Networking and Interfaces on Linux (20)

Ccna pres
Ccna presCcna pres
Ccna pres
 
Password Recovery
Password RecoveryPassword Recovery
Password Recovery
 
Password Recovery
Password RecoveryPassword Recovery
Password Recovery
 
Mạng máy tính nâng cao_Chapter01 overview
Mạng máy tính nâng cao_Chapter01 overviewMạng máy tính nâng cao_Chapter01 overview
Mạng máy tính nâng cao_Chapter01 overview
 
Practice exam #2
Practice exam #2Practice exam #2
Practice exam #2
 
Network configuration in Linux
Network configuration in LinuxNetwork configuration in Linux
Network configuration in Linux
 
Ip Addressing Basics
Ip Addressing BasicsIp Addressing Basics
Ip Addressing Basics
 
Ccna 4 Final 4 Version 4.0 Answers
Ccna 4 Final 4 Version 4.0 AnswersCcna 4 Final 4 Version 4.0 Answers
Ccna 4 Final 4 Version 4.0 Answers
 
Network security lab certification 350 018
Network security lab certification 350 018Network security lab certification 350 018
Network security lab certification 350 018
 
BACIK CISCO SKILLS
BACIK CISCO SKILLSBACIK CISCO SKILLS
BACIK CISCO SKILLS
 
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAMCMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion Packets
 
103 Basic network concepts
103 Basic network concepts103 Basic network concepts
103 Basic network concepts
 
Ccna 4 final exam answer v5
Ccna 4 final exam answer v5Ccna 4 final exam answer v5
Ccna 4 final exam answer v5
 
Final presentation phases1_2_3
Final presentation phases1_2_3Final presentation phases1_2_3
Final presentation phases1_2_3
 
Ccna1 v6.0 pretest exam answers 2018
Ccna1 v6.0 pretest exam answers 2018Ccna1 v6.0 pretest exam answers 2018
Ccna1 v6.0 pretest exam answers 2018
 
IP_Addressing_and Subnetting.pdf
IP_Addressing_and Subnetting.pdfIP_Addressing_and Subnetting.pdf
IP_Addressing_and Subnetting.pdf
 
Linux router
Linux routerLinux router
Linux router
 
Network Design on cisco packet tracer 6.0
Network Design on cisco packet tracer 6.0Network Design on cisco packet tracer 6.0
Network Design on cisco packet tracer 6.0
 
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docxAll contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
All contents are Copyright © 1992–2012 Cisco Systems, Inc. A.docx
 

More from Matt Turner

The Life of a Packet through Istio III
The Life of a Packet through Istio IIIThe Life of a Packet through Istio III
The Life of a Packet through Istio IIIMatt Turner
 
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service MeshAutomated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service MeshMatt Turner
 
apiserver-Only "Clusters" for fun and profit
apiserver-Only "Clusters" for fun and profitapiserver-Only "Clusters" for fun and profit
apiserver-Only "Clusters" for fun and profitMatt Turner
 
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenarios
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenariosIstio + SPIRE for cross-domain traffic trust in hybrid-cloud scenarios
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenariosMatt Turner
 
Why Is Istio That Shape?
Why Is Istio That Shape?Why Is Istio That Shape?
Why Is Istio That Shape?Matt Turner
 
Dynamically Testing Individual Microservice Releases In Production
  Dynamically Testing Individual Microservice Releases In Production  Dynamically Testing Individual Microservice Releases In Production
Dynamically Testing Individual Microservice Releases In ProductionMatt Turner
 
Gateway APIs, Envoy Gateway, and API Gateways
Gateway APIs, Envoy Gateway, and API GatewaysGateway APIs, Envoy Gateway, and API Gateways
Gateway APIs, Envoy Gateway, and API GatewaysMatt Turner
 
The Life of a Packet III - Service Mesh London
The Life of a Packet III - Service Mesh LondonThe Life of a Packet III - Service Mesh London
The Life of a Packet III - Service Mesh LondonMatt Turner
 
Cloud-Native Progressive Delivery
Cloud-Native Progressive DeliveryCloud-Native Progressive Delivery
Cloud-Native Progressive DeliveryMatt Turner
 
An Introduction to Bazel
An Introduction to BazelAn Introduction to Bazel
An Introduction to BazelMatt Turner
 
Debugging an RBAC Problem in Istio
Debugging an RBAC Problem in IstioDebugging an RBAC Problem in Istio
Debugging an RBAC Problem in IstioMatt Turner
 
Running Resillient Workloads with Istio - KubeCon China 2019
Running Resillient Workloads with Istio - KubeCon China 2019Running Resillient Workloads with Istio - KubeCon China 2019
Running Resillient Workloads with Istio - KubeCon China 2019Matt Turner
 
Running Resillient Workloads with Istio - OpenInfra Days 2019
Running Resillient Workloads with Istio - OpenInfra Days 2019Running Resillient Workloads with Istio - OpenInfra Days 2019
Running Resillient Workloads with Istio - OpenInfra Days 2019Matt Turner
 
Do You Need a Service Mesh? @ London Devops, January 2019
Do You Need a Service Mesh? @ London Devops, January 2019Do You Need a Service Mesh? @ London Devops, January 2019
Do You Need a Service Mesh? @ London Devops, January 2019Matt Turner
 
The life of a packet through Istio
The life of a packet through IstioThe life of a packet through Istio
The life of a packet through IstioMatt Turner
 
An Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem DevelopmentAn Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem DevelopmentMatt Turner
 

More from Matt Turner (18)

The Life of a Packet through Istio III
The Life of a Packet through Istio IIIThe Life of a Packet through Istio III
The Life of a Packet through Istio III
 
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service MeshAutomated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
 
apiserver-Only "Clusters" for fun and profit
apiserver-Only "Clusters" for fun and profitapiserver-Only "Clusters" for fun and profit
apiserver-Only "Clusters" for fun and profit
 
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenarios
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenariosIstio + SPIRE for cross-domain traffic trust in hybrid-cloud scenarios
Istio + SPIRE for cross-domain traffic trust in hybrid-cloud scenarios
 
Why Is Istio That Shape?
Why Is Istio That Shape?Why Is Istio That Shape?
Why Is Istio That Shape?
 
Dynamically Testing Individual Microservice Releases In Production
  Dynamically Testing Individual Microservice Releases In Production  Dynamically Testing Individual Microservice Releases In Production
Dynamically Testing Individual Microservice Releases In Production
 
Gateway APIs, Envoy Gateway, and API Gateways
Gateway APIs, Envoy Gateway, and API GatewaysGateway APIs, Envoy Gateway, and API Gateways
Gateway APIs, Envoy Gateway, and API Gateways
 
The Life of a Packet III - Service Mesh London
The Life of a Packet III - Service Mesh LondonThe Life of a Packet III - Service Mesh London
The Life of a Packet III - Service Mesh London
 
Cloud-Native Progressive Delivery
Cloud-Native Progressive DeliveryCloud-Native Progressive Delivery
Cloud-Native Progressive Delivery
 
An Introduction to Bazel
An Introduction to BazelAn Introduction to Bazel
An Introduction to Bazel
 
Debugging an RBAC Problem in Istio
Debugging an RBAC Problem in IstioDebugging an RBAC Problem in Istio
Debugging an RBAC Problem in Istio
 
Running Resillient Workloads with Istio - KubeCon China 2019
Running Resillient Workloads with Istio - KubeCon China 2019Running Resillient Workloads with Istio - KubeCon China 2019
Running Resillient Workloads with Istio - KubeCon China 2019
 
Running Resillient Workloads with Istio - OpenInfra Days 2019
Running Resillient Workloads with Istio - OpenInfra Days 2019Running Resillient Workloads with Istio - OpenInfra Days 2019
Running Resillient Workloads with Istio - OpenInfra Days 2019
 
Do You Need a Service Mesh? @ London Devops, January 2019
Do You Need a Service Mesh? @ London Devops, January 2019Do You Need a Service Mesh? @ London Devops, January 2019
Do You Need a Service Mesh? @ London Devops, January 2019
 
The life of a packet through Istio
The life of a packet through IstioThe life of a packet through Istio
The life of a packet through Istio
 
Bash is Testing
Bash is TestingBash is Testing
Bash is Testing
 
Fluency
FluencyFluency
Fluency
 
An Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem DevelopmentAn Introduction to User Space Filesystem Development
An Introduction to User Space Filesystem Development
 

Recently uploaded

Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Software Networking and Interfaces on Linux

  • 1. Software Networking and Interfaces @mt165 Software Networking and Interfaces Matt Turner SRECon, Singapore | June 2019 on Linux @mt165 | mt165.co.uk
  • 2. Software Networking and Interfaces @mt165
  • 3. Software Networking and Interfaces @mt165 Outline ● Networking 101 ● Interfaces ● Bridges ● Emergent Systems
  • 4. Software Networking and Interfaces @mt165 This is not about ● IP, TCP, addressing ● SDN
  • 5. Software Networking and Interfaces @mt165 Networking 101
  • 6. Software Networking and Interfaces @mt165 Ethernet and ARP Ethernet - L2 protocol MAC Address - Media Access Control Address - Ethernet address, eg c0:ff:ee:be:ef:69 ARP - Address Resolution Protocol - DNS for ethernet: IP -> MAC $ arp Address HWtype HWaddress Flags Mask Iface 192.168.0.239 ether 48:3b:38:01:6a:23 C enp2s0 172.28.0.13 ether 02:42:ac:1c:00:0d C br-de368312f566
  • 7. Software Networking and Interfaces @mt165 vLANs Virtual LANs IEEE 802.1q Simulates multiple networks using one set of cables and switches Each vLAN has a short numeric ID Nested vLANs - IEEE 802.1ad, aka “q in q”
  • 8. Software Networking and Interfaces @mt165 iptables Linux kernel subsystem Can do lots of things to packets as they pass through a system Including: packet manipulation
  • 9. Software Networking and Interfaces @mt165 NAT vs Routing 123.1.2.1 123.1.2.3 123.1.2.4 192.168.0.10 192.168.0.11 234.1.2.3 234.1.2.4 10.0.0.10 10.0.0.11 123.1.2.3 234.1.2.3 234.1.2.1 �� �� �� ��
  • 10. Software Networking and Interfaces @mt165 Route tables Gives the next hop for a destination subnet. $ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default moon.lan 0.0.0.0 UG 3 0 0 enp2s0 loopback localhost 255.0.0.0 UG 0 0 0 lo 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
  • 11. Software Networking and Interfaces @mt165 Classful Routing Class A 8 bit 0.0.0.0 127.0.0.1 Class B 16 bit 128.0.0.0 191.255.0.0 Class C 24 bit 192.0.0.0 223.255.255.0 Class D - multicast 224.0.0.0 239.255.255.255 Class E - reserved 240.0.0.0 255.255.255.255
  • 12. Software Networking and Interfaces @mt165 Private Address Ranges The “24-bit block” 8 bit prefix 10.0.0.0 – 10.255.255.255 1 class A The “20-bit block” 12 bit prefix 172.16.0.0 – 172.31.255.255 16 class Bs The “16-bit block “ 16 bit prefix 192.168.0.0 – 192.168.255.255 256 class Cs Loopback 8 bit prefix 127.0.0.0 - 127.255.255.255 1 class A
  • 13. Software Networking and Interfaces @mt165 Classless Routing and CIDRs Classless Inter-Domain Routing Classful was too rigid and wasteful Arbitrary ranges of addresses, notated as start address and size (as prefix mask) CIDR notation: 192.168.42.0/24; 10.0.0.0/8
  • 14. Software Networking and Interfaces @mt165 Address all, some, one host ● All hosts in a subnet ● Some hosts, which have opted in ● One arbitrary host from a set Broadcast, Multicast, Anycast
  • 15. Software Networking and Interfaces @mt165 DHCP Asks a central server to allocate you an IP address Based on an ethernet broadcast
  • 16. Software Networking and Interfaces @mt165 Interfaces and Bridges
  • 17. Software Networking and Interfaces @mt165
  • 18. Software Networking and Interfaces @mt165 eth0 enp0s2
  • 19. Software Networking and Interfaces @mt165 eth0 enp0s2 192.168.0.10
  • 20. Software Networking and Interfaces @mt165 eth0 enp0s2 192.168.0.10 ping connect(“google.com”);
  • 21. Software Networking and Interfaces @mt165 eth0 enp0s2 192.168.0.10 nginx bind(“*:80”);
  • 22. Software Networking and Interfaces @mt165 eth0 192.168.0.10 nginx 172.16.0.10 bind(“*:80”);
  • 23. Software Networking and Interfaces @mt165 eth0 nginx bind(“192.168.0.10:80”); 192.168.0.10 172.16.0.10
  • 24. Software Networking and Interfaces @mt165 eth0 192.168.0.10 nginx eth1 172.16.0.10 bind(“192.168.0.10:80”);
  • 25. Software Networking and Interfaces @mt165 eth0 192.168.0.10 nginx bind(“172.16.0.10:80”); eth1 172.16.0.10
  • 26. Software Networking and Interfaces @mt165 eth0 192.168.0.10e1000
  • 27. Software Networking and Interfaces @mt165 e1000 eth0 192.168.0.10 hardware software
  • 28. Software Networking and Interfaces @mt165 eth0 192.168.0.10e1000 foo0
  • 29. Software Networking and Interfaces @mt165 eth0 192.168.0.10e1000 foo0
  • 30. Software Networking and Interfaces @mt165 eth0 192.168.0.10e1000 foo0 packetd
  • 31. Software Networking and Interfaces @mt165 eth0 192.168.0.10e1000 tun0 packetd172.16.0.10
  • 32. Software Networking and Interfaces @mt165 eth0 192.168.0.10e1000 ping tun0 packetd172.16.0.10
  • 33. Software Networking and Interfaces @mt165 e1000 eth0 192.168.0.10 tun0 packetd172.16.0.10
  • 34. Software Networking and Interfaces @mt165 eth0 192.168.0.10e1000 tun0 packetd172.16.0.10 NAT
  • 35. Software Networking and Interfaces @mt165 eth0 192.168.0.10e1000 tun0 packetd172.16.0.10 ip_forward = 1
  • 36. Software Networking and Interfaces @mt165 eth0 192.168.0.10e1000 tap0 packetd 172.16.0.10 DE:AD:BE:EF:00:00
  • 37. Software Networking and Interfaces @mt165 eth0 e1000 tap0 packetd br0
  • 38. Software Networking and Interfaces @mt165 br0 eth0 e1000 tap0 packetd
  • 39. Software Networking and Interfaces @mt165 br0 eth0 e1000 tap0 packetd br0 192.168.0.10
  • 40. Software Networking and Interfaces @mt165 ovs0 eth0 e1000 tap0 packetd ovs0 192.168.0.10
  • 41. Software Networking and Interfaces @mt165 br0 eth0 e1000 tap0 br0 192.168.0.10 qemu [+ kvm]
  • 42. Software Networking and Interfaces @mt165 br0 eth0 e1000 tap0 br0 192.168.0.10 e1000 eth0 qemu 192.168.0.11 C0:FF:EE:C0:FF:EE
  • 43. Software Networking and Interfaces @mt165 br0 eth0 e1000 tap0 br0 192.168.0.10 virtio_ net eth0 qemu 192.168.0.11 C0:FF:EE:C0:FF:EE
  • 44. Software Networking and Interfaces @mt165 br0 eth0 e1000 br0 192.168.0.10
  • 45. Software Networking and Interfaces @mt165 br0 eth0 e1000 br0 192.168.0.10
  • 46. Software Networking and Interfaces @mt165 br0 eth0 e1000 br0 192.168.0.10 nginx ping
  • 47. Software Networking and Interfaces @mt165 br0 eth0 e1000 br0 192.168.0.10 nginx ping veth0 veth1
  • 48. Software Networking and Interfaces @mt165 br0 eth0 e1000 br0 192.168.0.10 nginx ping veth0 veth1 172.16.0.1 172.16.0.2
  • 49. Software Networking and Interfaces @mt165 br0 eth0 e1000 br0 192.168.0.10 nginx ping veth0 veth1 172.16.0.2
  • 50. Software Networking and Interfaces @mt165 br0 eth0 e1000 br0 192.168.0.10 nginx ping veth0 veth1 172.16.0.2 ftpd
  • 51. Software Networking and Interfaces @mt165 br0 eth0 e1000 br0 192.168.0.10 nginx ping veth0 eth0 172.16.0.2 ftpd
  • 52. Software Networking and Interfaces @mt165 br0 eth0 e1000 br0 192.168.0.10 nginx ping eth0 172.16.0.2 ftpd
  • 53. Software Networking and Interfaces @mt165 eth0 e1000 192.168.0.10 eth0.42 172.16.0.2 ftpd vlan : 42 ftpd
  • 54. Software Networking and Interfaces @mt165 eth0 e1000 192.168.0.10 nginx eth0.42 172.16.0.2 ftpd vlan : 42
  • 55. Software Networking and Interfaces @mt165 eth0e1000 C0:FF:EE 192.168.0.10 eth1 192.168.0.11 ftpd eth2 192.168.0.12
  • 56. Software Networking and Interfaces @mt165 eth0e1000 F0:00:01 192.168.0.10 eth1 192.168.0.11 ftpd macvlan F0:0B:4R eth2 192.168.0.12 macvlan F0:07:07
  • 57. Software Networking and Interfaces @mt165 eth0e1000 F0:00:01 192.168.0.10 eth1 192.168.0.11 ftpd macvlan F0:0B:4R eth2 192.168.0.12 macvlan F0:07:07
  • 58. Software Networking and Interfaces @mt165 eth0e1000 F0:00:01 192.168.0.10 eth1 192.168.0.11 ftpd macvlan F0:0B:4R eth2 192.168.0.12 macvlan F0:07:07
  • 59. Software Networking and Interfaces @mt165 eth0e1000 F0:00:01 192.168.0.10 eth1 192.168.0.11 ftpd macvlan F0:0B:4R eth2 192.168.0.12 macvlan F0:07:07
  • 60. Software Networking and Interfaces @mt165 br0 eth0e1000 F0:00:01 192.168.0.10 macvlan0 ftpd macvlan F0:0B:4R macvtap F0:07:07 qemu tap0 qemu macvtap0
  • 61. Software Networking and Interfaces @mt165 eth0e1000 C0:FF:EE 192.168.0.10 eth1 192.168.0.11 ftpd ipvlan C0:FF:EE eth2 192.168.0.12 ipvlan C0:FF:EE
  • 62. Software Networking and Interfaces @mt165 eth0e1000 C0:FF:EE 192.168.0.10 eth1 192.168.1.10 ftpd ipvlan L3 eth2 192.168.2.10ipvlan L3
  • 63. Software Networking and Interfaces @mt165 eth0e1000 C0:FF:EE 192.168.0.10 192.168.1.10ipvlan L3 ipvlan L3 BIRD Calico 192.168.1.10 nodejs
  • 64. Software Networking and Interfaces @mt165 K8s etcd K8s API plugin Calico etcd calico-node felix confd BIRD eth0 (192.168.0.1) vEth-xxxx (no IP) vEth pair L2 broadcast domain (routing by ARP), Or, L3 network (routing by BGP peering) eth0 eth0 iptables (outside namespace) Linux kernel ip_forwardin g Kernel route table BGP (mesh up to 100 nodes) workload workload i.e. no in-host broadcast domain switch No multi-host broadcast domain overlay
  • 65. Software Networking and Interfaces @mt165 Recap - Interface Types ● Loopback ● Dummy ● “real” ● (multiple L3 addresses) ● TAP / TUN ● vEth ● Vlan ● Macvlan / macvtap ● Ipvlan / ipvtap L2 ● Ipvlan / ipvtap L3
  • 66. Software Networking and Interfaces @mt165 Recap - Bridge Types ● Linux Bridge ● Open vSwitch (inc DPDK) ● Macvtap ● (netmap / VALE) ● (snabbswitch) ● (SR-IOV NIC, Cisco vNIC)
  • 67. Software Networking and Interfaces @mt165 Thanks! @mt165 Slides Videos Demo code mt165.co.uk