Network Topology

TCP/IP model

Application

(http,dns,...)

Transport

(udp,tcp,icmp,...)

Network

(ipv4,ipv6,...)

Link

(IEEE 802.3, 802.11,...)

Data Flow

Host A

Host B

Routing table

ARP table

• net-tools (deprecated)
• iproute2
• other packages like ethtool, ...

Configuration tools for Linux networking

net-tools vs iproute2

• link: network device configuration

• neighbor: neighbour/arp tables management
• address: protocol address management
• route: routing table management
• rule: routing policy database management
• netns: process network namespace management

ip subcomands

• man ip-address
• man ip-link
• ...

Man pages are very useful

• How to run a VPN in an isolated environment??
• How to test a ip route command without changing my routing table??
• How to ...

Network Namespace

Network namespaces provide isolation of the system resources associated with networking:

• network devices, IPv4 and IPv6 protocol stacks
• IP routing tables, firewall rules
• /proc/net directory (which is a symbolic link to /proc/pid/net)
• /sys/class/net  directory
• various files under /proc/sys/net
• port numbers (sockets)
• and so on

Network Namespace

Veth

provides a pipe-like abstraction that can be used to create tunnels between network namespaces,

And can be used to create a bridge to a physical network device in another namespace

Bridge

A Linux bridge behaves like a network switch. It forwards packets between interfaces that are connected to it.

Switch vs Router

Connect more namespaces together using bridge

Bonded

aggregating multiple network interfaces into a single logical "bonded" interface

multiple links connected to internet