Virtual Networking In Linux
just an introduction
Index
Network Topology
Host A
Host B
Router
Router
TCP/IP model
Application
(http,dns,...)
Transport
(udp,tcp,icmp,...)
Network
(ipv4,ipv6,...)
Link
(IEEE 802.3, 802.11,...)
Physical layer (Ethernet, WiFi, ...)
Data Flow
Application
Application
Transport
Transport
Network
Link
Ethernet
Fiber,Satellite
Network
Link
WiFi
Host A
Host B
Link
Network
Router
Network
Link
Router
Routing table
ARP table
- net-tools (deprecated)
- iproute2
- other packages like ethtool, ...
Configuration tools for Linux networking
net-tools vs iproute2
-
link: network device configuration
- neighbor: neighbour/arp tables management
- address: protocol address management
- route: routing table management
- rule: routing policy database management
- netns: process network namespace management
ip subcomands
- man ip-address
- man ip-link
- ...
Man pages are very useful
- How to run a VPN in an isolated environment??
- How to test a ip route command without changing my routing table??
- How to ...
Network Namespace
Network namespaces provide isolation of the system resources associated with networking:
- network devices, IPv4 and IPv6 protocol stacks
- IP routing tables, firewall rules
- /proc/net directory (which is a symbolic link to /proc/pid/net)
- /sys/class/net directory
- various files under /proc/sys/net
- port numbers (sockets)
- and so on
Network Namespace
Veth
provides a pipe-like abstraction that can be used to create tunnels between network namespaces,
And can be used to create a bridge to a physical network device in another namespace
netns 1
netns 2
veth1
veth1
ip netns add netns1
ip netns add netns2
ip link add veth1 netns netns1 type veth peer name veth2 netns netns2Bridge
A Linux bridge behaves like a network switch. It forwards packets between interfaces that are connected to it.
Switch vs Router
Connect more namespaces together using bridge
Bonded
aggregating multiple network interfaces into a single logical "bonded" interface
multiple links connected to internet
