Contemporary Linux Networking

Similar documents
Attilla de Groot Attilla de Groot Sr. Systems Engineer, HCIE #3494 Cumulus Networks

ifupdown2 : The ultimate Network Interface Manager Progress and Status

Hardware accelerating Linux network functions Roopa Prabhu, Wilson Kok

Virtual switching technologies and Linux bridge

Configuring VXLAN EVPN Multi-Site

Docker Networking: From One to Many. Don Mills

Configuring VXLAN EVPN Multi-Site

UDP Encapsulation in Linux netdev0.1 Conference February 16, Tom Herbert

BESS work on control planes for DC overlay networks A short overview

Understanding Linux Internetworking

Proceedings of NetDev 1.1: The Technical Conference on Linux Networking (February 10th-12th Seville, Spain) VRF Tutorial

ENG. WORKSHOP: PRES. Linux Networking Greatness (part II). Roopa Prabhu/Director Engineering Linux Software/Cumulus Networks.

AS build an internet backbone with pure 1he servers and Linux #RIPE74

Scaling bridge forwarding database. Roopa Prabhu, Nikolay Aleksandrov

Cloud Networking (VITMMA02) Network Virtualization: Overlay Networks OpenStack Neutron Networking

Rtnetlink dump filtering in the kernel Roopa Prabhu

IP Fabric Reference Architecture

Configuring VXLAN EVPN Multi-Site

Data Center Configuration. 1. Configuring VXLAN

PLACE IMAGE OVER THIS SPACE. Docker IP Routing. Having your first-hop load-balancer on Docker. Medallia Copyright 2015.

www. .org New Quagga fork with open development and community Martin Winter

Neutron networking with RHEL OpenStack Platform. Nir Yechiel Senior Technical Product Manager, OpenStack Red Hat

Ethernet switch support in the Linux kernel

Evaluation of virtualization and traffic filtering methods for container networks

Provisioning Overlay Networks

Flexible NFV WAN interconnections with Neutron BGP VPN

Static and source based routing

Huawei CloudEngine Series. VXLAN Technology White Paper. Issue 06 Date HUAWEI TECHNOLOGIES CO., LTD.

Contents. Introduction. Prerequisites. Requirements. Components Used

Creating and Managing Admin Domains

OPEN CONTRAIL ARCHITECTURE GEORGIA TECH SDN EVENT

Contents. EVPN overview 1

BIG-IP TMOS : Tunneling and IPsec. Version 13.0

November 11, Docker Networking with Linux. Guillaume Urvoy-Keller. Reference Scenario. Basic tools: bridges, VETH

MPLS VPN. 5 ian 2010

What s happened to the world of networking hardware offloads? Jesse Brandeburg Anjali Singhai Jain

Cloud Networking From Theory to Practice. Ivan Pepelnjak NIL Data Communications

Managing Demand Spikes in a highly flexible and agile deployment

Pass4Sure.4A0-104,288.Questions

Designing Mul+- Tenant Data Centers using EVPN- IRB. Neeraj Malhotra, Principal Engineer, Cisco Ahmed Abeer, Technical Marke<ng Engineer, Cisco

EVPN Multicast. Disha Chopra

EVPN Command Reference

Unicast Forwarding. Unicast. Unicast Forwarding Flows Overview. Intra Subnet Forwarding (Bridging) Unicast, on page 1

Neutron: peeking behind the curtains

Solution Guide. Infrastructure as a Service: EVPN and VXLAN. Modified: Copyright 2016, Juniper Networks, Inc.

VXLAN EVPN Automation with ODL NIC. Presented by: Shreyans Desai, Serro Yrineu Rodrigues, Lumina Networks

Lab Exercise Sheet 2 (Sample Solution)

Ethernet VPN (EVPN) in Data Center

VXLAN Deployment Use Cases and Best Practices

Linux Clusters Institute: OpenStack Neutron

Experimenting Internetworking using Linux Virtual Machines Part I

MidoNet Operations Guide

Intended status: Standards Track. Cisco Systems October 22, 2018

Network Mul,tenancy in Xen- based Clouds. Chiradeep Vi;al CloudStack Commi;er Citrix Sep

Building Data Center Networks with VXLAN EVPN Overlays Part I

UniNets MPLS LAB MANUAL MPLS. UNiNets Multiprotocol label Switching MPLS LAB MANUAL. UniNets MPLS LAB MANUAL

DHCP Relay in VXLAN BGP EVPN

Lab 1: Static MPLS LSP-RTX4-RTX1 LSP-RTX1-RTX4 LSP-RTX3-RTX2 LSP-RTX2-RTX3

Enterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.

January 27, Docker Networking with Linux. Guillaume Urvoy-Keller. Reference Scenario. Basic tools: bridges, VETH

TCP/IP Network Essentials

Higher scalability to address more Layer 2 segments: up to 16 million VXLAN segments.

Addressing and Routing

Docker Networking Deep Dive online meetup

VXLAN Commands. Cisco ASR 9000 Series Aggregation Services Router VPN and Ethernet Services Command Reference, Release 5.2.x 1

Optimizing Layer 2 DCI with OTV between Multiple VXLAN EVPN Fabrics (Multifabric)

VXLAN Cisco and/or its affiliates. All rights reserved. Cisco Public

Getting Started with Linux on Cumulus Networks

Traffic Load Balancing in EVPN/VXLAN Networks. Tech Note

THE INTERNET PROTOCOL INTERFACES

THE INTERNET PROTOCOL/1

VRF Update David Ahern

The Internet Protocol

End-to-end fabric visibility

DHCP Relay in VXLAN BGP EVPN

Module 11b MPLS VPLS Configuration Lab (LDP Manual)

Dockercon 2017 Networking Workshop

Implementing VXLAN. Prerequisites for implementing VXLANs. Information about Implementing VXLAN

Networking Approaches in. a Container World. Flavio Castelli Engineering Manager

Boost local network performance (Increase network thoroughput) by enabling Jumbo Frames on GNU / Linux

Introduction to External Connectivity

Cloud Data Center Architecture Guide

This document guides the user through: 1. Setting up and configuring networking for the BeagleBone black or green with the host.

MPLS design. Massimiliano Sbaraglia

Network Virtualization in IP Fabric with BGP EVPN

Lecture 8 Advanced Networking Virtual LAN. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it

Dell EMC Ready Architecture for Red Hat OpenStack Platform

I Commands. iping, page 2 iping6, page 4 itraceroute, page 5 itraceroute6 vrf, page 6. itraceroute vrf encap vxlan, page 12

Multi-site Datacenter Network Infrastructures

For personnal use only

Cisco Campus Fabric Introduction. Vedran Hafner Systems engineer Cisco

Internet Engineering Task Force (IETF) Request for Comments: N. Bitar Nokia R. Shekhar. Juniper. J. Uttaro AT&T W. Henderickx Nokia March 2018

Building an Open, Transparent NOS and Ecosystem Using Linux as the Key

Securizarea Calculatoarelor și a Rețelelor 32. Tehnologia MPLS VPN

VRF, MPLS and MP-BGP Fundamentals

Implementing VXLAN in DataCenter

Central America Workshop - Guatemala City Guatemala 30 January - 1 February 07 Host Configuration (Linux)

LTRDCT-2781 Building and operating VXLAN BGP EVPN Fabrics with Data Center Network Manager

WAN. Core Routing Module. Data Cente r LAB. Internet. Today: MPLS, OSPF, BGP Future: OSPF, BGP. Today: L2VPN, L3VPN. Future: VXLAN

Using the Linux VRF Solution

Transcription:

Contemporary Linux Networking Confessions of a Professional Freifunker DENOG9 Maximilian Wilhelm <max@sdn.clinic> @BarbarossaTM

Who am I? Maximilian Wilhelm @BarbarossaTM Senior Infrastructure Architect, Uni Paderborn Infrastructure Archmage, Freifunk Hochstift Fanboy of (Debian) Linux ifupdown2 Networker OpenSource Hacker 2

Agenda The Old Gods and the New ifupdown2 VRFs VXLAN VLAN-aware bridges MPLS DIY-SDN

root@stretch:~$ ifconfig -bash: ifconfig: command not found root@stretch:~$ route -bash: route: command not found root@stretch:~$ arp -bash: arp: command not found vconfig ifenslave

iproute2 Swiss Army knife for networkers Functions cleanly separated into subcommands ip link L2: MTU, VLANs, LAGs, bridges,... ip addr L3 addresses ip neigh ARP/ND ip route Routing + MPLS

Old vs. New vconfig add eth0 42 ip link add vlan42 link eth0 type vlan id 42 ifenslave bond0 eth0 ip link add bond0 type bond mode 4 ip link set master bond0 dev eth0 arp ip -4 neigh

Old vs. New - Bridges brctl addbr br0 ip link add br0 type bridge [ forward_delay FORWARD_DELAY ]... [ vlan_filtering VLAN_FILTERING ] [ vlan_default_pvid VLAN_D_PVID ]... [ nf_call_iptables NF_CALL_IPT ]... brctl addif br0 eth0 ip link set eth0 master br0

Network interface configuration Classic ifupdown not easily automated Generating /etc/network/interfaces simple How to reload?»service networking restart«disruptive No tool for reload present Isn't trivial to build CumulusNetworks Ifupdown2 Rewrite of ifupdown in Python https://github.com/cumulusnetworks/ifupdown2 8

ifupdown2 No full feature parity with ifupdown (yet?) Shipped with batteries included dependency resolution ifreload VRFs VXLAN VLAN-aware bridges Not (yet) supportedmerged: ppp 9

ifupdown2 Patches Easy to extend, thanks to Python Upstream open for ideas (Hi Julien & Roopa) Added support for B.A.T.M.A.N. interfaces Tunnel (GRE, SIT, IPIP, GRETAP) Open Pull-Requests for Condoning bridge interfaces for configuration Setting phys-dev for VXLAN Setting veth peer name 10

VRFs Independent routing instances L3-VPNs Usually in combination with MPLS Related features Policy-Routing (since Kernel 2.2) Old and busted Management headache Network Namespaces (Kernel 2.6.24++) Sometimes too much separation 11

VRFs on Linux Separation for Layer3 communication VRF interface is master for real interfaces Defines routing table for VRF Since Kernel 4.[345] (use >= 4.9) https://git.kernel.org/cgit/linux/kernel/git/to rvalds/linux.git/tree/documentation/networking/ vrf.txt https://cumulusnetworks.com/blog/vrf-for-linux/ https://de.slideshare.net/cumulusnetworks/opera tionalizing-vrf-in-the-data-center 12

VRFs on Linux ip link add VRF_DEVICE type vrf table ID ip link set dev DEVICE master VRF_DEVICE Note: Device routes move from table main and local to table $ID 13

VRFs with ifupdown2 auto eth0 iface eth0 address 185.46.137.163/25 address 2a00:13c8:1000:2::163/64 gateway 185.46.137.129 gateway 2a00:13c8:1000:2::1 vrf vrf_external auto vrf_external iface vrf_external vrf-table 1023 14

inter VRF Communication Requires veth pair Like a virtual network cable within the box A end in main VRF, Z end in VRF foo Usual routing Static Bird talking BGP to itself... 15

veth interfaces w/o + w/ ifupdown2 ip link add VETH_END1 type veth peer name VETH_END2 iface veth_ext2int link-type veth veth-peer-name veth_int2ext vrf vrf_external iface veth_int2ext link-type veth veth-peer-name veth_ext2int 16

VXLAN Ethernet over UDP Or: Poor mans approach to MPLS Designed as Layer2 overlay for DCs Multi-tenant Overlay over IP-Fabric 24Bit VNI => 16M Instances Unicast/Multicast communication Read: VLL / VPLS Endpoints = VTEP (VXLAN Tunnel End Point) RFC7348 17

VTEPs on Linux ip link add DEVICE type vxlan id ID [ dev PHYS_DEV ] [ { group remote } IPADDR ] [ local { IPADDR any } ] [ ] bridge fdb show [ brport DEVICE ] 18

VTEPs with ifupdown2 # vx_v2001_padcty auto vx_v2001_padcty iface vx_v2001_padcty vxlan-id 1310977 vxlan-physdev vlan2001 vxlan-svcnodeip 225.20.1.1 # hwaddress f2:00:c1:01:20:01 mtu 1560 19

VLAN-aware bridges VLANs and bridges have been a challenge That ain't true no more echo 1 > /sys/class/net/br0/bridge/ vlan_filtering Now it's a regular switch Configured with bridge utility from iproute Simple KVM/Qemu hook for VLAN assignment https://github.com/freifunkhochstift/ffho-saltpublic/blob/master/kvm/qemu-hook

Bridge utility bridge vlan { add del } vid VLAN_ID dev DEV [ pvid ] [ untagged ] [ self ] [ master ] bridge vlan show [ dev DEV ] [ vid VLAN_ID ] Related: bridge fdb [...]

VLAN-aware bridges w/ ifupdown2 iface br0 bridge-ports bond0 bridge-vlan-aware yes bridge-vids 1013 4002 iface bond0 bridge-vids 100 101 200 201 1013 2000 [..] iface cr02_eth1 bridge-vids 1013 2000 2004 2006 3002 iface br0.1013 address 10.132.252.22/28 [ ]

MPLS Forwarding path available in vanilla kernel Use >= 4.9 Requires iproute >= 4.3 ip -f mpls or ip -M Enable use of labels up to n sysctl -w net.mpls.platform_labels=n Enable MPLS decap on $iface sysctl -w net.mpls.conf.$iface.input=1

MPLS Push ip route add 10.23.42.0/24 encap mpls 100 via inet 192.168.42.23 Swap (100 200) ip -f mpls route add 100 as 200 via inet 192.168.47.11 Pop ip -f mpls route add 300 dev lo

The SDN part N D S # Disclaimer: Font on special request of AbraXXL 25

Wireless Backbone (planned) 26

Cyber Supply Chain SDN ingredients ifupdown2 27

Pillar Example bbr-vega.in.ffho.net: id: 198 Quelle für Source forloopback-ip Loopback-IP syslocation: Vega roles: - router - batman - bbr sites: - pad-cty GP) B i + SPF O ( g i f on Bird c Generate Batman in terfaces Batman instances 28

Pillar Example contd. Source for /etc/network/interfaces ifaces: bond0: bond-slaves: "eth0 eth1 eth2" vlan1002: desc: "<-> gw04" lay vlan-raw-device: bond0 r e ov AN prefixes: L X V ate - 10.132.253.58/31 r ne e G - 2a03:2260:2342:fe1c::1/126 batman_connect_sites: pad-cty [...] 29

IPoBATMANoVXLANoIPoVLANoRF Wait, what? IP B.A.T.M.A.N. Adv. VXLAN IP Vlan Ethernet (RF / Kabel) 30

Lessons Learned 31

Offloading Difference between 4KB/s and 40MB/s... for iface in eth0 eth1; do for feature in sg gro gso tso; do ethtool --offload ${iface} ${feature} off done done https://downloadmirror.intel.com/22919/eng/readme.txt 32

OpenVPN vs. VRFs Lots of OpenVPN tunnels OpenVPN tunnel should use VRF external Needed a small patch setsockopt (sd, SOL_SOCKET, SO_BINDTODEVICE, dev, strlen(dev) +1); https://github.com/openvpn/openvpn/pull/65 Hi Gert, are you here? 33

Systemd + OpenVPN vs. ifup Lots of OpenVPN instances up /etc/openvpn/ifup ifup $1 Thanks to systemd all starting in parallel Some ifup calls in parallel Nearly no IPs configured anywhere Damn flock exclusive wait 30 34

Further Reading Salt-Orchestrated Software Defined (Freifunk) Network (german) Blog series DIY-SDN with OSS https://www.slideshare.net/barbarossatm/software -defined-freifunk-backbones-78288014 https://blog.sdn.clinic/2017/09/building-your-ownsoftware-defined-network-with-linux-and-opensource-tools/ #routingdays Learn to build the Internet https://blog.sdn.clinic/2017/09/ffrl-routingdayslearn-to-build-the-internet/ 35

Questions? Remarks? Tell me: Maximilian Wilhelm <max@elitepeer.de> @BarbarossaTM 36

Freifunkromantik 37

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback