1 00:00:06,320 --> 00:00:11,499 [Music] 2 00:00:15,599 --> 00:00:19,680 okay welcome back to the system in min 3 00:00:17,440 --> 00:00:21,359 conf um next up we have paul warren 4 00:00:19,680 --> 00:00:23,600 talking about some slightly more 5 00:00:21,359 --> 00:00:25,199 advanced networking with linux a 6 00:00:23,600 --> 00:00:27,439 reminder if you have questions during 7 00:00:25,199 --> 00:00:29,840 this talk just put them into the 8 00:00:27,439 --> 00:00:31,920 questions tab in venulis okay take away 9 00:00:29,840 --> 00:00:34,239 paul 10 00:00:31,920 --> 00:00:36,640 all right good day folks 11 00:00:34,239 --> 00:00:38,239 my name's paul here to talk about some 12 00:00:36,640 --> 00:00:39,520 stuff i've learned over the last little 13 00:00:38,239 --> 00:00:41,760 while 14 00:00:39,520 --> 00:00:43,360 networking with linux 15 00:00:41,760 --> 00:00:46,000 first of all a bit of a warning that i'm 16 00:00:43,360 --> 00:00:47,760 not a network engineer there are bits i 17 00:00:46,000 --> 00:00:48,879 don't know and there's probably gaps 18 00:00:47,760 --> 00:00:51,760 that will 19 00:00:48,879 --> 00:00:53,520 you know potentially cause issues so 20 00:00:51,760 --> 00:00:55,360 don't blame me if your network 21 00:00:53,520 --> 00:00:57,600 stops working 22 00:00:55,360 --> 00:00:59,440 and maybe don't go try building an isp 23 00:00:57,600 --> 00:01:01,680 based off this talk 24 00:00:59,440 --> 00:01:03,199 and as another sort of 25 00:01:01,680 --> 00:01:05,760 aside my uh 26 00:01:03,199 --> 00:01:07,200 i've just moved house and that was an 27 00:01:05,760 --> 00:01:08,880 experience that i was woefully 28 00:01:07,200 --> 00:01:12,479 unprepared for 29 00:01:08,880 --> 00:01:14,240 so please keep that in mind 30 00:01:12,479 --> 00:01:17,119 so i thought we'd start like what what 31 00:01:14,240 --> 00:01:18,479 even is a network i mean 32 00:01:17,119 --> 00:01:20,159 is it ethernet 33 00:01:18,479 --> 00:01:22,080 maybe token ring 34 00:01:20,159 --> 00:01:25,040 ipx 35 00:01:22,080 --> 00:01:28,960 ax25 36 00:01:25,040 --> 00:01:30,880 or is it something more like ipv4 or six 37 00:01:28,960 --> 00:01:32,560 or tcp 38 00:01:30,880 --> 00:01:35,840 i like to think of it as something that 39 00:01:32,560 --> 00:01:38,479 allows connections between computers 40 00:01:35,840 --> 00:01:40,960 uh in in this uh talk i'm mostly going 41 00:01:38,479 --> 00:01:43,520 to talk about ethernet and ipv6 although 42 00:01:40,960 --> 00:01:43,520 it sort of 43 00:01:44,000 --> 00:01:48,159 doesn't really matter that part of it 44 00:01:46,079 --> 00:01:50,000 and the the stuff we'll talk about will 45 00:01:48,159 --> 00:01:52,320 be mostly based on 46 00:01:50,000 --> 00:01:54,960 ethernet and ip 47 00:01:52,320 --> 00:01:56,240 most of us probably work in a managed 48 00:01:54,960 --> 00:01:57,280 network 49 00:01:56,240 --> 00:01:59,520 where 50 00:01:57,280 --> 00:02:03,840 the idea is to control connections 51 00:01:59,520 --> 00:02:03,840 between computers rather than just allow 52 00:02:04,159 --> 00:02:08,479 they also scale much more 53 00:02:08,800 --> 00:02:12,720 managed networks also scale connections 54 00:02:10,720 --> 00:02:14,640 between computers 55 00:02:12,720 --> 00:02:17,760 and you've probably seen this this 56 00:02:14,640 --> 00:02:20,400 diagram of the three tier in your core 57 00:02:17,760 --> 00:02:22,319 distribution access 58 00:02:20,400 --> 00:02:25,040 network they're 59 00:02:22,319 --> 00:02:26,640 um which is not likely to be something 60 00:02:25,040 --> 00:02:28,319 we have at home we have a pretty flat 61 00:02:26,640 --> 00:02:31,120 edge network at home 62 00:02:28,319 --> 00:02:33,920 and this diagram while it's nice it does 63 00:02:31,120 --> 00:02:35,840 hide a lot of complexities at each layer 64 00:02:33,920 --> 00:02:37,280 and is not something i know a great deal 65 00:02:35,840 --> 00:02:39,440 about and 66 00:02:37,280 --> 00:02:42,480 i invite you to research further about 67 00:02:39,440 --> 00:02:42,480 this methodology 68 00:02:43,599 --> 00:02:46,800 networking and as you probably have 69 00:02:45,840 --> 00:02:49,360 already 70 00:02:46,800 --> 00:02:51,280 understood is about layers 71 00:02:49,360 --> 00:02:52,640 like an onion or a parfait if you like 72 00:02:51,280 --> 00:02:55,200 that better 73 00:02:52,640 --> 00:02:56,879 there's that seven layer thing from the 74 00:02:55,200 --> 00:02:57,920 osi which i can't remember what it 75 00:02:56,879 --> 00:02:59,280 stands for 76 00:02:57,920 --> 00:03:01,280 which we can 77 00:02:59,280 --> 00:03:03,040 mostly ignore because it doesn't you 78 00:03:01,280 --> 00:03:04,480 know because what we generally use in 79 00:03:03,040 --> 00:03:06,959 the real world doesn't sort of conform 80 00:03:04,480 --> 00:03:08,560 to it very well but is a good um 81 00:03:06,959 --> 00:03:11,200 framework for assisting in in 82 00:03:08,560 --> 00:03:11,200 understanding 83 00:03:11,680 --> 00:03:17,040 so you know the general networks we use 84 00:03:13,920 --> 00:03:19,920 are basically ethernet with ip on top of 85 00:03:17,040 --> 00:03:23,519 that and then various flavors of other 86 00:03:19,920 --> 00:03:25,760 you know layer 3 networks of icmp tcp 87 00:03:23,519 --> 00:03:27,920 and udp 88 00:03:25,760 --> 00:03:29,680 it can also be administrative overlays 89 00:03:27,920 --> 00:03:33,120 things like 90 00:03:29,680 --> 00:03:35,599 firewalls web proxies ssl man in the 91 00:03:33,120 --> 00:03:38,319 middle um things for enterprise but also 92 00:03:35,599 --> 00:03:42,400 things like access rights and 93 00:03:38,319 --> 00:03:42,400 bandwidth shaping and things like that 94 00:03:42,640 --> 00:03:47,000 there no that's the wrong button 95 00:03:47,519 --> 00:03:50,239 sorry about that 96 00:03:52,640 --> 00:03:57,599 oh yes and the last one there was for 97 00:03:54,640 --> 00:03:59,519 vpns and tunnels which allow you to put 98 00:03:57,599 --> 00:04:03,360 networks through other networks and have 99 00:03:59,519 --> 00:04:03,360 them appear in strange places 100 00:04:03,680 --> 00:04:07,760 and that's sort of so that 101 00:04:06,000 --> 00:04:10,959 means that the physical layers don't 102 00:04:07,760 --> 00:04:12,239 have to match the logical connections 103 00:04:10,959 --> 00:04:14,560 and 104 00:04:12,239 --> 00:04:17,680 you know you can distribute your network 105 00:04:14,560 --> 00:04:21,040 across multiple physical networks 106 00:04:17,680 --> 00:04:23,199 and it all should just work 107 00:04:21,040 --> 00:04:25,680 they're also a bit fractal in nature so 108 00:04:23,199 --> 00:04:27,919 you know large-scale networks 109 00:04:25,680 --> 00:04:31,120 are sort of self-similar the more you 110 00:04:27,919 --> 00:04:31,120 delve into the details 111 00:04:31,680 --> 00:04:34,479 but we can ignore a lot of this 112 00:04:32,800 --> 00:04:36,240 complexity for the stuff that i'm going 113 00:04:34,479 --> 00:04:38,240 to talk about today because that's 114 00:04:36,240 --> 00:04:40,960 really advanced networking not slightly 115 00:04:38,240 --> 00:04:42,880 advanced networking 116 00:04:40,960 --> 00:04:46,880 so i sort of start off with 117 00:04:42,880 --> 00:04:49,680 an easy one on linux which is vlans or 118 00:04:46,880 --> 00:04:53,280 virtual local area networks 119 00:04:49,680 --> 00:04:56,160 it's an ethernet layer protocol 120 00:04:53,280 --> 00:04:59,520 designed to limit broadcast storms and 121 00:04:56,160 --> 00:05:02,800 you can use it to separate ip networks 122 00:04:59,520 --> 00:05:06,479 on the same ethernet 123 00:05:02,800 --> 00:05:09,759 there is a concept of a tag in this 124 00:05:06,479 --> 00:05:12,479 in vlans which is a 125 00:05:09,759 --> 00:05:15,039 4096 126 00:05:12,479 --> 00:05:16,320 up goes up to 4096 so some bit number 127 00:05:15,039 --> 00:05:19,120 that i can't remember 128 00:05:16,320 --> 00:05:19,919 and that is used to separate these 129 00:05:19,120 --> 00:05:21,840 uh 130 00:05:19,919 --> 00:05:24,080 vlans at the ethernet layer it's part of 131 00:05:21,840 --> 00:05:26,639 the ethernet frame 132 00:05:24,080 --> 00:05:29,440 the untagged network is the default one 133 00:05:26,639 --> 00:05:32,400 that your nic will respond to 134 00:05:29,440 --> 00:05:34,240 if nothing else is set and then 135 00:05:32,400 --> 00:05:35,840 most nics 136 00:05:34,240 --> 00:05:37,840 need to have some 137 00:05:35,840 --> 00:05:39,440 magic done to them so they can respond 138 00:05:37,840 --> 00:05:41,600 to tagged 139 00:05:39,440 --> 00:05:45,160 packets from the ethernet 140 00:05:41,600 --> 00:05:47,840 it's defined in the ieee 141 00:05:45,160 --> 00:05:50,560 802.1q standard and zooms pretty 142 00:05:47,840 --> 00:05:50,560 interesting read 143 00:05:50,960 --> 00:05:55,840 in linux it's pretty easy to get one 144 00:05:53,280 --> 00:05:57,759 going and with the ip command 145 00:05:55,840 --> 00:05:58,880 you just run something like that you add 146 00:05:57,759 --> 00:06:00,800 a link 147 00:05:58,880 --> 00:06:03,919 and give it a name and tell it that it's 148 00:06:00,800 --> 00:06:07,039 for vlan id and then your number then 149 00:06:03,919 --> 00:06:09,360 you can as normal add addresses routes 150 00:06:07,039 --> 00:06:12,800 and whatever on top of that and then set 151 00:06:09,360 --> 00:06:14,160 it up to make it all go 152 00:06:12,800 --> 00:06:16,400 distributions 153 00:06:14,160 --> 00:06:18,240 do this in various different ways 154 00:06:16,400 --> 00:06:21,039 in debian it's 155 00:06:18,240 --> 00:06:23,280 the in etsy network interfaces 156 00:06:21,039 --> 00:06:25,759 you tell it to 157 00:06:23,280 --> 00:06:26,639 you know in create the the interface and 158 00:06:25,759 --> 00:06:28,400 then 159 00:06:26,639 --> 00:06:30,880 set it up with the hcp in this 160 00:06:28,400 --> 00:06:33,919 particular case and it takes care of all 161 00:06:30,880 --> 00:06:35,600 the ipsec and iplink link 162 00:06:33,919 --> 00:06:37,440 commands for you 163 00:06:35,600 --> 00:06:40,400 now open w 164 00:06:37,440 --> 00:06:42,240 open wrt has a nice gui to do all this 165 00:06:40,400 --> 00:06:44,319 sort of stuff 166 00:06:42,240 --> 00:06:46,639 and can also use the hardware present on 167 00:06:44,319 --> 00:06:46,639 most 168 00:06:46,880 --> 00:06:52,639 cpu endpoint routers and switches to 169 00:06:50,479 --> 00:06:55,520 do it at a hardware level so you can set 170 00:06:52,639 --> 00:06:57,199 one particular port to have 171 00:06:55,520 --> 00:07:01,800 a tagged vlan everywhere else be 172 00:06:57,199 --> 00:07:01,800 untagged on that port 173 00:07:02,319 --> 00:07:08,240 so here's sort of what i've done 174 00:07:05,199 --> 00:07:11,440 with uh with vlans in my 175 00:07:08,240 --> 00:07:14,080 my home network so i've got my normal 176 00:07:11,440 --> 00:07:16,720 router on the edge there 177 00:07:14,080 --> 00:07:19,199 which has three main vlans the 178 00:07:16,720 --> 00:07:21,599 production network or untagged 179 00:07:19,199 --> 00:07:23,280 which is you know production in the 180 00:07:21,599 --> 00:07:24,880 sense that it's the netflix and youtube 181 00:07:23,280 --> 00:07:26,000 that my kids watch 182 00:07:24,880 --> 00:07:28,160 along with 183 00:07:26,000 --> 00:07:30,720 my web host the work computers and 184 00:07:28,160 --> 00:07:34,240 desktops for my wife and all of that 185 00:07:30,720 --> 00:07:37,199 then i have another one or an actual 186 00:07:34,240 --> 00:07:39,039 tagged vlan for the wi-fi guest network 187 00:07:37,199 --> 00:07:41,039 um so all the traffic there is 188 00:07:39,039 --> 00:07:42,479 segregated out and firewalled off 189 00:07:41,039 --> 00:07:44,960 completely from 190 00:07:42,479 --> 00:07:46,879 all the other vlans 191 00:07:44,960 --> 00:07:48,960 and i'll also put this what i call an 192 00:07:46,879 --> 00:07:51,199 access vlan or that's probably not the 193 00:07:48,960 --> 00:07:52,879 right terminology it should be i think a 194 00:07:51,199 --> 00:07:54,800 distribution vlan 195 00:07:52,879 --> 00:07:55,840 but that's where all the other routers 196 00:07:54,800 --> 00:07:57,440 that i'm 197 00:07:55,840 --> 00:07:59,599 mucking about with 198 00:07:57,440 --> 00:08:01,199 sit so they can talk to each other so 199 00:07:59,599 --> 00:08:04,400 i've got a um 200 00:08:01,199 --> 00:08:06,240 yeah open sense test network same with 201 00:08:04,400 --> 00:08:08,879 open wit 202 00:08:06,240 --> 00:08:11,280 and the uh the 203 00:08:08,879 --> 00:08:13,840 internet for the 204 00:08:11,280 --> 00:08:13,840 knorry 205 00:08:14,000 --> 00:08:18,800 tutorials which i'll link later it's a 206 00:08:16,720 --> 00:08:20,160 really interesting tutorial on where i 207 00:08:18,800 --> 00:08:23,400 learned most of the stuff i'm talking 208 00:08:20,160 --> 00:08:23,400 about today 209 00:08:26,160 --> 00:08:31,440 okay so the next one is 210 00:08:28,960 --> 00:08:32,560 we talk about routing and what is a 211 00:08:31,440 --> 00:08:33,919 router 212 00:08:32,560 --> 00:08:37,919 i think it's a 213 00:08:33,919 --> 00:08:40,159 computer that has two or more interfaces 214 00:08:37,919 --> 00:08:42,800 and it does some sort of computation to 215 00:08:40,159 --> 00:08:47,200 determine where a packet goes 216 00:08:42,800 --> 00:08:47,200 which interface the packet goes to 217 00:08:47,440 --> 00:08:52,839 in linux it's reasonably simple to turn 218 00:08:50,160 --> 00:08:56,160 a linux machine into a router you add to 219 00:08:52,839 --> 00:08:58,000 the siskit or config and this set of 220 00:08:56,160 --> 00:09:02,640 stanzas tell it to 221 00:08:58,000 --> 00:09:04,720 forward for ipv4 and ipv6 222 00:09:02,640 --> 00:09:06,720 and we're done 223 00:09:04,720 --> 00:09:09,600 yeah no not really 224 00:09:06,720 --> 00:09:11,600 that's that sets up the ability to do 225 00:09:09,600 --> 00:09:13,920 routing but you also have to do things 226 00:09:11,600 --> 00:09:17,279 like actually add routes 227 00:09:13,920 --> 00:09:19,760 so static routes is the the normal one 228 00:09:17,279 --> 00:09:24,800 usually manually added or by scripts 229 00:09:19,760 --> 00:09:26,880 including things like scripts from dhcp 230 00:09:24,800 --> 00:09:29,680 which is as you probably know a 231 00:09:26,880 --> 00:09:32,240 mechanism to dynamically assign ips 232 00:09:29,680 --> 00:09:34,399 within a network they will also send out 233 00:09:32,240 --> 00:09:36,560 information like the 234 00:09:34,399 --> 00:09:39,360 the default route for the network and 235 00:09:36,560 --> 00:09:40,640 dns ntp servers whatever else there's a 236 00:09:39,360 --> 00:09:42,399 whole bunch of stuff you can do with 237 00:09:40,640 --> 00:09:45,279 dhcp which i should probably have talked 238 00:09:42,399 --> 00:09:48,080 about but i didn't think of it 239 00:09:45,279 --> 00:09:50,480 so this one here is just adding a route 240 00:09:48,080 --> 00:09:53,519 via 241 00:09:50,480 --> 00:09:57,200 a particular router on an interface with 242 00:09:53,519 --> 00:09:57,200 wireguard interface in this case 243 00:09:57,440 --> 00:10:00,160 uh you can also 244 00:09:59,200 --> 00:10:02,880 you know 245 00:10:00,160 --> 00:10:04,959 do ipv6 and i never did get this to work 246 00:10:02,880 --> 00:10:07,040 right so you can see it all 247 00:10:04,959 --> 00:10:08,720 but you know this is 248 00:10:07,040 --> 00:10:10,160 you know a few more 249 00:10:08,720 --> 00:10:11,360 but manually adding these you can 250 00:10:10,160 --> 00:10:13,760 imagine 251 00:10:11,360 --> 00:10:17,360 it comes quickly it quickly becomes 252 00:10:13,760 --> 00:10:19,760 unwieldy with expanding networks 253 00:10:17,360 --> 00:10:22,560 it's like this one so this is sort of my 254 00:10:19,760 --> 00:10:24,560 home network with the k nori side 255 00:10:22,560 --> 00:10:26,959 expanded on a little bit 256 00:10:24,560 --> 00:10:29,680 you can imagine for a 257 00:10:26,959 --> 00:10:30,800 machine you know say in the wi-fi sorry 258 00:10:29,680 --> 00:10:33,600 in the 259 00:10:30,800 --> 00:10:35,600 open wrt test network there to try and 260 00:10:33,600 --> 00:10:37,920 talk out to something 261 00:10:35,600 --> 00:10:39,279 in the k9 network 262 00:10:37,920 --> 00:10:40,959 it would have to have a lot of static 263 00:10:39,279 --> 00:10:43,279 routes 264 00:10:40,959 --> 00:10:47,680 to know where to go properly 265 00:10:43,279 --> 00:10:50,320 so this is where dynamic routes come in 266 00:10:47,680 --> 00:10:51,920 so a dynamic routing 267 00:10:50,320 --> 00:10:55,040 thing is where you 268 00:10:51,920 --> 00:10:56,800 advertise the lands on your router 269 00:10:55,040 --> 00:10:59,920 discover routes to 270 00:10:56,800 --> 00:11:02,000 lands on other routers 271 00:10:59,920 --> 00:11:04,160 if you need to do some logic and then 272 00:11:02,000 --> 00:11:05,839 add them to the kernel space routing 273 00:11:04,160 --> 00:11:07,680 table 274 00:11:05,839 --> 00:11:09,440 on linux we don't have this built into 275 00:11:07,680 --> 00:11:11,760 the kernel but we have some user space 276 00:11:09,440 --> 00:11:15,040 domains and talking to the kernel 277 00:11:11,760 --> 00:11:18,160 networking stack 278 00:11:15,040 --> 00:11:18,160 so the main 279 00:11:19,279 --> 00:11:23,360 protocol is this open shortest path 280 00:11:22,320 --> 00:11:26,399 first 281 00:11:23,360 --> 00:11:29,440 protocol it uses the you know digits 282 00:11:26,399 --> 00:11:32,160 graph minimization cost a graph 283 00:11:29,440 --> 00:11:35,279 traversal cost minimization algorithm 284 00:11:32,160 --> 00:11:36,880 and it's defined in in the rfcs 2328 and 285 00:11:35,279 --> 00:11:38,720 5340 286 00:11:36,880 --> 00:11:39,519 and it's four 287 00:11:38,720 --> 00:11:41,519 uh 288 00:11:39,519 --> 00:11:43,680 dynamically assigning routes within 289 00:11:41,519 --> 00:11:45,120 within your network 290 00:11:43,680 --> 00:11:48,640 um 291 00:11:45,120 --> 00:11:52,000 the other dynamic routing protocol is a 292 00:11:48,640 --> 00:11:54,720 border gateway protocol 293 00:11:52,000 --> 00:11:57,200 oops that didn't work well 294 00:11:54,720 --> 00:11:59,200 but that's uh for 295 00:11:57,200 --> 00:12:01,760 talking outside you know sharing your 296 00:11:59,200 --> 00:12:02,560 dynamic routes outside your network 297 00:12:01,760 --> 00:12:05,120 and 298 00:12:02,560 --> 00:12:06,959 as part of an autonomous system 299 00:12:05,120 --> 00:12:08,560 and this is sort of something i don't 300 00:12:06,959 --> 00:12:10,720 really know a lot about and is what i 301 00:12:08,560 --> 00:12:13,200 would consider even more advanced than 302 00:12:10,720 --> 00:12:13,200 slightly 303 00:12:13,760 --> 00:12:18,399 for 304 00:12:15,680 --> 00:12:20,160 uh the user space diamonds the main one 305 00:12:18,399 --> 00:12:22,800 i've used is the berkeley internet 306 00:12:20,160 --> 00:12:24,959 routing daemon there's also quagga 307 00:12:22,800 --> 00:12:27,279 open bgpd 308 00:12:24,959 --> 00:12:29,279 from the open bsd project 309 00:12:27,279 --> 00:12:31,279 there's significant overlap but they are 310 00:12:29,279 --> 00:12:32,639 different and support slightly different 311 00:12:31,279 --> 00:12:34,720 things 312 00:12:32,639 --> 00:12:35,870 and yeah i've not used quagga there are 313 00:12:34,720 --> 00:12:37,600 probably others 314 00:12:35,870 --> 00:12:39,920 [Music] 315 00:12:37,600 --> 00:12:42,480 and i think there are 316 00:12:39,920 --> 00:12:45,519 specific ones within things like the 317 00:12:42,480 --> 00:12:48,639 cisco ios and microtic operating systems 318 00:12:45,519 --> 00:12:50,160 but i'm not at all familiar with them 319 00:12:48,639 --> 00:12:52,399 so 320 00:12:50,160 --> 00:12:55,360 the berkeley internet routing diamond or 321 00:12:52,399 --> 00:12:57,440 bird is a very powerful and complex to 322 00:12:55,360 --> 00:12:59,120 configure although it's not quite turing 323 00:12:57,440 --> 00:13:00,959 complete 324 00:12:59,120 --> 00:13:03,360 um 325 00:13:00,959 --> 00:13:04,720 i would recommend you use version 326 00:13:03,360 --> 00:13:08,399 control on 327 00:13:04,720 --> 00:13:10,480 i use git on slash etc bird 328 00:13:08,399 --> 00:13:12,079 and wherever your distro stores that's 329 00:13:10,480 --> 00:13:14,399 what i recommend because 330 00:13:12,079 --> 00:13:16,160 you've got tracking changes which can 331 00:13:14,399 --> 00:13:20,680 undo 332 00:13:16,160 --> 00:13:20,680 your last change which made nothing work 333 00:13:21,600 --> 00:13:28,399 so the bird config file is 334 00:13:24,560 --> 00:13:31,839 built up of these protocol blocks 335 00:13:28,399 --> 00:13:32,880 and the most important part i suppose is 336 00:13:31,839 --> 00:13:34,639 the 337 00:13:32,880 --> 00:13:35,600 the router id 338 00:13:34,639 --> 00:13:37,760 um 339 00:13:35,600 --> 00:13:39,120 that's 340 00:13:37,760 --> 00:13:41,600 excuse me 341 00:13:39,120 --> 00:13:42,720 that's usually one of the routers ipv4 342 00:13:41,600 --> 00:13:45,839 address 343 00:13:42,720 --> 00:13:47,760 addresses and the default that 344 00:13:45,839 --> 00:13:49,360 bird chooses the lowest one that's not 345 00:13:47,760 --> 00:13:52,240 on the loopback 346 00:13:49,360 --> 00:13:54,480 interface it needs to be unique 347 00:13:52,240 --> 00:13:57,199 across your network not necessarily 348 00:13:54,480 --> 00:13:57,199 globally 349 00:13:57,839 --> 00:14:02,800 yeah 350 00:13:59,519 --> 00:14:06,000 there are lots of protocol block types 351 00:14:02,800 --> 00:14:08,000 including ospf bgp there's rip 352 00:14:06,000 --> 00:14:09,839 a whole bunch of them 353 00:14:08,000 --> 00:14:10,720 the documentation for bird is really 354 00:14:09,839 --> 00:14:13,279 good 355 00:14:10,720 --> 00:14:15,199 and and tells you a lot about what each 356 00:14:13,279 --> 00:14:18,720 of these blocks needs it's really 357 00:14:15,199 --> 00:14:22,079 relatively straightforward to follow 358 00:14:18,720 --> 00:14:24,959 so the protocol blocks a how bird knows 359 00:14:22,079 --> 00:14:29,040 who or what to talk to and how so 360 00:14:24,959 --> 00:14:32,000 in the next slide yeah we've got an ospf 361 00:14:29,040 --> 00:14:33,760 protocol block which uh talks it has an 362 00:14:32,000 --> 00:14:35,279 area and an interface 363 00:14:33,760 --> 00:14:38,000 oh that's what i was going to mention so 364 00:14:35,279 --> 00:14:41,199 back here we've got this device 365 00:14:38,000 --> 00:14:43,839 protocol so in there you can specify 366 00:14:41,199 --> 00:14:44,639 to ignore particular network interfaces 367 00:14:43,839 --> 00:14:46,399 or 368 00:14:44,639 --> 00:14:50,079 give certain others higher priority or 369 00:14:46,399 --> 00:14:50,079 higher costs that sort of thing 370 00:14:52,399 --> 00:14:56,560 oh yes and yeah that's all good 371 00:14:55,279 --> 00:14:58,639 so this 372 00:14:56,560 --> 00:15:01,760 is a bit of a more advanced diagram with 373 00:14:58,639 --> 00:15:03,600 a reasonably complex set of 374 00:15:01,760 --> 00:15:06,399 things but it shows you sort of so each 375 00:15:03,600 --> 00:15:08,399 circle there is a protocol 376 00:15:06,399 --> 00:15:10,399 there's a the rspf you can see at the 377 00:15:08,399 --> 00:15:13,120 top and then the kernel 378 00:15:10,399 --> 00:15:16,000 and so you know it's importing 379 00:15:13,120 --> 00:15:18,240 routes from the wider ospf protocol that 380 00:15:16,000 --> 00:15:19,600 it gets stuffing it all into the master 381 00:15:18,240 --> 00:15:21,920 table and then 382 00:15:19,600 --> 00:15:23,440 exporting that to the linux kernel 383 00:15:21,920 --> 00:15:25,680 now on the other side you've got some 384 00:15:23,440 --> 00:15:26,639 strange bg penis 385 00:15:25,680 --> 00:15:30,399 which 386 00:15:26,639 --> 00:15:32,000 goes into this temporary table tr-10 387 00:15:30,399 --> 00:15:34,880 then through a pipe 388 00:15:32,000 --> 00:15:37,120 and pipes uh 389 00:15:34,880 --> 00:15:40,480 where the logic can happen so you can 390 00:15:37,120 --> 00:15:44,000 start aggregating or ignoring or 391 00:15:40,480 --> 00:15:45,759 doing things as needed 392 00:15:44,000 --> 00:15:47,519 for 393 00:15:45,759 --> 00:15:49,600 to the routes that are discovered and 394 00:15:47,519 --> 00:15:52,560 you can put them in between any other 395 00:15:49,600 --> 00:15:55,560 protocol and any other 396 00:15:52,560 --> 00:15:55,560 table 397 00:15:56,959 --> 00:16:01,120 all right so 398 00:15:59,360 --> 00:16:03,360 what inspired me to do this talk is this 399 00:16:01,120 --> 00:16:05,360 funky thing i found you can do 400 00:16:03,360 --> 00:16:07,839 with ospf 401 00:16:05,360 --> 00:16:10,000 so say you have some necessary service 402 00:16:07,839 --> 00:16:11,680 within your network 403 00:16:10,000 --> 00:16:13,279 that can be 404 00:16:11,680 --> 00:16:14,399 where you know where the data is more 405 00:16:13,279 --> 00:16:16,720 efficiently 406 00:16:14,399 --> 00:16:18,800 obtained across local links but can 407 00:16:16,720 --> 00:16:21,360 still get 408 00:16:18,800 --> 00:16:22,399 the same data across a more expensive 409 00:16:21,360 --> 00:16:24,880 link 410 00:16:22,399 --> 00:16:28,480 if the local version goes down 411 00:16:24,880 --> 00:16:31,360 so all you need is an ip on a host or 412 00:16:28,480 --> 00:16:32,800 many hosts that provide that services it 413 00:16:31,360 --> 00:16:34,880 that service 414 00:16:32,800 --> 00:16:37,279 and you can use that same ip in two 415 00:16:34,880 --> 00:16:39,279 different places in the network 416 00:16:37,279 --> 00:16:41,759 one might think that this is going to 417 00:16:39,279 --> 00:16:43,920 lead to confused routes 418 00:16:41,759 --> 00:16:46,800 but ospf 419 00:16:43,920 --> 00:16:46,800 helps us out 420 00:16:47,360 --> 00:16:51,600 so there's a little bit of a diagram of 421 00:16:49,199 --> 00:16:53,360 you know two offices one in perth and 422 00:16:51,600 --> 00:16:55,360 one in hobart 423 00:16:53,360 --> 00:16:56,480 um 424 00:16:55,360 --> 00:16:58,480 you know both 425 00:16:56,480 --> 00:17:00,000 having you know computers on the bottom 426 00:16:58,480 --> 00:17:01,839 talking to their own network with a 427 00:17:00,000 --> 00:17:03,759 router in the middle 428 00:17:01,839 --> 00:17:06,400 and an expensive link 429 00:17:03,759 --> 00:17:09,439 connecting the two 430 00:17:06,400 --> 00:17:14,120 but then we have these two 431 00:17:09,439 --> 00:17:14,120 services running on this 172-17055 432 00:17:14,959 --> 00:17:19,600 ip address and the way ospf works is you 433 00:17:17,679 --> 00:17:22,880 can add a cost 434 00:17:19,600 --> 00:17:25,360 you know it's just a number to scale 435 00:17:22,880 --> 00:17:28,559 uh within ospf you can add a cost to 436 00:17:25,360 --> 00:17:30,559 each link on a router so you know up you 437 00:17:28,559 --> 00:17:32,160 know on the hobart office router you'd 438 00:17:30,559 --> 00:17:35,200 say the 439 00:17:32,160 --> 00:17:37,760 link up to that top network is say 10 440 00:17:35,200 --> 00:17:41,120 and then the expensive link off to perth 441 00:17:37,760 --> 00:17:44,039 is 100 and what will happen then is that 442 00:17:41,120 --> 00:17:47,360 that hobart router will think the 443 00:17:44,039 --> 00:17:49,600 172170 network is local 444 00:17:47,360 --> 00:17:51,919 and everything on that side of the link 445 00:17:49,600 --> 00:17:53,039 will then talk to that service on that 446 00:17:51,919 --> 00:17:54,799 side 447 00:17:53,039 --> 00:17:56,799 if the 448 00:17:54,799 --> 00:17:59,360 local link goes down 449 00:17:56,799 --> 00:18:01,120 the will then go across the expensive 450 00:17:59,360 --> 00:18:02,080 link to perth and you know hopefully 451 00:18:01,120 --> 00:18:04,720 with your 452 00:18:02,080 --> 00:18:08,640 synchronization the data's the same 453 00:18:04,720 --> 00:18:08,640 and it all still hangs together 454 00:18:10,080 --> 00:18:15,360 so that's right that was this was what 455 00:18:12,400 --> 00:18:17,520 was causing so um late last year there 456 00:18:15,360 --> 00:18:19,360 was a big outage with facebook 457 00:18:17,520 --> 00:18:21,120 this is what they were doing with their 458 00:18:19,360 --> 00:18:23,440 dns services 459 00:18:21,120 --> 00:18:26,240 and they added a 460 00:18:23,440 --> 00:18:29,600 line in which turned off the uh 461 00:18:26,240 --> 00:18:32,000 part of the way bg ospf works turned it 462 00:18:29,600 --> 00:18:34,080 off so no one could talk to the dns 463 00:18:32,000 --> 00:18:36,000 which meant nothing worked 464 00:18:34,080 --> 00:18:37,520 so you do have to be careful with these 465 00:18:36,000 --> 00:18:40,520 things but they are they're pretty 466 00:18:37,520 --> 00:18:40,520 powerful 467 00:18:42,960 --> 00:18:47,120 all right so i sort of thought why would 468 00:18:45,520 --> 00:18:49,440 you want to use 469 00:18:47,120 --> 00:18:51,360 a real router and then the main reason 470 00:18:49,440 --> 00:18:52,480 is probably going to be performance and 471 00:18:51,360 --> 00:18:53,840 scaling 472 00:18:52,480 --> 00:18:56,160 the on a 473 00:18:53,840 --> 00:18:58,640 linux based router you have a packet 474 00:18:56,160 --> 00:19:00,400 come in through the nik hardware which 475 00:18:58,640 --> 00:19:01,760 then has to copy the whole thing to 476 00:19:00,400 --> 00:19:02,720 driver memory 477 00:19:01,760 --> 00:19:05,600 then off 478 00:19:02,720 --> 00:19:07,679 again to various kernel subsystems 479 00:19:05,600 --> 00:19:10,240 which can make the routing decision or 480 00:19:07,679 --> 00:19:12,160 you know potentially going out to some 481 00:19:10,240 --> 00:19:14,480 user space 482 00:19:12,160 --> 00:19:16,720 application if needed 483 00:19:14,480 --> 00:19:19,280 and then back out the same path through 484 00:19:16,720 --> 00:19:21,760 the kernel subsystems into the driver 485 00:19:19,280 --> 00:19:23,679 memory and then out the neck hardware 486 00:19:21,760 --> 00:19:26,559 in comparison a 487 00:19:23,679 --> 00:19:27,919 enterprise level router 488 00:19:26,559 --> 00:19:30,160 has 489 00:19:27,919 --> 00:19:31,840 the packet come in and just enough of 490 00:19:30,160 --> 00:19:34,240 the packet to get the address is copied 491 00:19:31,840 --> 00:19:36,400 to the routing silicon where the routing 492 00:19:34,240 --> 00:19:38,559 decision is made and then the silicon is 493 00:19:36,400 --> 00:19:40,480 switched to forward the packet out the 494 00:19:38,559 --> 00:19:42,080 correct nick 495 00:19:40,480 --> 00:19:45,600 nick hardware 496 00:19:42,080 --> 00:19:48,000 at wire speed so it's a switched 497 00:19:45,600 --> 00:19:49,760 physical connection usually although i'm 498 00:19:48,000 --> 00:19:54,720 sure that's all 499 00:19:49,760 --> 00:19:54,720 done in asics and fpgas these days 500 00:19:55,840 --> 00:19:59,919 so yeah yeah performance 501 00:19:57,919 --> 00:20:01,760 i mentioned that so there's a lot of 502 00:19:59,919 --> 00:20:04,400 work being done currently on links with 503 00:20:01,760 --> 00:20:06,960 zero copy networking so we can do sort 504 00:20:04,400 --> 00:20:09,280 of the same sorts of things pass 505 00:20:06,960 --> 00:20:11,679 pointers around i suppose i'm not 506 00:20:09,280 --> 00:20:14,720 sure how it all goes together and then 507 00:20:11,679 --> 00:20:14,720 the i o urine 508 00:20:14,960 --> 00:20:19,679 part of linux also has some smarts and 509 00:20:17,039 --> 00:20:22,240 other bits and pieces that tie into this 510 00:20:19,679 --> 00:20:22,240 pretty well 511 00:20:22,799 --> 00:20:27,200 some other considerations uh so network 512 00:20:25,600 --> 00:20:30,159 engineers are generally not familiar 513 00:20:27,200 --> 00:20:32,960 with linux networking they're much more 514 00:20:30,159 --> 00:20:36,720 familiar with things like cisco eyes or 515 00:20:32,960 --> 00:20:38,880 ios or a micro ticks operating system 516 00:20:36,720 --> 00:20:38,880 and 517 00:20:40,480 --> 00:20:43,919 excuse me 518 00:20:42,559 --> 00:20:45,679 yeah they have much more significant 519 00:20:43,919 --> 00:20:47,360 skills in those networking stacks than 520 00:20:45,679 --> 00:20:48,880 they will with 521 00:20:47,360 --> 00:20:50,880 with linux 522 00:20:48,880 --> 00:20:53,280 there's also the the 523 00:20:50,880 --> 00:20:55,200 availability of hardware for you know in 524 00:20:53,280 --> 00:20:57,120 terms of ruggedness and suitability for 525 00:20:55,200 --> 00:20:59,760 working in a data center 526 00:20:57,120 --> 00:21:00,799 a lot of stuff that linux supports 527 00:20:59,760 --> 00:21:02,400 is not 528 00:21:00,799 --> 00:21:03,919 great at that 529 00:21:02,400 --> 00:21:05,600 and you know power consumption is 530 00:21:03,919 --> 00:21:07,360 another problem 531 00:21:05,600 --> 00:21:09,120 um 532 00:21:07,360 --> 00:21:10,640 not so much in the data center though 533 00:21:09,120 --> 00:21:13,200 it's becoming more and more important i 534 00:21:10,640 --> 00:21:14,840 suppose um then you can also sort of 535 00:21:13,200 --> 00:21:17,919 have both 536 00:21:14,840 --> 00:21:19,440 so open wrt 537 00:21:17,919 --> 00:21:20,880 is my favorite thing for doing 538 00:21:19,440 --> 00:21:23,120 networking with 539 00:21:20,880 --> 00:21:25,120 it does work on a lot of enterprise 540 00:21:23,120 --> 00:21:26,880 level you know routers and switches and 541 00:21:25,120 --> 00:21:28,240 stuff and does support a lot of the 542 00:21:26,880 --> 00:21:31,150 hardware 543 00:21:28,240 --> 00:21:32,799 on a lot of those 544 00:21:31,150 --> 00:21:36,000 [Music] 545 00:21:32,799 --> 00:21:39,840 so yeah i didn't get to explore bgp 546 00:21:36,000 --> 00:21:41,600 as much as i'd like i'm not yeah not uh 547 00:21:39,840 --> 00:21:43,600 too confident in my understanding of it 548 00:21:41,600 --> 00:21:44,720 as yet but it is how the internet's put 549 00:21:43,600 --> 00:21:47,840 together 550 00:21:44,720 --> 00:21:49,760 and can do some even more funky tricks 551 00:21:47,840 --> 00:21:51,760 like our service example 552 00:21:49,760 --> 00:21:54,960 uh things like 553 00:21:51,760 --> 00:21:57,679 uh the um 554 00:21:54,960 --> 00:21:59,120 the netflix data centers and netflix 555 00:21:57,679 --> 00:22:03,200 caches 556 00:21:59,120 --> 00:22:03,200 yeah you can do all sorts of fun tricks 557 00:22:04,000 --> 00:22:06,000 all right 558 00:22:05,039 --> 00:22:08,320 so 559 00:22:06,000 --> 00:22:09,440 i put in some some bonus homework if you 560 00:22:08,320 --> 00:22:11,200 want to 561 00:22:09,440 --> 00:22:12,720 learn a bit more you can try asking 562 00:22:11,200 --> 00:22:15,280 yourself 563 00:22:12,720 --> 00:22:17,520 those few questions there 564 00:22:15,280 --> 00:22:19,360 idea very highly recommend going through 565 00:22:17,520 --> 00:22:22,559 k nori's 566 00:22:19,360 --> 00:22:24,720 ospf and bgp tutorial 567 00:22:22,559 --> 00:22:28,159 it's really worthwhile 568 00:22:24,720 --> 00:22:30,400 i didn't cover ospf areas much and 569 00:22:28,159 --> 00:22:32,159 so the idea is that ospf is done in 570 00:22:30,400 --> 00:22:33,760 areas and you can split that up within 571 00:22:32,159 --> 00:22:36,559 birds so it talks 572 00:22:33,760 --> 00:22:36,559 in areas 573 00:22:37,520 --> 00:22:41,600 so you usually have the area zero which 574 00:22:39,919 --> 00:22:43,840 is where all routes are shared and you 575 00:22:41,600 --> 00:22:45,039 can then you know fractalize that out to 576 00:22:43,840 --> 00:22:47,120 other areas 577 00:22:45,039 --> 00:22:48,799 with smaller networks 578 00:22:47,120 --> 00:22:52,080 and then there's also the problem of 579 00:22:48,799 --> 00:22:53,919 authentication and authorization so ospf 580 00:22:52,080 --> 00:22:55,120 by default will just accept routes from 581 00:22:53,919 --> 00:22:56,559 anywhere 582 00:22:55,120 --> 00:22:58,880 you may want to 583 00:22:56,559 --> 00:23:02,159 hash that or password protected or other 584 00:22:58,880 --> 00:23:03,360 things all certainly possible 585 00:23:02,159 --> 00:23:05,919 and you know 586 00:23:03,360 --> 00:23:09,600 the stuff i have done with bgp was a bit 587 00:23:05,919 --> 00:23:11,600 minimal and requires internal bgp 588 00:23:09,600 --> 00:23:13,600 to be set up sort of manually i'm 589 00:23:11,600 --> 00:23:16,480 assuming there'll be a automatic 590 00:23:13,600 --> 00:23:18,559 transfer of internal aggregate networks 591 00:23:16,480 --> 00:23:22,120 but i haven't looked into it 592 00:23:18,559 --> 00:23:22,120 all that much 593 00:23:22,320 --> 00:23:25,679 so 594 00:23:23,120 --> 00:23:27,919 the resources for this um maybe these 595 00:23:25,679 --> 00:23:31,120 slides the bird website's great so is 596 00:23:27,919 --> 00:23:32,960 open wrt the irc channel for opened up 597 00:23:31,120 --> 00:23:34,799 wit has been really helpful to me over 598 00:23:32,960 --> 00:23:36,640 the last couple of years 599 00:23:34,799 --> 00:23:38,400 and if you want to know more about why 600 00:23:36,640 --> 00:23:40,400 facebook was down for five hours there's 601 00:23:38,400 --> 00:23:42,799 a really good youtube video 602 00:23:40,400 --> 00:23:44,159 uh from ben eater 603 00:23:42,799 --> 00:23:47,360 to look at 604 00:23:44,159 --> 00:23:48,720 and there's the 802.1 q link which i 605 00:23:47,360 --> 00:23:50,640 couldn't get to work in the other slide 606 00:23:48,720 --> 00:23:54,240 i think but yeah that's the the protocol 607 00:23:50,640 --> 00:23:57,279 design uh documents there 608 00:23:54,240 --> 00:23:59,440 huh and that's my talk i'm a little bit 609 00:23:57,279 --> 00:24:01,840 early i think so 610 00:23:59,440 --> 00:24:07,120 feel free to ask some questions 611 00:24:01,840 --> 00:24:07,120 yeah we don't have any questions yet um 612 00:24:07,360 --> 00:24:11,039 now we are on a delay so if you got any 613 00:24:09,440 --> 00:24:13,360 questions please type them in really 614 00:24:11,039 --> 00:24:13,360 fast 615 00:24:14,880 --> 00:24:19,840 yes so we're talking about 30 seconds in 616 00:24:17,520 --> 00:24:19,840 the future 617 00:24:20,159 --> 00:24:25,279 so i'll give it a couple of i'll give it 618 00:24:22,080 --> 00:24:27,039 a give it a few seconds and then um 619 00:24:25,279 --> 00:24:29,760 it might be it there is some 620 00:24:27,039 --> 00:24:31,679 some discussion in the chat chat room 621 00:24:29,760 --> 00:24:33,200 people talking about general networking 622 00:24:31,679 --> 00:24:34,640 stuff and that and 623 00:24:33,200 --> 00:24:38,159 recommending their favorite little 624 00:24:34,640 --> 00:24:39,039 things and crazy stuff so excellent 625 00:24:38,159 --> 00:24:39,840 yeah 626 00:24:39,039 --> 00:24:42,880 so 627 00:24:39,840 --> 00:24:45,360 we've got a networking theme at least 628 00:24:42,880 --> 00:24:47,360 okay uh 629 00:24:45,360 --> 00:24:48,640 i think we don't have any questions all 630 00:24:47,360 --> 00:24:52,880 right 631 00:24:48,640 --> 00:24:55,039 okay so um yeah thank you 632 00:24:52,880 --> 00:24:57,200 sorry my brain's gone 633 00:24:55,039 --> 00:24:59,440 so yeah thank you very much paul 634 00:24:57,200 --> 00:25:01,520 um all right obviously but stressful 635 00:24:59,440 --> 00:25:03,840 week moving for you but 636 00:25:01,520 --> 00:25:05,200 thanks thanks for joining us and giving 637 00:25:03,840 --> 00:25:09,159 us a talk 638 00:25:05,200 --> 00:25:09,159 no trouble thank you