Linux networking
References
On this wiki:
External:
- Basic HOW-TO
- Linux Networking-concepts HOWTO - Rusty Russell (basic introduction, 2001)
- Linux Networking-HOWTO (Previously the Net-3 Howto) (old HOWTO, 1999, refer to ch5 and ch6 for simple routing examples)
- Quick HOWTO : Ch03 : Linux Networking (seems more extended)
- iproute2
- Tun/Tap
ARP (Address Resolution Protocol)
Links on Wikipedia:
ARP is a protocol used for resolution of network layer addresses (OSI level 3, e.g. IP addresses) into link layer addresses (OSI level 2, e.g. MAC addresses).
Example (adapted from wikipedia):
Computers A and B are in an office, connected to each other on the office local area network by Ethernet cables and network switches, with no intervening gateways or routers. A wants to send a packet to B. Through other means, it determines that B's IP address is 192.168.0.55. In order to send the message, it also needs to know B's MAC address:
- First, A uses a cached ARP table to look up B's MAC address from B's IP address. If the MAC address is found, it sends the IP packet on the link layer to that MAC address via the local network cabling.
- If the cache did not produce any result, A has to send a broadcast ARP message (destination FF:FF:FF:FF:FF:FF) requesting an answer for B's IP address. B responds with its MAC address. B may insert an entry for A into its own ARP table for future use. The response information is cached in A's ARP table and the message can now be sent.
ARP Proxy
Proxy ARP is a technique by which a device on a given network answers the ARP queries for a network address that is not on that network. The ARP Proxy is aware of the location of the traffic's destination, and offers its own MAC address in reply, effectively saying, "send it to me, and I'll get it to where it needs to go." Serving as an ARP Proxy for another host effectively directs LAN traffic to the Proxy. The "captured" traffic is then typically routed by the Proxy to the intended destination via another interface or via a tunnel. The process which results in the node responding with its own MAC address to an ARP request for a different IP address for proxying purposes is sometimes referred to as publishing.
- (+) simplicity. A router may extend a network without knowledge of the upstream router.
- (-) scalability
- (-) reliability (no fallback mechanism)
Gateway
If after routing, the selected route contains IP address of a gateway, the destination address in the IP packet is *not* changed. Instead, it tells the link layer to use the gateway's MAC address in the frame header instead of the one of the destination IP address (see [1]).
Tun/Tap devices
tun/tap are software-only interfaces, accessed through a character device (usually located at /dev/net/tun), and that allow userspace networking
Creating tun/tap devices
There are basically 3 ways to create tun/tap devices:
- ip' (package iproute, aka iproute2) (see [2]).
Unfortunately this is option is only available in recent distribution (not available in Ubuntu Lucid) - openvpn
- tunctl
ip tuntap help
ip tuntap add dev mytap mode tap user $USER
sudo openvpn --mktun --dev tun0 --user $USER
sudo openvpn --rmtun --dev tun0
Do not use version from package uml-utilities because it can only create tap devices, not tun. Instead fetch the latest version from SourceForge.
sudo tunctl -n -u $USER # Create a tun device. '-n' can be replaced by '-t tun0'
Network setup via command line
sudo ifconfig eth0 192.168.1.1 netmask 255.255.255.0
sudo route add default gw 192.168.1.129
sudo vi /etc/resolv.conf
# nameserver 192.168.1.129
# search domainname
sudo dhclient eth0
Questions
- Difference between ifconfig(8), route(8) and ip(8)?
From [3]: And remember: every time you use ifconfig(8), Cthulhu eats a kitten. Please, think of the kittens
This HOW-TO says that route and ip(8) are not compatible.
Why iproute2 says that Linux kernels 2.2 and up include a completely redesigned network system, and that legacy tools like arp, ifconfig and route are actually obsolete and show some unexpected behaviours that are only available with iproute2 ([4]).
43. LVS: Newer networking tools: Policy Routing gives more example of ifconfig hiding (wrongly) complexity of an interface having multiple IP addresses.