Advanced Networking Features

From docwiki
Jump to: navigation, search


Motivation

The network capabilities of Linux are not limited to what you have seen so far. This chapter gives you a list of what else you could do, without much details.

List of more Advanced Networking Topics

VLANs

You can run more then one network on the same wire, but to properly separate them there is the possibility of VLANs (IEEE 802.1Q, or often called dot1q ) where networks are separated by a 12 bit VLAN number. So you can have about 4096 different virtual LANs on a cable. Most larger switches support this so you can have different networks on the same switch. On some cables (e.g. interconnects between switchs) you would sent your packets with the VLAN header (tag) included. So called tagged ports. On others, where you have only one station in one particular virtual LAN they are sent untagged. The station does not know about any other VLANs at all.

In order to give a Linux server the option to be directly connected in multiple virtual LANs you would connect them to a tagged port and configure virtual interfaces for each VLAN number that you need to see.

You can configure VLANs in /etc/network/interfaces once the vlan tools are installed: 

auto eth0 eth0.1492 eth0.2345
iface eth0 inet static
     address ...

iface eth0.1492 inet static
     address ...

iface eth0.2345 inet static
     address ...

Bonding

When you need a highly available system you want to connect it to 2 different network switches. If one is down you could still be reached via the other. To do this you could setup an active/backup bonding. You would use 2 network cards and with the bonding you define a virtual one that consists of the 2 individual ones.

You can configure bonding in the /etc/network/interfaces 

auto bond0
iface bond0 inet static
  address 192.168.18.177
  netmask 255.255.255.0
  slaves eth0 eth1
  bond-mode active-backup
  bond_primary eth0

Sometimes the bandwidth of one Links is not enough. Then we could use LACP type bonding, where both links are used and the LACP protocol takes care to ignore links that failed. But if the additional bandwidth is not needed the simple active-backup type bonding is better.

Bridges

A bridge is like a virtual network switch. You can use is it to connect 2 network segments with 2 network cards and without being a router, while you could still use firewall rules on them. A bridge is also useful for running virtual machines. You then have a virtual network switch that connects your virtual machines to a real network port. 

iface br0 inet static
    address ...
    bridge_ports eth0 eth1

Dynamic Routing

We have learned how to setup a routes to networks with the route command. In the global internet routing tables would consist of over 800000 routes (2019). They can not be maintained per hand and a so called routing protocol is used. In this case an exterior routing protocol: BGP.

Even within larger organisations and especially within internet provides there are many routes. There internal routing protocols are used. Most of the time this is either OSPF. And then there is RIP. RIP is useful for simple purposes. On Linux you can use quagga for these protocols.

This is useful because you can build redundancy. When one line to your provider or to your remote office fails you can use the 2nd one transparently.

VPN

If you want to connect your remote office over a public internet line you need some form of encryption. This is what VPNs are for. Also if you want to hide your location you can use a public VPN provider and build a tunnel there so that it seems all your connections are originating from somewhere else.

There are a lot of options for VPNs in Linux. Back in the 1990s IPsec was popular. Yet it often does not work well over NAT connections and is not used that often today. Most pupular today is openvpn which can be used both as server and client in Linux. So you can build your own openvpn endpoint and connect with your mobile phones, etc..

On the horizon is WireGuard. The wireguard code is already part of newer kernels and it promises to be an even simpler and faster way of doing VPN then openvpn.

PPP

If you have a serial line connection. (E.g. a virtual serial line over a bluetooth connection to a cell phone). Or 2 wires to a raspberry-pi, you can use pppd to create a virtual point-to-point network connection. We used this in the early days for dial-up lines.

Retrieved from "https://mond.at/docwiki/index.php?title=Advanced_Networking_Features&oldid=374"