Advanced Networking Features

From docwiki
Revision as of 15:03, 29 March 2020 by Mond (talk | contribs) (Dynamic Routing)
Jump to: navigation, search


Motivation

The network capabilities of Linux are not limited to what you have seen so far. This chapter gives you a list of what else you could do, without much details.

List of more Advanced Networking Topics

VLANs

You can run more then one network on the same wire, but to properly separate them there is the possibility of VLANs (IEEE 802.1Q, or often called dot1q ) where networks are separated by a 12 bit VLAN number. So you can have about 4096 different virtual LANs on a cable. Most larger switches support this so you can have different networks on the same switch. On some cables (e.g. interconnects between switchs) you would sent your packets with the VLAN header (tag) included. So called tagged ports. On others, where you have only one station in one particular virtual LAN they are sent untagged. The station does not know about any other VLANs at all.

In order to give a Linux server the option to be directly connected in multiple virtual LANs you would connect them to a tagged port and configure virtual interfaces for each VLAN number that you need to see.

You can configure VLANs in /etc/network/interfaces once the vlan tools are installed: 

auto eth0 eth0.1492 eth0.2345
iface eth0 inet static
     address ...

iface eth0.1492 inet static
     address ...

iface eth0.2345 inet static
     address ...

Bonding

When you need a highly available system you want to connect it to 2 different network switches. If one is down you could still be reached via the other. To do this you could setup an active/backup bonding. You would use 2 network cards and with the bonding you define a virtual one that consists of the 2 individual ones.

You can configure bonding in the /etc/network/interfaces 

auto bond0
iface bond0 inet static
  address 192.168.18.177
  netmask 255.255.255.0
  slaves eth0 eth1
  bond-mode active-backup
  bond_primary eth0

Sometimes the bandwidth of one Links is not enough. Then we could use LACP type bonding, where both links are used and the LACP protocol takes care to ignore links that failed. But if the additional bandwidth is not needed the simple active-backup type bonding is better.

Bridges

A bridge is like a virtual network switch. You can use is it to connect 2 network segments with 2 network cards and without being a router, while you could still use firewall rules on them. A bridge is also useful for running virtual machines. You then have a virtual network switch that connects your virtual machines to a real network port. 

iface br0 inet static
    address ...
    bridge_ports eth0 eth1

Dynamic Routing

We have learned how to setup a routes to networks with the route command. In the global internet routing tables would consist of over 800000 routes (2019). They can not be maintained per hand and a so called routing protocol is used. In this case an exterior routing protocol: BGP.

Even within larger organisations and especially within internet provides there are many routes. There internal routing protocols are used. Most of the time this is either OSPF. And then there is RIP. RIP is useful for simple purposes. On Linux you can use quagga for these protocols.

This is useful because you can build redundancy. When one line to your provider or to your remote office fails you can use the 2nd one transparently.

VPN

PPP

Retrieved from "https://mond.at/docwiki/index.php?title=Advanced_Networking_Features&oldid=372"