Commit 00b88cef authored by JackV's avatar JackV

Add Networking section

parent e5cb65b5
### Programme
* NFtables basics
* Networking & NFtables basics
* How to debug network problems
* Wireguard: easy to setup vpn
* Ansible: how to manange many computers
......@@ -26,6 +26,156 @@ all these topics can come together
----
# Networking
---
## First, a microshot of Networking basics
---
## Link Layer
Transmits the actual 1s and 0s over the wire,
has routing but it is mostly Point-to-Point
Main technologies: Ethernet (802.3) and WiFi (802.11)
Addressing information: MAC address
Software Stack: ARP & NDP - `ip neigh`
---
## Internet Layer
Deals mainly with routing packets and managing fragmentation
Main technologies: IPv4 & IPv6
Addressing information: IP address
Software stack: `ip {address,route}`
---
## Transport Layer
Works to provide a usable implementation (socket) to the
program, provide important feature such as:
* Ports
* Packet reliability
Main technologies: TCP & UDP
Addressing information: Port
---
## Application Layer
Everything above __Transport__ is application-specific
Main technologies: HTTP, HTTPS, IMAP, gRPC
---
## What is important to remember
* Every computer needs an **IP address** to communicate to
other computers
* IPs have a __subnet mask__ that indicates which other IPs
can be contacted directly through the link layer
* Computer use ARP/NDP to have a **IP <-> MAC** translation
* This also means that there is a ARP/NDP record that tells us
the **MAC address** relative to the IP we want to contact
---
## What is important to remember /2
* For all other IPs (eg. `176.31.102.216`) we need to have
a **default gateway** where we deliver our IP packets to have
them sent to the Internet
* Computers that act as default gateways are called **routers**
(since they **route** packets) and usually take the form of
those boxes that ISP give to you
---
## How to retrieve ARP information
```bash
$ ip neigh
192.168.0.1 dev wlp2s0 lladdr c4:6d:1f:fa:41:a0 REACHABLE
^ ip ^ device ^ MAC address ^ status
```
Can we manually add entries? yes, with `ip neigh add` but if you have
to do that then you might have some network problems that need to be fixed
---
## How to retrieve IP-related information
```bash
$ ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 <clipped>
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 <clipped>
link/ether d8:cb:8a:ef:80:44 brd ff:ff:ff:ff:ff:ff
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 <clipped>
link/ether 9c:b6:d0:06:87:35 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.103/24 brd 192.168.0.255 scope global
valid_lft 6028sec preferred_lft 6028sec
inet6 fe80::b3b6:2ab6:2dcf:3b42/64 scope link noprefixroute
valid_lft forever preferred_lft forever
```
---
## Important information
```
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
```
* **wlp2s0**: network interface name
* **UP**: we (or our network manager) have turned the interface on
* **LOWER_UP**: the interface is actually working
* **mtu 1500**: max packet size before we need to fragment
---
```bash
link/ether 9c:b6:d0:06:87:35
```
Our interface's MAC address
```bash
inet 192.168.0.103/24
inet6 fe80::b3b6:2ab6:2dcf:3b42/64
```
Our interface's IP addresses
---
```bash
$ ip route show
default via 192.168.0.1 dev wlp2s0 <clipped>
192.168.0.0/24 dev wlp2s0 <clipped>
```
* Second line: if we want to contact a `192.168.0.X` ip we need to
do an ARP request, and then send our packet to that MAC address
* First line: if we want to send the packet elsewhere we need to send
it to `192.168.0.1` and it will take care of delivering it for us
----
# NFtables
---
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment