Presentation is loading. Please wait.

Presentation is loading. Please wait.

Thomas Graf <tgraf@suug.ch> Netconf 2006 Thomas Graf <tgraf@suug.ch>

Published by宝解 巴 Modified over 7 years ago

Similar presentations

Presentation on theme: "Thomas Graf <tgraf@suug.ch> Netconf 2006 Thomas Graf <tgraf@suug.ch>"— Presentation transcript:

1 Thomas Graf <tgraf@suug.ch>
Netconf 2006 Thomas Graf

2 Netlink Status Moving towards type safe interface
Tons of bugs got fixed, some of them exploitable

3 Generic Netlink Lacking some documentation
Users: TIPC, taskstats, NetLabel, TODO: Conditional dumps, requires interface to access genl hdr/attrs via cb->skb or keep genl_info alive throughout dump iterations Finalize userspace tools

4 libnl status rtnetlink 90% complete starting to get shipped
near 1.0 release (for real this time) New Stuff: genl xfrm keep caches up to date based on events

5 Cheap Routing Namespaces
ingress eth0 local table /32 mark 1 /32 mark 10 vlan0 vlan1 mark=1 mark=2 route must be added with !NLM_F_EXCL to avoid EEXISTS

6 Cheap Routing Namespaces
egress table 1 Application /24 dev vlan0 default via setsockopt(..., SO_MARK, 1) table 2 /24 dev vlan1 /24 dev vlan1 default via rule mark == 1 lookup 1 rule mark == 2 lookup 2

7 SO_MARK similar semantics as SO_PRIORITY inherited to tcp replies
can create sending namespaces by influencing route lookup

8 Virtual Device ingress eth0 eth1 vlan0 vlan1 vlan2 tc action mirred virt0 virt1 Application binds to virt0, assignment is dynamic w/o need for the application to rebind.

9 skb->mark nfmark has become generic, may just rename it to mark
remove dependency on netfilter Increases usability due to easier configuration

10 tc action: mark Sets skb->mark to static value
translates selector to mark value allows to execute expensive selector once and use fast mark selector afterwards

11 Mark support for ifa address
Add mark to struct in_ifaddr/in6_ifaddr Assigns an address to a namespace Results in auto generated routes to inherit make

12 Extending Routing Rules
New action FR_ACT_GOTO Jump to rule <priority> if selector matches 100: from any to any fwmark 0x10 goto 4000 200: from /24 to any UNREACHABLE 300: from any to /16 to any LOOKUP 10 400: from any to any BLACKHOLE 4000: from /24 to any lookup 20 4100: from any to any lookup default

13 Extending Routing Rules
Routing direction based selector Pass cause of lookup to fib_lookup() (input, output, local_addr_check) Bitmask in struct fib_rule specifying for which lookups to enable a rule ip rule add from /24 for INPUT lookup 200

14 Extending Routing Rules
Future Directions Consider packet data pointer as part of flowi where available to allow basing routing decisions on packet inspection Attach an ematch tree to a fib rule

Download ppt "Thomas Graf <tgraf@suug.ch> Netconf 2006 Thomas Graf <tgraf@suug.ch>"

Similar presentations

IPv6 Static Routes Overview.

IPv6 Static Routes Overview.
IP Forwarding Relates to Lab 3.

IP Forwarding Relates to Lab 3.
OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.

OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.
Implementing Inter-VLAN Routing

Implementing Inter-VLAN Routing
© 2001, Cisco Systems, Inc. Ethernet over Multiprotocol Label Switching.

© 2001, Cisco Systems, Inc. Ethernet over Multiprotocol Label Switching.
Chapter 5 - TCP/IP Discussion Related to Essay Question on Final Dr. V.T. Raja Oregon State University.

Chapter 5 - TCP/IP Discussion Related to Essay Question on Final Dr. V.T. Raja Oregon State University.
An Overlay Data Plane for PlanetLab Andy Bavier, Mark Huang, and Larry Peterson Princeton University.

An Overlay Data Plane for PlanetLab Andy Bavier, Mark Huang, and Larry Peterson Princeton University.
CSCI 4550/8556 Computer Networks Comer, Chapter 19: Binding Protocol Addresses (ARP)

CSCI 4550/8556 Computer Networks Comer, Chapter 19: Binding Protocol Addresses (ARP)
Routing and Routing Protocols Introduction to Static Routing.

Routing and Routing Protocols Introduction to Static Routing.
IP Routing: an Introduction. Quiz 0-31 32-63 64-95 96-127 128-159 160-191 192-223 224-255.

IP Routing: an Introduction. Quiz
Jan 10, 2008CS573: Network Protocols and Standards1 Virtual LANs Network Protocols and Standards Winter 2007-2008.

Jan 10, 2008CS573: Network Protocols and Standards1 Virtual LANs Network Protocols and Standards Winter
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.

NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 6 Switch Configuration.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 6 Switch Configuration.
PA3: Router Junxian (Jim) Huang EECS 489 W11 /

PA3: Router Junxian (Jim) Huang EECS 489 W11 /
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
ACE Address Configuration Executive. Why ACE? ACE provides access to several address resolution protocols under a single API ACE is the only API available.

ACE Address Configuration Executive. Why ACE? ACE provides access to several address resolution protocols under a single API ACE is the only API available.
IP Forwarding.

IP Forwarding.
DHCP Security DHCP Snooping and Security David Mitchell 03/19/2008.

DHCP Security DHCP Snooping and Security David Mitchell 03/19/2008.

Similar presentations

Ads by Google