Linux Tunnels of Love - Tunnelling in Linux 16th Feb 2015
-
Upload
jumping-bean -
Category
Technology
-
view
1.721 -
download
2
Transcript of Linux Tunnels of Love - Tunnelling in Linux 16th Feb 2015
Jumping Bean
Tunnels of LoveJozi LUG 16th Feb 2015
Jumping Bean
What is a tunnel?
● Encapsulate packets from one network protocol to another,
● At source passenger protocol wrapped in “carrier” protocol,
● At destination carrier protocol stripped off and original packet processed,
● Allow IP packets to pass between networks with incompatible address spaces or protocols
●
Jumping Bean
Type of Tunnels
● IPIP – IP in IP – IPv4 in IPv4,
● GRE – Generic Routing Encapsulation– IPV4/IPV6/AppleTalk/DECNet over IPv4,
● SIT – Simple Internet Transition – IPv6 over IPv4
● ISATAP – Intra-Site Automatic Addressing Protocol– IPV6 over IPV4
● Note: Above tunnels are unencrypted
Jumping Bean
Tunnel Interface
● A tunnel has a logical interface,– tun0
– tunl0
● Can be used in – Routing,
– Firewall,
– NAT
Jumping Bean
IPIP Tunnels
● A 2nd ip header is inserted in from of encapsulated IP packet,
● When packet exits tunnel outer ip header is stripped off,● Simple and robust● Does not support broadcast traffic,● Does not support IPv6 encapsulation
Jumping Bean
GRE Tunnels
● Created by CISCO,● Passenger packet
wrapped in GRE packet,
● Then wrapped in delivery protocol– IP,
– IPSec
– etc
Jumping Bean
GRE Tunnels
● When to use?– Connect non-ip networks over public IP network,
– Connect non-routable protocols over WAN,
– Create one network range across different physical networks,
– Encrypt multicast traffic by GRE encapsulation and then sending over Ipsec tunnel
● GRE tunnels stateless,● Can be monitored with keep-alive messages
Jumping Bean
SIT Protocol
● Mechanism to transition networks from IPv4 to IPv6,
● Link IPv6 networks over IPv4
Jumping Bean
Linux Tunnel Utilities
● iproute2 suite of networking utilities,● Replacing ifconfig,● “ip tunnel add”● “ip tunnel show”● “ip address add xxx dev tun”
Jumping Bean
Jumping Bean
● Linux Training– LPIC-1 – Linux Server Professional Certification,
– LPIC-2 – Linux Network Professional Certification,
– LPIC-3 – Linux Enterprise Professional Certification