Netdev 1.1 - Tutorials

Tutorial: "nftables from ingress" (Pablo Neira Ayuso)

admin — Wed, 13 Jan 2016 12:27:33 +0000

Description:

nftables was merged to Linux kernel 3.13, being announced as an ongoing development effort to overcome the existing limitations of the popular {ip,ip6,arp,eb}tables userspace tools and the xtables kernel framework.

nftables provides a new kernel framework for packet classification based on a virtual machine with an extensible network-specific instruction set that is accessible through a Netlink API. This comes with a new extended tracing infrastructure, dynamic ruleset updates through a 2-phase commit protocol, rule update monitoring, dynamic set instantiation to build flow tables.

From userspace, the project provides libraries for third party applications and the userspace nft utility that provides an expressive and extensible compiler for our rule-based network language with a human-friendly syntax which comes with scripting support as well as an interactive native shell.

Since 4.2, the Netfilter infrastructure now comes with a new ingress hook before prerouting that opens the window to adopt nftables to classify and filter traffic as alternative to tc. This tutorial introduces you to nf_tables features in general, and more specifically this will cover use-case examples from this new hook.

Tutorial: "Deploying MPLS with Linux" (Roopa Prabhu)

admin — Fri, 25 Dec 2015 12:15:47 +0000

Description:

The Linux kernel recently added a new MPLS datapath driver and API to configure MPLS fib. This tutorial introduces users to these recent MPLS developments in the Linux kernel and walks through the process of setting up and deploying MPLS with Linux.

Agenda:

A brief introduction to MPLS.
Linux kernel MPLS infrastructure.
Light weight tunnel infrastructure.
MPLS ip tunnels using the light weight tunnel infrastructure.
Deploying Linux MPLS LSP and LER routers.
Futures.

Tutorial: "Namespaces and CGroups, the basis of Linux containers" (Rami Rosen)

admin — Wed, 23 Dec 2015 11:14:55 +0000

Description:

It is clear to everyone that containers are getting a growing part in our world. This tutorial will describe the kernel infrastructure of Linux Container projects, namely the Namespaces and CGroups subsystems, focusing on its network aspects (like Network namespaces and CGouprs networking kernel modules).

This is the suggested agenda of the talk:

Background: Namespaces/CGroups, the basis of containers virtualization.
Kernel Namespaces implementation.
The 6 kernel namespaces - some implementation details.
System calls for namespaces.
Namespaces usage examples, especially detailed examples of network namespaces, the ip netns command, etc.
CGroups kernel implementation.
CGroups VFS.
CGroups filesystem ops for handling cgroups examples.
The CGroups implementation.
3 CGroups userspace examples
A very brief overview of Linux Containers projects and how they use Namespaces and CGroups.
Summary.

I gave this talk voluntarily three times in the past, in a LUG and in 2 meetups, and got a very good feedback from the audience. You can see the very detailed presentations here: http://haifux.org/lectures/299/.

These are links to the talks in the two meetups I mentioned earlier:

Tutorial: "Running Cellular Network Infrastructure on Linux" (Harald Welte)

admin — Mon, 07 Dec 2015 19:29:29 +0000

Description:

Traditionally, much unlike the Ethernet/IP network, classic telecom infrastructure has been running proprietary hardware, operating systems and protocol stacks.

In recent years, some Free Software projects have set out to implement some of the related protocol stacks and network elements on top of Linux, including the unrelated OpenBTS and OpenBSC projects, as well as the less known other members of the Osmocom umbrella project: OsmoBSC, OsmoNITB, OsmoBTS, OsmoPCU, OsmoSGSN, OpenGGSN, and many more.

As signalling protocols tend to be complex and in many use cases the signalling performance is not super critical, those projects primarily implement the protocol stacks and network interfaces in user-space.

This presentation will cover an overview of the many different projects out there, which of the cellular network elements they implement.

Tutorial: "Ipset - a tool for faster, more efficient firewalling with iptables" (Jozsef Kadlecsik)

admin — Mon, 30 Nov 2015 20:17:45 +0000

Description:

Building a firewall with netfilter/iptables is an easy task: there are countless of extensions and just imagination limits us. However, in practice the goal is to build a fast and efficient firewall, usually with a large number of rules and that is a not so trivial task. ipset comes to help in that case: most of the rules can be collapsed into fast matches in sets. In this tutorial ipset will be explained in details, both the features with which efficient firewalls can be built up and the internals which provides the fast evaluations.

Tutorial: "Using SR-IOV on OpenStack" (Alexander Duyck)

admin — Fri, 20 Nov 2015 13:26:13 +0000

Description:

The purpose of this tutorial is to demonstrate the current state of the art in terms of Linux SR-IOV support. While OpenStack is used to configure the environment, the tutorial content is applicable for other uses of SR-IOV as well.

The tutorial will provide clarity on what can be achieved with SR-IOV today.

Issues found by the author in the OpenStack use case will be highlighted and work in progress to fix them will be discussed.

Agenda:

Introduction to SR-IOV 101.
Present the current architecture of SR-IOV with on OpenStack.
Demo SR-IOV enabled DevStack configuration.

Discuss future plans including:

SR-IOV Hotplug.
Live Migration w/ VFs.
Discuss limitations of SR-IOV.
Lack of PF promiscuous support.

Tutorial: "LibOS as a regression test framework for Linux networking" (Hajime Tazaki)

admin — Fri, 20 Nov 2015 13:21:44 +0000

Description:

Linux library operating system, a.k.a. LibOS, has been proposed in the linux-kernel communities with two specific applications and usecases, 1) regression testing environment with a network simulator, and 2) network stack personality with the ad-hoc replacement of network stack (i.e., NUSE). After the patch proposal and the presentation at the last netdev 0.1, it also got may feedback ranging from concerns about maintenance burden to future possibilities such as small operating systems for cloud (*1 *2).

In this tutorial, we provide one of the interesting use case which is a regression testing framework of kernel network stack in userspace programs. With the simplicity of test scripts/programs written as a network simulator script, and the reproducibility by using virtual clock of network simulator, the testing framework is useful to check regressions in frequently-changing code bases: we have detected a couple of actual regressions during the growth of net-next repository.

We will firstly introduce a brief overview of what LibOS is, its history including recent discussion with LKL (Linux kernel library), and updates including trial running on QEMU without booting kernel, vfs support etc (if everything goes well). Then go through how many regressions we have found with the tool, and how our testing framework is useful, how other testing framework couldn't detect such regressions, and then how we can implement our own test than our pre-installed tests. We are not going to discuss why we should apply test-driven-development (TDD) or what kind of software development process is great, etc, but will try to focus on presenting our experience of bug hunting and introduction to extend tests.

Target audience is (of course) the developer of all of network stack subsystem (under net/ directory) and any people who are interested in testing of software in a large network with complex configurations. I'm not going to give a hands-on tutorial but give a material which everybody can follow the tutorial later.

Reference:

Tutorial: "In-tree support for 100G switch, no more SDK" (Elad Raz, Jiri Pirko)

admin — Wed, 04 Nov 2015 18:44:15 +0000

Description:

Purpose of this tutorial is to demonstrate setup of 100G switch based on Mellanox Spectrum ASIC. There is no "SDK", no proprietary software, switch is running FOSS, namely Fedora distribution and upstream kernel, including switchdev-based mlxsw driver.

Agenda:

Quick HW and topology overview.
Demonstrate mlxsw architecture based on switchdev kernel infrastructure.
Demo with HW - Spectrum ASIC based switch - bootup, configuration of bridge, VLANs, bonding, run traffic, show statistics etc.

Tutorial confirmed: "Using the VRF Implementation in Linux" (David Ahern)

admin — Tue, 27 Oct 2015 11:00:55 +0000

Description:

Support for Virtual Routing and Forwarding (VRF) was recently added to the Linux kernel. Core IPv4 support is in v4.3 and core IPv6 support is in v4.4. This tutorial introduces users to the VRF implementation, showing them how to create and configure VRFs, expectations for processes, and commands to show VRF based configuration and debugging. A few typical VRF use cases will be covered, such as basic management VRF, VRFs with VLANs, VRFs with MPLS and inter-VRF routing.

Netdev 1.1 - Tutorials

Tutorial: "nftables from ingress" (Pablo Neira Ayuso)

Tags:

Tutorial: "Deploying MPLS with Linux" (Roopa Prabhu)

Tags:

Tutorial: "Namespaces and CGroups, the basis of Linux containers" (Rami Rosen)

Tags:

Tutorial: "Running Cellular Network Infrastructure on Linux" (Harald Welte)

Tags:

Tutorial: "Ipset - a tool for faster, more efficient firewalling with iptables" (Jozsef Kadlecsik)

Tags:

Tutorial: "Using SR-IOV on OpenStack" (Alexander Duyck)

Tags:

Tutorial: "LibOS as a regression test framework for Linux networking" (Hajime Tazaki)

Tags:

Tutorial: "In-tree support for 100G switch, no more SDK" (Elad Raz, Jiri Pirko)

Tags:

Tutorial confirmed: "Using the VRF Implementation in Linux" (David Ahern)

Tags: