Why Link-State Matters Andy Gospodarek Member of Technical Staff Cumulus Networks

Similar documents
iproute2 and Advanced Linux Routing

Policy Routing in Linux

Open Network Install Environment (ONIE) LinuxCon North America 2015

Host Configuration (Linux)

Introduction to NetGUI

Advanced routing scenarios POLICY BASED ROUTING: CONCEPTS AND LINUX IMPLEMENTATION

Managing Multiple Internet Connections with Shorewall

Policy Based Forwarding

How To Make A Network Virtualization In Cumulus Linux (X86) (Powerpc) (X64) (For Windows) (Windows) (Amd64) And (Powerpci) (Win2

SDN/OpenFlow. Dean Pemberton Andy Linton

Server configuration for layer 4 DSR mode

This howto is also a bit old now. But I thought of uploading it in the howtos section, as it still works.

Removing The Linux Routing Cache

IP Address: the per-network unique identifier used to find you on a network

Bridgewalling - Using Netfilter in Bridge Mode

netkit lab MPLS VPNs with overlapping address spaces 1.0 S.Filippi, L.Ricci, F.Antonini Version Author(s)

Part 4: Virtual Private Networks

Scalable Linux Clusters with LVS

Network Administration and Monitoring

High Availability Cluster Solutions for Ubuntu14.04 on Power

Corso di Configurazione e Gestione di Reti Locali

Exploration of Large Scale Virtual Networks. Open Network Summit 2016

Understanding Route Redistribution & Filtering

LAB THREE STATIC ROUTING

Active-Active Servers and Connection Synchronisation for LVS

CRS 4.x: Automatic Work and Wrap up Time Configuration Example

AN INTRODUCTION TO LINUX POLICY ROUTING. Tom Eastep SeaGL Seattle, Washington

Workshop on Scientific Applications for the Internet of Things (IoT) March

Operating Systems Design 16. Networking: Sockets

Open Network Install Environment

04 Internet Protocol (IP)

Setting Up A High-Availability Load Balancer (With Failover and Session Support) With Perlbal/Heartbeat On Debian Etch

Sample Configuration Using the ip nat outside source static

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Router and Routing Basics

Getting started with IPv6 on Linux

Host Discovery with nmap

You can probably work with decimal. binary numbers needed by the. Working with binary numbers is time- consuming & error-prone.

GB-OS Version 6.2. Configuring IPv6. Tel: Fax Web:

Lab 1: Introduction to the network lab

Networking with Wicked in SUSE Linux Enterprise 12. Something Wicked This Way Comes. Guide. Solution Guide Server.

Load Balancing Clearswift Secure Web Gateway

How To Connect Ipv4 To Ipv6 On A Ipv2 (Ipv4) On A Network With A Pnet 2.5 (Ipvin4) Or Ipv3 (Ip V6) On An Ipv5

Building Nameserver Clusters with Free Software

Snapt Balancer Manual

IPv6 Hardening Guide for Windows Servers

Active-Active Servers and Connection Synchronisation for LVS

- Multiprotocol Label Switching -

Firewalls. Pehr Söderman KTH-CSC

IP Routing Features. Contents

Case Study: F5 Load Balancer and TCP Idle Timer / fastl4 Profile

Project 4: IP over DNS Due: 11:59 PM, Dec 14, 2015

Wicked Trip into Wicked Network Management

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Firewall Configuration and Assessment

Sample Configuration Using the ip nat outside source list C

Wicked A Network Manager Olaf Kirch

TCP/IP Security Problems. History that still teaches

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

Linux TCP/IP Network Management

Improving DNS performance using Stateless TCP in FreeBSD 9

A virtual network laboratory for learning IP networking

The Hybrid- Open ( HOpen ) router architecture. Brian Field / Comcast

Appliance Quick Start Guide. v7.6

CS 457 Lecture 19 Global Internet - BGP. Fall 2011

IPV6 SERVICES DEPLOYMENT

Understanding and Configuring NAT Tech Note PAN-OS 4.1

TCP/IP Network Essentials. Linux System Administration and IP Services

Application Note. Failover through BGP route health injection

PULSE. Pulse for Windows Phone Quick Start Guide. Release Published Date

10.4. Multiple Connections to the Internet

Load Balancing - Single Multipath Route HOWTO

Configuring a Load-Balancing Scheme

Programmable Networking with Open vswitch

IPv6 Associated Protocols

his document discusses implementation of dynamic mobile network routing (DMNR) in the EN-4000.

Interconnection of Heterogeneous Networks. Internetworking. Service model. Addressing Address mapping Automatic host configuration

Secure use of iptables and connection tracking helpers

Exam 1 Review Questions

Recent advances in IPv6 insecurities Marc van Hauser Heuse Deepsec 2010, Vienna Marc Heuse

Technical Support Information Belkin internal use only

Basic IPv6 WAN and LAN Configuration

How to Make the Client IP Address Available to the Back-end Server

Internetworking. Problem: There is more than one network (heterogeneity & scale)

netkit lab Traffic Engineering with MPLS for Linux Version Author(s) F. Di Ciccio, F. Antonini (Kasko Networks S.r.l.)

O /27 [110/129] via , 00:00:05, Serial0/0/1

IP SAN Fundamentals: An Introduction to IP SANs and iscsi

Quick Note 53. Ethernet to W-WAN failover with logical Ethernet interface.

Firewalls. Chien-Chung Shen

20. Switched Local Area Networks

Reverse Proxy with SSL - ProxySG Technical Brief

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

CCT vs. CCENT Skill Set Comparison

Main functions of Linux Netfilter

Deploying Silver Peak VXOA Physical And Virtual Appliances with Dell EqualLogic Isolated iscsi SANs including Dell 3-2-1

Red Hat Linux Networking

Transcription:

v Why Link-State Matters Andy Gospodarek Member of Technical Staff Cumulus Networks LinuxCON Seattle 2015

Why Link-State Matters Agenda Why do we need this? What does the change look like? Any future changes planned? Any lessons worth sharing? 2

Why Link-State Matters The Problem 3

Why Link-State Matters Simple network setup p7p1 70.0.0.1/24 R1 p9p1 90.0.0.1/24 p8p1 80.0.0.1/24 4

Why Link-State Matters p8p1 goes link-down p7p1 70.0.0.1/24 R1 X p8p1 80.0.0.1/24 p9p1 90.0.0.1/24 5

Why Link-State Matters Result: Traffic black-holed 6

Why Link-State Matters Isn t this problem solved already? 7

Why Link-State Matters Userspace solutions netplugd ifplugd NetworkManager [insert name of favorite netlink-based application here] 8

Why Link-State Matters Userspace solutions All behave in a similar manner 9

Why Link-State Matters Userspace solutions Listen for netlink events indicating link status change 10

Why Link-State Matters Userspace solutions Call a script 11

Why Link-State Matters Userspace solutions Potential issues with these tools 12

Why Link-State Matters Userspace solutions Is the link down or just not configured? 13

Why Link-State Matters Userspace solutions # ip addr show p7p1 4: p7p1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500... link/ether 08:00:27:9d:62:9f brd ff:ff:ff:ff:ff:ff 14

Why Link-State Matters Userspace solutions I think this interface is supposed to be up, so I ll go ahead and enable it. 15

Why Link-State Matters Userspace solutions # ifup p7p1 16

Why Link-State Matters Userspace solutions Result: Traffic black-holed 17

Why Link-State Matters How can we make the kernel do this for us? 18

Why Link-State Matters 2 choices 19

Why Link-State Matters Option 1 After a carrier state change, NETDEV_CHANGE events are sent mark routes with a down interface for the next hop appropriately 20

Why Link-State Matters Option 1 Check for that mark each time a frame is forwarded or originates 21

Why Link-State Matters Option 2 Check interface link status for a next hop each time a frame is forwarded or originates 22

Why Link-State Matters Either one should be able to enable or disable the forwarding decision based on sysctl/netconf setting 23

Why Link-State Matters Which one should we use? 24

Why Link-State Matters How about both? 25

Why Link-State Matters IPv4 FIB code uses Option 1 8a3d03166f19329b46c6f9e900f93a89f446077b 0eeb075fad736fb92620af995c47c204bbb5e829 96ac5cc9636318e7d92e72a3f1032456152a3a2f 974d7af5fcc295dcf8315255142b2fe44fd74b0c 26

Why Link-State Matters IPv6 FIB code uses Option 2 cea45e208d700e9d633a636384a49f19cda979b7 35103d11173b8fea874183f8aa508ae71234d299 27

Why Link-State Matters Implementation details aside, both produce the exact same user experience 28

Why Link-State Matters IPv6 behaves the same way IPv4 example 29

Why Link-State Matters Routing table with quagga running # ip -4 route show 70.0.0.0/24 dev p7p1 proto kernel scope link src 70.0.0.1 80.0.0.0/24 dev p8p1 proto kernel scope link src 80.0.0.1 linkdown 80.0.0.0/24 via 90.0.0.2 dev p9p1 proto zebra metric 20 90.0.0.0/24 dev p9p1 proto kernel scope link src 90.0.0.1 100.0.0.0/24 nexthop via 70.0.0.2 dev p7p1 weight 1 nexthop via 80.0.0.2 dev p8p1 weight 1 linkdown 30

Why Link-State Matters No change in default behavior # ip route get 80.0.0.2 80.0.0.2 dev p8p1 src 80.0.0.1 cache # ip route get 100.0.0.2 100.0.0.2 via 70.0.0.2 dev p7p1 src 70.0.0.1 cache # ip route get 100.0.0.2 100.0.0.2 via 80.0.0.2 dev p8p1 src 80.0.0.1 cache 31

Why Link-State Matters Enable new sysctl for p8p1 # echo 1 > /proc/sys/net/ipv4/conf/p8p1/ignore_routes_with_linkdown 32

Why Link-State Matters linkdown routes are now also dead # ip -4 route show 70.0.0.0/24 dev p7p1 proto kernel scope link src 70.0.0.1 80.0.0.0/24 dev p8p1 proto kernel scope link src 80.0.0.1 dead linkdown 80.0.0.0/24 via 90.0.0.2 dev p9p1 proto zebra metric 20 90.0.0.0/24 dev p9p1 proto kernel scope link src 90.0.0.1 100.0.0.0/24 nexthop via 70.0.0.2 dev p7p1 weight 1 nexthop via 80.0.0.2 dev p8p1 weight 1 dead linkdown 33

Why Link-State Matters connected route no longer used # ip route get 80.0.0.2 80.0.0.2 via 90.0.0.2 dev p9p1 src 90.0.0.1 cache # ip route get 100.0.0.2 100.0.0.2 via 70.0.0.2 dev p7p1 src 70.0.0.1 cache # ip route get 100.0.0.2 100.0.0.2 via 70.0.0.2 dev p7p1 src 70.0.0.1 cache 34

Why Link-State Matters linkdown routes are now also dead # ip -4 route show 70.0.0.0/24 dev p7p1 proto kernel scope link src 70.0.0.1 80.0.0.0/24 dev p8p1 proto kernel scope link src 80.0.0.1 dead linkdown 80.0.0.0/24 via 90.0.0.2 dev p9p1 proto zebra metric 20 90.0.0.0/24 dev p9p1 proto kernel scope link src 90.0.0.1 100.0.0.0/24 nexthop via 70.0.0.2 dev p7p1 weight 1 nexthop via 80.0.0.2 dev p8p1 weight 1 dead link-down 35

Why Link-State Matters Stop quagga 36

Why Link-State Matters route from quagga disappears # ip -4 route show 70.0.0.0/24 dev p7p1 proto kernel scope link src 70.0.0.1 80.0.0.0/24 dev p8p1 proto kernel scope link src 80.0.0.1 dead linkdown 80.0.0.0/24 via 90.0.0.2 dev p9p1 proto zebra metric 20 90.0.0.0/24 dev p9p1 proto kernel scope link src 90.0.0.1 100.0.0.0/24 nexthop via 70.0.0.2 dev p7p1 weight 1 nexthop via 80.0.0.2 dev p8p1 weight 1 dead linkdown 37

Why Link-State Matters 80.0.0.0/24 is unreachable # ip route get 80.0.0.2 RTNETLINK answers: Network is unreachable # ip route get 100.0.0.2 100.0.0.2 via 70.0.0.2 dev p7p1 src 70.0.0.1 cache # ip route get 100.0.0.2 100.0.0.2 via 70.0.0.2 dev p7p1 src 70.0.0.1 cache 38

Why Link-State Matters Static configuration and status 39

Why Link-State Matters Configuration stored in netconf # ip -4 netconf ipv4 dev lo forwarding on... ignore_routes off ipv4 dev ip6_vti0 forwarding on... ignore_routes on ipv4 dev sit0 forwarding on... ignore_routes on ipv4 dev ip6tnl0 forwarding on... ignore_routes on ipv4 dev p2p1 forwarding on... ignore_routes off ipv4 dev p7p1 forwarding on... ignore_routes off ipv4 dev p8p1 forwarding on... ignore_routes on ipv4 dev p9p1 forwarding on... ignore_routes on ipv4 all forwarding on... ignore_routes on ipv4 default forwarding on... ignore_routes on 40

Why Link-State Matters Configuration via sysctl # cat /etc/sysctl.conf # System default settings live in /usr/lib/sysctl.d/00- system.conf. # To override those settings, enter new settings here, or... # # For more information, see sysctl.conf(5) and sysctl.d(5). net.ipv4.conf.all.forwarding = 1 net.ipv6.conf.all.forwarding = 1 net.ipv4.conf.all.ignore_routes_with_linkdown = 1 net.ipv4.conf.default.ignore_routes_with_linkdown = 1 net.ipv4.conf.p2p1.ignore_routes_with_linkdown = 0 net.ipv4.conf.p7p1.ignore_routes_with_linkdown = 0 net.ipv4.conf.p8p1.ignore_routes_with_linkdown = 1 41

Why Link-State Matters Future development plans? 42

Why Link-State Matters Consider not responding to IP address on down interface Status: Not implemented 43

Why Link-State Matters Send netlink notifications for any route that gets linkdown or dead flag set Status: Testing 44

Why Link-State Matters Test and ensure this is integrated with switchdev/forwarding offload layer Status: Testing IPv4, but no IPv6 switchdev offload support today 45

Why Link-State Matters Lessons Learned 46

Why Link-State Matters Below the netlink layer, IPv4 and IPv6 stacks are quite different 47

Why Link-State Matters Networking infrastructure sometimes takes more careful consideration than servers 48

Why Link-State Matters Final Thoughts 49

Why Link-State Matters Suggestions for new features can come from a variety of places keep your ears and eyes open 50

Thank You! 2014 Cumulus Networks. CUMULUS, the Cumulus Logo, CUMULUS NETWORKS, and the Rocket Turtle Logo (the Marks ) are trademarks and service marks of Cumulus Networks, Inc. in the U.S. and other countries. You are not permitted to use the Marks without the prior written consent of Cumulus Networks. The registered trademark Linux is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis. All other marks are used under fair use or license from their respective owners. cumulusnetworks.com 51

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information