How to manage VLAN networks on gnu/linux
Download as PPTX, PDF0 likes11 views
managing vlan on linux
How to manage VLAN networks on gnu/linux
- 1. VLAN ON LINUX / SP 09/2023
- 2. IEEE 802.1Q, often referred to as Dot1q, is the networking standard that supports virtual local area networking (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The standard also contains provisions for a quality-of-service prioritization scheme commonly known as IEEE 802.1p and defines the Generic Attribute Registration Protocol. Portions of the network which are VLAN-aware (i.e., IEEE 802.1Q conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN. The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised with notable amendments including IEEE 802.1ad, IEEE 802.1ak and IEEE 802.1s. The 802.1Q-2014 revision incorporated the IEEE 802.1D-2004 standard. 802.1Q adds a 32-bit field between the source MAC address and the EtherType fields of the original frame. Under 802.1Q, the maximum frame size is extended from 1,518 bytes to 1,522 bytes. The minimum frame size remains 64 bytes, but a bridge may extend the minimum size frame from 64 to 68 bytes on transmission. This allows a tag to be popped without needing additional padding. Two bytes are used for the tag protocol identifier (TPID), the other two bytes for tag control information (TCI). The TCI field is further divided into PCP, DEI, and VID. https://en.wikipedia.org/wiki/IEEE_802.1Q https://www.ieee802.org/1/pages/802.1Q-2014.html https://www.ietf.org/rfc/rfc2674.txt
- 4. HARDWARE NETWORK CARD GNU/LINUX KERNEL NETWORK STACK IFNAMES /etc/network/ interfaces DPDK VLAN CONTENT LIBPCAP MODULE 802.1Q PROBE
- 5. # Check if the module is loaded lsmod | grep 8021q # Else load the module if required sudo modprobe 8021q # Create a sub network interface (Eg : eth0.100) using a VLAN ID equal to 100 ; similar to an ip alias ip link add link eth0 name eth0.100 type vlan id 100 # Enable the network interface ip link set dev eth0.100 up
- 6. HARDWARE NETWORK CARD GNU/LINUX KERNEL NETWORK STACK IFNAMES DPDK VLAN CONTENT LIBPCAP MODULE 802.1Q PROPOSAL #1 : by streaming from the probe that receive the vlan extracted from the vlan PROBE VLAN CONTENT ffmpeg -i pipe: … PIPE same thing with a dpdk probe !
- 7. HARDWARE NETWORK CARD GNU/LINUX KERNEL NETWORK STACK IFNAMES VLAN CONTENT MODULE 802.1Q CUSTOM DRIVER VLAN /dev/vlan Loading with parameters vlan reader binary ffmpeg -i pipe: … PIPE PROPOSAL #2 : using a custom driver
- 8. Netfilter Hooks: Consider using Netfilter hooks to intercept packets before they are processed by the networking stack. You can use the NF_INET_PRE_ROUTING hook to capture incoming packets before routing. VLAN Tag Handling: You'll need to handle VLAN tagging and untagging, which involves adding or removing the VLAN header from incoming and outgoing packets. Use functions like vlan_insert_tag() and vlan_kill_tag() to handle VLAN tags.