L2 in L3 tunneling

為了解決vlan tag只能有4096個(2^12)的問題所以用此方法來解決

L2 in L3 tunneling to the rescue
You want a private L2 network between VMs
You already have working IP between the members of the network
Use that "underlay" IP network and overlay a private ethernet on top

STP: Spanning Tree Protocol

http://blog.xuite.net/alexx.huang/solution/33077662-STP+(Spanning+%E2%80%93+Tree+Protocol)+

sFlow

http://flyfox.pixnet.net/blog/post/30971257-sflow

OpenvSwitch Component Introduction

ovs−appctl − utility for configuring running Open vSwitch daemons ovs−controller − simple OpenFlow controller reference implementation ovs−dpctl − administer Open vSwitch datapaths

ovs−pki − OpenFlow public key infrastructure management utility

ovs−ofctl − administer OpenFlow switches ovs−vswitchd − Open vSwitch daemon

arptables

http://baike.baidu.com/view/3908213.htm

Cisco設備的port編號

GI 1/0/3 堆叠编号/槽位编号/端口编号

http://zhidao.baidu.com/question/97238659.html

OpenvSwitch

* ovs-vswitchd, a daemon that implements the switch, along with 
      a companion Linux kernel module for flow-based switching.

* ovsdb-server, a lightweight database server that ovs-vswitchd
      queries to obtain its configuration.

* ovs-brcompatd, a daemon that allows ovs-vswitchd to act as a
      drop-in replacement for the Linux bridge in many environments, 
      along with a companion Linux kernel module to intercept bridge 
      ioctls.

* ovs-dpctl, a tool for configuring the switch kernel module.

* Scripts and specs for building RPMs for Citrix XenServer and Red
      Hat Enterprise Linux.  The XenServer RPMs allow Open vSwitch to
      be installed on a Citrix XenServer host as a drop-in replacement
      for its switch, with additional functionality.

* ovs-vsctl, a utility for querying and updating the configuration
      of ovs-vswitchd.

* ovs-appctl, a utility that sends commands to running Open
      vSwitch daemons.

* ovsdbmonitor, a GUI tool for remotely viewing OVS databases and
      OpenFlow flow tables.

安裝注意事項

Open vSwitch可以用kernel modules來support以降低cost，或者可以安裝到userspace但是會增加performance的cost。

Quanum Network Deploy Legacy Case

Quantum把網路分成"network"、"subnet"、"port"等三個部分

1. network: 

network為虛擬的switch

2. subnet:

ip區段(including ipv4 、 ipv6)，主要是用來分派位於某個特定Network內虛擬機器的IP位址，而每個Quantum L2 Network可以擁有多個Subnets

3. port:

至於port的部分，則是用來代表在某個Quantum L2 Network的虛擬埠號(Virtual Port)之對應。簡單來說，可以把它視為在某個虛擬交換器當中的虛擬埠(Virtual Port)。

• Single Flat Network

• Multiple Flat Network

          每個tenant可以看到多個共享網路(shared networks)並選擇想要將VMs附加到哪一個共享網路底下

• Mixed Flat and Private Network

• Provider Router and Private Networks

• Per-Tenant Router and Private Networks

Quantum 安全群組（Security Group）設定

edit  /etc/nova/nova.conf  in Compute Node:

firewall_driver = nova.virt.firewall.NoopFirewallDriver
security_group_api = quantum

CloudStack Networking

http://www.shapeblue.com/2013/01/07/understanding-cloudstacks-physical-networking-architecture/

VLAN

VLAN 只能有4096個，因為tag的數量上限關係

// 其他的筆記待補=_=

Nicira NVP with OpenStack Quantum

Network Virtualization 的發展近況

     在虛擬化所建構的高動態的服務中， 網路卻以靜態的模式支撐服務的進行， 使服務受限於現今OSI L2/L3的模組中，大幅拖延了雲服務/數據中心的發展速度及目標。 從上而知， 靜態的網路型態， 成為雲服務發展最大的阻礙. 許多數據中心服務商或是設備提供商已經開始關注這一課題， 也陸續在發展相關方案以期能解決相關課題。但是對於雲服務/數據中心這並不是一個絕對的好消息， 因為他們將被迫選擇廠家私有的專屬的硬體或是更新設備才能支持該相關方案，產生方案成本、 擴展性及相容性等不可預期的營運問題。

Nicira NVP (Network Virtualization Platform)

       Network Virtualization Platform (NVP)本身是一種分散式的網路管理控制系統，能夠管理位於網路邊緣的數萬個虛擬交換器(Open vSwitch)，將傳統的實體網路進行decouple建立脫離底層實體網路的數十萬個邏輯網路(Logical Network)。NVP可以將現有的物理網路轉換成資料傳送的Fabric，而無須重新建構。它是一款能夠兼容和現有IaaS的軟體，大大降低維護成本與複雜性。

VMware收購Nicira

VMware於2012年7月以12.6億美元收購新創公司Nicira，並以其NVP作為未來「軟體定義資料中心」的虛擬網路，其中NVP是OpenFlow網路協定概念的領導產品，也是OpenStack Quantum網路平台的基礎。

Reference:

[1] VMware打破門戶之見 推出Grizzly增加與Ubuntu OpenStack雲端服務的相容性,
http://news.networkmagazine.com.tw/classification/software-application/2013/04/19/49274/

[2]  網路虛擬化公司Nicira：描繪未來的網路世界
http://wired.tw/2012/05/03/nicira-2/index.html

[3] http://www.netfos.com.tw/PDF/Nsolution/Nicura-NVP-Nsolution2011.pdf

[4] VMware官方網站對Nicira NVP的introduction,
http://www.vmware.com/products/datacenter-virtualization/nicira.html

L3 Routing + NAT

UDP Port 17

http://www.auditmypc.com/udp-port-17.asp

Netflow

What's Netflow

NetFlow is a network protocol developed by Cisco Systems for collecting IP traffic information. NetFlow has become an industry standard for traffic monitoring^{[citation needed]} and is supported on various platforms

Reference:
1. http://en.wikipedia.org/wiki/NetFlow
2. http://www.netadmin.com.tw/article_content.aspx?sn=1111030003
3. http://www.tn.edu.tw/sammy/netflow/setup.htm

IRC: Internet Relay Chat基礎概念與介紹

IRC通常用的port為6667~6669

User Mode

Channel Mode

Reference:
http://en.wikipedia.org/wiki/Internet_Relay_Chat

Linux Security Hardening

sysctl: used to modify kernel parameters at runtime

sysctl is an interface that allows you to make changes to a running Linux kernel.

With /etc/sysctl.conf you can configure various Linux networking and system settings such as:

1. Limit network-transmitted configuration for IPv4
2. Limit network-transmitted configuration for IPv6
3. Turn on execshield protection
4. Prevent against the common 'syn flood attack'
5. Turn on source IP address verification
6. Prevents a cracker from using a spoofing attack against the IP address of the server.
7. Logs several types of suspicious packets, such as spoofed packets, source-routed packets, and redirects.

http://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening/

SSH Tunneling(a.k.a SSH Port Forwarding)

Port forwarding, or tunneling, is a way to forward otherwise insecure TCP traffic through SSH Secure Shell. You can secure for example POP3, SMTP and HTTP connections that would otherwise be insecure.

Local Tunneling

Remote Tunneling

虛擬網卡 TUN/TAP

http://www.ibm.com/developerworks/cn/linux/l-tuntap/

http://wangcong.org/blog/archives/1679