Linux Networking Primitives
Adding IPv4/IPv6 addresses to interfaces
Setting up (static) routes
TODO: image showing router-to-router communication; two nodes can communicate with each other as long as each router in between including the nodes themselves have a route defined that encloses the other node's IP address, and which is directed correctly to the other node.
TODO: image showing differences between "access" and non-"access" subnets
Using iptables / firewall
Common use case: Simple stateful (connection tracking) firewall
Common use case: Internet connection sharing using the "nat" table
Less common use case: IPv6 many-to-smaller-many NAT
ip6tables -t nat -A POSTROUTING -s 2001:db8:1::/48 -o eth0 -j NETMAP --to 2001:db8:0:1:300::/72
See 300 IPv6 addresses.
Use case: Preserve IP address even if USB NIC is removed
- Further information: Notes about namespaces#Network namespaces
VETH devices in layer 3 mode
veth devices are inherently layer 2, but they can be used in a layer-3 mode.
Use case: Multiple IP addresses on one machine, in a way that is transparent to the application
This is mostly useful if you want to run multiple instances of the same type of server on the same ports, but for whatever reason other programs (servers or non-servers) behave strangely if you have multiple IP addresses assigned to a particular network interface.
Use case: Managing the network subsystem without root access
This is mostly useful for self-contained networks that are only used within a single program or a set or bundle of programs.
IPv6 prefix delegation using isc-dhcp-client
You can write a custom script to do whatever you want once you receive an IPv6 prefix from your ISP or upstream DHCPv6 server.
6in4 and WireGuard tunnels
AllowedIPs is similar to the prefix delegation model shown to the right.
Use case: WireGuard with network namespaces
By putting the WireGuard interface in a different network namespace as the original namespace, the configuration for the WireGuard interface now becomes independent of the network configuration of the host. This is useful for some scenarios like avoiding IP conflicts, especially when using public WiFi.
- Further information: https://www.wireguard.com/netns