net
Linux网络工具学习之:IP命令学习13 标签(空格分隔): 网络 本文旨在通过IP命令介绍和学习Linux网络的相关知识 1. 概述 2. ip link 3. ip addr 4 ip addrlabel 5 ip route 6 ip rule 7 ip neighbour 8 ip ntable 9 ip tunnel 10 ip tuntap 11 ip maddr/mroute/mrule 12 ip monitor 13 ip xfrm 13.1 概述 xfrm is an IP framework for transforming packets (such as encrypting their payloads). This framework is used to implement the IPsec protocol suite (with the state object operating on the Security Association Database, and the policy object operating on the Security Policy Database).
Linux网络工具学习之:IP命令学习14 标签(空格分隔): 网络 本文旨在通过IP命令介绍和学习Linux网络的相关知识 1. 概述 2. ip link 3. ip addr 4 ip addrlabel 5 ip route 6 ip rule 7 ip neighbour 8 ip ntable 9 ip tunnel 10 ip tuntap 11 ip maddr/mroute/mrule 12 ip monitor 13 ip xfrm 14 ip netns 14.1 概述 process network namespace management 这一节的技术其实在前面的章节里面已经使用了很多了,在这篇文章里面有比较完整的实验例子,其他参考文献也很多,比如Introducing Linux Network Namespaces,Linux网络名字空间(Network Namespace)介绍(同前一篇) ,linux network namespace 学习 , 网络名字空间,下面是来自帮助文档的一段有用的概述。 A network namespace is logically another copy of the network stack,with its own routes, firewall rules, and network devices.
Linux网络工具学习之:IP命令学习15 标签(空格分隔): 网络 本文旨在通过IP命令介绍和学习Linux网络的相关知识 1. 概述 2. ip link 3. ip addr 4 ip addrlabel 5 ip route 6 ip rule 7 ip neighbour 8 ip ntable 9 ip tunnel 10 ip tuntap 11 ip maddr/mroute/mrule 12 ip monitor 13 ip xfrm 14 ip netns 15 ip l2tp 15.1 概述 第二层隧道协议(英语:Layer Two Tunneling Protocol,缩写为L2TP)是一种虚拟隧道协议,通常用于虚拟专用网。L2TP协议自身不提供加密与可靠性验证的功能,可以和安全协议搭配使用,从而实现数据的加密传输。经常与L2TP协议搭配的加密协议是IPsec,当这两个协议搭配使用时,通常合称L2TP/IPsec。 Usage: ip l2tp add tunnel remote ADDR local ADDR tunnel_id ID peer_tunnel_id ID [ encap { ip | udp } ] [ udp_sport PORT ] [ udp_dport PORT ] Usage: ip l2tp add session [ name NAME ] tunnel_id ID session_id ID peer_session_id ID [ cookie HEXSTR ] [ peer_cookie HEXSTR ] [ offset OFFSET ] [ peer_offset OFFSET ] [ l2spec_type L2SPEC ] ip l2tp del tunnel tunnel_id ID ip l2tp del session tunnel_id ID session_id ID ip l2tp show tunnel [ tunnel_id ID ] ip l2tp show session [ tunnel_id ID ] [ session_id ID ] Where: NAME := STRING ADDR := { IP_ADDRESS | any } PORT := { 0..65535 } ID := { 1..4294967295 } HEXSTR := { 8 or 16 hex digits (4 / 8 bytes) } L2SPEC := { none | default } 参考:manual 参考:第二层隧道协议 参考:Layer 2 Tunneling Protocol Tunnels 相关的知识: 参考:Types of Network Tunnels 参考:GRE vs IPIP Tunneling ipip tunnel 是端对端的,通信也就只能是点对点的,而 GRE tunnel 却可以进行多播。 参考:VPN 隧道协议PPTP、L2TP、IPSec和SSLVPN的区别 参考:技术点详解—L2TP VPN 参考:互联网安全协议 15.2 ip l2tp add/del/show tunnel 增删查tunnel 15.3 ip l2tp add/del/show session 增删查a new session to a tunnel modprobe l2tp_eth #Setup L2TP tunnels and sessions ip netns exec net1 ip l2tp add tunnel tunnel_id 3000 peer_tunnel_id 4000 encap udp local 192.168.0.1 remote 192.168.0.2 udp_sport 5000 udp_dport 6000 ip netns exec net1 ip l2tp add session tunnel_id 3000 session_id 1000 peer_session_id 2000 ip netns exec net2 ip l2tp add tunnel tunnel_id 4000 peer_tunnel_id 3000 encap udp local 192.168.0.2 remote 192.168.0.1 udp_sport 6000 udp_dport 5000 ip netns exec net2 ip l2tp add session tunnel_id 4000 session_id 2000 peer_session_id 1000 ip netns exec net1 ip link set l2tpeth0 up mtu 1488 ip netns exec net2 ip link set l2tpeth0 up mtu 1488 #Notice that the IP addresses, UDP ports and tunnel / session ids are matched and reversed at each site.
