Linux Networking

date
May 11, 2025
type
Post
AI summary
slug
computer-networks-linux
status
Published
tags
Networks
summary
Linux provides a highly transparent and programmable networking stack, allowing you to see exactly how packets traverse interfaces, bridges, and routing tables. This post introduces the foundational tools and concepts for inspecting and configuring Linux’s data plane directly, rather than relying on abstracted models.
Linux offers a powerful, programmable networking stack. Unlike abstract models, Linux allows direct observation and control of how packets move through interfaces, bridges, and routing tables. This note focuses on foundational tools and concepts for inspecting and configuring the Linux data plane.

Linux Data Plane

The data plane handles how packets are processed, routed, or dropped as they pass through the system. It includes:
  • Ingress: Packet reception at an interface
  • Processing: Routing, filtering, or forwarding
  • Egress: Packet transmission out of an interface
This path can be inspected and modified in detail using kernel utilities and configuration files.

Interface Management with ip link

The ip tool is used for managing network interfaces. Key subcommands:
  • ip link show: List all interfaces
  • ip link set dev eth0 up: Enable an interface
  • ip link set dev eth0 down: Disable an interface
  • ip link add veth0 type veth peer name veth1: Create virtual Ethernet pairs
  • ip link delete veth0: Remove a virtual interface
Virtual interfaces (like veth pairs) are essential for building isolated networks in namespaces or containers.

Create a Virtual Ethernet (veth) Pair

A virtual Ethernet (veth) pair is a powerful tool in Linux networking that allows two separate network environments to communicate as if they were physically connected via an Ethernet cable. Each end of the veth pair acts as a regular network interface, but it exists entirely in software. When a packet is sent into one interface, it emerges at the other end, and vice versa. This setup is foundational in modern container and namespace-based networking.
One of the most common uses of a veth pair is to connect a network namespace or container to the main host. You typically leave one end of the pair in the root namespace (e.g., veth0) and move the other end (e.g., veth1) into a separate namespace or container. This allows the isolated environment to exchange packets with the host or be attached to a Linux bridge for communication with other containers or services. Docker, for instance, uses veth pairs to connect containers to the docker0 bridge.
Beyond container networking, veth pairs are useful for simulating complex virtual networks. They can be used to build test labs that mimic routers, switches, and firewalls, or to simulate multi-interface systems. Tools like tc (traffic control) can be applied on these interfaces to emulate latency, packet loss, and bandwidth throttling, making them ideal for realistic testing of network behavior.
Because veth pairs are entirely virtual, they are lightweight, flexible, and do not require any additional hardware or virtual machines. They enable fine-grained control over traffic flow, isolation, and routing in a secure and efficient way. This makes them indispensable for learning, testing, or deploying advanced networking solutions using only a Linux host.

Virtual Bridges

A Linux bridge acts as a virtual Layer 2 switch, connecting multiple interfaces. Common operations:
  • ip link add name br0 type bridge: Create a bridge
  • ip link set dev eth0 master br0: Add interface to bridge
  • ip link set dev br0 up: Enable the bridge
Bridging is used to simulate shared Ethernet segments, especially in virtual networks and containerized systems.

Routing and Addressing

To forward packets across interfaces, Linux uses routing tables:
  • ip route show: View current routes
  • ip route add 10.0.0.0/24 via 192.168.1.1: Add a static route
  • ip addr add 192.168.1.10/24 dev eth0: Assign an IP address to an interface
This controls how Linux decides where to send outbound traffic.

Troubleshooting and Diagnostics

Key tools to inspect and debug network state:
  • ip a: View IP addresses assigned to interfaces
  • ip r: View routing table
  • ethtool eth0: Get physical link info (speed, duplex, etc.)
  • tcpdump -i eth0: Capture and display live packets
  • ss -tuln: Show listening ports and connections
  • ping, traceroute: Test connectivity and route path
These tools are essential for tracing how packets move through the system and diagnosing misconfigurations.

Lab Topology and Environment

Networks can be safely simulated using:
  • Network namespaces to isolate network stacks
  • veth pairs to connect namespaces
  • Bridges to create shared Layer 2 domains
This allows you to build custom topologies (e.g., router → switch → host) without additional hardware.

Summary

This week introduces essential Linux networking primitives: interfaces, bridges, routing, and diagnostics. By configuring the data plane directly, you gain full visibility into how Linux systems handle network traffic, setting the foundation for deeper topics like firewalls, NAT, and dynamic routing.

© Qiwei Mao 2024 - 2025