by jonstickman on 12/23/2023, 6:02:34 PM
by mtlynch on 12/23/2023, 11:57:38 AM
I found this a bit too abstract to follow.
It would be helpful if the article explained a practical scenario where you'd want to use this technique.
The only explanation is "Packet redirection is taking a packet from one network interface and injecting it into another," but then there's no attempt to explain why you'd want to do this in practice.
The article also uses a lot of notation without explaining it. It explains what a "veth" is, but it doesn't explain what "veth1@2" or "veth2@1" means. Similarly, it never explains what "netns_1" or "netns_2" are. Are these widely-understood semantics?
by rapidlua on 12/23/2023, 11:16:20 AM
Great writeup, thoroughly enjoyed! The provided "lab" is especially appreciated.
I'm curious if you had reasons to not use veth in noarp mode.
by RecycledEle on 12/23/2023, 7:10:03 PM
"In the context of computer networking, BPF stands for Berkeley Packet Filter. It's a technology used for filtering network packets and allows a user-defined program to determine which packets can be sent/received on the network interface. BPF provides a high-performance way to capture and optionally modify packets as they pass through the network stack, making it a powerful tool for network monitoring, packet analysis, and more complex tasks like intrusion detection and network traffic control. It's widely used in various network applications and operating systems for efficient packet processing."
Source: ChatGPT
Fantastic write up - keep going (please)!
Agree more practical examples but disagree this is too abstract.
I’m thinking starting at more common scenarios then jumping to container networking. Ie - Flow of a packet on a simple node, a two interface node, then namespaces, and then quirky virtual stuff.
Another example - I’d love to see how iptables actually works. Maybe how to use ebpf to implement iptables things like source/dest NAT, Masquerade, etc.
But yeah I learned a ton here. Thanks