chuck duffy june, 2015 an introduction linux for network engineers

Chuck Duffy

June, 2015

An Introduction

Linux For Network Engineers

2© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Why is Linux important to a Cisco Engineer• Three Reasons

• It’s all around us – IoT, Servers, OpenStack• A good portion of our products are built on top of linux• Our Competition is promoting it, Customers are asking for it

• Leading network distributions• Monta Vista (Cavium,) Wind River (Intel)• Before linux – VxWorks, QNX, eCos

N7K – WindRiver 5

N9K – WindRiver 6APIC - Centos

ASA

IPT endpoints - Android

Cisco/SA STB & GW - RDK

CUCM- Red Hat

UCS CMC – Monta Vista

CBR-8

IOS-XECat3850CSR1KV

NCS 6000IOS-XEASR1K

IOS-XE ISR-4400Meraki - Click


Agenda

• Linux Overview and History

• The Basics

• Linux Networking

• Q&A


What is Linux• Linux is a clone of the operating system Unix, written from scratch by Linus Torvalds with assistance

from a loosely-knit team of hackers across the Net. It aims towards POSIX and Single UNIX Specification compliance .It has all the features you would expect in a modern fully-fledged Unix, including true multitasking, virtual memory, shared libraries, demand loading, shared copy-on-write executables, proper memory management, and multistack networking including IPv4 and IPv6. Although originally developed first for 32-bit x86-based PCs (386 or higher), today Linux also runs on a multitude of other processor architectures, in both 32- and 64-bit variants – kernel.org definition

• The Linux operating system is comprised of a “Kernel” as well as libraries and programs.• The Kernel is maintained by kernel.org

• Linux is a Monolithic(but modular) Kernel (vs. Windows NT and later are micro kernel)

Source:http://en.wikipedia.org/wiki/Monolithic_kernel


Why Linux? • It’s everywhere!

• Massive deployments with Facebook, Amazon, Google push the limits of scale

• Openstack/Containers

• Platform ubiquity – Wearables, Phones, Notebooks, Desktops, Servers, Super Computers

• Embedded – Set Top Boxes, network HW, home routers, phones

• Open source • Unlike other Operating Systems, Linux is completely

open source. Anyone can view the source code, make changes and redistribute the OS.

• Volume of developers• Open Source licensing allows companies to take linux

as is and build upon if for their own products

• Rapid rate of development, new features, drivers,patches,etc

• Focus on innovation

• Current trend is to expose Linux in networking devices• Leverage tools

Source:https://www.openhub.net/p/linux

Cisco Systems

pruned picture on the right


Linux History

Ken ThompsonDennis RitchieCreate AT&T UnixRitchie created “C” Programming Language

1969

BSD ReleasedBerkeley SoftwareDistribution

1977

AT&T CommercialUNIX – System III

1982

Richard StallmanGNU Launch

1983

Richard StallmanFree SoftwareFoundation

1985

Andy TannenbaumCreates MinixMInimal UNIX”

1987

Richard StallmanCreates GPL

1988

Linus Torvoldscreates Linux

1991

Linux LicensedUnder GPL

1992

"...the number of UNIX installations has grown to 10, with more expected...”- Dennis Ritchie and Ken Thompson, June 1972

“Hello everybody out there using minix –I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. This has been brewing since april, and is starting to get ready. I'd like any feedback nothings people like/dislike in minix, as my OS resembles it somewhat>”-Linus Torvalds 8/25/1991 os.comp.minix

KVM merged Into kernel

Linux Foundation startedLinus Torvalds Fellow

2007

Free Unix!Starting this Thanksgiving I am going to write a complete Unix-compatible software system called GNU (for Gnu's Not Unix), and give it away free (1) to everyone who can use it. Contributions of time, money,(2) programs and equipment are greatly needed...- Richard Stallman; Posting to net.unix-wizards; 27 Sept. 1983.

Slackware ReleasedOver 100 developersWork on KernelRH founded

1993

Linux Kernel 1.0RH 1.0SUSE 1.0

1994

Kernel 2.0

1996

IBM/OracleAnnounce supportFor Linux

1998

IBM invest $1B in LinuxTech center, etc

2001

Kernel 3.0

2011

1B devices shipWith Andoid OS

2014

Unix Hobbyist Enterprise Web 2.0 IoT

http://www.livinginternet.com/i/ia_hackers_stallman.htm

http://groups.google.com/[email protected]


Open Source Software• Open Source Initiative – founded in 1998

• Practical benefits

• OSS – developed in a collaborative, public way

• Common Open Source Licenses• Apache License 2.0

• BSD 3-Clause "New" or "Revised" license

• BSD 2-Clause "Simplified" or "FreeBSD" license

• GNU General Public License (GPL)

• GNU Library or "Lesser" General Public License (LGPL)

• MIT license

• Mozilla Public License 2.0

• Common Development and Distribution License

• Eclipse Public License

• http://opensource.org

• Free Software Foundation, 1985 by Richard Stallman• Philosophical

• Free as in “Freedom” not cost

• Specifically, free software means users have the four essential freedoms: (0) to run the program, (1) to study and change the program in source code form, (2) to redistribute exact copies, and (3) to distribute modified versions.

• GPL states that derivative works must also be released under the GPL

• GNU GPL guarantees the above freedoms. GPLv2(1991)is used by the kernel. GPLv3 closed some loopholes and added a clause to prevent HW restrictions (think Tivo, STB)

• Lesser GPL

• http://www.fsf.org

http://www.fsf.org/

http://www.fsf.org/


Open Source Licenses Overview

Free Software• Freedom to use• Freedom to study• Freedom to copy• Freedom to modify and distribute modified copies

Copyleft licensesModified code must be released under the

same license

Non-Copyleft licensesModified code can be kept proprietary,

but still requires attribution

GPL (General Public License)

Requires derivative works to be released under the same license and programs linked with a library released under the GPL must also

be released under the GPL.

LGPL (Lesser General Public

License)Programs linked against a library under the LGPL do not need to be released under the LGPL and can

be kept proprietary. It must be linked dynamically, not statically.

• Apache license• BSD license• MIT license• X11 license


Agenda


• The Basics

• Automation

• Virtualization

• The Linux Networking Stack

• Practical Examples

• Q&A


Distributions• A Linux distribution (distro) is an operating

system made as a collection of software based around the Linux kernel and often around a package management system. -Wikipedia

• Distrowatch list 300 distributions of Linux

• Distributions stem from Red Hat, Debian or Slackware

• Distro’s can be focused on a niche requirement. For example, Kali is focused on penetration/security testing while Wind River focuses on embedded and real time requirements. OpenWrt focuses on home routers

• Distributions contain a pre defined set of “packages” Server, Desktop, etc

• Distributions can favor features or stability• Ubuntu LTS, RHEL, Centos – stability, Ubuntu,

Fedora – features

• Android (Linux 3.4 kernel), Open Source maintained by Google

Image Source:http://graal.ens-lyon.fr/diet/news/diet-available-in-major-linux-distribution/image/image_view_fullscreen


Linux Packages• Packages are a convenient way to deliver

software• Originally tarballs were used

• CLI tool required to install/update/remove software• Red Hat – rpm cli, .rpm package format

• Debian – dpkg cli, .deb package format

• An .rpm contains:• Header –file list, description, dependencies

• Signature –

• Files – usually compressed

• Drawbacks – • Does not resolve/remove dependencies

• Need to copy the software (.rpm) to the machine

• No directory of software

Cisco Systems

new slide


Linux Package Management Systems• Addresses the drawbacks of tools like rpm /

dpkg• Find software, install/uninstall, update, resolve

dependencies

• Uses a repository(from distribution or on-site) trusted software

• Maintains a database of installed packages and their dependencies

• CLI tool required to install/update/remove software• RedHat – yum

• Debian – apt-get, aptitude

Cisco Systems

new slide


The Kernel• Maintained by Kernel.org

• Intermediary between applications and the Hardware – It abstracts the HW

• Kernel Subsystems• Process Management, Memory Management,

System Calls, Networking, File Systems, and Device Drivers

• Linux uses a Monolithic Kernel• KLM - Kernel Loadable Modules

• Modules can be loaded/unloaded dynamically

• A key attribute of Linux is the ability to recompile the kernel. A user can customer build the OS to suit their specific needs add/removing kernel sosftware.

Source:https://knowstuffs.files.wordpress.com/2012/06/linux_kernel2.png


Kernel and User • CPU’s have several different execution

modes

• Linux uses two – O and 3

• Privilege switch

• Kernel Mode vs. User Mode

• Kernel mode – code has complete access to all hardware and memory

• User mode – code has no access to hardware and access only to it’s assigned memory

• Kernal space vs. user space

• Kernel space is reserver for the kernel

• User space is the memory where user processes run. Sometimes called userland

• System Calls

• Allow user processes to interact with the kernel

• Ex. opening a file, creating a new process

• Applicationglibc-syscall-kernel

Source:http://en.wikipedia.org/wiki/Protection_ring#mediaviewer/File:Priv_rings.svg

Source:http://en.wikipedia.org/wiki/User_space

Cisco Systems

reworded


Startup Process• Bootloader – usually GRUBv2 (GNU Grand

Unified Bootloader)

• GRUB stages• boot.img loads from the MBR. It has to fit in one

sector and be under 512 Bytes (4096 on newer disks)

• core.img loads. This file was created during the GRUB setup process and contains various modules that are needed to read the file system, video, keyboard, etc…In addition to limited commands found in grub> CLI

• Initial RAM File System – initramfs (formally initrd) is sometimes started if there are unique device drivers, etc that won’t fit in core.img

• find the kernel on disk (CD,PXE,USB,etc) and then presents the user with a text menu asking what they want to boot

BIOSPower

ONSystemd(PID 1)GRUBv2 Kernel Programs

Stage 1 Stage 2

Cisco Systems

reworded - cleaned up


systemd• System management framework

• Developed by Lennart Poettering and Kay Sievers – Red Hat

• Replaces init (SysVinit) launched in 2010• Canonical had launched a project called

upstart(used in RH6)

• First process after the kernel loads(PID 1)

• Advantages• Allows processes to be started in parallel without

waiting for dependencies (Apple uses a similar approach called launchd – OS-X 10.1. Can restart services without losing messages

• Creates and manages sockets between processes

• Dependencies are defined explicitly instead of implied by boot order

• Replaces service and chkconfig service managers

• Eliminate differences between distributions (shell scripts)

• Can start services and features “on demand”

• Typical commands• systemctl start [name.service]

• systemctl stop [name.service]

• systemctl restart [name.service]

• systemctl reload [name.service]

• systemctl status [name.service]


Processes• Process – a running instance of a program

• PID 0 is the scheduler or swapper, PID 1 is systemd(init).

• fork and exec – fork creates an exact but independent copy of a running process. Exec load a new program into the new copy –copy on write

• clone – creates a copy of a process that can share resources with the parent(mem, files,etc) used to implement threads – used by threads

• Process vs. thread. Processes are completely independent of one another. Threads can share memory, open files, etc

• Multitasking – Linux is a pre-emptive multitasking OS. Processes share the CPU

• Processes can be running, waiting, or sleeping (also, zombie, orphaned, stopped)

• Daemons – A server process which runs continually

• Process attributes – PID, PPID, NICE, User

• Niceness – used to set priority of a process. • Nice is used to set priority of a process

• Renice is used to change the priority of a running process

• Nice values -20(high) to 19(low) priority

• Every process has an owner

• Cgroups – Control Groups introduced in kernel 2.6.24. allows grouping, tracking and isolation of processes. Foundation for Containers


Completely Fair Scheduler• Written by Ingo Molnar, Red Hat. Merged into

Kernel 2.6.23

• Improvement over previous schedulers• Previous linux schedulers only had two variables –

timeslice and priority

• Previous schedulers also used heuristics to determine if a process was interactive – like Firefox and needed more CPU to improve user experience

• CFS uses Weighted Fair Queuing• It divides the number of CPUs by the runnable

processes and assigns each process a fair proportion

• CFS tracks the wait time of each process and uses it to determine which process should run next and how long it should run(Red Black Tree)

• Weighting is provided by nice number -20 highest, 19 is the lowest.

• Context Switch• Each time the scheduler stops a process it must

store its complete state so that when the process runs again it can pick up exactly where it left off

Source:http://www.linuxjournal.com/magazine/completely-fair-scheduler


Linux File System• Key Linux File System Concepts

• “everything is a file”

• Files have ownership

• Permissions (files and directories) user|group|other

• Key Directories• /boot – holds kernel, /etc – holds config files, /bin – systems

commands, /sbin – admin commands, /home – user directories, /lib – shared libraries, /usr - applications

• Virtual File System• /dev – devices connected to the system. Character (tty, keyboard,

mouse) or block devices (hard drives,CDROM,etc)

• /proc – Information about running processes. There is a subdirectory for each running PID

• /sys – sys filesystem(sysfs) –is a virtual file system that the kernel creates and provides info on HW/Drivers etc


File permissions

d = directoryL = symbolic link – points to another location- = file

User and group

User Group Other

Access rwx rwx rwxBinary 421 421 421Enabled 111 111 100Result 421 401 400

----- ----- -----Total 7 7 4


The Shell• In computing, a shell is a user interface for

access to an operating system's services. In general, operating system shells use either a command-line interface (CLI) or graphical user interface (GUI), depending on a computer's role and particular operation – Wikipedia

• Examples - Bourne Shell (sh), C Shell (csh),Bourne-Again Shell (bash), Korn Shell (ksh)

• bash is most commonly used in linux today – bash is a GNU project and it incorporates best features of C and korn into the original Bourne Shell(Stephen Bourne – Bell Labs, Unix shell)

• The shell has built in commands – like cd,pwd, logout, etc that when called execute in the same process as the shell. Other programs when called create new processes via ‘fork”

• Shell commands can be “piped” that is the output of one command can be directed to the input of the next command

• Scripting – Shell Scripts

• Ability to link together small programs, redirect output, etc


Communications in Linux• Signals

• A form of IPC. Processes react by executing the appropriate signal handler. Ex. CTRL-C sends a SIGINT which terminates a process

• Centos 7 has 64 signals

• Pipes • Unidirectional Byte streams that connect

the stdout of one process to the stdin of another

• Uses Virtual Files System

• Sockets• Domain Sockets – within one machine –use

the AF_Local protocol• Any process can create a domain socket• Network(IP) Sockets – communications

over the network

• Netlink Sockets• Bi-directional communications between

userspace and the kernel• iproute2 uses Netlink

• d-bus• D-bus-daemon acts as a hub for IPC.

Processes can register with it and receive certain types of events – USB disk plugging in, etc..

• Originally designed for communications between desktop applications


Virtual Memory• Linux breaks physical memory into 2

regions – kernel space and user space• In IA32 architecture the limit is 4GB

kernel is 1GB and userspace is 3GB• User space applications cannot access

kernel space

• Linux provides each process with it’s virtual address memory space• That space is mapped into the physical

memory via a page table held in MMU

• Memory Management Unit(MMU) Modern servers have an MMU that manages the “page table”. the kernel programs the MMU

• The page table can “swap” physical memory to disk if needed


• Introduced in kernel 2.6.24

• Isolation - Enable a process (or several processes) to have different views of the system than other processes.

• No hypervisor layer (as in OS virtualization like KVM, Xen).

• There are currently 6 namespaces:• mnt (mount points, filesystems)

• pid (processes)

• net (network stack - netns)

• ipc (System V IPC)

• uts (hostname)

• user (UIDs)

Linux Namespaces

Cisco Systems

New Slide


• Introduced in kernel 2.6.24

• Provide a mechanism for aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behavior.

• cgroups allow you to allocate resources—such as CPU time, system memory, network bandwidth, or combinations of these resources—among user-defined groups of tasks (processes) running on a system.

Linux cgroups

Namespaces and control groups are the foundation for Containers

Cisco Systems

New Slide


Agenda


• The Basics

• Linux Networking

• Q&A


Linux Networking • Continuous improvement on how Linux handles

networking• Drivers - network speed from 10/100M - 1Gbps-

10Gbps, Virtualization

• NAPI - Introduced in Kernel 2.5. Changed from interrupt driven to polling model. Kernel 3.11 adds “Busy Poll”

• Linux has extensive networking features – Routing, Bridge, Firewall, Proxy, NAT, Load Balancing, etc…

• Kernel based packet forwarding• Netfilter framework

• handles L2 – 4

• Namespaces introduce routing tables per namespace(VRF)

• Userspace tools• IPRoute2 – ip route show

• Net-tools –(deprecated) ifconfig, netstat, route, arp

• Iputils – ping, ping6, arping, tracepath

• Linux Router Subsystem• A Linux host can act as a router if ip_forward = 1 in

kernel

• Basic Routing is DST based, Longest prefix match

• Linux supports 255 routing tables

• 2 tables by default -local, main

• Local maintained by kernel – ip addr from hosts

• Main is used with ip route cmd

• Policy Routing • Source interface, source address, ToS,

Fwmark(Firewall Mark from iptables)

• Creates a unique table

• Routing order• Cache

• Local table

• RPDB- Routing Policy Data Base

• Main Routing table

Cisco Systems

cleaned


Netfilter Framework• Introduced in 1998 by Rusty Russell(IBM) and

replaced Ipchains and Ipfwadm

• Linux Kernel 2.4 and later – Kernel module• Separate kernel modules

ip_tables,ip6_tablesarp_tables,ebtables

• iptables/ebtable/conntrack is the userspace interface

• Nftables is a Netfilter project to replace existing iptables kernel and userspace programs• nft replaces iptables,ip6tables,arptables ebtables

• Userspace tools communicate with kernel via Netlink

• Key Features• Stateless and stateful packet filtering (iptables)

• NAT(masquerading)

• Packet Mangling

• Connection Tracking

• Tables – NAT, Mangle, Filter

• Chains – PREROUTING, FORWARD, INPUT, OUTPUT, POSTROUTING

• The basis for secgroups in Openstack and AWS

Source:http://en.wikipedia.org/wiki/Netfilter


Source:http://linux-ip.net/nf/nfk-traversal.pdf


Linux Virtual Network Devices• Bridge

• Bridges connect Ethernet segments (L2). A simple learning bridge that performs a DST MAC lookup

• Kernel Module – bridge.ko

• Userspace – bridge_utils

• Each bridge maintains it’s own forwarding table

• Basic Spanning Tree – no RSTP or MSTP

• VETH – Virtual Ethernet Device• always used in pairs. Traffic that enters one side

leaves the other. Each side has a MAC address

• Uses sockets

• TUN/TAP – Network Tunnel/Network Tap interface. • Tun is L3 while Tap is L2

• Delivers packets to and from userspace into the kernel networking stack

• Openstack Compute Host with OVS - For an Ethernet frame to travel from eth0 of virtual machine vm01 to the physical network, it must pass through nine devices inside of the host.

Source:http://docs.openstack.org/admin-guide-cloud/content/under_the_hood_openvswitch.html

Cisco Systems

modified


31

Network Programmability User's Group (NPUG)

To hear more:

Check the NPUG wiki

http://cs.co/npug

Join the Mailer for Updates and Recordings

http://cs.co/npugmailer

View Previous Recordings

http://cs.co/npughistory

Feedback – good/bad, topics, speakers, help out:

[email protected] http://cs.co/NPUG

http://cs.co/npug

http://cs.co/npug

http://cs.co/npug







mailto:[email protected]

http://cs.co/NPUG

chuck duffy june, 2015 an introduction linux for network engineers

Documents

linux linux

linux vxworks

linux important

introduction linux

kernel linux foundation

cisco andor

kernel slide

free unix