{"id":259,"date":"2023-02-22T14:01:22","date_gmt":"2023-02-22T14:01:22","guid":{"rendered":"https:\/\/devopsopen.com\/?p=259"},"modified":"2024-01-06T21:48:57","modified_gmt":"2024-01-06T21:48:57","slug":"network","status":"publish","type":"post","link":"https:\/\/devopsopen.com\/index.php\/2023\/02\/22\/network\/","title":{"rendered":"Network"},"content":{"rendered":"<h1>Network<\/h1>\n<h4 id=\"Summary\">Summary<\/h4>\n<ul class=\"ez-toc-page-1 ez-toc-heading-level-2\">\n<li><a title=\"Networking basics\" href=\"#Networking basics\"> Networking basics<\/a><\/li>\n<li><a href=\"#Network Namespaces\">Network Namespaces<\/a><\/li>\n<li><a href=\"#Core DNS\">CoreDns<\/a><\/li>\n<li><a title=\"Cluster Networking\" href=\"#Cluster Networking\"> Cluster Networking<\/a><\/li>\n<\/ul>\n<h2 id=\"Networking basics\"><a title=\"Summary\" href=\"#Summary\">Networking basics<\/a><\/h2>\n<p><span style=\"text-decoration: underline;\"><strong>Internet<\/strong><\/span><\/p>\n<p>The network view of internet :<\/p>\n<p>Backbon are big fiber cables between states or cities.<\/p>\n<p>the peering can be between two AS and the numerci logictic can be low cost or in the same contry or between the AS<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-273\" src=\"https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/internet.png\" alt=\"\" width=\"1074\" height=\"704\" srcset=\"https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/internet.png 1074w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/internet-300x197.png 300w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/internet-1024x671.png 1024w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/internet-768x503.png 768w\" sizes=\"(max-width: 1074px) 100vw, 1074px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>Example network paquets :<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-274\" src=\"https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/tracert.png\" alt=\"\" width=\"732\" height=\"254\" srcset=\"https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/tracert.png 732w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/tracert-300x104.png 300w\" sizes=\"(max-width: 732px) 100vw, 732px\" \/><\/p>\n<p>You can visit the site for more details :<\/p>\n<p>https:\/\/www.arcep.fr\/cartes-et-donnees\/nos-publications-chiffrees\/linterconnexion-de-donnees\/barometre-de-linterconnexion-de-donnees-en-france.html : Autorit\u00e9 de r\u00e9gulation des communications \u00e9lectroniques, des postes et de la distribution de la presse give more information about internet<\/p>\n<p>https:\/\/bgp.tools\u00a0 or https:\/\/bgp.he.net\/ for informations about AS et IPs<\/p>\n<p>https:\/\/www.iana.org\/ <strong>IANA<\/strong> the subsidiary of <strong>ICANN<\/strong> who manage AS Numbers and IPs for AS, it manages also Domain name servers<\/p>\n<p>https:\/\/dn42.net\/home\u00a0 :to create a private network and simulate AS creation<\/p>\n<p>https:\/\/blog.ataxya.net\/un-as-chez-soi-cest-possible\/\u00a0 for more details of internet<\/p>\n<p>https:\/\/tunnelbroker.net\/ : site to get tunel for using IP6 free<\/p>\n<p>https:\/\/academy.ripe.net\/ : academy to be aware of creation AS and network, very important to begin with this web site<\/p>\n<p>https:\/\/www.youtube.com\/watch?v=X1QJphPLhlM : To visualiz NRO...<\/p>\n<p>http:\/\/nsinfo.yo.fr\/snt_internet_tcpip.html : Web site for OSI details and transmission of Data from A to B<\/p>\n<p><strong><span style=\"text-decoration: underline;\">Network bridge<\/span><\/strong><\/p>\n<p>Is a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Networking_hardware\" title=\"Networking hardware\">computer networking device<\/a> that creates a single, aggregate network from multiple <a href=\"https:\/\/en.wikipedia.org\/wiki\/Communication_network\" class=\"mw-redirect\" title=\"Communication network\">communication networks<\/a> or <a href=\"https:\/\/en.wikipedia.org\/wiki\/Network_segment\" title=\"Network segment\">network segments<\/a><\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-262\" src=\"https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/bridg.png\" alt=\"\" width=\"463\" height=\"357\" srcset=\"https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/bridg.png 463w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/bridg-300x231.png 300w\" sizes=\"(max-width: 463px) 100vw, 463px\" \/><\/p>\n<p><strong><span style=\"text-decoration: underline;\">Network switch<\/span><\/strong><\/p>\n<p>Is a bridg but with multiport (also called <b>switching hub<\/b>, <b>bridging hub<\/b>, and, by the <a href=\"https:\/\/en.wikipedia.org\/wiki\/IEEE\" class=\"mw-redirect\" title=\"IEEE\">IEEE<\/a>, <b>MAC bridge<\/b><sup id=\"cite_ref-1\" class=\"reference\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Network_switch#cite_note-1\">[1]<\/a><\/sup>) is <a href=\"https:\/\/en.wikipedia.org\/wiki\/Networking_hardware\" title=\"Networking hardware\">networking hardware<\/a> that connects devices on a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Computer_network\" title=\"Computer network\">computer network<\/a> by using <a href=\"https:\/\/en.wikipedia.org\/wiki\/Packet_switching\" title=\"Packet switching\">packet switching<\/a> to receive and forward data to the destination device.<\/p>\n<p>A network switch is a multiport <a href=\"https:\/\/en.wikipedia.org\/wiki\/Network_bridge\" title=\"Network bridge\">network bridge<\/a> that uses <a href=\"https:\/\/en.wikipedia.org\/wiki\/MAC_address\" title=\"MAC address\">MAC addresses<\/a> to forward data at the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Data_link_layer\" title=\"Data link layer\">data link layer<\/a> (layer 2) of the <a href=\"https:\/\/en.wikipedia.org\/wiki\/OSI_model\" title=\"OSI model\">OSI model<\/a>. Some switches can also forward data at the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Network_layer\" title=\"Network layer\">network layer<\/a> (layer 3) by additionally incorporating <a href=\"https:\/\/en.wikipedia.org\/wiki\/Routing\" title=\"Routing\">routing<\/a> functionality. Such switches are commonly known as layer-3 switches or <a href=\"https:\/\/en.wikipedia.org\/wiki\/Multilayer_switch\" title=\"Multilayer switch\">multilayer switches<\/a>.<sup id=\"cite_ref-layer3_2-0\" class=\"reference\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Network_switch#cite_note-layer3-2\">[2]<\/a><\/sup><\/p>\n<p>To communicate with another device you can juste add the device with command :<\/p>\n<blockquote>\n<pre><span id=\"page38R_mcid19\" class=\"markedContent\"><span dir=\"ltr\" role=\"presentation\">ip<\/span><\/span><span id=\"page38R_mcid20\" class=\"markedContent\"> <span dir=\"ltr\" role=\"presentation\">addr<\/span><\/span><span id=\"page38R_mcid21\" class=\"markedContent\"> <span dir=\"ltr\" role=\"presentation\">add 192.168.1.10\/24 dev eth0<\/span><\/span><span id=\"page38R_mcid22\" class=\"markedContent\"><\/span><span id=\"page38R_mcid23\" class=\"markedContent\"><\/span><span id=\"page38R_mcid24\" class=\"markedContent\"> <\/span><\/pre>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<p><strong><span style=\"text-decoration: underline;\">Routing<\/span><\/strong><\/p>\n<p>For networking into the same network we can use switch but if\u00a0 you want to communicate with an extern network you use router<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-263\" src=\"https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/switchingrouting.png\" alt=\"\" width=\"1066\" height=\"277\" srcset=\"https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/switchingrouting.png 1066w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/switchingrouting-300x78.png 300w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/switchingrouting-1024x266.png 1024w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/switchingrouting-768x200.png 768w\" sizes=\"(max-width: 1066px) 100vw, 1066px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>Gateway<\/strong><\/span><\/p>\n<p>If the network is a room the gateway is the door, as you can see into image above, the gatway is the adress ip 192.168.1.1<\/p>\n<p>To see details of gatways , you can use command route and ip route add to add the gateway<\/p>\n<blockquote>\n<pre>route <br \/><span id=\"page65R_mcid58\" class=\"markedContent\"><span dir=\"ltr\" role=\"presentation\">ip<\/span><\/span><span id=\"page65R_mcid59\" class=\"markedContent\"> <span dir=\"ltr\" role=\"presentation\">route add 192.168.2.0\/24 via 192.168.1.1<\/span><\/span><\/pre>\n<\/blockquote>\n<p>be attention of the sens of the flow, if the sens the flow is from the system C to system B so the command is bellow th add the ip into the iptable:<\/p>\n<blockquote>\n<pre><span id=\"page65R_mcid58\" class=\"markedContent\"><span dir=\"ltr\" role=\"presentation\">ip<\/span><\/span><span id=\"page65R_mcid59\" class=\"markedContent\"> <span dir=\"ltr\" role=\"presentation\">route add 192.168.1.0\/24 via 192.168.2.1<\/span><\/span><\/pre>\n<\/blockquote>\n<p>we can also have a gateway for internet and add it to the iptable :<\/p>\n<blockquote>\n<pre><span id=\"page65R_mcid58\" class=\"markedContent\"><span dir=\"ltr\" role=\"presentation\">ip<\/span><\/span><span id=\"page65R_mcid59\" class=\"markedContent\"> <span dir=\"ltr\" role=\"presentation\">route add 172.217.194.0\/24 via 192.168.2.1<br \/><br \/><\/span><\/span><\/pre>\n<\/blockquote>\n<p>We can also have a gateway for internet and add it to the iptable.<\/p>\n<p><strong><span style=\"text-decoration: underline;\">Take aways<\/span><\/strong><\/p>\n<blockquote>\n<pre>ip link : is to list modifying interfaces in the host<br \/><br \/>ip addr : is to set ip adresses insignt into interfaces<br \/><br \/><span id=\"page149R_mcid6\" class=\"markedContent\"><span dir=\"ltr\" role=\"presentation\">ip<\/span><\/span><span id=\"page149R_mcid7\" class=\"markedContent\"> <span dir=\"ltr\" role=\"presentation\">addr<\/span><\/span><span id=\"page149R_mcid8\" class=\"markedContent\"> <span dir=\"ltr\" role=\"presentation\">add 192.168.1.10\/24 dev eth0\u00a0 : is to set ip adresse\u00a0 but is ephemere, if you want to persiste this change you should do it into the etc interface network file <br \/><\/span><\/span><br \/><br \/>ip route or route : is the see root table<br \/><br \/><span id=\"page149R_mcid15\" class=\"markedContent\"><span dir=\"ltr\" role=\"presentation\">ip<\/span><\/span><span id=\"page149R_mcid16\" class=\"markedContent\"> <span dir=\"ltr\" role=\"presentation\">route add 192.168.1.0\/24 via 192.168.2.1<\/span><\/span>\u00a0 : is to add ip adresse into ip table<br \/><br \/><span id=\"page149R_mcid21\" class=\"markedContent\"><span dir=\"ltr\" role=\"presentation\">cat \/proc\/sys\/net\/ipv4\/<\/span><\/span><span id=\"page149R_mcid22\" class=\"markedContent\"><span dir=\"ltr\" role=\"presentation\">ip_forward<\/span><\/span> : must equal 1 to check if ip forrwarding is active in the host<\/pre>\n<\/blockquote>\n<p><strong><span style=\"text-decoration: underline;\">Dns<\/span><\/strong><\/p>\n<p>DNS is Domain Name System. To resolve a DNS, the schema bellow explaine the path of dns request without cache.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone  wp-image-287\" src=\"https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/dnsrequest.png\" alt=\"\" width=\"892\" height=\"428\" srcset=\"https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/dnsrequest.png 1182w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/dnsrequest-300x144.png 300w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/dnsrequest-1024x491.png 1024w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/dnsrequest-768x368.png 768w\" sizes=\"(max-width: 892px) 100vw, 892px\" \/><\/p>\n<p>To communicate with other device you can add it in the host file<\/p>\n<blockquote>\n<pre>\/etc\/host <\/pre>\n<\/blockquote>\n<p>But commonly there is a server DNS, that you can configure it in Linux into the file<\/p>\n<blockquote>\n<pre>cat \/etc\/resolv.conf<br \/>nameserver 192.168.1.100<\/pre>\n<\/blockquote>\n<p>We can also chose the priority of the database that can be used to resolve dns with<\/p>\n<blockquote>\n<pre>cat \/etc\/nsswitch.conf<\/pre>\n<pre>passwd: files nis\ngroup: files nis\n<strong>hosts: files dns<\/strong><\/pre>\n<\/blockquote>\n<p><i>'files'<\/i> for local files, '<i>nis'<\/i> for<a href=\"https:\/\/fr.wikipedia.org\/wiki\/Network_Information_Service\" title=\"Network Information Service\"> Network Information Service<\/a>, '<i>nisplus'<\/i> for <a href=\"https:\/\/fr.wikipedia.org\/wiki\/Network_Information_Service#Les_projets_li\u00e9s\" title=\"Network Information Service\">NIS+<\/a>, '<i>ldap'<\/i> for <a href=\"https:\/\/fr.wikipedia.org\/wiki\/Lightweight_Directory_Access_Protocol\" title=\"Lightweight Directory Access Protocol\">protocole LDAP<\/a>, <i>or 'mysql'<\/i> for <a href=\"https:\/\/fr.wikipedia.org\/wiki\/MySQL\" title=\"MySQL\">MySQL<\/a> database..<\/p>\n<p>Sometimes there is no dns into the server and not into the host file so you can add ip dns server 8.8.8.8 (google dns server) to resolve it into 'resolv.conf' or add it into the dns server to forword request<\/p>\n<p>Records stored into DNS server are:<\/p>\n<p>A (Adresse record) web-server 192.168.1.2\u00a0 : associate an IP4 adress to a Domain name system( A for ip4 adress)<\/p>\n<p>AAAA (quad-Adress record) web-server AA25.215A.2354A.DA215 (AAAA for ip6 adress)<\/p>\n<p>CNAME record (Canonical name record)\u00a0\u00a0: This DNS record operates as an alias. It specifies that a particular domain name is an a.b.a. for another domain name www.a.b.c<\/p>\n<p>MX record (Mail exchange record) : This is a record that points to where your email is hosted. It's the record responsible for associating your domain name with an email server. And typically, one domain name can have more than one MX record<\/p>\n<p>TXT record (text record) : TXT records are typically used for verification of a domain name, or implementing the Sender Policy Framework (SPF), and detecting forged use of domain names (for spam, phishing etc.)<\/p>\n<p>SRV record (Server)<\/p>\n<p>SN record (Name Server) :<\/p>\n<p>You should know that when you request an URL, first we look for resolving the URI, so the request go to the DNS server to give us the ip adress . For example when you are at home, your livebox have a DNS server\u00a0 and it attribut to your machine and adresse IP of DNS server automaticaly \"192.168.1.1\" for example . When you want to access to a website, the request go to the DNS livebox server (if there is no resolving in you host file) and get the IP web site adress.<\/p>\n<p>pour voir ses info sous Windows<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone  wp-image-283\" src=\"https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/changerDNS.png\" alt=\"\" width=\"504\" height=\"378\" srcset=\"https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/changerDNS.png 794w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/changerDNS-300x225.png 300w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/changerDNS-768x576.png 768w\" sizes=\"(max-width: 504px) 100vw, 504px\" \/><\/p>\n<p>Command for diag DNS :<\/p>\n<blockquote>\n<pre>nslookup google.com   (the respons \u201cR\u00e9ponse ne faisant pas autorit\u00e9\u201d means that is came from the cach)<br \/>if you dont want to use the cache <br \/>nslookup -type=soa domain.com<br \/>for more details <br \/>nslookup -debug domain.com<br \/><br \/>dig google.com\u00a0\u00a0 (command give more informations)<\/pre>\n<\/blockquote>\n<p><span style=\"text-decoration: underline;\"><strong>WAF and NF<\/strong><\/span><\/p>\n<p>WAF : Web Application Firewall protect applicayion web from web attacks like sql injection, DDOS, ... and is applyed on 7 layer OSI schema.\n<\/p>\n<p> We use a WAF to filtre and monitor requests comming from internet to our system\n<\/p>\n<\/p>\n<p>NF : Network Firewall protect non web application from attacks of type SMTP, FTP ... and is applyed on the 3, 4 layer OSI.<\/p>\n<p>So always we should have those two Firewall because it's complementary.<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>Reverse Proxy<\/strong><\/span><\/p>\n<p>A reverse proxy is a server in front of applications.<\/p>\n<p>A reverse proxy can be used like a WAF (security), LB (perf and reliability), Global Server Load Balancing GSLB (Perf), Cache (perf), SSL Termination (Security), Routing\n<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>Load balancer<\/strong><\/span><\/p>\n<p>Load balancer is a compounent that dispatch trafic to many other compounent. There is several algorithms to load balance a trafic, you can see this website for more details :<\/p>\n<p>https:\/\/kemptechnologies.com\/load-balancer\/load-balancing-algorithms-techniques<\/p>\n<h2 id=\"Network Namespaces\"><a title=\"Summary\" href=\"#Summary\">Network Namespaces<\/a><\/h2>\n<p>You can imagine a network namespace like a room in a home.<\/p>\n<p>the home is the host and the namespace is the room, so to create a namespace network called red :<\/p>\n<blockquote>\n<pre>ip netns add red<\/pre>\n<\/blockquote>\n<p>in a node, you can see all interfaces with command link:<\/p>\n<blockquote>\n<pre>ip link<\/pre>\n<\/blockquote>\n<p>but if you want to execute this command in red namespace network :<\/p>\n<blockquote>\n<pre>ip netns exec red ip link or ip -n red link<\/pre>\n<\/blockquote>\n<p>the same thing with arp command to get resolution of MAc and IP<\/p>\n<blockquote>\n<pre>arp<\/pre>\n<\/blockquote>\n<p>into the network namespace<\/p>\n<blockquote>\n<pre>ip netns exec red arp<\/pre>\n<\/blockquote>\n<p>Connecting two namespaces blue and red nedd a vertual cable,<\/p>\n<blockquote>\n<pre>ip link add veth-red type veth peer name veth-blue<\/pre>\n<\/blockquote>\n<p>link the veth-red network to the namespace red and the veth-blue to blue namespace<\/p>\n<blockquote>\n<pre>ip link set veth-red netns red<\/pre>\n<pre>ip link set veth-blue netns blue<\/pre>\n<\/blockquote>\n<p>Attribute an adress ip to the interface blue and red<\/p>\n<blockquote>\n<pre>ip -n red addr add 192.168.15.1 dev veth-redip -n blue addr add 192.168.15.2 dev veth-blue<br \/>ip -n red link set veth-red upip -n blue link set veth-blue up<\/pre>\n<\/blockquote>\n<p>test connection from red namspace to blue namespace<\/p>\n<blockquote>\n<pre>ip netns exec red ping 192.168.15.2<\/pre>\n<\/blockquote>\n<p>but if you have a lot of namspaces and you want to communicate them, you need a virtual switch like the virtual interface of the namespace.<\/p>\n<p>There is a lot of solution like Linux bridge or open vSwitch. We use Linux Bridg<\/p>\n<blockquote>\n<pre>ip link add v-net-0 type bridge<\/pre>\n<\/blockquote>\n<p>with the command <strong>ip link<\/strong>, you can see the v-net-0 into the host but down so you can use the command '<strong>ip\u00a0 link set dev v-net-0 up<\/strong>'<\/p>\n<p>To connect the red interface to the vswitch, you need to delete the connection with the blue interface, so you can use the command :<\/p>\n<blockquote>\n<pre>ip -n red link del veth-red<\/pre>\n<\/blockquote>\n<p>create bridgs veth-red &lt;--&gt; veth-red-br and veth-blue &lt;--&gt; veth-blue-br\u00a0<\/p>\n<blockquote>\n<pre>ip link add veth-red type veth peer name veth-red-br<br \/>ip link set veth-red netns red<br \/>ip link set veth-red-br master v-net-0<br \/>ip -n red addr add 192.168.15.1 dev veth-red<br \/>ip -n red link set veth-red up<br \/><br \/>ip link add veth-blue type veth peer name veth-blue-br<br \/>ip link set veth-blue netns blue<br \/>ip link set veth-blue-br master v-net-0<br \/>ip -n blue addr add 192.168.15.2 dev veth-blue<br \/>ip -n blue link set veth-blue up<\/pre>\n<\/blockquote>\n<p>Finnaly attribute an adress ip to the virtual switch<\/p>\n<blockquote>\n<pre>ip addr add 192.168.15.5\/24 dev v-net-0<br \/>test network : ping 192.168.15.1<\/pre>\n<\/blockquote>\n<p>The schema resume all operations :<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone  wp-image-292\" src=\"https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/networknamespace.png\" alt=\"\" width=\"404\" height=\"395\" srcset=\"https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/networknamespace.png 544w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/networknamespace-300x293.png 300w\" sizes=\"(max-width: 404px) 100vw, 404px\" \/><\/p>\n<p>To connect with the other namespaces or networks , we should pass by a gateway:<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone  wp-image-294\" src=\"https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/iproote.png\" alt=\"\" width=\"714\" height=\"367\" srcset=\"https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/iproote.png 1117w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/iproote-300x154.png 300w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/iproote-1024x526.png 1024w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/iproote-768x395.png 768w\" sizes=\"(max-width: 714px) 100vw, 714px\" \/><\/p>\n<blockquote>\n<pre>ip netns exec blue ip route add 192.168.1.0\/24 via 192.168.15.5<\/pre>\n<\/blockquote>\n<p>but this it's not suffisant, we should NAT<\/p>\n<p>Accepter les paquets retransmis via le p\u00e9riph\u00e9rique d'IP interne du pare-feu permet aux noeuds du LAN de communiquer entre eux. Cependant, ils ne peuvent toujours pas communiquer vers l'ext\u00e9rieur (par exemple, vers l'internet). Pour permettre aux noeuds du LAN avec des adresses IP priv\u00e9es de communiquer avec les r\u00e9seaux public externes, configurez le pare-feu pour le <i class=\"FIRSTTERM\">masquage d'IP<\/i>, qui masque les requ\u00eates provenant des noeuds du LAN avec l'adresse IP du p\u00e9riph\u00e9rique externe du pare-feu (dans ce cas, eth0)\u00a0:<\/p>\n<blockquote>\n<pre><tt class=\"COMMAND\">iptables -t nat -A POSTROUTING -s 192.168.15.0\/24 -j MASQUERADE<\/tt><\/pre>\n<\/blockquote>\n<p>if the namespace should connect to internet<\/p>\n<blockquote>\n<pre>ip netns exec blue ip route add default via 192.168.15.5<\/pre>\n<\/blockquote>\n<p>if you nedd to connect other namespace with the namespace<\/p>\n<blockquote>\n<pre><tt class=\"COMMAND\">iptables -t nat -A POSTROUTING -dport 80 --to-destination 192.168.15.2:80 -j DNAT<\/tt><\/pre>\n<\/blockquote>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone  wp-image-296\" src=\"https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/dnat.png\" alt=\"\" width=\"637\" height=\"327\" srcset=\"https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/dnat.png 1142w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/dnat-300x154.png 300w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/dnat-1024x525.png 1024w, https:\/\/devopsopen.com\/wp-content\/uploads\/2023\/02\/dnat-768x394.png 768w\" sizes=\"(max-width: 637px) 100vw, 637px\" \/><\/p>\n<h2 id=\"Core DNS\"><a title=\"Summary\" href=\"#Summary\">Core DNS<\/a><\/h2>\n<p>Core DNS is a server DNS in Kubernetes Cluster, to have more information, visit websites :<\/p>\n<p>https:\/\/github.com\/kubernetes\/dns\/blob\/master\/docs\/specification.md https:\/\/coredns.io\/plugins\/kubernetes\/<\/p>\n<h2 id=\"Cluster Networking\"><a title=\"Summary\" href=\"#Summary\">Cluster Networking<\/a><\/h2>\n<p>fdfdfd<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Network Summary Networking basics Network Namespaces CoreDns Cluster Networking Networking basics Internet The network view of internet : Backbon are big fiber cables between states or cities. the peering can be between two AS and the numerci logictic can be low cost or in the same contry or between the AS &nbsp; &nbsp; &nbsp; Example network paquets : You can visit the site for more details : https:\/\/www.arcep.fr\/cartes-et-donnees\/nos-publications-chiffrees\/linterconnexion-de-donnees\/barometre-de-linterconnexion-de-donnees-en-france.html : Autorit\u00e9 de r\u00e9gulation des communications \u00e9lectroniques, des postes et de la distribution de la presse give more information about internet https:\/\/bgp.tools\u00a0 or https:\/\/bgp.he.net\/ for informations about AS et IPs https:\/\/www.iana.org\/ IANA\u2026<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":""},"categories":[12],"tags":[],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[],"version":5}},"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false},"uagb_author_info":{"display_name":"admin","author_link":"https:\/\/devopsopen.com\/index.php\/author\/admin_bak\/"},"uagb_comment_info":2,"uagb_excerpt":"Network Summary Networking basics Network Namespaces CoreDns Cluster Networking Networking basics Internet The network view of internet : Backbon are big fiber cables between states or cities. the peering can be between two AS and the numerci logictic can be low cost or in the same contry or between the AS &nbsp; &nbsp; &nbsp; Example&hellip;","_links":{"self":[{"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/posts\/259"}],"collection":[{"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/comments?post=259"}],"version-history":[{"count":27,"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/posts\/259\/revisions"}],"predecessor-version":[{"id":442,"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/posts\/259\/revisions\/442"}],"wp:attachment":[{"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/media?parent=259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/categories?post=259"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devopsopen.com\/index.php\/wp-json\/wp\/v2\/tags?post=259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}