
IP addresses and routing - weinzierl
https://jvns.ca/blog/2018/07/24/ip-addresses-routing/
======
cproctor
As a middle-school CS teacher, I wrote a networking simulation [1] to help my
students get a sense of how the packets get routed to their destinations.
Importantly, it's vulnerable to spoofing, snooping, and censorship... students
figure out how to do this mischief on their own, which leads to some great
discussions of technical, policy, and ethical aspects of the Internet.

[1] [https://github.com/cproctor/tcp-ip-
simulation](https://github.com/cproctor/tcp-ip-simulation)

~~~
kqr
Thank you for your service as a great teacher. We need more people like you!
This is absolutely great.

------
Hello71
> a bunch of other stuff which I don’t understand that well (metric 600, scope
> link, proto kernel, etc). Not understanding what those things mean hasn’t
> hurt me yet.

These are pretty straightforward. metric 600 means that out of all the
otherwise-identical routes, the kernel will prefer this one to one with a
metric of 601 or greater. scope link means that this address is only valid on
the local link (network interface). scope global means that (the kernel
assumes) this address is valid on the wider Internet. proto kernel means that
the kernel automatically installed this route for you because you used "ip
address add x/y". Now, the "table x" part is actually really interesting,
because Linux doesn't just support "a route table", it supports 256 routing
tables. These are used in conjunction with policy routing in order to support
source address routing, firewall mark based routing, and others. Firewall mark
based routing is extremely powerful: for example: MARK all packets on port 53
whose (using BPF) first DNS query question is jvns.ca, and send those using
eth1 instead of eth0. More mundanely, wg-quick from WireGuard uses this
feature to bypass the VPN for the VPN packets, which allows the VPN to be used
for the VPN gateway.

~~~
eximius
Right, so you need to publish a networking textbook on this stuff, okay?

If that sounds too dreary, I'd take a suggestion for one.

~~~
cesarb
Take a look at the LARTC: [https://www.tldp.org/HOWTO/Adv-Routing-
HOWTO/](https://www.tldp.org/HOWTO/Adv-Routing-HOWTO/)

~~~
Hello71
It's too bad that being 16 years old, lots of the suggestions are now
outdated, like the complete absence of bufferbloat.

------
magicalhippo
"This post is only about IPv4 because I’ve still never used IPv6."

IPv6 almost seems to be the networking equivalent of DAB radio at this point.
A once futuristic tech that grew old in the tooth waiting for its moment.

At least IPv6 is getting developed and it's is easier to update than DAB, so
one can hope that one day in the far future it becomes usable to people like
me.

~~~
fulafel
What's your main issue with its usability? v6 deployment is going up and looks
like it's on track to replace v4, so the DAB analogy sounds a little
diminuitive.

I get v6 on my mobile and on my broadband, and in all respects it seems to
work well for making the internet end-to-end addressable again. With the
devices like RPis and VMs/containers, the simplicity is refreshing vs hacks
involving port forwards or using a for-$$ service as a proxy.

~~~
deaps
Main issue is when you manage a TON of network devices.

What's easier - connecting to something your OOB management network
(10.10.1.0/24) - the fw is 10.10.1.1, the switch is 10.10.1.11, the 5 servers
are 10.10.1.21-26, etc etc...

That's a bit better than typing 2200:Hb43:4432:FE39:019H:F3Z6:3438:2101 etc...

I realize internal dns solves that, but that's a lot of extra dns records to
maintain - which ALSO is an issue if your organization uses HSTS and preloads
subdomains - you must have have a _trusted_ certificate on each management
interface, otherwise the browser simply won't let you manage those things over
a GUI - or, of course, being your own CA and loading your intermediate and/or
root into every deployed box on your network of every person that could
potentially have to manage those devices over HTTPS.

That's literally my only issue with ipv6, in all honesty.

~~~
kiallmacinnes
This pattern really only works at small scale. Add 5 more people, or 50 more
servers - it'll fail.

Either because your new colleagues don't have the same memory as you, or
because switch 10 and server 1 are now conflicting...

------
corndoge
_metric 600_

if two routes to the same destination exist the kernel will (in general) use
the one with the lower metric

 _proto kernel_

this is where the route came from, for most end user hosts this will be kernel
but if your box is running a dynamic routing protocol this might be something
like "ospf", "bgp", etc; those protocols learn routes from neighbors and
install them into the kernel routing table

 _scope link_

this is information about the distance to the nexthop, in this case link means
the nexthop is on the local network

~~~
SteveNuts
I've got a bunch of static routes on my linux boxen using iproute2 tables to
send traffic down the correct interfaces, do you think there's a better way
using dynamic routing? If so what should I start googling?

~~~
corndoge
If the topology is simple then managing static routes can be way easier than
doing dynamic routing correctly, otherwise I'd start looking at BGP. Your best
option right now in terms of software is FRR or bird.

But first you should understand dynamic routing and decide if it's right for
your use case.

[https://en.wikipedia.org/wiki/Dynamic_routing](https://en.wikipedia.org/wiki/Dynamic_routing)

~~~
zokier
Is there particular reason you'd go directly to BGP and not e.g. OSPF?

~~~
corndoge
Familiarity and personal preference

------
PresidentObama
> a bunch of other stuff which I don’t understand that well (metric 600, scope
> link, proto kernel, etc). Not understanding what those things mean hasn’t
> hurt me yet.

This is what I like about Julia's writing - she is frank and tells you when
she doesn't know.

~~~
djohnston
yeah she always gives you a really good starting point and if you care about
those things you have the foundation you need to dig deeper.

------
buro9
Recently I discovered how weird IP addresses are on local machines:

Ping the following:

1.1.257

3.141592

0x01000001

198.2742178

All the fault of
[https://linux.die.net/man/3/inet_aton](https://linux.die.net/man/3/inet_aton)
as everyone follows the implementation and there is no RFC on how to
shorthand/collapse an IP address.

~~~
pingofdoom
lol so those ping to two different addresses:

    
    
      ping 192.168.1.64
      ping 192.168.1.064
    

Good material for underhanded c contest...

~~~
akeruu
This happens more often then you might think.

A lot of people are adding padding when they need to store IPs. So they can be
easily sorted using alphanumeric sort:

192.168.001.001 192.168.001.002 192.168.001.003 ... 192.168.001.254

And then use it that way to connect to servers, causing lots of confusions.

~~~
rashkov
wait, really? padding with zeros maps to a different IP address than the non-
padded version? Is that because a leading zero causes it to be interpreted as
an octal number?

~~~
iooi
Yes.

    
    
        In [2]: socket.inet_aton('226.000.000.037')
        Out[2]: b'\xe2\x00\x00\x1f'
    
        In [3]: socket.inet_aton('226.000.000.37')
        Out[3]: b'\xe2\x00\x00%'
    
        In [4]: socket.inet_ntoa(b'\xe2\x00\x00\x1f')
        Out[4]: '226.0.0.31'
    
        In [5]: socket.inet_ntoa(b'\xe2\x00\x00%')
        Out[5]: '226.0.0.37'

~~~
kiallmacinnes
Oh, wow.

I.. wow.

No words come to me!

Learn something new everyday!

------
knicholes
I wish there were more clarity in the point where your ISP sends the packet to
"your computer." The packet goes to your modem, which is plugged into some
network adapter (this is the network "device," right?). Then the network
adapter sends the signal to another network device? That doesn't make sense to
me. Certainly the network hardware receives the signal before the OS?

~~~
wyldfire
> The packet goes to your modem, which is plugged into some network adapter
> (this is the network "device," right?).

From the point of view of your OS' routing table, the "network device" is the
OS device that represents the local network device. Ms Evans cites three
examples; one's a real hardware WLAN device (likely connected to the system
via PCIe or USB-via-PCIe).

The "modem" you're referring to is probably your or your ISP's "cable modem"?
If so, the cable modem function of this device is (very nearly) transparent to
the IP layer and we can ignore it for the sake of the routing table. I believe
many/most of these modems function as a layer 2 bridge.

The sequence of events when packets arrive from the ISP is:

1\. packet is forwarded from ISP to your cable modem.

2\. cable modem receives the packet, sees that the destination address belongs
on "this side" of the bridge and forwards it.

3\. Computer's NIC ("network interface card") receives a packet, copies it
into memory and interrupts the processor.

4\. OS interrupt service routine handles the interrupt by posting a flag and
copying the incoming data to another buffer.

5\. OS' network stack realizes this packet is an IP packet and starts to
process it according to local rules (next layer up, etc).

...lots of details omitted from above for the sake of clarity, but I can add
more if you want. Slight variations of the above occur depending on the
specific deployment of router-vs-cable-modem-vs-DSL-vs-NIC-config etc.

~~~
knicholes
Ah, there it is! Okay, I know it's being pedantic, but the whole NIC aspect is
what I was looking for. Taking my OS theory class at 8am was a bad choice.
Thank you so much for the excellent explanation!

------
karmakaze
I recently tried using a computer set up with only an IPv6 stack to do some
websocket testing. Turned out that the websocket implementation in iOS version
of WebKit (including iOS 12 beta4) still has some issues. Also most of the
internet isn't connected. Ended up using 'show cached' from Google results a
lot.

------
betaby
I heavily recommend LARTC [http://test.richb-hanover.com/lartc-
redesign/](http://test.richb-hanover.com/lartc-redesign/) (looks like main
site is down at that moment)

------
dfsegoat
Every time I read an article or infographic by Julia Evans, I can't help but
feel a bit of excitement, because even after 15+ years of linux/programming
experience, I still learn something new every time.

I genuinely hope there are awards/accolades for people that bring this much
value to the linux/programming/computing community.

~~~
rconti
I love her style. She knows a lot, but is VERY open to being wrong or not
knowing things fully. That is to say, she's happy to say something that might
not be 100% correct but is the way she understands it, or to admit she only
knows 10% of this one thing. There's utterly zero arrogance but also there's
not really a lack of confidence. It's almost a childlike wonder/excitement
about things. In using that approach, it makes the reader appreciate the
subject as well, feel happy about the things they know in common with Julia,
feel happy about the things the reader knows that she doesn't know YET, and
also feel comfortable that "hey, here's somebody else who ALSO doesn't
understand this topic that well!" In every way, it's the exact opposite of
imposter syndrome, both for the writer and for the reader.

I think too many of us (at least, based on my own experience) don't feel like
we know enough to share with people. You both don't realize what you know that
others don't, but are also anxious about being wrong or presenting yourself as
an expert when you are not, for fear of ridicule or judgement or whatever.

She's such a great asset to the community.

------
cup-of-tea
I've forgotten so much about networking. I just haven't had any need to use
the knowledge since I learnt it in university. Back then I borrowed a copy of
Tanenbaum's _Computer Networks_ and it was great. I considered buying a copy
for my bookshelf recently but it's very expensive now.

It makes me sad because when I was younger I seemed to remember everything
forever. Now I realise there are large swathes that I've forgotten and most I
probably don't even know I've forgotten.

~~~
barking
The only consolation is that you'd likely pick it up a lot more quickly now if
you return to it.

~~~
scarecrowbob
Well, another consolation is that if you're forgetting it, you might not be
needing it... so it's not so bad to forget some things.

