https://brainbit.uk/tags/networking/Recent content in Networking on BrainBit Latest ArticlesHugo -- gohugo.ioen-usWed, 23 Dec 2020 13:22:03 +0000https://brainbit.uk/posts/gcp-internal-lbs-how-dirty/Wed, 23 Dec 2020 13:22:03 +0000https://brainbit.uk/posts/gcp-internal-lbs-how-dirty/If you ever decide to tcpdump on a node behind an GCP internal Loadbalancer you will be surprised to see that the packets aren’t destined to the interface ip on your VM , the ip headers maintain the destination address of the load balancer , let me draw it: I have a normal NLB passing traffic to a instance group with a bunch of dnsmasq nodes , nothing out of the ordinary.https://brainbit.uk/posts/routing-to-namespaces/Tue, 06 Jun 2017 09:35:26 +0000https://brainbit.uk/posts/routing-to-namespaces/I was interested to know how a buffer (skb) is “routed” to a specific namespace or process . Simple as that , i want to know the mechanism in which userland tells the kernel to send data to a specific namespace /interface. So what i’ve found is that the kernel has a specific interface created around 2.4 that is specific for this use . AF_NETLINK , you might find it familiar to AF_UNIX or AF_INET , and it is cause it is built on top of bsd sockets architecture , so it uses methods such as bind() listen() accept() etc.https://brainbit.uk/posts/kubernetes-iptables-sharp/Tue, 30 May 2017 14:27:39 +0000https://brainbit.uk/posts/kubernetes-iptables-sharp/I wanted to do some digging about how services work within the nodes , that is how packets are forwarded from the outside , evil and relentless world to the container through bridges etc. So step 1 , find what port has the service bound to: port is 30235 , apparently , now let’s look into iptables inside the node. Notice that is doing a -j (jump) to another chain/extension , in this case KUBE-SVC-URRHIARQWDHNXJTWhttps://brainbit.uk/posts/tcpdump-inner-works-sharp/Thu, 24 Nov 2016 09:27:49 +0000https://brainbit.uk/posts/tcpdump-inner-works-sharp/I use tcpdump a lot , we all do , but if someone tells you to explain how it works what would you say? Well we know that tcpdump applies a number of rules (if told) to filter traffic before the kernel(iptables or similar) drops it , that’s why if you do something like tcpdump -i any dst port 21 and you start some connections against port 21 you will see traffic even tho you might not have port 21 bound by any process (some ftp server or what not).