Linux Networking and Troubleshooting
November 14th, 2018
Course Development Director in Content
This course will provide the prospective student with the fundamentals, tools, techniques and use case examples to configure, manage and troubleshoot Linux in a networking context. You will work with tools like nc, ss, tcpdump, wireshark and more to develop the experience to understand networking protocols, addressing, routing, and subnetting. By the end of this course, the student will feel comfortable in working with a large variety of networking tools and configurations to manage complex Linux networking implementations.
This is an introduction to the Linux Networking and Troubleshooting course.
About the Training Architect
Meet Michael Christian, the Linux Networking and Troubleshooting Training Architect
Using the Network Environment Interface Tools (ip, nmcli, and more)
Knowing were to find network configuration information is critical to being able to manage it. In this video, we will look at how to obtain network information such as the MAC address, the IP address and netmask, the gateway, DNS information, as well as the routing table. We'll need to build upon these networking concepts in the following lessons.
Basic Network Topology
In this lesson, we'll review basic network topology, and the the difference between switches and routers. It's important to understand these concepts as we move into deeper material around networking.
The OSI model is an abstraction of the communication layers network traffic must pass through. Understanding this model deepens our understanding of how network communication takes places, and becomes especially valuable in troubleshooting. In this lesson we discuss each layer of the OSI model, and give both conceptual and practical examples.
Anatomy of an IP Address
Knowing how IP addresses are constructed gives us additional context and understanding when working with them. In this lesson, we break down the components of an IP address for both IPv4 and IPv6. We also discuss subnets, classful networking, as well as CIDR.
In this lesson, we talk about routing and routing tables, and how they faciliate network communication by looking at an example routing table.
Address Resolution Protocol (ARP)
RP (Address Resolution Protocol) is the mapping of IP addresses to MAC addresses. This is necessary for the end-to-end delivery of data on the network. In this lesson, we examine ARP and the ARP table.
DNS translates hostnames into IP addresses. In this lesson we discuss DNS, and spend some time looking at the DNS query itself and the heirarchy of resolution it follows.
TCP and the Basic Handshake
An overall understanding of what takes place during a TCP handshake is fundamental to a well rounded understanding of networking in general. In this lesson, we will discuss how that handshake takes place and where the different aspects of it come into play.
In this lesson, we put together what we've learned from the previous lessons beginning with a brief review of the connection sequence and moving into several wireshark examples.
VPN is an important network component in most corporate networks, and understanding how it works and it's purpose is necessary to having an understanding of Linux networking. In this lesson, we take a conceptual look at VPN, the function it provides, and a couple of use cases. By the end of the lesson, you should be familiar with the role of VPN.
Machine Level Configuration
Static IP versus DHCP
When putting a device on the network, we must determine if the device should use a static or dynamic address. In this lesson we'll assess the differences between using dynamic vs. static IPs, walk through configuring both, and look at the DHCP request sequence.
Multiple IP Addresses
As a system administrator, you may be required to serve mulitple IP addresses from the same host. In this lesson, we look at how to accomplish this, and configure multiple IP addresses on the same network interface.
NIC Bonding and Teaming
In this lesson, we discuss the differences between bonding and teaming, and look at examples of both.
Understanding static routing is helpful when troubleshooting connectivity to specific subnets not reachable by the default gateway. In this lesson, we look at various ways to break routing using static routes for the purpose if illustrating how static routing can resolve connectivity.
In this lesson we revisit the routing tables, static routes, and discuss how to troubleshooting routing issues. Routing issues tend to come up when addign or removing equipment from the nextwork, and when things break. Knowing how to troubleshooting and resolve routing issues is an essential skill in Linux networking.
Domain Name Service (DNS)
Local Name Resolution
In this lesson, we look at what it takes to resolve locally using the /etc/nsswitch.conf file as well as /etc/hosts. Understanding the ordering in nsswitch.conf is necessary to troublshoot host resolution issues. Additionally, being able to map an IP to a hostname locally can be beneficial when troubleshooting and testing.
In this lesson, we create a couple of non-recursive nameservers for the domain example.com, and set up a client to use the secondary DNS host for it's lookup queries. While not a secure configuration, this gives you an understanding of the moving pieces when it comes to a DNS infrastructure.
DNS issues often come up when facing connectivity problems. In this lesson, you will learn how to troubleshoot local client issues, verify connectivity to the DNS host, and perform zone verification for authoritative responses.
Administrator Services and Tools
The proper implementation of firewalls is a critical component of a secure infrastructure. In this lesson, we look at what a firewall is and the engine behind it. THen we'll examine a firewall in action, from the client and host perspective, using tcpdump and wireshark.
Iptables is the backbone of the Linux firewall. In this lesson we look at the interaction between netfilter and iptables, connection tracking, and the tables and chains used by iptables for managing network interaction.
In this lesson we examine zones, services, and ipsets. These provide the building blocks for some unique solutions when designing a firewall in a manner that remains both easy to read and understand. Firewalls built this way are also easy to troubleshoot. We'll look at examples of each, and then tie them together in a demonstrative use case.
Troubleshooting the Firewall
The firewall is often to blame when facing connectivity problems. In this lesson, you will learn how to troubleshoot the local firewall, verify listening services, and verify connectivity from the client. This lesson provides a foundation for troubleshooting iptables and firewalld using simple examples.
Being able to test connectivity between systems is one of the most important functions of a systems administrator. In this lesson, we review the OSI model as an order of operations when it comes to connection testing. We assess a broken system, and we review tools such as telnet, nc, and tcpdump to perform connection testing.
Being able to perform a packet capture of specific traffic as a means of providing network performance evidence or to facilitate troubleshooting is a valuable skill. In this lesson we discuss capture and display filters, create a packet capture, and review it in Wireshark.
Advanced Use Cases
Port Forwarding Explained
Port forwarding, or port mapping, uses NAT to redirect communication from one port to another port or host, and gives us a lot of options when configuring and testing a system. In this lesson we'll examine an academic port-forwarding use case, and review the architecture involved.
Port Forwarding Examples
In this lesson, we'll look at specific examples of local port redirecting, as well as port forwarding between hosts within our designated use case. Understanding how to perform local and remote port forwarding gives us options when working within different network constraints.
Explaining the SSH Tunnel
With use cases similar to port forwarding, SSH tunnels are useful tool for troubleshooting and providing connectivity. In this lesson, we examine the three types of SSH tunnel, and discuss some used cases.
Creating an SSH Tunnel
Expanding on our knowledge of SSH tunnels, in this lesson we walkthrough, create, and test each of the three types of SSH tunnel for our hypothetical use cases.
Proxy Servers Explained
In this lesson we take a look at proxy servers and their basic purpose. Proxy servers can be used for a number of use cases from blocking traffic to circumventing firewalls.
Setting up Squid
In this lesson, we install and configure squid. Squid permits us to block traffic to specific websites, as well as limited bandwidth to IPs, sites, and subnets.
Load Balancing Explained
Load balancing is a mechanism used to distribute requests to a back end cluster of resources. In this lesson, we look at load balancing as a concept, the basic parameters used to configure a load balancer, and a few of the difference between NGINX and HAProxy.
Load Balancing with HAProxy
In this lesson, we move from the conceptual purpose and use case of a load balancer, to an example using HAProxy. HAProxy is a popular, free, load balancer that's easily installed and configured. By the end of this lesson, you will be familiar with the minimal configuration necessary to implement HAProxy as a web workload load balancer.
Load Balancing with NGINX
In this lesson, we look at the configuration needed to use NGINX as a basic load balancer. NGINX is a great light-weight web and applicaiton server, and the ability to leverage it as a load balancer makes it a swiss army knife for web workload management. By the end of this lesson, you will be familiar with the minimal configuration necessary to use NGINX as a basic http load balancer.
Setting up OpenVPN Part 1
In this lesson, we take a deeper look at VPNs by installing and configuring our own. In this first half, we will configured the VPN server itself, and walk through the configuration options.
Setting up OpenVPN Part 2
In part two of this lesson, we configure the client to use our newly configured VPN. We've created the bare scaffolding of a VPN, so we'll need to add a static route to make use of the new virtual interface provided by the client.
IDS is an important network security component, and understanding the role of an IDS is important to properly leveraging it in your environment. iN this lesson, we'll define what an IDS is, talk a little bit about an IPS, and discuss using Snort as an IDS.
Using Snort as an IDS
Snort is a free an open source IPS that can be used for packet sniffing, packet logging, or as an IPS. In this lesson, we look at whats required when installing snort as an IDS, and write a couple of custom rules for visibility into certain traffic patterns.
Congradulations! You've made it through the Linux Networking and Troubleshooting Deep Dive. Now, you've got a head start on some aditional certification courses that I'll talk about in this video.