techtrips

I recently seen a post on reddit in r/Wireguard about how 'AllowedIPs' worked in Wireguard, asking was it possible to build a dynamic, routed network with wireguard tunnels. The question interested me cos I'd never really thought about it properly. I tend to use Wireguard to VPN into my home or some VPS systems I have - all running Linux - from my phone or laptop. As part of this I use the "AllowedIPs" configuration option to add the routes I need on either end. But the "link layer" - such t...

In discussions with a friend recently a question came up about the best place in netfilter / legacy iptables to filter out spurious traffic to the local addresses on a router. To be specific the use case is a Linux device acting as a router, with certain services running locally on it we want to use iptables to prevent customers connecting to (BGP, SSH, SNMP or whatever). Question My friend maintained it was always preferable to have the rules to drop such traffic in the the prerouting chain ...

The 'brctl' utility from the bridge-utils package has been deprecated for some time, in favour of the 'bridge' command that comes as part of iproute2. How to use the commands to get information on Linux bridges is not as clear, so I'm jotting down some quick one liners, mostly to help me remember. NOTE: The '-br' on the 'ip' commands is for 'brief' output, they can be run without this to show more verbose information. You can use '-br' with all 'ip' commands, it's nothing to do with bridges. ...

The 'brctl' utility from the bridge-utils package has been deprecated for some time, in favour of the 'bridge' command that comes as part of iproute2. How to use the commands to get information on Linux bridges is not as clear, so I'm jotting down some quick one liners, mostly to help me remember. NOTE: The '-br' on the 'ip' commands is for 'brief' output, they can be run without this to show more verbose information. You can use '-br' with all 'ip' commands, it's nothing to do with bridges. ...

FRRouting is a fully-featured IP routing stack which runs on a variety of Unix-like operating systems. In this post I will show how to configure FRR on Linux to create L3 VPNs across a common IP underlay network. BGP EVPN is used between end hosts to distribute VRF routing tables and encapsulation information. VXLAN is used on the wire to encapsulate VRF traffic across a common IP network. BGP EVPN / VXLAN BGP EVPN signalled networks, with VXLAN transport, have become very popular in datace...