This article directory
When it comes to the network architecture of Linux, it is inseparable from the discussion. . . these things. These concepts are easy to confuse, but if you look carefully, you will find that the design of this Linux network architecture is actually very simple and clear.
1. Framework diagram
First of all, let's look at a picture: packet flow in Netfilter and General Networking. This picture comes from the official website of the netfilter project.
2. The network architecture is divided into three major blocks
- PDP
- netfilter
- Qdisc
| network architecture part name | The main function | illustrate |
|---|---|---|
| PDP | Packet Fast Forwarding Channel | The part circled by the green circle in the figure can be simply understood as the DPDK working in the kernel |
| Qdisc | flow control, QoS | The part circled in red in the figure works before the Linux TCP/IP protocol. Its main functions are traffic classification, speed limit, traffic shaping, disorder, delay, packet loss, simulation error, etc., which are bound to the network card. |
| Netfilter | The colored part in the figure points to the TCP/IP protocol stack, which is mainly used for IP packet processing, including filtering, redirection, discarding, modification and other functions, and can be used to build firewalls, NAT routing and other functions | Mainly by the so-called 5 tables and 4 chains, using the three-level structure of table/chain/rule, the messages entering and leaving the Linux TCP/IP protocol stack are processed everywhere in the TCP/IP protocol stack |
3. Network architecture ----- corresponding configuration tools ----- corresponding principles and concepts
| level | name | name | name |
| Linux architecture | PDP | Netfilter | Qdisc |
| Corresponding Linux commands and tools | iptables | iproute2, ip, tc | |
| Corresponding principles and concepts | Qdisc | tables: nat, mangle, raw, filter | |
| filter | chains: INPUT, OUTPUT, PREROUTING, POST ROUTING, FORWARD | ||
| class | rules&action: masquerade, accept, reject, drop, log, mark, redirect, snat, dnat | ||