Skip to content

Instantly share code, notes, and snippets.

@smarteist

smarteist/Net.md

Last active November 17, 2024 09:45
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save smarteist/86d821ab602f8398a30f213bd22f3295 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save smarteist/86d821ab602f8398a30f213bd22f3295 to your computer and use it in GitHub Desktop.
Download ZIP
Net basics
Raw
Net.md

N2N H2H A2A!

Data transformation in networking involves different layers of addressing and encapsulation, from MAC addresses for local communication, to IP addresses for routing across networks, and IP addresses plus port numbers for application-level communication.

Each state provides a specific level of abstraction and functionality to ensure data reaches its intended destination. Each packet contains three important pieces of information, including the source and destination MAC addresses, the source and destination IP addresses, and the source and destination Port numbers.

Node to Node (MAC)

The MAC address is a unique identifier assigned to each network interface card (NIC) in a device. When a packet is transmitted on a network, it is sent to the destination MAC address, which is determined using the ARP protocol. The MAC address is used to identify the specific device on the network that the packet is intended for.

Host to Host (IP)

The IP address is another important piece of information in a packet. The IP address is a logical address assigned to a device, and it is used to route packets across different networks. When a packet is transmitted on a network, it is sent to the destination IP address, which is used to identify the device on the network that the packet is intended for.

App to App (IP:Port)

In addition to the MAC and IP addresses, packets also contain port numbers. Port numbers are used to identify specific services or applications running on a device. For example, web traffic typically uses port 80 or 443, while email traffic typically uses port 25 or 587. The source and destination port numbers are used to determine which service or application the packet is intended for.

In summary, packets use the MAC address to identify the specific device on the network that the packet is intended for, the IP address to route the packet across different networks, and the Port numbers to identify the specific service or application that the packet is intended for on the destination device.

ARP

ARP (Address Resolution Protocol) is a protocol used to map a physical (MAC) address to a logical (IP) address on a local network. ARP operates at the data link layer.

When a host on a network wants to send a packet to another host, it first checks its ARP cache to see if it already has the MAC address of the destination host. If the MAC address is not found in the cache, the host sends an ARP request packet, which is broadcasted to all hosts on the local network.

The ARP request packet contains the IP address of the destination host and a request for its MAC address. When the destination host receives the ARP request, it responds with an ARP reply packet that contains its MAC address. The MAC address is then stored in the ARP cache of the requesting host, so that it can be used for future communication with that host.

ARP is important for communication on a local network because it allows hosts to communicate with each other using their physical (MAC) addresses, which are unique to each device. By mapping IP addresses to MAC addresses, ARP enables communication between devices on the same network segment.

However, ARP is vulnerable to attacks such as ARP spoofing, where an attacker sends fake ARP messages to redirect traffic to their own device. To mitigate this risk, there are various security measures that can be implemented, such as static ARP entries or ARP cache timeout settings.

IP and Subnet Mask

IPv4 in tcp/ip divided in two main portion

  • 1 Network portion
  • 2 Host portion

How to know which part of an 32bit ip is Net Portion and Host portion?

by using net mask! A net mask consists of 32bit series of 1s followed by a series of 0s!

Let's take the IP address 192.168.1.100 and netmask 255.255.255.0 (Or /24 which means # of 1s in netmask).

IP address (192.168.1.100) in binary form:

  • Octet 1: 11000000
  • Octet 2: 10101000
  • Octet 3: 00000001
  • Octet 4: 01100100

Netmask (255.255.255.0 or /24) in binary form:

  • Octet 1: 11111111
  • Octet 2: 11111111
  • Octet 3: 11111111
  • Octet 4: 00000000

Next, we combine the binary forms of the IP address and netmask using a bitwise AND operation.

This operation returns a binary number where each bit represents the result of the AND operation on the corresponding bits of the IP address and netmask.

IP address AND netmask:

  • Octet 1: 11000000 AND 11111111 = 11000000 ✓ Net portion
  • Octet 2: 10101000 AND 11111111 = 10101000 ✓ Net portion
  • Octet 3: 00000001 AND 11111111 = 00000001 ✓ Net portion
  • Octet 4: 01100100 AND 00000000 = 00000000 ✕ Host portion

The number of 1s in the net mask determines how many bits are used to identify the network portion of the IP address. For example, a net mask of 255.255.255.0 has 24 1s and 8 0s. This means that the first 24 bits of the IP address are used to identify the network portion, and the last 8 bits are used to identify the host portion.

So, with a netmask of 255.255.255.0, the first 24 bits of the IP address represent the network portion, and the last 8 bits represent the host portion. Any device on the same network with an IP address that shares the same first 24 bits (i.e., 192.168.1.x) can communicate directly with the device with IP address 192.168.1.100.

CIDR Notation

CIDR (Classless Inter-Domain Routing) notation is a method of specifying the size of a network and the associated netmask using a slash notation. In CIDR notation, the IP address is followed by a forward slash (/) and the number of bits in the netmask. For example, 192.168.1.0/24 means that the network address is 192.168.1.0, and the netmask is 255.255.255.0.

Here's an example of how CIDR notation works:

Let's say we have the IP address 192.168.1.0 and a netmask of 255.255.255.0. The netmask contains 24 consecutive 1 bits, followed by 8 consecutive 0 bits. We can represent this in CIDR notation as 192.168.1.0/24, which indicates that the network has 24 bits in the netmask. In CIDR notation, the number after the slash represents the number of bits in the netmask. The netmask can have any number of bits between 0 and 32 (for IPv4 addresses).

For example:

  • 10.0.0.0/8 has a netmask of 255.0.0.0, meaning the first 8 bits are used for the network and the remaining 24 bits are available for hosts.
  • 172.16.0.0/16 has a netmask of 255.255.0.0, meaning the first 16 bits are used for the network and the remaining 16 bits are available for hosts.
  • 192.168.1.0/24 has a netmask of 255.255.255.0, meaning the first 24 bits are used for the network and the remaining 8 bits are available for hosts.

CIDR notation allows for more flexible allocation of IP addresses and is commonly used in modern networking.

IP Classes

In the early days of the Internet, IP addresses were classified into five main classes:

A, B, and C and two reserved range D, E.

Each class was defined by the number of bits used to identify the network portion of the IP address.

The five classes defined as follows:

# IP Range Netmask Number of networks Number of hosts per network
Class.A 1.0.0.0 to 126.0.0.0 255.0.0.0 up to 126 up to 16,777,214
Class.B 128.0.0.0 to 191.255.0.0 255.255.0.0 up to 16,384 up to 65,534
Class.C 192.0.0.0 to 223.255.255.0 255.255.255.0 up to 2,097,152 up to 254
Class.D 224.0.0.0 to 239.255.255.255 Not applicable (multicast addresses) - -
Class.E 240.0.0.0 to 255.255.255.255 Netmask: Not applicable (experimental addresses) - -

Packet Routing

IP routing is the process of forwarding packets between different networks. When a packet is sent from one host to another, it is first sent to the default gateway (usually a router) on the local network. The router then checks the destination IP address of the packet and uses its routing table to determine the next hop, or the next router that the packet should be forwarded to in order to reach its final destination.

The routing table is a set of rules that the router uses to determine the path that the packet should take. It contains a list of network addresses and their associated next hops. When a packet arrives at the router, the router looks at the destination IP address and checks the routing table to see if it has a matching entry. If it does, the router forwards the packet to the next hop specified in the routing table. If there is no matching entry, the router discards the packet.

If the destination network is on a different subnet than the source network, the router forwards the packet to another router on the network that is connected to the destination network. This process continues until the packet reaches its final destination.

Routing protocols such as OSPF (Open Shortest Path First) and BGP (Border Gateway Protocol) are used to exchange routing information between routers in order to build and maintain accurate routing tables. These protocols ensure that the most efficient path is chosen for each packet, and that the network is able to adapt to changes in topology or network conditions.

ICMP and Ping!

ICMP (Internet Control Message Protocol) is a network protocol used for sending error messages and operational information about the status of the network. ICMP messages are typically generated by routers or other network devices when a problem is detected, and they are sent to the source device to notify it of the issue. ICMP messages are also used for network testing and troubleshooting, as they can be used to test the connectivity of network devices and diagnose network issues.

Ping is a utility that uses ICMP to test the reachability of a network device. When a ping command is executed, a series of ICMP echo request messages are sent to the destination device. If the destination device is reachable and functioning properly, it will respond with an ICMP echo reply message. The ping utility measures the round-trip time between sending the echo request and receiving the echo reply, and it reports this time to the user. The round-trip time can be used to determine the latency of the network connection to the destination device.

Ping is a useful tool for testing network connectivity and diagnosing network issues, as it can help to identify devices that are not responding or experiencing high latency. However, it is important to note that some devices or network configurations may be configured to block ICMP messages, which can result in false negatives when using ping. In addition, ping can also be used as a tool for malicious activities, such as denial-of-service (DoS) attacks, which can flood a network device with ICMP echo requests and cause it to become unresponsive.

Here's an example of how to ping 8.8.8.8 in Linux:

1 - Open a terminal window on your Linux machine.

2 - Type the following command:

ping 8.8.8.8

3 - Press Enter.

The ping command will send a series of ICMP echo requests to the IP address 8.8.8.8 and wait for a response. If the destination device is reachable and functioning properly, it will respond with an ICMP echo reply message. The ping utility will then display the round-trip time for each echo request and reply, along with some other statistics about the packet loss and network performance.

4 - The output of the ping command will look something like this:

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=3.00 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=56 time=2.99 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=56 time=3.01 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=56 time=2.99 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=56 time=3.00 ms

--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 2.996/3.000/3.009/0.009 ms

This output shows that the ping command successfully sent and received 5 ICMP echo requests and replies to the IP address 8.8.8.8, with an average round-trip time of 3.000 milliseconds.

Network interfaces on a Linux machine

ip addr show is a Linux command used to display information about the network interfaces on a Linux machine. It provides detailed information about each network interface, including the IP address, MAC address, and other network configuration settings.

To use the ip addr show command, open a terminal window on your Linux machine and type the following command:

ip addr show

This will display a list of all network interfaces on your machine, along with their corresponding IP addresses, MAC addresses, and other configuration details.

Here is an example output of the ip addr show command:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
   inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host 
      valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
   inet 192.168.0.10/24 brd 192.168.0.255 scope global dynamic enp0s3
      valid_lft 76356sec preferred_lft 76356sec
   inet6 fe80::d94a:bbba:257a:9d2f/64 scope link 
      valid_lft forever preferred_lft forever

This output shows two network interfaces, lo and enp0s3. The lo interface is the loopback interface, which is used to communicate with the local machine.

The enp0s3 interface is a physical Ethernet interface, which is connected to a network and has a dynamically assigned IP address of 192.168.0.10.

Assigning or changing IP address

To change the IP address of the enp0s3 interface in Linux, you can use the ip command along with the addr and add options.

Here's an example of how to change the IP address of the enp0s3 interface to 192.168.1.10:

Open a terminal window on your Linux machine.

Enter the following command to bring down the enp0s3 interface:

sudo ip link set enp0s3 down

Enter the following command to set the new IP address for the enp0s3 interface:

sudo ip addr add 192.168.1.10/24 dev enp0s3

This will set the IP address of the enp0s3 interface to 192.168.1.10 with a subnet mask of 255.255.255.0 (or /24 in CIDR notation).

Enter the following command to bring up the enp0s3 interface:

sudo ip link set enp0s3 up

This will bring the enp0s3 interface back up with the new IP address.

Once you have completed these steps, you can use the ip addr show command to verify that the new IP address has been assigned to the enp0s3 interface.

DHCP

Assigning ip manually can be painful in large networks, Dynamic Host Configuration Protocol (DHCP) is a network protocol used to automatically assign IP addresses and other network configuration settings to devices on a network. DHCP enables devices to join a network and obtain network configuration settings without requiring manual configuration by a network administrator.

DHCP can greatly simplify network administration by automating the process of assigning IP addresses and other network configuration settings to devices on the network.

DHCP works by using a DHCP server to assign IP addresses and other network settings to devices on the network. When a device connects to the network, it sends out a DHCP broadcast request to find a DHCP server. The DHCP server responds to the request by offering an IP address and other network configuration settings, such as the subnet mask, default gateway, and DNS servers. The device can then accept the offer and use the assigned IP address and network settings to communicate on the network.

DHCP can also be configured to assign IP addresses dynamically, meaning that the IP address assigned to a device can change over time. This is useful in situations where there are more devices on the network than there are available IP addresses. DHCP can also be configured to assign IP addresses statically, meaning that the IP address assigned to a device remains the same over time.

In addition to assigning IP addresses, DHCP can also be used to assign other network settings, such as domain name system (DNS) server addresses, network time protocol (NTP) server addresses, and network boot server addresses. While running a DHCP server is necessary for many networks, it's important to implement appropriate controls and procedures to ensure that the DHCP server is secure, reliable, and correctly configured.

Routing

Routing in Linux involves the process of directing network traffic between different networks or subnets. This is accomplished using routing tables that contain information on the available paths or routes to a destination network.

Here's an example of how routing works in Linux:

Suppose you have a Linux server with two network interfaces: eth0 and eth1. eth0 is connected to a network with IP address range 192.168.1.0/24, while eth1 is connected to a network with IP address range 192.168.2.0/24.

To enable routing between these two networks, you need to enable IP forwarding in Linux by modifying the sysctl configuration file as follows:

sysctl -w net.ipv4.ip_forward=1 && sysctl -p

This enables the Linux server to forward IP packets between the two networks.

Next, you need to configure the routing table to direct traffic between the two networks. You can do this by adding two routes to the routing table as follows:

ip route add 192.168.1.0/24 dev eth0)

Which means:

(Packet[DEST:192.168.1.0/24])----------->(eth0)

ip route add 192.168.2.0/24 dev eth1

Which means:

(Packet[DEST:192.168.2.0/24])----------->(eth1)

These commands add routes for the two networks, specifying the network address and the network interface to use for sending packets to that network.

Now, if a client on the 192.168.1.0/24 network wants to communicate with a server on the 192.168.2.0/24 network, the Linux server will receive the packet on eth0, look up the destination IP address in the routing table, and send the packet out on eth1 to reach the destination server.

Routing in Linux can be more complex with more networks and multiple routing tables, but the basic principles remain the same. By configuring routing tables correctly, you can ensure that network traffic is efficiently directed between different networks or subnets.

Linking routes

Suppose you have a Linux server with three network interfaces: eth0, eth1, and eth2. eth0 is connected to a network with IP address range 192.168.1.0/24, eth1 is connected to a network with IP address range 192.168.2.0/24, and eth2 is connected to a network with IP address range 10.0.0.0/24.

You want to configure the Linux server to route traffic between the 192.168.1.0/24 network and the 192.168.2.0/24 network, with the 10.0.0.0/24 network acting as a gateway between the two networks.

To do this, you can configure the routing tables as follows:

ip route add 192.168.1.0/24 dev eth0
ip route add 192.168.2.0/24 dev eth1
ip route add default via 10.0.0.1 dev eth2

The first two commands add routes for the two networks, specifying the network address and the network interface to use for sending packets to that network.

The third command adds a default route, specifying the gateway IP address (10.0.0.1) and the network interface to use (eth2) for sending packets to networks that are not listed in the routing table.

Now, when a client on the 192.168.1.0/24 network wants to communicate with a server on the 192.168.2.0/24 network, the Linux server will receive the packet on eth0, look up the destination IP address in the routing table, and find that it needs to forward the packet to the default gateway on eth2. The gateway will then forward the packet to the destination network on eth1.

Similarly, when a client on the 192.168.2.0/24 network wants to communicate with a server on the 192.168.1.0/24 network, the Linux server will receive the packet on eth1, look up the destination IP address in the routing table, and find that it needs to forward the packet to the default gateway on eth2. The gateway will then forward the packet to the destination network on eth0.

By configuring the routing tables in this way, you can enable routing between multiple networks and ensure that network traffic is efficiently directed to its destination.

NAT

NAT (Network Address Translation) is a technique used in computer networking to allow multiple devices on a local network to share a single public IP address for accessing the Internet. NAT works by modifying the source and/or destination IP addresses of packets as they pass through a router or firewall, so that they appear to come from a different IP address than the original source. This allows devices on the local network to communicate with the Internet using a single public IP address, which can help to conserve scarce IPv4 address space and simplify network management.

Netfilter is the built-in firewall in Linux that provides the functionality for performing NAT. By configuring the appropriate rules in the "nat" table and its associated chains, administrators can control how packets are translated between private and public IP addresses, which can help to improve network security, performance, and scalability.

SNAT and DNAT are two types of NAT used in Linux-based firewalls and routers to allow devices on private networks to communicate with devices on the Internet.

  • SNAT modifies the source IP address of packets to make them appear as if they are coming from a different IP address.

  • DNAT modifies the destination IP address of packets to make them appear as if they are being sent to a different IP address.

Net filter

Linux Netfilter is a framework that provides a set of hooks inside the Linux kernel's network stack, allowing various networking-related operations to be intercepted, inspected, and modified. The most commonly used component of Netfilter is the iptables command, which provides a user-space interface for configuring the Netfilter ruleset.

iptables is a command-line utility that allows you to create and modify Netfilter rules, which can be used to filter, block, or modify network traffic on a Linux system. iptables can be used for a variety of purposes, such as setting up a firewall, performing network address translation (NAT), or implementing Quality of Service (QoS) policies.

iptables operates on a set of rules that are organized into chains. A chain is a sequence of rules that are applied in order to incoming or outgoing network traffic. There are three built-in chains in iptables: INPUT, OUTPUT, and FORWARD. The INPUT chain applies to incoming traffic, the OUTPUT chain applies to outgoing traffic, and the FORWARD chain applies to traffic that is being forwarded through the system.

Each rule in an iptables chain specifies a set of conditions that must be met for the rule to match, as well as an action to take if the rule is matched. The conditions can be based on a variety of factors, such as the source or destination IP address, the protocol used, or the type of traffic.

Overall, Linux Netfilter and iptables provide a powerful and flexible set of tools for managing network traffic on a Linux system. However, they can be complex to configure and require a solid understanding of networking concepts and the Linux command line.

The seven Netfilter chains in Linux are:

  • PREROUTING: This chain is used to modify packets as soon as they arrive on a network interface but before any routing decisions have been made. This chain is often used for performing network address translation (NAT) or packet filtering.

  • INPUT: This chain is used for filtering packets that are destined for the local system. This chain is commonly used for implementing firewall rules to block unwanted traffic.

  • FORWARD: This chain is used for filtering packets that are being forwarded through the system. This chain is commonly used for implementing firewall rules on a router or gateway.

  • OUTPUT: This chain is used for filtering packets that are generated by the local system and are destined for a remote system. This chain is commonly used for implementing outbound firewall rules.

  • POSTROUTING: This chain is used to modify packets just before they are sent out on a network interface. This chain is commonly used for performing NAT.

  • PREROUTING, OUTPUT: This chain is used to perform packet mangling for packets generated by the local system and packets that are being forwarded through the system. This chain is rarely used and is mostly reserved for advanced packet mangling scenarios.

  • INVALID: This chain is used to handle packets that are invalid, such as packets with incorrect checksums or packets that are too short. This chain is used to prevent these packets from causing problems on the network.

In addition to these seven chains, the MASQUERADE action is a specific type of action that can be used in Netfilter's NAT functionality. When applied to a rule in the POSTROUTING chain, the MASQUERADE action modifies the source IP address of packets to match the IP address of the outgoing network interface.

By creating rules in these chains and applying the MASQUERADE action as necessary, administrators can implement a wide variety of network management policies, including traffic filtering, traffic shaping, network address translation, load balancing, and more. to list current ip table rules run command below:

iptables -S

Chain names are always specified in uppercase letters. This convention helps to distinguish chains from other elements in the command line, such as options, parameters, or targets. For example, the following command adds a rule to the "FORWARD" chain in the "filter" table:

iptables -t filter -A FORWARD -s 192.168.0.0/24 -j ACCEPT

In this command, "FORWARD" is written in uppercase letters to indicate that it is a chain name, while "filter" is written in lowercase letters to indicate that it is a table name. Similarly, the "-s" option specifies the source IP address or subnet, while the "-j" option specifies the target jump action (in this case, "ACCEPT" to allow the packet to pass through the firewall). By following this convention, Netfilter commands are easier to read and understand, and less prone to errors caused by typos or misinterpretation.

Let's prevent others to ping us!

iptables -t filter -A INPUT -p icmp -j DROP

  • "-t filter": This specifies the table that the rule should be added to. In this case, it is the "filter" table, which is the default table used for packet filtering.

  • "-A INPUT": This specifies the chain that the rule should be added to. In this case, it is the "INPUT" chain, which is responsible for filtering packets destined for the local system.

  • "-p icmp": This specifies the protocol that the rule should match. In this case, it is "icmp", which is the protocol used for sending and receiving diagnostic messages between network devices.

  • "-j DROP": This specifies the action that should be taken if the rule matches. In this case, it is "DROP", which means that any incoming ICMP packets should be dropped or discarded without any further processing.

So, the overall effect of this command is to add a rule to the "INPUT" chain of the "filter" table, which drops any incoming ICMP packets. This could be used, for example, to prevent a denial-of-service (DoS) attack that uses ICMP packets to flood the local system with network traffic.

Netfilter Tables

Netfilter consists of several tables, each with its own set of chains and rules, which determine how packets should be processed as they pass through the Linux kernel.

Here are the four main Netfilter tables:

  • filter: This is the default table used for packet filtering. It contains the INPUT, FORWARD, and OUTPUT chains, which determine how packets should be filtered based on their destination (INPUT), whether they are being forwarded to another host (FORWARD), or whether they are generated by the local system (OUTPUT). The filter table can be used to implement basic firewall rules, such as blocking or allowing incoming traffic on specific ports or from specific IP addresses.

  • nat: This table is used for network address translation (NAT), which allows packets to be modified as they pass through the firewall. It contains the PREROUTING, POSTROUTING, and OUTPUT chains, which determine how packets should be translated based on their source and destination IP addresses. The nat table can be used to implement port forwarding, load balancing, or other advanced NAT features.

  • mangle: This table is used for advanced packet manipulation. It contains the PREROUTING, INPUT, FORWARD, OUTPUT, and POSTROUTING chains, which can be used to modify various fields in the packet header, such as the IP TOS (Type of Service) field, the TTL (Time To Live) field, or the TCP MSS (Maximum Segment Size) value. The mangle table can be used to implement quality of service (QoS), traffic shaping, or other advanced packet processing features.

  • raw: This table is used for special packet processing that occurs before any other table. It contains the PREROUTING and OUTPUT chains, which can be used to bypass connection tracking or perform other low-level packet processing. The raw table is rarely used and is primarily intended for specialized applications.

Each of these tables contains a set of predefined chains, which determine how packets should be processed based on their characteristics. Each chain contains a set of rules, which specify the conditions that a packet must meet in order to be processed by that chain. Rules can specify various criteria, such as source and destination IP addresses, protocols, ports, and more. If a packet matches a rule in a chain, the associated target action is applied, which can be to ACCEPT, DROP, REJECT, LOG, or other actions.

By configuring rules in the appropriate tables and chains, administrators can control how packets are processed and filtered as they pass through the Linux kernel, allowing them to implement a wide range of network security and management policies.

QoS

QoS stands for Quality of Service, which is a set of technologies and mechanisms used in networking to provide a better user experience by prioritizing and managing network traffic according to specific requirements. QoS is important in ensuring that critical applications and services receive the necessary network resources they need to function properly, even in times of network congestion or high traffic.

The important aspects of QoS include:

  • Bandwidth: QoS allows administrators to allocate specific amounts of bandwidth to high-priority applications and services, ensuring that they have the necessary resources to function at optimal levels.

  • Latency: QoS can be used to reduce latency or delay for critical applications such as video conferencing or real-time voice communication, where even a few milliseconds of delay can significantly impact user experience.

  • Jitter: QoS can also help reduce jitter, which is the variation in delay between packets in a network stream. Jitter can cause audio and video distortions in real-time applications, and QoS can help minimize its effects.

  • Packet loss: QoS can mitigate the impact of packet loss, which can occur due to network congestion or other issues. QoS mechanisms can prioritize traffic and ensure that critical packets are delivered first, reducing the impact of lost packets.

  • Prioritization: QoS allows administrators to prioritize traffic based on the specific needs of the application or service. For example, real-time voice and video communications may be given higher priority than file transfers or email.

QoS is essential for ensuring that network resources are efficiently utilized, and critical applications and services receive the necessary resources to function properly. By implementing QoS mechanisms, network administrators can improve network performance, reduce latency and jitter, and ensure a better user experience for their users.

Linux Traffic Control:

This is a command-line tool that allows you to configure QoS on Linux systems. You can use tc to set up traffic shaping, prioritization, and other QoS mechanisms. To get QoS metrics using tc, you can use the tc -s qdisc command, which will display statistics for the configured QoS mechanisms.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment