farcaller on Nostr: One of my blog readers asks: "What I find really complicated is to really get into ...
One of my blog readers asks: "What I find really complicated is to really get into the network specifics like firewalls, routing, vlans" and looks for an advice on how to get started.
I think the best way to get into the networking tech is to figure how to make use of it in daily life. So let's unwrap this layer by layer.
You have a home LAN/homelab. There are different types of devices, e.g. your smartphone on the wifi, your guests' phones, your google home, your TV. What will it take to isolate them for extra security? You can start looking into VLANs (if you want to just try sending packets around https://gns3.com/ would be a good start). You still want this to be practical, so you set up the VLANs on your router, you set up different DHCP servers for every LAN, you maybe set up a dedicated VLAN for shared services like your pihole DNS. You figure out how to send your individual wifi clients to separate VLANs.
Now your local network is multiple networks (also horray, you're officially doing routing too, now). How to make it better? Firewall! Figure which packets flow where and how to stop them. You can do it on a linux box, you can do it with a routeros or IOS VM. Or OpenBSD. Whatever you find more fun. Figure how to monitor the traffic: wireshark, yeah, but how do you sniff from the router? See if you can set up netflow collections (https://elastiflow.com/ could be a free option) to log the traffic.
Congrats, now your thinking with portals^W traffic flows.
What's next? Fun routing. If you have a k8s cluster, try using a CNI that does "native routing". With cilium you could peer several clusters over BGP so that pods from one cluster could talk to another. Less practical here, more of a homelab stuff, but you hardly need a functioning BGP at home (unless you're doing crazy shit with assigning public IPv6 addresses to your smart power plugs, and even then).
How do you learn all that though? Now, this is a tough question. I don't remember how I learned it. It seems that I just knew the keywords and then I used google and worked up my notes. There are CCNA-prep courses on udemy which give you the basics of a whole bunch of networking things. I think the crucial bit, though, is to do three things:
1) find use cases for a tech you want to learn
2) implement them and learn from that
3) when it breaks, reevaluate and learn more.
I think the best way to get into the networking tech is to figure how to make use of it in daily life. So let's unwrap this layer by layer.
You have a home LAN/homelab. There are different types of devices, e.g. your smartphone on the wifi, your guests' phones, your google home, your TV. What will it take to isolate them for extra security? You can start looking into VLANs (if you want to just try sending packets around https://gns3.com/ would be a good start). You still want this to be practical, so you set up the VLANs on your router, you set up different DHCP servers for every LAN, you maybe set up a dedicated VLAN for shared services like your pihole DNS. You figure out how to send your individual wifi clients to separate VLANs.
Now your local network is multiple networks (also horray, you're officially doing routing too, now). How to make it better? Firewall! Figure which packets flow where and how to stop them. You can do it on a linux box, you can do it with a routeros or IOS VM. Or OpenBSD. Whatever you find more fun. Figure how to monitor the traffic: wireshark, yeah, but how do you sniff from the router? See if you can set up netflow collections (https://elastiflow.com/ could be a free option) to log the traffic.
Congrats, now your thinking with portals^W traffic flows.
What's next? Fun routing. If you have a k8s cluster, try using a CNI that does "native routing". With cilium you could peer several clusters over BGP so that pods from one cluster could talk to another. Less practical here, more of a homelab stuff, but you hardly need a functioning BGP at home (unless you're doing crazy shit with assigning public IPv6 addresses to your smart power plugs, and even then).
How do you learn all that though? Now, this is a tough question. I don't remember how I learned it. It seems that I just knew the keywords and then I used google and worked up my notes. There are CCNA-prep courses on udemy which give you the basics of a whole bunch of networking things. I think the crucial bit, though, is to do three things:
1) find use cases for a tech you want to learn
2) implement them and learn from that
3) when it breaks, reevaluate and learn more.