From the Loopback interface, call Linuxer and Cisco NP/IE.
NA, NP, and IE will be exposed to the loopback interface all day long. during training, they will learn a lot about loopback from books, many review outlines have two full pages to summarize the role of the loopback interface.
Linuxer will also come into contact with this interface, but it is much more powerful than professional network management, and they will call it lo, with a few fewer syllables, but for English speaking, in fact, it is more laborious... in any case, there are indeed a few fewer letters in writing. This group knows much less about lo usage than professional NA/NP/IE. They generally think that lo is only used to test the availability of the protocol stack. In fact, after thinking about the explosive occupation of network management, there are not many opportunities for Linuxer. If you know the principles of IPVS, you may know that lo actually has a lot to do, but Linuxer doesn't need to take too many tests, not good at summing up the outline. Linuxer not only knows all the usage of lo, but can even understand its principle and its implementation, which is enough to satisfy all the NA/NP/IE users who look down on Linuxer.
If I say "ping address x with source" (there is an implicit thing in this sentence, that is, you need to initiate a loopback and configure the source that you want to bring, however, if you say this, it will become a layman ). You must think that I am a NA/NP/IE, because for Linuxer, there is no such statement as "with source", and it is not often used. Generally, it is directly pinged, no, it just blinks... if the source ping is enabled, the source is usually configured on the outbound Nic, and iproute2 is used to configure a route with src (which is short for source, even though not everyone knows this, many people do not know what a route with src is... it's a simple thing on Cisco. How is it so troublesome on the Linux side... for Linuxer, if you really need to use source ping, you can write it by yourself. Isn't it possible to get rid of any Ciscoer? Wait. How can I configure source on the lo port:
Ip a dev lo 1.2.3.4/32
Ip r a 4.3.2.1/32 via 172.17.176.1 src 1.2.3.4
...
Do you know what this is? If the address 1.2.3.4 is hidden behind the Linux BOX, the above configuration is sufficient to verify the connectivity between 1.2.3.4 and 4.3.2.1 from the Linux BOX to the destination 4.3.2.1. What if you set lo's address mask to 24 bits:
Ip a dev lo 1.2.3.4/24
In this case, the src parameter in a route with src can write any address in this segment, even if it is not configured with any interface on the local machine, such:
Ip r a 4.3.2.1/32 via 172.17.176.1 src 1.2.3.100
At this time, although 1.2.3.100 is not on the local machine, ping still works. Is this conclusion wonderful? In fact, it is not amazing to know the concept of IP routing and the implementation of Linux ICMP (no socket search is required! People without exact match know that, if you explain it in detail, will it achieve the explosive effect? Next, let's take a closer look at the implementation of the protocol stack!
Then there is Netfilter! Hash route table organization, Trie algorithm, burst! L2tpVPN, IPSec, six bursts (note that it has penetrated into the professional network management field ...)! High-speed routing board, LC... burst! Dijkstra shortest path, OSPF,... I will not mention NAT, OpenVPN, TCP, SSL ,...
Many people will have a Cisco/H3C router. Why is it so crazy? Do you know VPN? Do you understand SSL? Do you know the TCP window? It's nothing more than wandering in the IP layer, and the pace of a few clicks. We know that the content on the IP layer is much less to say, but the single point of view is basically very simple. Its Complexity lies in the fact that all nodes are incorporated together. Therefore, the complexity of IP addresses lies in topology planning, rather than standalone configuration. If you are a master, you must be able to grasp the essence of the topology under dynamic changes, rather than making a bunch of commands, it takes a long time to configure a source nat service. In fact, all the 80% attacks are ?, Help.
But wait. What do you say about Netfilter to professional network administrators? They don't understand. This is for sure, but what can they do? Netfilter is not exclusive. Anyone who is interested can be proficient in it, but not everyone can touch Cisco devices, even if you can, without those certificates, you do not have the right to enter the spectacular machine room to answer the question mark. Therefore, Cisco excludes itself. Therefore, people are not trying to fight for powerful and dazzling technologies, and others are showing off the trump card. Can someone enter the telecom data center? Can someone ask you a question mark in the data center? What about you? Anyway, I am afraid of the bloody test room. I have to stay away from it in my life, so if I finally take the test, I will leave it to the next level.