# nw

* [Mesh - 802.11s](#mesh---80211s)
* [Roaming - 802.11k/r/v](#roaming---80211krv)
* [Open Source Software for Routing](#open-source-software-for-routing)
* [BGP](#bgp)
  * [Private AS](#private-as)
* [Virtual networking modes](#virtual-networking-modes)
* [Tools for Windows](#tools-for-windows)
* [Tools for All platforms](#tools-for-all-platforms)
* [Router OSes](#router-oses)
* [NAT](#nat)
* [NAT Hairpin + DDNS](#nat-hairpin--ddns)
  * [Mikrotik](#mikrotik)
* [OSPF](#ospf)
  * [Mikrotik](#mikrotik-1)
* [MPLS](#mpls)
  * [Mikrotik](#mikrotik-2)
* [VPLS](#vpls)
  * [Mikrotik](#mikrotik-3)
  * [OpenBSD](#openbsd)
  * [Linux](#linux)
* [L7 filters](#l7-filters)
* [Subnet Helper](#subnet-helper)
* [MAC addresss <-> Vendor](#mac-addresss---vendor)
* [Tuning](#tuning)
* [TCP congestion control](#tcp-congestion-control)
  * [BBR](#bbr)
* [Introspectable tunnels to localhost](#introspectable-tunnels-to-localhost)
* [Load Balancing](#load-balancing)
* [Transparent Proxy](#transparent-proxy)
  * [mitmproxy](#mitmproxy)
  * [V2Ray - Go](#v2ray---go)
  * [redsocks - C](#redsocks---c)
  * [Tinyproxy - C](#tinyproxy---c)
  * [moproxy - Rust](#moproxy---rust)
  * [Any Proxy - Go](#any-proxy---go)
  * [avege - Go port of redsocks](#avege---go-port-of-redsocks)
* [NetFlow Software](#netflow-software)
  \*
* [Private](#private)
* [IPV6](#ipv6)
* [Guide](#guide)
* [Monitoring](#monitoring)
  * [mikrotik](#mikrotik-4)
  * [datadoghq](#datadoghq)

## Mesh - 802.11s

<https://en.wikipedia.org/wiki/IEEE\\_802.11s\\>
extends the IEEE 802.11 MAC standard

<https://en.wikipedia.org/wiki/Hybrid\\_Wireless\\_Mesh\\_Protocol\\>
Hybrid Wireless Mesh Protocol (HWMP) defined in IEEE 802.11s, is a basic routing protocol for a wireless mesh network.

## Roaming - 802.11k/r/v

<https://support.apple.com/en-us/HT202628>

* 802.11r - Fast Basic Service Set Transition (FT) to authenticate PSK/802.1X more quickly
* 802.11k - search APs; creating an optimized list of channels
* 802.11v - exchange network topology
  * BSS transition management + Disassociation Imminent => influence client roaming behavior by providing it the load information of nearby access points.
  * Directed Multicast Service (DMS): optimizes multicast
  * BSS Max Idle Service: how long to remain associated when no traffic

<https://www.adrian.idv.hk/2022-11-27-80211r/>

* needs both the AP and the station to support
* ESS = all BSSID(MAC) of same SSID
* mobility domain = subset of ESS that allows station to roam around
  * R0KH: controller as the PMK-R0 key holder
  * R1KH: APs as the PMK-R1 key holder
  * S0KH and S1KH, S for supplicant: station are the PMK-S0 key holder and PMK-S1 key holder

[openwrt.md](/openwrt/wireless.md#80211kvr)

## Open Source Software for Routing

<https://conference.apnic.net/\\_\\_data/assets/pdf\\_file/0020/50681/osr\\_apnic34\\_1346044930.pdf>

## BGP

<https://github.com/Exa-Networks/exabgp> implement SDN by transforming BGP messages into friendly plain text or JSON

<http://bird.network.cz/> <http://www.openbgpd.org/ftp.html>

<https://github.com/openstack/networking-bagpipe> BGP-based VPNs as a backend for Neutron

### Private AS

<https://tools.ietf.org/html/rfc6996#section-5>

* 64512 - 65534
* 4200000000 - 4294967294

## Virtual networking modes

<https://thenewstack.io/hackers-guide-kubernetes-networking/\\>
![](https://cdn.thenewstack.io/media/2017/02/7a021d86-virtual-networking-1024x380.png)

## Tools for Windows

Microsoft Message Analyzer: <https://www.microsoft.com/en-us/download/details.aspx?id=44226\\>
Microsoft Network Monitor(2010): <https://www.microsoft.com/en-us/download/details.aspx?id=4865\\>
BTest: <https://mikrotik.com/download/btest.exe\\>
Force socks: <https://www.socksproxychecker.com/sockscap.html>

## Tools for All platforms

Wireshark: <https://www.wireshark.org/download.html>

## Router OSes

<https://wiki.vyos.net/wiki/User\\_Guide\\>
<https://mikrotik.com/download\\>
<https://www.clearos.com/clearfoundation/software/clearos-7-community\\>
<https://docs.cumulusnetworks.com/display/ROH/Configuring+Cumulus+Quagga>

## NAT

<https://www.quora.com/What-is-a-full-cone-NAT>

<https://openwrt.org/docs/guide-user/network/integrating-openwrt-introduction>

<https://openwrt.org/docs/guide-user/network/switch\\_router\\_gateway\\_and\\_nat>

<https://oldwiki.archive.openwrt.org/doc/howto/port.forwarding>

## NAT Hairpin + DDNS

### Mikrotik

```
/ip firewall address-list
add address=192.168.88.0/24 comment=Management list=LANs
add address=10.0.0.0/8 comment=Lab list=LANs
add address=my.ddns.domain list=WANs
add address=192.168.1.0/24 list=WANs

/ip firewall nat
add action=dst-nat chain=dstnat dst-address-list=WANs dst-port=4430-4431 protocol=tcp to-addresses=192.168.88.19
```

ref: <https://forum.mikrotik.com/viewtopic.php?t=172380>

## OSPF

### Mikrotik

v6:

```
/routing ospf instance
set [ find default=yes ] redistribute-connected=as-type-1
/routing ospf network
add area=backbone network=192.168.1.0/24
```

v7: <https://help.mikrotik.com/docs/display/ROS/Moving+from+ROSv6+to+v7+with+examples>

```
/routing ospf instance
add disabled=no name=ospf-instance-1 redistribute=connected
/routing ospf interface-template
add area=ospf-area-1 disabled=no interfaces=br-wan
/routing ospf area
add area-id=192.168.99.0 disabled=no instance=ospf-instance-1 name=ospf-area-1
```

## MPLS

### Mikrotik

<https://wiki.mikrotik.com/wiki/Manual:MPLSVPLS\\>
Targeted LDP session is session that is established between two routers that are not direct neighbors.

<https://tools.ietf.org/html/rfc3031> Multiprotocol Label Switching Architecture <https://tools.ietf.org/html/rfc5036> / Obsoletes: 3036 LDP Specification

## VPLS

<https://en.wikipedia.org/wiki/Pseudo-wire>

### Mikrotik

<https://tools.ietf.org/html/rfc4761> VPLS Using BGP for Auto-Discovery and Signaling\
<https://tools.ietf.org/html/rfc4762> VPLS Using LDP Signaling\
<https://tools.ietf.org/html/rfc4447> (cisco-style Signaling)\
<https://tools.ietf.org/html/rfc4623> PWE3 Fragmentation and Reassembly

### OpenBSD

<https://github.com/rwestphal/openbsd-ldpd/wiki/VPLS-basic-test-setup> <https://github.com/openbsd/src/blob/master/usr.sbin/ldpd/l2vpn.c>

```
RFC4447:
- Section 6.2: control word negotiation
- Section 5.4.3: pseudowire status negotiation
- PWid group wildcard
```

### Linux

<https://github.com/rwestphal/quagga-ldpd/wiki/ldpd-basic-test-setup>

<https://lwn.net/Articles/730526/> <https://github.com/6WIND/iproute2/commits/master/ip/iplink\\_vpls.c> TODO：<https://tools.ietf.org/html/rfc4385> PWE3 Control Word for Use over an MPLS PSN （diff with 4623?）

<https://github.com/eqvinox/vpls-iproute2/commits/vpls>

<https://wiki.vyos.net/wiki/Proposed\\_enhancements>

## L7 filters

<http://l7-filter.sourceforge.net/protocols>

## Subnet Helper

<http://www.balticnetworkstraining.com/subnet-calculator/\\>
<http://www.mikrotik.com/img/netaddresses2.pdf> E.g.: .96-127/27: #2^5 .0-127/25: #2^7

## MAC addresss <-> Vendor

<http://aruljohn.com/mac.pl>

## Tuning

<https://fasterdata.es.net/assets/Papers-and-Publications/100G-Tuning-TechEx2016.tierney.pdf>

## TCP congestion control

<https://en.wikipedia.org/wiki/TCP\\_congestion\\_control#Algorithms>

### BBR

<https://www.ietf.org/proceedings/97/slides/slides-97-iccrg-bbr-congestion-control-02.pdf\\>
<http://www.thequilt.net/wp-content/uploads/BBR-TCP-Opportunities.pdf> <http://queue.acm.org/detail.cfm?id=3022184> <http://netdevconf.org/1.2/slides/oct5/04\\_Making\\_Linux\\_TCP\\_Fast\\_netdev\\_1.2\\_final.pdf>

## Introspectable tunnels to localhost

<https://github.com/inconshreveable/ngrok> <https://github.com/lovedboy/gortcp>

last update @ 2021 Oct : <https://github.com/ehang-io/nps>

* <https://ehang-io.github.io/nps/#/example?id=p2p%e6%9c%8d%e5%8a%a1>

  ./npc nat # p2p will not work if server/client both Symmetric Nat

  source /dev/stdin ehang-io/nps <<< "$(curl -fsSL <https://raw.githubusercontent.com/fzinfz/scripts/master/github--repo.sh>)" | grep linux | grep amd64

  openssl genrsa -out server.key 2048 openssl rsa -in server.key -outform PEM -pubout -out server.pem

<https://github.com/fatedier/frp> ( Jan 12 2020: p2p/xtcp under dev)

## Load Balancing

* [mwan](/nw/mwan.md)
* <https://wiki.koumbit.net/LoadBalancingService/SoftwareComparison>

  Reverse proxying (AKA Layer-7 switching) Varnish Cache Nginx Squid Apache mod\_proxy Relayd TCP connection redirection (AKA Layer-4 switching) IPVS, part of the LVS suite Ha-proxy Relayd

## Transparent Proxy

### mitmproxy

<https://docs.mitmproxy.org/stable/howto-transparent/>

### V2Ray - Go

<https://www.v2ray.com/chapter\\_02/protocols/dokodemo.html>

```
"inboundDetour": [ {
    "protocol": "dokodemo-door",
    "port": 20088,
    "settings": {
        "network": "tcp,udp",   // TPROXY required for UDP
        "timeout": 10,
        "followRedirect": true  // Linux support only
    }
} ],
```

### redsocks - C

<https://github.com/darkk/redsocks\\>
Linux/iptables, OpenBSD/pf and FreeBSD/ipfw are supported.

Use on Mac: <http://lucumr.pocoo.org/2013/1/6/osx-wifi-proxy/>

### Tinyproxy - C

<https://github.com/tinyproxy/tinyproxy>

### moproxy - Rust

<https://github.com/sorz/moproxy>

### Any Proxy - Go

<https://github.com/ryanchapman/go-any-proxy\\>
TCP CONNECTION

```
./any_proxy -l :7777 -p "proxy_ip:1080"
```

### avege - Go port of redsocks

<https://github.com/avege/avege>

## NetFlow Software

<https://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-netflow/networking\\_solutions\\_products\\_genericcontent0900aecd805ff72b.html>

###

* <https://www.linkedin.com/pulse/wtflow-you-really-still-paying-commercial-solutions-collect-cowart>

## Private

* RFC1918 private range for IPv4 networks
  * 10.0.0.0/8
  * 172.16.0.0/12： 172.16.0.0 - 172.31.255.255 255.240.0.0 qty:1048576
  * 192.168.0.0/16
* RFC4193 range for IPv6 networks (fd00/8).

## IPV6

<https://tunnelbroker.net/>

## Guide

<https://e.huawei.com/en/eblog/enterprise-networking/wifi6/What-the-difference-between-corporate-Wi-Fi-and-home-Wi-Fi>

## Monitoring

### mikrotik

dude server : <https://mikrotik.com/thedude>

### datadoghq

Network Device Monitoring | $7+/m : <https://www.datadoghq.com/pricing/?product=network-monitoring#network-monitoring>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://book.ferro.pro/nw.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.