structure updates

tech_docs/linux/vlans.md

@@ -0,0 +1,70 @@
+Handling VLANs in Linux is primarily done through the kernel's support for 802.1Q, the networking standard used for VLAN tagging. VLANs allow network traffic to be segmented into separate sub-networks while still being transmitted through the same physical network interface. This segmentation can improve security, manageability, and performance of networks.
+
+### Setting Up VLANs in Linux
+
+1. **Installing Necessary Tools**: To configure VLANs in Linux, you will need the `vlan` package, which includes the necessary utilities.
+
+   ```bash
+   sudo apt-get install vlan
+   ```
+
+   After installation, make sure that the `8021q` module is loaded into the kernel:
+
+   ```bash
+   sudo modprobe 8021q
+   ```
+
+2. **Creating VLAN Interfaces**: You can create VLAN interfaces using `vconfig` or the more modern `ip` command from the `iproute2` package.
+
+   Using `ip` command:
+
+   ```bash
+   sudo ip link add link eth0 name eth0.10 type vlan id 10
+   ```
+
+   This command creates a VLAN with ID 10 on the `eth0` interface, resulting in a new interface `eth0.10`.
+
+3. **Configuring IP Addresses**: Assign an IP address to the VLAN interface as you would with any other interface.
+
+   ```bash
+   sudo ip addr add 192.168.10.1/24 dev eth0.10
+   sudo ip link set eth0.10 up
+   ```
+
+4. **Routing and Further Configuration**: You can configure routing and firewall rules specific to this VLAN. For instance, setting up `iptables` to handle traffic flowing through `eth0.10` differently from other traffic.
+
+### Switching Traffic Between VLANs
+
+To "switch" traffic between VLANs on a Linux system, you essentially need to route traffic between these VLAN interfaces. This involves a few key steps:
+
+1. **Enable IP Forwarding**: To allow the Linux kernel to forward packets between interfaces (including VLAN interfaces), enable IP forwarding.
+
+   ```bash
+   echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
+   ```
+
+2. **Configure Routing (if necessary)**: If the VLANs need to communicate with each other, ensure that there are appropriate routing rules in place. This is typically handled automatically by the kernel if the VLAN interfaces are up and configured with IP addresses. However, you may need to add specific routes if there are complex network configurations or subnets involved.
+
+3. **Firewall Rules**: Using tools like `iptables` or `nftables`, manage the flow of traffic between VLANs. You can define rules that allow or block traffic based on VLAN ID, source IP, destination IP, and other parameters.
+
+   Example `iptables` rule to allow all traffic between VLAN 10 and VLAN 20:
+
+   ```bash
+   sudo iptables -A FORWARD -i eth0.10 -o eth0.20 -j ACCEPT
+   sudo iptables -A FORWARD -i eth0.20 -o eth0.10 -j ACCEPT
+   ```
+
+4. **Use of Bridge or Advanced Routing**: For more complex scenarios where packets need to be passed between different VLANs without routing, you can use a Linux bridge. This setup can mimic traditional hardware-based VLAN configurations where VLANs are used to segment a larger network without configuring IP routing between them.
+
+   ```bash
+   sudo ip link add name br0 type bridge
+   sudo ip link set eth0.10 master br0
+   sudo ip link set eth0.20 master br0
+   sudo ip link set br0 up
+   ```
+
+   This configuration effectively creates a bridge `br0` that connects VLAN 10 and VLAN 20, allowing direct communication between devices on these two VLANs.
+
+### Conclusion
+
+Linux handles VLANs quite efficiently, allowing for complex network configurations that are typically handled by dedicated networking hardware. Whether you are routing between VLANs or simply segregating network traffic, Linux provides the tools and capabilities to manage this effectively. As you move forward, consider integrating these configurations into network management scripts or using network management tools like Ansible for automation and consistency.