Nyob zoo. Qhov no txhais tau tias muaj lub network ntawm 5k cov neeg siv khoom. Tsis ntev los no lub sijhawm tsis zoo siab tuaj txog - hauv nruab nrab ntawm lub network peb muaj Brocade RX8 thiab nws pib xa ntau cov pob ntawv tsis paub-unicast, txij li lub network tau muab faib ua vlans - qhov no yog qee qhov tsis muaj teeb meem, TAB SIS muaj. tshwj xeeb vlans rau chaw nyob dawb, thiab lwm yam. thiab lawv tau stretched nyob rau hauv tag nrho cov lus qhia ntawm lub network. Yog li tam sim no xav txog qhov kev nkag mus rau qhov chaw nyob ntawm tus neeg siv khoom uas tsis tau kawm raws li tub ntxhais kawm ciam teb thiab qhov no ntws mus rau hauv xov tooj cua txuas mus rau qee (lossis tag nrho) lub zos - channel raug kaw - cov neeg siv khoom npau taws - kev tu siab ...
Lub hom phiaj yog tig ib kab laum mus rau hauv ib qho feature. Kuv tau xav nyob rau hauv cov kev taw qhia ntawm q-in-q nrog ib tug tag nrho-fledged neeg vlan, tab sis txhua yam ntawm kho vajtse zoo li P3310, thaum dot1q enabled, nres cia DHCP los ntawm, lawv kuj tsis paub yuav ua li cas xaiv qinq thiab ntau. pitfalls zoo li ntawd. ip-unnambered yog dab tsi thiab nws ua haujlwm li cas? Luv luv heev: qhov chaw nyob qhov rooj + txoj hauv kev ntawm lub interface. Rau peb txoj haujlwm, peb yuav tsum: txiav cov shaper, faib chaw nyob rau cov neeg siv khoom, ntxiv txoj hauv kev rau cov neeg siv khoom los ntawm qee qhov cuam tshuam. Yuav ua li cas tag nrho cov no? Shaper - lisg, dhcp - db2dhcp ntawm ob lub servers ywj siab, dhcprelay khiav ntawm cov servers nkag, ucarp kuj tseem khiav ntawm cov servers nkag - rau thaub qab. Tab sis yuav ua li cas ntxiv txoj kev? Koj tuaj yeem ntxiv txhua yam ua ntej nrog tsab ntawv loj - tab sis qhov no tsis muaj tseeb. Yog li peb yuav ua tus kheej sau tus ntoo khaub lig.
Tom qab kev tshawb fawb zoo hauv Is Taws Nem, Kuv pom lub tsev qiv ntawv qib siab zoo rau C ++, uas tso cai rau koj kom hnov cov tsheb khiav zoo nkauj. Lub algorithm rau qhov kev pab cuam uas ntxiv txoj kev yog raws li nram no - peb mloog arp thov ntawm lub interface, yog hais tias peb muaj ib qhov chaw nyob ntawm lo interface ntawm tus neeg rau zaub mov uas tau thov, ces peb ntxiv ib txoj kev los ntawm no interface thiab ntxiv ib tug zoo li qub arp. sau rau qhov ip no - feem ntau, ob peb daim ntawv luam-pastes, me ntsis adjective thiab koj ua tiav
Qhov chaw ntawm 'router'
#include <stdio.h>
#include <sys/types.h>
#include <ifaddrs.h>
#include <netinet/in.h>
#include <string.h>
#include <arpa/inet.h>
#include <tins/tins.h>
#include <map>
#include <iostream>
#include <functional>
#include <sstream>
using std::cout;
using std::endl;
using std::map;
using std::bind;
using std::string;
using std::stringstream;
using namespace Tins;
class arp_monitor {
public:
void run(Sniffer &sniffer);
void reroute();
void makegws();
string iface;
map <string, string> gws;
private:
bool callback(const PDU &pdu);
map <string, string> route_map;
map <string, string> mac_map;
map <IPv4Address, HWAddress<6>> addresses;
};
void arp_monitor::makegws() {
struct ifaddrs *ifAddrStruct = NULL;
struct ifaddrs *ifa = NULL;
void *tmpAddrPtr = NULL;
gws.clear();
getifaddrs(&ifAddrStruct);
for (ifa = ifAddrStruct; ifa != NULL; ifa = ifa->ifa_next) {
if (!ifa->ifa_addr) {
continue;
}
string ifName = ifa->ifa_name;
if (ifName == "lo") {
char addressBuffer[INET_ADDRSTRLEN];
if (ifa->ifa_addr->sa_family == AF_INET) { // check it is IP4
// is a valid IP4 Address
tmpAddrPtr = &((struct sockaddr_in *) ifa->ifa_addr)->sin_addr;
inet_ntop(AF_INET, tmpAddrPtr, addressBuffer, INET_ADDRSTRLEN);
} else if (ifa->ifa_addr->sa_family == AF_INET6) { // check it is IP6
// is a valid IP6 Address
tmpAddrPtr = &((struct sockaddr_in6 *) ifa->ifa_addr)->sin6_addr;
inet_ntop(AF_INET6, tmpAddrPtr, addressBuffer, INET6_ADDRSTRLEN);
} else {
continue;
}
gws[addressBuffer] = addressBuffer;
cout << "GW " << addressBuffer << " is added" << endl;
}
}
if (ifAddrStruct != NULL) freeifaddrs(ifAddrStruct);
}
void arp_monitor::run(Sniffer &sniffer) {
cout << "RUNNED" << endl;
sniffer.sniff_loop(
bind(
&arp_monitor::callback,
this,
std::placeholders::_1
)
);
}
void arp_monitor::reroute() {
cout << "REROUTING" << endl;
map<string, string>::iterator it;
for ( it = route_map.begin(); it != route_map.end(); it++ ) {
if (this->gws.count(it->second) && !this->gws.count(it->second)) {
string cmd = "ip route replace ";
cmd += it->first;
cmd += " dev " + this->iface;
cmd += " src " + it->second;
cmd += " proto static";
cout << cmd << std::endl;
cout << "REROUTE " << it->first << " SRC " << it->second << endl;
system(cmd.c_str());
cmd = "arp -s ";
cmd += it->first;
cmd += " ";
cmd += mac_map[it->first];
cout << cmd << endl;
system(cmd.c_str());
}
}
for ( it = gws.begin(); it != gws.end(); it++ ) {
string cmd = "arping -U -s ";
cmd += it->first;
cmd += " -I ";
cmd += this->iface;
cmd += " -b -c 1 ";
cmd += it->first;
system(cmd.c_str());
}
cout << "REROUTED" << endl;
}
bool arp_monitor::callback(const PDU &pdu) {
// Retrieve the ARP layer
const ARP &arp = pdu.rfind_pdu<ARP>();
if (arp.opcode() == ARP::REQUEST) {
string target = arp.target_ip_addr().to_string();
string sender = arp.sender_ip_addr().to_string();
this->route_map[sender] = target;
this->mac_map[sender] = arp.sender_hw_addr().to_string();
cout << "save sender " << sender << ":" << this->mac_map[sender] << " want taregt " << target << endl;
if (this->gws.count(target) && !this->gws.count(sender)) {
string cmd = "ip route replace ";
cmd += sender;
cmd += " dev " + this->iface;
cmd += " src " + target;
cmd += " proto static";
// cout << cmd << std::endl;
/* cout << "ARP REQUEST FROM " << arp.sender_ip_addr()
<< " for address " << arp.target_ip_addr()
<< " sender hw address " << arp.sender_hw_addr() << std::endl
<< " run cmd: " << cmd << endl;*/
system(cmd.c_str());
cmd = "arp -s ";
cmd += arp.sender_ip_addr().to_string();
cmd += " ";
cmd += arp.sender_hw_addr().to_string();
cout << cmd << endl;
system(cmd.c_str());
}
}
return true;
}
arp_monitor monitor;
void reroute(int signum) {
monitor.makegws();
monitor.reroute();
}
int main(int argc, char *argv[]) {
string test;
cout << sizeof(string) << endl;
if (argc != 2) {
cout << "Usage: " << *argv << " <interface>" << endl;
return 1;
}
signal(SIGHUP, reroute);
monitor.iface = argv[1];
// Sniffer configuration
SnifferConfiguration config;
config.set_promisc_mode(true);
config.set_filter("arp");
monitor.makegws();
try {
// Sniff on the provided interface in promiscuous mode
Sniffer sniffer(argv[1], config);
// Only capture arp packets
monitor.run(sniffer);
}
catch (std::exception &ex) {
std::cerr << "Error: " << ex.what() << std::endl;
}
}libtins installation tsab ntawv
#!/bin/bash
git clone https://github.com/mfontanini/libtins.git
cd libtins
mkdir build
cd build
cmake ../
make
make install
ldconfig
Hais kom tsim binary
g++ main.cpp -o arp-rt -O3 -std=c++11 -lpthread -ltinsYuav ua li cas tso nws?
start-stop-daemon --start --exec /opt/ipoe/arp-routes/arp-rt -b -m -p /opt/ipoe/arp-routes/daemons/eth0.800.pid -- eth0.800
Yog - nws yuav rov tsim kho cov ntxhuav raws li HUP teeb liab. Vim li cas koj ho tsis siv netlink? Nws tsuas yog tub nkeeg thiab Linux yog ib tsab ntawv ntawm tsab ntawv - yog li txhua yam zoo. Zoo, txoj kev yog txoj kev, dab tsi yog tom ntej? Tom ntej no, peb yuav tsum tau xa cov kev uas nyob rau ntawm lub server no mus rau ciam teb - ntawm no, vim yog tib yam khoom siv tsis tu ncua, peb tau coj txoj hauv kev ntawm qhov kev tawm tsam tsawg kawg - peb muab txoj haujlwm no rau BGP.
bgp kevhostname *******
password *******
log file /var/log/bgp.log
!
# AS tus lej, chaw nyob thiab network yog qhov tseeb
router bgp 12345
bgp router-id 1.2.3.4
redistribute txuas
redistribute static
neeg zej zog 1.2.3.1 chaw taws teeb-as 12345
nyob ze 1.2.3.1 tom ntej-hop-tus kheej
neeg zej zog 1.2.3.1 route-daim ntawv qhia tsis muaj nyob rau hauv
neeg zej zog 1.2.3.1 txoj kev-map export tawm
!
nkag-daim ntawv tso cai export 1.2.3.0/24
!
txoj kev-map export daim ntawv tso cai 10
match ip chaw nyob export
!
route-map export tsis kam 20
Cia peb mus ntxiv. Txhawm rau kom tus neeg rau zaub mov teb cov lus thov arp, koj yuav tsum qhib lub npe arp.
echo 1 > /proc/sys/net/ipv4/conf/eth0.800/proxy_arp
Cia peb mus - ucarp. Peb sau cov ntawv tso tawm rau qhov txuj ci tseem ceeb no peb tus kheej.
Piv txwv ntawm khiav ib daemon
start-stop-daemon --start --exec /usr/sbin/ucarp -b -m -p /opt/ipoe/ucarp-gen2/daemons/$iface.$vhid.$virtualaddr.pid -- --interface=eth0.800 --srcip=1.2.3.4 --vhid=1 --pass=carpasword --addr=10.10.10.1 --upscript=/opt/ipoe/ucarp-gen2/up.sh --downscript=/opt/ipoe/ucarp-gen2/down.sh -z -k 10 -P --xparam="10.10.10.0/24"
up.sh
#!/bin/bash
iface=$1
addr=$2
gw=$3
vlan=`echo $1 | sed "s/eth0.//"`
ip ad ad $addr/32 dev lo
ip ro add blackhole $gw
echo 1 > /proc/sys/net/ipv4/conf/$iface/proxy_arp
killall -9 dhcrelay
/etc/init.d/dhcrelay zap
/etc/init.d/dhcrelay start
killall -HUP arp-rt
nqes.sh
#!/bin/bash
iface=$1
addr=$2
gw=$3
ip ad d $addr/32 dev lo
ip ro de blackhole $gw
echo 0 > /proc/sys/net/ipv4/conf/$iface/proxy_arp
killall -9 dhcrelay
/etc/init.d/dhcrelay zap
/etc/init.d/dhcrelay start
Rau dhcprelay ua haujlwm ntawm qhov interface, nws xav tau qhov chaw nyob. Yog li ntawd, ntawm cov interfaces uas peb siv peb yuav ntxiv cov chaw nyob sab laug - piv txwv li 10.255.255.1/32, 10.255.255.2/32, thiab lwm yam. Kuv yuav tsis qhia koj yuav ua li cas rau configure relay - txhua yam yog yooj yim.
Yog li peb muaj dab tsi? Thaub qab ntawm rooj vag, nws pib-kev teeb tsa ntawm txoj kev, dhcp. Qhov no yog qhov tsawg kawg nkaus teeb - lisg kuj qhwv txhua yam nyob ib ncig ntawm nws thiab peb twb muaj ib tug shaper. Vim li cas txhua yam thiaj li ntev thiab tsis meej pem? Nws tsis yooj yim dua rau kev siv accel-pppd thiab siv pppoe tag nrho? Tsis yog, nws tsis yooj yim dua - tib neeg tsis tuaj yeem haum lub patchcord rau hauv lub router, tsis hais txog pppoe. accel-ppp yog qhov txias - tab sis nws tsis ua haujlwm rau peb - muaj ntau qhov yuam kev hauv txoj cai - nws tawg, nws txiav crookedly, thiab qhov saddest tshaj plaws yog tias nws ci ntsa iab - ces tib neeg yuav tsum tau rov qab. txhua yam - cov xov tooj yog liab - nws tsis ua hauj lwm kiag li. Dab tsi yog qhov zoo ntawm kev siv ucarp ntau dua li khaws cia? Yog lawm, hauv txhua yam - muaj 100 lub rooj vag, khaws cia thiab ib qho yuam kev hauv kev teeb tsa - txhua yam tsis ua haujlwm. 1 lub rooj vag tsis ua haujlwm nrog ucarp. Hais txog kev ruaj ntseg, lawv hais tias cov laug yuav sau npe chaw nyob rau lawv tus kheej thiab siv lawv ntawm kev sib koom - los tswj lub sijhawm no, peb teeb tsa dhcp-snooping + qhov chaw-tus neeg saib xyuas + arp tshuaj xyuas ntawm txhua lub keyboards / olts / bases. Yog tias tus neeg siv khoom tsis muaj dhpc tab sis zoo li qub - acces-list ntawm qhov chaw nres nkoj.
Vim li cas txhua qhov no ua tiav? Txhawm rau rhuav tshem cov tsheb tsis xav tau. Tam sim no txhua qhov hloov pauv muaj nws tus kheej vlan thiab tsis paub-unicast tsis txaus ntshai, vim nws tsuas yog xav tau mus rau ib qho chaw nres nkoj thiab tsis yog rau txhua tus ... Zoo, cov kev mob tshwm sim yog cov txheej txheem kev teeb tsa, kev ua haujlwm zoo dua hauv kev faib cov chaw nyob. .
Yuav ua li cas rau configure lisg yog ib lub ncauj lus cais. Txuas mus rau cov tsev qiv ntawv txuas nrog. Tej zaum cov saum toj no yuav pab tau ib tug neeg ua tiav lawv lub hom phiaj. Version 6 tseem tsis tau siv rau hauv peb lub network tseem - tab sis yuav muaj teeb meem - muaj cov phiaj xwm rov sau lisg rau version 6, thiab nws yuav tsim nyog los kho qhov kev pab cuam uas ntxiv cov kev.
Tau qhov twg los: www.hab.com