Nnọọ. Nke a pụtara na enwere netwọkụ nke ndị ahịa 5k. N'oge na-adịbeghị anya, oge na-adịghị mma bịara - n'etiti netwọk anyị nwere Brocade RX8 wee malite izipu ọtụtụ ngwugwu Unicast-amaghị, ebe ọ bụ na e kewara netwọk ahụ na vlans - nke a abụghị nsogbu, ma enwere. vlan pụrụ iche maka adreesị ọcha, wdg. ma ha na-agbatị n'akụkụ niile nke netwọk. Ya mere, ugbu a, chee echiche na-abata na adreesị nke onye ahịa na-adịghị agụ akwụkwọ dị ka nwa akwụkwọ ókè na nke a na-efega na njikọ redio na ụfọdụ (ma ọ bụ ihe niile) obodo - ọwa ahụ kpuchiri - ndị ahịa na-ewe iwe - mwute ...
Ebumnuche bụ ịtụgharị ahụhụ ka ọ bụrụ njirimara. Anọ m na-eche n'ụzọ nke q-in-q na onye ahịa zuru oke vlan, mana ụdị ngwaike dị ka P3310, mgbe dot1q na-enyere aka, kwụsị ịhapụ DHCP, ha amaghịkwa otú e si ahọrọ qinq na ọtụtụ. ọnyà dị otú ahụ. Kedu ihe bụ ip-unnambered na kedu ka o si arụ ọrụ? Na nkenke nkenke: adreesị ọnụ ụzọ + ụzọ na interface. Maka ọrụ anyị, anyị kwesịrị: bee shaper, kesaa adrees ndị ahịa, tinye ụzọ ndị ahịa site na ụfọdụ interfaces. Kedu ka esi eme ihe a niile? Shaper - lisg, dhcp - db2dhcp na sava abụọ nọọrọ onwe ha, dhcprelay na-agba ọsọ na sava ohere, ucarp na-agbakwa na sava ohere - maka ndabere. Mana otu esi agbakwunye ụzọ? Ị nwere ike tinye ihe niile n'ihu na nnukwu edemede - mana nke a abụghị eziokwu. Ya mere, anyị ga-eme ka crutch dere onwe ya.
Mgbe m nyochachara nke ọma na ịntanetị, achọtara m ọmarịcha ọbá akwụkwọ dị elu maka C++, nke na-enye gị ohere ịmegharị okporo ụzọ mara mma. Algọridim maka mmemme nke na-agbakwụnye ụzọ dị ka ndị a - anyị na-ege ntị na arịrịọ arp na interface ahụ, ọ bụrụ na anyị nwere adreesị na lo interface na ihe nkesa a na-arịọ, mgbe ahụ, anyị na-agbakwunye ụzọ site na interface a ma tinye static arp. dekọba na ip a - n'ozuzu, nnomi-paste ole na ole, ntakịrị nkọwa na ịmechaala gị
Isi mmalite nke 'router'
#include <stdio.h>
#include <sys/types.h>
#include <ifaddrs.h>
#include <netinet/in.h>
#include <string.h>
#include <arpa/inet.h>
#include <tins/tins.h>
#include <map>
#include <iostream>
#include <functional>
#include <sstream>
using std::cout;
using std::endl;
using std::map;
using std::bind;
using std::string;
using std::stringstream;
using namespace Tins;
class arp_monitor {
public:
void run(Sniffer &sniffer);
void reroute();
void makegws();
string iface;
map <string, string> gws;
private:
bool callback(const PDU &pdu);
map <string, string> route_map;
map <string, string> mac_map;
map <IPv4Address, HWAddress<6>> addresses;
};
void arp_monitor::makegws() {
struct ifaddrs *ifAddrStruct = NULL;
struct ifaddrs *ifa = NULL;
void *tmpAddrPtr = NULL;
gws.clear();
getifaddrs(&ifAddrStruct);
for (ifa = ifAddrStruct; ifa != NULL; ifa = ifa->ifa_next) {
if (!ifa->ifa_addr) {
continue;
}
string ifName = ifa->ifa_name;
if (ifName == "lo") {
char addressBuffer[INET_ADDRSTRLEN];
if (ifa->ifa_addr->sa_family == AF_INET) { // check it is IP4
// is a valid IP4 Address
tmpAddrPtr = &((struct sockaddr_in *) ifa->ifa_addr)->sin_addr;
inet_ntop(AF_INET, tmpAddrPtr, addressBuffer, INET_ADDRSTRLEN);
} else if (ifa->ifa_addr->sa_family == AF_INET6) { // check it is IP6
// is a valid IP6 Address
tmpAddrPtr = &((struct sockaddr_in6 *) ifa->ifa_addr)->sin6_addr;
inet_ntop(AF_INET6, tmpAddrPtr, addressBuffer, INET6_ADDRSTRLEN);
} else {
continue;
}
gws[addressBuffer] = addressBuffer;
cout << "GW " << addressBuffer << " is added" << endl;
}
}
if (ifAddrStruct != NULL) freeifaddrs(ifAddrStruct);
}
void arp_monitor::run(Sniffer &sniffer) {
cout << "RUNNED" << endl;
sniffer.sniff_loop(
bind(
&arp_monitor::callback,
this,
std::placeholders::_1
)
);
}
void arp_monitor::reroute() {
cout << "REROUTING" << endl;
map<string, string>::iterator it;
for ( it = route_map.begin(); it != route_map.end(); it++ ) {
if (this->gws.count(it->second) && !this->gws.count(it->second)) {
string cmd = "ip route replace ";
cmd += it->first;
cmd += " dev " + this->iface;
cmd += " src " + it->second;
cmd += " proto static";
cout << cmd << std::endl;
cout << "REROUTE " << it->first << " SRC " << it->second << endl;
system(cmd.c_str());
cmd = "arp -s ";
cmd += it->first;
cmd += " ";
cmd += mac_map[it->first];
cout << cmd << endl;
system(cmd.c_str());
}
}
for ( it = gws.begin(); it != gws.end(); it++ ) {
string cmd = "arping -U -s ";
cmd += it->first;
cmd += " -I ";
cmd += this->iface;
cmd += " -b -c 1 ";
cmd += it->first;
system(cmd.c_str());
}
cout << "REROUTED" << endl;
}
bool arp_monitor::callback(const PDU &pdu) {
// Retrieve the ARP layer
const ARP &arp = pdu.rfind_pdu<ARP>();
if (arp.opcode() == ARP::REQUEST) {
string target = arp.target_ip_addr().to_string();
string sender = arp.sender_ip_addr().to_string();
this->route_map[sender] = target;
this->mac_map[sender] = arp.sender_hw_addr().to_string();
cout << "save sender " << sender << ":" << this->mac_map[sender] << " want taregt " << target << endl;
if (this->gws.count(target) && !this->gws.count(sender)) {
string cmd = "ip route replace ";
cmd += sender;
cmd += " dev " + this->iface;
cmd += " src " + target;
cmd += " proto static";
// cout << cmd << std::endl;
/* cout << "ARP REQUEST FROM " << arp.sender_ip_addr()
<< " for address " << arp.target_ip_addr()
<< " sender hw address " << arp.sender_hw_addr() << std::endl
<< " run cmd: " << cmd << endl;*/
system(cmd.c_str());
cmd = "arp -s ";
cmd += arp.sender_ip_addr().to_string();
cmd += " ";
cmd += arp.sender_hw_addr().to_string();
cout << cmd << endl;
system(cmd.c_str());
}
}
return true;
}
arp_monitor monitor;
void reroute(int signum) {
monitor.makegws();
monitor.reroute();
}
int main(int argc, char *argv[]) {
string test;
cout << sizeof(string) << endl;
if (argc != 2) {
cout << "Usage: " << *argv << " <interface>" << endl;
return 1;
}
signal(SIGHUP, reroute);
monitor.iface = argv[1];
// Sniffer configuration
SnifferConfiguration config;
config.set_promisc_mode(true);
config.set_filter("arp");
monitor.makegws();
try {
// Sniff on the provided interface in promiscuous mode
Sniffer sniffer(argv[1], config);
// Only capture arp packets
monitor.run(sniffer);
}
catch (std::exception &ex) {
std::cerr << "Error: " << ex.what() << std::endl;
}
}edemede nrụnye libtins
#!/bin/bash
git clone https://github.com/mfontanini/libtins.git
cd libtins
mkdir build
cd build
cmake ../
make
make install
ldconfig
Iwu iji wuo ọnụọgụ abụọ
g++ main.cpp -o arp-rt -O3 -std=c++11 -lpthread -ltinsKedu ka esi malite ya?
start-stop-daemon --start --exec /opt/ipoe/arp-routes/arp-rt -b -m -p /opt/ipoe/arp-routes/daemons/eth0.800.pid -- eth0.800
Ee - ọ ga-ewughachi tebụl dabere na akara HUP. Gịnị kpatara na ị naghị eji netlink? Ọ bụ naanị umengwụ na Linux bụ edemede na edemede - yabụ ihe niile dị mma. Ọfọn, ụzọ bụ ụzọ, gịnị na-esote? Ọzọ, anyị kwesịrị iziga ụzọ ndị dị na ihe nkesa a ruo n'ókè - ebe a, n'ihi otu ngwaike ochie ahụ, anyị weere ụzọ nke obere nkwụsị - anyị kenyere BGP ọrụ a.
bgp nhaziaha nnabata *******
paswọọdụ *******
faịlụ ndekọ /var/log/bgp.log
!
Nọmba AS, adreesị na netwọk bụ akụkọ ifo
rawụta bgp 12345
bgp rawụta-id 1.2.3.4
restribute ejikọrọ
restribute static
agbataobi 1.2.3.1 remote-dị ka 12345
agbataobi 1.2.3.1 ọzọ-hop-onwe
onye agbata obi 1.2.3.1 ụzọ-map ọ dịghị n'ime
agbataobi 1.2.3.1 ụzọ-mapụ mbupụ
!
ikike-ndepụta mbupụ ikike 1.2.3.0/24
!
ikike mbupụ ụzọ-map 10
dakọtara ip adreesị mbupụ
!
ụzọ-map mbupụ 20
Ka anyị gaa n'ihu. Ka sava wee zaa arịrịọ arp, ị ga-emerịrị proxy arp.
echo 1 > /proc/sys/net/ipv4/conf/eth0.800/proxy_arp
Ka anyị gaa n'ihu - ucarp. Anyị na-ede edemede mmalite maka ọrụ ebube a n'onwe anyị.
Ọmụmaatụ nke ịgba ọsọ otu daemon
start-stop-daemon --start --exec /usr/sbin/ucarp -b -m -p /opt/ipoe/ucarp-gen2/daemons/$iface.$vhid.$virtualaddr.pid -- --interface=eth0.800 --srcip=1.2.3.4 --vhid=1 --pass=carpasword --addr=10.10.10.1 --upscript=/opt/ipoe/ucarp-gen2/up.sh --downscript=/opt/ipoe/ucarp-gen2/down.sh -z -k 10 -P --xparam="10.10.10.0/24"
elu.sh
#!/bin/bash
iface=$1
addr=$2
gw=$3
vlan=`echo $1 | sed "s/eth0.//"`
ip ad ad $addr/32 dev lo
ip ro add blackhole $gw
echo 1 > /proc/sys/net/ipv4/conf/$iface/proxy_arp
killall -9 dhcrelay
/etc/init.d/dhcrelay zap
/etc/init.d/dhcrelay start
killall -HUP arp-rt
gbadaa.sh
#!/bin/bash
iface=$1
addr=$2
gw=$3
ip ad d $addr/32 dev lo
ip ro de blackhole $gw
echo 0 > /proc/sys/net/ipv4/conf/$iface/proxy_arp
killall -9 dhcrelay
/etc/init.d/dhcrelay zap
/etc/init.d/dhcrelay start
Ka dhcprelay rụọ ọrụ na interface, ọ chọrọ adreesị. Ya mere, na interfaces anyị na-eji anyị ga-agbakwunye aka ekpe-adreesị 10.255.255.1/32, 10.255.255.2/32, wdg. Agaghị m agwa gị otu esi ahazi relay - ihe niile dị mfe.
Yabụ kedu ihe anyị nwere? Ndabere nke ọnụ ụzọ ámá, nhazi akpaaka nke ụzọ, dcp. Nke a bụ opekempe set - lisg na-ekechikwa ihe niile gburugburu ya ma anyị enweelarị shaper. Gịnị mere ihe niile ji dị ogologo na mgbagwoju anya? Ọ naghị adị mfe iwere accel-ppd wee jiri pppoe kpam kpam? Mba, ọ dịghị mfe - ndị mmadụ enweghị ike itinye patchcord na rawụta, ọ bụghị ịkọ pppoe. accel-ppp bụ ihe dị mma - mana ọ naghị arụ ọrụ maka anyị - enwere ọtụtụ njehie na koodu ahụ - ọ na-akụda, ọ na-egbutu nke ọma, na ihe kachasị mwute bụ na ọ bụrụ na ọ na-egbuke egbuke - mgbe ahụ ndị mmadụ kwesịrị ibugharị ya. ihe niile - ekwentị na-acha uhie uhie - ọ naghị arụ ọrụ ma ọlị. Kedu uru ọ dị n'iji ucarp kama idobe ya? Ee, na ihe niile - e nwere 100 ọnụ ụzọ ámá, keepalive na otu njehie na config - ihe niile anaghị arụ ọrụ. 1 ọnụ ụzọ ámá anaghị arụ ọrụ na ucarp. Banyere nchekwa, ha na-ekwu na ndị ekpe ga-edebanye aha onwe ha adreesị ma jiri ha na òkè - iji chịkwaa oge a, anyị na-edozi dhcp-snooping + source-guard + arp inspection on all switches/olts/bases. Ọ bụrụ na onye ahịa enweghị dhpc mana static - acces-list na ọdụ ụgbọ mmiri.
Gịnị mere e ji mee ihe a niile? Iji bibie okporo ụzọ achọghị. Ugbu a, mgba ọkụ ọ bụla nwere vlan nke ya na amaghị-unicast adịkwaghị egwu, ebe ọ bụ na ọ dị mkpa ka ọ gaa n'otu ọdụ ụgbọ mmiri ma ọ bụghị ihe niile ... Ọfọn, mmetụta ndị dị na ya bụ nhazi akụrụngwa ahaziri ahazi, arụmọrụ ka ukwuu na-ekenye ohere adreesị.
Otu esi ahazi lisg bụ isiokwu dị iche. Ejikọnyere njikọ na ọba akwụkwọ. Ikekwe ihe ndị a dị n'elu ga-enyere mmadụ aka iru ihe mgbaru ọsọ ya. A naghị emejuputa ụdị 6 na netwọkụ anyị - mana a ga-enwe nsogbu - enwere atụmatụ idegharị lisg maka ụdị 6, ọ ga-adị mkpa iji dozie mmemme na-agbakwunye ụzọ.
isi: www.habr.com