Moni. Izi zikutanthauza kuti pali maukonde 5k makasitomala. Posachedwapa nthawi yosangalatsa kwambiri idabwera - pakati pa netiweki tili ndi Brocade RX8 ndipo idayamba kutumiza mapaketi ambiri osadziwika-unicast, popeza maukonde amagawidwa kukhala vlans - izi siziri vuto, KOMA pali ma vlan apadera a ma adilesi oyera, etc. ndipo zatambasulidwa mbali zonse za maukonde. Chifukwa chake tsopano lingalirani zakuyenda komwe kukubwera ku adilesi ya kasitomala yemwe sakuphunzira ngati wophunzira wakumalire ndipo kuyenda uku kumawulukira ku ulalo wawailesi kumudzi wina (kapena wonse) - tchanelo chatsekedwa - makasitomala ali okwiya - achisoni...
Cholinga ndikusintha cholakwika kukhala chinthu. Ndinali kuganiza za q-in-q ndi kasitomala wodzaza ndi vlan, koma mitundu yonse ya hardware monga P3310, dot1q ikayatsidwa, imasiya kulola DHCP kudutsa, sadziwanso kusankha qinq ndi ambiri. mbuna zamtunduwu. Kodi ip-unnambered ndi chiyani ndipo imagwira ntchito bwanji? Mwachidule kwambiri: adilesi yachipata + njira pamawonekedwe. Pantchito yathu, tifunika: kudula mawonekedwe, kugawa maadiresi kwa makasitomala, kuwonjezera njira kwa makasitomala kudzera m'malo ena. Kuchita zonsezi bwanji? Shaper - lisg, dhcp - db2dhcp pa ma seva awiri odziyimira pawokha, dhcprelay imayenda pa maseva olowera, ucarp imayenderanso ma seva ofikira - kuti musunge zosunga zobwezeretsera. Koma kuwonjezera njira? Mutha kuwonjezera chilichonse pasadakhale ndi script yayikulu - koma izi sizowona. Kotero tidzapanga ndodo yodzilemba tokha.
Nditafufuza mozama pa intaneti, ndidapeza laibulale yapamwamba kwambiri ya C ++, yomwe imakupatsani mwayi wokopa anthu ambiri. Algorithm ya pulogalamu yomwe imawonjezera mayendedwe ndi motere - timamvera zopempha za arp pa mawonekedwe, ngati tili ndi adilesi pa mawonekedwe alo pa seva yomwe ikufunsidwa, ndiye timawonjezera njira kudzera mu mawonekedwe awa ndikuwonjezera static arp. lembani ku ip iyi - mwambiri, zolemba zingapo, zomasulira pang'ono ndipo mwamaliza
Magwero a 'rauta'
#include <stdio.h>
#include <sys/types.h>
#include <ifaddrs.h>
#include <netinet/in.h>
#include <string.h>
#include <arpa/inet.h>
#include <tins/tins.h>
#include <map>
#include <iostream>
#include <functional>
#include <sstream>
using std::cout;
using std::endl;
using std::map;
using std::bind;
using std::string;
using std::stringstream;
using namespace Tins;
class arp_monitor {
public:
void run(Sniffer &sniffer);
void reroute();
void makegws();
string iface;
map <string, string> gws;
private:
bool callback(const PDU &pdu);
map <string, string> route_map;
map <string, string> mac_map;
map <IPv4Address, HWAddress<6>> addresses;
};
void arp_monitor::makegws() {
struct ifaddrs *ifAddrStruct = NULL;
struct ifaddrs *ifa = NULL;
void *tmpAddrPtr = NULL;
gws.clear();
getifaddrs(&ifAddrStruct);
for (ifa = ifAddrStruct; ifa != NULL; ifa = ifa->ifa_next) {
if (!ifa->ifa_addr) {
continue;
}
string ifName = ifa->ifa_name;
if (ifName == "lo") {
char addressBuffer[INET_ADDRSTRLEN];
if (ifa->ifa_addr->sa_family == AF_INET) { // check it is IP4
// is a valid IP4 Address
tmpAddrPtr = &((struct sockaddr_in *) ifa->ifa_addr)->sin_addr;
inet_ntop(AF_INET, tmpAddrPtr, addressBuffer, INET_ADDRSTRLEN);
} else if (ifa->ifa_addr->sa_family == AF_INET6) { // check it is IP6
// is a valid IP6 Address
tmpAddrPtr = &((struct sockaddr_in6 *) ifa->ifa_addr)->sin6_addr;
inet_ntop(AF_INET6, tmpAddrPtr, addressBuffer, INET6_ADDRSTRLEN);
} else {
continue;
}
gws[addressBuffer] = addressBuffer;
cout << "GW " << addressBuffer << " is added" << endl;
}
}
if (ifAddrStruct != NULL) freeifaddrs(ifAddrStruct);
}
void arp_monitor::run(Sniffer &sniffer) {
cout << "RUNNED" << endl;
sniffer.sniff_loop(
bind(
&arp_monitor::callback,
this,
std::placeholders::_1
)
);
}
void arp_monitor::reroute() {
cout << "REROUTING" << endl;
map<string, string>::iterator it;
for ( it = route_map.begin(); it != route_map.end(); it++ ) {
if (this->gws.count(it->second) && !this->gws.count(it->second)) {
string cmd = "ip route replace ";
cmd += it->first;
cmd += " dev " + this->iface;
cmd += " src " + it->second;
cmd += " proto static";
cout << cmd << std::endl;
cout << "REROUTE " << it->first << " SRC " << it->second << endl;
system(cmd.c_str());
cmd = "arp -s ";
cmd += it->first;
cmd += " ";
cmd += mac_map[it->first];
cout << cmd << endl;
system(cmd.c_str());
}
}
for ( it = gws.begin(); it != gws.end(); it++ ) {
string cmd = "arping -U -s ";
cmd += it->first;
cmd += " -I ";
cmd += this->iface;
cmd += " -b -c 1 ";
cmd += it->first;
system(cmd.c_str());
}
cout << "REROUTED" << endl;
}
bool arp_monitor::callback(const PDU &pdu) {
// Retrieve the ARP layer
const ARP &arp = pdu.rfind_pdu<ARP>();
if (arp.opcode() == ARP::REQUEST) {
string target = arp.target_ip_addr().to_string();
string sender = arp.sender_ip_addr().to_string();
this->route_map[sender] = target;
this->mac_map[sender] = arp.sender_hw_addr().to_string();
cout << "save sender " << sender << ":" << this->mac_map[sender] << " want taregt " << target << endl;
if (this->gws.count(target) && !this->gws.count(sender)) {
string cmd = "ip route replace ";
cmd += sender;
cmd += " dev " + this->iface;
cmd += " src " + target;
cmd += " proto static";
// cout << cmd << std::endl;
/* cout << "ARP REQUEST FROM " << arp.sender_ip_addr()
<< " for address " << arp.target_ip_addr()
<< " sender hw address " << arp.sender_hw_addr() << std::endl
<< " run cmd: " << cmd << endl;*/
system(cmd.c_str());
cmd = "arp -s ";
cmd += arp.sender_ip_addr().to_string();
cmd += " ";
cmd += arp.sender_hw_addr().to_string();
cout << cmd << endl;
system(cmd.c_str());
}
}
return true;
}
arp_monitor monitor;
void reroute(int signum) {
monitor.makegws();
monitor.reroute();
}
int main(int argc, char *argv[]) {
string test;
cout << sizeof(string) << endl;
if (argc != 2) {
cout << "Usage: " << *argv << " <interface>" << endl;
return 1;
}
signal(SIGHUP, reroute);
monitor.iface = argv[1];
// Sniffer configuration
SnifferConfiguration config;
config.set_promisc_mode(true);
config.set_filter("arp");
monitor.makegws();
try {
// Sniff on the provided interface in promiscuous mode
Sniffer sniffer(argv[1], config);
// Only capture arp packets
monitor.run(sniffer);
}
catch (std::exception &ex) {
std::cerr << "Error: " << ex.what() << std::endl;
}
}libtins kukhazikitsa script
#!/bin/bash
git clone https://github.com/mfontanini/libtins.git
cd libtins
mkdir build
cd build
cmake ../
make
make install
ldconfig
Lamulani kuti mupange binary
g++ main.cpp -o arp-rt -O3 -std=c++11 -lpthread -ltinsKodi mungayambitse bwanji?
start-stop-daemon --start --exec /opt/ipoe/arp-routes/arp-rt -b -m -p /opt/ipoe/arp-routes/daemons/eth0.800.pid -- eth0.800
Inde - idzamanganso matebulo kutengera chizindikiro cha HUP. Chifukwa chiyani simunagwiritse ntchito netlink? Ndi ulesi basi ndipo Linux ndi script pa script - kotero chirichonse chiri bwino. Chabwino, njira ndi njira, chotsatira ndi chiyani? Kenako, tifunika kutumiza mayendedwe omwe ali pa seva iyi kumalire - apa, chifukwa cha zida zakale zomwezo, tidatenga njira yokana kukana - tidapereka ntchitoyi ku BGP.
bgp kodidzina la alendo *******
chinsinsi *******
log file /var/log/bgp.log
!
# AS nambala, ma adilesi ndi ma network ndizopeka
rauta bgp 12345
bgp rauta-id 1.2.3.4
kugawanso olumikizidwa
kugawanso static
oyandikana nawo 1.2.3.1 kutali-monga 12345
woyandikana nawo 1.2.3.1 wotsatira-hop-self
oyandikana nawo 1.2.3.1 mapu-njira palibe
oyandikana nawo 1.2.3.1 njira-mapu kutumiza kunja
!
chilolezo chotumiza kunja 1.2.3.0/24
!
chilolezo chotumiza kunja kwa mapu 10
kufanana ndi kutumiza adilesi ya ip
!
njira-mapu kutumiza kunja kukana 20
Tiyeni tipitilize. Kuti seva iyankhe zopempha za arp, muyenera kuyatsa proxy ya arp.
echo 1 > /proc/sys/net/ipv4/conf/eth0.800/proxy_arp
Tiyeni tipitirire - ucarp. Timalemba zolemba zoyambitsa chozizwitsa ichi tokha.
Chitsanzo choyendetsa daemon imodzi
start-stop-daemon --start --exec /usr/sbin/ucarp -b -m -p /opt/ipoe/ucarp-gen2/daemons/$iface.$vhid.$virtualaddr.pid -- --interface=eth0.800 --srcip=1.2.3.4 --vhid=1 --pass=carpasword --addr=10.10.10.1 --upscript=/opt/ipoe/ucarp-gen2/up.sh --downscript=/opt/ipoe/ucarp-gen2/down.sh -z -k 10 -P --xparam="10.10.10.0/24"
pamwamba.sh
#!/bin/bash
iface=$1
addr=$2
gw=$3
vlan=`echo $1 | sed "s/eth0.//"`
ip ad ad $addr/32 dev lo
ip ro add blackhole $gw
echo 1 > /proc/sys/net/ipv4/conf/$iface/proxy_arp
killall -9 dhcrelay
/etc/init.d/dhcrelay zap
/etc/init.d/dhcrelay start
killall -HUP arp-rt
pansi.sh
#!/bin/bash
iface=$1
addr=$2
gw=$3
ip ad d $addr/32 dev lo
ip ro de blackhole $gw
echo 0 > /proc/sys/net/ipv4/conf/$iface/proxy_arp
killall -9 dhcrelay
/etc/init.d/dhcrelay zap
/etc/init.d/dhcrelay start
Kuti dhcprelay igwire ntchito pamawonekedwe, imafunikira adilesi. Chifukwa chake, pazolumikizana zomwe timagwiritsa ntchito tidzawonjezera ma adilesi akumanzere - mwachitsanzo 10.255.255.1/32, 10.255.255.2/32, etc. Sindikuwuzani momwe mungakhazikitsire relay - zonse ndi zophweka.
Ndiye tili ndi chiyani? Kusungirako zipata, kusinthika kwanjira, dhcp. Ichi ndiye chocheperako - lisg imakutiranso chilichonse mozungulira ndipo tili ndi wojambula kale. Chifukwa chiyani zonse ndi zazitali komanso zosokoneza? Kodi sizophweka kutenga accel-ppd ndikugwiritsa ntchito pppoe palimodzi? Ayi, sizophweka - anthu sangathe kuyika chingwe mu rauta, osatchulapo pppoe. accel-ppp ndichinthu chozizira - koma sichinatigwire ntchito - pali zolakwika zambiri mu code - imasweka, imadula mokhotakhota, ndipo chomvetsa chisoni kwambiri ndichakuti ngati idawala - ndiye kuti anthu ayenera kuyikanso. chirichonse - mafoni ndi ofiira - sizinagwire ntchito konse. Ubwino wogwiritsa ntchito ucarp osati keepalived ndi chiyani? Inde, m'chilichonse - pali zipata 100, zosungidwa ndi cholakwika chimodzi mu config - chirichonse sichigwira ntchito. 1 chipata sichigwira ntchito ndi ucarp. Ponena za chitetezo, amanena kuti otsalawo adzalembetsa maadiresi okha ndikuwagwiritsa ntchito pagawo - kuti tiwongolere mphindi ino, timakhazikitsa dhcp-snooping + source-guard + arp kuyang'ana pa zosintha zonse / olts / maziko. Ngati kasitomala alibe dhpc koma static - acces-mndandanda pa doko.
Nβchifukwa chiyani zonsezi zinkachitika? Kuwononga magalimoto osafunika. Tsopano kusintha kulikonse kuli ndi vlan yake ndi osadziwika-unicast sikulinso mantha, popeza kumangofunika kupita ku doko limodzi osati kwa onse ... Chabwino, zotsatira zake ndizokhazikika zida zokonzekera, zogwira mtima kwambiri pogawa malo adiresi.
Momwe mungasinthire lisg ndi mutu wosiyana. Maulalo ku malaibulale alumikizidwa. Mwina zomwe zili pamwambazi zithandiza wina kukwaniritsa zolinga zake. Mtundu wa 6 sunagwiritsidwe ntchito pamaneti athu - koma padzakhala vuto - pali mapulani olemberanso lisg ya mtundu 6, ndipo padzakhala kofunikira kukonza pulogalamu yomwe imawonjezera njira.
Source: www.habr.com