Lumela. Sena se bolela hore ho na le marang-rang a bareki ba 5k. Haufinyane tjena ho ile ha hlaha motsotso o monate haholo - bohareng ba marang-rang re na le Brocade RX8 'me e qalile ho romela lipakete tse ngata tse sa tsejoeng-unicast, kaha marang-rang a arotsoe ka li-vlans - sena ha se bothata EMPA ho na le tse khethehileng. vlans bakeng sa liaterese tse tšoeu, joalo-joalo. 'me li otlolohile ka mahlakoreng 'ohle a marang-rang. Joale ak'u nahane ka phallo e kenang atereseng ea moreki ea sa ithuteng e le moithuti oa moeli 'me phallo ena e fofela sehokelong sa seea-le-moea ho ea motseng o mong (kapa kaofela) - mocha o koalehile - bareki ba halefile - masoabi ...
Sepheo ke ho fetola kokoanyana hore e be tšobotsi. Ke ne ke nahana ka tataiso ea q-in-q ka vlan e feletseng ea bareki, empa mefuta eohle ea hardware e kang P3310, ha dot1q e nolofalitsoe, e khaotsa ho lumella DHCP, hape ha ba tsebe ho khetha qinq le ba bangata. maraba a mofuta oo. IP-unnambered ke eng mme e sebetsa joang? Ka bokhuts'oane haholo: aterese ea heke + tsela ho sehokelo. Bakeng sa mosebetsi oa rona, re hloka ho: khaola shaper, ho aba liaterese ho bareki, ho eketsa litsela ho bareki ka li-interfaces tse itseng. Joang ho etsa see sohle? Shaper - lisg, dhcp - db2dhcp ho li-server tse peli tse ikemetseng, dhcprelay e sebetsa ho li-server tsa phihlello, ucarp e boetse e sebetsa ho li-server tsa phihlello - bakeng sa backup. Empa mokhoa oa ho eketsa litsela? U ka eketsa ntho e 'ngoe le e' ngoe esale pele ka script e kholo - empa sena ha se 'nete. Kahoo re tla etsa sekoahelo se ngotseng.
Kamora ho batlisisa ka botlalo Marang-rang, ke ile ka fumana laeborari e ntle ea boemo bo holimo ea C ++, e u lumellang ho fofonela sephethephethe hantle. Algorithm bakeng sa lenaneo le eketsang litsela ke ka tsela e latelang - re mamela likopo tsa arp ho sebopeho, haeba re na le aterese ho sebopeho sa lo ho seva se kōptjoang, joale re eketsa tsela ka sebopeho sena ebe re eketsa static arp. rekota ho ip ena - ka kakaretso, likopi tse 'maloa, mahlaodi a manyane mme o qetile.
Mehloli ea 'router'
#include <stdio.h>
#include <sys/types.h>
#include <ifaddrs.h>
#include <netinet/in.h>
#include <string.h>
#include <arpa/inet.h>
#include <tins/tins.h>
#include <map>
#include <iostream>
#include <functional>
#include <sstream>
using std::cout;
using std::endl;
using std::map;
using std::bind;
using std::string;
using std::stringstream;
using namespace Tins;
class arp_monitor {
public:
void run(Sniffer &sniffer);
void reroute();
void makegws();
string iface;
map <string, string> gws;
private:
bool callback(const PDU &pdu);
map <string, string> route_map;
map <string, string> mac_map;
map <IPv4Address, HWAddress<6>> addresses;
};
void arp_monitor::makegws() {
struct ifaddrs *ifAddrStruct = NULL;
struct ifaddrs *ifa = NULL;
void *tmpAddrPtr = NULL;
gws.clear();
getifaddrs(&ifAddrStruct);
for (ifa = ifAddrStruct; ifa != NULL; ifa = ifa->ifa_next) {
if (!ifa->ifa_addr) {
continue;
}
string ifName = ifa->ifa_name;
if (ifName == "lo") {
char addressBuffer[INET_ADDRSTRLEN];
if (ifa->ifa_addr->sa_family == AF_INET) { // check it is IP4
// is a valid IP4 Address
tmpAddrPtr = &((struct sockaddr_in *) ifa->ifa_addr)->sin_addr;
inet_ntop(AF_INET, tmpAddrPtr, addressBuffer, INET_ADDRSTRLEN);
} else if (ifa->ifa_addr->sa_family == AF_INET6) { // check it is IP6
// is a valid IP6 Address
tmpAddrPtr = &((struct sockaddr_in6 *) ifa->ifa_addr)->sin6_addr;
inet_ntop(AF_INET6, tmpAddrPtr, addressBuffer, INET6_ADDRSTRLEN);
} else {
continue;
}
gws[addressBuffer] = addressBuffer;
cout << "GW " << addressBuffer << " is added" << endl;
}
}
if (ifAddrStruct != NULL) freeifaddrs(ifAddrStruct);
}
void arp_monitor::run(Sniffer &sniffer) {
cout << "RUNNED" << endl;
sniffer.sniff_loop(
bind(
&arp_monitor::callback,
this,
std::placeholders::_1
)
);
}
void arp_monitor::reroute() {
cout << "REROUTING" << endl;
map<string, string>::iterator it;
for ( it = route_map.begin(); it != route_map.end(); it++ ) {
if (this->gws.count(it->second) && !this->gws.count(it->second)) {
string cmd = "ip route replace ";
cmd += it->first;
cmd += " dev " + this->iface;
cmd += " src " + it->second;
cmd += " proto static";
cout << cmd << std::endl;
cout << "REROUTE " << it->first << " SRC " << it->second << endl;
system(cmd.c_str());
cmd = "arp -s ";
cmd += it->first;
cmd += " ";
cmd += mac_map[it->first];
cout << cmd << endl;
system(cmd.c_str());
}
}
for ( it = gws.begin(); it != gws.end(); it++ ) {
string cmd = "arping -U -s ";
cmd += it->first;
cmd += " -I ";
cmd += this->iface;
cmd += " -b -c 1 ";
cmd += it->first;
system(cmd.c_str());
}
cout << "REROUTED" << endl;
}
bool arp_monitor::callback(const PDU &pdu) {
// Retrieve the ARP layer
const ARP &arp = pdu.rfind_pdu<ARP>();
if (arp.opcode() == ARP::REQUEST) {
string target = arp.target_ip_addr().to_string();
string sender = arp.sender_ip_addr().to_string();
this->route_map[sender] = target;
this->mac_map[sender] = arp.sender_hw_addr().to_string();
cout << "save sender " << sender << ":" << this->mac_map[sender] << " want taregt " << target << endl;
if (this->gws.count(target) && !this->gws.count(sender)) {
string cmd = "ip route replace ";
cmd += sender;
cmd += " dev " + this->iface;
cmd += " src " + target;
cmd += " proto static";
// cout << cmd << std::endl;
/* cout << "ARP REQUEST FROM " << arp.sender_ip_addr()
<< " for address " << arp.target_ip_addr()
<< " sender hw address " << arp.sender_hw_addr() << std::endl
<< " run cmd: " << cmd << endl;*/
system(cmd.c_str());
cmd = "arp -s ";
cmd += arp.sender_ip_addr().to_string();
cmd += " ";
cmd += arp.sender_hw_addr().to_string();
cout << cmd << endl;
system(cmd.c_str());
}
}
return true;
}
arp_monitor monitor;
void reroute(int signum) {
monitor.makegws();
monitor.reroute();
}
int main(int argc, char *argv[]) {
string test;
cout << sizeof(string) << endl;
if (argc != 2) {
cout << "Usage: " << *argv << " <interface>" << endl;
return 1;
}
signal(SIGHUP, reroute);
monitor.iface = argv[1];
// Sniffer configuration
SnifferConfiguration config;
config.set_promisc_mode(true);
config.set_filter("arp");
monitor.makegws();
try {
// Sniff on the provided interface in promiscuous mode
Sniffer sniffer(argv[1], config);
// Only capture arp packets
monitor.run(sniffer);
}
catch (std::exception &ex) {
std::cerr << "Error: " << ex.what() << std::endl;
}
}script ea ho kenya libtins
#!/bin/bash
git clone https://github.com/mfontanini/libtins.git
cd libtins
mkdir build
cd build
cmake ../
make
make install
ldconfig
Laela ho aha binary
g++ main.cpp -o arp-rt -O3 -std=c++11 -lpthread -ltinsJoang ho e qala?
start-stop-daemon --start --exec /opt/ipoe/arp-routes/arp-rt -b -m -p /opt/ipoe/arp-routes/daemons/eth0.800.pid -- eth0.800
Ee - e tla aha litafole bocha ho latela lets'oao la HUP. Ke hobane'ng ha u sa sebelise netlink? Ke botsoa feela 'me Linux ke script ho script - kahoo tsohle li lokile. Ho lokile, litsela ke litsela, ho latela eng? Ka mor'a moo, re lokela ho romela litsela tse ho seva sena ho ea moeling - mona, ka lebaka la thepa e tšoanang ea khale, re nkile tsela ea ho hanyetsa bonyane - re file mosebetsi ona ho BGP.
bgp configlebitso la moamoheli *******
password *******
log file /var/log/bgp.log
!
# Nomoro ea AS, liaterese le marang-rang ke mashano
router bgp12345
bgp router-id 1.2.3.4
abela bocha e hokahaneng
redistribute static
moahelani 1.2.3.1 hōle-joaloka 12345
moahelani 1.2.3.1 next-hop-self
moahelani 1.2.3.1 tsela-mapa ha ho le ea mong ka
moahelani 1.2.3.1 tsela-mapa thomello kantle
!
lenane la phihlello phemiti ya ho romela kantle ho naha 1.2.3.0/24
!
tumello ea ho romela 'mapa oa tsela 10
tsamaisana le ho romela aterese ea ip
!
"Route-mapa" hana 20
Ha re tsoeleng pele. E le hore seva se arabele likopo tsa arp, u tlameha ho lumella moemeli oa arp.
echo 1 > /proc/sys/net/ipv4/conf/eth0.800/proxy_arp
Ha re tsoeleng pele - ucarp. Re ngola mangolo a qalang a mohlolo ona ka borona.
Mohlala oa ho tsamaisa daemon e le 'ngoe
start-stop-daemon --start --exec /usr/sbin/ucarp -b -m -p /opt/ipoe/ucarp-gen2/daemons/$iface.$vhid.$virtualaddr.pid -- --interface=eth0.800 --srcip=1.2.3.4 --vhid=1 --pass=carpasword --addr=10.10.10.1 --upscript=/opt/ipoe/ucarp-gen2/up.sh --downscript=/opt/ipoe/ucarp-gen2/down.sh -z -k 10 -P --xparam="10.10.10.0/24"
holimo.sh
#!/bin/bash
iface=$1
addr=$2
gw=$3
vlan=`echo $1 | sed "s/eth0.//"`
ip ad ad $addr/32 dev lo
ip ro add blackhole $gw
echo 1 > /proc/sys/net/ipv4/conf/$iface/proxy_arp
killall -9 dhcrelay
/etc/init.d/dhcrelay zap
/etc/init.d/dhcrelay start
killall -HUP arp-rt
tlase.sh
#!/bin/bash
iface=$1
addr=$2
gw=$3
ip ad d $addr/32 dev lo
ip ro de blackhole $gw
echo 0 > /proc/sys/net/ipv4/conf/$iface/proxy_arp
killall -9 dhcrelay
/etc/init.d/dhcrelay zap
/etc/init.d/dhcrelay start
Hore dhcprelay e sebetse ho sehokelo, e hloka aterese. Ka hona, ho li-interfaces tseo re li sebelisang re tla eketsa liaterese tse letšehali - mohlala 10.255.255.1/32, 10.255.255.2/32, joalo-joalo. Nke ke ka u bolella mokhoa oa ho lokisa relay - tsohle li bonolo.
Joale re na le eng? Backup ea liheke, tlhophiso e ikemetseng ea litsela, dhcp. Ena ke sete e tlase - lisg e boetse e phuthela ntho e 'ngoe le e' ngoe ho e potoloha 'me re se re ntse re e-na le shaper. Ke hobane'ng ha ntho e 'ngoe le e' ngoe e le telele hakaale ebile e rarahane? Na ha ho bonolo ho nka accel-pppd le ho sebelisa pppoe ka botlalo? Che, ha ho bonolo ho feta - batho ha ba khone ho kenya patchcord ka har'a router, re sa bue ka pppoe. accel-ppp ke ntho e ntle - empa ha ea ka ea sebetsa bakeng sa rona - ho na le liphoso tse ngata ka har'a khoutu - e ea putlama, e fokotseha ka mokhoa o sothehileng, 'me ntho e bohloko ka ho fetisisa ke hore haeba e khantšitse - joale batho ba hloka ho tsosolosa ntho e nngwe le e nngwe - mehala e kgubedu - e ne e sa sebetse ho hang. Molemo oa ho sebelisa ucarp ho fapana le keepalived ke ofe? E, nthong e 'ngoe le e' ngoe - ho na le liheke tse 100, tse bolokiloeng le phoso e le 'ngoe ho config - ntho e' ngoe le e 'ngoe ha e sebetse. 1 gateway ha e sebetse le ucarp. Mabapi le ts'ireletso, ba re ba setseng ba tla ingolisa liaterese 'me ba li sebelise karolong - ho laola motsotso ona, re theha tlhahlobo ea dhcp-snooping + source-guard + arp ho li-switch/olts/bases tsohle. Haeba moreki a sena dhpc empa a tsitsitse - lethathamo la phihlello boema-kepeng.
Ke hobane’ng ha see sohle se ile sa etsoa? Ho senya sephethephethe se sa batleheng. Hona joale phetoho e 'ngoe le e' ngoe e na le vlan ea eona 'me e sa tsejoeng-unicast ha e sa tšosa, kaha e hloka feela ho ea koung e le' ngoe eseng ho bohle ... Hantle, litla-morao ke lisebelisoa tse tloaelehileng tsa thepa, katleho e kholoanyane ea ho fana ka sebaka sa aterese.
Mokhoa oa ho hlophisa lisg ke sehlooho se arohaneng. Lihokelo tsa lilaebrari li kentsoe. Mohlomong tse ka holimo li tla thusa motho ho finyella lipakane tsa bona. Mofuta oa 6 ha o e-so kengoe ts'ebetsong marang-rang a rona hajoale - empa ho tla ba le bothata - ho na le merero ea ho ngola bocha lisg bakeng sa mofuta oa 6, mme ho tla hlokahala ho lokisa lenaneo le eketsang litsela.
Source: www.habr.com