RK 2022-23; LDN5¶

docs @ rkvaje.lrk.si

Priprava projekta¶

Enable grid and display interface names

screenshot

Naprave¶

Dva Alpine Linux PCja PC1 in PC2 sta povezana preko 3 VyOS usmerjevalnikov R1, R2 in R3.

two alpine containers and three VyOS VMs

Definirajmo subnet-e¶

V navodilih imamo podano listo omrezij ki jih bomo uporabili. Recimo da je vpisna stevilka 12345678 (A=5, B=6, C=7, D=8). Če se vam prvi dve številki (A in B) slučajno ponovita, potem lahko kar Aju prištejte 1.

Ker imamo v vsakem omrezju le dve napravi bomo uporabili /30 IPv4 subnete. Ker sem len in se mi z IPv6 ne da ukvarjati bomo uporabili kar /64 IPv6 subnete.

V realnem svetu...

se tako ne dela. Tudi ce ni nobenih planov za sirjenje danega okolja (npr. pisarne ali strezniske sobe) vedno izberi malo vecje omrezje kot nujno potrebno saj lahko vedno pride do kaksne nepredvidene situacije ki zahteva vec naprav v nasem omrezju.

Ampak ker smo vsemogocni bogovi, ki kontrolirajo okolje nase GNS3 instalacije in definiramo resnico, vemo, da ne bomo v nasem projektu nikoli zahtevali se ene naprave in si lahko privoscimo uporabiti subnete ki so izredno majhni in imajo le 2 uporabna IP naslova.

Lista podanih subnetovLista subnetov z definiranimi spremenljivkami

10.A.0.0/??
10.0.B.0/??
192.168.C.0/??
172.16.D.0/??
2001:db8:e:A::/??
2001:db8:B:f::/??
2001:db8:ef:C::/??
2001:db8:D:ef::/??

10.5.0.0/30         - Alpine1.eth0 <> VyOS1.eth0
10.0.6.0/30         -   VyOS1.eth1 <> VyOS2.eth1
192.168.7.0/30      -   VyOS2.eth2 <> VyOS3.eth2
172.16.8.0/30       -   VyOS3.eth0 <> Alpine2.eth0
2001:db8:e:5::/64   - Alpine1.eth0 <> VyOS1.eth0
2001:db8:6:f::/64   -   VyOS1.eth1 <> VyOS2.eth1
2001:db8:ef:7::/64  -   VyOS2.eth2 <> VyOS3.eth2
2001:db8:8:ef::/64  -   VyOS3.eth0 <> Alpine2.eth0

Povezemo naprave¶

screenshot

Konfiguracija¶

Alpine¶

Alpine "edge" klientom nastavimo naslove na eth0 interface-u ter default route na povezan router.

alpine-1

ip addr add 10.5.0.1/30 broadcast + dev eth0
ip route add default via 10.5.0.2 dev eth0

ip -6 addr add 2001:db8:e:5::1/64 dev eth0
ip -6 route add ::/0 via 2001:db8:e:5::2

ip r
ip -6 r

alpine-2

ip addr add 172.16.8.1/30 broadcast + dev eth0
ip route add default via 172.16.8.2 dev eth0

ip -6 addr add 2001:db8:8:ef::1/64 dev eth0
ip -6 route add ::/0 via 2001:db8:8:ef::2

ip r
ip -6 r

VyOS¶

Routerji so malo razlicni - VyOS-1 ter VyOS-3 imasta lahko kar default route na VyOS-2, saj sta obadva povezana v zadnje omrezje na svoji strani. Medtem ko bo VyOS-2 imel route-e na "zunanje" subnete staticno definirane (beri spodaj za daljso obrazlago).

Situacija z VyOS-2 ter staticni route-i

Alpine-1 poslje ping na alpine-2 (src: 10.5.0.1, dst: 172.16.8.1). VyOS-1 dobi packet, in ker ni direktno povezan v omrezje 172.16.8.1/30 in nima staticnega route-a nastavljenega zanj samo preposlje packet na svoj default route (VyOS-2).

Tle pride hakeljc - VyOS-2 ne more imeti dveh default route-ov (ker je to nemogoce, saj potem nista default route-a... ker pac dva istocasna default-a je absurd). Zato na VyOS-2 nastavimo staticne route-a za "zunanje" subnete - tista dva v katere ni direktno povezan: 172.16.8.1/30 ter 10.5.0.0/30 (ter njihove IPv6 ekvivalente).

VyOS-2

ip addr add 10.0.6.1/30 broadcast + dev eth1 # conn. to VyOS-1
ip addr add 192.168.7.1/30 broadcast + dev eth2 # conn. to VyOS-3

ip route add 10.5.0.0/30 via 10.0.6.2 dev eth1 # route na subnet med Alpine-1 ter VyOS-1
ip route add 172.16.8.0/30 via 192.168.7.2 dev eth2 # route na subnet med Alpine-2 ter VyOS-3


ip -6 addr add 2001:db8:6:f::1/64 dev eth1 # conn. to VyOS-1
ip -6 addr add 2001:db8:ef:7::1/64 dev eth2 # conn. to VyOS-3

ip -6 route add 2001:db8:e:5::/64 via 2001:db8:6:f::2 # route na subnet med Alpine-1 ter VyOS-1
ip -6 route add 2001:db8:8:ef::/64 via 2001:db8:ef:7::2 # route na subnet med Alpine-2 ter VyOS-3

ip r
ip -6 r

VyOS-1

ip addr add 10.5.0.2/30 broadcast + dev eth0 # conn. to Alpine-1
ip addr add 10.0.6.2/30 broadcast + dev eth1 # conn. to VyOS-2
ip route add default via 10.0.6.1 dev eth1 # default route na VyOS-2

ip -6 addr add 2001:db8:e:5::2/64 dev eth0 # conn. to Alpine-1
ip -6 addr add 2001:db8:6:f::2/64 dev eth1 # conn. to VyOS-2
ip -6 route add ::/0 via 2001:db8:6:f::1 # default route na VyOS-2

ip r
ip -6 r

VyOS-3

ip addr add 172.16.8.2/30 broadcast + dev eth0 # conn. to Alpine-2
ip addr add 192.168.7.2/30 broadcast + dev eth2 # conn. to VyOS-2
ip route add default via 192.168.7.1 dev eth2 # default route na VyOS-2

ip -6 addr add 2001:db8:8:ef::2/64 dev eth0 # conn. to Alpine-2
ip -6 addr add 2001:db8:ef:7::2/64 dev eth2 # conn. to VyOS-2
ip -6 route add ::/0 via 2001:db8:ef:7::1 # default route na VyOS-2

ip r
ip -6 r

Artifacti nalge¶

tabele.txt¶

tekstovna ASCII datoteka, kamor prilepite izpise usmerjevalnih (posredovalnih) tabel (IPv4 in IPv6!) vseh naprav

alpine-1

/ # hostname && ip r && ip -6 r
alpine-1
default via 10.5.0.2 dev eth0
10.5.0.0/30 dev eth0 scope link  src 10.5.0.1
2001:db8:e:5::/64 dev eth0  metric 256
fe80::/64 dev eth0  metric 256
default via 2001:db8:e:5::2 dev eth0  metric 1024
ff00::/8 dev eth0  metric 256

vyos-1

vyos@vyos:~$ hostname && ip r && ip -6 r
vyos
default via 10.0.6.1 dev eth1
10.0.6.0/30 dev eth1  proto kernel  scope link  src 10.0.6.2
10.5.0.0/30 dev eth0  proto kernel  scope link  src 10.5.0.2
127.0.0.0/8 dev lo  proto kernel  scope link  src 127.0.0.1
2001:db8:6:f::/64 dev eth1  proto kernel  metric 256
2001:db8:e:5::/64 dev eth0  proto kernel  metric 256
fe80::/64 dev eth1  proto kernel  metric 256
fe80::/64 dev eth0  proto kernel  metric 256
default via 2001:db8:6:f::1 dev eth1  metric 1024

vyos-2

vyos@vyos:~$ hostname && ip r && ip -6 r
vyos
10.0.6.0/30 dev eth1  proto kernel  scope link  src 10.0.6.1
10.5.0.0/30 via 10.0.6.2 dev eth1
127.0.0.0/8 dev lo  proto kernel  scope link  src 127.0.0.1
172.16.8.0/30 via 192.168.7.2 dev eth2
192.168.7.0/30 dev eth2  proto kernel  scope link  src 192.168.7.1
2001:db8:6:f::/64 dev eth1  proto kernel  metric 256
2001:db8:8:ef::/64 via 2001:db8:ef:7::2 dev eth2  metric 1024
2001:db8:e:5::/64 via 2001:db8:6:f::2 dev eth1  metric 1024
2001:db8:ef:7::/64 dev eth2  proto kernel  metric 256
fe80::/64 dev eth2  proto kernel  metric 256
fe80::/64 dev eth1  proto kernel  metric 256

vyos-3

vyos@vyos:~$ hostname && ip r && ip -6 r
vyos
default via 192.168.7.1 dev eth2
127.0.0.0/8 dev lo  proto kernel  scope link  src 127.0.0.1
172.16.8.0/30 dev eth0  proto kernel  scope link  src 172.16.8.2
192.168.7.0/30 dev eth2  proto kernel  scope link  src 192.168.7.2
2001:db8:8:ef::/64 dev eth0  proto kernel  metric 256
2001:db8:ef:7::/64 dev eth2  proto kernel  metric 256
fe80::/64 dev eth2  proto kernel  metric 256
fe80::/64 dev eth0  proto kernel  metric 256
default via 2001:db8:ef:7::1 dev eth2  metric 1024

alpine-2

/ # hostname && ip r && ip -6 r
alpine-2
default via 172.16.8.2 dev eth0
172.16.8.0/30 dev eth0 scope link  src 172.16.8.1
2001:db8:8:ef::/64 dev eth0  metric 256
fe80::/64 dev eth0  metric 256
default via 2001:db8:8:ef::2 dev eth0  metric 1024
ff00::/8 dev eth0  metric 256

promet.pcapng¶

promet, kjer so zajeti pingi - v4 in v6 - med PC1 in PC2 ter traceroute (IPv4) med PC1 in PC2

start packet capture start packet capture 2 wireshark window ping4, ping6, traceroute wireshark capture

Najprej zazeni packet capture z Wireshark-om¹, ko se wireshark zazene odpri konzolo Alpine-1 ter pingaj in traceroute-aj Alpine-2. Nato ustavi packet capture s klikom na Wireshark > toolbar > Capture > Stop ter shrani captured packete s klikom na Wireshark > toolbar > File > Safe as.

Ping in trcrt iz Alpine1 na Alpine2

ping -4 -w 5 172.16.8.1
ping -6 -w 5 2001:db8:8:ef::1
traceroute 172.16.8.1

Izpis konzole na Alpine1

/ # ping -4 -w 5 172.16.8.1
PING 172.16.8.1 (172.16.8.1): 56 data bytes
64 bytes from 172.16.8.1: seq=0 ttl=61 time=6.373 ms
64 bytes from 172.16.8.1: seq=1 ttl=61 time=4.861 ms
64 bytes from 172.16.8.1: seq=2 ttl=61 time=4.532 ms
64 bytes from 172.16.8.1: seq=3 ttl=61 time=4.782 ms
64 bytes from 172.16.8.1: seq=4 ttl=61 time=4.273 ms

--- 172.16.8.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 4.273/4.964/6.373 ms
/ # ping -6 -w 5 2001:db8:8:ef::1
PING 2001:db8:8:ef::1 (2001:db8:8:ef::1): 56 data bytes
64 bytes from 2001:db8:8:ef::1: seq=0 ttl=61 time=4.803 ms
64 bytes from 2001:db8:8:ef::1: seq=1 ttl=61 time=4.880 ms
64 bytes from 2001:db8:8:ef::1: seq=2 ttl=61 time=4.758 ms
64 bytes from 2001:db8:8:ef::1: seq=3 ttl=61 time=3.734 ms
64 bytes from 2001:db8:8:ef::1: seq=4 ttl=61 time=3.864 ms

--- 2001:db8:8:ef::1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 3.734/4.407/4.880 ms
/ # traceroute 172.16.8.1
traceroute to 172.16.8.1 (172.16.8.1), 30 hops max, 46 byte packets
1  10.5.0.2 (10.5.0.2)  1.123 ms  1.111 ms  2.230 ms
2  10.0.6.1 (10.0.6.1)  1.867 ms  1.797 ms  1.331 ms
3  192.168.7.2 (192.168.7.2)  2.771 ms  2.901 ms  3.037 ms
4  172.16.8.1 (172.16.8.1)  3.516 ms  3.627 ms  3.463 ms
/ #

topologija.png¶

zaslonsko sliko ("screenshot") vaše GNS3 topologije v PNG formatu

screenshot

Installer lahko najdes na wireshark.org ↩

Zadnja posodobitev: April 9, 2023