Домашнее задание 37
Сетевые пакеты. VLAN'ы. LACP
Так как из описания задания не понятно, нужно ли использовать предыдущие стенды в которых фигурировали centralRouter и inetRouter. Построим новую сеть с теми же именами.
Создание Vagrantfile
Зададим следующие характеристики для всех VM
- CPU - 1
- Memory - 512mb
Бедет создано 7 VM
- inetRouter
- centralRouter
- testServer1
- testClient1
- testServer2
- testClient2
Созданы следующие сети:
- router-net 2 линка между inetRouter и centralRouter для LACP
- vlan10 линк между testServer1, testClient1 и centralRouter
- vlan20 линк между testServer2, testClient2 и centralRouter
Для линков в сети router-net включаем promiscuous mode
Текущая карта сети
Готовый Vagrantfile
Cоздание ansible.yml
Сценарий для Ansible будет выполнять следующие действия:
- На inetRouter интерфейсы которые присоеденены к сети router-net, будут объеденены в bond0 в режиме LACP, и назначен ip 192.168.255.1/30
- На inetRouter на интерфейсах которые объеденены в bond0, будет включен promiscuous mode
- На centralRouter интерфейсы которые присоеденены к сети router-net, будут объеденены в bond0 в режиме LACP, и назначен ip 192.168.255.2/30
- На centralRouter на интерфейсах которые объеденены в bond0, будет включен promiscuous mode
- На centralRouter на интерфейсе который присоеденен к сети vlan10, будет создан vlan c тегом 10
- На centralRouter на интерфейсе который присоеденен к сети vlan20, будет создан vlan c тегом 20
- На testServer1 на интерфейсе который присоеденен к сети vlan10, будет создан vlan c тегом 10 и задан ip 10.10.10.1
- На testClient1 на интерфейсе который присоеденен к сети vlan10, будет создан vlan c тегом 10 и задан ip 10.10.10.254
- На testServer2 на интерфейсе который присоеденен к сети vlan20, будет создан vlan c тегом 20 и задан ip 10.10.10.1
- На testClient2 на интерфейсе который присоеденен к сети vlan20, будет создан vlan c тегом 20 и задан ip 10.10.10.254
Готовый ansible.yml
Проверка
Запускаем vagrant
alex@ubuntu-pc:~/Документы/37$ vagrant up
Bringing machine 'inetRouter' up with 'virtualbox' provider...
Bringing machine 'centralRouter' up with 'virtualbox' provider...
Bringing machine 'testServer1' up with 'virtualbox' provider...
Bringing machine 'testClient1' up with 'virtualbox' provider...
Bringing machine 'testServer2' up with 'virtualbox' provider...
Bringing machine 'testClient2' up with 'virtualbox' provider...
==> inetRouter: Importing base box 'ubuntu/jammy64'...
==> inetRouter: Matching MAC address for NAT networking...
==> inetRouter: Checking if box 'ubuntu/jammy64' version '20241002.0.0' is up to date...
==> inetRouter: Setting the name of the VM: 37_inetRouter_1775546834028_76172
==> inetRouter: Clearing any previously set network interfaces...
==> inetRouter: Preparing network interfaces based on configuration...
inetRouter: Adapter 1: nat
inetRouter: Adapter 2: intnet
inetRouter: Adapter 3: intnet
==> inetRouter: Forwarding ports...
inetRouter: 22 (guest) => 2222 (host) (adapter 1)
==> inetRouter: Running 'pre-boot' VM customizations...
==> inetRouter: Booting VM...
==> inetRouter: Waiting for machine to boot. This may take a few minutes...
...
...
PLAY [centralRouter] ***********************************************************
skipping: no hosts matched
PLAY [testServer1] *************************************************************
skipping: no hosts matched
PLAY [testClient1] *************************************************************
skipping: no hosts matched
PLAY [testServer2] *************************************************************
skipping: no hosts matched
PLAY [testClient2] *************************************************************
TASK [Gathering Facts] *********************************************************
ok: [testClient2]
TASK [get int name to link vlan20] *********************************************
changed: [testClient2]
TASK [add vlan netplan] ********************************************************
changed: [testClient2]
RUNNING HANDLER [apply netplan] ************************************************
changed: [testClient2]
PLAY RECAP *********************************************************************
testClient2 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Проверка LACP
Подключимся к inetRouter, состояния интерфейсов, и доступность centralRouter
vagrant@inetRouter:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 02:a0:d2:64:f1:28 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 metric 100 brd 10.0.2.255 scope global dynamic enp0s3
valid_lft 86080sec preferred_lft 86080sec
inet6 fd17:625c:f037:2:a0:d2ff:fe64:f128/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86282sec preferred_lft 14282sec
inet6 fe80::a0:d2ff:fe64:f128/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,PROMISC,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
link/ether c6:91:6a:ba:79:e8 brd ff:ff:ff:ff:ff:ff permaddr 08:00:27:8c:41:2d
4: enp0s9: <BROADCAST,MULTICAST,PROMISC,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
link/ether c6:91:6a:ba:79:e8 brd ff:ff:ff:ff:ff:ff permaddr 08:00:27:ae:40:e4
5: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether c6:91:6a:ba:79:e8 brd ff:ff:ff:ff:ff:ff
inet 192.168.255.1/30 brd 192.168.255.3 scope global bond0
valid_lft forever preferred_lft forever
inet6 fe80::c491:6aff:feba:79e8/64 scope link
valid_lft forever preferred_lft forever
vagrant@inetRouter:~$ ping 192.168.255.2
PING 192.168.255.2 (192.168.255.2) 56(84) bytes of data.
64 bytes from 192.168.255.2: icmp_seq=1 ttl=64 time=4.66 ms
64 bytes from 192.168.255.2: icmp_seq=2 ttl=64 time=85.7 ms
64 bytes from 192.168.255.2: icmp_seq=3 ttl=64 time=11.0 ms
64 bytes from 192.168.255.2: icmp_seq=4 ttl=64 time=0.567 ms
64 bytes from 192.168.255.2: icmp_seq=5 ttl=64 time=71.5 ms
^C
--- 192.168.255.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4100ms
rtt min/avg/max/mdev = 0.567/34.693/85.702/36.286 ms
Как видим появился интерфейс bond0 с ip 192.168.255.1/30. А так же centralRouter отвечает на пинг.
Теперь отключим один из интерфейсов который входит в bond0.
vagrant@inetRouter:~$ sudo ip link set down enp0s8
vagrant@inetRouter:~$ ping 192.168.255.2
PING 192.168.255.2 (192.168.255.2) 56(84) bytes of data.
64 bytes from 192.168.255.2: icmp_seq=1 ttl=64 time=28.2 ms
64 bytes from 192.168.255.2: icmp_seq=2 ttl=64 time=33.0 ms
64 bytes from 192.168.255.2: icmp_seq=3 ttl=64 time=2.67 ms
^C
--- 192.168.255.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2029ms
rtt min/avg/max/mdev = 2.668/21.273/32.986/13.302 ms
Как видим доступность centralRouter осталась
Отключим второй интерфейс
vagrant@inetRouter:~$ sudo ip link set down enp0s9
vagrant@inetRouter:~$ ping 192.168.255.2
PING 192.168.255.2 (192.168.255.2) 56(84) bytes of data.
From 192.168.255.1 icmp_seq=1 Destination Host Unreachable
From 192.168.255.1 icmp_seq=2 Destination Host Unreachable
From 192.168.255.1 icmp_seq=3 Destination Host Unreachable
^C
--- 192.168.255.2 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3090ms
pipe 3
Вот теперь centralRouter не доступен.
Включим первый интерфейс
vagrant@inetRouter:~$ sudo ip link set up enp0s8
vagrant@inetRouter:~$ ping 192.168.255.2
PING 192.168.255.2 (192.168.255.2) 56(84) bytes of data.
64 bytes from 192.168.255.2: icmp_seq=1 ttl=64 time=12.5 ms
64 bytes from 192.168.255.2: icmp_seq=2 ttl=64 time=1.87 ms
^C
--- 192.168.255.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1024ms
rtt min/avg/max/mdev = 1.867/7.188/12.509/5.321 ms
Связь с centralRouter восстановилась
Проверка VLAN
Поключимся к testClient1, посмотрим вывод ip a
vagrant@testClient1:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 02:a0:d2:64:f1:28 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 metric 100 brd 10.0.2.255 scope global dynamic enp0s3
valid_lft 85760sec preferred_lft 85760sec
inet6 fd17:625c:f037:2:a0:d2ff:fe64:f128/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86222sec preferred_lft 14222sec
inet6 fe80::a0:d2ff:fe64:f128/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:45:b2:6d brd ff:ff:ff:ff:ff:ff
inet6 fe80::a00:27ff:fe45:b26d/64 scope link
valid_lft forever preferred_lft forever
4: vlan10@enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 08:00:27:45:b2:6d brd ff:ff:ff:ff:ff:ff
inet 10.10.10.254/24 brd 10.10.10.255 scope global vlan10
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe45:b26d/64 scope link
valid_lft forever preferred_lft forever
Видим, что присутсвуем инретфейс vlan10 c ip 10.10.10.254/24. Проверим доступность testServer1
vagrant@testClient1:~$ ping 10.10.10.1
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=4.49 ms
64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=0.498 ms
--- 10.10.10.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.498/2.492/4.487/1.994 ms
testServer1 доступен.
То же самое проверим и на testClient2
vagrant@testClient2:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 02:a0:d2:64:f1:28 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 metric 100 brd 10.0.2.255 scope global dynamic enp0s3
valid_lft 85872sec preferred_lft 85872sec
inet6 fd17:625c:f037:2:a0:d2ff:fe64:f128/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86352sec preferred_lft 14352sec
inet6 fe80::a0:d2ff:fe64:f128/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:9a:7a:58 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a00:27ff:fe9a:7a58/64 scope link
valid_lft forever preferred_lft forever
4: vlan20@enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 08:00:27:9a:7a:58 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.254/24 brd 10.10.10.255 scope global vlan20
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe9a:7a58/64 scope link
valid_lft forever preferred_lft forever
Как видим на testClient2 ip 10.10.10.254/24 имеет уже другой интерфейс, а имеено vlan20
vagrant@testClient2:~$ ping 10.10.10.1
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=5.83 ms
64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=0.940 ms
64 bytes from 10.10.10.1: icmp_seq=3 ttl=64 time=0.424 ms
^C
--- 10.10.10.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 0.424/2.396/5.826/2.434 ms
И testServer2 доступен
Все готово!