From 313d8f8ce3445a2647c957c265a5668cac647453 Mon Sep 17 00:00:00 2001 From: alex Date: Tue, 7 Apr 2026 11:08:24 +0300 Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=B8=D1=82?= =?UTF-8?q?=D1=8C=20README.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 319 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 319 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..448a6e4 --- /dev/null +++ b/README.md @@ -0,0 +1,319 @@ +# Домашнее задание 37 + +## Сетевые пакеты. VLAN'ы. LACP + +Так как из описания задания не понятно, нужно ли использовать предыдущие стенды в которых фигурировали **centralRouter** и **inetRouter**. Построим новую сеть с теми же именами. + +### Создание Vagrantfile + +Зададим следующие характеристики для всех VM + +- CPU - 1 +- Memory - 512mb + +Бедет создано 7 VM + +- inetRouter +- centralRouter +- testServer1 +- testClient1 +- testServer2 +- testClient2 + +Созданы следующие сети: +- **router-net** 2 линка между **inetRouter** и **centralRouter** для LACP +- **vlan10** линк между **testServer1**, **testClient1** и **centralRouter** +- **vlan20** линк между **testServer2**, **testClient2** и **centralRouter** + +Для линков в сети **router-net** включаем promiscuous mode + + +Текущая карта сети +![37_1](images/37_1.png) + + + +Готовый [Vagrantfile](Vagrantfile) + + +### Cоздание ansible.yml + +Сценарий для Ansible будет выполнять следующие действия: + +1. На **inetRouter** интерфейсы которые присоеденены к сети **router-net**, будут объеденены в bond0 в режиме LACP, и назначен ip 192.168.255.1/30 +2. На **inetRouter** на интерфейсах которые объеденены в bond0, будет включен promiscuous mode +3. На **centralRouter** интерфейсы которые присоеденены к сети **router-net**, будут объеденены в bond0 в режиме LACP, и назначен ip 192.168.255.2/30 +4. На **centralRouter** на интерфейсах которые объеденены в bond0, будет включен promiscuous mode +5. На **centralRouter** на интерфейсе который присоеденен к сети **vlan10**, будет создан vlan c тегом 10 +6. На **centralRouter** на интерфейсе который присоеденен к сети **vlan20**, будет создан vlan c тегом 20 +7. На **testServer1** на интерфейсе который присоеденен к сети **vlan10**, будет создан vlan c тегом 10 и задан ip 10.10.10.1 +8. На **testClient1** на интерфейсе который присоеденен к сети **vlan10**, будет создан vlan c тегом 10 и задан ip 10.10.10.254 +9. На **testServer2** на интерфейсе который присоеденен к сети **vlan20**, будет создан vlan c тегом 20 и задан ip 10.10.10.1 +10. На **testClient2** на интерфейсе который присоеденен к сети **vlan20**, будет создан vlan c тегом 20 и задан ip 10.10.10.254 + + + +Готовый [ansible.yml](ansible.yml) + + + + +### Проверка + +Запускаем vagrant +```bash +alex@ubuntu-pc:~/Документы/37$ vagrant up +Bringing machine 'inetRouter' up with 'virtualbox' provider... +Bringing machine 'centralRouter' up with 'virtualbox' provider... +Bringing machine 'testServer1' up with 'virtualbox' provider... +Bringing machine 'testClient1' up with 'virtualbox' provider... +Bringing machine 'testServer2' up with 'virtualbox' provider... +Bringing machine 'testClient2' up with 'virtualbox' provider... +==> inetRouter: Importing base box 'ubuntu/jammy64'... +==> inetRouter: Matching MAC address for NAT networking... +==> inetRouter: Checking if box 'ubuntu/jammy64' version '20241002.0.0' is up to date... +==> inetRouter: Setting the name of the VM: 37_inetRouter_1775546834028_76172 +==> inetRouter: Clearing any previously set network interfaces... +==> inetRouter: Preparing network interfaces based on configuration... + inetRouter: Adapter 1: nat + inetRouter: Adapter 2: intnet + inetRouter: Adapter 3: intnet +==> inetRouter: Forwarding ports... + inetRouter: 22 (guest) => 2222 (host) (adapter 1) +==> inetRouter: Running 'pre-boot' VM customizations... +==> inetRouter: Booting VM... +==> inetRouter: Waiting for machine to boot. This may take a few minutes... +... + + +... +PLAY [centralRouter] *********************************************************** +skipping: no hosts matched + +PLAY [testServer1] ************************************************************* +skipping: no hosts matched + +PLAY [testClient1] ************************************************************* +skipping: no hosts matched + +PLAY [testServer2] ************************************************************* +skipping: no hosts matched + +PLAY [testClient2] ************************************************************* + +TASK [Gathering Facts] ********************************************************* +ok: [testClient2] + +TASK [get int name to link vlan20] ********************************************* +changed: [testClient2] + +TASK [add vlan netplan] ******************************************************** +changed: [testClient2] + +RUNNING HANDLER [apply netplan] ************************************************ +changed: [testClient2] + +PLAY RECAP ********************************************************************* +testClient2 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +``` + + + + + + +#### Проверка LACP + +Подключимся к inetRouter, состояния интерфейсов, и доступность centralRouter + + +```bash +vagrant@inetRouter:~$ ip a +1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host + valid_lft forever preferred_lft forever +2: enp0s3: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether 02:a0:d2:64:f1:28 brd ff:ff:ff:ff:ff:ff + inet 10.0.2.15/24 metric 100 brd 10.0.2.255 scope global dynamic enp0s3 + valid_lft 86080sec preferred_lft 86080sec + inet6 fd17:625c:f037:2:a0:d2ff:fe64:f128/64 scope global dynamic mngtmpaddr noprefixroute + valid_lft 86282sec preferred_lft 14282sec + inet6 fe80::a0:d2ff:fe64:f128/64 scope link + valid_lft forever preferred_lft forever +3: enp0s8: mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000 + link/ether c6:91:6a:ba:79:e8 brd ff:ff:ff:ff:ff:ff permaddr 08:00:27:8c:41:2d +4: enp0s9: mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000 + link/ether c6:91:6a:ba:79:e8 brd ff:ff:ff:ff:ff:ff permaddr 08:00:27:ae:40:e4 +5: bond0: mtu 1500 qdisc noqueue state UP group default qlen 1000 + link/ether c6:91:6a:ba:79:e8 brd ff:ff:ff:ff:ff:ff + inet 192.168.255.1/30 brd 192.168.255.3 scope global bond0 + valid_lft forever preferred_lft forever + inet6 fe80::c491:6aff:feba:79e8/64 scope link + valid_lft forever preferred_lft forever +vagrant@inetRouter:~$ ping 192.168.255.2 +PING 192.168.255.2 (192.168.255.2) 56(84) bytes of data. +64 bytes from 192.168.255.2: icmp_seq=1 ttl=64 time=4.66 ms +64 bytes from 192.168.255.2: icmp_seq=2 ttl=64 time=85.7 ms +64 bytes from 192.168.255.2: icmp_seq=3 ttl=64 time=11.0 ms +64 bytes from 192.168.255.2: icmp_seq=4 ttl=64 time=0.567 ms +64 bytes from 192.168.255.2: icmp_seq=5 ttl=64 time=71.5 ms +^C +--- 192.168.255.2 ping statistics --- +5 packets transmitted, 5 received, 0% packet loss, time 4100ms +rtt min/avg/max/mdev = 0.567/34.693/85.702/36.286 ms + + +``` + + +Как видим появился интерфейс bond0 с ip 192.168.255.1/30. А так же centralRouter отвечает на пинг. + + +Теперь отключим один из интерфейсов который входит в bond0. + +```bash +vagrant@inetRouter:~$ sudo ip link set down enp0s8 +vagrant@inetRouter:~$ ping 192.168.255.2 +PING 192.168.255.2 (192.168.255.2) 56(84) bytes of data. +64 bytes from 192.168.255.2: icmp_seq=1 ttl=64 time=28.2 ms +64 bytes from 192.168.255.2: icmp_seq=2 ttl=64 time=33.0 ms +64 bytes from 192.168.255.2: icmp_seq=3 ttl=64 time=2.67 ms +^C +--- 192.168.255.2 ping statistics --- +3 packets transmitted, 3 received, 0% packet loss, time 2029ms +rtt min/avg/max/mdev = 2.668/21.273/32.986/13.302 ms +``` + +Как видим доступность centralRouter осталась + +Отключим второй интерфейс +```bash +vagrant@inetRouter:~$ sudo ip link set down enp0s9 +vagrant@inetRouter:~$ ping 192.168.255.2 +PING 192.168.255.2 (192.168.255.2) 56(84) bytes of data. +From 192.168.255.1 icmp_seq=1 Destination Host Unreachable +From 192.168.255.1 icmp_seq=2 Destination Host Unreachable +From 192.168.255.1 icmp_seq=3 Destination Host Unreachable +^C +--- 192.168.255.2 ping statistics --- +4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3090ms +pipe 3 +``` + +Вот теперь centralRouter не доступен. + +Включим первый интерфейс + +```bash +vagrant@inetRouter:~$ sudo ip link set up enp0s8 +vagrant@inetRouter:~$ ping 192.168.255.2 +PING 192.168.255.2 (192.168.255.2) 56(84) bytes of data. +64 bytes from 192.168.255.2: icmp_seq=1 ttl=64 time=12.5 ms +64 bytes from 192.168.255.2: icmp_seq=2 ttl=64 time=1.87 ms +^C +--- 192.168.255.2 ping statistics --- +2 packets transmitted, 2 received, 0% packet loss, time 1024ms +rtt min/avg/max/mdev = 1.867/7.188/12.509/5.321 ms +``` + +Связь с centralRouter восстановилась + + + +#### Проверка VLAN + +Поключимся к testClient1, посмотрим вывод ip a +```bash +vagrant@testClient1:~$ ip a +1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host + valid_lft forever preferred_lft forever +2: enp0s3: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether 02:a0:d2:64:f1:28 brd ff:ff:ff:ff:ff:ff + inet 10.0.2.15/24 metric 100 brd 10.0.2.255 scope global dynamic enp0s3 + valid_lft 85760sec preferred_lft 85760sec + inet6 fd17:625c:f037:2:a0:d2ff:fe64:f128/64 scope global dynamic mngtmpaddr noprefixroute + valid_lft 86222sec preferred_lft 14222sec + inet6 fe80::a0:d2ff:fe64:f128/64 scope link + valid_lft forever preferred_lft forever +3: enp0s8: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether 08:00:27:45:b2:6d brd ff:ff:ff:ff:ff:ff + inet6 fe80::a00:27ff:fe45:b26d/64 scope link + valid_lft forever preferred_lft forever +4: vlan10@enp0s8: mtu 1500 qdisc noqueue state UP group default qlen 1000 + link/ether 08:00:27:45:b2:6d brd ff:ff:ff:ff:ff:ff + inet 10.10.10.254/24 brd 10.10.10.255 scope global vlan10 + valid_lft forever preferred_lft forever + inet6 fe80::a00:27ff:fe45:b26d/64 scope link + valid_lft forever preferred_lft forever +``` + +Видим, что присутсвуем инретфейс vlan10 c ip 10.10.10.254/24. +Проверим доступность testServer1 +```bash +vagrant@testClient1:~$ ping 10.10.10.1 +PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data. +64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=4.49 ms +64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=0.498 ms + +--- 10.10.10.1 ping statistics --- +2 packets transmitted, 2 received, 0% packet loss, time 1001ms +rtt min/avg/max/mdev = 0.498/2.492/4.487/1.994 ms + +``` +testServer1 доступен. + + +То же самое проверим и на testClient2 + +```bash +vagrant@testClient2:~$ ip a +1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host + valid_lft forever preferred_lft forever +2: enp0s3: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether 02:a0:d2:64:f1:28 brd ff:ff:ff:ff:ff:ff + inet 10.0.2.15/24 metric 100 brd 10.0.2.255 scope global dynamic enp0s3 + valid_lft 85872sec preferred_lft 85872sec + inet6 fd17:625c:f037:2:a0:d2ff:fe64:f128/64 scope global dynamic mngtmpaddr noprefixroute + valid_lft 86352sec preferred_lft 14352sec + inet6 fe80::a0:d2ff:fe64:f128/64 scope link + valid_lft forever preferred_lft forever +3: enp0s8: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether 08:00:27:9a:7a:58 brd ff:ff:ff:ff:ff:ff + inet6 fe80::a00:27ff:fe9a:7a58/64 scope link + valid_lft forever preferred_lft forever +4: vlan20@enp0s8: mtu 1500 qdisc noqueue state UP group default qlen 1000 + link/ether 08:00:27:9a:7a:58 brd ff:ff:ff:ff:ff:ff + inet 10.10.10.254/24 brd 10.10.10.255 scope global vlan20 + valid_lft forever preferred_lft forever + inet6 fe80::a00:27ff:fe9a:7a58/64 scope link + valid_lft forever preferred_lft forever + +``` + +Как видим на testClient2 ip 10.10.10.254/24 имеет уже другой интерфейс, а имеено vlan20 +```bash +vagrant@testClient2:~$ ping 10.10.10.1 +PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data. +64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=5.83 ms +64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=0.940 ms +64 bytes from 10.10.10.1: icmp_seq=3 ttl=64 time=0.424 ms +^C +--- 10.10.10.1 ping statistics --- +3 packets transmitted, 3 received, 0% packet loss, time 2004ms +rtt min/avg/max/mdev = 0.424/2.396/5.826/2.434 ms +``` +И testServer2 доступен + + +Все готово! \ No newline at end of file