Добавить README.md
This commit is contained in:
319
README.md
Normal file
319
README.md
Normal file
@@ -0,0 +1,319 @@
|
||||
# Домашнее задание 37
|
||||
|
||||
## Сетевые пакеты. VLAN'ы. LACP
|
||||
|
||||
Так как из описания задания не понятно, нужно ли использовать предыдущие стенды в которых фигурировали **centralRouter** и **inetRouter**. Построим новую сеть с теми же именами.
|
||||
|
||||
### Создание Vagrantfile
|
||||
|
||||
Зададим следующие характеристики для всех VM
|
||||
|
||||
- CPU - 1
|
||||
- Memory - 512mb
|
||||
|
||||
Бедет создано 7 VM
|
||||
|
||||
- inetRouter
|
||||
- centralRouter
|
||||
- testServer1
|
||||
- testClient1
|
||||
- testServer2
|
||||
- testClient2
|
||||
|
||||
Созданы следующие сети:
|
||||
- **router-net** 2 линка между **inetRouter** и **centralRouter** для LACP
|
||||
- **vlan10** линк между **testServer1**, **testClient1** и **centralRouter**
|
||||
- **vlan20** линк между **testServer2**, **testClient2** и **centralRouter**
|
||||
|
||||
Для линков в сети **router-net** включаем promiscuous mode
|
||||
|
||||
|
||||
Текущая карта сети
|
||||
|
||||
|
||||
|
||||
|
||||
Готовый [Vagrantfile](Vagrantfile)
|
||||
|
||||
|
||||
### Cоздание ansible.yml
|
||||
|
||||
Сценарий для Ansible будет выполнять следующие действия:
|
||||
|
||||
1. На **inetRouter** интерфейсы которые присоеденены к сети **router-net**, будут объеденены в bond0 в режиме LACP, и назначен ip 192.168.255.1/30
|
||||
2. На **inetRouter** на интерфейсах которые объеденены в bond0, будет включен promiscuous mode
|
||||
3. На **centralRouter** интерфейсы которые присоеденены к сети **router-net**, будут объеденены в bond0 в режиме LACP, и назначен ip 192.168.255.2/30
|
||||
4. На **centralRouter** на интерфейсах которые объеденены в bond0, будет включен promiscuous mode
|
||||
5. На **centralRouter** на интерфейсе который присоеденен к сети **vlan10**, будет создан vlan c тегом 10
|
||||
6. На **centralRouter** на интерфейсе который присоеденен к сети **vlan20**, будет создан vlan c тегом 20
|
||||
7. На **testServer1** на интерфейсе который присоеденен к сети **vlan10**, будет создан vlan c тегом 10 и задан ip 10.10.10.1
|
||||
8. На **testClient1** на интерфейсе который присоеденен к сети **vlan10**, будет создан vlan c тегом 10 и задан ip 10.10.10.254
|
||||
9. На **testServer2** на интерфейсе который присоеденен к сети **vlan20**, будет создан vlan c тегом 20 и задан ip 10.10.10.1
|
||||
10. На **testClient2** на интерфейсе который присоеденен к сети **vlan20**, будет создан vlan c тегом 20 и задан ip 10.10.10.254
|
||||
|
||||
|
||||
|
||||
Готовый [ansible.yml](ansible.yml)
|
||||
|
||||
|
||||
|
||||
|
||||
### Проверка
|
||||
|
||||
Запускаем vagrant
|
||||
```bash
|
||||
alex@ubuntu-pc:~/Документы/37$ vagrant up
|
||||
Bringing machine 'inetRouter' up with 'virtualbox' provider...
|
||||
Bringing machine 'centralRouter' up with 'virtualbox' provider...
|
||||
Bringing machine 'testServer1' up with 'virtualbox' provider...
|
||||
Bringing machine 'testClient1' up with 'virtualbox' provider...
|
||||
Bringing machine 'testServer2' up with 'virtualbox' provider...
|
||||
Bringing machine 'testClient2' up with 'virtualbox' provider...
|
||||
==> inetRouter: Importing base box 'ubuntu/jammy64'...
|
||||
==> inetRouter: Matching MAC address for NAT networking...
|
||||
==> inetRouter: Checking if box 'ubuntu/jammy64' version '20241002.0.0' is up to date...
|
||||
==> inetRouter: Setting the name of the VM: 37_inetRouter_1775546834028_76172
|
||||
==> inetRouter: Clearing any previously set network interfaces...
|
||||
==> inetRouter: Preparing network interfaces based on configuration...
|
||||
inetRouter: Adapter 1: nat
|
||||
inetRouter: Adapter 2: intnet
|
||||
inetRouter: Adapter 3: intnet
|
||||
==> inetRouter: Forwarding ports...
|
||||
inetRouter: 22 (guest) => 2222 (host) (adapter 1)
|
||||
==> inetRouter: Running 'pre-boot' VM customizations...
|
||||
==> inetRouter: Booting VM...
|
||||
==> inetRouter: Waiting for machine to boot. This may take a few minutes...
|
||||
...
|
||||
|
||||
|
||||
...
|
||||
PLAY [centralRouter] ***********************************************************
|
||||
skipping: no hosts matched
|
||||
|
||||
PLAY [testServer1] *************************************************************
|
||||
skipping: no hosts matched
|
||||
|
||||
PLAY [testClient1] *************************************************************
|
||||
skipping: no hosts matched
|
||||
|
||||
PLAY [testServer2] *************************************************************
|
||||
skipping: no hosts matched
|
||||
|
||||
PLAY [testClient2] *************************************************************
|
||||
|
||||
TASK [Gathering Facts] *********************************************************
|
||||
ok: [testClient2]
|
||||
|
||||
TASK [get int name to link vlan20] *********************************************
|
||||
changed: [testClient2]
|
||||
|
||||
TASK [add vlan netplan] ********************************************************
|
||||
changed: [testClient2]
|
||||
|
||||
RUNNING HANDLER [apply netplan] ************************************************
|
||||
changed: [testClient2]
|
||||
|
||||
PLAY RECAP *********************************************************************
|
||||
testClient2 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
#### Проверка LACP
|
||||
|
||||
Подключимся к inetRouter, состояния интерфейсов, и доступность centralRouter
|
||||
|
||||
|
||||
```bash
|
||||
vagrant@inetRouter:~$ ip a
|
||||
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
|
||||
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
|
||||
inet 127.0.0.1/8 scope host lo
|
||||
valid_lft forever preferred_lft forever
|
||||
inet6 ::1/128 scope host
|
||||
valid_lft forever preferred_lft forever
|
||||
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
|
||||
link/ether 02:a0:d2:64:f1:28 brd ff:ff:ff:ff:ff:ff
|
||||
inet 10.0.2.15/24 metric 100 brd 10.0.2.255 scope global dynamic enp0s3
|
||||
valid_lft 86080sec preferred_lft 86080sec
|
||||
inet6 fd17:625c:f037:2:a0:d2ff:fe64:f128/64 scope global dynamic mngtmpaddr noprefixroute
|
||||
valid_lft 86282sec preferred_lft 14282sec
|
||||
inet6 fe80::a0:d2ff:fe64:f128/64 scope link
|
||||
valid_lft forever preferred_lft forever
|
||||
3: enp0s8: <BROADCAST,MULTICAST,PROMISC,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
|
||||
link/ether c6:91:6a:ba:79:e8 brd ff:ff:ff:ff:ff:ff permaddr 08:00:27:8c:41:2d
|
||||
4: enp0s9: <BROADCAST,MULTICAST,PROMISC,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
|
||||
link/ether c6:91:6a:ba:79:e8 brd ff:ff:ff:ff:ff:ff permaddr 08:00:27:ae:40:e4
|
||||
5: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
|
||||
link/ether c6:91:6a:ba:79:e8 brd ff:ff:ff:ff:ff:ff
|
||||
inet 192.168.255.1/30 brd 192.168.255.3 scope global bond0
|
||||
valid_lft forever preferred_lft forever
|
||||
inet6 fe80::c491:6aff:feba:79e8/64 scope link
|
||||
valid_lft forever preferred_lft forever
|
||||
vagrant@inetRouter:~$ ping 192.168.255.2
|
||||
PING 192.168.255.2 (192.168.255.2) 56(84) bytes of data.
|
||||
64 bytes from 192.168.255.2: icmp_seq=1 ttl=64 time=4.66 ms
|
||||
64 bytes from 192.168.255.2: icmp_seq=2 ttl=64 time=85.7 ms
|
||||
64 bytes from 192.168.255.2: icmp_seq=3 ttl=64 time=11.0 ms
|
||||
64 bytes from 192.168.255.2: icmp_seq=4 ttl=64 time=0.567 ms
|
||||
64 bytes from 192.168.255.2: icmp_seq=5 ttl=64 time=71.5 ms
|
||||
^C
|
||||
--- 192.168.255.2 ping statistics ---
|
||||
5 packets transmitted, 5 received, 0% packet loss, time 4100ms
|
||||
rtt min/avg/max/mdev = 0.567/34.693/85.702/36.286 ms
|
||||
|
||||
|
||||
```
|
||||
|
||||
|
||||
Как видим появился интерфейс bond0 с ip 192.168.255.1/30. А так же centralRouter отвечает на пинг.
|
||||
|
||||
|
||||
Теперь отключим один из интерфейсов который входит в bond0.
|
||||
|
||||
```bash
|
||||
vagrant@inetRouter:~$ sudo ip link set down enp0s8
|
||||
vagrant@inetRouter:~$ ping 192.168.255.2
|
||||
PING 192.168.255.2 (192.168.255.2) 56(84) bytes of data.
|
||||
64 bytes from 192.168.255.2: icmp_seq=1 ttl=64 time=28.2 ms
|
||||
64 bytes from 192.168.255.2: icmp_seq=2 ttl=64 time=33.0 ms
|
||||
64 bytes from 192.168.255.2: icmp_seq=3 ttl=64 time=2.67 ms
|
||||
^C
|
||||
--- 192.168.255.2 ping statistics ---
|
||||
3 packets transmitted, 3 received, 0% packet loss, time 2029ms
|
||||
rtt min/avg/max/mdev = 2.668/21.273/32.986/13.302 ms
|
||||
```
|
||||
|
||||
Как видим доступность centralRouter осталась
|
||||
|
||||
Отключим второй интерфейс
|
||||
```bash
|
||||
vagrant@inetRouter:~$ sudo ip link set down enp0s9
|
||||
vagrant@inetRouter:~$ ping 192.168.255.2
|
||||
PING 192.168.255.2 (192.168.255.2) 56(84) bytes of data.
|
||||
From 192.168.255.1 icmp_seq=1 Destination Host Unreachable
|
||||
From 192.168.255.1 icmp_seq=2 Destination Host Unreachable
|
||||
From 192.168.255.1 icmp_seq=3 Destination Host Unreachable
|
||||
^C
|
||||
--- 192.168.255.2 ping statistics ---
|
||||
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3090ms
|
||||
pipe 3
|
||||
```
|
||||
|
||||
Вот теперь centralRouter не доступен.
|
||||
|
||||
Включим первый интерфейс
|
||||
|
||||
```bash
|
||||
vagrant@inetRouter:~$ sudo ip link set up enp0s8
|
||||
vagrant@inetRouter:~$ ping 192.168.255.2
|
||||
PING 192.168.255.2 (192.168.255.2) 56(84) bytes of data.
|
||||
64 bytes from 192.168.255.2: icmp_seq=1 ttl=64 time=12.5 ms
|
||||
64 bytes from 192.168.255.2: icmp_seq=2 ttl=64 time=1.87 ms
|
||||
^C
|
||||
--- 192.168.255.2 ping statistics ---
|
||||
2 packets transmitted, 2 received, 0% packet loss, time 1024ms
|
||||
rtt min/avg/max/mdev = 1.867/7.188/12.509/5.321 ms
|
||||
```
|
||||
|
||||
Связь с centralRouter восстановилась
|
||||
|
||||
|
||||
|
||||
#### Проверка VLAN
|
||||
|
||||
Поключимся к testClient1, посмотрим вывод ip a
|
||||
```bash
|
||||
vagrant@testClient1:~$ ip a
|
||||
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
|
||||
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
|
||||
inet 127.0.0.1/8 scope host lo
|
||||
valid_lft forever preferred_lft forever
|
||||
inet6 ::1/128 scope host
|
||||
valid_lft forever preferred_lft forever
|
||||
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
|
||||
link/ether 02:a0:d2:64:f1:28 brd ff:ff:ff:ff:ff:ff
|
||||
inet 10.0.2.15/24 metric 100 brd 10.0.2.255 scope global dynamic enp0s3
|
||||
valid_lft 85760sec preferred_lft 85760sec
|
||||
inet6 fd17:625c:f037:2:a0:d2ff:fe64:f128/64 scope global dynamic mngtmpaddr noprefixroute
|
||||
valid_lft 86222sec preferred_lft 14222sec
|
||||
inet6 fe80::a0:d2ff:fe64:f128/64 scope link
|
||||
valid_lft forever preferred_lft forever
|
||||
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
|
||||
link/ether 08:00:27:45:b2:6d brd ff:ff:ff:ff:ff:ff
|
||||
inet6 fe80::a00:27ff:fe45:b26d/64 scope link
|
||||
valid_lft forever preferred_lft forever
|
||||
4: vlan10@enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
|
||||
link/ether 08:00:27:45:b2:6d brd ff:ff:ff:ff:ff:ff
|
||||
inet 10.10.10.254/24 brd 10.10.10.255 scope global vlan10
|
||||
valid_lft forever preferred_lft forever
|
||||
inet6 fe80::a00:27ff:fe45:b26d/64 scope link
|
||||
valid_lft forever preferred_lft forever
|
||||
```
|
||||
|
||||
Видим, что присутсвуем инретфейс vlan10 c ip 10.10.10.254/24.
|
||||
Проверим доступность testServer1
|
||||
```bash
|
||||
vagrant@testClient1:~$ ping 10.10.10.1
|
||||
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
|
||||
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=4.49 ms
|
||||
64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=0.498 ms
|
||||
|
||||
--- 10.10.10.1 ping statistics ---
|
||||
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
|
||||
rtt min/avg/max/mdev = 0.498/2.492/4.487/1.994 ms
|
||||
|
||||
```
|
||||
testServer1 доступен.
|
||||
|
||||
|
||||
То же самое проверим и на testClient2
|
||||
|
||||
```bash
|
||||
vagrant@testClient2:~$ ip a
|
||||
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
|
||||
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
|
||||
inet 127.0.0.1/8 scope host lo
|
||||
valid_lft forever preferred_lft forever
|
||||
inet6 ::1/128 scope host
|
||||
valid_lft forever preferred_lft forever
|
||||
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
|
||||
link/ether 02:a0:d2:64:f1:28 brd ff:ff:ff:ff:ff:ff
|
||||
inet 10.0.2.15/24 metric 100 brd 10.0.2.255 scope global dynamic enp0s3
|
||||
valid_lft 85872sec preferred_lft 85872sec
|
||||
inet6 fd17:625c:f037:2:a0:d2ff:fe64:f128/64 scope global dynamic mngtmpaddr noprefixroute
|
||||
valid_lft 86352sec preferred_lft 14352sec
|
||||
inet6 fe80::a0:d2ff:fe64:f128/64 scope link
|
||||
valid_lft forever preferred_lft forever
|
||||
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
|
||||
link/ether 08:00:27:9a:7a:58 brd ff:ff:ff:ff:ff:ff
|
||||
inet6 fe80::a00:27ff:fe9a:7a58/64 scope link
|
||||
valid_lft forever preferred_lft forever
|
||||
4: vlan20@enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
|
||||
link/ether 08:00:27:9a:7a:58 brd ff:ff:ff:ff:ff:ff
|
||||
inet 10.10.10.254/24 brd 10.10.10.255 scope global vlan20
|
||||
valid_lft forever preferred_lft forever
|
||||
inet6 fe80::a00:27ff:fe9a:7a58/64 scope link
|
||||
valid_lft forever preferred_lft forever
|
||||
|
||||
```
|
||||
|
||||
Как видим на testClient2 ip 10.10.10.254/24 имеет уже другой интерфейс, а имеено vlan20
|
||||
```bash
|
||||
vagrant@testClient2:~$ ping 10.10.10.1
|
||||
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
|
||||
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=5.83 ms
|
||||
64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=0.940 ms
|
||||
64 bytes from 10.10.10.1: icmp_seq=3 ttl=64 time=0.424 ms
|
||||
^C
|
||||
--- 10.10.10.1 ping statistics ---
|
||||
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
|
||||
rtt min/avg/max/mdev = 0.424/2.396/5.826/2.434 ms
|
||||
```
|
||||
И testServer2 доступен
|
||||
|
||||
|
||||
Все готово!
|
||||
Reference in New Issue
Block a user