alex/homework37
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dec2ad7fbb406e7c1c61597075883300abd421b4
homework37/README.md
alex dec2ad7fbb Обновить README.md
2026-04-07 11:10:18 +03:00

319 lines
14 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Домашнее задание 37
## Сетевые пакеты. VLAN'ы. LACP
Так как из описания задания не понятно, нужно ли использовать предыдущие стенды в которых фигурировали **centralRouter** и **inetRouter**. Построим новую сеть с теми же именами.
### Создание Vagrantfile
Зададим следующие характеристики для всех VM
- CPU - 1
- Memory - 512mb
Бедет создано 7 VM
- inetRouter
- centralRouter
- testServer1
- testClient1
- testServer2
- testClient2
Созданы следующие сети:
- **router-net** 2 линка между **inetRouter** и **centralRouter** для LACP
- **vlan10** линк между **testServer1**, **testClient1** и **centralRouter**
- **vlan20** линк между **testServer2**, **testClient2** и **centralRouter**
Для линков в сети **router-net** включаем promiscuous mode
Текущая карта сети
![37_1](image/37_1.png)
Готовый [Vagrantfile](Vagrantfile)
### Cоздание ansible.yml
Сценарий для Ansible будет выполнять следующие действия:
1. На **inetRouter** интерфейсы которые присоеденены к сети **router-net**, будут объеденены в bond0 в режиме LACP, и назначен ip 192.168.255.1/30
2. На **inetRouter** на интерфейсах которые объеденены в bond0, будет включен promiscuous mode
3. На **centralRouter** интерфейсы которые присоеденены к сети **router-net**, будут объеденены в bond0 в режиме LACP, и назначен ip 192.168.255.2/30
4. На **centralRouter** на интерфейсах которые объеденены в bond0, будет включен promiscuous mode
5. На **centralRouter** на интерфейсе который присоеденен к сети **vlan10**, будет создан vlan c тегом 10
6. На **centralRouter** на интерфейсе который присоеденен к сети **vlan20**, будет создан vlan c тегом 20
7. На **testServer1** на интерфейсе который присоеденен к сети **vlan10**, будет создан vlan c тегом 10 и задан ip 10.10.10.1
8. На **testClient1** на интерфейсе который присоеденен к сети **vlan10**, будет создан vlan c тегом 10 и задан ip 10.10.10.254
9. На **testServer2** на интерфейсе который присоеденен к сети **vlan20**, будет создан vlan c тегом 20 и задан ip 10.10.10.1
10. На **testClient2** на интерфейсе который присоеденен к сети **vlan20**, будет создан vlan c тегом 20 и задан ip 10.10.10.254
Готовый [ansible.yml](ansible.yml)
### Проверка
Запускаем vagrant
```bash
alex@ubuntu-pc:~/Документы/37$ vagrant up
Bringing machine 'inetRouter' up with 'virtualbox' provider...
Bringing machine 'centralRouter' up with 'virtualbox' provider...
Bringing machine 'testServer1' up with 'virtualbox' provider...
Bringing machine 'testClient1' up with 'virtualbox' provider...
Bringing machine 'testServer2' up with 'virtualbox' provider...
Bringing machine 'testClient2' up with 'virtualbox' provider...
==> inetRouter: Importing base box 'ubuntu/jammy64'...
==> inetRouter: Matching MAC address for NAT networking...
==> inetRouter: Checking if box 'ubuntu/jammy64' version '20241002.0.0' is up to date...
==> inetRouter: Setting the name of the VM: 37_inetRouter_1775546834028_76172
==> inetRouter: Clearing any previously set network interfaces...
==> inetRouter: Preparing network interfaces based on configuration...
inetRouter: Adapter 1: nat
inetRouter: Adapter 2: intnet
inetRouter: Adapter 3: intnet
==> inetRouter: Forwarding ports...
inetRouter: 22 (guest) => 2222 (host) (adapter 1)
==> inetRouter: Running 'pre-boot' VM customizations...
==> inetRouter: Booting VM...
==> inetRouter: Waiting for machine to boot. This may take a few minutes...
...
...
PLAY [centralRouter] ***********************************************************
skipping: no hosts matched
PLAY [testServer1] *************************************************************
skipping: no hosts matched
PLAY [testClient1] *************************************************************
skipping: no hosts matched
PLAY [testServer2] *************************************************************
skipping: no hosts matched
PLAY [testClient2] *************************************************************
TASK [Gathering Facts] *********************************************************
ok: [testClient2]
TASK [get int name to link vlan20] *********************************************
changed: [testClient2]
TASK [add vlan netplan] ********************************************************
changed: [testClient2]
RUNNING HANDLER [apply netplan] ************************************************
changed: [testClient2]
PLAY RECAP *********************************************************************
testClient2 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
```
#### Проверка LACP
Подключимся к inetRouter, состояния интерфейсов, и доступность centralRouter
```bash
vagrant@inetRouter:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 02:a0:d2:64:f1:28 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 metric 100 brd 10.0.2.255 scope global dynamic enp0s3
valid_lft 86080sec preferred_lft 86080sec
inet6 fd17:625c:f037:2:a0:d2ff:fe64:f128/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86282sec preferred_lft 14282sec
inet6 fe80::a0:d2ff:fe64:f128/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,PROMISC,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
link/ether c6:91:6a:ba:79:e8 brd ff:ff:ff:ff:ff:ff permaddr 08:00:27:8c:41:2d
4: enp0s9: <BROADCAST,MULTICAST,PROMISC,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
link/ether c6:91:6a:ba:79:e8 brd ff:ff:ff:ff:ff:ff permaddr 08:00:27:ae:40:e4
5: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether c6:91:6a:ba:79:e8 brd ff:ff:ff:ff:ff:ff
inet 192.168.255.1/30 brd 192.168.255.3 scope global bond0
valid_lft forever preferred_lft forever
inet6 fe80::c491:6aff:feba:79e8/64 scope link
valid_lft forever preferred_lft forever
vagrant@inetRouter:~$ ping 192.168.255.2
PING 192.168.255.2 (192.168.255.2) 56(84) bytes of data.
64 bytes from 192.168.255.2: icmp_seq=1 ttl=64 time=4.66 ms
64 bytes from 192.168.255.2: icmp_seq=2 ttl=64 time=85.7 ms
64 bytes from 192.168.255.2: icmp_seq=3 ttl=64 time=11.0 ms
64 bytes from 192.168.255.2: icmp_seq=4 ttl=64 time=0.567 ms
64 bytes from 192.168.255.2: icmp_seq=5 ttl=64 time=71.5 ms
^C
--- 192.168.255.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4100ms
rtt min/avg/max/mdev = 0.567/34.693/85.702/36.286 ms
```
Как видим появился интерфейс bond0 с ip 192.168.255.1/30. А так же centralRouter отвечает на пинг.
Теперь отключим один из интерфейсов который входит в bond0.
```bash
vagrant@inetRouter:~$ sudo ip link set down enp0s8
vagrant@inetRouter:~$ ping 192.168.255.2
PING 192.168.255.2 (192.168.255.2) 56(84) bytes of data.
64 bytes from 192.168.255.2: icmp_seq=1 ttl=64 time=28.2 ms
64 bytes from 192.168.255.2: icmp_seq=2 ttl=64 time=33.0 ms
64 bytes from 192.168.255.2: icmp_seq=3 ttl=64 time=2.67 ms
^C
--- 192.168.255.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2029ms
rtt min/avg/max/mdev = 2.668/21.273/32.986/13.302 ms
```
Как видим доступность centralRouter осталась
Отключим второй интерфейс
```bash
vagrant@inetRouter:~$ sudo ip link set down enp0s9
vagrant@inetRouter:~$ ping 192.168.255.2
PING 192.168.255.2 (192.168.255.2) 56(84) bytes of data.
From 192.168.255.1 icmp_seq=1 Destination Host Unreachable
From 192.168.255.1 icmp_seq=2 Destination Host Unreachable
From 192.168.255.1 icmp_seq=3 Destination Host Unreachable
^C
--- 192.168.255.2 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3090ms
pipe 3
```
Вот теперь centralRouter не доступен.
Включим первый интерфейс
```bash
vagrant@inetRouter:~$ sudo ip link set up enp0s8
vagrant@inetRouter:~$ ping 192.168.255.2
PING 192.168.255.2 (192.168.255.2) 56(84) bytes of data.
64 bytes from 192.168.255.2: icmp_seq=1 ttl=64 time=12.5 ms
64 bytes from 192.168.255.2: icmp_seq=2 ttl=64 time=1.87 ms
^C
--- 192.168.255.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1024ms
rtt min/avg/max/mdev = 1.867/7.188/12.509/5.321 ms
```
Связь с centralRouter восстановилась
#### Проверка VLAN
Поключимся к testClient1, посмотрим вывод ip a
```bash
vagrant@testClient1:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 02:a0:d2:64:f1:28 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 metric 100 brd 10.0.2.255 scope global dynamic enp0s3
valid_lft 85760sec preferred_lft 85760sec
inet6 fd17:625c:f037:2:a0:d2ff:fe64:f128/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86222sec preferred_lft 14222sec
inet6 fe80::a0:d2ff:fe64:f128/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:45:b2:6d brd ff:ff:ff:ff:ff:ff
inet6 fe80::a00:27ff:fe45:b26d/64 scope link
valid_lft forever preferred_lft forever
4: vlan10@enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 08:00:27:45:b2:6d brd ff:ff:ff:ff:ff:ff
inet 10.10.10.254/24 brd 10.10.10.255 scope global vlan10
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe45:b26d/64 scope link
valid_lft forever preferred_lft forever
```
Видим, что присутсвуем инретфейс vlan10 c ip 10.10.10.254/24.
Проверим доступность testServer1
```bash
vagrant@testClient1:~$ ping 10.10.10.1
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=4.49 ms
64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=0.498 ms
--- 10.10.10.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.498/2.492/4.487/1.994 ms
```
testServer1 доступен.
То же самое проверим и на testClient2
```bash
vagrant@testClient2:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 02:a0:d2:64:f1:28 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 metric 100 brd 10.0.2.255 scope global dynamic enp0s3
valid_lft 85872sec preferred_lft 85872sec
inet6 fd17:625c:f037:2:a0:d2ff:fe64:f128/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86352sec preferred_lft 14352sec
inet6 fe80::a0:d2ff:fe64:f128/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:9a:7a:58 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a00:27ff:fe9a:7a58/64 scope link
valid_lft forever preferred_lft forever
4: vlan20@enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 08:00:27:9a:7a:58 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.254/24 brd 10.10.10.255 scope global vlan20
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe9a:7a58/64 scope link
valid_lft forever preferred_lft forever
```
Как видим на testClient2 ip 10.10.10.254/24 имеет уже другой интерфейс, а имеено vlan20
```bash
vagrant@testClient2:~$ ping 10.10.10.1
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=5.83 ms
64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=0.940 ms
64 bytes from 10.10.10.1: icmp_seq=3 ttl=64 time=0.424 ms
^C
--- 10.10.10.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 0.424/2.396/5.826/2.434 ms
```
И testServer2 доступен
Все готово!
Reference in New Issue View Git Blame Copy Permalink