JLab Server
From Teknologisk videncenter
<accesscontrol>teacher</accesscontrol>
This article is under development....
Ide
Ideen med denne server er at lave et Juniper Lab, med en logon server der giver kursisten adgang til et virtuelt netværk hvor der kan opsættes udstyr og prøves ting af i et test senarie.
Installation
Default programs
sudo aptitude install nmap bmon nmon htop mono-runtime mono-2.0-gac
EtherChanel
Nic Bonding på Ubuntu er beskrevet her: https://help.ubuntu.com/community/LinkAggregation
sudo aptitude install ifenslave
sudo nano /etc/network/interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet dhcp # This is an autoconfigured IPv6 interface iface eth0 inet6 auto #Create the interface auto bond0 iface bond0 inet manual #Add physical network adapters bond-slaves eth1 eth2 #Configure load balancing mode #mode=0 (balance-rr) #mode=1 (active-backup) #mode=2 (balance-xor) #mode=3 (broadcast) #mode=4 (802.3ad) #mode=5 (balance-tlb) #mode=6 (balance-alb) bond_mode 2
Genstart networking
sudo /etc/init.d/networking restart
For at teste at det virker, har jeg lavet et program der sender UDP trafik til den bestemt IP og port, så hurtigt som maskinen kan.
Opret 2 statiske ARP's for maskinen har noget L2 at sende til:
sudo arp -s 10.0.0.3 00:00:00:00:00:01 sudo arp -s 10.0.0.4 00:00:00:00:00:02
Jeg har brugt bmon til at se om den sender noget trafik, og på hvilke kanaler.
rael@JLab:~$ ./LinuxUdpBomber.exe 10.0.0.3 5000 #Bmon snippet JLab (source: local) 0 lo 0.00B 0 0.00B 0 1 eth2 163.00B 1 0.00B 0 2 eth1 395.00B 3 11.08MiB 36076 3 eth0 566.00B 5 100.00B 0 4 bond0 558.00B 5 11.08MiB 36076 rael@JLab:~$ ./LinuxUdpBomber.exe 10.0.0.4 5000 #Bmon snippet JLab (source: local) 0 lo 0.00B 0 0.00B 0 1 eth2 0.00B 0 11.08MiB 36076 2 eth1 384.00B 5 0.00B 0 3 eth0 424.00B 6 186.00B 1 4 bond0 384.00B 5 11.08MiB 36076
VLans
Vlan konfiguration står beskrevet her: https://wiki.ubuntu.com/vlan
Installer vlan mgmt og load moduler
aptitude install vlan modprobe 8021q sudo su -c 'echo "8021q" >> /etc/modules'
Ændre i /etc/network/interfaces
auto bond0 iface bond0 inet static address 10.0.0.1 netmask 255.255.255.0 bond-slaves eth1 eth2 bond_mode 2 auto bond0.100 iface bond0.100 inet static address 10.100.0.1 netmask 255.255.255.0 vlan-raw-device bond0
LinuX Containers
Install LXC and random other stuf:
aptitude install lxc htop bridge-utils landscape-common bmon nmap iperf nmon -y
Enable IPv4 Forwarding:
echo "1" > /proc/sys/net/ipv4/ip_forward
Create Bridge interface per vlan
#Create the Bridges brctl addbr br200 brctl addbr br201 brctl addbr br202 brctl addbr br203 brctl addbr br204 brctl addbr br205 brctl addbr br206 brctl addbr br207 #Bond Bridges and interfaces brctl addif br200 bond0.200 brctl addif br201 bond0.201 brctl addif br202 bond0.202 brctl addif br203 bond0.203 brctl addif br204 bond0.204 brctl addif br205 bond0.205 brctl addif br206 bond0.206 brctl addif br207 bond0.207 #Enable the Bridges ip link set dev br200 up ip link set dev br201 up ip link set dev br202 up ip link set dev br203 up ip link set dev br204 up ip link set dev br205 up ip link set dev br206 up ip link set dev br207 up # Change the IP from Sub-interface to Bridge interface ifconfig bond0.200 0.0.0.0 up ifconfig bond0.201 0.0.0.0 up ifconfig bond0.202 0.0.0.0 up ifconfig bond0.203 0.0.0.0 up ifconfig bond0.204 0.0.0.0 up ifconfig bond0.205 0.0.0.0 up ifconfig bond0.206 0.0.0.0 up ifconfig bond0.207 0.0.0.0 up ifconfig br200 10.200.0.10 netmask 255.255.255.0 up ifconfig br201 10.201.0.10 netmask 255.255.255.0 up ifconfig br202 10.202.0.10 netmask 255.255.255.0 up ifconfig br203 10.203.0.10 netmask 255.255.255.0 up ifconfig br204 10.204.0.10 netmask 255.255.255.0 up ifconfig br205 10.205.0.10 netmask 255.255.255.0 up ifconfig br206 10.206.0.10 netmask 255.255.255.0 up ifconfig br207 10.207.0.10 netmask 255.255.255.0 up
Create configuration files for the Containers, one for each VLAN
dd of=/etc/lxc/vlan200.conf << EOF lxc.network.type=veth lxc.network.link=br200 lxc.network.flags=up lxc.network.name=eth0 EOF dd of=/etc/lxc/vlan201.conf << EOF lxc.network.type=veth lxc.network.link=br201 lxc.network.flags=up lxc.network.name=eth0 EOF dd of=/etc/lxc/vlan202.conf << EOF lxc.network.type=veth lxc.network.link=br202 lxc.network.flags=up lxc.network.name=eth0 EOF dd of=/etc/lxc/vlan203.conf << EOF lxc.network.type=veth lxc.network.link=br203 lxc.network.flags=up lxc.network.name=eth0 EOF dd of=/etc/lxc/vlan204.conf << EOF lxc.network.type=veth lxc.network.link=br204 lxc.network.flags=up lxc.network.name=eth0 EOF dd of=/etc/lxc/vlan205.conf << EOF lxc.network.type=veth lxc.network.link=br205 lxc.network.flags=up lxc.network.name=eth0 EOF dd of=/etc/lxc/vlan206.conf << EOF lxc.network.type=veth lxc.network.link=br206 lxc.network.flags=up lxc.network.name=eth0 EOF dd of=/etc/lxc/vlan207.conf << EOF lxc.network.type=veth lxc.network.link=br207 lxc.network.flags=up lxc.network.name=eth0 EOF
Create a linux container per vlan, this is done for one vlan in this way:
#Create the container, the first time it creates a template and a container. Lucid is the latest LTS i got to work MIRROR=http://mirror.tekkom.dk/ubuntu/ lxc-create -t ubuntu -n vlan200 -f /etc/lxc/vlan200.conf -- -r lucid -a amd64 -b $USER #Chroot into the new container and change the password chroot /var/lib/lxc/vlan200/rootfs/ /bin/bash passwd #Update aptitude aptitude update #Install basic services and stiff aptitude install landscape-common language-pack-en nano bmon nmap iperf iproute traceroute -y #Exit the chroot exit
Start and enter the container
#Start the container in daemon mode lxc-start -d -n vlan200 #Get access to the console on the contianer lxc-console -n vlan200
Netværkstest
På alle containers starter man iperf i server mode, og så er det bare at teste udstyret imellem de forskellige vlans.
iperf -p 5000 -s >> /var/log/iperfserver-tcp.log & iperf -p 5001 -s -u >> /var/log/iperfserver-udp.log &
Her er en test fra VLAN201 til VLAN200 igennem en Cisco L3 ME3400:
# iperf -c 10.200.0.11 -i 1 -p 5000 ------------------------------------------------------------ Client connecting to 10.200.0.11, TCP port 5000 TCP window size: 16.0 KByte (default) ------------------------------------------------------------ [ 3] local 10.201.0.11 port 58003 connected with 10.200.0.11 port 5000 [ ID] Interval Transfer Bandwidth [ 3] 0.0- 1.0 sec 10.8 MBytes 90.8 Mbits/sec [ 3] 1.0- 2.0 sec 11.5 MBytes 96.6 Mbits/sec [ 3] 2.0- 3.0 sec 10.4 MBytes 87.0 Mbits/sec [ 3] 3.0- 4.0 sec 10.2 MBytes 85.5 Mbits/sec [ 3] 4.0- 5.0 sec 10.6 MBytes 88.8 Mbits/sec [ 3] 5.0- 6.0 sec 9.95 MBytes 83.4 Mbits/sec [ 3] 6.0- 7.0 sec 10.8 MBytes 90.3 Mbits/sec [ 3] 7.0- 8.0 sec 11.3 MBytes 95.1 Mbits/sec [ 3] 8.0- 9.0 sec 10.6 MBytes 88.6 Mbits/sec [ 3] 9.0-10.0 sec 9.53 MBytes 80.0 Mbits/sec [ 3] 0.0-10.0 sec 106 MBytes 88.3 Mbits/sec
Bilag
Diagram
Router Config
Switch Config
Dokumentation
- http://www.stgraber.org/category/lxc/
- http://fex.rus.uni-stuttgart.de/lxc-ubuntu
- http://www.ibm.com/developerworks/linux/library/l-lxc-containers/