machines:grifon:asbr02
Différences
Ci-dessous, les différences entre deux révisions de la page.
— | machines:grifon:asbr02 [2019/11/16 14:02] (Version actuelle) – créée - modification externe 127.0.0.1 | ||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
+ | ====== ASBR02 ====== | ||
+ | Rôle principal : routeur BGP secondaire | ||
+ | |||
+ | Machine physique (APU) | ||
+ | |||
+ | < | ||
+ | Linux asbr02.cogent-rns.grifon.fr 4.14.152-gentoo #1 SMP Sat Nov 16 14:37:48 CET 2019 x86_64 Intel(R) Xeon(R) CPU X3450 @ 2.67GHz GenuineIntel GNU/Linux | ||
+ | </ | ||
+ | |||
+ | Configuration matérielle : | ||
+ | * Intel(R) Xeon(R) CPU | ||
+ | * 4G de RAM | ||
+ | * eno0 : IPMI | ||
+ | * eno1 : Admin | ||
+ | * enp3s0f0 : WAN | ||
+ | * enp3s0f1 : LAN | ||
+ | |||
+ | < | ||
+ | asbr02 ~ # ethtool -i enp3s0f0 | ||
+ | driver: igb | ||
+ | version: 5.4.0-k | ||
+ | firmware-version: | ||
+ | expansion-rom-version: | ||
+ | bus-info: 0000: | ||
+ | supports-statistics: | ||
+ | supports-test: | ||
+ | supports-eeprom-access: | ||
+ | supports-register-dump: | ||
+ | supports-priv-flags: | ||
+ | asbr02 ~ # ethtool -i eno1 | ||
+ | driver: bnx2 | ||
+ | version: 2.2.6 | ||
+ | firmware-version: | ||
+ | expansion-rom-version: | ||
+ | bus-info: 0000: | ||
+ | supports-statistics: | ||
+ | supports-test: | ||
+ | supports-eeprom-access: | ||
+ | supports-register-dump: | ||
+ | supports-priv-flags: | ||
+ | |||
+ | 03:00.0 Ethernet controller: Intel Corporation 82576 Gigabit Network Connection (rev 01) | ||
+ | Subsystem: Intel Corporation Gigabit ET Quad Port Server Adapter | ||
+ | Kernel driver in use: igb | ||
+ | 03:00.1 Ethernet controller: Intel Corporation 82576 Gigabit Network Connection (rev 01) | ||
+ | Subsystem: Intel Corporation Gigabit ET Quad Port Server Adapter | ||
+ | Kernel driver in use: igb | ||
+ | 04:00.0 Ethernet controller: Intel Corporation 82576 Gigabit Network Connection (rev 01) | ||
+ | Subsystem: Intel Corporation Gigabit ET Quad Port Server Adapter | ||
+ | Kernel driver in use: igb | ||
+ | 04:00.1 Ethernet controller: Intel Corporation 82576 Gigabit Network Connection (rev 01) | ||
+ | Subsystem: Intel Corporation Gigabit ET Quad Port Server Adapter | ||
+ | Kernel driver in use: igb | ||
+ | 05:00.0 Ethernet controller: Broadcom Inc. and subsidiaries NetXtreme II BCM5716 Gigabit Ethernet (rev 20) | ||
+ | Subsystem: Dell NetXtreme II BCM5716 Gigabit Ethernet | ||
+ | Kernel driver in use: bnx2 | ||
+ | 05:00.1 Ethernet controller: Broadcom Inc. and subsidiaries NetXtreme II BCM5716 Gigabit Ethernet (rev 20) | ||
+ | Subsystem: Dell NetXtreme II BCM5716 Gigabit Ethernet | ||
+ | Kernel driver in use: bnx2 | ||
+ | </ | ||
+ | |||
+ | Services : | ||
+ | * ntpd | ||
+ | * iptables | ||
+ | * snmpd (vers le LibreNMS de [[machines: | ||
+ | * munin-node | ||
+ | * smartctl | ||
+ | * nrpe (monitoring des sessions BGP) | ||
+ | * bird2 ([[reseau: | ||
+ | |||
+ | Administrateurs : | ||
+ | * alarig | ||
+ | * petrus | ||
+ | * gizmo | ||
+ | * dotux | ||
+ | * nemo | ||
+ | |||
+ | ===== Configuration réseau (partiellement à jour) ===== | ||
+ | |||
+ | * enp3s0f0, interface sans IP | ||
+ | * enp3s0f0.20, | ||
+ | * enp3s0f0.22, | ||
+ | * enp3s0f0.50, | ||
+ | * enp3s0f1, interface réseau grifon (sans IP) | ||
+ | * enp3s0f1.30, | ||
+ | * enp3s0f1.31, | ||
+ | * enp3s0f1.32, | ||
+ | * enp3s0f1.41, | ||
+ | * enp3s0f1.100, | ||
+ | * enp3s0f1.101, | ||
+ | * enp3s0f1.102, | ||
+ | * eno1, interface IPMI | ||
+ | * eno2, interface LAN admin | ||
+ | * gre1, tunnel de backup pour Stolon | ||
+ | |||
+ | < | ||
+ | 1: lo: < | ||
+ | link/ | ||
+ | inet 127.0.0.1/8 brd 127.255.255.255 scope host lo | ||
+ | | ||
+ | inet6 ::1/128 scope host | ||
+ | | ||
+ | 2: eno1: < | ||
+ | link/ether bc: | ||
+ | 3: eno2: < | ||
+ | link/ether bc: | ||
+ | inet 172.17.0.10/ | ||
+ | | ||
+ | inet6 fd00: | ||
+ | | ||
+ | inet6 fe80:: | ||
+ | | ||
+ | 4: enp3s0f0: < | ||
+ | link/ether 00: | ||
+ | inet6 fe80:: | ||
+ | | ||
+ | 5: enp3s0f1: < | ||
+ | link/ether 00: | ||
+ | inet6 fe80:: | ||
+ | | ||
+ | 6: enp4s0f0: < | ||
+ | link/ether 00: | ||
+ | 7: enp4s0f1: < | ||
+ | link/ether 00: | ||
+ | 8: enp3s0f0.20@enp3s0f0: | ||
+ | link/ether 00: | ||
+ | inet 149.6.72.99/ | ||
+ | | ||
+ | inet6 2001: | ||
+ | | ||
+ | inet6 fe80:: | ||
+ | | ||
+ | 9: enp3s0f0.21@enp3s0f0: | ||
+ | link/ether 00: | ||
+ | inet 46.18.103.42/ | ||
+ | | ||
+ | inet6 2a02: | ||
+ | | ||
+ | inet6 fe80:: | ||
+ | | ||
+ | 10: enp3s0f0.22@enp3s0f0: | ||
+ | link/ether 00: | ||
+ | inet 185.1.89.13/ | ||
+ | | ||
+ | inet6 2001: | ||
+ | | ||
+ | inet6 fe80:: | ||
+ | | ||
+ | 11: enp3s0f0.50@enp3s0f0: | ||
+ | link/ether 00: | ||
+ | inet 169.254.1.3/ | ||
+ | | ||
+ | inet6 2a06: | ||
+ | | ||
+ | inet6 fe80:: | ||
+ | | ||
+ | 12: enp3s0f0.104@enp3s0f0: | ||
+ | link/ether 00: | ||
+ | inet6 fe80:: | ||
+ | | ||
+ | 13: enp3s0f1.30@enp3s0f1: | ||
+ | link/ether 00: | ||
+ | inet 89.234.186.6/ | ||
+ | | ||
+ | inet 80.67.190.195/ | ||
+ | | ||
+ | inet6 2a00: | ||
+ | | ||
+ | inet6 fe80:: | ||
+ | | ||
+ | 14: enp3s0f1.33@enp3s0f1: | ||
+ | link/ether 00: | ||
+ | inet 89.234.186.34/ | ||
+ | | ||
+ | inet6 2a00: | ||
+ | | ||
+ | inet6 fe80:: | ||
+ | | ||
+ | 15: enp3s0f1.100@enp3s0f1: | ||
+ | link/ether 00: | ||
+ | inet6 2a00: | ||
+ | | ||
+ | inet6 fe80:: | ||
+ | | ||
+ | 16: enp3s0f1.101@enp3s0f1: | ||
+ | link/ether 00: | ||
+ | inet6 2a00: | ||
+ | | ||
+ | inet6 fe80:: | ||
+ | | ||
+ | 17: enp3s0f1.102@enp3s0f1: | ||
+ | link/ether 00: | ||
+ | inet 89.234.186.130/ | ||
+ | | ||
+ | inet6 2a00: | ||
+ | | ||
+ | inet6 fe80:: | ||
+ | | ||
+ | 18: enp3s0f1.105@enp3s0f1: | ||
+ | link/ether 00: | ||
+ | inet 89.234.186.202/ | ||
+ | | ||
+ | inet6 2a00: | ||
+ | | ||
+ | inet6 fe80:: | ||
+ | | ||
+ | 19: gre0@NONE: < | ||
+ | link/gre 0.0.0.0 brd 0.0.0.0 | ||
+ | 20: gretap0@NONE: | ||
+ | link/ether 00: | ||
+ | 21: erspan0@NONE: | ||
+ | link/ether 00: | ||
+ | 22: gre1@NONE: < | ||
+ | link/gre 149.6.72.99 peer 46.182.210.14 | ||
+ | inet 89.234.146.54 peer 89.234.146.55/ | ||
+ | | ||
+ | inet6 2a00: | ||
+ | | ||
+ | inet6 fe80:: | ||
+ | | ||
+ | </ | ||
+ | |||
+ | ===== Configuration système (partiellement à jour) ===== | ||
+ | |||
+ | <file | / | ||
+ | hostname=" | ||
+ | keymap=" | ||
+ | ifconfig_bce1=" | ||
+ | |||
+ | ifconfig_igb0=" | ||
+ | ifconfig_igb1=" | ||
+ | defaultrouter=" | ||
+ | ipv6_defaultrouter=" | ||
+ | |||
+ | gateway_enable=" | ||
+ | ipv6_gateway_enable=" | ||
+ | |||
+ | ntpdate_enable=" | ||
+ | ntpdate_hosts=" | ||
+ | syslogd_enable=" | ||
+ | syslogd_flags=" | ||
+ | |||
+ | sshd_enable=" | ||
+ | ntpd_enable=" | ||
+ | # Set dumpdev to " | ||
+ | dumpdev=" | ||
+ | |||
+ | # pf | ||
+ | pf_enable=" | ||
+ | pf_rules="/ | ||
+ | pf_flags="" | ||
+ | pflog_enable=" | ||
+ | pflog_logfile="/ | ||
+ | pflog_flags="" | ||
+ | pflogd_enable=" | ||
+ | |||
+ | # SNMP | ||
+ | snmpd_enable=" | ||
+ | snmpd_flags=" | ||
+ | snmpd_conffile="/ | ||
+ | snmptrapd_enable=" | ||
+ | snmptrapd_flags=" | ||
+ | bsnmpd_enable=" | ||
+ | |||
+ | # munin | ||
+ | munin_node_enable=" | ||
+ | |||
+ | # smartctl | ||
+ | smartd_enable=" | ||
+ | |||
+ | # NRPE | ||
+ | nrpe3_enable=" | ||
+ | |||
+ | # https:// | ||
+ | bird_enable=" | ||
+ | bird6_enable=" | ||
+ | |||
+ | # routes statiques IPv6 | ||
+ | </ | ||
+ | |||
+ | <file | / | ||
+ | config_eno2=" | ||
+ | |||
+ | config_enp3s0f0=" | ||
+ | config_enp3s0f1=" | ||
+ | |||
+ | vlans_enp3s0f0=" | ||
+ | |||
+ | config_enp3s0f0_20=" | ||
+ | config_enp3s0f0_21=" | ||
+ | config_enp3s0f0_22=" | ||
+ | config_enp3s0f0_50=" | ||
+ | |||
+ | vlans_enp3s0f1=" | ||
+ | |||
+ | config_enp3s0f1_30=" | ||
+ | config_enp3s0f1_33=" | ||
+ | config_enp3s0f1_100=" | ||
+ | config_enp3s0f1_101=" | ||
+ | config_enp3s0f1_102=" | ||
+ | config_enp3s0f1_105=" | ||
+ | |||
+ | # Stolon | ||
+ | iptunnel_gre1=" | ||
+ | config_gre1=" | ||
+ | 2a00: | ||
+ | |||
+ | postup() { | ||
+ | ip link set eno2 alias "Core: admin" | ||
+ | ip link set enp3s0f0.20 alias " | ||
+ | ip link set enp3s0f0.21 alias " | ||
+ | ip link set enp3s0f0.22 alias " | ||
+ | ip link set enp3s0f0.50 alias " | ||
+ | ip link set enp3s0f1.30 alias "Core: hosting" | ||
+ | ip link set enp3s0f1.33 alias "Core: backbone" | ||
+ | ip link set enp3s0f1.100 alias "Cust: petrus" | ||
+ | ip link set enp3s0f1.101 alias "Cust: guizmo34" | ||
+ | ip link set enp3s0f1.102 alias "Cust: AS112" | ||
+ | ip link set enp3s0f1.105 alias "Cust: nemo" | ||
+ | ip link set gre1 alias "Cust: Stolon" | ||
+ | # Machine physique NUC TTNN | ||
+ | ip -6 route add 2a00: | ||
+ | # Machine physique RPi Meseira | ||
+ | ip -6 route add 2a00: | ||
+ | # Machine physique NAS Nemo | ||
+ | ip -6 route add 2a00: | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | ===== Firewall (iptables) ===== | ||
+ | ==== IPv4 ==== | ||
+ | |||
+ | <file | / | ||
+ | # Generated by iptables-save v1.6.1 on Sat Nov 16 14:47:37 2019 | ||
+ | *raw | ||
+ | :PREROUTING ACCEPT [21304832: | ||
+ | :OUTPUT ACCEPT [288699: | ||
+ | [88918: | ||
+ | [12:480] -A PREROUTING -i enp3s0f1.30 -m rpfilter --invert -j DROP | ||
+ | COMMIT | ||
+ | # Completed on Sat Nov 16 14:47:37 2019 | ||
+ | # Generated by iptables-save v1.6.1 on Sat Nov 16 14:47:37 2019 | ||
+ | *mangle | ||
+ | :PREROUTING ACCEPT [132234153727: | ||
+ | :INPUT ACCEPT [1178873036: | ||
+ | :FORWARD ACCEPT [130606185646: | ||
+ | :OUTPUT ACCEPT [1424650747: | ||
+ | : | ||
+ | COMMIT | ||
+ | # Completed on Sat Nov 16 14:47:37 2019 | ||
+ | # Generated by iptables-save v1.6.1 on Sat Nov 16 14:47:37 2019 | ||
+ | *filter | ||
+ | :INPUT ACCEPT [233515: | ||
+ | :FORWARD ACCEPT [19601882: | ||
+ | :OUTPUT ACCEPT [281849: | ||
+ | [1:40] -A INPUT -s 172.16.0.0/ | ||
+ | [493095: | ||
+ | [169:12320] -A OUTPUT ! -s 172.16.0.0/ | ||
+ | COMMIT | ||
+ | # Completed on Sat Nov 16 14:47:37 2019 | ||
+ | </ | ||
+ | |||
+ | ==== IPv6 ==== | ||
+ | |||
+ | <file | / | ||
+ | # Generated by ip6tables-save v1.6.1 on Sat Nov 16 14:47:37 2019 | ||
+ | *raw | ||
+ | :PREROUTING ACCEPT [1986857: | ||
+ | :OUTPUT ACCEPT [88819: | ||
+ | [19412: | ||
+ | [0:0] -A PREROUTING -i enp3s0f1.30 -m rpfilter --invert -j DROP | ||
+ | COMMIT | ||
+ | # Completed on Sat Nov 16 14:47:37 2019 | ||
+ | # Generated by ip6tables-save v1.6.1 on Sat Nov 16 14:47:37 2019 | ||
+ | *mangle | ||
+ | :PREROUTING ACCEPT [11347829482: | ||
+ | :INPUT ACCEPT [401028762: | ||
+ | :FORWARD ACCEPT [10860741310: | ||
+ | :OUTPUT ACCEPT [471704985: | ||
+ | : | ||
+ | COMMIT | ||
+ | # Completed on Sat Nov 16 14:47:37 2019 | ||
+ | # Generated by ip6tables-save v1.6.1 on Sat Nov 16 14:47:37 2019 | ||
+ | *filter | ||
+ | :INPUT ACCEPT [67118: | ||
+ | :FORWARD ACCEPT [1931788: | ||
+ | :OUTPUT ACCEPT [89251: | ||
+ | [785719: | ||
+ | [2266: | ||
+ | [102859: | ||
+ | COMMIT | ||
+ | # Completed on Sat Nov 16 14:47:37 2019 | ||
+ | </ |
machines/grifon/asbr02.txt · Dernière modification : 2019/11/16 14:02 de 127.0.0.1