Outils pour utilisateurs

Outils du site


machines:grifon:budic

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentes Révision précédente
machines:grifon:budic [2018/11/24 11:24]
nemo [Configuration système]
machines:grifon:budic [2019/02/25 20:38] (Version actuelle)
nemo
Ligne 1: Ligne 1:
-====== budic ====== +Moved to [[machines:​grifon:​asbr02|asbr02]]
- +
-Rôle principal : routeur BGP secondaire +
- +
-Machine physique (APU) +
- +
-<​code>​ +
-FreeBSD budic.cogent-rns.grifon.fr 11.2-RELEASE-p4 FreeBSD 11.2-RELEASE-p4 #0: Thu Sep 27 08:16:24 UTC 2018     ​root@amd64-builder.daemonology.net:/​usr/​obj/​usr/​src/​sys/​GENERIC ​ amd64 +
-</​code>​ +
- +
-Configuration matérielle : +
-  * Intel(R) Xeon(R) CPU           ​X3450 ​ @ 2.67GHz +
-  * 4G de RAM +
-  * bce0 : QLogic NetXtreme II BCM5716 1000Base-T (C0) +
-    * IPMI +
-  * bce1 : QLogic NetXtreme II BCM5716 1000Base-T (C0) +
-    * Admin +
-  * igb0 : Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k +
-    * WAN +
-  * igb1 : Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k +
-    * LAN +
- +
-Services : +
-  * ntpd +
-  * pf +
-  * snmpd (vers le LibreNMS de [[machines:​grifon:​gurvant]]) +
-  * munin-node +
-  * smartctl +
-  * nrpe (monitoring des sessions BGP) +
-  * bird2 ([[reseau:​bgp#​ipv4|bgp]], [[reseau:​ospf:​nominoe|ospf]]) +
- +
-Administrateurs : +
-  * alarig +
-  * petrus +
-  * gizmo +
-  * dotux +
-  * nemo +
- +
-===== Configuration réseau (partiellement à jour) ===== +
- +
-  * igb0, interface sans IP +
-    * igb0.20, interconnexion avec Cogent +
-    * igb0.22, interconnexion avec Breizh-IX +
-    * igb0.50, interconnexion avec Quantic +
-  * igb1, interface réseau grifon (sans IP) +
-    * igb1.30, VLAN data +
-    * igb1.31, Interco VPN +
-    * igb1.32, Interco ADSL +
-    * igb1.41, Interco iBGP +
-    * igb1.100, livraison transit petrus +
-    * igb1.101, livraison transit guizmo34 +
-    * igb1.102, livraison transit AS112 +
-  * bec0, interface IPMI +
-  * bce1, interface LAN admin +
- +
-Contrairement à [[nominoe]],​ budic n’a pas de tunnels. La raison principale est que nous étions déjà mutli-homés quand nous l’avons mis en place, nous n’avions donc plus besoin d’ARN et de HE. +
- +
-<​file>​ +
-igb0: flags=8843<​UP,​BROADCAST,​RUNNING,​SIMPLEX,​MULTICAST>​ metric 0 mtu 1500 +
- options=6403bb<​RXCSUM,​TXCSUM,​VLAN_MTU,​VLAN_HWTAGGING,​JUMBO_MTU,​VLAN_HWCSUM,​TSO4,​TSO6,​VLAN_HWTSO,​RXCSUM_IPV6,​TXCSUM_IPV6>​ +
- ether 00:​1b:​21:​48:​68:​98 +
- hwaddr 00:​1b:​21:​48:​68:​98 +
- nd6 options=29<​PERFORMNUD,​IFDISABLED,​AUTO_LINKLOCAL>​ +
- media: Ethernet autoselect (1000baseT <​full-duplex>​) +
- status: active +
-igb1: flags=8843<​UP,​BROADCAST,​RUNNING,​SIMPLEX,​MULTICAST>​ metric 0 mtu 1500 +
- options=6403bb<​RXCSUM,​TXCSUM,​VLAN_MTU,​VLAN_HWTAGGING,​JUMBO_MTU,​VLAN_HWCSUM,​TSO4,​TSO6,​VLAN_HWTSO,​RXCSUM_IPV6,​TXCSUM_IPV6>​ +
- ether 00:​1b:​21:​48:​68:​99 +
- hwaddr 00:​1b:​21:​48:​68:​99 +
- nd6 options=29<​PERFORMNUD,​IFDISABLED,​AUTO_LINKLOCAL>​ +
- media: Ethernet autoselect (1000baseT <​full-duplex>​) +
- status: active +
-igb2: flags=8c02<​BROADCAST,​OACTIVE,​SIMPLEX,​MULTICAST>​ metric 0 mtu 1500 +
- options=6403bb<​RXCSUM,​TXCSUM,​VLAN_MTU,​VLAN_HWTAGGING,​JUMBO_MTU,​VLAN_HWCSUM,​TSO4,​TSO6,​VLAN_HWTSO,​RXCSUM_IPV6,​TXCSUM_IPV6>​ +
- ether 00:​1b:​21:​48:​68:​9c +
- hwaddr 00:​1b:​21:​48:​68:​9c +
- nd6 options=29<​PERFORMNUD,​IFDISABLED,​AUTO_LINKLOCAL>​ +
- media: Ethernet autoselect +
- status: no carrier +
-igb3: flags=8c02<​BROADCAST,​OACTIVE,​SIMPLEX,​MULTICAST>​ metric 0 mtu 1500 +
- options=6403bb<​RXCSUM,​TXCSUM,​VLAN_MTU,​VLAN_HWTAGGING,​JUMBO_MTU,​VLAN_HWCSUM,​TSO4,​TSO6,​VLAN_HWTSO,​RXCSUM_IPV6,​TXCSUM_IPV6>​ +
- ether 00:​1b:​21:​48:​68:​9d +
- hwaddr 00:​1b:​21:​48:​68:​9d +
- nd6 options=29<​PERFORMNUD,​IFDISABLED,​AUTO_LINKLOCAL>​ +
- media: Ethernet autoselect +
- status: no carrier +
-bce0: flags=8802<​BROADCAST,​SIMPLEX,​MULTICAST>​ metric 0 mtu 1500 +
- options=c01bb<​RXCSUM,​TXCSUM,​VLAN_MTU,​VLAN_HWTAGGING,​JUMBO_MTU,​VLAN_HWCSUM,​TSO4,​VLAN_HWTSO,​LINKSTATE>​ +
- ether bc:​30:​5b:​df:​9d:​03 +
- hwaddr bc:​30:​5b:​df:​9d:​03 +
- nd6 options=29<​PERFORMNUD,​IFDISABLED,​AUTO_LINKLOCAL>​ +
- media: Ethernet autoselect +
-bce1: flags=8843<​UP,​BROADCAST,​RUNNING,​SIMPLEX,​MULTICAST>​ metric 0 mtu 1500 +
- options=c01bb<​RXCSUM,​TXCSUM,​VLAN_MTU,​VLAN_HWTAGGING,​JUMBO_MTU,​VLAN_HWCSUM,​TSO4,​VLAN_HWTSO,​LINKSTATE>​ +
- ether bc:​30:​5b:​df:​9d:​04 +
- hwaddr bc:​30:​5b:​df:​9d:​04 +
- inet 172.17.0.10 netmask 0xffffff00 broadcast 172.17.0.255  +
- nd6 options=29<​PERFORMNUD,​IFDISABLED,​AUTO_LINKLOCAL>​ +
- media: Ethernet autoselect (1000baseT <​full-duplex>​) +
- status: active +
-lo0: flags=8049<​UP,​LOOPBACK,​RUNNING,​MULTICAST>​ metric 0 mtu 16384 +
- options=600003<​RXCSUM,​TXCSUM,​RXCSUM_IPV6,​TXCSUM_IPV6>​ +
- inet6 ::1 prefixlen 128  +
- inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7  +
- inet 127.0.0.1 netmask 0xff000000  +
- nd6 options=21<​PERFORMNUD,​AUTO_LINKLOCAL>​ +
- groups: lo  +
-igb0.20: flags=8843<​UP,​BROADCAST,​RUNNING,​SIMPLEX,​MULTICAST>​ metric 0 mtu 1500 +
- description:​ Transit: cogent +
- options=600303<​RXCSUM,​TXCSUM,​TSO4,​TSO6,​RXCSUM_IPV6,​TXCSUM_IPV6>​ +
- ether 00:​1b:​21:​48:​68:​98 +
- inet 149.6.72.99 netmask 0xfffffff8 broadcast 149.6.72.103  +
- inet6 fe80::​21b:​21ff:​fe48:​6898%igb0.20 prefixlen 64 scopeid 0x8  +
- inet6 2001:​978:​2:​4e::​5:​3 prefixlen 112  +
- nd6 options=21<​PERFORMNUD,​AUTO_LINKLOCAL>​ +
- media: Ethernet autoselect (1000baseT <​full-duplex>​) +
- status: active +
- vlan: 20 vlanpcp: 0 parent interface: igb0 +
- groups: vlan  +
-igb0.50: flags=8843<​UP,​BROADCAST,​RUNNING,​SIMPLEX,​MULTICAST>​ metric 0 mtu 1500 +
- description:​ Transit: quantic +
- options=600303<​RXCSUM,​TXCSUM,​TSO4,​TSO6,​RXCSUM_IPV6,​TXCSUM_IPV6>​ +
- ether 00:​1b:​21:​48:​68:​98 +
- inet 169.254.1.3 netmask 0xfffffff8 broadcast 169.254.1.7  +
- inet6 fe80::​21b:​21ff:​fe48:​6898%igb0.50 prefixlen 64 scopeid 0x9  +
- inet6 2a06:​e040:​3501:​101:​2::​3 prefixlen 80  +
- nd6 options=21<​PERFORMNUD,​AUTO_LINKLOCAL>​ +
- media: Ethernet autoselect (1000baseT <​full-duplex>​) +
- status: active +
- vlan: 50 vlanpcp: 0 parent interface: igb0 +
- groups: vlan  +
-igb0.22: flags=8843<​UP,​BROADCAST,​RUNNING,​SIMPLEX,​MULTICAST>​ metric 0 mtu 1500 +
- description:​ Peering: BreizhIX +
- options=600303<​RXCSUM,​TXCSUM,​TSO4,​TSO6,​RXCSUM_IPV6,​TXCSUM_IPV6>​ +
- ether 00:​1b:​21:​48:​68:​98 +
- inet 185.1.89.13 netmask 0xffffff00 broadcast 185.1.89.255  +
- inet6 fe80::​21b:​21ff:​fe48:​6898%igb0.22 prefixlen 64 scopeid 0xa  +
- inet6 2001:​7f8:​b1::​d prefixlen 64  +
- nd6 options=21<​PERFORMNUD,​AUTO_LINKLOCAL>​ +
- media: Ethernet autoselect (1000baseT <​full-duplex>​) +
- status: active +
- vlan: 22 vlanpcp: 0 parent interface: igb0 +
- groups: vlan  +
-igb1.30: flags=8843<​UP,​BROADCAST,​RUNNING,​SIMPLEX,​MULTICAST>​ metric 0 mtu 1500 +
- description:​ Core: VLAN30 +
- options=600303<​RXCSUM,​TXCSUM,​TSO4,​TSO6,​RXCSUM_IPV6,​TXCSUM_IPV6>​ +
- ether 00:​1b:​21:​48:​68:​99 +
- inet 89.234.186.6 netmask 0xffffff80 broadcast 89.234.186.127  +
- inet 80.67.190.195 netmask 0xffffffe0 broadcast 80.67.190.223  +
- inet6 fe80::​21b:​21ff:​fe48:​6899%igb1.30 prefixlen 64 scopeid 0xb  +
- inet6 2a00:​5884::​6 prefixlen 64  +
- nd6 options=21<​PERFORMNUD,​AUTO_LINKLOCAL>​ +
- media: Ethernet autoselect (1000baseT <​full-duplex>​) +
- status: active +
- vlan: 30 vlanpcp: 0 parent interface: igb1 +
- groups: vlan  +
-igb1.31: flags=8843<​UP,​BROADCAST,​RUNNING,​SIMPLEX,​MULTICAST>​ metric 0 mtu 1500 +
- description:​ Core: Interco VPN +
- options=600303<​RXCSUM,​TXCSUM,​TSO4,​TSO6,​RXCSUM_IPV6,​TXCSUM_IPV6>​ +
- ether 00:​1b:​21:​48:​68:​99 +
- inet 89.234.186.186 netmask 0xfffffff8 broadcast 89.234.186.191  +
- inet6 fe80::​21b:​21ff:​fe48:​6899%igb1.31 prefixlen 64 scopeid 0xc  +
- inet6 2a00:​5884:​0:​2::​2 prefixlen 64  +
- nd6 options=21<​PERFORMNUD,​AUTO_LINKLOCAL>​ +
- media: Ethernet autoselect (1000baseT <​full-duplex>​) +
- status: active +
- vlan: 31 vlanpcp: 0 parent interface: igb1 +
- groups: vlan  +
-igb1.32: flags=8843<​UP,​BROADCAST,​RUNNING,​SIMPLEX,​MULTICAST>​ metric 0 mtu 1500 +
- description:​ Core: Interco ADSL +
- options=600303<​RXCSUM,​TXCSUM,​TSO4,​TSO6,​RXCSUM_IPV6,​TXCSUM_IPV6>​ +
- ether 00:​1b:​21:​48:​68:​99 +
- inet 89.234.186.202 netmask 0xfffffff8 broadcast 89.234.186.207  +
- inet6 fe80::​21b:​21ff:​fe48:​6899%igb1.32 prefixlen 64 scopeid 0xd  +
- inet6 2a00:​5884:​0:​1::​2 prefixlen 64  +
- nd6 options=21<​PERFORMNUD,​AUTO_LINKLOCAL>​ +
- media: Ethernet autoselect (1000baseT <​full-duplex>​) +
- status: active +
- vlan: 32 vlanpcp: 0 parent interface: igb1 +
- groups: vlan  +
-igb1.41: flags=8843<​UP,​BROADCAST,​RUNNING,​SIMPLEX,​MULTICAST>​ metric 0 mtu 1500 +
- description:​ Core: Interco iBGP +
- options=600303<​RXCSUM,​TXCSUM,​TSO4,​TSO6,​RXCSUM_IPV6,​TXCSUM_IPV6>​ +
- ether 00:​1b:​21:​48:​68:​99 +
- inet 89.234.186.178 netmask 0xfffffff8 broadcast 89.234.186.183  +
- inet6 fe80::​21b:​21ff:​fe48:​6899%igb1.41 prefixlen 64 scopeid 0xe  +
- inet6 2a00:​5884:​0:​4::​2 prefixlen 64  +
- nd6 options=21<​PERFORMNUD,​AUTO_LINKLOCAL>​ +
- media: Ethernet autoselect (1000baseT <​full-duplex>​) +
- status: active +
- vlan: 41 vlanpcp: 0 parent interface: igb1 +
- groups: vlan  +
-igb1.100: flags=8843<​UP,​BROADCAST,​RUNNING,​SIMPLEX,​MULTICAST>​ metric 0 mtu 1500 +
- description:​ Cust: Livraison transit petrus +
- options=600303<​RXCSUM,​TXCSUM,​TSO4,​TSO6,​RXCSUM_IPV6,​TXCSUM_IPV6>​ +
- ether 00:​1b:​21:​48:​68:​99 +
- inet6 2a00:​5884:​0:​100::​2 prefixlen 112  +
- inet6 fe80::​21b:​21ff:​fe48:​6899%igb1.100 prefixlen 64 scopeid 0xf  +
- nd6 options=21<​PERFORMNUD,​AUTO_LINKLOCAL>​ +
- media: Ethernet autoselect (1000baseT <​full-duplex>​) +
- status: active +
- vlan: 100 vlanpcp: 0 parent interface: igb1 +
- groups: vlan  +
-igb1.101: flags=8843<​UP,​BROADCAST,​RUNNING,​SIMPLEX,​MULTICAST>​ metric 0 mtu 1500 +
- description:​ Cust: Livraison transit guizmo34 +
- options=600303<​RXCSUM,​TXCSUM,​TSO4,​TSO6,​RXCSUM_IPV6,​TXCSUM_IPV6>​ +
- ether 00:​1b:​21:​48:​68:​99 +
- inet6 2a00:​5884:​0:​101::​2 prefixlen 112  +
- inet6 fe80::​21b:​21ff:​fe48:​6899%igb1.101 prefixlen 64 scopeid 0x10  +
- nd6 options=21<​PERFORMNUD,​AUTO_LINKLOCAL>​ +
- media: Ethernet autoselect (1000baseT <​full-duplex>​) +
- status: active +
- vlan: 101 vlanpcp: 0 parent interface: igb1 +
- groups: vlan  +
-igb1.102: flags=8843<​UP,​BROADCAST,​RUNNING,​SIMPLEX,​MULTICAST>​ metric 0 mtu 1500 +
- description:​ Cust: Livraison BGP AS112 +
- options=600303<​RXCSUM,​TXCSUM,​TSO4,​TSO6,​RXCSUM_IPV6,​TXCSUM_IPV6>​ +
- ether 00:​1b:​21:​48:​68:​99 +
- inet 89.234.186.130 netmask 0xfffffff8 broadcast 89.234.186.135  +
- inet6 fe80::​21b:​21ff:​fe48:​6899%igb1.102 prefixlen 64 scopeid 0x11  +
- inet6 2a00:​5884:​0:​100::​1:​2 prefixlen 112  +
- nd6 options=21<​PERFORMNUD,​AUTO_LINKLOCAL>​ +
- media: Ethernet autoselect (1000baseT <​full-duplex>​) +
- status: active +
- vlan: 102 vlanpcp: 0 parent interface: igb1 +
- groups: vlan  +
-pflog0: flags=141<​UP,​RUNNING,​PROMISC>​ metric 0 mtu 33160 +
- groups: pflog  +
-</​file>​ +
- +
-===== Configuration système (partiellement à jour) ===== +
- +
-<file | /​etc/​rc.conf>​ +
-hostname="​budic.cogent-rns.grifon.fr"​ +
-keymap="​fr"​ +
-ifconfig_bce1="​inet 172.17.0.10/​24"​ +
- +
-ifconfig_igb0="​up"​ +
-ifconfig_igb1="​up"​ +
-defaultrouter="​149.6.72.97"​ +
-ipv6_defaultrouter="​2001:​978:​2:​4e::​5:​1"​ +
- +
-gateway_enable="​YES"​ +
-ipv6_gateway_enable="​YES"​ +
- +
-ntpdate_enable="​YES"​ +
-ntpdate_hosts="​89.234.186.7"​ +
-syslogd_enable="​YES"​ +
-syslogd_flags="​-ss"​ +
- +
-sshd_enable="​YES"​ +
-ntpd_enable="​YES"​ +
-# Set dumpdev to "​AUTO"​ to enable crash dumps, "​NO"​ to disable +
-dumpdev="​AUTO"​ +
- +
-# pf +
-pf_enable="​YES"​ +
-pf_rules="/​etc/​pf.conf" ​        # rules definition file for pf +
-pf_flags="" ​                    # additional flags for pfctl startup +
-pflog_enable="​YES" ​             # start pflogd(8) +
-pflog_logfile="/​var/​log/​pflog" ​ # where pflogd should store the logfile +
-pflog_flags="" ​                 # additional flags for pflogd startup +
-pflogd_enable="​YES"​ +
- +
-# SNMP +
-snmpd_enable="​YES"​ +
-snmpd_flags="​-a"​ +
-snmpd_conffile="/​usr/​local/​etc/​snmpd.conf"​ +
-snmptrapd_enable="​YES"​ +
-snmptrapd_flags="​-a -p /​var/​run/​snmptrapd.pid"​ +
-bsnmpd_enable="​YES"​ +
- +
-# munin +
-munin_node_enable="​YES"​ +
- +
-# smartctl +
-smartd_enable="​YES"​ +
- +
-# NRPE +
-nrpe3_enable="​YES"​ +
- +
-# https://​grifon.fr/​comptes-rendus/​2016-06-06_reunion-hackerspace.html#​quagga-ou-bird +
-bird_enable="​YES"​ +
-bird6_enable="​YES"​ +
- +
-# routes statiques IPv6 +
-</​file>​ +
- +
-<file | /​etc/​start_if.igb0>​ +
-#!/bin/sh +
- +
-ifconfig igb0.20 create +
-ifconfig igb0.20 description "​Transit:​ cogent"​ +
-ifconfig igb0.20 vlan 20 vlandev igb0 +
-ifconfig igb0.20 inet 149.6.72.99/​29 +
-ifconfig igb0.20 inet6 2001:​978:​2:​4e::​5:​3/​112 +
- +
-ifconfig igb0.50 create +
-ifconfig igb0.50 description "​Transit:​ quantic"​ +
-ifconfig igb0.50 vlan 50 vlandev igb0 +
-ifconfig igb0.50 inet 169.254.1.3/​29 +
-ifconfig igb0.50 inet6 2a06:​e040:​3501:​0101:​0002::​3/​80 +
- +
-ifconfig igb0.22 create +
-ifconfig igb0.22 description "​Peering:​ BreizhIX"​ +
-ifconfig igb0.22 vlan 22 vlandev igb0 +
-ifconfig igb0.22 inet 185.1.89.13/​24 +
-ifconfig igb0.22 inet6 2001:​7f8:​b1::​d/​64 +
-</​file>​+
machines/grifon/budic.txt · Dernière modification: 2019/02/25 20:38 par nemo