Outils pour utilisateurs

Outils du site


machines:grifon:budic

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentes Révision précédente
machines:grifon:budic [2018/11/24 11:24]
nemo [Configuration système]
machines:grifon:budic [2019/02/25 20:38] (Version actuelle)
nemo
Ligne 1: Ligne 1:
-====== budic ====== +Moved to [[machines:grifon:asbr02|asbr02]]
- +
-Rôle principal : routeur BGP secondaire +
- +
-Machine physique (APU) +
- +
-<code> +
-FreeBSD budic.cogent-rns.grifon.fr 11.2-RELEASE-p4 FreeBSD 11.2-RELEASE-p4 #0: Thu Sep 27 08:16:24 UTC 2018     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64 +
-</code> +
- +
-Configuration matérielle : +
-  * Intel(R) Xeon(R) CPU           X3450  @ 2.67GHz +
-  * 4G de RAM +
-  * bce0 : QLogic NetXtreme II BCM5716 1000Base-T (C0) +
-    * IPMI +
-  * bce1 : QLogic NetXtreme II BCM5716 1000Base-T (C0) +
-    * Admin +
-  * igb0 : Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k +
-    * WAN +
-  * igb1 : Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k +
-    * LAN +
- +
-Services : +
-  * ntpd +
-  * pf +
-  * snmpd (vers le LibreNMS de [[machines:grifon:gurvant]]) +
-  * munin-node +
-  * smartctl +
-  * nrpe (monitoring des sessions BGP) +
-  * bird2 ([[reseau:bgp#ipv4|bgp]], [[reseau:ospf:nominoe|ospf]]) +
- +
-Administrateurs : +
-  * alarig +
-  * petrus +
-  * gizmo +
-  * dotux +
-  * nemo +
- +
-===== Configuration réseau (partiellement à jour) ===== +
- +
-  * igb0, interface sans IP +
-    * igb0.20, interconnexion avec Cogent +
-    * igb0.22, interconnexion avec Breizh-IX +
-    * igb0.50, interconnexion avec Quantic +
-  * igb1, interface réseau grifon (sans IP) +
-    * igb1.30, VLAN data +
-    * igb1.31, Interco VPN +
-    * igb1.32, Interco ADSL +
-    * igb1.41, Interco iBGP +
-    * igb1.100, livraison transit petrus +
-    * igb1.101, livraison transit guizmo34 +
-    * igb1.102, livraison transit AS112 +
-  * bec0, interface IPMI +
-  * bce1, interface LAN admin +
- +
-Contrairement à [[nominoe]], budic n’a pas de tunnels. La raison principale est que nous étions déjà mutli-homés quand nous l’avons mis en place, nous n’avions donc plus besoin d’ARN et de HE. +
- +
-<file> +
-igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 +
- options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6> +
- ether 00:1b:21:48:68:98 +
- hwaddr 00:1b:21:48:68:98 +
- nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> +
- media: Ethernet autoselect (1000baseT <full-duplex>+
- status: active +
-igb1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 +
- options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6> +
- ether 00:1b:21:48:68:99 +
- hwaddr 00:1b:21:48:68:99 +
- nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> +
- media: Ethernet autoselect (1000baseT <full-duplex>+
- status: active +
-igb2: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500 +
- options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6> +
- ether 00:1b:21:48:68:9c +
- hwaddr 00:1b:21:48:68:9c +
- nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> +
- media: Ethernet autoselect +
- status: no carrier +
-igb3: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500 +
- options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6> +
- ether 00:1b:21:48:68:9d +
- hwaddr 00:1b:21:48:68:9d +
- nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> +
- media: Ethernet autoselect +
- status: no carrier +
-bce0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 +
- options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE> +
- ether bc:30:5b:df:9d:03 +
- hwaddr bc:30:5b:df:9d:03 +
- nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> +
- media: Ethernet autoselect +
-bce1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 +
- options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE> +
- ether bc:30:5b:df:9d:04 +
- hwaddr bc:30:5b:df:9d:04 +
- inet 172.17.0.10 netmask 0xffffff00 broadcast 172.17.0.255  +
- nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> +
- media: Ethernet autoselect (1000baseT <full-duplex>+
- status: active +
-lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 +
- options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> +
- inet6 ::1 prefixlen 128  +
- inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7  +
- inet 127.0.0.1 netmask 0xff000000  +
- nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> +
- groups: lo  +
-igb0.20: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 +
- description: Transit: cogent +
- options=600303<RXCSUM,TXCSUM,TSO4,TSO6,RXCSUM_IPV6,TXCSUM_IPV6> +
- ether 00:1b:21:48:68:98 +
- inet 149.6.72.99 netmask 0xfffffff8 broadcast 149.6.72.103  +
- inet6 fe80::21b:21ff:fe48:6898%igb0.20 prefixlen 64 scopeid 0x8  +
- inet6 2001:978:2:4e::5:3 prefixlen 112  +
- nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> +
- media: Ethernet autoselect (1000baseT <full-duplex>+
- status: active +
- vlan: 20 vlanpcp: 0 parent interface: igb0 +
- groups: vlan  +
-igb0.50: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 +
- description: Transit: quantic +
- options=600303<RXCSUM,TXCSUM,TSO4,TSO6,RXCSUM_IPV6,TXCSUM_IPV6> +
- ether 00:1b:21:48:68:98 +
- inet 169.254.1.3 netmask 0xfffffff8 broadcast 169.254.1.7  +
- inet6 fe80::21b:21ff:fe48:6898%igb0.50 prefixlen 64 scopeid 0x9  +
- inet6 2a06:e040:3501:101:2::3 prefixlen 80  +
- nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> +
- media: Ethernet autoselect (1000baseT <full-duplex>+
- status: active +
- vlan: 50 vlanpcp: 0 parent interface: igb0 +
- groups: vlan  +
-igb0.22: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 +
- description: Peering: BreizhIX +
- options=600303<RXCSUM,TXCSUM,TSO4,TSO6,RXCSUM_IPV6,TXCSUM_IPV6> +
- ether 00:1b:21:48:68:98 +
- inet 185.1.89.13 netmask 0xffffff00 broadcast 185.1.89.255  +
- inet6 fe80::21b:21ff:fe48:6898%igb0.22 prefixlen 64 scopeid 0xa  +
- inet6 2001:7f8:b1::d prefixlen 64  +
- nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> +
- media: Ethernet autoselect (1000baseT <full-duplex>+
- status: active +
- vlan: 22 vlanpcp: 0 parent interface: igb0 +
- groups: vlan  +
-igb1.30: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 +
- description: Core: VLAN30 +
- options=600303<RXCSUM,TXCSUM,TSO4,TSO6,RXCSUM_IPV6,TXCSUM_IPV6> +
- ether 00:1b:21:48:68:99 +
- inet 89.234.186.6 netmask 0xffffff80 broadcast 89.234.186.127  +
- inet 80.67.190.195 netmask 0xffffffe0 broadcast 80.67.190.223  +
- inet6 fe80::21b:21ff:fe48:6899%igb1.30 prefixlen 64 scopeid 0xb  +
- inet6 2a00:5884::6 prefixlen 64  +
- nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> +
- media: Ethernet autoselect (1000baseT <full-duplex>+
- status: active +
- vlan: 30 vlanpcp: 0 parent interface: igb1 +
- groups: vlan  +
-igb1.31: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 +
- description: Core: Interco VPN +
- options=600303<RXCSUM,TXCSUM,TSO4,TSO6,RXCSUM_IPV6,TXCSUM_IPV6> +
- ether 00:1b:21:48:68:99 +
- inet 89.234.186.186 netmask 0xfffffff8 broadcast 89.234.186.191  +
- inet6 fe80::21b:21ff:fe48:6899%igb1.31 prefixlen 64 scopeid 0xc  +
- inet6 2a00:5884:0:2::2 prefixlen 64  +
- nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> +
- media: Ethernet autoselect (1000baseT <full-duplex>+
- status: active +
- vlan: 31 vlanpcp: 0 parent interface: igb1 +
- groups: vlan  +
-igb1.32: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 +
- description: Core: Interco ADSL +
- options=600303<RXCSUM,TXCSUM,TSO4,TSO6,RXCSUM_IPV6,TXCSUM_IPV6> +
- ether 00:1b:21:48:68:99 +
- inet 89.234.186.202 netmask 0xfffffff8 broadcast 89.234.186.207  +
- inet6 fe80::21b:21ff:fe48:6899%igb1.32 prefixlen 64 scopeid 0xd  +
- inet6 2a00:5884:0:1::2 prefixlen 64  +
- nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> +
- media: Ethernet autoselect (1000baseT <full-duplex>+
- status: active +
- vlan: 32 vlanpcp: 0 parent interface: igb1 +
- groups: vlan  +
-igb1.41: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 +
- description: Core: Interco iBGP +
- options=600303<RXCSUM,TXCSUM,TSO4,TSO6,RXCSUM_IPV6,TXCSUM_IPV6> +
- ether 00:1b:21:48:68:99 +
- inet 89.234.186.178 netmask 0xfffffff8 broadcast 89.234.186.183  +
- inet6 fe80::21b:21ff:fe48:6899%igb1.41 prefixlen 64 scopeid 0xe  +
- inet6 2a00:5884:0:4::2 prefixlen 64  +
- nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> +
- media: Ethernet autoselect (1000baseT <full-duplex>+
- status: active +
- vlan: 41 vlanpcp: 0 parent interface: igb1 +
- groups: vlan  +
-igb1.100: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 +
- description: Cust: Livraison transit petrus +
- options=600303<RXCSUM,TXCSUM,TSO4,TSO6,RXCSUM_IPV6,TXCSUM_IPV6> +
- ether 00:1b:21:48:68:99 +
- inet6 2a00:5884:0:100::2 prefixlen 112  +
- inet6 fe80::21b:21ff:fe48:6899%igb1.100 prefixlen 64 scopeid 0xf  +
- nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> +
- media: Ethernet autoselect (1000baseT <full-duplex>+
- status: active +
- vlan: 100 vlanpcp: 0 parent interface: igb1 +
- groups: vlan  +
-igb1.101: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 +
- description: Cust: Livraison transit guizmo34 +
- options=600303<RXCSUM,TXCSUM,TSO4,TSO6,RXCSUM_IPV6,TXCSUM_IPV6> +
- ether 00:1b:21:48:68:99 +
- inet6 2a00:5884:0:101::2 prefixlen 112  +
- inet6 fe80::21b:21ff:fe48:6899%igb1.101 prefixlen 64 scopeid 0x10  +
- nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> +
- media: Ethernet autoselect (1000baseT <full-duplex>+
- status: active +
- vlan: 101 vlanpcp: 0 parent interface: igb1 +
- groups: vlan  +
-igb1.102: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 +
- description: Cust: Livraison BGP AS112 +
- options=600303<RXCSUM,TXCSUM,TSO4,TSO6,RXCSUM_IPV6,TXCSUM_IPV6> +
- ether 00:1b:21:48:68:99 +
- inet 89.234.186.130 netmask 0xfffffff8 broadcast 89.234.186.135  +
- inet6 fe80::21b:21ff:fe48:6899%igb1.102 prefixlen 64 scopeid 0x11  +
- inet6 2a00:5884:0:100::1:2 prefixlen 112  +
- nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> +
- media: Ethernet autoselect (1000baseT <full-duplex>+
- status: active +
- vlan: 102 vlanpcp: 0 parent interface: igb1 +
- groups: vlan  +
-pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160 +
- groups: pflog  +
-</file> +
- +
-===== Configuration système (partiellement à jour) ===== +
- +
-<file | /etc/rc.conf> +
-hostname="budic.cogent-rns.grifon.fr" +
-keymap="fr" +
-ifconfig_bce1="inet 172.17.0.10/24" +
- +
-ifconfig_igb0="up" +
-ifconfig_igb1="up" +
-defaultrouter="149.6.72.97" +
-ipv6_defaultrouter="2001:978:2:4e::5:1" +
- +
-gateway_enable="YES" +
-ipv6_gateway_enable="YES" +
- +
-ntpdate_enable="YES" +
-ntpdate_hosts="89.234.186.7" +
-syslogd_enable="YES" +
-syslogd_flags="-ss" +
- +
-sshd_enable="YES" +
-ntpd_enable="YES" +
-# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable +
-dumpdev="AUTO" +
- +
-# pf +
-pf_enable="YES" +
-pf_rules="/etc/pf.conf"         # rules definition file for pf +
-pf_flags=""                     # additional flags for pfctl startup +
-pflog_enable="YES"              # start pflogd(8) +
-pflog_logfile="/var/log/pflog"  # where pflogd should store the logfile +
-pflog_flags=""                  # additional flags for pflogd startup +
-pflogd_enable="YES" +
- +
-# SNMP +
-snmpd_enable="YES" +
-snmpd_flags="-a" +
-snmpd_conffile="/usr/local/etc/snmpd.conf" +
-snmptrapd_enable="YES" +
-snmptrapd_flags="-a -p /var/run/snmptrapd.pid" +
-bsnmpd_enable="YES" +
- +
-# munin +
-munin_node_enable="YES" +
- +
-# smartctl +
-smartd_enable="YES" +
- +
-# NRPE +
-nrpe3_enable="YES" +
- +
-# https://grifon.fr/comptes-rendus/2016-06-06_reunion-hackerspace.html#quagga-ou-bird +
-bird_enable="YES" +
-bird6_enable="YES" +
- +
-# routes statiques IPv6 +
-</file> +
- +
-<file | /etc/start_if.igb0> +
-#!/bin/sh +
- +
-ifconfig igb0.20 create +
-ifconfig igb0.20 description "Transit: cogent" +
-ifconfig igb0.20 vlan 20 vlandev igb0 +
-ifconfig igb0.20 inet 149.6.72.99/29 +
-ifconfig igb0.20 inet6 2001:978:2:4e::5:3/112 +
- +
-ifconfig igb0.50 create +
-ifconfig igb0.50 description "Transit: quantic" +
-ifconfig igb0.50 vlan 50 vlandev igb0 +
-ifconfig igb0.50 inet 169.254.1.3/29 +
-ifconfig igb0.50 inet6 2a06:e040:3501:0101:0002::3/80 +
- +
-ifconfig igb0.22 create +
-ifconfig igb0.22 description "Peering: BreizhIX" +
-ifconfig igb0.22 vlan 22 vlandev igb0 +
-ifconfig igb0.22 inet 185.1.89.13/24 +
-ifconfig igb0.22 inet6 2001:7f8:b1::d/64 +
-</file>+
machines/grifon/budic.txt · Dernière modification: 2019/02/25 20:38 de nemo