Outils pour utilisateurs

Outils du site


machines:grifon:nominoe

Nominoe

Rôle principal : routeur BGP

Machine physique

FreeBSD nominoe.grifon.fr 10.1-RELEASE-p31 FreeBSD 10.1-RELEASE-p31 #0: Wed Mar 16 18:39:20 UTC 2016   
root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

Configuration matérielle :

  • Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz
  • 2G de RAM
  • em0 : 82571EB Gigabit Ethernet Controller (carte PCI externe)
  • em1 : 82571EB Gigabit Ethernet Controller (carte PCI externe)
  • em2 : 82578DC Gigabit Network Connection (interface intégrée à la carte mère)

Services :

Administrateurs :

  • gizmo
  • alarig
  • petrus
  • dotux
  • glucas

Configuration réseau

  • em0, interface sans IP
  • em0.20, interconnexion avec cogent
  • em1, interface réseau grifon
  • em2, interface LAN admin
  • em2.41, interface OSPF
  • gre0, premier tunnel avec ARN
  • gre1, second tunnel avec ARN
  • pflog0, interface pour le log du traffic
  • gif0, tunnel avec HE, BGP coupé dedans mais tunnel toujours monté

Les trois derniers tunnels sont montés sur l’interface d’interco avec cogent.

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=4019b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,VLAN_HWTSO>
	ether 00:15:17:39:f0:1a
	inet6 fe80::215:17ff:fe39:f01a%em0 prefixlen 64 scopeid 0x1 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=4019b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,VLAN_HWTSO>
	ether 00:15:17:39:f0:1b
	inet6 fe80::215:17ff:fe39:f01b%em1 prefixlen 64 scopeid 0x2 
	inet 89.234.186.1 netmask 0xffffff80 broadcast 89.234.186.127 
	inet6 2a00:5884::1 prefixlen 64 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
	ether 00:27:0e:04:03:53
	inet6 fe80::227:eff:fe04:353%em2 prefixlen 64 scopeid 0x3 
	inet 172.17.0.1 netmask 0xffffff00 broadcast 172.17.0.255 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 
	inet 127.0.0.1 netmask 0xff000000 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
em0.20: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=103<RXCSUM,TXCSUM,TSO4>
	ether 00:15:17:39:f0:1a
	inet6 fe80::215:17ff:fe39:f01a%em0.20 prefixlen 64 scopeid 0x6 
	inet 149.6.72.98 netmask 0xfffffff8 broadcast 149.6.72.103 
	inet6 2001:978:2:4e::5:2 prefixlen 112 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
	vlan: 20 parent interface: em0
em2.41: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=103<RXCSUM,TXCSUM,TSO4>
	ether 00:27:0e:04:03:53
	inet6 fe80::227:eff:fe04:353%em2.41 prefixlen 64 scopeid 0x7 
	inet 172.16.0.1 netmask 0xffffff00 broadcast 172.16.0.255 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
	vlan: 41 parent interface: em2
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1480
	tunnel inet 149.6.72.98 --> 216.66.84.50
	inet6 fe80::215:17ff:fe39:f01a%gif0 prefixlen 64 scopeid 0x5 
	inet6 2001:470:11:cf::2 --> 2001:470:11:cf::1 prefixlen 128 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
gre0: flags=9051<UP,POINTOPOINT,RUNNING,LINK0,MULTICAST> metric 0 mtu 1476
	tunnel inet 149.6.72.98 --> 149.11.26.42
	inet6 fe80::215:17ff:fe39:f01a%gre0 prefixlen 64 scopeid 0x8 
	inet 89.234.141.143 --> 89.234.141.142 netmask 0xfffffffe 
	inet6 2a00:5881:8100:ff00::143 prefixlen 112 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
gre1: flags=9051<UP,POINTOPOINT,RUNNING,LINK0,MULTICAST> metric 0 mtu 1476
	tunnel inet 149.6.72.98 --> 149.11.26.43
	inet6 fe80::215:17ff:fe39:f01a%gre1 prefixlen 64 scopeid 0x9 
	inet 89.234.186.14 --> 89.234.186.13 netmask 0xffffffff 
	inet6 2a00:5884:ff::14 prefixlen 112 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

Configuration système

/etc/rc.conf
hostname="nominoe.grifon.fr"
keymap="fr.iso.acc.kbd"
 
sshd_enable="YES"
ntpd_enable="YES"
unbound_enable="YES"
# NTP
ntpd_enable="YES"
ntpd_sync_on_start="YES"
ntpd_config="/etc/ntp.conf"
# monitoring
munin_node_enable="YES"
 
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
coretemp_load="YES"
 
cloned_interfaces="gif0 em0.20 em2.41 gre0 gre1"
 
#Note: If you do not assign an IP Adress to your parent device, you need to 
#start it explicitly:
ifconfig_em0="up"
#ifconfig_em0.20="inet 149.6.72.98 netmask 255.255.255.248 vlan 20 vlandev em0"
# La ligne précédente ne fonctionne pas, donc j’ai créé un script
# /etc/start_if.em0 avec les commandes qui vont bien
 
ifconfig_em1="inet 89.234.186.1 netmask 255.255.255.128"
ifconfig_em2="inet 172.17.0.1 netmask 255.255.255.0"
# pour le VLAN OSPF, voir /etc/start_if.em2
defaultrouter="149.6.72.97"
 
## IPv6
# WAN
ipv6_activate_all_interfaces="YES"
#ifconfig_em0.20_ipv6="2001:978:2:4e::5:2/112"
# La ligne précédente ne fonctionne pas, donc j’ai créé un script
# /etc/start_if.em0 avec les commandes qui vont bien
ipv6_defaultrouter="2001:978:2:4e::5:1"
 
# LAN
ifconfig_em1_ipv6="inet6 2a00:5884::1/64"
 
## routage
# activer le routage
gateway_enable="YES"
ipv6_gateway_enable="YES"
 
# tunnel he
# ifconfig gif0 create
# ifconfig gif0 tunnel 89.234.186.1 216.66.84.50
# ifconfig gif0 inet6 2001:470:11:cf::2 2001:470:11:cf::1 prefixlen 128
# ifconfig gif0 up
 
# IP source modifiée pour l’IP d’interco à cause de la session BGP down
# alarig@, 19/01/2015
ifconfig_gif0="tunnel 149.6.72.98 216.66.84.50 mtu 1480"
ifconfig_gif0_ipv6="inet6 2001:470:11:cf::2 2001:470:11:cf::1 prefixlen 128"
 
ifconfig_gre0="89.234.141.143/31 89.234.141.142 tunnel 149.6.72.98 149.11.26.42 up"
ifconfig_gre0_ipv6="inet6 2a00:5881:8100:ff00::143 prefixlen 112"
ifconfig_gre1="89.234.186.14/32 89.234.186.13 tunnel 149.6.72.98 149.11.26.43 up"
ifconfig_gre1_ipv6="inet6 2a00:5884:ff::14 prefixlen 112"
 
static_routes="gre0 gre1 vpn"
route_vpn="89.234.186.64/27 89.234.186.3"
route_gre0="-net 89.234.141.142/32 -iface gre0"
route_gre1="-net 89.234.186.13/32 -iface gre1"
/etc/start_if.em0
#!/bin/sh
 
ifconfig em0.20 create
ifconfig em0.20 description "transit cogent"
ifconfig em0.20 vlan 20 vlandev em0
ifconfig em0.20 inet 149.6.72.98 netmask 255.255.255.248
ifconfig em0.20 inet6 2001:978:2:4e::5:2/112
 
ifconfig em0.21 create
ifconfig em0.21 description "transit quantic"
ifconfig em0.21 vlan 21 vlandev em0
#ifconfig em0.21 inet  netmask
#ifconfig em0.21 inet6
/etc/start_if.em2
#!/bin/sh
 
ifconfig em2.41 create
ifconfig em2.41 vlan 41 vlandev em2
ifconfig em2.41 inet 172.16.0.1 netmask 255.255.255.0
machines/grifon/nominoe.txt · Dernière modification: 2017/03/13 17:23 par alarig