Yadda ake Sarrafa zirga-zirgar Yanar Gizo Ta amfani da Squid Cache da Cisco Router a Linux
Ɗaya daga cikin muhimmin aiki a cikin hanyar sadarwa shine sarrafawa da sarrafa ma'aikata na zirga-zirgar yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon ma'aikata da kuma sarrafa ma'aikata masu amfani da yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon yanar gizon ma'aikata da kuma sarrafa ma'aikata, akwai hanyoyi masu yawa da za su iya magance wannan batu, daya daga cikin mafi kyawun mafita shine ta amfani da cache na squid akan na'urar Linux. Squid na iya dubawa, iyakancewa da cache zirga-zirgar gidan yanar gizo yana gudana daga wannan hanyar sadarwa zuwa wata cibiyar sadarwa misali daga LAN zuwa Intanet.
Akwai ƴan hanyoyi don karkatar da buƙatun gidan yanar gizo na abokin ciniki zuwa injin squid, a cikin wannan labarin za mu nuna muku yadda ake karkatar da zirga-zirgar gidan yanar gizo daga na'ura mai ba da hanya tsakanin hanyoyin sadarwa na CISCO zuwa na'urar Cache Squid ta amfani da ka'idar WCCP.
Hoton da ke ƙasa misali ne na ainihin labari.
Kamar yadda kuke gani a sama hoton duk zirga-zirgar gidan yanar gizo na abokin ciniki na farko yana zuwa Cisco Router (Wannan ita ce tsohuwar ƙofa), sannan na'ura mai ba da hanya tsakanin hanyoyin sadarwa ta yi shiru ta tura fakiti zuwa na'urar squid, yanzu squid na iya taka rawarsa, babban aikin shine caching abubuwan cikin gidan yanar gizo, iyakance samun dama ga tushen. akan yanki, tazarar lokaci, adiresoshin ip, girman fayiloli, da sauransu.
Mun sake nazarin wannan yanayin yanayin a cikin manyan matakai guda biyu, da farko ya kamata mu shigar da saita squid da Linux, sannan mu saita na'ura mai ba da hanya tsakanin hanyoyin sadarwa don tura fakitin zirga-zirgar yanar gizo zuwa squid ta amfani da ka'idar WCCP.
A cikin wannan yanayin Ina amfani da CENTOS 6.5 azaman sabar LINUX dina da Cisco 2691 azaman tsarin Router dina.
Operating System: CENTOS 6.5 Application: Squid Router: Cisco 2691
Mataki 1: Sanya Squid Cache
Ana samun Squid akan tsoffin ma'ajiyar CENTOS, mun fara shigar da shi ta amfani da kyakkyawan umarni yum sannan mu fara ayyukan su kuma a ƙarshe saita farawa ta atomatik na sabis na squid.
# yum -y install squid # service squid start # chkconfig squid on
Mataki 2: Ana Shirya Cache Squid
Yanzu dole ne mu canza wasu tsoffin halaye na tsarin aiki na centos, muna buƙatar ba da damar tura fakiti da kuma musaki tacewa ta hanyar juyawa (RPF), muna ba da damar tura fakiti don barin centos yana aiki azaman mai isar da sako (kamar na'ura mai ba da hanya tsakanin hanyoyin sadarwa).
Bari in yi bayani dalla-dalla, lokacin da zirga-zirgar ababen hawa suka shiga centos suna da adireshin tushensu da kuma adireshinsu, misali idan abokin ciniki ya shigar da www.example.com akan burauzar sa, fakitin buƙatun http ya haifar kuma yana da adireshin IP na na'urar abokin ciniki. (kamar 192.168.1.20) da adireshin ip na sabar misali.com (kamar 2.2.2.2).
Don haka, lokacin da fakitin da aka karɓa ta centos yana gano azaman fakitin kuskure saboda adireshin IP na centos baya matsayin adireshin fakitin, saboda dalilan tsaro centos sauke fakitin, amma muna so daga squid ya yi aiki a cikin yanayin bayyane. Muna gaya wa wannan yanayin ga centos ta hanyar ba da damar fakitin turawa.
Na gaba ya kamata mu musaki Tace hanyar Reverse don barin centos na karɓar fakiti waɗanda injin squid ba zai iya isa ba ko kuma fakitin da ba su da adireshin IP a cikin rukunin yanar gizon squid iri ɗaya.
# nano /etc/sysctl.conf
net.ipv4.ip_forward = 1 #set to 1 for enable the packet forwarding feature net.ipv4.conf.default.rp_filter = 0 # set to 0 for disable the reverse path filter behavior
Na gaba muna buƙatar ƙirƙirar ƙirar GRE akan injin CENTOS, don menene? Bari in yi ƙarin bayani, ƙa'idar WCCP tana aiki ta hanyar Ramin GRE, yana nufin yaren da ke tsakanin na'ura mai ba da hanya tsakanin hanyoyin sadarwa da Squid shine GRE, don haka centos yana buƙatar samun haɗin GRE don fakiti na De-encapsulate GRE.
Ya kamata mu ƙirƙiri fayil ɗin sanyi don dubawar GRE a cikin hanyar \/etc/sysconfig/network-script/ifcfg-gre0.
Shigar da lambobi a ƙasa a cikin fayil ɗin sanyi na ifcfg-gre0.
DEVICE=gre0 BOOTPROTO=static IPADDR=10.0.0.2 #unused ip address in your network NETMASK=255.255.255.252 ONBOOT=yes IPV6INIT=no
Bayan ƙirƙirar haɗin GRE muna buƙatar sake kunna sabis na cibiyar sadarwa.
# service network restart
Mataki 3: Saita Cache Squid
Muna buƙatar gaya wa squid yana karɓar fakitin WCCP daga na'ura mai ba da hanya tsakanin hanyoyin sadarwa. Shigar da lambobi a ƙasa a cikin /etc/squid/squid.conf fayil.
http_port 3128 intercept # Define SQUID listening port wccp2_router 192.168.1.254 #ip address of the router wccp2_forwarding_method gre wccp2_return_method gre wccp2_service standard 0
Ajiye fayil ɗin sanyi kuma sake kunna sabis na squid.
# service squid restart
Squid yana sauraron fakiti a tashar tashar 3128, amma lambar tashar tashar tashar mu ta fakitin ita ce 80, don haka don canza tashar tashar tashar 80 zuwa 3128, muna buƙatar ƙirƙirar ka'idar NAT akan haɗakar wuta ta CENTOS (wanda ake kira iptable).
# iptables -t nat -A PREROUTING -i gre0 -p tcp --dport 80 -j REDIRECT --to-port 3128 # iptables -t nat -A POSTROUTING -j MASQUERADE
Mataki 4: Cisco Router Configurations
Da farko ya kamata mu kunna WCCP akan cisco router.
R1(config)# ip wccp version 2 Then we must use an ACL for introducing SQUID cache machine to router R1(config)# ip access-list standard SQUID-MACHINE R1(config-std-nacl)# permit host 192.168.1.10
Na gaba zamu ayyana wani jerin hanyoyin shiga don dalilai guda biyu daban-daban da farko yakamata mu banda zirga-zirgar SQUID daga sake turawa ta hanyar WCCP (idan ba mu fada cikin madauki mara iyaka ba!!) na biyu zamu ayyana wace zirga-zirgar LAN da muke son wucewa ta WCCP da SQUID.
R1(config)#ip access-list LAN-TRAFFICS R1(config-ext-nacl)#deny ip host 192.168.1.10 any #Prevent SQUID to get in loop R1(config-ext-nacl)#permit tcp 192.168.1.0 0.0.0.255 any equal www #define LAN Traffics
Bayan ƙirƙirar jerin hanyoyin mu dole ne mu saita ka'idar WCCP akan na'ura mai ba da hanya tsakanin hanyoyin sadarwa.
R1(config)# ip wccp web-cache redirect-list LAN-TRAFFIC group-list SQUID-MACHINE
Kowane abu yana shirye don mataki na ƙarshe, dole ne mu gaya wa na'ura mai ba da hanya tsakanin hanyoyin sadarwa cewa a cikin abin da ke dubawa/musaya dole ne ya tura zirga-zirgar ababen hawa ta amfani da tsarin su na WCCP.
R1(config)#interface fastEthernet 0/0 R1((config-if)# ip wccp web-cache redirect in
Takaitawa
Lokaci ya yi da za a taƙaita duk umarni da rubutu a cikin ƴan layika don ingantacciyar fahimta, bisa ga yanayin muna tura ma'aikatan fakitin hawan igiyar ruwa (wato a tashar tashar TCP 80) daga ROUTER (wato tsohuwar ƙofar abokan ciniki) zuwa cache squid. na'ura ta amfani da yarjejeniyar WCCP.
Duk waɗannan tsari sun faru a shiru kuma babu ƙarin tsari a gefen abokin ciniki. Don haka za mu iya sarrafawa da saita manufofi akan zirga-zirgar yanar gizo a cikin LAN. Misali, za mu iya samun damar shiga yanar gizo kawai a cikin ƙayyadaddun lokaci, iyakance matsakaicin girman zazzagewa, ayyana jerin baƙaƙen al'ada da jerin masu ba da izini, samar da cikakkun rahotanni na amfani da ayyukan intanet da sauransu.
Ɗaya daga cikin abubuwan ban sha'awa a cikin wannan yanayin shine lokacin da na'urar squid ta sauko da na'ura mai ba da hanya tsakanin hanyoyin sadarwa gano wannan batu kuma dakatar da tura fakiti zuwa gare ta, don haka za ku ji daɗi daga lokacin raguwa a cikin hanyar sadarwar ku.
Idan kuna da wasu tambayoyi game da wannan labarin don Allah a bar amsa ta akwatin sharhi na ƙasa.