Yadda ake Juya Linux Server zuwa na'ura mai ba da hanya tsakanin hanyoyin sadarwa don Gudanar da zirga-zirga a tsaye da Aiki - Kashi na 10


Kamar yadda muka yi tsammani a cikin darussan da suka gabata na wannan jerin LFCE(Linux Foundation Certified Engineer), a cikin wannan labarin za mu tattauna yadda ake tafiyar da zirga-zirgar IP a tsaye da ƙarfi tare da takamaiman aikace-aikace.

Abu na farko da farko, bari mu sami wasu ma'anoni kai tsaye:

  1. A cikin kalmomi masu sauƙi, fakiti shine ainihin naúrar da ake amfani da ita don watsa bayanai a cikin hanyar sadarwa. Cibiyoyin sadarwar da ke amfani da TCP/IP a matsayin tsarin sadarwar suna bin ka'idoji iri ɗaya don watsa bayanai: an raba ainihin bayanin zuwa fakitin da aka yi daga duka bayanai da adireshin inda ya kamata a aika zuwa.
  2. Routing shine aikin \jagora bayanai daga tushe zuwa inda ake nufi a cikin hanyar sadarwa.
  3. Static routing yana buƙatar saitin ƙa'idodin da aka tsara da hannu wanda aka ayyana a cikin tebur ɗin tuƙi. Waɗannan ƙa'idodi an daidaita su kuma ana amfani da su don ayyana hanyar da fakiti ya kamata ya bi yayin da yake tafiya daga wannan na'ura zuwa waccan.
  4. Tsarin hanya mai ƙarfi, ko smart routing (idan kuna so), yana nufin cewa tsarin zai iya canzawa ta atomatik, kamar yadda ake buƙata, hanyar da fakiti ke bi.

Babban IP da Kanfigareshan Na'urar hanyar sadarwa

Kunshin iproute yana ba da jerin kayan aiki don sarrafa hanyar sadarwa da sarrafa zirga-zirga waɗanda za mu yi amfani da su a cikin wannan labarin yayin da suke wakiltar maye gurbin kayan aikin gado kamar ifconfig da hanya.

Babban mai amfani a cikin iproute suite ana kiransa kawai ip. Asalin tsarinsa shine kamar haka:

# ip object command

Inda abu zai iya zama ɗaya kawai daga cikin waɗannan (kawai abubuwan da aka fi yawan lokuta ana nuna su - zaku iya komawa ga mutum ip don cikakken jeri):

  1. link: na'urar cibiyar sadarwa.
  2. addr: adireshin yarjejeniya (IP ko IPv6) akan na'ura.
  3. hanya: shigar da tebur.
  4. dokar: ka'ida a cikin bayanan bayanan manufofin.

Ganin cewa umarni yana wakiltar takamaiman aiki da za a iya yi akan abu. Kuna iya gudanar da umarni mai zuwa don nuna cikakken jerin umarni waɗanda za a iya amfani da su akan wani abu:

# ip object help

Misali,

# ip link help

Hoton da ke sama yana nuna, alal misali, cewa zaku iya canza matsayin cibiyar sadarwa tare da umarni mai zuwa:

# ip link set interface {up | down}

Don irin waɗannan ƙarin misalan umarnin ''ip', karanta Dokokin'ip' 10 masu amfani don saita Adireshin IP

A cikin wannan misalin, za mu kashe kuma mu kunna eth1:

# ip link show
# ip link set eth1 down
# ip link show

Idan kuna son sake kunna eth1,

# ip link set eth1 up

Maimakon nuna duk hanyoyin sadarwa na cibiyar sadarwa, zamu iya ƙayyade ɗaya daga cikinsu:

# ip link show eth1

Wanda zai dawo da duk bayanan eth1.

Kuna iya duba babban tebur ɗin ku na yanzu tare da ɗayan umarni 3 masu zuwa:

# ip route show
# route -n
# netstat -rn

Rukunin farko a cikin fitarwa na umarni uku yana nuna cibiyar sadarwar da aka yi niyya. Fitowar hanyar ip nuni (bin keyword dev) kuma yana gabatar da na'urorin cibiyar sadarwa waɗanda ke zama ƙofa ta zahiri zuwa waɗannan cibiyoyin sadarwa.

Ko da yake a zamanin yau an fi fifita ip Command akan hanya, har yanzu kuna iya komawa ga man ip-route da man way don cikakken bayani na sauran. na ginshiƙai.

Muna so mu yi amfani da fakitin icmp (ping) daga dev2 zuwa dev4 da sauran hanyar (lura cewa duka injinan abokin ciniki suna kan cibiyoyin sadarwa daban-daban). Sunan kowane NIC, tare da madaidaicin adireshin IPv4, ana ba da shi a cikin maƙallan murabba'i.

Yanayin gwajin mu shine kamar haka:

Client 1: CentOS 7 [enp0s3: 192.168.0.17/24] - dev1
Router: Debian Wheezy 7.7 [eth0: 192.168.0.15/24, eth1: 10.0.0.15/24] - dev2
Client 2: openSUSE 13.2 [enp0s3: 10.0.0.18/24] - dev4

Bari mu duba tebur mai tuƙi a cikin dev1 (akwatin CentOS):

# ip route show

sannan a gyara shi don amfani da enp0s3 NIC da haɗin kai zuwa 192.168.0.15 don samun damar runduna a cikin hanyar sadarwar 10.0.0.0/24:

# ip route add 10.0.0.0/24 via 192.168.0.15 dev enp0s3

Wanne da gaske yana karanta, Ƙara hanya zuwa cibiyar sadarwar 10.0.0.0/24 ta hanyar hanyar sadarwa ta enp0s3 ta amfani da 192.168.0.15 a matsayin ƙofa.

Hakanan a cikin dev4 (buɗe akwatin SUSE) zuwa ping runduna a cikin hanyar sadarwar 192.168.0.0/24:

# ip route add 192.168.0.0/24 via 10.0.0.15 dev enp0s3

A ƙarshe, muna buƙatar kunna turawa a cikin na'ura mai ba da hanya tsakanin hanyoyin sadarwa na Debian:

# echo 1 > /proc/sys/net/ipv4/ip_forward

Yanzu bari mu yi ping:

kuma,

Don sanya waɗannan saitunan su ci gaba da kasancewa a cikin takalma, shirya /etc/sysctl.conf akan na'ura mai ba da hanya tsakanin hanyoyin sadarwa kuma a tabbata an saita m net.ipv4.ip_forward zuwa gaskiya kamar haka:

net.ipv4.ip_forward = 1

Bugu da ƙari, saita NICs akan abokan ciniki biyu (duba fayil ɗin sanyi a cikin /etc/sysconfig/networkakan openSUSE da /etc/sysconfig/network-scriptsakan CentOS - a duka biyun ana kiranta ifcfg-enp0s3).

Anan ga fayil ɗin daidaitawa daga akwatin openSUSE:

BOOTPROTO=static
BROADCAST=10.0.0.255
IPADDR=10.0.0.18
NETMASK=255.255.255.0
GATEWAY=10.0.0.15
NAME=enp0s3
NETWORK=10.0.0.0
ONBOOT=yes

Wani yanayin inda za'a iya amfani da injin Linux azaman mai ba da hanya tsakanin hanyoyin sadarwa shine lokacin da kuke buƙatar raba haɗin Intanet ɗinku tare da LAN mai zaman kansa.

Router: Debian Wheezy 7.7 [eth0: Public IP, eth1: 10.0.0.15/24] - dev2
Client: openSUSE 13.2 [enp0s3: 10.0.0.18/24] - dev4

Bugu da ƙari don saita fakitin isar da saƙon da kuma tebur a tsaye a cikin abokin ciniki kamar a cikin misalin da ya gabata, muna buƙatar ƙara wasu ƙa'idodin iptables a cikin na'ura mai ba da hanya tsakanin hanyoyin sadarwa:

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

Umurni na farko yana ƙara ƙa'ida zuwa sarkar POSTROUTING a cikin tebur na nat (Network Address Translation), yana nuna cewa yakamata a yi amfani da eth0 NIC don fakiti masu fita.

MASQUERADE yana nuna cewa wannan NIC yana da IP mai ƙarfi kuma kafin aika kunshin zuwa duniyar daji na Intanet, adireshin tushen fakitin na sirri ya zama dole. za a canza zuwa na jama'a IP na na'ura mai ba da hanya tsakanin hanyoyin sadarwa.

A cikin LAN tare da runduna da yawa, na'ura mai ba da hanya tsakanin hanyoyin sadarwa yana kiyaye kafaffen haɗin gwiwa a cikin /proc/net/ip_conntrack don haka ya san inda zai dawo da martani daga Intanet zuwa ga.

Sai kawai ɓangaren fitarwa na:

# cat /proc/net/ip_conntrack

yana nunawa a cikin hoton da ke biyo baya.

Inda aka haskaka asalin (IP na sirri na akwatin budeSUSE) da kuma makoma (Google DNS) na fakiti. Wannan shi ne sakamakon gudu:

# curl linux-console.net

a kan akwatin openSUSE.

Kamar yadda na tabbata za ku iya rigaya tsammani, na'ura mai ba da hanya tsakanin hanyoyin sadarwa yana amfani da Google's 8.8.8.8 a matsayin mai suna, wanda ke bayyana dalilin da yasa maƙasudin fakiti masu fita ke nunawa ga adireshin.

Lura: Cewa fakiti masu shigowa daga Intanet ana karɓar su ne kawai idan sun kasance ɓangare na haɗin da aka riga aka kafa (umarni #2), yayin da fakiti masu fita ana ba da izini \fitarwa kyauta (umarni #3).

Kar ka manta da sanya ka'idodin iptables ɗin ku dage bin matakan da aka tsara a Sashe na 8 - Sanya Iptables Firewall na wannan jerin.

Rarraba Hanyar Hanya tare da Quagga

A zamanin yau, kayan aikin da aka fi amfani da shi don ɗorawa mai ƙarfi a cikin Linux shine quagga. Yana ba da damar masu gudanar da tsarin aiwatarwa, tare da sabar Linux mai rahusa, aiki iri ɗaya da aka samar ta hanyar masu amfani da hanyar sadarwa (kuma masu tsada) Cisco.

Kayan aikin da kansa ba ya sarrafa tsarin, sai dai yana gyara tebur na kernel yayin da yake koyon sabbin hanyoyi masu kyau don sarrafa fakiti.

Tun da cokali mai yatsa ne, shirin wanda ci gabansa ya daina ɗan lokaci kaɗan, yana kiyaye saboda dalilai na tarihi iri ɗaya umarni da tsari fiye da zebra. Wannan shine dalilin da ya sa za ku ga yawancin magana game da zebra daga wannan gaba.

Da fatan za a lura cewa ba zai yuwu a rufe tuƙi mai ƙarfi da duk ƙa'idodin da ke da alaƙa a cikin labarin guda ɗaya ba, amma ina da yakinin cewa abubuwan da aka gabatar anan zasu zama mafari a gare ku don haɓakawa.

Don shigar da quagga akan rarrabawar da kuka zaɓa:

# aptitude update && aptitude install quagga 				[On Ubuntu]
# yum update && yum install quagga 					[CentOS/RHEL]
# zypper refresh && zypper install quagga 				[openSUSE]

Za mu yi amfani da yanayi iri ɗaya kamar misalin #3, tare da kawai bambanci cewa eth0 yana da alaƙa da babban hanyar sadarwa ta hanyar ƙofa tare da IP 192.168.0.1.

Na gaba, gyara /etc/quagga/daemons tare da,

zebra=1
ripd=1

Yanzu ƙirƙirar fayilolin sanyi masu zuwa.

# /etc/quagga/zebra.conf
# /etc/quagga/ripd.conf

kuma ƙara waɗannan layin (maye gurbin sunan mai masauki da kalmar sirri da kuka zaɓa):

service quagga restart
hostname    	dev2
password    	quagga
# service quagga restart

Lura: Wannan ripd.conf shine fayil ɗin daidaitawa don Ka'idar Bayanin Rubutu, wanda ke ba wa na'ura mai ba da hanya tsakanin hanyoyin sadarwa bayanan da za a iya isa ga hanyoyin sadarwa da nisa (dangane da adadin hops).

Lura cewa wannan daya ne kawai daga cikin ka'idojin da za a iya amfani da su tare da quagga, kuma na zaɓe shi don wannan koyawa saboda sauƙin amfani da kuma saboda yawancin na'urorin sadarwa suna goyon bayansa, ko da yake yana da lahani na wucewar takardun shaida a cikin rubutu na fili. Don haka, kuna buƙatar sanya izini masu dacewa ga fayil ɗin daidaitawa:

# chown quagga:quaggavty /etc/quagga/*.conf
# chmod 640 /etc/quagga/*.conf 

A cikin wannan misalin za mu yi amfani da saitin mai zuwa tare da masu amfani da hanyoyin sadarwa guda biyu (tabbatar ƙirƙirar fayilolin daidaitawa don na'ura mai ba da hanya tsakanin hanyoyin sadarwa #2 kamar yadda aka bayyana a baya):

Muhimmi: Kar a manta da maimaita saitin mai zuwa don duka hanyoyin sadarwa biyu.

Haɗa zuwa zebra (sauraron tashar jiragen ruwa 2601), wanda shine madaidaicin ma'amala tsakanin na'ura mai ba da hanya tsakanin hanyoyin sadarwa da kernel:

# telnet localhost 2601

Shigar da kalmar sirrin da aka saita a cikin fayil ɗin /etc/quagga/zebra.conf, sannan kunna sanyi:

enable
configure terminal

Shigar da adireshin IP da abin rufe fuska na kowane NIC:

inter eth0
ip addr 192.168.0.15
inter eth1
ip addr 10.0.0.15
exit
exit
write

Yanzu muna buƙatar haɗi zuwa tashar daemon ta RIP (tashar jiragen ruwa 2602):

# telnet localhost 2602

Shigar da sunan mai amfani da kalmar sirri kamar yadda aka tsara a cikin fayil ɗin /etc/quagga/ripd.conf, sannan a rubuta waɗannan umarni da ƙarfi (ana ƙara sharhi don ƙarin bayani):

enable turns on privileged mode command.
configure terminal changes to configuration mode. This command is the first step to configuration
router rip enables RIP.
network 10.0.0.0/24 sets the RIP enable interface for the 10.0.0.0/24 network. 
exit
exit
write writes current configuration to configuration file.

Lura: Cewa a cikin waɗannan lokuta biyu ana haɗa haɗin zuwa layin da muka ƙara a baya (/etc/quagga/zebra.conf da /etc/quagga/ripd.conf) .

A ƙarshe, sake haɗawa zuwa sabis na zebra akan duka hanyoyin biyu kuma ku lura da yadda kowanne ɗayansu yake da \koyi hanyar zuwa hanyar sadarwar da ke bayan ɗayan, kuma wacce ita ce hop na gaba don zuwa. wannan hanyar sadarwa, ta hanyar gudanar da umarni nuna hanyar ip:

# show ip route

Idan kuna son gwada ƙa'idodi daban-daban ko saiti, kuna iya komawa zuwa rukunin aikin Quagga don ƙarin takaddun bayanai.

Kammalawa

A cikin wannan labarin mun yi bayanin yadda ake saita tsayayyen hanya kuma mai ƙarfi, ta amfani da na'ura mai ba da hanya tsakanin hanyoyin sadarwa na akwatin Linux. Jin kyauta don ƙara yawan masu amfani da hanyoyin sadarwa kamar yadda kuke so, da kuma gwada gwargwadon yadda kuke so. Kada ku yi jinkiri don dawo mana ta amfani da fom ɗin tuntuɓar da ke ƙasa idan kuna da wasu sharhi ko tambayoyi.