Basic requirements ( 50% score if passes the tests )
-
Your ISP network has at least 3 IPv4 segments - “private”, “users”, and “company”. -
“Users” segment shall have NAT. -
Your ISP shall have at least 3 plans - with limited speed, with limited traffic, with unlimited speed and traffic
-
You should collect traffic statistics to fulfill plans requirements
-
You should export your networks to BGP using the ASN and IP assigned -
You should import other networks from BGP using the peer ASN and the peer IP -
Your system shall pass the implementation tests
Bonus points to max the score
- OSPF routing between segments ( + 10% )
- At least one segment is connected via VPN ( +10 %)
- DNS service for ISP clients ( + 10% )
- DHCP server in “users” segment ( + 10% )
- DMZ segment with ISP services ( HTTP, FTP, SMTP, at least one ) ( + 10% )
- Billing website with traffic statistics and plan info for my IP ( +10% )
- Full IPv6 support, including BGP IPv6 routes exchange ( +20% )
We need 2 virtual machines and 1 host. One vm will be company, the other will be user. On the host will work BGP. VMs are taken from DB course)
We need to add a host-only network to the virtual machine. To do so, go to File > Preferences > Network > Host-only Networks
and add a new one. Then, go to the virtual machine settings and add a new network adapter with the new host-only network. Finally, start the virtual machine and run ip a
to check the new network adapter.
Additionaly, we need Internal Network for communication between the virtual machines. Set up the 'bibka' network name for both machines.
Vbox will automatically set up needed network interfaces. We need to set up static IP addresses for them. To do so, run user.sh script. It will set up static IP addresses for the interfaces and will add routing to the host-only network. For future test we can add user by running create_interfaces.sh script.
NAT made by iptables. To set up all needed in user.sh script.
For traffic control we use tc. To set up we can use command sudo tc qdisc add dev enp0s3 root tbf rate 1mbit burst 32kbit latency 400ms
. To check the result we can use tc -s qdisc ls dev enp0s3
command. To delete all rules we can use sudo tc qdisc del dev enp0s3 root
.
For speedtest just use nc and dd. For example, dd if=/dev/zero bs=1M count=100 | nc bla-bla-bla 1234
and nc -l -vv 1234
.
If everything is ok, we can see next ip a
output:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:f3:8a:e7 brd ff:ff:ff:ff:ff:ff
inet 172.16.0.2/12 brd 172.31.255.255 scope global dynamic noprefixroute enp0s3
valid_lft 381sec preferred_lft 381sec
inet 10.204.0.2/17 scope global enp0s3
valid_lft forever preferred_lft forever
inet 192.168.56.2/32 scope global enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::cdc0:3007:feab:10ce/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:e7:9f:74 brd ff:ff:ff:ff:ff:ff
inet 172.16.0.1/12 scope global enp0s8
valid_lft forever preferred_lft forever
4: user: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether c8:d7:4a:4e:47:50 brd ff:ff:ff:ff:ff:ff
inet 172.18.100.100/32 scope global user
valid_lft forever preferred_lft forever
inet6 fe80::cad7:4aff:fe4e:4750/64 scope link
valid_lft forever preferred_lft forever
Oh, it's the same as for users, but we don't need NAT. So, we can use create_interfaces.sh script to set up static IP addresses for the interfaces and will add routing to the host-only network. And companies.sh script to set up traffic forwarding.
We need to set up something like this:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 48:bf:6b:f2:64:70 brd ff:ff:ff:ff:ff:ff
inet 172.29.66.208/22 brd 172.29.67.255 scope global dynamic noprefixroute wlp3s0
valid_lft 2117sec preferred_lft 2117sec
inet6 fe80::67e6:307f:67b6:7c7f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: vboxnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 192.168.56.1/24 brd 192.168.56.255 scope global vboxnet0
valid_lft forever preferred_lft forever
inet 10.204.0.1/17 scope global vboxnet0
valid_lft forever preferred_lft forever
inet6 fe80::800:27ff:fe00:0/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
And just run bgp.sh script. It will set up bgp and will add routing to the host-only network. If there is no needed interface, we can add it by running create_interfaces.sh script.