OѾ
JMDQnNƶǰe줣PɱozLѾAҥHաAѾDn\NOG
yʥ]zoI
]NOAѾ|Rӷݫʥ] IP YAXؼЪ IP AzLѾѪ
(routing table) Noӫʥ]VU@ӥؼ (next hop) ǰeCoNOѾ\C
Ѿ\iHpFOHثeؤkiHFG
WoӰʧ@Nb} Linux ֤ߪʥ]OCAiHNWzOgJ /etc/rc.d/rc.local A
H Linux iHb}ɭԴNҰʫʥ]\A
]iHzLק /etc/sysctl.conf ӹF}Ұʫʥ]G
sysctl oӫOOb֤ߤu@ɥΨӪק֤߰Ѽƪ@ӫOAh\iHѦ man sysctl dߡC
nháIunoӰʧ@AA Linux N㦳²檺Ѿ\FC
ӥѩ Linux ѾѪ]wkPAq`ѾWѪ觋NءG
Ѿ\iHpFOHثeؤkiHFG
- w\GҦp Cisco, IBM, 3Com qͲwѾAoǸѾOJ@~tΡA
iHtdP춡ʥ]ĶP\F
- n\GҦp Linux oӧ@~tΪ֤ߴNѫʥ]OC
[root@linux ~]# echo "1" > /proc/sys/net/ipv4/ip_forward
|
[root@linux ~]# vi /etc/sysctl.conf # NUoӳ]wȭק勵TYiI net.ipv4.ip_forward = 1 [root@linux ~]# sysctl -p <==ߨӳ]wͮ |
- RAѡGH route oӫOӪ]wѪ֤ߥ\A]wȥunPҬ۲ŧYiC
LAA즳ܤƮɡAѾNons]wF
- ʺAѡGzL zebra n骺\AodzniHw˦b Linux ѾWA ӳodzniHʺA쪺ܤơAӪק Linux ֤ߪѪTA ALʥH route ӭקAѪTI
- @ӻAѾ|ӺAzLѾ IP \ӺiH۷qʥ]C
pGӤ@O@ IP (public IP) @Op IP (private IP) OH
ѩp IP ઽP@ IP qѸTAɴNonB~y IP Ķz\FF
- Linux NAT DiHzLקʥ] IP YƤӷΥؼ IP AӦۨp IP ʥ]iHন NAT D@ IP ANiHsW Internet I
ɻݭnѾH
@ӻAqƶqpƤQp~OLѾAuݭnQ hub/switch 걵UqA
MzL@us Internet WYiCLApGOWLƦʳqj~ҡA
ѩL̪ҳq`ݭnҼ{pUpA]~ݭnѾ[]G
- uGuήįҶqG
b@ɤjӪPӼhn걵ҦqiIסAiHzLCӼӼh[]@ѾA ñNCӼӼhѾ۳sAN²檺zUӼhF ~ApGUӼhQ[]ѾAӬOHu걵UӼh hub/switch ɡA ѩP@쪺ƬOzLsӶǻAӤjӪY@qbsɡA ҦqN|H^AzI|yjӤįDFҥH[]ѾNujA NUo譱įF
- WPO@ƪҶqG
b\ŪL¦`AzN|oA unuOsb@_AƳzLsɡAANiHzL tcpdump OӺťʥ]ơA åBHѨҥHApGAƥiݭnWߡA Ϊ̬OYǭnƥnbq]HO@ɡAiHNǭnq@ӿWߪA B~[]BѾsWqC
RAѤѾ
]bQqҷAF@¾u@ιqOs~Ѿӳs InternetA
b٦@ӳݭnwWҡA]oWiOo˪pG
Ϥ@BRAѤѾ[cܷN
HWϪ[cӻAoaqDn C class AOO 192.168.0.0/24 192.168.10.0/24 A 𫟺 192.168.0.0/24 OΨӰ@usںΪAܩ 192.168.10.0/24 hOSΪCPC1 NO@uqA PC2 PC3, PC4 hOSu@ιqA Linux Router hOoӯSΨӳs줽q쪺ѾCbo˪[cUA ӯSʥ]N㦳¦O@FC
ѹϤ@A]o{AunO㦳Ѿ\] (Router A, Linux Router) |㦳ӥHWA OΨӷqPAPɸӸѾ]|㦳@ӹw]ѰڡI ^_^I t~AA٥iH[W@Ǩ𪺳nb Linux Router WA HO@ PC2~PC4 qOI
b Router A AѩL㦳 Public P Private IP AҥHo Router n㦳 NAT \A oӥӧڭ̦AСC骺INb Linux Router ӪNIbӥDUA ̦ntƨidA@i 192.168.0.100At@i 192.168.10.254 o IPC o Linux Router ]w²檺nRIAiHo˰G
Linux Router
O@AH PC2 ҡG
Router A sWѳWhG
PC1 P PC2 q觋G
Lo̥nOApGA Linux Router ]w𪺸ܡA ӥB٦]w NAT D IP ˧NAioSOdNA]٥i|yѻ~PD Wz Linux Router yèSϥΨ NAT \zISOLdNI
Ϥ@BRAѤѾ[cܷN
HWϪ[cӻAoaqDn C class AOO 192.168.0.0/24 192.168.10.0/24 A 𫟺 192.168.0.0/24 OΨӰ@usںΪAܩ 192.168.10.0/24 hOSΪCPC1 NO@uqA PC2 PC3, PC4 hOSu@ιqA Linux Router hOoӯSΨӳs줽q쪺ѾCbo˪[cUA ӯSʥ]N㦳¦O@FC
ѹϤ@A]o{AunO㦳Ѿ\] (Router A, Linux Router) |㦳ӥHWA OΨӷqPAPɸӸѾ]|㦳@ӹw]ѰڡI ^_^I t~AA٥iH[W@Ǩ𪺳nb Linux Router WA HO@ PC2~PC4 qOI
b Router A AѩL㦳 Public P Private IP AҥHo Router n㦳 NAT \A oӥӧڭ̦AСC骺INb Linux Router ӪNIbӥDUA ̦ntƨidA@i 192.168.0.100At@i 192.168.10.254 o IPC o Linux Router ]w²檺nRIAiHo˰G
boDݭnidAbo̱NLwqG
²aIo˧A Linux Router N OK FoIUӫhO PC2 ӧ@dҡC
- eth0: 192.168.10.254
- eth1: 192.168.0.100
1. Bz eth0 [root@linux ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static BROADCAST=192.168.10.255 IPADDR=192.168.10.254 NETMASK=255.255.255.0 NETWORK=192.168.10.0 ONBOOT=yes 2. ABz eth1 [root@linux ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 BOOTPROTO=static BROADCAST=192.168.0.255 IPADDR=192.168.0.100 NETMASK=255.255.255.0 NETWORK=192.168.0.0 GATEWAY=192.168.0.254 <==oӳ]wȫܭnI ONBOOT=yes 3. Ұ IP [root@linux ~]# echo "1" > /proc/sys/net/ipv4/ip_forward # WzOpGSDANL[J /etc/rc.d/rc.local hI 4. sҰʺAåB[ [root@linux ~]# /etc/init.d/network restart [root@linux ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.0.254 0.0.0.0 UG 0 0 0 eth1 |
קA PC2 O@ا@~tΡAAҳӬOo˪G
- IP: 192.168.10.20
- netmask: 255.255.255.0
- network: 192.168.10.0
- broadcast: 192.168.10.255
- gateway: 192.168.10.254
[root@linux ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static BROADCAST=192.168.10.255 IPADDR=192.168.10.20 NETMASK=255.255.255.0 NETWORK=192.168.10.0 GATEWAY=192.168.10.254 <==oӳ]w̭nաI ONBOOT=yes [root@linux ~]# /etc/init.d/network restart [root@linux ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.10.254 0.0.0.0 UG 0 0 0 eth0 |
bo˪[cUAz PC2 wgiHsW Internet FIuLAʥ] Internet Ǧ^ӮɡA
ѩ Router A èSs 192.168.10.0/24
쪺ѳWhAҥHӫʥ]y|zIN·ФF
ҥHAA Router A nB~W[@WhAoWhOyNؼЬ 192.168.10.0/24
ʥ]ǰe 192.168.0.100 hBzzA] Router A Linux tήɡALӭnoˡG
p@ӡAA Router A Linux Router NiHqAåBiHǻ
192.168.10.0/24 oI
[root@linux ~]# route add -net 192.168.10.0 netmask 255.255.255.0 \ > gw 192.168.0.100 [root@linux ~]# route -n Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.10.0 192.168.0.100 255.255.255.0 UG 0 0 0 eth0 # Aӷ|o{WYo@Whsb~I |
bϤ@AA|o{ PC1 nNw]ѳ]w 192.168.0.254 A
ҥH PC1 nP PC2 qɡAʥ]NѡG
PC1 --> Router A --> Linux Router --> PC2
LAbϤ@ڭ̪D PC1 P PC2 Pɱ Linux Router WI ҥH PC1 iH[J@ѳWhAWw 192.168.10.0/24 ʥ]ؼЮɡA LiHǨ Linux Router WYiAiHo˰G
̫un PC2 ϥ ping iHs PC1AP˪A PC1 ]iH ping PC2 ܡA
NܧA]wO OK աIKKIdwIӳzLo˪]w觋Az]iHo{@ơA
NOGyѬOVAAnAѥXhѻP^ӮɪWhzC
|ҨӻAbw]pU (Router A P PC1 SB~ѳ]w)Aʥ]OiH PC2
su PC1 AO PC1 oSѥiH^ PC2 ҥHWY~|nzb Router A
Ϊ̬O PC1 W]wB~ѳWhڡIo˻AAFaH ^_^
ҥHA Linux @@RAѪ Router ²aIHWרҨӻAAb Linux Router
WXGS@B~u@AunN IP PnҰʡAM[W IP Forward \A
A Linux ֤ߤ䴩ʥ]AMLu@̪ Linux kernel NDAdwFI
uOn²I ^_^PC1 --> Router A --> Linux Router --> PC2
LAbϤ@ڭ̪D PC1 P PC2 Pɱ Linux Router WI ҥH PC1 iH[J@ѳWhAWw 192.168.10.0/24 ʥ]ؼЮɡA LiHǨ Linux Router WYiAiHo˰G
[root@linux ~]# route add -net 192.168.10.0 netmask 255.255.255.0 \ > gw 192.168.0.100 |
Lo̥nOApGA Linux Router ]w𪺸ܡA ӥB٦]w NAT D IP ˧NAioSOdNA]٥i|yѻ~PD Wz Linux Router yèSϥΨ NAT \zISOLdNI
ʺAѤѾ]wGzebra
peҭzAtκziHQ route oӫOʪNѳWh[J֤߷AoӤ觋٬RAѡC
ʺAѦPˬONѳWh[J֤߷AuOoӥ[Jʧ@ѳnA (daemon) ۰ʨӰA
b Linux W`ѪAȴNO zebra oӮMҴѪC
ʺAѳq`OΦbѾPѾqAҥHnzѾ㦳ʺAѪ\A AnAѨѾWҴѪʺAѨw~Ao˨ⳡѾ~zLӨwӷqѳWhC ثe`ʺAѨwGRIPv1, RIPv2, OSPF, BGP A zebra 䴩oǸѨwI
b CentOS WYAڭ̨ϥ quagga oӮMӴ zebra A] quagga Os zebra ӨӪA ƹWAAiHA quagga NO zebra աIw˥LG
oӮMҴѪUʺAѨwm /etc/quagga/ ؿAUڭ̥H²檺 RIPv2 wӳBzʺAѡA
LAon`NOAקAnҰʤʺAѨwA zebra nҰʤ~I
oO]G
ϤGBʺAѪ²ϥ
oⳡ Linux Router OtdPABiHzL 192.168.0.0/24 oӺӷqC bS]wB~ѳWhpUA PC1 P PC2 OLkqIt~A zebra nPɦw˦bⳡ Linux Router WY~A ӥBڭ̥un]wnoⳡD (eth0, eth1) AݭnʿJB~ѳ]wIiHzL RIP oӸѨwӷdwI
]w zebra
]w ripd A
ˬd RIP wqG
ʺAѳq`OΦbѾPѾqAҥHnzѾ㦳ʺAѪ\A AnAѨѾWҴѪʺAѨw~Ao˨ⳡѾ~zLӨwӷqѳWhC ثe`ʺAѨwGRIPv1, RIPv2, OSPF, BGP A zebra 䴩oǸѨwI
b CentOS WYAڭ̨ϥ quagga oӮMӴ zebra A] quagga Os zebra ӨӪA ƹWAAiHA quagga NO zebra աIw˥LG
[root@linux ~]# yum install quagga [root@linux ~]# ls -l /etc/quagga -rw-r--r-- 1 root root 410 Jun 2 02:38 ripd.conf.sample -rw-r----- 1 quagga quagga 30 Aug 29 10:50 zebra.conf -rw-r--r-- 1 root root 373 Jun 2 02:38 zebra.conf.sample .....Lٲ..... |
- zebra o daemon \bs֤ߪѳWhF
- RIP o daemon hObVL Router qոѳWhǰeP_C
ϤGBʺAѪ²ϥ
oⳡ Linux Router OtdPABiHzL 192.168.0.0/24 oӺӷqC bS]wB~ѳWhpUA PC1 P PC2 OLkqIt~A zebra nPɦw˦bⳡ Linux Router WY~A ӥBڭ̥un]wnoⳡD (eth0, eth1) AݭnʿJB~ѳ]wIiHzL RIP oӸѨwӷdwI
ڭ̥]wϤGk䨺@ Linux RouterA zebra.conf AiHo˳]wG
JӬݡAѩ zebra oӪAȪȥDnObק Linux tή֤ߤѡA
ҥHLȺťӤwAä|ť~~It~Ab zebra.conf oɮA
ڭ̩ҳ]wӱKXO@ΪIiHڭ̵nJ zebra oMnOI
nFAڭ̨Ӭd@do 2601 port O_TҰʪOH
JӬݨAڭ̵nJo zebra n𫗪AiHJyhelpzΰݸy?zA zebra
N|ܥXA檺OǡA`ΪMOd߸ѳWhoI
Hy show ip route zӬd\AGiHo{ثePw]ѳQܥXӤFA
ܪGAK NH router oӫO[J֤ߪѳWhAC
hNAѳWhC
ƹWApGAٷQnW[B~RAѪܡA]iHzL zebra Ӥϥ route OOI ҦpQnW[ 10.0.0.0/24 eth0 ӳBzܡAiHo˰G
KKIߨN|hX@ѪWhAӥB̥k| SAYORA (Static route) NC
p@ӡAڭ̨tκziNPhFI
]w zebra AUӧڭ̥iH}lݬ ripd oӪAoI
1. ]w zebra åBҰ zebra [root@linux ~]# vi /etc/quagga/zebra.conf hostname linux.router1 <==oӸѾ@ӥDW١AHKI password linux1 <==@ӱKXI enable password iinux1 <==NoӱKXͮġI log file zebra.log <==NҦ zebra ͪTsnɤ [root@linux ~]# /etc/init.d/zebra start [root@linux ~]# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:2601 0.0.0.0:* LISTEN 6422/zebra |
[root@linux ~]# telnet localhost 2601 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Hello, this is Quagga (version 0.98.3). Copyright 1996-2005 Kunihiro Ishiguro, et al. User Access Verification Password: <==bo̿JA]wKXڡI linux.router1> <==boJy ? zNDh֫Oiϥ echo Echo a message back to the vty enable Turn on privileged mode command exit Exit current mode and down to previous mode help Description of the interactive help system list Print command list quit Exit current mode and down to previous mode show Show running system information terminal Set terminal line parameters who Display who is on vty linux.router1> list echo .MESSAGE enable exit help list quit show debugging zebra show history show interface [IFNAME] show ip forwarding show ip route ....Lٲ.... linux.router1> show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - ISIS, B - BGP, > - selected route, * - FIB route K>* 0.0.0.0/0 via 192.168.0.254, eth0 C>* 127.0.0.0/8 is directly connected, lo C>* 192.168.0.0/24 is directly connected, eth0 C>* 192.168.10.0/24 is directly connected, eth1 linux.router1> exit Connection closed by foreign host. |
ƹWApGAٷQnW[B~RAѪܡA]iHzL zebra Ӥϥ route OOI ҦpQnW[ 10.0.0.0/24 eth0 ӳBzܡAiHo˰G
[root@linux ~]# vi /etc/quagga/zebra.conf # sWUo@I ip route 10.0.0.0/24 eth0 [root@linux ~]# /etc/init.d/zebra restart [root@linux ~]# telnet localhost 2601 User Access Verification Password: <==o̿JKX linux.router1> show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - ISIS, B - BGP, > - selected route, * - FIB route K>* 0.0.0.0/0 via 192.168.0.254, eth0 S>* 10.0.0.0/24 [1/0] is directly connected, eth0 C>* 127.0.0.0/8 is directly connected, lo C>* 192.168.0.0/24 is directly connected, eth0 C>* 192.168.10.0/24 is directly connected, eth1 |
ripd oӪAȥiHbⳡ Router iѳWh洫PqA
MաApGAҸ̭ Cisco Ϊ̬OL RIP wѾܡA
AM]OiHzLo RIP z Linux Router PLwѾ۷qoI
ܤֻAӳ]w ripd aI
WAo˴N]w@Ѿ RIP ʺAѨwFIbWY ripd.conf ]wA
L|DʥH eth0 192.168.0.0/24 oӺ쪺\ӶijAp@ӡAӧAiѳWhܰʡA
Ϊ̬OӺ쪺D IP iʡAANݭnsC Router WʡI
]oǸѾ|۰ʪsL̦ۤvWhIKKIUӡAP˪ʧ@ЧA
ϤG䨺 Linux Router W]w@UI
]ӳ]wy{@ˡAҥHo̳NٲաI
[root@linux ~]# vi /etc/quagga/ripd.conf hostname linux.router1 <==o̬O]w Router DW٦Ӥw password linux1 <==]wnAۤvKXI router rip <==Ұ Router rip \ network 192.168.0.0/24 <==woӺӶiťʧ@I network eth0 <==woӤӶiťʧ@ network 192.168.10.0/24 <==woӺӶiťʧ@I network eth1 <==woӤӶiťʧ@ version 2 <==ҰʪO RIPv2 A log stdout <==bùXзǿX [root@linux ~]# /etc/init.d/ripd start [root@linux ~]# netstat -tulnp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:2602 0.0.0.0:* LISTEN 21373/ripd |
bⳡ Linux Router ]wAAiHnJ zebra hݳoⳡDѧsGI
|ҨӻAnJϤGk䨺 Linux Router AåBnJ zebra A
[ѷ|Oo˪pG
pGAݨWzrAKKINO\աIӳ̥䪺 R NOzL RIP qTwҳ]wѳWhաI
p@ӡA̪Ѿ]wNdwo
zLo zebra H RIPv2 ѨwUAڭ̥iHPNNѳWhɨϺLѾWYA
_¨ϥ route hק Linux ֤߸ѪAoӰʧ@MnֳtܦhI
LApGOܤpҡAnϥγo zebra ڡI]Ih@|PıC
pGz~үujA@o zebra tX@ǰʺAѨwAKKI]Oi檺աI
[root@linux ~]# telnet localhost 2601 User Access Verification Password: <==nѰOFKXڡI linux.router1> show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, B - BGP, > - selected route, * - FIB route K>* 0.0.0.0/0 via 192.168.0.254, eth0 C>* 127.0.0.0/8 is directly connected, lo C>* 192.168.0.0/24 is directly connected, eth0 R>* 192.168.5.0/24 [120/2] via 192.168.0.200, eth0, 00:06:48 C>* 192.168.10.0/24 is directly connected, eth1 |
