This repository contains the Vagrant files required to run the virtual lab environment used in the DNCS course.
+-----------------------------------------------------+
| |
| |eth0
+--+--+ +------------+ +------------+
| | | | | |
| | eth0| |eth2 eth2| |
| +----------------+ router-1 +-------------+ router-2 |
| | | | | |
| | | | | |
| M | +------------+ +------------+
| A | |eth1 |eth1
| N | | |
| A | | |
| G | | +-----+----+
| E | |eth1 | |
| M | +-------------------+ | |
| E | eth0| | | host-c |
| N +------------+ SWITCH | | |
| T | | | | |
| | +-------------------+ +----------+
| V | |eth2 |eth3 |eth0
| A | | | |
| G | | | |
| R | |eth1 |eth1 |
| A | +----------+ +----------+ |
| N | | | | | |
| T | eth0| | | | |
| +--------+ host-a | | host-b | |
| | | | | | |
| | | | | | |
++-+--+ +----------+ +----------+ |
| | |eth0 |
| | | |
| +------------------------------+ |
| |
| |
+--------------------------------------------------------+
- Python 3
- 10GB disk storage
- 2GB free RAM
- Virtualbox
- Vagrant (https://www.vagrantup.com)
- Internet
- Install Virtualbox and Vagrant
- Clone this repository
git clone https://github.com/fabrizio-granelli/dncs-lab - You should be able to launch the lab from within the cloned repo folder.
cd dncs-lab
[~/dncs-lab] vagrant up
Once you launch the vagrant script, it may take a while for the entire topology to become available.
- Verify the status of the 4 VMs
[dncs-lab]$ vagrant status
Current machine states:
router running (virtualbox)
switch running (virtualbox)
host-a running (virtualbox)
host-b running (virtualbox)
- Once all the VMs are running verify you can log into all of them:
vagrant ssh routervagrant ssh switchvagrant ssh host-avagrant ssh host-bvagrant ssh host-c
This section describes the assignment, its requirements and the tasks the student has to complete. The assignment consists in a simple piece of design work that students have to carry out to satisfy the requirements described below. The assignment deliverable consists of a Github repository containing:
- the code necessary for the infrastructure to be replicated and instantiated
- an updated README.md file where design decisions and experimental results are illustrated
- an updated answers.yml file containing the details of your project
- Hosts 1-a and 1-b are in two subnets (Hosts-A and Hosts-B) that must be able to scale up to respectively 267 and 253 usable addresses
- Host 2-c is in a subnet (Hub) that needs to accommodate up to 25 usable addresses
- Host 2-c must run a docker image (dustnic82/nginx-test) which implements a web-server that must be reachable from Host-1-a and Host-1-b
- No dynamic routing can be used
- Routes must be as generic as possible
- The lab setup must be portable and executed just by launching the
vagrant upcommand
- Fork the Github repository: https://github.com/fabrizio-granelli/dncs-lab
- Clone the repository
- Run the initiator script (dncs-init). The script generates a custom
answers.ymlfile and updates the Readme.md file with specific details automatically generated by the script itself. This can be done just once in case the work is being carried out by a group of (<=2) engineers, using the name of the 'squad lead'. - Implement the design by integrating the necessary commands into the VM startup scripts (create more if necessary)
- Modify the Vagrantfile (if necessary)
- Document the design by expanding this readme file
- Fill the
answers.ymlfile where required (make sure that is committed and pushed to your repository) - Commit the changes and push to your own repository
- Notify the examiner ([email protected]) that work is complete specifying the Github repository, First Name, Last Name and Matriculation number. This needs to happen at least 7 days prior an exam registration date.
- https://rogerdudler.github.io/git-guide/
- http://therandomsecurityguy.com/openvswitch-cheat-sheet/
- https://www.cyberciti.biz/faq/howto-linux-configuring-default-route-with-ipcommand/
- https://www.vagrantup.com/intro/getting-started/
This work has been developed by Davide Zordan (matr. number 202054, team leader) and Mattia Perin (matr. number 201980)
The result of the script dcns-init is:
- Subnet(hosts-a): 267 hosts;
- Subnet(hosts-b): 253 hosts;
- Subnet(Hub): 25 hosts.
We decided to create 4 subnets, in order to respect the given tasks (math explanations in brackets):
- The first is between router-1 and router-2, with subnet
10.1.0.0/30(private class-a addresses) because it has to cover only the 2 routers (232-30-2=2); - The second is between router-1 and host-a, with subnet
192.168.0.0/23(private class-c addresses) because it has to cover up to 267 hosts (232-23-2 = 510>267); - The third is between router-1 and host-b, with subnet
192.168.2.0/24(private class-c addresses) because it has to cover up to 253 hosts (232-24-2=254>253); - The fourth is between router-2 and host-c, with subnet
192.168.3.0/27(private class-c addresses) because it has to cover up to 25 hosts (232-27-2=30>25).
The table below shows in details the configuration for every device:
| Device | Interface | IP | Subnet |
|---|---|---|---|
| Router-1 | enp0s9 (eth2) | 10.1.0.1 | 1 |
| Router-2 | enp0s9 (eth2) | 10.1.0.2 | 1 |
| Router-1 | enp0s8.10 (eth1) | 192.168.0.1 | 2 |
| Host-a | enp0s8 (eth1) | 192.168.0.2 | 2 |
| Router-1 | enp0s8.11 (eth1) | 192.168.2.1 | 3 |
| Host-b | enp0s8 (eth1) | 192.168.2.2 | 3 |
| Router-2 | enp0s8 (eth1) | 192.168.3.1 | 4 |
| Host-c | enp0s8 (eth1) | 192.168.3.2 | 4 |
We noticed that, with this type of simulation, interfaces use "Predictable Network Interface Names". So, we checked the corresponding names to eth1, eth2 and eth3.
More details: https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
Later, we proceeded to create 2 VLANs because we wanted to distinguish subnet 2 and 3. We assigned tag 10 for subnet-2 and tag 11 for subnet-3.
We created a bash script for each device with the required commands. In Vagrantfile, we added the specific path of each script to the corresponding device. After the command vagrant up, those scripts will configure the devices. We also increased the memory of host-c from 256 to 512 (MB), otherwise it would not be able to run the Docker image.
We assigned an IP address to each interface with the command ip addr add [IP_ADDR] dev [INTERFACE];
Then we activated the interface with ip link set dev [INTERFACE] up
In router-1 configuration, we used ip link add link enp0s8 name enp0s8.10 type vlan id 10 and ip link add link enp0s8 name enp0s8.11 type vlan id 11 and added IP addresses to the virtual interfaces with addr add 192.168.0.1/23 dev enp0s8.10 and ip addr add 192.168.2.1/24 dev enp0s8.11
to create respectively VLAN 10 and VLAN 11 and assign them to Subnet2 and Subnet3.
We enabled the option for IP forwarding in the two routers with sysctl -w net.ipv4.ip_forward=1
We used the command ip route add [IP_ADDR] via [GATEWAY_IP]. The first parameter corresponds to the network that we want to access; the second parameter is the next hop, that is the interface of the default gateway of the current subnet.
Since we had to make the routes as generic as possible, we used for example in router-2 sudo ip route add 192.168.0.0/22 via 10.1.0.1. Doing that, we cover all IPs from 192.168.0.0 to 192.168.3.255, including all of our hosts.
We configured the switch and assigned VLAN tags to corresponding ports with these commands as superuser:
ovs-vsctl add-br switch
ovs-vsctl add-port switch enp0s8
ovs-vsctl add-port switch enp0s9 tag="10"
ovs-vsctl add-port switch enp0s10 tag="11"
Here we had to include the docker instructions in host-c as requested. So, we executed the following commands as superuser:
apt-get update
apt-get -y install docker.io
systemctl start docker
systemctl enable docker
docker pull dustnic82/nginx-test
docker run --name nginx -p 80:80 -d dustnic82/nginx-test
First at all, we successfully executed ping command (ping 192.168.2.2) from Host-a to Host-b.
Then, we pinged from Host-a and Host-b to Host-c to check the correct forwarding between the subnets.
Finally, we executed curl 192.168.3.2 instruction from both Host-a and Host-b.
We obtained this correct output:
<!DOCTYPE html>
<html>
<head>
<title>Hello World</title>
<link href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAGPElEQVR42u1bDUyUdRj/iwpolMlcbZqtXFnNsuSCez/OIMg1V7SFONuaU8P1MWy1lcPUyhK1uVbKcXfvy6GikTGKCmpEyoejJipouUBcgsinhwUKKKJ8PD3vnzsxuLv35Q644+Ue9mwH3P3f5/d7n6/3/3+OEJ/4xCc+8YQYtQuJwB0kIp+JrzUTB7iJuweBf4baTlJ5oCqw11C/JHp+tnqBb1ngT4z8WgReTUGbWCBGq0qvKRFcHf4eT/ZFBKoLvMBGIbhiYkaQIjcAfLAK+D8z9YhjxMgsVUGc84+gyx9AYD0khXcMfLCmUBL68HMZ+PnHxyFw3Uwi8B8hgJYh7j4c7c8PV5CEbUTUzBoHcU78iIl/FYFXWmPaNeC3q4mz5YcqJPI1JGKql2Z3hkcjD5EUznmcu6qiNT+Y2CPEoH3Wm4A/QERWQFe9QQ0caeCDlSZJrht1HxG0D3sOuCEiCA1aj4ZY3Ipzl8LiVtn8hxi5zRgWM8YYPBODF/9zxOLcVRVs+YGtwFzxCs1Bo9y+avBiOTQeUzwI3F5+kOwxsXkkmWNHHrjUokqtqtSyysW5gUHV4mtmZEHSdRkl+aELvcFIRN397gPPXD4ZgbxJW1S5OJdA60MgUAyHu1KfAz+pfCUtwr+HuQc8ORQ1jK4ZgGsTvcY5uQP5oYkY2HfcK5sGLpS6l1xZQwNn7Xkedp3OgMrWC1DX0Qwnms/A1rK9cF9atNVo18DP/3o5fF99BGo7LFDRWgMJJQaYQv/PyOcHySP0TITrBIhYb+WSHLrlNGEx5NeXgj2paW8C5rs46h3Dc3kt3G2Ogr9aqoes+f5RvbL1aJ5iXnKnxkfIEoB3N/zHeHAmF9ovwryvYvC9TysnICkEonPX212vvOU8+As6eS+QCDAw0aNLABq6LO8DkJMSSznMMEfScFFGwCJYXbDV7lq17RYIQu+QTYpjRUBM3gZQIt+cOwyTpWRpYBQRsKrgU4ceNS4JkCSxLI1+ZsIS0NvXB6sLE/tL5EQkQJKOm52YON9y7glqJkCSOqzrD6Uvc1wZ1EBA07V/IafmN4ckHG+ugJkSEHuVQQ0ENFy9BLP3R0NR4ymHJGRWFWBnZ6fPVwMBF9EDgrD2z0USqtoaHJKw49SBoZ2dWggIxmcEsvspYLLi4PKNDrvv68OfuKLt/68MqiJAan4Q0IpDm6G7r8fue692X4fI7PiByqA6AqygNh0XHIaClDOkpz9aGVRJABo8CTP+3sqfHZJQeqkSgvHZn+xaqEICKAlhECSGO60MWdVF4IcesDL/ExUSYN3okCrD31fqHZLwcWkq5owPVUoA3UcIgdBv10BrV7vdz3b39kBhw0kVE2BNirG/bqRghyPqIcBKQkKJcVgE1LQ1wR3S5ooqCDBKlSEUzGdyFBNwvq1RTQT0b4BOF5+BgoayCUqAtTLMSXsRzl6uHX8EONoUtXS2KCfAusOsyVwFLV1tznNAuzflAGxb+R/esGuodDcD0bUVbYLelhRf/mWD08ogdYtTjNwYbIsrORhBIwJMPOTWHh1i6Lriz107FUKviivcZvfp8WZvN8TmbVS2rtsHI8mMtn9gSe50KAz79yWw8490OGYpp8lsTUGictd3EA6PHVwB20+mYUNURo/aMs4dhqjsdcoOWGxH5yYu0g0P0EzFBd7DxZoVHY7aHmWtB6VunwhLB6P0gFULk6zhJnvnBw5HW9D9N5GkpQEjMBcQOg+JMBNxjMZgHISawvGZHiKw+0mybv5ozP0txgvk07AQvWxAoh98sXsur3RmwMStxIud9fiIzMAIXTV6yNqxHaH7gg1GA7bgxVvHfEjq1hAl10ZM/A46gO0x0bOPoiHpSEDvsMZhXVVbVRL4TLz2E140EK1dgsnnd9mBaHcmwuigJHeCGLkXvHNaNHOBP4J/HYmoGbGwsJU1ka0nAvM2ht40758ZNmvvRRJ24l3roMa7MxVq4jpRdyMRc8bh9wR0TyIRWdR9hzNXaJs3Ftif6KDWuBcBH0hErky2bNraV5E9jcBjiapE1ExHkO8iEY1OvjLTjAkugezh7ySqFUPoXHTtZAR7ncY4rRrYYgtcCtGHPUgmjEhPmiKXjXc/l4g6HfGJT3ziEw/If86JzB/YMku9AAAAAElFTkSuQmCC" rel="icon" type="image/png" />
<style>
body {
margin: 0px;
font: 20px 'RobotoRegular', Arial, sans-serif;
font-weight: 100;
height: 100%;
color: #0f1419;
}
div.info {
display: table;
background: #e8eaec;
padding: 20px 20px 20px 20px;
border: 1px dashed black;
border-radius: 10px;
margin: 0px auto auto auto;
}
div.info p {
display: table-row;
margin: 5px auto auto auto;
}
div.info p span {
display: table-cell;
padding: 10px;
}
img {
width: 176px;
margin: 36px auto 36px auto;
display:block;
}
div.smaller p span {
color: #3D5266;
}
h1, h2 {
font-weight: 100;
}
div.check {
padding: 0px 0px 0px 0px;
display: table;
margin: 36px auto auto auto;
font: 12px 'RobotoRegular', Arial, sans-serif;
}
#footer {
position: fixed;
bottom: 36px;
width: 100%;
}
#center {
width: 400px;
margin: 0 auto;
font: 12px Courier;
}
</style>
<script>
var ref;
function checkRefresh(){
if (document.cookie == "refresh=1") {
document.getElementById("check").checked = true;
ref = setTimeout(function(){location.reload();}, 1000);
} else {
}
}
function changeCookie() {
if (document.getElementById("check").checked) {
document.cookie = "refresh=1";
ref = setTimeout(function(){location.reload();}, 1000);
} else {
document.cookie = "refresh=0";
clearTimeout(ref);
}
}
</script>
</head>
<body onload="checkRefresh();">
<img alt="NGINX Logo" src="http://d37h62yn5lrxxl.cloudfront.net/assets/nginx.png"/>
<div class="info">
<p><span>Server address:</span> <span>172.17.0.2:80</span></p>
<p><span>Server name:</span> <span>0ed3525f20cb</span></p>
<p class="smaller"><span>Date:</span> <span>05/Feb/2021:08:17:25 +0000</span></p>
<p class="smaller"><span>URI:</span> <span>/</span></p>
</div>
<br>
<div class="info">
<p class="smaller"><span>Host:</span> <span>192.168.3.2</span></p>
<p class="smaller"><span>X-Forwarded-For:</span> <span></span></p>
</div>
<div class="check"><input type="checkbox" id="check" onchange="changeCookie()"> Auto Refresh</div>
<div id="footer">
<div id="center" align="center">
Request ID: 21d9376b04b2200393fb4f92e3b00a2d<br/>
© NGINX, Inc. 2018
</div>
</div>
</body>
</html>