鸟哥的服务器《九》动态路由器

最新推荐文章于 2023-11-14 17:50:27 发布

网络安全打工人

最新推荐文章于 2023-11-14 17:50:27 发布

阅读量431

点赞数

分类专栏： linux服务器文章标签：服务器

本文链接：https://blog.csdn.net/Kevinhanser/article/details/69483830

版权

linux服务器专栏收录该内容

64 篇文章 2 订阅

订阅专栏

安装 quagga 软件

[root@CentOS ~]# yum install quagga
[root@CentOS ~]# ls -l /etc/quagga/
total 36
-rw-r--r--. 1 root   root      566 Mar 22 13:14 bgpd.conf.sample
-rw-r--r--. 1 root   root     2801 Mar 22 13:14 bgpd.conf.sample2
-rw-r--r--. 1 root   root     1110 Mar 22 13:14 ospf6d.conf.sample
-rw-r--r--. 1 root   root      182 Mar 22 13:14 ospfd.conf.sample
-rw-r--r--. 1 root   root      406 Mar 22 13:14 ripd.conf.sample
-rw-r--r--. 1 root   root      390 Mar 22 13:14 ripngd.conf.sample
-rw-r-----. 1 quagga quaggavt    0 Apr  6 07:54 vtysh.conf
-rw-r--r--. 1 quagga quaggavt  128 Mar 22 13:14 vtysh.conf.sample
-rw-r-----. 1 quagga quagga     24 Apr  6 07:54 zebra.conf
-rw-r--r--. 1 root   root      369 Mar 22 13:14 zebra.conf.sample

# 这个软件的各项动态路由协议都放置在 /etc/quagga 目录内，下面我们以较为简单的 RIPv2 协议为例来处理动态路由，不论启动什么协议，都要先启动zrbra才行


# zebra 这个 daemon 的功能是更新内核的路由规则


# RIP 这个daemon 则是用于向附近的其他 Router 沟通协调路由规则的传送与否


# quagga 必须要同时安装在两台 Linux Router 上面才行

1 . 将所有主机的IP设置妥当
先将4台主机Router Z1、Router Z2、PC Z1、PC Z2 的网络参数依照上图设置妥当。另外Router Z1 Z2需要加上修改ip_forward 参数，即 /etc/sysctl.conf 的设置

2 . 在两台 Router 上面设置 zebra


# 设置 Router Z1


# 先设置会影响动态路由服务的 zebra 并且启动zebra

[root@CentOS ~]# vim /etc/quagga/zebra.conf
hostname www.CentOS.virtul  #随便取，路由器名
password linuxz1  # 给于一个密码
enable password linuxz1  # 将这个密码生效
log file /var/log/quagga/zebra.log  # 将所有 zebra 产生的信息保存到日志文件中

[root@CentOS ~]# /etc/init.d/zebra start
Starting zebra:                                            [  OK  ]
[root@CentOS ~]# chkconfig zebra on
[root@CentOS ~]# netstat -tunlp | grep zebra
tcp        0      0 127.0.0.1:2601              0.0.0.0:*                   LISTEN      6105/zebra          


# 查询 2601 的端口是否启动

[root@CentOS ~]# telnet localhost 2601
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

Hello, this is Quagga (version 0.99.15).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

User Access Verification

Password:   # 输入刚才设置的密码 linuxz1
www.CentOS.virtul>   # 输入 ? 
  echo      Echo a message back to the vty
  enable    Turn on privileged mode command
  exit      Exit current mode and down to previous mode
  help      Description of the interactive help system
  list      Print command list
  quit      Exit current mode and down to previous mode
  show      Show running system information
  terminal  Set terminal line parameters
  who       Display who is on vty
www.CentOS.virtul> list
  enable
  exit
  help
  list
  quit
  show debugging zebra
  show history
  show interface [IFNAME]
  show ip forwarding
  show ip prefix-list
  show ip prefix-list WORD
  show ip prefix-list WORD A.B.C.D/M
  show ip prefix-list WORD A.B.C.D/M first-match
  show ip prefix-list WORD A.B.C.D/M longer
  show ip prefix-list WORD seq <1-4294967295>
  show ip prefix-list detail
  show ip prefix-list detail WORD
  show ip prefix-list summary
  show ip prefix-list summary WORD
  show ip protocol
  show ip route
  show ip route (bgp|connected|isis|kernel|ospf|rip|static)
  show ip route A.B.C.D
  show ip route A.B.C.D/M
  show ip route A.B.C.D/M longer-prefixes
  show ip route summary
  show ip route supernets-only
  show ipv6 forwarding
  show ipv6 prefix-list
  show ipv6 prefix-list WORD
www.CentOS.virtul> 
www.CentOS.virtul> show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

K>* 0.0.0.0/0 via 192.168.0.1, eth0
C>* 127.0.0.0/8 is directly connected, lo
C>* 192.168.0.0/24 is directly connected, eth0
www.CentOS.virtul> exit
Connection closed by foreign host.


# K：代表以类似 route 命令加入内核的路由规则，包括 route-ethN 所产生的规则


# C：代表由网络接口所设置的IP而产生的相关的路由规则


# S：以 zebra 功能所设置的静态路由信息


# R：就是通过 RIP 协议所增加的路由规则


# 用 zebra 增加 10.0.0.0/24 给 eth0 来处理

[root@CentOS ~]# vim /etc/quagga/zebra.conf
ip route 10.0.0.0/24 eth0

[root@CentOS ~]# /etc/init.d/zebra restart
Shutting down zebra:                                       [  OK  ]
Starting zebra:  
[root@CentOS ~]# /etc/init.d/zebra restart
Shutting down zebra:                                       [  OK  ]
Starting zebra:                                            [  OK  ]
[root@CentOS ~]# telnet localhost 26.1
telnet: 26.1: bad port
[root@CentOS ~]# telnet localhost 2601
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

Hello, this is Quagga (version 0.99.15).
Copyright 1996-2005 Kunihiro Ishiguro, et al.


User Access Verification

Password: 
www.CentOS.virtul> show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

K>* 0.0.0.0/0 via 192.168.0.1, eth0
S>* 10.0.0.0/24 [1/0] is directly connected, eth0
C>* 127.0.0.0/8 is directly connected, lo
C>* 192.168.0.0/24 is directly connected, eth0

3 . 在两台 Router 上面设置 ripd 服务


# ripd 这个服务可以在两台 Route 之间进行路由骨子额的交换与沟通


# 先来设置 Route Z1.在Route Z1 中，我们主要通过 eth10 发送所有的网络路由信息，同时，我们管理的网络有 192.168.1.0/24、192.168.100.0/24。加上取消身份验证的设置值后，我们的 ripd 就会变成这样

[root@CentOS ~]# vim /etc/quagga/ripd.conf

hostname www.centos.virtual
password linuxz1
debug rip events
debug rip packet
router rip
varsion 2
network 192.168.1.0/24
network 192.168.100.0/24
interface eth0
no ip rip authentication mode
log file /var/log/quagga/zebra.log


[root@CentOS ~]# /etc/init.d/zebra start
Starting zebra:                                            [  OK  ]
[root@CentOS ~]# chkconfig ripd on
[root@CentOS ~]# netstat -tulnp | grep ripd

4 . 检查 RIP 协议的沟通结果

[root@CentOS ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     0.0.0.0         255.255.255.0   U     1      0        0 eth0
192.168.200.0   192.168.1.200   255.255.255.0   UG    2      0        0 eth0
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0

[root@CentOS ~]# telnet localhost 2601
www.CentOS.virtul> show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

K>* 0.0.0.0/0 via 192.168.0.1, eth0
S   10.0.0.0/24 [1/0] is directly connected, eth0
C>* 127.0.0.0/8 is directly connected, lo
C>* 192.168.0.0/24 is directly connected, eth0
R>* 192.168.200.0/24 [120/2] via 192.168.1.200,eth0 ,00:02:43


# 设置开机启动

[root@CentOS ~]# chkconfig zebra on
[root@CentOS ~]# chkconfig ripd on

ARP 代理


# 先设置外部的 eth0 的 ARP Proxy ，让三个 IP 对应到自己的 MAC

[root@CentOS ~]# arp -i eth0 -s 192.168.1.10 00:0C:29:3B:5D:C4 pub
[root@CentOS ~]# arp -i eth0 -s 192.168.1.20 00:0C:29:3B:5D:C4 pub
[root@CentOS ~]# arp -i eth0 -s 192.168.1.30 00:0C:29:3B:5D:C4 pub
[root@CentOS ~]# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.0.4              ether   54:27:1e:21:ee:e3   C                     eth0
192.168.0.254                    (incomplete)                              eth0
192.168.0.1              ether   70:af:6a:67:7d:2b   C                     eth0
192.168.1.30             *       *                   MP                    eth0
192.168.1.10             *       *                   MP                    eth0
192.168.1.20             *       *                   MP                    eth0


# 开始处理路由，添加 PC2~PC4 的单机路由，经过内部的 eth1 来传递

[root@CentOS ~]# route add -host 192.168.1.10 eth1
[root@CentOS ~]# route add -host 192.168.1.20 eth1
[root@CentOS ~]# route add -host 192.168.1.30 eth1
[root@CentOS ~]# route -n

# 这安阳就处理好单向的单机路由了，不过有个问题，那就是 192.168.1.0/24 的网络，两个接口都可以传送。因此，等一下第4个步骤中需要将 eth1 删除才行



# 设置一下内部的 ARP Proxy 工作（绑在 eth1 上）

[root@CentOS ~]# arp -i eth1 -s 192.168.1.101 00:0C:29:3B:5D:C4 pub
[root@CentOS ~]# arp -i eth1 -s 192.168.1.254 00:0C:29:3B:5D:C4 pub


# 开始清除掉 eth1 的 192.168.1.0/24 路由器名

[root@CentOS ~]# route del -net 192.168.1.0 netmask 255.255.255.0 eth1