Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # VM Setup
- - Virtualbox
- - 3x Alpine 3.9 Virtual Machine
- ## Network
- ### VirtualBox
- - Tools - Network
- - `vboxnet0`
- + `10.0.0.254/24`
- + DHCP Enabled
- ### Alpine 1
- - eth0: NAT
- + Used for internet
- - eth1: Host-Only Adapter: `vboxnet0`
- + Used to SSH into the machine from the host
- - eth2: Internal Network: `VRF-2`
- + Used to connect to Alpine 2
- - eth3: Internal Network: `VRF-3`
- + Used to connect to Alpine 3
- ### Alpine 2
- - eth0: NAT
- + Used for internet
- - eth1: Host-Only Adapter: `vboxnet0`
- + Used to SSH into the machine from the host
- - eth2: Internal Network: `VRF-2`
- + Used to connect to Alpine 1
- ### Alpine 3
- - eth0: NAT
- + Used for internet
- - eth1: Host-Only Adapter: `vboxnet0`
- + Used to SSH into the machine from the host
- - eth2: Internal Network: `VRF-3`
- + Used to connect to Alpine 1
- ### All Alpines config
- - All Alpine virtual machines have this config:
- __/etc/network/interfaces__:
- ```
- auto lo
- iface lo inet loopback
- auto eth0
- iface eth0 inet dhcp
- auto eth1
- iface eth1 inet dhcp
- ```
- __install packages__
- ```shell
- # fixes a issue with dhcp not grabbing the DNS configuration.
- echo nameserver 8.8.8.8 > /etc/resolv.conf
- apk update && apk upgrade && apk add dhclient
- # we want to see traffic
- apk add tcpdump
- ```
- - Edit the hostname for the machine
- ```shell
- vi /etc/hostname
- ```
- # VRF Test
- ## Alpine 1
- - We create 2 loopback adapters, to simulate source traffic from 'VPN' clients
- ```shell
- for NR in $(seq 1 2);
- do
- DEV=loopback${NR}
- ip link add ${DEV} type dummy
- ip addr add dev ${DEV} 10.8.0.${NR}/24
- ip link set dev ${DEV} up
- done
- ```
- - Next we setup the 2 VRF's, they will get table id `102` & `103`
- - Both VRF interfaces will receive the same IP: `192.168.0.1/24`
- ```shell
- for NR in $(seq 2 3);
- do
- VRF_NAME=VRF-${NR}
- VRF_ID=$((100 + $NR))
- SLAVE_DEV=eth${NR}
- # Define the VRF-<NR> and its table id
- ip link add dev ${VRF_NAME} type vrf table ${VRF_ID}
- # Add eth<NR> to VRF-<NR>
- ip link set dev ${SLAVE_DEV} master ${VRF_NAME}
- # Set the VRF-<NR> in its UP state
- ip link set dev ${VRF_NAME} up
- # Set the same IP address to the slave interface
- ip addr add dev ${SLAVE_DEV} 192.168.0.1/24
- # Set the slave interface in its UP state
- ip link set dev ${SLAVE_DEV} up
- done
- ```
- - Now we can setup source routing rules.
- + Client `10.8.0.1/32` is only allowed to go into `VRF-2`
- + Client `10.8.0.2/32` is only allowed to go into `VRF-3`
- ```shell
- VRF_ID=102
- SOURCE_ADDR=10.8.0.1/32
- ip rule add from ${SOURCE_ADDR} table ${VRF_ID}
- VRF_ID=103
- SOURCE_ADDR=10.8.0.2/32
- ip rule add from ${SOURCE_ADDR} table ${VRF_ID}
- ```
- ## Alpine 2 & Alpine 3
- - Alpine 2 & 3 need to know the way back to 10.8.0.0/24. We will add the same route to both machines.
- ```shell
- ip route add 10.8.0.0/24 dev eth2
- ```
- ## Testing
- - We should now be able to ping `192.168.0.2` from Alpine 1. By specifying a different source IP we can direct the traffic to either Alpine 2 or Alpine 3.
- ```shell
- ping -c1 -I 10.8.0.1 192.168.0.2
- ping -c1 -I 10.8.0.2 192.168.0.2
- ```
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement