SHARE
TWEET

Untitled

a guest May 19th, 2019 59 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # VM Setup
  2.  
  3. - Virtualbox
  4. - 3x Alpine 3.9 Virtual Machine
  5.  
  6. ## Network
  7.  
  8. ### VirtualBox
  9.  
  10. - Tools - Network
  11. - `vboxnet0`
  12.     + `10.0.0.254/24`
  13.     + DHCP Enabled
  14.  
  15. ### Alpine 1
  16.  
  17. - eth0: NAT
  18.     + Used for internet
  19. - eth1: Host-Only Adapter: `vboxnet0`
  20.     + Used to SSH into the machine from the host
  21. - eth2: Internal Network: `VRF-2`
  22.     + Used to connect to Alpine 2
  23. - eth3: Internal Network: `VRF-3`
  24.     + Used to connect to Alpine 3
  25.  
  26. ### Alpine 2
  27.  
  28. - eth0: NAT
  29.     + Used for internet
  30. - eth1: Host-Only Adapter: `vboxnet0`
  31.     + Used to SSH into the machine from the host
  32. - eth2: Internal Network: `VRF-2`
  33.     + Used to connect to Alpine 1
  34.  
  35. ### Alpine 3
  36.  
  37. - eth0: NAT
  38.     + Used for internet
  39. - eth1: Host-Only Adapter: `vboxnet0`
  40.     + Used to SSH into the machine from the host
  41. - eth2: Internal Network: `VRF-3`
  42.     + Used to connect to Alpine 1
  43.  
  44. ### All Alpines config
  45.  
  46. - All Alpine virtual machines have this config:
  47.  
  48. __/etc/network/interfaces__:
  49. ```
  50. auto lo
  51. iface lo inet loopback
  52.  
  53. auto eth0
  54. iface eth0 inet dhcp
  55.  
  56. auto eth1
  57. iface eth1 inet dhcp
  58. ```
  59.  
  60. __install packages__
  61. ```shell
  62. # fixes a issue with dhcp not grabbing the DNS configuration.
  63. echo nameserver 8.8.8.8 > /etc/resolv.conf
  64. apk update && apk upgrade && apk add dhclient
  65.  
  66. # we want to see traffic
  67. apk add tcpdump
  68. ```
  69.  
  70. - Edit the hostname for the machine
  71.  
  72. ```shell
  73. vi /etc/hostname
  74. ```
  75.  
  76. # VRF Test
  77.  
  78. ## Alpine 1
  79.  
  80. - We create 2 loopback adapters, to simulate source traffic from 'VPN' clients
  81.  
  82. ```shell
  83. for NR in $(seq 1 2);
  84. do
  85.     DEV=loopback${NR}
  86.     ip link add ${DEV} type dummy
  87.     ip addr add dev ${DEV} 10.8.0.${NR}/24
  88.     ip link set dev ${DEV} up
  89. done
  90. ```
  91.  
  92. - Next we setup the 2 VRF's, they will get table id `102` & `103`
  93. - Both VRF interfaces will receive the same IP: `192.168.0.1/24`
  94.  
  95. ```shell
  96. for NR in $(seq 2 3);
  97. do
  98.     VRF_NAME=VRF-${NR}
  99.     VRF_ID=$((100 + $NR))
  100.     SLAVE_DEV=eth${NR}
  101.     # Define the VRF-<NR> and its table id
  102.     ip link add dev ${VRF_NAME} type vrf table ${VRF_ID}
  103.     # Add eth<NR> to VRF-<NR>
  104.     ip link set dev ${SLAVE_DEV} master ${VRF_NAME}
  105.     # Set the VRF-<NR> in its UP state
  106.     ip link set dev ${VRF_NAME} up
  107.     # Set the same IP address to the slave interface
  108.     ip addr add dev ${SLAVE_DEV} 192.168.0.1/24
  109.     # Set the slave interface in its UP state
  110.     ip link set dev ${SLAVE_DEV} up
  111. done
  112. ```
  113.  
  114. - Now we can setup source routing rules.
  115.     + Client `10.8.0.1/32` is only allowed to go into `VRF-2`
  116.     + Client `10.8.0.2/32` is only allowed to go into `VRF-3`
  117.  
  118. ```shell
  119. VRF_ID=102
  120. SOURCE_ADDR=10.8.0.1/32
  121. ip rule add from ${SOURCE_ADDR} table ${VRF_ID}
  122.  
  123. VRF_ID=103
  124. SOURCE_ADDR=10.8.0.2/32
  125. ip rule add from ${SOURCE_ADDR} table ${VRF_ID}
  126. ```
  127.  
  128. ## Alpine 2 & Alpine 3
  129.  
  130. - Alpine 2 & 3 need to know the way back to 10.8.0.0/24. We will add the same route to both machines.
  131.  
  132. ```shell
  133. ip route add 10.8.0.0/24 dev eth2
  134. ```
  135.  
  136. ## Testing
  137.  
  138. - We should now be able to ping `192.168.0.2` from Alpine 1. By specifying a different source IP we can direct the traffic to either Alpine 2 or Alpine 3.
  139.  
  140. ```shell
  141. ping -c1 -I 10.8.0.1 192.168.0.2
  142. ping -c1 -I 10.8.0.2 192.168.0.2
  143. ```
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top