Vyatta винаги ми е била слабост, признавам си. А и идеята да събереш различните инструменти в един функционален шел е повече от добра. Навсякъде където може да се вземе мрежово решение с Линукс мисля първо за нея. И не защото съм предал другите дистрибуции а защото найстина се убедих в нейната функционалност и лекота на работа. Като се замисли човек първо получаваш един добре оптимизиран рутер с шел ала Juniper а после можеш да ползваш всяко хранилище на Debian и да си инсталираш каквото пожелаеш от света на Линукс. Също мисля, че на много места я подценяват но ако проекта върви така за бъдеще може да се превърне и в нещо като стандарт при Линукс рутерите. В долната конфигурация имах нужда от граничен маршрутизатор който замених от Debian към Vyatta и въпреки, че самата vyatta е дериват на Debian се държа доста различно главно поради различния подход към конфигуриране на мрежата. Например всички маршрути в Vyatta се изпълняват от демона зебра или пък мрежовите интерфейси се конфигурират с ip address а не с ifconfig и така нататък. Определено операцията която извърших имаше смисъл и усетих удовлетворение когато видях колко малко ресурси харчи и с каква лекота работи новият маршрутизатор …
Commands CLI …………………………………………..
set firewall conntrack-table-size 50000000 set interfaces ethernet eth0 vif 100 address 93.155.131.1/28 set interfaces ethernet eth0 vif 100 address 93.155.162.1/24 set interfaces ethernet eth0 vif 100 address 93.155.169.1/24 set interfaces ethernet eth0 vif 100 address 93.155.130.17/28 set interfaces ethernet eth0 vif 100 address 93.155.130.65/26 set interfaces ethernet eth0 vif 100 address 93.155.130.129/25 set interfaces ethernet eth0 vif 100 address 93.155.131.25/29 set interfaces ethernet eth0 vif 100 address 93.155.131.33/27 set interfaces ethernet eth0 vif 100 address 93.155.131.65/26 set interfaces ethernet eth0 vif 100 address 93.155.131.129/25 set interfaces ethernet eth0 vif 523 address 93.155.131.17/29 set interfaces ethernet eth1 vif 149 address 212.70.158.90/30 set interfaces ethernet eth1 address 93.155.130.1/28 set interfaces tunnel tun1 address 93.155.130.33/30 set interfaces tunnel tun1 encapsulation gre set interfaces tunnel tun1 local-ip 93.155.131.1 set interfaces tunnel tun1 multicast enable set interfaces tunnel tun1 remote-ip 10.18.9.2 set interfaces tunnel tun1 ttl 255 set interfaces tunnel tun2 address 93.155.130.37/30 set interfaces tunnel tun2 encapsulation gre set interfaces tunnel tun2 local-ip 93.155.131.1 set interfaces tunnel tun2 multicast enable set interfaces tunnel tun2 remote-ip 10.18.9.3 set interfaces tunnel tun2 ttl 255 set policy prefix-list GCN rule 1 action permit set policy prefix-list GCN rule 1 prefix 93.155.130.0/24 set policy prefix-list GCN rule 2 action permit set policy prefix-list GCN rule 2 prefix 93.155.131.0/24 set policy prefix-list GCN rule 3 action permit set policy prefix-list GCN rule 3 prefix 93.155.162.0/24 set policy prefix-list GCN rule 4 action permit set policy prefix-list GCN rule 4 prefix 93.155.169.0/24 set protocols bgp 47453 aggregate-address 93.155.130.0/24 set protocols bgp 47453 aggregate-address 93.155.131.0/24 set protocols bgp 47453 aggregate-address 93.155.162.0/24 set protocols bgp 47453 aggregate-address 93.155.169.0/24 set protocols bgp 47453 neighbor 212.70.158.89 nexthop-self set protocols bgp 47453 neighbor 212.70.158.89 prefix-list export GCN set protocols bgp 47453 neighbor 212.70.158.89 remote-as 12615 set protocols bgp 47453 neighbor 212.70.158.89 soft-reconfiguration inbound set protocols bgp 47453 network 93.155.130.0/24 set protocols bgp 47453 network 93.155.131.0/24 set protocols bgp 47453 network 93.155.162.0/24 set protocols bgp 47453 network 93.155.169.0/24 set protocols bgp 47453 parameters router-id 212.70.158.89 set protocols bgp 47453 redistribute connected set protocols bgp 47453 redistribute static set protocols static route 10.18.1.0/24 next-hop 93.155.131.11 set protocols static route 10.18.7.0/24 next-hop 93.155.131.7 set protocols static route 10.18.8.0/24 next-hop 93.155.131.8 set protocols static route 10.18.9.0/24 next-hop 93.155.131.9 set protocols static route 10.122.0.0/16 next-hop 93.155.131.11 set protocols static route 10.123.0.0/16 next-hop 93.155.131.11 set protocols static route 10.124.0.0/16 next-hop 93.155.131.11 set protocols static route 10.125.0.0/16 next-hop 93.155.131.11 set protocols static route 10.126.0.0/16 next-hop 93.155.131.11 set protocols static route 10.127.0.0/16 next-hop 93.155.131.11 set protocols static route 194.141.67.0/24 next-hop 93.155.131.19 set protocols static route 194.141.68.0/24 next-hop 93.155.131.19 set protocols static route 194.141.69.0/24 next-hop 93.155.131.19 set service dns forwarding cache-size 2000 set service dns forwarding listen-on eth3 set service dns forwarding listen-on eth0.100 set service dns forwarding name-server 208.67.222.222 set service dns forwarding name-server 208.67.220.220 set service dns forwarding system set service snmp community public authorization ro set service snmp contact support@itservice-bg.net set service snmp listen-address 93.155.130.1 port 161 set service snmp location Bulgaria set service ssh port 22 set system time-zone Europe/Sofia |
Show config file …………………………………………………..
firewall { all-ping enable broadcast-ping disable conntrack-expect-table-size 4096 conntrack-hash-size 4096 conntrack-table-size 50000000 conntrack-tcp-loose enable ip-src-route disable ipv6-receive-redirects disable ipv6-src-route disable log-martians enable receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { ethernet eth0 { duplex auto hw-id 00:13:72:52:92:bf smp_affinity auto speed auto vif 100 { address 93.155.131.1/28 address 93.155.162.1/24 address 93.155.169.1/24 address 93.155.130.17/28 address 93.155.130.65/26 address 93.155.130.129/25 address 93.155.131.25/29 address 93.155.131.33/27 address 93.155.131.65/26 address 93.155.131.129/25 } vif 523 { address 93.155.131.17/29 } } ethernet eth1 { duplex auto hw-id 00:13:72:52:92:c0 smp_affinity auto speed auto vif 149 { address 212.70.158.90/30 } } ethernet eth2 { address 93.155.130.1/28 duplex auto hw-id 00:04:23:ab:7d:7a smp_affinity auto speed auto } ethernet eth3 { address 192.168.1.200/24 duplex auto hw-id 00:04:23:ab:7d:7b smp_affinity auto speed auto } loopback lo { } tunnel tun1 { address 93.155.130.33/30 description IordanSpasov encapsulation gre local-ip 93.155.131.1 multicast enable remote-ip 10.18.9.2 ttl 255 } tunnel tun2 { address 93.155.130.37/30 description Filipov encapsulation gre local-ip 93.155.131.1 multicast enable remote-ip 10.18.9.3 ttl 255 } } policy { prefix-list GCN { rule 1 { action permit prefix 93.155.130.0/24 } rule 2 { action permit prefix 93.155.131.0/24 } rule 3 { action permit prefix 93.155.162.0/24 } rule 4 { action permit prefix 93.155.169.0/24 } } } protocols { bgp 47453 { aggregate-address 93.155.130.0/24 { } aggregate-address 93.155.131.0/24 { } aggregate-address 93.155.162.0/24 { } aggregate-address 93.155.169.0/24 { } neighbor 212.70.158.89 { nexthop-self prefix-list { export GCN } remote-as 12615 soft-reconfiguration { inbound } } network 93.155.130.0/24 { } network 93.155.131.0/24 { } network 93.155.162.0/24 { } network 93.155.169.0/24 { } parameters { router-id 212.70.158.89 } redistribute { connected { } static { } } } static { route 10.18.1.0/24 { next-hop 93.155.131.11 { } } route 10.18.7.0/24 { next-hop 93.155.131.7 { } } route 10.18.8.0/24 { next-hop 93.155.131.8 { } } route 10.18.9.0/24 { next-hop 93.155.131.9 { } } route 10.122.0.0/16 { next-hop 93.155.131.11 { } } route 10.123.0.0/16 { next-hop 93.155.131.11 { } } route 10.124.0.0/16 { next-hop 93.155.131.11 { } } route 10.125.0.0/16 { next-hop 93.155.131.11 { } } route 10.126.0.0/16 { next-hop 93.155.131.11 { } } route 10.127.0.0/16 { next-hop 93.155.131.11 { } } route 194.141.67.0/24 { next-hop 93.155.131.19 { } } route 194.141.68.0/24 { next-hop 93.155.131.19 { } } route 194.141.69.0/24 { next-hop 93.155.131.19 { } } } } service { dns { forwarding { cache-size 2000 listen-on eth3 listen-on eth0.100 name-server 208.67.222.222 name-server 208.67.220.220 system } } snmp { community public { authorization ro } contact support@itservice-bg.net listen-address 93.155.130.14 { port 161 } location Bulgaria } ssh { port 22 protocol-version v2 } } system { host-name core2 login { user vyatta { authentication { encrypted-password $1$ZohN7ZE.$2Ho4fiOy4AHpfhFS9/ } level admin } } ntp-server 0.vyatta.pool.ntp.org package { auto-sync 1 repository community { components main distribution stable password "" url http://packages.vyatta.com/vyatta username "" } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone Europe/Sofia } /* Warning: Do not remove the following line. */ /* === vyatta-config-version: "cluster@1:system@3:dhcp-server@4:ipsec@2:webgui@1:wanloadbalance@2:dhcp-relay@1:quagga@2:qos@1:firewall@3:vrrp@1:nat@3:webproxy@1:conntrack-sync@1" === */ |