Vyatta로 사설망 구축 및 설치하기 1편

1. 고객 자체 Private Network 구성

Bluemix Infra의 자동부여되는 Private IP 가 아닌 고객의 특수상황을 고려한 Private Netork 구성이 필요한 경우 입니다

2. 1개의 VLAN 의 Private Network 추가 구성

설계

고객의 Private Netowrk을 따로 구성하기 위해서는 vyatta를 GATEWAY로 하는 VLAN으로 구성하여야 합니다.

고객의 요건이 하나의 VLAN 안에서 private 망을 구성하고자 할때입니다.

예를 들어 10.10.1.x/24, 10.10.2.x/24, 10.10.3.x/24 와 같이 private 망을 구성하고자 할때 활용할 수 있습니다

3. Bluemix Infra에서의 구성


3.1 Vyatta 주문

Account->Place an Order->Network->Vyatta

3.2 Server1에서의 구성

yum install net-tools

cd /etc/sysconfig/network-scripts/

[root@fraserver1 network-scripts]# ls ifcfg*

ifcfg-eth0 ifcfg-eth1 ifcfg-lo

[root@fraserver1 network-scripts]# touch ifcfg-eth0-range0

[[[ server1 10.10.3.1]]]
vi ifcfg-eth0-range0

IPADDR_START=’10.10.3.2′

IPADDR_END=’10.10.3.2′

CLONENUM_START=’1′

# /etc/init.d/network restart

# ifconfig

3.3 Server2에서의 구성

#cd /etc/sysconfig/network-scripts/

#vi ifcfg-eth0-range0

IPADDR_START=’10.10.4.2′ a
10.10.4.1 이 gateway 이므로 그 이외의 수로 해야함


IPADDR_END=’10.10.4.2′

CLONENUM_START=’1′

# /etc/init.d/network restart

# ifconfig

3.4 Vyatta에서의 구성

[ To link with other VLAN]
set interfaces bonding bond0 vif 989 address ‘10.10.3.1/24’

set interfaces bonding bond0 vif 989 address ‘10.10.4.1/24’

set interface bonding bond0 vif 989 address ‘10.132.123.129/26’ a gateway IP

4. 설정 내용

4.1 Vyatta 설정 내용

vyatta@vyatta989# show interfaces

bonding bond0 {

address 10.132.116.200/26

hash-policy layer3+4

mode 802.3ad

1 vif 989 {


1 address 10.10.3.1/24 a gateway Ip는 반드시 10.10.3.1 로 해야함

1 address 10.132.123.129/26


1 address 10.10.4.1/24


}

vrrp {

vrrp-group 2 {

preempt false

priority 254

rfc3768-compatibility

sync-group vgroup2

virtual-address 10.132.116.199/26

}

}

}

bonding bond1 {

address 161.202.97.234/28

address 2401:c900:1001:007e:0000:0000:0000:0007/64

hash-policy layer3+4

mode 802.3ad

vrrp {

vrrp-group 2 {

preempt false

priority 254

rfc3768-compatibility

sync-group vgroup2

virtual-address 161.202.97.233/28

}

}

}

ethernet eth0 {

bond-group bond0

hw-id 0c:c4:7a:1e:b9:88

speed auto

}

ethernet eth1 {

bond-group bond1

hw-id 0c:c4:7a:1e:b9:89

speed auto

}

ethernet eth2 {

bond-group bond0

hw-id 0c:c4:7a:1e:b9:8a

speed auto

}

ethernet eth3 {

bond-group bond1

hw-id 0c:c4:7a:1e:b9:8b

speed auto

}

ethernet eth4 {

duplex auto

hw-id 0c:c4:7a:1e:b9:8c

speed auto

}

ethernet eth5 {

duplex auto

hw-id 0c:c4:7a:1e:b9:8d

speed auto

}

loopback lo {

}

4.2 Route 정보

    [root@zserver3 network-scripts]# route
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    default 161.202.99.145- 0.0.0.0 UG 0 0 0 eth1
    10.0.0.0 10.132.123.129 255.0.0.0 UG 0 0 0 eth0
    10.10.3.0 0.0.0.0 255.255.255.192 U 0 0 0 eth0
    10.132.123.128 0.0.0.0 255.255.255.192 U 0 0 0 eth0
    161.202.99.144 0.0.0.0 255.255.255.240 U 0 0 0 eth1
    link-local 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
    link-local 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
[root@zserver4 network-scripts]# route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

0.0.0.0 161.202.99.145 0.0.0.0 UG 0 0 0 eth1

10.0.0.0 10.132.123.129 255.0.0.0 UG 0 0 0 eth0

10.10.4.0 0.0.0.0 255.255.255.192 U 0 0 0 eth0

10.132.123.128 0.0.0.0 255.255.255.192 U 0 0 0 eth0

161.202.99.144 0.0.0.0 255.255.255.240 U 0 0 0 eth1

169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0

169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1

결과 확인 방법

zserver3 에 log-in 하여 zserver4(10.10.4.2) 를 접근하는 것으로 확인

5. 2번째 Private VLAN 구성하기
설계

10.10.3.1 과 같은 IP가 필요한 경우는 더 큰 클라스의 subnet을 사용해야 합니다

6. 서버들의 설정

<br />

6.1 Server1

vi /etc/sysconfig/network-scripts/ ifcfg-eth0-range0

IPADDR_START=’10.10.3.1′

IPADDR_END=’10.10.3.1′

CLONENUM_START=’1′

NETMASK=’255.255.248.0′

6.2 Server2
vi /etc/sysconfig/network-scripts/ ifcfg-eth0-range0

IPADDR_START=’10.10.4.1′

IPADDR_END=’10.10.4.1′

CLONENUM_START=’1′

NETMASK=’255.255.248.0′

6.3 In vyatta

set interfaces bonding bond0 vif 989 address ‘10.10.0.1/21’

set interfaces bonding bond0 vif 989 address ‘10.132.123.129/26’

6.4 확인

6.5 Server1
Ifconfig 정보



Route

6.6 Server2 정보
Ifconfig 정보



Route 정보

7. Vyatta

vyatta@vyatta989:~$ configure

[edit]
vyatta@vyatta989# show interfaces

bonding bond0 {

address 10.132.116.200/26

hash-policy layer3+4

mode 802.3ad

vif 989 {

address 10.10.0.1/21

address 10.132.123.129/26

}

vrrp {

vrrp-group 2 {

preempt false

priority 254

rfc3768-compatibility

sync-group vgroup2

virtual-address 10.132.116.199/26

}

}

}

bonding bond1 {

address 161.202.97.234/28

address 2401:c900:1001:007e:0000:0000:0000:0007/64

hash-policy layer3+4

mode 802.3ad

vrrp {

vrrp-group 2 {

preempt false

priority 254

rfc3768-compatibility

sync-group vgroup2

virtual-address 161.202.97.233/28

}

}

}

ethernet eth0 {

bond-group bond0

hw-id 0c:c4:7a:1e:b9:88

:

bonding bond0 {

address 10.132.116.200/26

hash-policy layer3+4

mode 802.3ad

1 vif 989 {


1 address 10.10.0.1/21


1 address 10.132.123.129/26


1 }


vrrp {

vrrp-group 2 {

preempt false

priority 254

rfc3768-compatibility

sync-group vgroup2

virtual-address 10.132.116.199/26

}

}

}

bonding bond1 {

address 161.202.97.234/28

address 2401:c900:1001:007e:0000:0000:0000:0007/64

hash-policy layer3+4

mode 802.3ad

vrrp {

vrrp-group 2 {

preempt false

priority 254

rfc3768-compatibility

sync-group vgroup2

virtual-address 161.202.97.233/28

}

}

}

ethernet eth0 {

bond-group bond0

hw-id 0c:c4:7a:1e:b9:88

speed auto

}

ethernet eth1 {

bond-group bond1

hw-id 0c:c4:7a:1e:b9:89

speed auto

}

ethernet eth2 {

bond-group bond0

hw-id 0c:c4:7a:1e:b9:8a

speed auto

}

ethernet eth3 {

bond-group bond1

hw-id 0c:c4:7a:1e:b9:8b

speed auto

}

ethernet eth4 {

duplex auto

hw-id 0c:c4:7a:1e:b9:8c

speed auto

}

ethernet eth5 {

duplex auto

hw-id 0c:c4:7a:1e:b9:8d

speed auto

}

loopback lo {

}

[edit]