niab isp1 tutorial
lab
Lab diagram
Lab aim
This is the fifth of five labs that make up the niab tutorial. To
complete
the tutorial, it is recommended that you follow the lab-guides in this
order.
demo-lab-guide: Introduction to using niab.
ospf-lab-guide: OSPF tutorial.
bgp-lab-guide: BGP tutorial.
ent1-lab-guide: DNS, email, web tutorial.
isp1-lab-guide: Use external lab
connections.
<< You are here !
Covers the configuration and support of links between labs, and links
from
labs to the host system and then on to the Internet.
Lab overview
View the lab diagram 'isp1.png' supplied with this lab.
The isp1 network consists of:
- A single BGP AS covering an HQ site and 2 PoP's (Point of Presence).
- A single OSPF area 0 covering the whole of the isp1 network.
- An inter lab link between isp1r01-eth2 and ent1fw01-eth2
(With static routing from isp1r01 to the ent1 network)
- A lab to host system link between isp1r03-eth2 and the host system
interface
isp1host. (With a default route from the isp1 network to the host
system)
- A single server, isp1s01.
- DNS Service (bind), domain name = isp1.niab.info
- Mail service (exim)
- Web Server Service (apache)
- A single client host, isp1c01.
- email client
- mutt text based email client
- courier imap for reading mail
- exim MTA for sending mail
- lynx text based web client.
- One user.
- username: user1 password: guest [valid on isp1c01]
- One Firewall, isp1fw01, protecting the servers and clients.
Lab instructions
1) Restore
the lab
We perform
the same steps as described in the 'demo' tutorial.
- start the
lab
[ncarter:~/niab-labs/isp1]>niab
start
[ncarter:~/niab-labs/isp1]>
- wait for
nodes to boot (tail log/*.log file to view boot progress)
- restore the
lab configuration
Only attempt
this once all the nodes are fully booted.
[ncarter:~/niab-labs/isp1]>niab
restore
niab: node
'isp1c01' config restored from ./node-configs/isp1c01
niab: node
'isp1fw01' config restored from ./node-configs/isp1fw01
niab: node
'isp1r01' config restored from ./node-configs/isp1r01
niab: node
'isp1r02' config restored from ./node-configs/isp1r02
niab: node
'isp1r03' config restored from ./node-configs/isp1r03
niab: node
'isp1r04' config restored from ./node-configs/isp1r04
niab: node
'isp1s01' config restored from ./node-configs/isp1s01
[ncarter:~/niab-labs/isp1]>
- stop the lab
[ncarter:~/niab-labs/isp1]>niab
stop
[ncarter:~/niab-labs/isp1]>
- wait for
nodes to stop
- start the
lab
Only attempt
this once all nodes have stopped.
[ncarter:~/niab-labs/isp1]>niab
start
[ncarter:~/niab-labs/isp1]>
- wait for
nodes to boot (tail log/*.log file to view boot progress)
2) Connect to
node isp1c01, and log in as user: user1, password: guest
If you are
running X-Windows:
[ncarter:~/niab-labs/isp1]>niab
term isp1c01
[ncarter:~/niab-labs/isp1]>
An xterm
connected to isp1c01, displaying a login prompt, will appear.
If you are
not running X-Windows:
- use 'niab
nodes' command to find out which tcp port is bound to ent1s01
- telnet to
the tcp port
3) Check
connectivity within the isp1 lab
All hosts in
this lab should be able to ping each other.
- ping each
remote host
user1@isp1c01:~$
ping -c 2 isp1s01
PING
isp1s01.isp1.niab.info (10.128.82.66): 56 data bytes
64 bytes from
10.128.82.66: icmp_seq=0 ttl=63 time=26.7 ms
64 bytes from
10.128.82.66: icmp_seq=1 ttl=63 time=2.5 ms
---
isp1s01.isp1.niab.info ping statistics ---
2 packets
transmitted, 2 packets received, 0% packet loss
round-trip
min/avg/max = 2.5/14.6/26.7 ms
user1@isp1c01:~$
Repeat for
the 5 other remote nodes.
If any of
these pings fail then its time to start troubleshooting, either the
DNS
resolution or network connectivity.
4) Check isp1
lab DNS service
- Perform DNS
lookup on a host name
user1@isp1c01:~$
host isp1s01
isp1s01.isp1.niab.info
A 10.128.82.66
user1@isp1c01:~$
5) Check the
isp1 web service
- start the
lynx text based web client.
user1@isp1c01:~$
lynx www.isp1.niab.info
You should
see a text based version of the apache homepage.
Press 'q' to
exit
6) Set up
user email directories on email server
We need to
create directories to hold email for each user on the email server
(isp1s01)
Login to
isp1s01 as root
Create home
directories for user1
isp1s01:~#
mkdir /home/user1
isp1s01:~#
chown user1 /home/user1
isp1s01:~#
chgrp 500 /home/user1
Check home
directories are created with correct permissions.
isp1s01:~# ls
-l /home
total 4
drwxr-xr-x
2 niab
niab 1024 Jun 30 21:54
niab
drwxr-sr-x
3 user1
500 1024 Jun 30
22:37 user1
Create email
directories for user1
Login to
isp1s01 as user1
user1@isp1s01:~$
maildirmake Maildir
user1@isp1s01:~$
7) Check the
isp1 email service
- Send email
from user1 to user1
user1@isp1c01:~$
mutt
Username at
isp1s01.isp1.niab.info: user1
Password for
user1@isp1s01.isp1.niab.info: guest
You should
now have an the following INBOX mapping
imap://isp1s01.isp1.niab.info/INBOX
- Write an
email
Press the
<m> key (for new mail)
To: user1
Subject: test
email 2
[ Enter the
body of the email using the nano editor]
user1,
This is the
second test email
from
user1 on isp1c01
to
myself
via
the mailserver isp1s01
user1
^x
<Ctrl> 'x' to exit
Save modified
buffer ?
press the
<y> key
press the
<return> key
- send the
email
press the
<y> key
Mail
sent. << This should be displayed at bottom of the
screen.
- Wait for a
minute for mail to arrive
New mail in
this mailbox. << This should be displayed at bottom of the screen.
- Read the
mail and exit mutt
user1@isp1c01:~$
8) Check if
ent1 lab is still running
On the system
host, use the 'niab summary' command to output a summary of all
your
currently running labs.
[ncarter:~/niab-labs/isp1]>niab
summary
======================
ncarter ==============================
User name:
ncarter Lab name: isp1
Full path to
lab: /home/ncarter/niab/labs/isp1
Active Nodes
= 7, requiring a total of 448 MB of host RAM
Active Links
= 10, including 1 eth2lab and 1 eth2host
User name:
ncarter Lab name: ent1
Full path to
lab: /home/ncarter/niab/labs/ent1
Active Nodes
= 9, requiring a total of 576 MB of host RAM
Active Links
= 9, including 1 eth2lab and 0 eth2host
............................................................
Totals for
user: ncarter
Active Labs =
2
Active Nodes
= 16, requiring a total of 1024 MB of host RAM
Active Links
= 19
[ncarter:~/niab-labs/isp1]>
Here we can
see that both the isp1 lab and the ent1 lab are running.
If the ent1
lab is not running then start it and wait for the nodes to boot.
9) Check
direct connectivity between lab isp1 and lab ent1
- Login to
node isp1r01 as root
- Ping from
isp1r01-eth2 ent1fw01-eth1
isp1r01:~#
ping -c 2 10.128.82.42
PING
10.128.82.42 (10.128.82.42): 56 data bytes
64 bytes from
10.128.82.42: icmp_seq=0 ttl=64 time=1.9 ms
64 bytes from
10.128.82.42: icmp_seq=1 ttl=64 time=1.8 ms
---
10.128.82.42 ping statistics ---
2 packets
transmitted, 2 packets received, 0% packet loss
round-trip
min/avg/max = 1.8/1.8/1.9 ms
isp1r01:~#
10) Check
remote connectivity between lab isp1 and lab ent1
- Ping from
isp1c01-eth0 to ent1c10-eth0
user1@isp1c01:~$
ping -c 2 10.128.68.2
PING
10.128.68.2 (10.128.68.2): 56 data bytes
64 bytes from
10.128.68.2: icmp_seq=0 ttl=58 time=9.9 ms
64 bytes from
10.128.68.2: icmp_seq=1 ttl=58 time=7.0 ms
---
10.128.68.2 ping statistics ---
2 packets
transmitted, 2 packets received, 0% packet loss
round-trip
min/avg/max = 7.0/8.4/9.9 ms
11) Check
remote DNS resolution between lab isp1 and lab ent1
user1@isp1c01:~$
host ent1c10.ent1.niab.info
ent1c10.ent1.niab.info
A 10.128.68.2
user1@isp1c01:~$
12) Check
route from isp1c01 to ent1c10.ent1.niab.info
user1@isp1c01:~$
/usr/sbin/traceroute -n ent1c10.ent1.niab.info
traceroute to
ent1c10.ent1.niab.info (10.128.68.2), 30 hops max, 40 byte
packets
1
10.128.82.73 2 ms 2 ms 3 ms
<< isp1fw01-eth2
2
10.128.82.57 3 ms 2 ms 2 ms
<< isp1r04-eth3
3
10.128.82.1 15 ms 5 ms 3 ms
<< isp1r01-eth1
4
10.128.82.42 5 ms 4 ms 6 ms
<< ent1fw01-eth1
5
10.128.66.1 30 ms 5 ms 7 ms
<< ent1r01-eth0
6
10.128.66.10 25 ms 6 ms 6 ms
<< ent1r10-eth1
7
10.128.68.2 10 ms 7 ms 8 ms
<< ent1c10-eth0
user1@isp1c01:~$
13) Check
remote web service between lab isp1 and lab ent1
user1@isp1c01:~$
lynx www.ent1.niab.info
You should
see a text based version of the apache homepage.
Press 'q' to
exit
14) Check
email service between lab isp1 and ent1
- Send a mail
from user1 on isp1c01 to user10 on ent1c10
user1@isp1c01:~$
mutt
To:
user10@ent1.niab.info
Subject: test
email 3
[ Enter the
body of the email using the nano editor]
user10,
This is the
third test email
from
user1 on isp1c01
to
user10 on ent1c10.ent1.niab.info
via
the mailservers isp1s01, ent1s01.ent1.niab.info
user1
^x
<Ctrl> 'x' to exit
Save modified
buffer ?
press the
<y> key
press the
<return> key
- send the
email
press the
<y> key
Mail
sent. << This should be displayed at bottom of the
screen.
- login to
ent1c10 as user: user10, password: guest.
ent1c10.ent1.niab.info
login: user10
Password:
guest
user10@ent1c10:~$
- Check if
mail has been recieved
user10@ent1c10:~$
mutt
Username at
ent1s01.ent1.niab.info: user10
Password for
user10@ent1s01.ent1.niab.info: guest
user10 should
have one new message [Msgs:2 New:1]
- Read the
message from user1 on isp1c01
- Reply to
the message
- Check user1
on isp1c01 recieves the reply
15) Test isp1
local host connectivity
Ok we are
getting pretty advanced here, so hold on to your hats !
- login to
isp1r03 as root
isp1r03:~#
- ping from
isp1r03-eth2 to hostsystem-isp1host
isp1r03:~#
ping -c 2 10.128.82.50
PING
10.128.82.50 (10.128.82.50): 56 data bytes
64 bytes from
10.128.82.50: icmp_seq=0 ttl=64 time=5.7 ms
64 bytes from
10.128.82.50: icmp_seq=1 ttl=64 time=4.9 ms
---
10.128.82.50 ping statistics ---
2 packets
transmitted, 2 packets received, 0% packet loss
round-trip
min/avg/max = 4.9/5.3/5.7 ms
isp1r03:~#
16) Test isp1
remote host connectivity
Before we can
ping between a remote node in the isp1 lab (that is a node that
is not
directly connected to the host system), the host system needs a route to
the isp1 lab
summary (10.128.80.0/20). Since the ent1 lab is joined 'behind'
the isp1 lab
the host system will also need a route to the ent1 lab summary
(10.128.64.0/20).
To keep things simple we will add a summary route for all
the tutorial
labs (10.128.0.0/16), to the host system.
- Add summary
route on host system to all tutorial labs, via interface isp1host
On the host
system as root
lilburn:~# ip
route add 10.128.0.0/16 via 10.128.82.49
lilburn:~#
- login to
isp1c01
isp1c01.isp1.niab.info
login: user1
Password:
guest
- Ping host
system interface isp1host
user1@isp1c01:~$
ping -c 2 10.128.82.50
PING
10.128.82.50 (10.128.82.50): 56 data bytes
64 bytes from
10.128.82.50: icmp_seq=0 ttl=61 time=10.0 ms
64 bytes from
10.128.82.50: icmp_seq=1 ttl=61 time=8.6 ms
---
10.128.82.50 ping statistics ---
2 packets
transmitted, 2 packets received, 0% packet loss
round-trip
min/avg/max = 8.6/9.3/10.0 ms
user1@isp1c01:~$
If you have
any server services running on your host system you can now connect
to
them. For example to connect to a web server running on your host
system
which is
listening on all interfaces.
user1@isp1c01:~$
lynx 10.128.82.50
17) Connect
labs to the external network / the Internet.
Ok now we are
really pushing things, don't be too dissapointed if you can't get
this to work
first time.
If you host
system is connected to an external network than we can make
connections
from the lab to hosts on the external network by using source NAT
(Network
Address Translation) on the host.
I don't want
this to turn into a tutorial on NAT, but on your system host give
this a go, it
just might work !
- On your
host system, start source NAT for all lab address
On your host
system as root
lilburn:~#
iptables -t nat -A POSTROUTING -s 10.128.0.0/16 -d 0/0 -j MASQUERADE
lilburn:~#
- See if you
can resolve DNS using external DNS servers.
user1@isp1c01:~$
host www.bbc.com
www.bbc.com
A 212.58.224.116
- See if you
can connect to external hosts.
user1@isp1c01:~$
ping -c 2 www.bbc.com
PING
www.bbc.com (212.58.224.116): 56 data bytes
64 bytes from
212.58.224.116: icmp_seq=0 ttl=246 time=20.4 ms
64 bytes from
212.58.224.116: icmp_seq=1 ttl=246 time=20.9 ms
---
www.bbc.com ping statistics ---
2 packets
transmitted, 2 packets received, 0% packet loss
round-trip
min/avg/max = 20.4/20.6/20.9 ms
user1@isp1c01:~$
- Find out
what the latest news is - with a bit of a UK bias :)
user1@isp1c01:~$
lynx www.bbc.com
"England
arrived back at Luton on Friday evening with coach Sven-Goran
Eriksson
defending his tactics after crashing out of Euro 2004 to
hosts
Portugal.
Eriksson's
side went out 6-5 on penalties after the sides drew 2-2."
Oh well never
mind !
- Send an
email from a niab client to your Internet email address.
Please send
the email to an email address that you own. Whoever recieves the
email will
not be able to reply and we don't want niab.info blacklisted as
a spam domain
!! Thanks.
user10@ent1c10:~$
mutt To: <your internet email address here>
18) Have a
play ! If you completely break the lab, you can easily restore the
original
settings using the 'niab restore' command on the host system.
19)
Congratulations if you have got this far, you have completed the niab
tutorial.
Further
guidance on using niab is in the niab-how-to.
Have fun !!
Appendix 1:
IP Subnetting (isp1 tutorial lab)
10.128.80.0/20
- Lab Summary
10.128.80.0/24 - 256 x /32 isp1 dummy0
10.128.81.0/24 - unassigned
10.128.82.0/24 - 32 x /29 isp1 LAN links
10.128.83.0/24 - 64 x /30 isp1 WAN links
10.128.84.0/24 - 10.128.95.0/24 unassigned