niab isp1 tutorial lab

Lab diagram

isp1 lab diagram

Lab aim

This is the fifth of five labs that make up the niab tutorial.  To complete
the tutorial, it is recommended that you follow the lab-guides in this order.
demo-lab-guide: Introduction to using niab.
ospf-lab-guide: OSPF tutorial.
bgp-lab-guide: BGP tutorial.
ent1-lab-guide: DNS, email, web tutorial.
isp1-lab-guide: Use external lab connections.            << You are here !

Covers the configuration and support of links between labs, and links from
labs to the host system and then on to the Internet.

Lab overview

View the lab diagram 'isp1.png' supplied with this lab.

The isp1 network consists of:
- A single BGP AS covering an HQ site and 2 PoP's (Point of Presence).
- A single OSPF area 0 covering the whole of the isp1 network.
- An inter lab link between isp1r01-eth2 and ent1fw01-eth2
  (With static routing from isp1r01 to the ent1 network)
- A lab to host system link between isp1r03-eth2 and the host system interface
isp1host. (With a default route from the isp1 network to the host system)
- A single server, isp1s01.
  - DNS Service (bind), domain name = isp1.niab.info
  - Mail service (exim)
  - Web Server Service (apache)
- A single client host, isp1c01.
  - email client
    - mutt text based email client
    - courier imap for reading mail
    - exim MTA for sending mail
  - lynx text based web client.
- One user.
  - username: user1 password: guest [valid on isp1c01]

- One Firewall, isp1fw01, protecting the servers and clients.

Lab instructions

1) Restore the lab
We perform the same steps as described in the 'demo' tutorial.

- start the lab
[ncarter:~/niab-labs/isp1]>niab start
[ncarter:~/niab-labs/isp1]>

- wait for nodes to boot (tail log/*.log file to view boot progress)

- restore the lab configuration
Only attempt this once all the nodes are fully booted.
[ncarter:~/niab-labs/isp1]>niab restore
niab: node 'isp1c01' config restored from ./node-configs/isp1c01
niab: node 'isp1fw01' config restored from ./node-configs/isp1fw01
niab: node 'isp1r01' config restored from ./node-configs/isp1r01
niab: node 'isp1r02' config restored from ./node-configs/isp1r02
niab: node 'isp1r03' config restored from ./node-configs/isp1r03
niab: node 'isp1r04' config restored from ./node-configs/isp1r04
niab: node 'isp1s01' config restored from ./node-configs/isp1s01
[ncarter:~/niab-labs/isp1]>

- stop the lab
[ncarter:~/niab-labs/isp1]>niab stop
[ncarter:~/niab-labs/isp1]>

- wait for nodes to stop

- start the lab
Only attempt this once all nodes have stopped.
[ncarter:~/niab-labs/isp1]>niab start
[ncarter:~/niab-labs/isp1]>

- wait for nodes to boot (tail log/*.log file to view boot progress)

2) Connect to node isp1c01, and log in as user: user1, password: guest
If you are running X-Windows:
[ncarter:~/niab-labs/isp1]>niab term isp1c01
[ncarter:~/niab-labs/isp1]>
An xterm connected to isp1c01, displaying a login prompt, will appear.

If you are not running X-Windows:
- use 'niab nodes' command to find out which tcp port is bound to ent1s01
- telnet to the tcp port

3) Check connectivity within the isp1 lab
All hosts in this lab should be able to ping each other.
- ping each remote host
user1@isp1c01:~$ ping -c 2 isp1s01
PING isp1s01.isp1.niab.info (10.128.82.66): 56 data bytes
64 bytes from 10.128.82.66: icmp_seq=0 ttl=63 time=26.7 ms
64 bytes from 10.128.82.66: icmp_seq=1 ttl=63 time=2.5 ms

--- isp1s01.isp1.niab.info ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 2.5/14.6/26.7 ms
user1@isp1c01:~$

Repeat for the 5 other remote nodes.

If any of these pings fail then its time to start troubleshooting, either the
DNS resolution or network connectivity.

4) Check isp1 lab DNS service

- Perform DNS lookup on a host name
user1@isp1c01:~$ host isp1s01
isp1s01.isp1.niab.info  A       10.128.82.66
user1@isp1c01:~$

5) Check the isp1 web service

- start the lynx text based web client.
user1@isp1c01:~$ lynx www.isp1.niab.info
You should see a text based version of the apache homepage.
Press 'q' to exit


6) Set up user email directories on email server

We need to create directories to hold email for each user on the email server
(isp1s01)

Login to isp1s01 as root

Create home directories for user1
isp1s01:~# mkdir /home/user1
isp1s01:~# chown user1 /home/user1
isp1s01:~# chgrp 500 /home/user1

Check home directories are created with correct permissions.
isp1s01:~# ls -l /home
total 4
drwxr-xr-x    2 niab     niab         1024 Jun 30 21:54 niab
drwxr-sr-x    3 user1    500          1024 Jun 30 22:37 user1

Create email directories for user1
Login to isp1s01 as user1
user1@isp1s01:~$ maildirmake Maildir
user1@isp1s01:~$


7) Check the isp1 email service

- Send email from user1 to user1
user1@isp1c01:~$ mutt
Username at isp1s01.isp1.niab.info: user1
Password for user1@isp1s01.isp1.niab.info: guest

You should now have an the following INBOX mapping
  imap://isp1s01.isp1.niab.info/INBOX

- Write an email
Press the <m> key (for new mail)
To: user1
Subject: test email 2
[ Enter the body of the email using the nano editor]
user1,

This is the second test email
  from user1 on isp1c01
  to myself
  via the mailserver isp1s01

user1

^x           <Ctrl> 'x' to exit
Save modified buffer ?
press the <y> key
press the <return> key

- send the email
press the <y> key
Mail sent.   << This should be displayed at bottom of the screen.

- Wait for a minute for mail to arrive

New mail in this mailbox. << This should be displayed at bottom of the screen.

- Read the mail and exit mutt
user1@isp1c01:~$

8) Check if ent1 lab is still running
On the system host, use the 'niab summary' command to output a summary of all
your currently running labs.

[ncarter:~/niab-labs/isp1]>niab summary

====================== ncarter ==============================

User name: ncarter  Lab name: isp1
Full path to lab: /home/ncarter/niab/labs/isp1
Active Nodes = 7, requiring a total of 448 MB of host RAM
Active Links = 10, including 1 eth2lab and 1 eth2host

User name: ncarter  Lab name: ent1
Full path to lab: /home/ncarter/niab/labs/ent1
Active Nodes = 9, requiring a total of 576 MB of host RAM
Active Links = 9, including 1 eth2lab and 0 eth2host
............................................................

Totals for user: ncarter
Active Labs = 2
Active Nodes = 16, requiring a total of 1024 MB of host RAM
Active Links = 19

[ncarter:~/niab-labs/isp1]>

Here we can see that both the isp1 lab and the ent1 lab are running.

If the ent1 lab is not running then start it and wait for the nodes to boot.

9) Check direct connectivity between lab isp1 and lab ent1

- Login to node isp1r01 as root

- Ping from isp1r01-eth2 ent1fw01-eth1
isp1r01:~# ping -c 2 10.128.82.42
PING 10.128.82.42 (10.128.82.42): 56 data bytes
64 bytes from 10.128.82.42: icmp_seq=0 ttl=64 time=1.9 ms
64 bytes from 10.128.82.42: icmp_seq=1 ttl=64 time=1.8 ms

--- 10.128.82.42 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 1.8/1.8/1.9 ms
isp1r01:~#


10) Check remote connectivity between lab isp1 and lab ent1

- Ping from isp1c01-eth0 to ent1c10-eth0
user1@isp1c01:~$ ping -c 2 10.128.68.2
PING 10.128.68.2 (10.128.68.2): 56 data bytes
64 bytes from 10.128.68.2: icmp_seq=0 ttl=58 time=9.9 ms
64 bytes from 10.128.68.2: icmp_seq=1 ttl=58 time=7.0 ms

--- 10.128.68.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 7.0/8.4/9.9 ms


11) Check remote DNS resolution between lab isp1 and lab ent1

user1@isp1c01:~$ host ent1c10.ent1.niab.info
ent1c10.ent1.niab.info  A       10.128.68.2
user1@isp1c01:~$

12) Check route from isp1c01 to ent1c10.ent1.niab.info

user1@isp1c01:~$ /usr/sbin/traceroute -n ent1c10.ent1.niab.info
traceroute to ent1c10.ent1.niab.info (10.128.68.2), 30 hops max, 40 byte
 packets
 1  10.128.82.73  2 ms  2 ms  3 ms     << isp1fw01-eth2
 2  10.128.82.57  3 ms  2 ms  2 ms     << isp1r04-eth3
 3  10.128.82.1  15 ms  5 ms  3 ms     << isp1r01-eth1
 4  10.128.82.42  5 ms  4 ms  6 ms     << ent1fw01-eth1
 5  10.128.66.1  30 ms  5 ms  7 ms     << ent1r01-eth0
 6  10.128.66.10  25 ms  6 ms  6 ms    << ent1r10-eth1
 7  10.128.68.2  10 ms  7 ms  8 ms     << ent1c10-eth0
user1@isp1c01:~$


13) Check remote web service between lab isp1 and lab ent1

user1@isp1c01:~$ lynx www.ent1.niab.info
You should see a text based version of the apache homepage.
Press 'q' to exit


14) Check email service between lab isp1 and ent1

- Send a mail from user1 on isp1c01 to user10 on ent1c10
user1@isp1c01:~$ mutt
To: user10@ent1.niab.info
Subject: test email 3
[ Enter the body of the email using the nano editor]
user10,

This is the third test email
  from user1 on isp1c01
  to user10 on ent1c10.ent1.niab.info
  via the mailservers isp1s01, ent1s01.ent1.niab.info

user1

^x           <Ctrl> 'x' to exit
Save modified buffer ?
press the <y> key
press the <return> key

- send the email
press the <y> key
Mail sent.   << This should be displayed at bottom of the screen.

- login to ent1c10 as user: user10, password: guest.
ent1c10.ent1.niab.info login: user10
Password: guest
user10@ent1c10:~$

- Check if mail has been recieved
user10@ent1c10:~$ mutt
Username at ent1s01.ent1.niab.info: user10
Password for user10@ent1s01.ent1.niab.info: guest

user10 should have one new message [Msgs:2 New:1]

- Read the message from user1 on isp1c01
- Reply to the message
- Check user1 on isp1c01 recieves the reply


15) Test isp1 local host connectivity

Ok we are getting pretty advanced here, so hold on to your hats !

- login to isp1r03 as root
isp1r03:~#

- ping from isp1r03-eth2 to hostsystem-isp1host
isp1r03:~# ping -c 2 10.128.82.50
PING 10.128.82.50 (10.128.82.50): 56 data bytes
64 bytes from 10.128.82.50: icmp_seq=0 ttl=64 time=5.7 ms
64 bytes from 10.128.82.50: icmp_seq=1 ttl=64 time=4.9 ms

--- 10.128.82.50 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 4.9/5.3/5.7 ms
isp1r03:~#


16) Test isp1 remote host connectivity

Before we can ping between a remote node in the isp1 lab (that is a node that
is not directly connected to the host system), the host system needs a route to
the isp1 lab summary (10.128.80.0/20).  Since the ent1 lab is joined 'behind'
the isp1 lab the host system will also need a route to the ent1 lab summary
(10.128.64.0/20).  To keep things simple we will add a summary route for all
the tutorial labs (10.128.0.0/16), to the host system.

- Add summary route on host system to all tutorial labs, via interface isp1host
On the host system as root
lilburn:~# ip route add 10.128.0.0/16 via 10.128.82.49
lilburn:~#

- login to isp1c01
isp1c01.isp1.niab.info login: user1
Password: guest

- Ping host system interface isp1host
user1@isp1c01:~$ ping -c 2 10.128.82.50
PING 10.128.82.50 (10.128.82.50): 56 data bytes
64 bytes from 10.128.82.50: icmp_seq=0 ttl=61 time=10.0 ms
64 bytes from 10.128.82.50: icmp_seq=1 ttl=61 time=8.6 ms

--- 10.128.82.50 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 8.6/9.3/10.0 ms
user1@isp1c01:~$

If you have any server services running on your host system you can now connect
to them.  For example to connect to a web server running on your host system
which is listening on all interfaces.
user1@isp1c01:~$ lynx 10.128.82.50


17) Connect labs to the external network / the Internet.

Ok now we are really pushing things, don't be too dissapointed if you can't get
this to work first time.

If you host system is connected to an external network than we can make
connections from the lab to hosts on the external network by using source NAT
(Network Address Translation) on the host.

I don't want this to turn into a tutorial on NAT, but on your system host give
this a go, it just might work !

- On your host system, start source NAT for all lab address
On your host system as root
lilburn:~# iptables -t nat -A POSTROUTING -s 10.128.0.0/16 -d 0/0 -j MASQUERADE
lilburn:~#

- See if you can resolve DNS using external DNS servers.
user1@isp1c01:~$ host www.bbc.com
www.bbc.com             A       212.58.224.116

- See if you can connect to external hosts.
user1@isp1c01:~$ ping -c 2 www.bbc.com
PING www.bbc.com (212.58.224.116): 56 data bytes
64 bytes from 212.58.224.116: icmp_seq=0 ttl=246 time=20.4 ms
64 bytes from 212.58.224.116: icmp_seq=1 ttl=246 time=20.9 ms

--- www.bbc.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 20.4/20.6/20.9 ms
user1@isp1c01:~$

- Find out what the latest news is - with a bit of a UK bias :)
user1@isp1c01:~$ lynx www.bbc.com

 "England arrived back at Luton on Friday evening with coach Sven-Goran
 Eriksson defending his tactics after crashing out of Euro 2004 to
 hosts Portugal.

 Eriksson's side went out 6-5 on penalties after the sides drew 2-2."

Oh well never mind !


- Send an email from a niab client to your Internet email address.
Please send the email to an email address that you own.  Whoever recieves the
email will not be able to reply and we don't want niab.info blacklisted as
a spam domain !! Thanks.
user10@ent1c10:~$ mutt To: <your internet email address here>


18) Have a play !  If you completely break the lab, you can easily restore the
original settings using the 'niab restore' command on the host system.


19) Congratulations if you have got this far, you have completed the niab
tutorial.

Further guidance on using niab is in the niab-how-to.

Have fun !!


Appendix 1: IP Subnetting (isp1 tutorial lab)

10.128.80.0/20 - Lab Summary
  10.128.80.0/24 - 256 x /32 isp1 dummy0
  10.128.81.0/24 - unassigned
  10.128.82.0/24 - 32 x /29 isp1 LAN links
  10.128.83.0/24 - 64 x /30 isp1 WAN links
  10.128.84.0/24 - 10.128.95.0/24 unassigned