代写COMP304、代写Java/Python编程

日期：2023-04-10 08:39

THE UNIVERSITY OF WAIKATO

Department of Computer Science

COMP304-23A — Advanced Networking & Cyber Security

Assignment 1 - Routing with OSPF

Version of February 13, 2023

1 Introduction

The goals of this assignment are:

• to improve your understanding of OSPF by using it in a network

• become familiar with the way routers are configured by using an interface

similar to that of a typical router

In this assignment, you will configure the internal routing for your network in

the mini-Internet. The next assignment will follow on from this assignment

and you will connect your network with the network’s of all the students in

your class by configuring external routing. By the end, as a class, you will

have created your own version of the Internet using the real protocols actually

used today on the Internet.

For this assignment, you will configure virtual software routers rather than

physical routing hardware. These routers are running FRRouting. FRRouting

(FRR)1

is a popular routing protocol suite. FRRouting speaks many routing

protocols including OSPF and BGP and installs the routing decisions into the

Linux kernel. It has a management console interface that is similar to Cisco’s

IOS commands. FRRouting is a “real” technology used in real networks (not

just for teaching).

Note: Unlike the labs, this assignment is an individual. Work on your own.

You may discuss the assignment in general terms but do not look at anyone

else’s configuration or show them yours. If you need help, ask the lecturer in

person or by email, or post on Moodle. Please do not post configurations on

Moodle.

1.1 The mini-Internet

You have already accessed mini-Internet for labs, but the information is re peated here. The mini-Internet is a teaching project developed by ETH

Zurich2

. As a student, you are each given your own Autonomous System

(AS) to manage and configure.

1https://frrouting.org/

2The mini-Internet project https://github.com/nsg-ethz/mini_internet_project

1

The mini-Internet gives you access to several Docker containers. These Docker

containers behave like real hosts, switches, and routers; with the main differ ence being that you cannot reboot or shut them down. All of these networks

run on a single server, mini.cms.waikato.ac.nz. In the second assignment,

you will connect your AS with other students in your class.

1.2 Accessing the mini-Internet

You can access the mini-Internet using the secure shell (ssh) command, you

can access it either from home or the lab. One host within your network is

pre-configured with a secure shell server which is exposed on a unique port

on mini.cms.waikato.ac.nz. Your unique port number is 52000 added to

your AS number. You will receive an individual email with your AS number

and password; it is your responsibility to keep it confidential. Please do not

change this password. If you want to simplify access, please set up an SSH key

instead, details of which are included in the first lab.

The command to connect to the mini-Internet is:

ssh root@mini.cms.waikato.ac.nz -p <your ssh port number>

1.3 Accessing Routers, Hosts and Switches

Using the ./goto.sh script in the proxy container you can access any router,

host, or switch you wish. You can always see the container you are logged

into by looking at the hostname on the left of your terminal. To exit any

container back to the proxy you can press ctrl+d or type exit. You can log

in to multiple hosts or routers at once, or even the same one twice.

Accessing routers. Access a router using ./goto.sh <router name> router.

For example to access the router HAML:

root@gXX-proxy:~# ./goto.sh HAML router

Now you are in the FRRouting CLI on the router HAML. See 2.1 for details

on how to use this interface.

Accessing hosts. Each location shown in Figure 1 has a host attached di rectly to the router. To access the host attached to a router use the command

./goto.sh <host name> host. For example to access the NEWY host use:

root@gXX-proxy:~# ./goto.sh NEWY host

Recall for the lab tasks, you could access hosts in the UNIV network as follows:

root@gXX-proxy:~# ./goto.sh UNIV west-1

2

Now you are in a standard Linux shell, where you can run commands like ip

just as you have done in the lab exercises.

Accessing switches. Accessing switches is not required for this course.

However, for completeness, use ./goto.sh UNIV <switch name> to access a

switch. For example to access the EAST switch use:

root@gXX-proxy:~# ./goto.sh UNIV EAST

Now you are in a standard Linux shell, the switches are running the Open

vSwitch software.

1.4 Backing Up Your Configuration

You can create a backup of the running configuration on your routers using

the ./save_configs.sh command on the proxy host. ./save_configs.sh

will create a folder configs [date] [time] and a zipped version of that folder.

You should keep regular backups of your configuration. You will also need to

submit this zip file as the final version of your configuration.

You can copy this off the proxy host using the scp command. For example on

your home or lab machine run:

scp -P <port number> \

root@mini.cms.waikato.ac.nz:<config name>.zip ./dst/path/

Note: you supply the port number to scp using the capital ‘-P’ option, rather

than the lowercase ‘-p’ like with ssh. In the command above ‘\’ splits this

long line across two, a terminal will remove the ‘\’ and run the command as

if it was on a single line.

1.5 Mini-Internet Help

If you have problems, please email the lecturer as soon as possible, if you

have any issues accessing your containers or other problems. Also, check the

Assignment section on Moodle for FAQs about this assignment.

1.6 Network Topology

Figure 1 shows your layer 3 network, which your task is to configure in this

assignment. All up you have 8 routers to configure with OSPF. Each router

has a host attached directly to it. In this assignment, you will configure these 8

routers using OSPF to establish full network connectivity between all routers

and hosts. Additionally, there is a DNS server (attached to LOND), this

provides you with forward and reverse DNS name resolution for the links and

3

MEASUREMENT

X.0.199.2/24

DNS

198.0.0.100/24

6

BOST

5

NEWY

7

ATLA

ZURI

8 TRGA

4

3

PARI

HAML

2

Provider 1 (link 2)

Provider 1 (link 1)

Provider 2

Customer 1 (link 2)

Customer 1 (link 1)

Customer 2

IXP

Peer

1

LOND

You have been assigned the network prefix:

X.0.0.0/8

Where X is your AS number and Y is the

location number, for example, NEWY is 5

Router loopback address: X.[150+Y].0.1/32

Each location has a host attached (not shown)

Host network: X.[100+Y].0.0/24

--> host: X.[100+Y].0.1

--> router: X.[100+Y].0.2

Figure 1: The internal layout and address plan of your AS. You have been

assigned an entire /8 to number your network. X.0.0.0/8 where X is the

network number given to you in your email. Each router shown has a host

attached. The addresses and subnets which you should configure for each

interface are shown. In this assignment, you should not configure the external

links shown in blue, leave these interfaces unconfigured.

hosts in your network (based on the numbering shown). Your hosts are pre configured to use this DNS server for commands including traceroute. DNS

will start working once you configure OSPF to share routes and a default route

on each host.

In addition, there is a MEASUREMENT host attached to HAML. You will

use this in the next assignment. This diagram also includes external network

links — such as customers, peers, and the IXP — which you will also use in

the next assignment. For now, you don’t need to worry about them. Once

you configure OSPF in this assignment, it will share the measurement route

throughout the network, this is expected behaviour.

2 Using the Routers

2.1 FRRouting Command Line Interface

You will need to configure FRRouting via its command line interface. It

presents a command line configuration interface similar to that used by other

router vendors such as Cisco or Juniper. One of the goals of this assignment

is to become familiar with an interface like that of a physical router.

You’ll find this interface is similar to using the Linux commands. For example,

instead of using the Linux command:

host# ip addr add 10.0.1.2/24 dev port_BOST

In FRRouting you would run:

router# configure terminal

router(config)# interface port_BOST

router(config-if)# ip address 10.0.1.2/24

When you first open the FRR CLI you begin in enable mode. To make

any changes we first have to enter into configuration mode. This is what

the configure command does. Then we enter the interface that we want

to configure (interface port_BOST). And finally set the IP address. From

here we can type end to return to enable mode. If we wanted to remove

this IP address, we would re-run the command prefixed by no. For example:

router(config-if)# no ip address 10.0.1.2/24

You can get help in the FRRouting CLI at any point by using <Tab> and ?.

Typing <Tab> will show you command completion options. And typing ? will

show you the commands available along with help.

Additionally, when in enable mode, you can use show running-config to print

out your configuration at any time.

You will be able to find documentation for FRRouting and OSPF on the web

that will help guide you through configuring FRRouting.

The official FRRouting documentation is here, we are running version 7.5.1:

http://docs.frrouting.org/en/latest/. For a quick start guide, see con figuring interfaces: https://github.com/rsanger/mini_internet_project/

wiki/2.5.2-Configuring-router-interfaces. Configuring OSPF: https:

//github.com/rsanger/mini_internet_project/wiki/2.5.4-Configure-OSPF.

Note: your assignment is different to theirs and has some extra steps not cov ered in that guide.

Also, check the Assignment section on Moodle if you are having trouble.

5

3 Configuring the Networks

This assignment has the following layout. You first demonstrate your ability to

plan the addresses on a small network. You will then configure your network

using the addressing plan provided. You will configure OSPF, and then finally

configure better metrics on your links to reduce the latency of the paths OSPF

selects.

3.1 Keeping Notes

You should keep track of the commands that you use for each step in this

assignment. You’ll find you often will need to come back to them. Also, take

note of any issues you have and submit this along with your configuration. A

full report is not required, these notes do not have to be typed, submitting

photos of handwritten notes is absolutely fine.

Some steps require you to submit evidence; these are highlighted in bold text.

Make sure you include the required information in your submission.

You will find that you are required to enter similar configuration on all of the

routers. You may find it useful to copy-paste the same series of commands

with addresses etc. updated where appropriate.

3.2 Addressing a Small Network

5

NEWY

7

ATLA

ZURI

8

15 Hosts

19 Hosts

9 Hosts

Figure 2: A portion of Figure 1 for you to address.

The address plan provided for you to follow in this assignment does not make

efficient usage of the address space. However, planning the efficient usage of

IPv4 address space is an important skill to master.

6

1. Following the process described in the IP addressing lectures, determine

the smallest prefix size that you would need to address the network shown

in Figure 2. Remember to allocate subnets for loopback addresses, the

three links between the routers, and the switched networks to support

the number of hosts listed.

2. Once you have determined the smallest prefix size, assign addresses out

of the range X.0.0.0/<prefix> (where X is your assigned AS number) to

the subnets.

Include both a copy of your working and the network addresses you

have allocated for each subnet. You can submit this as an image.

3.3 Interface Configuration

The first step in configuring your network is assigning the correct IP addresses

to interfaces. Refer to Figure 1 for the numbering to use. Routers and hosts

have been pre-configured with interface names. The interfaces are as follows:

Router: Configure IP addresses of these interfaces

host connected directly to the host in the same location

lo the loopback interface

port_DEST the port connected to the DEST router, e.g. port_HAML

Router: Do not change the configuration of these interfaces

ext_AS_* ports connected to external ASes, e.g. ext_8_TRGA

ssh pre-configured, ssh communication channel

dns_AS LOND, pre-configured, connects to DNS server

measurement_AS HAML, pre-configured, connects to measurement host

matrix_AS PARI, pre-configured used for measurement

TRGA-L2 a link to the UNIV network NORTH switch

Hosts:

DESTrouter configure, linked to the external router

lo the loopback, don’t configure on hosts

ssh pre-configured, ssh channel, don’t change

To configure an address on a router you will need to use the appropriate

FRRouting command (see Section 2.1), whereas you configure an address on

a host using the ip command like in the lab. You do not need to make the

configuration persistent on the hosts.

On the hosts, you only need to configure the interface connected to the router.

Unlike routers, hosts are not configured with publicly reachable loopback ad dresses.

3. Configure all interfaces between adjacent hosts and routers based on the

numbering in Figure 1. Your hosts should be numbered X.[100+Y].0.1/24,

and routers X.[100+Y].0.2/24, where X is your AS number and Y is

the location number shown beside each router in Figure 1. For example,

the host interface on the NEWY router should be assigned the address

7

X.105.0.2/24. Once configured, verify each host can reach its respective

router using ping.

4. Configure all router loopback interfaces based on the numbering in Fig ure 1. A router’s loopback address should be numbered X.[150+Y].0.1/32.

For example, PARI would be given the loopback address of X.153.0.1/32.

5. Configure addresses on all the internal links shown in Figure 1. Ensure

that each router can ping its directly connected neighbours via the di rectly connected interfaces. At this stage, there are only routes for the

directly connected networks; non-adjacent interfaces will not be able to

communicate.

3.4 OSPF Configuration

6. The next step is to configure OSPF on all of your routers (LOND, HAML,

PARI, TRGA, NEWY, BOST, ATLA, ZURI). Use the OSPF backbone area

0.0.0.0. On each router you need to first set the router id used by

OSPF to the router’s loopback address. Then tell OSPF which networks

to “speak” OSPF on and tell it it can share (a.k.a. redistribute) routes

that are known because the router is directly connected to the subnet.

Refer to the documentation in Section 2.1 to figure out how to do this.

Once they are exchanging network state and routes then each router

should be able to send IP packets to all other routers’ interfaces including

non-local subnets and the router loopback addresses.

It is best to start configuring two neighbouring routers first. Once that is

working, repeat this step for all remaining routers.

7. Check that all the enterprise routers can ping and traceroute all other

routers.

8. Add a default route on the hosts to their corresponding router. Then

ensure that hosts can reach all other hosts on the network.

9. Check each router’s routing table, the OSPF database and the OSPF

routing table. Spend a bit of time making sure you understand the

relationship between these tables. You might also like to look at the rest

of the OSPF information the router has.

3.5 Ensure OSPF Packets are not Leaked

It is bad practice to “speak” OSPF on interfaces without an OSPF router

attached. Doing so leaves your network vulnerable to route hijacking; where a

malicious host could form an OSPF adjacency and inject their own routes. In

this step, you will verify that the hosts are not receiving OSPF packets.

10. Verify the hosts are not receiving OSPF packets. The simplest way to do

this is to capture traffic on the hosts using tcpdump. Alternatively, look

8

at the OSPF interface configuration on the router. If hosts are receiving

OSPF packets, make changes to your OSPF configuration to fix this.

3.6 OSPF Traffic Engineering

The next step is to look at changing link costs to modify OSPF’s routing

decisions.

11. Measure and record the latency of all of the links between the routers.

The latency on the host links is negligible. Optionally, you can choose

to factor in the bandwidth of these links by running iperf3 between the

hosts. Note: you can run ping from a router, but not iperf3; iperf3 is

an application and only runs in hosts.

Link Latency Bandwidth (Opt.) Cost

LOND (1) < − > BOST (6)

LOND (1) < − > NEWY (5)

LOND (1) < − > PARI (3)

LOND (1) < − > HAML (2)

NEWY (5) < − > BOST (6)

NEWY (5) < − > PARI (3)

NEWY (5) < − > ZURI (8)

NEWY (5) < − > ATLA (7)

ZURI (8) < − > ATLA (7)

ZURI (8) < − > TRGA (4)

ZURI (8) < − > PARI (3)

PARI (3) < − > TRGA (4)

PARI (3) < − > HAML (2)

It may also be useful to sketch the latency on the network diagram.

Include the latencies you measured and the new link costs that

plan in Step 13 in your submission

12. By default, all links will have the same default cost, so OSPF will cur rently pick the path with the fewest hops. You can find the default cost

by running show ip ospf interface. Find an example of a particularly

high latency path.

In your submission, include the output of traceroute of this

high-latency path

13. Plan new link costs that prefer low-latency paths and apply the OSPF

costs on your network links. You don’t have to apply costs to all links

for this step, e.g. you can increase the cost for high latency links while

leaving all other links at their default. In FRR, you configure this cost on

the interface, rather than from within the router ospf configuration

item. Note: you will need to apply the new cost to both ends of a link,

otherwise it will only apply to traffic in one direction.

14. Verify that this has corrected the high-latency path you identified above.

In your submission, include the new output of traceroute

9

3.7 Finishing up

15. Check the routing table on all of the routers, they all should include

routes to every host network, link, and router loopback. Check hosts

can ping each other and router loopbacks. You can also check https://

mini.cms.waikato.ac.nz/matrix/matrix.html, which shows whether

a network is reachable from another. Your network AS number should

show as being reachable from itself, i.e. a green square on the diagonal

line for your AS number. You’ll use this connectivity matrix further in

Assignment 2.

16. Have a go at answering the questions on the next page. These aren’t

worth any marks, but are instead to help ensure you understand the

concepts.

17. Check over your configuration and make sure it is tidy. Use the no

command to remove any unintended lines from your router configuration.

Use show running-config to check for anything odd you have left in

your configuration. Verify reachability between your hosts. Save a copy

of your configuration using the ./save_configs.sh script and download

the .zip archive using scp (see Section 1.4). You must submit this .zip

on Moodle, along with your readme, link costs and addressing plan (see

the checklist in Section 5.1).

10

4 Questions

Answer the following questions to ensure you understand what is happening.

You will need to run commands to answer the questions.

Note: You do not need to submit your answers to the questions unless you are

unsure about an answer and would like it checked. There are no marks allo cated to the questions and you will not lose marks for submitting an incorrect

answer.

1. On each network to which the routers are connected, identify the OSPF

Designated Router.

2. What routes derived from OSPF appear in each router’s forwarding ta ble?

3. Which of these, if any, are OSPF external routes?

4. (a) What are the two numbers in [110/20]? What is each used for?

(b) Which route or routes derived from OSPF have the highest metric?

(c) Why is that metric value the number that it is?

5. (a) What link-state advertisements (LSAs) appear in each router’s topol ogy database?

(b) Which router LSAs, if any, describe an Autonomous System Bound ary Router (ASBR)? Explain why this is the case.

6. Demonstrate the frequency with which keep-alive (HELLO) packets are

being sent and received across an interface within the internal network

(pick any pair of internal routers). This question is about what is actually

happening, not what is configured.

7. Disable one link on a two-hop path and show that the traffic will take an other path with a higher metric/cost (Use (config)# interface port_X

followed by (config-if)# shutdown to disable an interface and

(config-if)# no shutdown to bring it back up again.

11

5 Assessment

Your assignment must be submitted in electronic form using Moodle. Do not

submit anything physical. You may submit either a set of files or an archive

containing multiple files made using tar or zip. Please do not use a different

archive program (like 7z for example).

Your submission must include:

• Documentation of the numbering plan for your routers. Submit this as

a png or jpeg file called number-plan.png or number-plan.jpg.

• Full and unmodified router configurations for all routers saved using

./save_configs.sh as described in Section 1.4 above. Upload this

zipped file without modification.

• The latencies you observed originally in the network, and your planned

costs. And the outputs of traceroute from before and after showing the

link you have corrected. Name these files with the name of the step (i.e.

step-11, step-12 and step-14) and submit these as either txt, pdf, png,

or jpg format.

• A readme.txt file containing the step you reached and any problems you

encountered.

• Optionally, a notes.txt or notes.pdf file containing any notes you have

taken.

Part Marks

Demonstrate assigning addresses to a network 1

IPv4 addresses configured on interfaces 1

Hosts configured with default routes 1

OSPF up and making all subnets (including the loop back addresses) reachable.

4

No OSPF packets leaking to hosts 1

OSPF link costs assigned correctly 2

10

12

5.1 Final Checklist

Used the correct IP address range as described in Figure 1

Submitted, via Moodle, number-plan.png or number-plan.jpg

Submitted, via Moodle, your configuration from save_configs.sh

Submitted, via Moodle, your latency measurements and metric plan

step-11.txt or step-11.jpg

Check you have:

Submitted, via Moodle, your high-latency traceroute step-12.txt

Submitted, via Moodle, your new traceroute named step-14.txt

Submitted, via Moodle, readme.txt

Re-read the submission and assessment instructions above.

13

A Testing and Troubleshooting

A.1 Ping and Traceroute

ping and traceroute are often the starting point of debugging. For example,

use ping to answer the questions: “What can you reach and what can’t you?”

and “Can you ping to each interface along the path you expect the packets to

follow?”

The traceroute command is also very helpful. Remember, though, that

traceroute shows the forward path only and that a failure at a particular hop

may be because the reply packets can not get back to the source.

A.2 Can’t ping adjacent interfaces

• Check that the interfaces are in the same subnet and that this is different

to all other subnets on each router.

• Use show interface brief to check that you have assigned the correct

address to the correct interface.

• If possible, try using capturing packets from a host using tcpdump to see

if the packets are leaving on the interface you expect and arriving on the

router interface.

• If you still can not ping try deleting and re-typing your interface configu ration (using no remove a part of the configuration) and then re-enter it.

But first, save a copy of your configuration using ./save_configs.sh so

you can refer back to it if needed.

• Finally, check and recheck your addresses and interface connections. It’s

too easy to “not see” a reversed or changed digit when you’re expecting

to see the correct values!

A.3 Forwarding and Route Information

The command show ip route (from operational mode) shows the routers for warding table. This includes the routes that have been selected from the

various routing protocols, static routes and directly connected networks. Note

that the source of the route is included in the output (e.g. O for OSPF).

The command show ip route ospf shows the routes in the forwarding table

that have come from OSPF (but not all the route that OSPF knows about...

see the OSPF section below for that).

A.4 OSPF Information

show ip ospf prints information about the OSPF area.

14

show ip ospf neighbor shows what neighbours OSPF is communicating with.

It’s a good quick check if something seems not to be working with OSPF.

show ip ospf interface gives information about the instance of OSPF that

is communicating over the subnet attached to that interface. It includes, for

example, the number of neighbours found and the identity of the DR and BDR.

show ip ospf route and show ip ospf database show the information that

OSPF knows about the network, including all the prefixes that it’s learned.

A.5 OSPF not working

1. Check the forwarding table show ip route to check that it is, in fact,

OSPF that’s not working. You should see both one and two-hop routes

marked as coming from OSPF.

2. Check whether OSPF is seeing its neighbours (show ip ospf neighbor).

If not, check that you have a separate network clause for each network

you want OSPF to operate on.

3. If OSPF isn’t seeing its neighbours, but you have correct network clauses,

check basic connectivity between the routers.

4. If OSPF can see its neighbours but no routes are being shared, check that

you have told OSPF to share (redistribute) the appropriate routes

(e.g. for step 3.4 directly connected networks).

15