inetdoc.net

Voici un exemple pour le routeur R2.

sudo apt install snapd
sudo snap install lxd
sudo adduser etu lxd

Après déconnexion - reconnexion, on peut passer à l'étape de définition du profil par défaut pour la création des conteneurs.

lxd init
Would you like to use LXD clustering? (yes/no) [default=no]:
Do you want to configure a new storage pool? (yes/no) [default=yes]:
Name of the new storage pool [default=default]:
Name of the storage backend to use (cephobject, dir, lvm, btrfs, ceph) [default=btrfs]:
Create a new BTRFS pool? (yes/no) [default=yes]:
Would you like to use an existing empty block device (e.g. a disk or partition)? (yes/no) [default=no]:
Size in GiB of the new loop device (1GiB minimum) [default=23GiB]:
Would you like to connect to a MAAS server? (yes/no) [default=no]:
Would you like to create a new local network bridge? (yes/no) [default=yes]: no
Would you like to configure LXD to use an existing bridge or host interface? (yes/no) [default=no]: yes
Name of the existing bridge or host interface: sw-vlan20
Would you like the LXD server to be available over the network? (yes/no) [default=no]:
Would you like stale cached images to be updated automatically? (yes/no) [default=yes]:
Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]:

lxc profile device set default eth0 nictype bridged

Voici une copie du profil après configuration.

lxc profile show default
config: {}
description: Default LXD profile
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: sw-vlan20
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: default
used_by: []

On commence par la création des 3 conteneurs demandés.

for i in {0..2}
do
        lxc launch images:debian/12 c$i
done

lxc ls
+------+---------+------+------+-----------+-----------+
| NAME |  STATE  | IPV4 | IPV6 |   TYPE    | SNAPSHOTS |
+------+---------+------+------+-----------+-----------+
| c0   | RUNNING |      |      | CONTAINER | 0         |
+------+---------+------+------+-----------+-----------+
| c1   | RUNNING |      |      | CONTAINER | 0         |
+------+---------+------+------+-----------+-----------+
| c2   | RUNNING |      |      | CONTAINER | 0         |
+------+---------+------+------+-----------+-----------+

Les conteneurs sont bien lancés. On peut passer à l'adressage automatisé. On applique les adresses avec une boucle.

for i in {0..2}
do
        echo ">>>>>>>>>>>>>>>>> c$i"
config=$(cat << EOF
[Match]
Name=eth0

[Network]
DHCP=false
Address=10.20.0.$((i + 10))/24
Gateway=10.20.0.1
DNS=172.16.0.2
Address=fd14:ca46:3864:14::$(printf "%x" $((i + 10)))/64
Gateway=fd14:ca46:3864:14::1
DNS=2620:fe::fe
EOF
)
        lxc exec c$i -- bash -c "echo \"${config}\" | tee /etc/systemd/network/eth0.network"
        lxc exec c$i -- systemctl restart systemd-networkd
done

Suivant les préfixes réseau attribués, on obtient le résultat ci-dessous.

lxc ls
+------+---------+-------------------+-----------------------------+-----------+-----------+
| NAME |  STATE  |       IPV4        |            IPV6             |   TYPE    | SNAPSHOTS |
+------+---------+-------------------+-----------------------------+-----------+-----------+
| c0   | RUNNING | 10.20.0.10 (eth0) | fd14:ca46:3864:14::a (eth0) | CONTAINER | 0         |
+------+---------+-------------------+-----------------------------+-----------+-----------+
| c1   | RUNNING | 10.20.0.11 (eth0) | fd14:ca46:3864:14::b (eth0) | CONTAINER | 0         |
+------+---------+-------------------+-----------------------------+-----------+-----------+
| c2   | RUNNING | 10.20.0.12 (eth0) | fd14:ca46:3864:14::c (eth0) | CONTAINER | 0         |
+------+---------+-------------------+-----------------------------+-----------+-----------+

lxc exec c0 -- ping -qc2 9.9.9.9
PING 9.9.9.9 (9.9.9.9) 56(84) bytes of data.

--- 9.9.9.9 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1006ms

lxc exec c0 -- ping -qc2 2620:fe::fe
PING 2620:fe::fe(2620:fe::fe) 56 data bytes

--- 2620:fe::fe ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1010ms

Les préfixes réseau IPv4 et IPv6 ne sont pas annoncés via le protocole de routage dynamique. Par conséquent, les routeurs voisins n'ont aucune solution pour acheminer le trafic.

Voici un exemple de configuration pour le routeur R2-vert.

R2# conf t
R2(config)# int sw-vlan20
R2(config-if)# ip ospf area 0
R2(config-if)# ip ospf passive
R2(config-if)# ipv6 ospf6 area 0
R2(config-if)# ipv6 ospf6 passive
R2(config-if)# ^Z

On vérifie que l'interface est bien active pour chacun des deux protocoles de routage dynamique.

R2# sh ip ospf interface sw-vlan20
sw-vlan20 is up
  ifindex 7, MTU 1500 bytes, BW 0 Mbit <UP,BROADCAST,RUNNING,MULTICAST>
  Internet Address 10.20.0.1/24, Broadcast 10.20.0.255, Area 0.0.0.0
  MTU mismatch detection: enabled
  Router ID 0.0.4.2, Network Type BROADCAST, Cost: 10
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 0.0.4.2 Interface Address 10.20.0.1/24
  No backup designated router on this network
  Multicast group memberships: <None>
  Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
    No Hellos (Passive interface)
  Neighbor Count is 0, Adjacent neighbor count is 0

R2# sh ipv6 ospf6 interface sw-vlan20
sw-vlan20 is up, type BROADCAST
  Interface ID: 7
  Internet Address:
    inet : 10.20.0.1/24
    inet6: fd14:ca46:3864:14::1/64
    inet6: fe80::68c5:c6ff:feef:b948/64
  Instance ID 0, Interface MTU 1500 (autodetect: 1500)
  MTU mismatch detection: enabled
  Area ID 0.0.0.0, Cost 10
  State DR, Transmit Delay 1 sec, Priority 1
  Timer intervals configured:
   Hello 10(-), Dead 40, Retransmit 5
  DR: 0.0.6.2 BDR: 0.0.0.0
  Number of I/F scoped LSAs is 1
    0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off]
    0 Pending LSAs for LSAck in Time 00:00:00 [thread off]
  Authentication Trailer is disabled

À partir du routeur R2, on utilise les séquences suivantes :

Voici le résultat obtenu depuis la console du routeur R3.

R3# sh ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

O>* 0.0.0.0/0 [110/10] via 10.48.1.1, enp0s1.481, weight 1, 00:48:18
O>* 10.20.0.0/24 [110/11] via 10.48.2.2, enp0s1.482, weight 1, 00:06:26
C>* 10.30.0.0/24 is directly connected, sw-vlan30, 04:53:34
O>* 10.48.0.0/29 [110/2] via 10.48.1.1, enp0s1.481, weight 1, 01:00:23
  *                      via 10.48.2.2, enp0s1.482, weight 1, 01:00:23
O   10.48.1.0/29 [110/1] is directly connected, enp0s1.481, weight 1, 01:01:06
C>* 10.48.1.0/29 is directly connected, enp0s1.481, 04:53:34
O   10.48.2.0/29 [110/1] is directly connected, enp0s1.482, weight 1, 01:01:03
C>* 10.48.2.0/29 is directly connected, enp0s1.482, 04:53:34

R3# sh ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
       v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

O>* ::/0 [110/10] via fe80::baad:caff:fefe:c8, enp0s1.481, weight 1, 00:45:39
O>* fd14:ca46:3864:14::/64 [110/11] via fe80::baad:caff:fefe:c9, enp0s1.482, weight 1, 00:07:00
C>* fd14:ca46:3864:1e::/64 is directly connected, sw-vlan30, 04:54:21
C * fe80::/64 is directly connected, asw-host, 04:54:20
C * fe80::/64 is directly connected, sw-vlan30, 04:54:21
C * fe80::/64 is directly connected, enp0s1.482, 04:54:22
C * fe80::/64 is directly connected, enp0s1, 04:54:22
C>* fe80::/64 is directly connected, enp0s1.481, 04:54:22