Ground Routing
Più volgarmente chiamato Routing a Terra se da una parte semplifica considerevolmente le funzioni del nodo, dall'altra garantisce un single point of failure, quindi prima di fare questo passo assicuriamoci di avere un hardware che possa sopportare un discreto stress.
Cosa serve:
- Router con olsrd e 802.1Q (vlan)
- Switch trasparente alle VLAN
- Device radio di qualsiasi genere
Come si serve:
- Precotto con OpenWRT Scooreggione_v4
Dove si mangia:
- In casa o sul tetto
Come si cucina:
- Configurare il router OWRT ed i device per la "normale" rete casalinga
- Condire la configurazione rete con le necessarie VLAN (1/device)
- Affogare le interfacce create (eth0.x) con le relative interfacce wlan (ath0 or wlan0)
PS: I router cui rapporto qualità/prezzo risultano intriganti sono i seguenti
- TP-Link TL-WR1043ND
- TP-Link TL-WDR3600
- TP-Link TL-WDR4300
- Il WR1043 gestisce VLAN tag e untag su singola porta
- Il WDR3600 ed il WDR4300, purtroppo, gestisccono VLAN tag *OR* untag su singola porta
- Il WR1043 ha la CPU dello switch sulla porta 5
- Il WDR3600 ed il WDR4300 hanno la CPU dello switch sulla porta 0
Con il WDR3600 si dovranno configurare i device con apposita VLAN *ANCHE* sulla LAN
vi /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'pvt'
option ifname 'eth0.1'
option proto 'dhcp'
option type 'bridge'
config interface 'nnx'
option ifname 'eth0.2'
option proto 'static'
option type 'bridge'
option ipaddr '10.CAP.X.YZ'
option broadcast '10.CAP.X.YZ.255'
option netmask '255.255.255.0'
option ip6addr '2001:4c00:893b:CAP::YZ/64'
option dns '10.11.12.13 10.11.12.14'
config interface 'STA6'
option ifname 'eth0.6'
option proto 'static'
option ipaddr '172.16.CAP.X'
option netmask '255.255.0.0'
option ip6addr '2001:4c00:893b:1:CAP::X/128'
config interface 'AP7'
option ifname 'eth0.7'
option proto 'static'
option ipaddr '172.16.CAP.Y'
option netmask '255.255.0.0'
option ip6addr '2001:4c00:893b:1:CAP::Y/128'
config interface 'STA8'
option ifname 'eth0.8'
option proto 'static'
option ipaddr '172.16.171.Z'
option netmask '255.255.0.0'
option ip6addr '2001:4c00:893b:1:CAP::Z/128'
config switch
option name 'eth0' # wdr3600
# option name 'rtl8366rb' # wr1043
option reset '1'
option enable_vlan '1'
# option enable_vlan4k '1' # wr1043
config switch_vlan
option device 'eth0' # wdr3600
# option device 'rtl8366rb' # wr1043
option vlan '2'
option ports '0t 2 3t 4 5' # wdr3600
# option ports '0 2 3 4 5t' # wr1043
config switch_vlan
option device 'eth0' # wdr3600
# option device 'rtl8366rb' # wr1043
option vlan '1'
option ports '0t 1' # wdr3600
# option ports '1 5t' # wr1043
config switch_vlan
option device 'eth0' # wdr3600
# option device 'rtl8366rb' # wr1043
option vlan '6'
option ports '0t 3t' # wdr3600
# option ports '3t 5t' # wr1043
config switch_vlan
option device 'eth0' # wdr3600
# option device 'rtl8366rb' # wr1043
option vlan '7'
option ports '0t 3t' # wdr3600
# option ports '3t 5t' # wr1043
config switch_vlan
option device 'eth0' # wdr3600
# option device 'rtl8366rb' # wr1043
option vlan '8'
option ports '0t 3t' # wdr3600
# option ports '3t 5t' # wr1043 * Olsrd (io uso il file parsato, non UCI, per mia comodità)
vi /etc/config/olsrd4.conf
DebugLevel 0
IpVersion 4
Pollrate 0.025
FIBMetric "flat"
RtTable 111
RtTableDefault 112
UseNiit no
SmartGateway no
Hna4
{
10.CAP.X.0 255.255.255.0
}
UseHysteresis no
TcRedundancy 2
MprCoverage 7
LinkQualityLevel 2
LinkQualityAlgorithm "etx_ff"
LinkQualityAging 0.05
LinkQualityFishEye 1
LoadPlugin "olsrd_txtinfo.so.0.1"
{
PlParam "port" "2006"
PlParam "Accept" "0.0.0.0"
}
LoadPlugin "olsrd_mdns.so.1.0.1"
{
PlParam "NonOlsrIf" "eth0"
PlParam "NonOlsrIf" "br0"
PlParam "MDNS_TTL" "20"
PlParam "TTL_Check" "true"
PlParam "Network_ID" "1"
#PlParam "FilteredHost" "192.168.0.1"
}
LoadPlugin "olsrd_httpinfo.so.0.1"
{
PlParam "Net" "0.0.0.0 0.0.0.0"
PlParam "Port" "1978"
}
InterfaceDefaults {
HelloInterval 3.0
HelloValidityTime 125.0
TcInterval 2.0
TcValidityTime 500.0
MidInterval 25.0
MidValidityTime 500.0
HnaInterval 10.0
HnaValidityTime 125.0
}
Interface "eth0.6" "eth0.7" "eth0.8"
{
Mode "mesh"
# LinkQualityMult 192.168.0.1 0.5
# LinkQualityMult default 0.8
}
--------------------[cutme]------------------------
vi /etc/config/olsrd6.conf
DebugLevel 0
IpVersion 6
Pollrate 0.025
FIBMetric "flat"
UseNiit no
SmartGateway no
Hna6
{
2001:4c00:893b:CAP:: 64
}
UseHysteresis no
TcRedundancy 2
MprCoverage 7
LinkQualityLevel 2
LinkQualityAlgorithm "etx_ff"
LinkQualityAging 0.05
LinkQualityFishEye 1
LoadPlugin "olsrd_txtinfo.so.0.1"
{
PlParam "port" "2007"
PlParam "Accept" "::"
}
LoadPlugin "olsrd_mdns.so.1.0.1"
{
PlParam "NonOlsrIf" "eth0"
PlParam "MDNS_TTL" "20"
PlParam "TTL_Check" "true"
PlParam "Network_ID" "1"
#PlParam "FilteredHost" "2001::1"
}
InterfaceDefaults {
HelloInterval 3.0
HelloValidityTime 125.0
TcInterval 2.0
TcValidityTime 500.0
MidInterval 25.0
MidValidityTime 500.0
HnaInterval 10.0
HnaValidityTime 125.0
}
Interface "eth0.6" "eth0.7" "eth0.8"
{
Mode "mesh"
IPv6Multicast FF02::6D
}Ora stabiliamo un po di regolette all'avvio del router
/etc/rc.local
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
#Usefull rules for Arkanet TP-Links
iptables -t nat -A POSTROUTING -o br-pvt -j MASQUERADE -s 10.CAP.X.0/24
iptables -t nat -A POSTROUTING -o br-nnx -j MASQUERADE -s 192.168.XYZ.0/24
#110 Local routes
#111 RtTable
#112 RtTableDefault
#113 Special Table for /1
#114 blackholes table
#Copy local routes only from table main 254 to table 110
ip route show table 254 | grep -Ev ^default | grep -Ev ^blackhole | while read ROUTE ; do
MASK=`echo "${ROUTE}" | awk '{print $1}' | awk -F/ '{print $2}'`
if [ "$MASK" -ne 16 ] ; then
ip route add table 110 $ROUTE
fi
done
#First evaluate local routes
ip rule add from all lookup 110 pref 3
#Private routes to OLSR table
ip rule add to 10.0.0.0/8 table 111 pref 4
ip rule add to 172.16.0.0/12 table 111 pref 4
ip rule add to 192.168.0.0/16 table 111 pref 4
#Ninux IP Addresses to OLSR table
ip rule add to 176.62.53.0/24 table 111 pref 4
#Evaluate blackholes
ip rule add from all table 114 pref 5
#Send traffic of public addresses to BGP border routers
ip rule add from 176.62.53.0/24 table 113 pref 6
#Lookup default route first from user and then from OLSR
ip rule add from all lookup 254 pref 7
ip rule add from all lookup 112 pref 8
#Blackhole private aggregates
ip route add blackhole 10.0.0.0/8 table 114
ip route add blackhole 172.16.0.0/12 table 114
ip route add blackhole 192.168.0.0/16 table 114
#Blackhole Ninux aggregate
ip route add blackhole 176.62.53.0/24 table 114
#Start olsrd v4 not UCI mode
olsrd -f /etc/config/olsrd4.conf -d 0
#Start olsrd v6 not UCI mode
olsrd -f /etc/config/olsrd6.conf -d 0
#Start radvd not UCI mode
radvd -C /etc/config/radvd.conf
#MTU Clamping
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
ip6tables -I FORWARD -p tcp --syn -j TCPMSS --clamp-mss-to-pmtu
exit 0/etc/config/radvd.conf
interface br-nnx
{
MaxRtrAdvInterval 10;
MinRtrAdvInterval 3;
AdvLinkMTU 1280;
AdvSendAdvert on;
AdvManagedFlag off;
AdvOtherConfigFlag off;
prefix ::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
};Andiamo sul tetto a prenderci un po di sole
Se montiamo device con AirOS basterà andare sulla GUI nella sezione network:
- selezionare modalità BRIDGE
- eliminare eventuale BRIDGE presente/i
- creare VLAN con identica numerazione di quella dichiarata in OpenWRT (ex: eth0.7 = VLAN ID 7)
- [SOLO PER WDR3600: creare VLAN ID 2]
- creare bridge tra wlan0 e vlan0.x
- selezionare LAN0 come "Management Interface" (SOLO CON WDR3600 selezionare LAN0.2)
- assegnare IP coerenti con propria subnet
- click on change and apply
Se monta OpenWRT:
vi /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'lan'
# option ifname 'eth0.2' # wdr3600
option ifname 'eth0' # wr1043nd
option proto 'static'
# option type 'bridge' # wdr3600
option ipaddr '10.CAP.X.1'
option netmask '255.255.255.0'
option gateway '10.CAP.X.10'
option dns '10.11.12.13 10.11.12.14 8.8.8.8'
config interface 'STA6'
option type 'bridge'
option ifname 'eth0.6'
---------------[cutme]---------------
vi /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '60'
option hwmode '11na'
option macaddr '00:27:22:XX:YY:ZZ'
option htmode 'HT20' # HT20|HT40-|HT40+
list ht_capab 'SHORT-GI-40'
list ht_capab 'TX-STBC'
list ht_capab 'RX-STBC1'
list ht_capab 'DSSS_CCK-40'
option disabled '0'
option noscan '1'
option distance '1100'
option txpower '14' # 1|30
config wifi-iface
option device 'radio0'
option encryption 'none'
option network 'STA6'
option mode 'sta'
option wds '1'
option ssid 'ninux.org'
option bssid '00:15:6D:XX:YY:ZZ' # lock to mac ap
# Si possono usare entrambe le configurazioni assieme (AP e STA)
#config wifi-iface
# option device 'radio0'
# option encryption 'none'
# option network 'AP12'
# option mode 'ap'
# option wds '1'
# option ssid 'XYZ.ninux.org'
-----------------------[cutme]-----------------------
vi /etc/rc.local
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
#Ipv6 assignment
#echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra
#echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra_pinfo
#echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra_defrtr
#echo 0 > /proc/sys/net/ipv6/conf/lo/disable_ipv6
#ip -6 addr flush dev eth0 scope global
#ip -6 addr add 2001:4c00:893b:CAP::10/64 dev eth0
exit 0