= Ground Routing = Più volgarmente chiamato ''Routing a Terra'' se da una parte semplifica considerevolmente le funzioni del nodo, dall'altra ''garantisce'' un single point of failure, quindi prima di fare questo passo assicuriamoci di avere un hardware che possa sopportare un discreto stress. Cosa serve: * Router con olsrd e 802.1Q (vlan) * Switch trasparente alle VLAN * Device radio di qualsiasi genere Come si serve: * Precotto con OpenWRT Scooreggione_v4 Dove si mangia: * In casa o sul tetto Come si cucina: * Configurare il router OWRT ed i device per la "normale" rete casalinga * Condire la configurazione rete con le necessarie VLAN (1/device) * Affogare le interfacce create (eth0.x) con le relative interfacce wlan (ath0 or wlan0) PS: I router cui rapporto qualità/prezzo risultano intriganti sono i seguenti * TP-Link TL-WR1043ND * TP-Link TL-WDR3600 * TP-Link TL-WDR4300 * Il WR1043 gestisce VLAN tag e untag su singola porta * Il WDR3600 ed il WDR4300, purtroppo, gestisccono VLAN tag *OR* untag su singola porta * Il WR1043 ha la CPU dello switch sulla porta 5 * Il WDR3600 ed il WDR4300 hanno la CPU dello switch sulla porta 0 Con il WDR3600 si dovranno configurare i device con apposita VLAN *ANCHE* sulla LAN {{{ vi /etc/config/network config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface 'pvt' option ifname 'eth0.1' option proto 'dhcp' option type 'bridge' config interface 'nnx' option ifname 'eth0.2' option proto 'static' option type 'bridge' option ipaddr '10.CAP.X.YZ' option broadcast '10.CAP.X.YZ.255' option netmask '255.255.255.0' option ip6addr '2001:4c00:893b:CAP::YZ/64' option dns '10.11.12.13 10.11.12.14' config interface 'STA6' option ifname 'eth0.6' option proto 'static' option ipaddr '172.16.CAP.X' option netmask '255.255.0.0' option ip6addr '2001:4c00:893b:1:CAP::X/128' config interface 'AP7' option ifname 'eth0.7' option proto 'static' option ipaddr '172.16.CAP.Y' option netmask '255.255.0.0' option ip6addr '2001:4c00:893b:1:CAP::Y/128' config interface 'STA8' option ifname 'eth0.8' option proto 'static' option ipaddr '172.16.171.Z' option netmask '255.255.0.0' option ip6addr '2001:4c00:893b:1:CAP::Z/128' config switch option name 'eth0' # wdr3600 # option name 'rtl8366rb' # wr1043 option reset '1' option enable_vlan '1' # option enable_vlan4k '1' # wr1043 config switch_vlan option device 'eth0' # wdr3600 # option device 'rtl8366rb' # wr1043 option vlan '2' option ports '0t 2 3t 4 5' # wdr3600 # option ports '0 2 3 4 5t' # wr1043 config switch_vlan option device 'eth0' # wdr3600 # option device 'rtl8366rb' # wr1043 option vlan '1' option ports '0t 1' # wdr3600 # option ports '1 5t' # wr1043 config switch_vlan option device 'eth0' # wdr3600 # option device 'rtl8366rb' # wr1043 option vlan '6' option ports '0t 3t' # wdr3600 # option ports '3t 5t' # wr1043 config switch_vlan option device 'eth0' # wdr3600 # option device 'rtl8366rb' # wr1043 option vlan '7' option ports '0t 3t' # wdr3600 # option ports '3t 5t' # wr1043 config switch_vlan option device 'eth0' # wdr3600 # option device 'rtl8366rb' # wr1043 option vlan '8' option ports '0t 3t' # wdr3600 # option ports '3t 5t' # wr1043 }}} * Olsrd (io uso il file parsato, non UCI, per mia comodità) {{{ vi /etc/config/olsrd4.conf DebugLevel 0 IpVersion 4 Pollrate 0.025 FIBMetric "flat" RtTable 111 RtTableDefault 112 UseNiit no SmartGateway no Hna4 { 10.CAP.X.0 255.255.255.0 } UseHysteresis no TcRedundancy 2 MprCoverage 7 LinkQualityLevel 2 LinkQualityAlgorithm "etx_ff" LinkQualityAging 0.05 LinkQualityFishEye 1 LoadPlugin "olsrd_txtinfo.so.0.1" { PlParam "port" "2006" PlParam "Accept" "0.0.0.0" } LoadPlugin "olsrd_mdns.so.1.0.1" { PlParam "NonOlsrIf" "eth0" PlParam "NonOlsrIf" "br0" PlParam "MDNS_TTL" "20" PlParam "TTL_Check" "true" PlParam "Network_ID" "1" #PlParam "FilteredHost" "192.168.0.1" } LoadPlugin "olsrd_httpinfo.so.0.1" { PlParam "Net" "0.0.0.0 0.0.0.0" PlParam "Port" "1978" } InterfaceDefaults { HelloInterval 3.0 HelloValidityTime 125.0 TcInterval 2.0 TcValidityTime 500.0 MidInterval 25.0 MidValidityTime 500.0 HnaInterval 10.0 HnaValidityTime 125.0 } Interface "eth0.6" "eth0.7" "eth0.8" { Mode "mesh" # LinkQualityMult 192.168.0.1 0.5 # LinkQualityMult default 0.8 } --------------------[cutme]------------------------ vi /etc/config/olsrd6.conf DebugLevel 0 IpVersion 6 Pollrate 0.025 FIBMetric "flat" UseNiit no SmartGateway no Hna6 { 2001:4c00:893b:CAP:: 64 } UseHysteresis no TcRedundancy 2 MprCoverage 7 LinkQualityLevel 2 LinkQualityAlgorithm "etx_ff" LinkQualityAging 0.05 LinkQualityFishEye 1 LoadPlugin "olsrd_txtinfo.so.0.1" { PlParam "port" "2007" PlParam "Accept" "::" } LoadPlugin "olsrd_mdns.so.1.0.1" { PlParam "NonOlsrIf" "eth0" PlParam "MDNS_TTL" "20" PlParam "TTL_Check" "true" PlParam "Network_ID" "1" #PlParam "FilteredHost" "2001::1" } InterfaceDefaults { HelloInterval 3.0 HelloValidityTime 125.0 TcInterval 2.0 TcValidityTime 500.0 MidInterval 25.0 MidValidityTime 500.0 HnaInterval 10.0 HnaValidityTime 125.0 } Interface "eth0.6" "eth0.7" "eth0.8" { Mode "mesh" IPv6Multicast FF02::6D } }}} Ora stabiliamo un po di regolette all'avvio del router {{{ /etc/rc.local # Put your custom commands here that should be executed once # the system init finished. By default this file does nothing. #Usefull rules for Arkanet TP-Links iptables -t nat -A POSTROUTING -o br-pvt -j MASQUERADE -s 10.CAP.X.0/24 iptables -t nat -A POSTROUTING -o br-nnx -j MASQUERADE -s 192.168.XYZ.0/24 #110 Local routes #111 RtTable #112 RtTableDefault #113 Special Table for /1 #114 blackholes table #Copy local routes only from table main 254 to table 110 ip route show table 254 | grep -Ev ^default | grep -Ev ^blackhole | while read ROUTE ; do MASK=`echo "${ROUTE}" | awk '{print $1}' | awk -F/ '{print $2}'` if [ "$MASK" -ne 16 ] ; then ip route add table 110 $ROUTE fi done #First evaluate local routes ip rule add from all lookup 110 pref 3 #Private routes to OLSR table ip rule add to 10.0.0.0/8 table 111 pref 4 ip rule add to 172.16.0.0/12 table 111 pref 4 ip rule add to 192.168.0.0/16 table 111 pref 4 #Ninux IP Addresses to OLSR table ip rule add to 176.62.53.0/24 table 111 pref 4 #Evaluate blackholes ip rule add from all table 114 pref 5 #Send traffic of public addresses to BGP border routers ip rule add from 176.62.53.0/24 table 113 pref 6 #Lookup default route first from user and then from OLSR ip rule add from all lookup 254 pref 7 ip rule add from all lookup 112 pref 8 #Blackhole private aggregates ip route add blackhole 10.0.0.0/8 table 114 ip route add blackhole 172.16.0.0/12 table 114 ip route add blackhole 192.168.0.0/16 table 114 #Blackhole Ninux aggregate ip route add blackhole 176.62.53.0/24 table 114 #Start olsrd v4 not UCI mode olsrd -f /etc/config/olsrd4.conf -d 0 #Start olsrd v6 not UCI mode olsrd -f /etc/config/olsrd6.conf -d 0 #Start radvd not UCI mode radvd -C /etc/config/radvd.conf #MTU Clamping iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu ip6tables -I FORWARD -p tcp --syn -j TCPMSS --clamp-mss-to-pmtu exit 0 }}} /etc/config/radvd.conf {{{ interface br-nnx { MaxRtrAdvInterval 10; MinRtrAdvInterval 3; AdvLinkMTU 1280; AdvSendAdvert on; AdvManagedFlag off; AdvOtherConfigFlag off; prefix ::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; }; }; }}} Andiamo sul tetto a prenderci un po di sole Se montiamo device con AirOS basterà andare sulla GUI nella sezione network: * selezionare modalità BRIDGE * eliminare eventuale BRIDGE presente/i * creare VLAN con identica numerazione di quella dichiarata in OpenWRT (ex: eth0.7 = VLAN ID 7) * [SOLO PER WDR3600: creare VLAN ID 2] * creare bridge tra wlan0 e vlan0.x * selezionare LAN0 come "Management Interface" (SOLO CON WDR3600 selezionare LAN0.2) * assegnare IP coerenti con propria subnet * click on change and apply Se monta OpenWRT: {{{ vi /etc/config/network config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface 'lan' # option ifname 'eth0.2' # wdr3600 option ifname 'eth0' # wr1043nd option proto 'static' # option type 'bridge' # wdr3600 option ipaddr '10.CAP.X.1' option netmask '255.255.255.0' option gateway '10.CAP.X.10' option dns '10.11.12.13 10.11.12.14 8.8.8.8' config interface 'STA6' option type 'bridge' option ifname 'eth0.6' ---------------[cutme]--------------- vi /etc/config/wireless config wifi-device 'radio0' option type 'mac80211' option channel '60' option hwmode '11na' option macaddr '00:27:22:XX:YY:ZZ' option htmode 'HT20' # HT20|HT40-|HT40+ list ht_capab 'SHORT-GI-40' list ht_capab 'TX-STBC' list ht_capab 'RX-STBC1' list ht_capab 'DSSS_CCK-40' option disabled '0' option noscan '1' option distance '1100' option txpower '14' # 1|30 config wifi-iface option device 'radio0' option encryption 'none' option network 'STA6' option mode 'sta' option wds '1' option ssid 'ninux.org' option bssid '00:15:6D:XX:YY:ZZ' # lock to mac ap # Si possono usare entrambe le configurazioni assieme (AP e STA) #config wifi-iface # option device 'radio0' # option encryption 'none' # option network 'AP12' # option mode 'ap' # option wds '1' # option ssid 'XYZ.ninux.org' -----------------------[cutme]----------------------- vi /etc/rc.local # Put your custom commands here that should be executed once # the system init finished. By default this file does nothing. #Ipv6 assignment #echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra #echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra_pinfo #echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra_defrtr #echo 0 > /proc/sys/net/ipv6/conf/lo/disable_ipv6 #ip -6 addr flush dev eth0 scope global #ip -6 addr add 2001:4c00:893b:CAP::10/64 dev eth0 exit 0 }}}