This is the way to install the telnet command in Alpine Linux (very popular in the container world such as docker)
#apk update
#apk add busybox-extras
Site dedicated mainly to internetworking. The goal is to share experiences, teach IP, IPv6. Talk about Linux, IP services, servers, promote IPv6 adoption, routing protocols, security and in some cases just some thoughts. Keywords: linux, cisco, ospf, bgp, eigrp, ip, ipv6, sla, link, routers, routings, telco, telecommunications, security, ipv4
This is the way to install the telnet command in Alpine Linux (very popular in the container world such as docker)
#apk update
#apk add busybox-extras
Step 1: Install Canonical Multipass your MAC
$brew install multipass
Step 2: Install the VM called docker
$multipass launch docker --name mydocker
Step 3: Connect to the new VM
$multipass shell mydocker
Step 4: Inside the VM install ContainerLab
$sudo su
#bash -c "$(curl -sL https://get.containerlab.dev)"
Let's try this simple back2back topology of two Linux computers with FRR
-- 2-frr-back2back.yml --
name: ipv6-ws
topology:
kinds:
linux:
image: ghcr.io/hellt/network-multitool
do not give:
ROUTERS ###
A1:
kind: linux
image: quay.io/frrouting/frr:8.4.1
exec:
- "sysctl -w net.ipv6.conf.all.forwarding=1"
- "ip address add dev eth1 2001:db8:ffab::1/64"
A2:
kind: linux
image: quay.io/frrouting/frr:8.4.1
exec:
- "ip address add dev eth1 2001:db8:ffab::2/64"
- "sysctl -w net.ipv6.conf.all.forwarding=1"
links:
- endpoints: ["R1:eth1", "R2:eth1"]
--- yml --
Step 5: Let's build the topology with clab:
clab dep -t 2-frr-back2back.yml
Step 6: finally we are going to connect to one of the VMs inside ContainerLAB
docker exec -i -t clab-ipv6-ws-R2 bash
FRR:
show run
frr# sh run
Building configuration...
Current configuration:
!
frr version 8.1
frr defaults traditional
hostname frr
log syslog informational
service integrated-vtysh-config
!
interface l0
ipv6 address 2001:db8::1/128
exit
!
router bgp 65001
bgp router-id 1.1.1.1
no bgp ebgp-requires-policy
neighbor 2001:db8:12::2 remote-as 65002
!
address-family ipv6 unicast
redistribute connected
neighbor 2001:db8:12::2 activate
neighbor 2001:db8:12::2 soft-reconfiguration inbound
exit-address-family
exit
!
OpenBGPD
Archivo: /etc/bgpd.conf
# macros
ASN="65002"
fib-update yes
log updates
# global configuration
AS $ASN
router-id 2.2.2.2
network 2001:db8::2/128
network inet6 connected
neighbor 2001:db8:12::1 {
descr "epa"
remote-as 65001
announce IPv6 unicast
}
deny from any
deny to any
allow from 2001:db8:12::1
allow to 2001:db8:12::1
Case:
How to create an IPv6 route to null/blackhole in Linux
Command:
ip -6 route add blackhole fd00:12:34::0/48
I hope it is useful
Case:
We want to disable IPv4 on an interface
Solution:
sudo ip -4 addr flush dev enp0s1
Explanation:
The above command removes all IPv4 addresses for interface enp0s1. Important, remember that this disabling is only temporary.
Introduction
This work presents a very simple way to offer dual-stack web access to an IPv6-only server farm using NGINX. The continued growth of the Internet and the gradual adoption of the IPv6 protocol means that it is essential to ensure connectivity and accessibility for clients using both IPv4 and IPv6. We will explain how to configure NGINX to support dual-stack web access, we will address how to configure NGINX as a reverse proxy that listens on both IPv4 and IPv6 addresses, as well as how to correctly route incoming requests to backend servers with only IPv6 addresses. By the way, among many other benefits, what we will discuss in the following article is an important step towards the preservation of IPv4 addresses.
What is a Reverse Proxy?
In [1], Cloudflare defines a Reverse Proxy Server as follows: “A reverse proxy is a server that sits in front of web servers and forwards client (e.g. web browser) requests to those web servers. Reverse proxies are typically implemented to help increase security, performance, and reliability. In order to better understand how a reverse proxy works and the benefits it can provide, let’s first define what a proxy server is.”
What is a Proxy Server
In [1], Cloudflare also provides the following definition for a proxy server: “A forward proxy, often called a proxy, proxy server, or web proxy, is a server that sits in front of a group of client machines. When those computers make requests to sites and services on the Internet, the proxy server intercepts those requests and then communicates with web servers on behalf of those clients, like a middleman.”
What are the benefits of a Reverse Proxy?
• A reverse proxy can offer IPv4 or transparent IPv6 to clients serviced from an IPv6- only server farm (which is what we will focus on). • Scalability: The use of a reverse proxy allows adding or removing backend servers as needed without affecting end users. This makes it easier for applications to scale out, allowing them to handle a larger number of concurrent users and requests. • Static content caching: NGINX can cache static content such as images, CSS files, and JavaScript, thus reducing the load on backend servers and increasing content delivery speed. This decreases page load times and the required bandwidth. • Security: NGINX acts as a point of entry to the application, providing an additional layer of security. It can perform functions such as request filtering, DDoS attack prevention, SQL injection protection, and client authentication. NGINX can also enable the use of SSL/TLS encryption for communication between clients and the backend server. • Advanced routing: A reverse proxy allows performing advanced routing based on various criteria, such as domain name, URL, or HTTP headers. This is useful when we need to direct traffic to different backend servers based on the specific attributes of the requests. • Consolidation of services: NGINX can act as a single point of entry for various backend services. This simplifies the infrastructure by consolidating multiple services on a single server, thus simplifying management and maintenance. • Enhanced performance: NGINX is lightweight and resource efficient by design. Its streamlined architecture and ability to handle large numbers of concurrent connections make it a popular choice for improving web app performance. • Load balancing: A reverse proxy such as NGINX can distribute incoming traffic across several backend servers. This helps balance the load and guarantees that no server is overloaded, which improves an application's performance and responsiveness.
Topology
What is our Goal Today?
The edge server (Reverse Proxy Server) will be able to receive IPv4 and IPv6 HTTP requests, and depending on the website a user wishes to visit (domain), will forward the request to the right server. This is what will happen in our example:
The client visits: The request is sent to:
server-a.com → 2001:db8:123::1
server-b.com → 2001:db8:123::2
server-c.com → 2001:db8:123::3
server-a.com → 2001:db8:123::101
server-b.com → 2001:db8:123::102
server-c.com → 2001:db8:123::103
Requirements
• Linux with NGINX on the Reverse Proxy Server • Super user access • Web server on each of the servers in the farm • IPv4 and IPv6 Internet connectivity • Internal IPv6 connectivity
Let's get started
Let's get started
1) Install NGINX in all servers #apt update #apt install nginx
2) Create the websites in the NGINX reverse proxy
File /etc/nginx/sites-available/server-a.com
server { listen 80; listen [::]:80;
server_name server-a.com;
location / {
proxy_pass http://[2001:db8:123::101]; }
}
File /etc/nginx/sites-available/server-b.com
server { listen 80; listen [::]:80; server_name server-b.com; location / { proxy_pass http://[2001:db8:123::102]; } }
Archivo /etc/nginx/sites-available/server-b.com
server {
listen 80;
listen [::]:80;
server_name server-b.com;
location / {
proxy_pass http://[2001:db8:123::102];
}
}
3) Create symbolic links to enable the sites configured above:
root@ProxyReverseSRV:/etc/nginx/sites-enabled# ln -s /etc/nginx/sitesavailable/server-a.com /etc/nginx/sites-enabled/server-a.com
root@ProxyReverseSRV:/etc/nginx/sites-enabled# ln -s /etc/nginx/sitesavailable/server-b.com /etc/nginx/sites-enabled/server-b.com
root@ProxyReverseSRV:/etc/nginx/sites-enabled# ln -s /etc/nginx/sitesavailable/server-c.com /etc/nginx/sites-enabled/server-c.com
4) Remember to restart NGINX
$sudo systemctl restart nginx
About the logs
Logs are extremely important for any company or ISP that wishes to review incoming connections.Summary
The proposed design allows managing a 100% IPv6-only web server farm with access to both the IPv4 and the IPv6 worlds in a very simple, scalable, and efficient manner. This results in various benefits, including having to manage only one TCP/IP stack, simplicity, security, and even saving IPv4 addresses.
References
Situation:
Strange behavior of SSH on MAC, problems with copy/paste in terminal during ssh. Does the clipboard work in other applications?
Solution:
At least in "vi" the solution is very simple. Edit the file: ~/.vimrc and paste the following content:
if !has("gui_running")
set mouse=
endif
Luck!
Problem:
If you are getting this message in FRR:
Closing connection because of an I/O error in FR
The solution is straight forward. You have to compile FRR with this flag:
--enable-systemd
So, it would be something like:
./configure \
--prefix=/usr \
--includedir=\${prefix}/include \
--enable-exampledir=\${prefix}/share/doc/frr/examples \
--bindir=\${prefix}/bin \
--sbindir=\${prefix}/lib/frr \
--libdir=\${prefix}/lib/frr \
--libexecdir=\${prefix}/lib/frr \
--localstatedir=/var/run/frr \
--sysconfdir=/etc/frr \
--with-moduledir=\${prefix}/lib/frr/modules \
--with-libyang-pluginsdir=\${prefix}/lib/frr/libyang_plugins \
--enable-configfile-mask=0640 \
--enable-logfile-mask=0640 \
--enable-snmp=agentx \
--enable-multipath=64 \
--enable-user=frr \
--enable-group=frr \
--enable-vty-group=frrvty \
--with-pkg-git-version \
--enable-systemd
--with-pkg-extra-version=-MyOwnFRRVersion
you can follow those instructions and adding my previous solution:
http://docs.frrouting.org/projects/dev-guide/en/latest/building-frr-for-ubuntu2004.html