I am using a KVM that has redundant Internet Connectivity, redundant AWMN Connectivity and does both the AWMN routing and the Hybrid Internet-AWMN DNS resolving. This way, if the KVM ceases to exist in the AWMN so does the 10.0.0.1/32 route to it.
# apt-get install quagga bind9
Configure Bind
set /etc/bind/named.conf
# vi /etc/bind/named.conf # cat /etc/bind/named.conf include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local";
set /etc/bind/named.conf.options
# cat /etc/bind/named.conf.options options { directory "/var/cache/bind"; allow-recursion { any; }; allow-query { any; }; version "slave awmn."; auth-nxdomain no; # conform to RFC1035 listen-on { 127.0.0.1; 10.21.241.100; 10.0.0.1; }; listen-on-v6 { any; }; };
set /etc/bind/named.conf.local
# cat /etc/bind/named.conf.local zone "awmn" IN { type slave; file "/var/cache/bind/db.awmn"; masters{ 10.19.143.12; }; }; zone "10.in-addr.arpa" IN { type slave; file "/var/cache/bind/db.10.in-addr.arpa"; masters { 10.19.143.12; }; }; zone "." { type hint; file "/etc/bind/db.root"; };
use this by the system name resolver
# echo "nameserver 127.0.0.1" > /etc/resolv.conf
Restart Bind
# /etc/init.d/bind9 restart
Test
# dig +short ipduh.com 85.25.242.245 # dig +short ipduh.awmn 10.21.241.4 # dig +short www.awmn srv1.awmn. 10.19.143.13
Add 10.0.0.1 to the loopback interface.
Adjust the lo stanza in /etc/network/interface
# The loopback network interface auto lo iface lo inet loopback ip addr add 10.0.0.1 dev lo
Configure Quagga
set zebra, bgpd , and ospfd to yes in /etc/quagga/daemons
# grep "=yes" /etc/quagga/daemons zebra=yes bgpd=yes ospfd=yes
Copy to /etc/quagga/ some skeleton files
# cp /usr/share/doc/quagga/examples/bgpd.conf.sample /etc/quagga/bgpd.conf # cp /usr/share/doc/quagga/examples/ospfd.conf.sample /etc/quagga/ospfd.conf # cp /usr/share/doc/quagga/examples/zebra.conf.sample /etc/quagga/zebra.conf
Configure Routing
Zebra example configuration file
# cat /etc/quagga/zebra.conf ! -*- zebra -*- ! ! zebra configuration file ! hostname anydns password kodikos1 enable password kodikos2 ! ip route 10.0.0.1/32 10.21.241.100 ip route 0.0.0.0/0 192.168.30.1 ! log file /var/log/quagga/zebra.log
BGP example configuration file
hostname anydns log file /var/log/quagga/bgpd.log log monitor log stdout log syslog password kodikos1 enable password kodikos2 router bgp 20305 bgp router-id 10.21.241.100 network 10.0.0.1/32 ! ipduh002011 neighbor 10.21.241.69 remote-as 20305 neighbor 10.21.241.69 description ipduh AWMN BGP Feed neighbor 10.21.241.69 timers 10 30 neighbor 10.21.241.69 capability dynamic neighbor 10.21.241.69 capability orf prefix-list both neighbor 10.21.241.69 soft-reconfiguration inbound ! neighbor 10.21.241.69 prefix-list awmn-bgp in ! neighbor 10.21.241.69 filter-list maxaslength out ! ipduh04711 neighbor 10.21.241.68 remote-as 20305 neighbor 10.21.241.68 description ipduh AWMN BGP Feed neighbor 10.21.241.68 timers 10 30 neighbor 10.21.241.68 capability dynamic neighbor 10.21.241.68 capability orf prefix-list both neighbor 10.21.241.68 soft-reconfiguration inbound ! neighbor 10.21.241.68 prefix-list awmn-bgp in ! neighbor 10.21.241.68 filter-list maxaslength out ! ipduh01433 neighbor 10.21.241.67 remote-as 20305 neighbor 10.21.241.67 description ipduh AWMN BGP Feed neighbor 10.21.241.67 timers 10 30 neighbor 10.21.241.67 capability dynamic neighbor 10.21.241.67 capability orf prefix-list both neighbor 10.21.241.67 soft-reconfiguration inbound ! ! ! ipduh03711 neighbor 10.21.241.66 remote-as 20305 neighbor 10.21.241.66 description ipduh AWMN BGP Feed neighbor 10.21.241.66 timers 10 30 neighbor 10.21.241.66 capability dynamic neighbor 10.21.241.66 capability orf prefix-list both neighbor 10.21.241.66 soft-reconfiguration inbound ! ! ! ares neighbor 10.21.241.126 remote-as 20305 neighbor 10.21.241.126 description ipduh AWMN BGP Feed neighbor 10.21.241.126 timers 10 30 neighbor 10.21.241.126 capability dynamic neighbor 10.21.241.126 capability orf prefix-list both neighbor 10.21.241.126 soft-reconfiguration inbound !need to update these filters ... !not important, this is an inner router in full mess with the border routers !ip prefix-list awmn-bgp seq 5 permit 10.0.0.0/8 ge 9 le 24 !ip prefix-list awmn-bgp seq 10 permit 10.0.0.0/15 le 32 !ip prefix-list awmn-bgp seq 15 deny any ! !!ip as-path access-list maxaslength deny ( [0-9]+){250}$ ip as-path access-list maxaslength permit .* ! line vty ! end
OSPF configuration
# cat /etc/quagga/ospfd.conf ! -*- ospf -*- ! ! OSPFd configuration file ! ! hostname anydns password kodikos1 enable password kodikos2 ! router ospf network 10.21.241.0/25 area 0 ospf router-id 10.21.241.100 ! log stdout
Cool now add this BGP peer to your other routers and get rid off any 0/0 route in configuration files other than the zebra.
Obviously you do not need any 10/8 route any more.
Firewall
# iptables -t filter -A INPUT -p udp -d 10.0.0.1/32 --dport domain -j ACCEPT # iptables -t filter -A INPUT -p tcp -d 10.0.0.1/32 -j REJECT --reject-with tcp-reset # iptables -t filter -A INPUT -d 10.0.0.1/32 -j REJECTMake it stick
# iptables-save > /etc/rules.iptables # vi /etc/network/if-pre-up.d/ipv4init.sh # cat /etc/network/if-pre-up.d/ipv4init.sh #!/bin/sh /sbin/iptables-restore < /etc/rules.iptables
Test, test again, and then test some more ...
AWMN Anycasta DNS How-To