I'm covering a little bit of networking and I'm onto the topic of subnetting. One of the end of chapter exercises has me stumped. It looks easy but I've got nothing. The exercise is as follows:
Explain how subnet 2 can be isolated from the internet (i.e. unable to
send/recive packets to/from the internet but able to exchange packets
with the other subnets (fill in the corresponding part of the routing
tables of the appropriate routers in the format shown below)
Any assistance would be greatly appreciated!
The subnet (simplified):
********* *********
* SUB 1 * * SUB 2 *
********* *********
\ /
\ /
\ /
######### *********
#ROUTER1# * SUB 3 *
######### *********
| /
| /
######### /
#ROUTER2#_/
#########
|
|
To/From Internet
The Table:
Source NetID | Destination NetID | Action
---------------------------------------------------
| |
| |
Note, I was going to post this on serverexchange but apprently SO is the place to ask high level questions networking like this?
SUB 1: 1.0.0.0/8
SUB 2: 2.0.0.0/8
SUB 3: 3.0.0.0/8
Router1:
1.0.0.0 -> 2.0.0.0: Send to 2.0.0.0
1.0.0.0 -> 0.0.0.0: Send to Router2's IP address
2.0.0.0 -> 1.0.0.0: Send to 1.0.0.0
2.0.0.0 -> 3.0.0.0: Send to Router2's IP address
Router2:
1.0.0.0 -> 3.0.0.0: Send to 3.0.0.0
1.0.0.0 -> 0.0.0.0: Send to Internet
2.0.0.0 -> 3.0.0.0: Send to 3.0.0.0
3.0.0.0 -> 1.0.0.0: Send to Router1's IP address
3.0.0.0 -> 2.0.0.0: Send to Router1's IP address
3.0.0.0 -> 0.0.0.0: Send to Internet
The trick is the absence of a default route for anything originating from 2.0.0.0/8 on both routers.
Related
I'm running CentOS v7.9 with MariaDB v5.5.68. I'm trying to access the MariaDB databases from a Win10 machine using Visual Studio Code with SQLTools & MySQL/MariaDB extensions.
I have configured MariaDB for remote access per this link: Configuring MariaDB for Remote Client Access
[mysqld]
skip-networking=0
skip-bind-address
I created the users and added the privileges - tested by logging in locally with 'bob' and viewing permissions in mysql.user. (BTW, in case not readily apparent, the UID, host, and PWD aren't real.)
CREATE USER 'bob'#'1.2.3.%' IDENTIFIED BY 'myPWD';
GRANT ALL PRIVILEGES ON *.* TO 'bob'#'1.2.3.%' IDENTIFIED BY 'myPWD';
However, when I try to log in remotely (from another Linux box) using mysql -u userID -h hostIP -p, I get the error:
ERROR 2003 (HY000): Can't connect to MySQL server on '1.2.3.4' (110)
When I try to make the database connection using VS Code, SQLTools tells me I've connected, but it won't show any tables, I'm not able to make any queries, and I get this error: Request connection/GetChildrenForTreeItemRequest failed with message: Handshake inactivity timeout.
I have reviewed this SO page and others, but still can't get the connection to work.
UPDATED for clarity - provides mysql.user and netstat info:
MariaDB [(none)]> select user, host from mysql.user;
+------+-------------+
| user | host |
+------+-------------+
| bob | 10.0.2.15 | # Can't connect
| rob | 127.0.0.1 | # Logs in locally via command line
| root | 127.0.0.1 | # Logs in locally via command line
| bob | 192.168.0.% | # Can't connect
| root | 192.168.0.% | # Can't connect
| root | ::1 | # Logs in locally via command line
| rob | localhost | # Logs in locally via command line
| root | localhost | # Logs in locally via command line
+------+-------------+
8 rows in set (0.00 sec)
$ > netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 27 33813 -
Any help is much appreciated as I've been working this problem for 2+ days and have not made any headway.
NOTE : I've seen this question and error being posted on different forums and in here, but none of them worked for me, and they belong to earlier versions of openstack. So, I posted a new question.
I've been setting up OpenStack Train based on its installation documents, and after setting up services, I tried to create a selfservice network using the instructions here but in "Verify Operation" section, step number 3, I see all of the ports are down :
[root#dev-openstack-controller ~]# openstack port list
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
| 628ec286-90aa-4cca-92da-f698fb44a4e6 | | fa:16:3e:a9:31:55 | ip_address='10.100.1.1', subnet_id='8d579a73-6951-445f-9905-51b9be2a6ff5' | DOWN |
| bb77b0d9-7ea8-47d3-b951-139a7616a4bd | | fa:16:3e:89:52:37 | ip_address='203.0.113.166', subnet_id='0666d21c-0fd9-4caf-b560-f7d11e50cd83' | DOWN |
| d2b684c9-eeee-47c4-ae12-dc97e19adf48 | | fa:16:3e:cc:b8:3d | ip_address='10.100.1.2', subnet_id='8d579a73-6951-445f-9905-51b9be2a6ff5' | DOWN |
| fb7aff87-d083-4ed2-bf82-2ab4393373c7 | | fa:16:3e:c8:a7:95 | ip_address='203.0.113.101', subnet_id='0666d21c-0fd9-4caf-b560-f7d11e50cd83' | DOWN |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
First, I don't know why I see 4 ports instead of 2, and second, when I check neutron logs, I get the following error, which says it fails to bind port :
2020-04-18 11:05:12.321 25009 INFO neutron.plugins.ml2.plugin [req-5c9c16a4-2327-4f46-b0ab-84e4e128d783 - - - - -] Attempt 10 to bind port 628ec286-90aa-4cca-92da-f698fb44a4e6
2020-04-18 11:05:12.347 25009 ERROR neutron.plugins.ml2.managers [req-5c9c16a4-2327-4f46-b0ab-84e4e128d783 - - - - -] Port 628ec286-90aa-4cca-92da-f698fb44a4e6 does not have an IP address assigned and there are no driver with 'connectivity' = 'l2'. The port cannot be bound.
2020-04-18 11:05:12.348 25009 ERROR neutron.plugins.ml2.managers [req-5c9c16a4-2327-4f46-b0ab-84e4e128d783 - - - - -] Failed to bind port 628ec286-90aa-4cca-92da-f698fb44a4e6 on host dev-openstack-controller.ershandc.org for vnic_type normal using segments [{'network_id': 'ae2b1f57-d91a-4ecd-ad15-2cc4b51a376f', 'segmentation_id': 45, 'physical_network': None, 'id': 'c28112f0-4f07-4f23-9f89-c3e37e68054c', 'network_type': u'vxlan'}]
I also get the same error for flat networks as well :
2020-04-18 11:05:11.107 25009 INFO neutron.plugins.ml2.plugin [req-5c9c16a4-2327-4f46-b0ab-84e4e128d783 - - - - -] Attempt 10 to bind port bb77b0d9-7ea8-47d3-b951-139a7616a4bd
2020-04-18 11:05:11.135 25009 ERROR neutron.plugins.ml2.managers [req-5c9c16a4-2327-4f46-b0ab-84e4e128d783 - - - - -] Port bb77b0d9-7ea8-47d3-b951-139a7616a4bd does not have an IP address assigned and there are no driver with 'connectivity' = 'l2'. The port cannot be bound.
2020-04-18 11:05:11.136 25009 ERROR neutron.plugins.ml2.managers [req-5c9c16a4-2327-4f46-b0ab-84e4e128d783 - - - - -] Failed to bind port bb77b0d9-7ea8-47d3-b951-139a7616a4bd on host dev-openstack-controller.ershandc.org for vnic_type normal using segments [{'network_id': '25c5e314-e851-4a9c-ac7a-8e7b3e426deb', 'segmentation_id': None, 'physical_network': u'provider', 'id': '6dccf301-422b-41b9-b719-2999200126c6', 'network_type': u'flat'}]
I have tried different connectivities on ml2 plugin. Most of the cases relate to the following line in ml2_plugin.conf :
[ml2_type_flat]
flat_networks = flat
vni_ranges = 1:1000
Based on the openstack documentation, it should be flat but I've tried * as well and it didn't work.
Can someone elaborate the problem for me? I'm installing on a CentOS 7 VM. Let me know if more information is needed.
This is a quite dated question, but nevertheless I encountered the same situation hence let me post this anyway.
As the log says "no driver with 'connectivity' = 'l2'", the problem was in ml2_conf.ini. In my case, whole driver definitions were in [DEFAULT] section. I moved them to the proper location [ml2], everything started working fine.
It's been a while since I tried OpenStack, and finally I know the answer to the problem, which might help some people:
For setting up neutron, you need to have your internal network being set up in promiscuous mode. I've been using VMWare for the setup and I did not have access to setup the VSwitch in this mode, also was not approved by our security auditor and there were other priorities to take care of, so I had to drop the project. But I found out that this post is getting attention and shogoK answer did not work for me, so with some research and getting a helping hand from some network expert, problem was identified. Hope this clue helps someone in the community.
I have to install two nginx in one VM. First one use 80 port and the other use other port(8080).
nginx#1(80 port) work successfully. But nginx#2(8080 port) cannot proxy to other server.
This is current settings.
Scenario #1 : http://10.10.10.10 -> http://10.10.10.10/app1(http://10.10.10.20:7010/app1) :: success
Scenario #2 : http://10.10.10.10/app -> http://10.10.10.10/app1(http://10.10.10.20:7010/app1) :: succes
Scenario #3 : http://10.10.10.10:8080 -> http://10.10.10.10/app1/app2 :: fail
What is the problem in Scenario#3? I want to move to http://10.10.10.10:8080(http://10.10.10.30:7010/app2).
I've configured on 2 servers(srv50/51),
one of them is Master and the second one is slave,
Here the configuration of my configuration file /etc/maxscale.cnf :
[Read-Only Service]
type=service
router=readconnroute
servers=server50, server51
user=YYYYYYYYYYYYY
passwd=XXXXXXXXXXXXXX
router_options=slave
[Write-Only Service]
type=service
router=readconnroute
servers=server50, server51
user=YYYYYYYYYYYYY
passwd=XXXXXXXXXXXXXX
router_options=master
[Read-Only Listener]
type=listener
service=Read-Only Service
protocol=MySQLClient
port=4008
[Write-Only Listener]
type=listener
service=Write-Only Service
protocol=MySQLClient
port=4009
As i understool the router_options look who is the master and send the writing query to the master
Maxscale (via maxadmin) seems to discover the 2 serveur and understand witch one is the Master :
MaxScale> list servers
Servers.
-------------------+-----------------+-------+-------------+--------------------
Server | Address | Port | Connections | Status
-------------------+-----------------+-------+-------------+--------------------
server51 | 192.168.0.51 | 3306 | 0 | Slave, Running
server50 | 192.168.0.50 | 3306 | 0 | Master, Running
-------------------+-----------------+-------+-------------+--------------------
But even if I connect in Mysql in local on my Maxscale Write-Only Listener port (4009), Listener are in Stopped mode, is it normal ?
MaxScale> list listeners
Listeners.
---------------------+--------------------+-----------------+-------+--------
Service Name | Protocol Module | Address | Port | State
---------------------+--------------------+-----------------+-------+--------
Read-Only Service | MySQLClient | * | 4008 | Stopped
Write-Only Service | MySQLClient | * | 4009 | Stopped
MaxAdmin Service | maxscaled | * | 6603 | Running
---------------------+--------------------+-----------------+-------+--------
I've try to create a database in srv51 (slave), and it was created only on srv51, not in srv50.
Is something wrong in my configuration ? It's strange because it's not my first cluster, and on other cluster all write go to the master (but listeners are Running). Do i don't understand well the meaning of "router_options=master" ? How to start listeners ? I prefere to keep the 51 in Write list to detect topology change
===== UPDATE =====
After watching Log file /var/log/maxscale/maxscale1.log
I found that my monitor user didn't have the correct password :
[MySQL Monitor]
type=monitor
module=mysqlmon
servers=server50, server51
user=MONITOR
passwd=MONITOR_PASS
monitor_interval=10000
I corrected password for user and restarted maxscale, Now everything is running :
MaxScale> list listeners
Listeners.
---------------------+--------------------+-----------------+-------+--------
Service Name | Protocol Module | Address | Port | State
---------------------+--------------------+-----------------+-------+--------
Read-Only Service | MySQLClient | * | 4008 | Running
Write-Only Service | MySQLClient | * | 4009 | Running
MaxAdmin Service | maxscaled | * | 6603 | Running
---------------------+--------------------+-----------------+-------+--------
But write query are still done on Slave and not on Master
Thanks to MariaDb support, I was trying to connect like this :
mysql -h localhost --port=4009 -u USER -p
But Maxscale & Mysql were installed in the same server, even if Mysql bind port 3306, when you specify 'localhost', the connection is done on Mysql port 3306 and not in Maxscale port 4009, the port is ignore !!
The solution is to connect like this :
mysql -h 127.0.0.1 --port=4009 -u USER -p
or like this :
mysql -h localhost --protocol=tcp --port=4009 -u USER -p
I've try both solution and they works.
The solution about the listener not Running is on update of the question.
If writes are done on the slaves, the simplest explanation would be that you're executing writes on the wrong port or your configuration is wrong. To diagnose these problems, enable the info log level by adding log_info=true under the [maxscale] section.
If enabling the info log and inspecting the log files does not provide any clues, I'd suggest opening a bug report on the Maxscale Jira.
Does it possible to check which DNS server used for resolving domain name (in intraned network)? We have many steps: proxy, BigIP, domain controllers, etc.
I have a complicated networks with many DNS server. Sometimes when in browser I use:
http://mysitedomainalias.mydomain.com
I receive web page,
sometime after near 15 minutes I receive error about timeout.
But when I use IP address instead of domain alias I always reach my web page.
So I have decided that it could be a problem with DNS server. I would like to know common way how to resolve similar problems.
On *NIX systems, dig is a standard tool to test and debug DNS servers:
deceze$ dig google.com
...
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 5 IN A 173.194.35.168
google.com. 5 IN A 173.194.35.161
google.com. 5 IN A 173.194.35.169
...
;; Query time: 84 msec
;; SERVER: 192.168.10.1#53(192.168.10.1)
;; WHEN: Mon Jul 14 15:59:05 2014
;; MSG SIZE rcvd: 204
In the last part, SERVER signifies which DNS server answered our request.
Some more things you can then do with dig:
query a specific DNS server instead of the system's default:
$ dig #mydns.example.com google.com
trace each step of the resolution chain to see any problems in the canonical name servers:
$ dig google.com +trace
query specific record types:
$ dig google.com NS
$ dig google.com MX
$ dig google.com ANY
See the manual: http://linux.die.net/man/1/dig