Website hosting mac, affordable, php5, plesk - linux experts blog

their own independent connections to the global Internet. You could use internal BGP to move routing information between the individual networks that make up your enterprise network. An example of the group statement for such a configuration is group type igp peeras 64550 proto ospf This says that BGP will run as an internal gateway protocol, the ASN 64550 will be used within your enterprise network, and the routers you are exchanging updates with learn their routes through OSPF. The sample configuration concludes with two control statements: the export statements that define the routing policy. The first statement defines which internal routes are advertised to the external world. It tells gated to export to the autonomous system identified by ASN 164 all direct routes and all routes that the local router learns from OSPF. The final export statement defines the routes that gated accepts from the external world and advertises on the internal network. The first line of this statement is export proto ospfase type 2 This tells gated to advertise the routes via the OSPF protocol as autonomous system external (ASE) routes, which means the routes are clearly marked as routes learned from an external source. The type 2 parameter indicates that the routes come from a protocol that does not use a metric that is directly comparable to the OSPF metric. The alternative is type 1, which means that the metrics are directly comparable. However, BGP is a path-vector protocol, not a link-state protocol, and its metrics are not directly comparable to those used by OSPF. You know the routes were learned from BGP by looking at the rest of the export statement: proto bgp as 164 { all ; } This says that the routes being exported were received via BGP and that they come from the autonomous routing domain identified by ASN 164. Furthermore, the keyword all in this clause says that gated should accept all routes from that autonomous system. Instead of the keyword all, you can use specific addresses to accept only specific routes or the keyword restrict to block all routes. Note These discussions of OSPF and BGP show that routing can be a very complex topic. If you need to use a routing protocol that is more complicated than RIPv2, read more about it, and design your routing architecture before you try to configure a system. See Internet Routing Architectures by Bassam Halabi (Cisco, 1999) and IP Routing Fundamentals by Mark Sportack (Cisco, 1999) for additional information about routing protocols. Network Address Translation Network Address Translation (NAT) is an extension of routing that allows the router to modify the addresses in the packets it forwards. Traditional routers examine addresses, but they don’t change them. NAT boxes convert the IP addresses used on the local network to “official” IP addresses. This allows you to use a private network number and still have Internet access. The private network numbers defined in RFC 1918 are 225

Hint: If you are looking for very good and affordable webspace to host and run your tomcat hosting application check Virtualwebstudio tomcat web hosting provider

backbone { authtype simple ; interface 172.16.1.5 { priority 10 ; authkey “UTrustME” ; } ; } ; }; # Announce routes learned from OSPF and route # to directly connected network via BGP tp AS 164 export proto bgp as 164 { proto direct ; proto ospf ; }; # Announce routes learned via BGP from # AS number 164 to our OSPF area. export proto ospfase type 2 { proto bgp as 164 { all ; }; }; The definition statements at the beginning of Listing 7.17 define the autonomous system number (ASN) for BGP and the router identifier for OSPF. The autonomoussystem statement says that the ASN of our autonomous system is 249. (As noted earlier, do not use ASN 249 in your configuration.) The first protocol statement in the sample configuration disables RIP. This router does not run RIP. On one side, it connects to the OSPF backbone area; on the other side, it connects to an external routing domain with BGP. The second protocol statement enables OSPF. There is nothing new here; it looks almost identical to the OSPF protocol statement you have already seen in Listing 7.16. The next protocol statement enables BGP. The group clause defines the characteristics of a group of BGP neighbors, which gated calls peers. The IP address of each peer is identified within the group clause by a peer clause. One of the characteristics defined by the group clause is the type of BGP session to establish with the peers. In the example, BGP is used as a classic exterior gateway protocol, thus the type external parameter. BGP can be used for other purposes. As noted in the section on bgpd during the discussion of ASN numbers, it is possible to use BGP to distribute routes within a routing domain instead of between routing domains. When it is used in this way, BGP is referred to as internal BGP (IBGP). Here is the group clause from the sample file in Listing 7.17: group type external peeras 164 This says that BGP will run as an exterior routing protocol and that the ASN of the external autonomous system with which it will communicate is 164. Of course, this should be the real ASN number of your BGP neighbor. On the other hand, assume that you have a large, far-flung enterprise internet. Within that enterprise network are several networks that run OSPF as an interior routing protocol, and have 224

Hint: If you are looking for very good and affordable webspace to host and run your tomcat hosting application check Virtualwebstudio tomcat web hosting provider

The next statement is a protocol statement that enables RIPv2. Except for two differences, it is identical to the statement used in Listing 7.15 to enable RIPv2 for the host. The first difference is that the router will advertise RIPv2 routes, as indicated by the broadcast keyword. The second difference is that the configuration defines the RIP metric used to advertise routes learned from other protocols, which can be any valid RIP metric value. This router learns routes from OSPF that do not have a valid RIP metric. The defaultmetric clause tells gated to use a cost of 5 to advertise those routes in RIP updates. This clause is required to make the routes learned from OSPF available to the RIPv2 system. Without it, the OSPF routes are considered “unreachable” by the RIPv2 systems. The final protocol statement in the sample gated.conf file shown in Listing 7.16 enables OSPF. This router connects to the backbone area, as indicated by the keyword backbone. If the router was not connected to the backbone, the area it was connected to would be defined here (for example: area 1). The number that identifies the area is the number that you define when you design the area hierarchy of your OSPF routing domain. The OSPF protocol is also using simple password authentication, as indicated by the authtype simple clause. The interface clause identifies the interface over which OSPF runs and the protocol characteristics related to that interface. The authkey “UTrustME” clause defines the password used to authenticate OSPF routers in this area. The priority 5 clause defines the priority number this system uses when the area elects a designated router. The purpose of the priority number was described in the discussion of Listing 7.13 as part of the ospfd configuration. As a final example of running gated, let’s configure a Linux system to run an exterior gateway protocol. Running BGP with gated In this section, a router is configured to connect the OSPF backbone area described in the preceding section to an external autonomous system using BGP. The configuration for this router is shown in Listing 7.17. Listing 7.17: A gated OSPF/BGP Exterior Router Configuration # Defines our AS number for BGP autonomoussystem 249; # Defines the OSPF router id routerid 172.16.1.5; # Disable RIP rip no; # Enable BGP bgp yes { group type external peeras 164 { peer 26.6.0.103 ; peer 26.20.0.72 ; }; }; # Enable OSPF; subnet 1 is the backbone area; # use password authentication. ospf yes { 223

Hint: If you are looking for very good and affordable webspace to host and run your tomcat hosting application check Virtualwebstudio tomcat web hosting provider

The definition statements define invalid destination addresses, the autonomous system number for exterior routing protocols, and the router IP address for BGP and OSPF. You’ll see some examples of definition statements later. The interface statements are used to define the characteristics of your router’s network interfaces. You will see this statement in our sample configuration. The protocol statements are the heart of the gated.conf file. Every routing protocol available in gated has a protocol statement. Use the protocol statement to configure the routing protocol for your network. gated is a complex system that can handle many different routing configurations. The configuration language has a multitude of options. Details of the language are covered in the online manual at http://www.gated.org/ and in printed form in TCP/IP Network Administration, by Craig Hunt (O’Reilly, 2002). Routers running on Linux systems, however, usually don’t require all of these configuration options. The best way to understand the gated configuration commands is to look at a few reasonable Linux configurations. Running RIPv2 with gated gated can be used to configure a host to listen to RIPv2 router updates. This configuration performs the same function as the ripd configuration shown in Listing 7.9. Listing 7.15 is a possible gated configuration for this situation. Listing 7.15: A gated RIPv2 Configuration # enable rip, don’t broadcast updates, # listen for RIP-2 updates on the multicast address, # check that the updates are authentic. # rip yes { nobroadcast ; interface 172.16.60.2 version 2 multicast authentication simple “EZdozIt” ; } ; The comments at the beginning of the configuration file help to explain the configuration. Other than these comments, the entire file is one protocol statement. All of the lines enclosed inside the curly braces ({}) are part of the RIP protocol statement. The statement begins with rip yes, which enables the RIP protocol. The nobroadcast clause tells the system not to send RIP update packets; it will just listen to the packets provided by the routers. If your system is a router instead of a host, delete this clause and it will send updates. The interface clause defines the interface the routing protocol should use and the characteristics of the interface. In this case, the interface is identified by its IP address. Hosts have only one interface. If this were a router that ran RIPv2 on all interfaces, you could provide a comma-separated list of all interface IP addresses or the keyword all to indicate that all interfaces should be used. The interface clause also contains some parameters that are specific to RIPv2. The parameter 221
Note: If you are looking for cheapest and affordable webspace to host and run your servlet application check Astra servlet hosting services

version 2 explicitly tells gated to run RIPv2. The keyword multicast says to listen for updates on the RIPv2 multicast address. Finally, the authentication parameter defines the type of RIPv2 router authentication that will be used. In this case, we use simple password authentication. The password is EZdozIt. This example provides a RIPv2 host configuration that could be used on any system with only slight modifications. Our sample host receives its RIP updates from local routers. In the next section, one of these routers is configured. Running OSPF with gated Listings 7.13 and 7.14 define the configuration of a router that uses RIPv2 on one subnet and OSPF on another. That same configuration can be replicated with gated. Listing 7.16 is a sample gated OSPF router configuration. Listing 7.16: A gated OSPF/RIPv2 Interior Router Configuration # Don’t time-out subnet 60 interfaces { interface 172.16.60.1 passive ; } ; # Define the OSPF router id routerid 172.16.1.9 ; # Enable RIP-2; announce OSPF routes to # subnet 60 with a cost of 5. rip yes { broadcast ; defaultmetric 5 ; interface 172.16.60.1 version 2 multicast authentication simple “EZDozIt” ; } ; # Enable OSPF; subnet 1 is the backbone area; # use password authentication. ospf yes { backbone { authtype simple ; interface 172.16.1.9 { priority 5 ; authkey “UTrustME” ; } ; } ; } ; The configuration begins with an interfaces statement. It tells the router that the systems on subnet 60 may not provide RIPv2 updates. Normally, if no routing information is received on an interface, the interface is marked as inactive and assumed to be “down.” This statement ensures that the interface is not assumed to be “down” just because the hosts on the subnet do not advertise RIPv2 updates. Unlike the interface clause in Listing 7.15, this statement is not subordinate to a protocol statement. The routerid definition statement defines the address that will be used to identify this router for OSPF. Routers have more than one network interface and therefore more than one IP address. To ensure that the correct address is used in the OSPF link-state advertisements, specifically define the OSPF routerid. 222
Note: If you are looking for cheapest and affordable webspace to host and run your servlet application check Astra servlet hosting services

[root]# chkconfig –list gated gated 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root]# chkconfig –level 35 gated on [root]# chkconfig –list gated gated 0:off 1:off 2:off 3:on 4:off 5:on 6:off Of course, you don’t have to wait for the system to reboot to run gated. On a Red Hat 7.1 system gated is started by the script /etc/init.d/gated, which can be run from the shell prompt, as follows: [root]# service gated start Not starting gated: [ OK ] Not starting! This is not what we expected. When the script runs successfully, the message displayed is “starting gated”. However, the script file will not attempt to start gated unless a gated configuration is provided. gated is configured through the /etc/gated.conf file. If we had scrolled through the list of files that Figure 7.4 shows for the gated RPM, we would have found that Red Hat does not provide a preconfigured gated.conf file. If you want to run gated, you must build your own configuration. The gated.conf File At startup, gated reads the gated.conf file. The file contains configuration statements that tell gated which routing protocols should be run and how they should be configured. There are several types of configuration statements: Options statements Interface statements Definition statements Protocol statements Static statements Control statements Aggregate statements Not all of these statements are required for a configuration, but when they are used, the statements must appear in the order listed here. These statements can be divided into two groups: statements you probably won’t use and statements you might use. Among the statements you’re unlikely to use are the options statements, the static statements, the control statements, and the aggregate statements: The options statements set parameters such as nosend (don’t send any routing information) and noresolv (don’t use DNS), which are used only for special configurations. The static statements define the static routes that should be included in the routing table. Generally, when you run a routing protocol, you don’t need to define static routes. The control statements are used to define the routing policy. They are primarily used when passing routing between routing domains. Although it is unlikely that you will be using Linux for this, an example of using control statements appears later because it is one of the key features of gated. The aggregate statements are used to aggregate routes within regional and national networks to reduce the number of routes exchanged between national networks. The statements that you are more likely to use in a Linux gated configuration are defin-ition statements, interface statements, and protocol statements: 220
Note: If you are looking for cheapest and affordable webspace to host and run your servlet application check Astra servlet hosting services

OSPF ASE 150 BGP 170 EGP 200 Given the preference values in Table 7.1, a route through a network interface to a directly connected network is the most-preferred route; and a route learned from EGP, an obsolete exterior routing protocol, is the least-preferred route. OSPF is listed in the table twice. OSPF ASE routes were learned by OSPF from an external autonomous system. Because the ASE routes come from another routing domain, the metrics in those routes do not receive the same level of trust as the metrics in interior routes. In fact, the three lowest-preference routing sources EGP, BGP, and OSPF ASE all get the routes from external routing domains. You can modify these default preferences when you configure gated, but you probably won’t need to. The defaults work well for most configurations. In part, this is because a general-purpose system such as Linux isn’t used for extremely complicated and demanding routing situations. Instead, dedicated router hardware is used. For less-demanding applications, such as providing the gateway to a single subnet, Linux is an excellent choice. Installing gated The gated software is part of some Linux distributions, and when it is, gated is often installed during the initial system installation. If the gated package was not installed during the initial installation, install it now. In this section, we use Red Hat Linux 7.1 as our sample system because the examples in this book are Red Hat based, and 7.1 was the last release of Red Hat that shipped gated as its default routing software. On a Red Hat 7.1 system, use RPM to install the software from the CD-ROM. Figure 7.4 shows the result of a gnorpm query after gated is installed. Figure 7.4: Installing gated with gnorpm After gated is installed, use a tool such as tksysv or chkconfig to enable it. The following example shows gated being enabled for run levels 3 and 5: 219

Note: If you are looking for good and affordable webspace to host and run your servlet application check Virtualwebstudio servlet hosting services

reserved for private use are 64512 to 65534. The two redistribute clauses define the routes that will be advertised to our BGP neighbors. redistribute connected tells the router to advertise routes for all networks to which the router is directly connected. redistribute ospf tells the router to advertise routes that it learns from OSPF. The neighbor clauses define the two BGP neighbors that this router should peer with. The neighbors are defined by an IP address, and the external autonomous system to which they belong is identified by the remote-as parameter. In Listing 7.14, the external ASN is 164. Do not use this number or 249. They are both officially assigned to government networks. Zebra is beta software that has only recently begun shipping with Linux distributions, and it is not the only choice for routing software. Many systems still use gated, which is our next topic. Using gated Despite the fact that Red Hat Linux uses Zebra as its default routing software, many other Linux distributions ship with gated. If you don’t have gated software with your distribution, a commercial version can be obtained from the Internet at http://www.gated.org/. Also, at this writing, you can still find and download a precompiled Linux gated binary from an online repository. However, if your distribution doesn’t include gated, this is a good time to transition to Zebra. If you do have gated, and you want to use it, read on. Like Zebra, gated supports many of the most advanced routing protocols. Unlike Zebra, the free version of gated combines these protocols in a single large program. gated was created to allow a system to run multiple routing protocols and to combine the routes learned from those protocols. It does this using a preference value. A gated preference value is an arbitrary number between 0 and 255 that indicates whether one source of routing information is preferred over another. The sources of information can be different routing protocols, different interfaces, different routers, and different routing domains. The lower the preference number, the more preferred the source. The default preferences used for routing protocols are shown in Table 7.1. Table 7.1: Default gated Preference Values Route Source Preference Value Direct route 0 OSPF 10 IS-IS Level 1 15 IS-IS Level 2 18 Internally generated default 20 ICMP redirect 30 Routes learn from the route socket 40 Static route 60 SLSP routes 70 HELLO routes 90 RIP 100 Point-to-Point interface routes 110 Routes through a downed interface 120 Aggregate and generate routes 130 218

Note: If you are looking for good and affordable webspace to host and run your servlet application check Virtualwebstudio servlet hosting services

[root]# cat /etc/zebra/ospfd.conf ! Enable OSPF; connect to the backbone area ! Use simple authentication password a-DA-zip enable password TX4123 ! interface eth0 ip ospf authentication-key UTrustME ip ospf priority 10 ! router ospf ospf router-id 172.16.1.5 redistribute bgp network 172.16.1.0/24 area 0 ! Passwords and addresses have changed. Beyond these cosmetic changes, there is nothing new in the zebra.conf file that needs to be discussed. The ospfd.conf file has two interesting changes. First, this router is assigned a higher priority number. (Given the work it will be doing to handle BGP, we decided not add the burden of being the designated router for OSPF.) Second a redistribute bgp clause has been added because we want the router to advertise the routes it learns from BGP to the other OSPF routers. The largest new part of this configuration is the bgpd.conf file. In Listing 7.14, a possible bgpd.conf file for a router to attach the OSPF backbone area (described for Listing 7.13) to an external autonomous routing domain using BGP is defined. Listing 7.14: A Sample bgpd.conf File ! Enables BGP ! Our ASN is 264; our neighbors are in ASN 164 ! Advertise directly connected routes and routes ! learned from OSPF password BDRwar enable password awtoMA ! router bgp 249 redistribute connected redistribute ospf neighbor 26.6.0.103 remote-as 164 neighbor 26.20.0.72 remote-as 164 ! The router bgp 249 statement enables BGP and assigns the autonomous system number (ASN). BGP exchanges routing information between autonomous systems; thus, an ASN is required for BGP to function. Listing 7.14 says that the ASN of our autonomous system is 249. Note To exchange routing data between official routing domains, you need an official ASN; you can’t just make one up, and you can’t use the ones in this example they are the official ASNs of two government networks I worked on. For information on filing the paperwork to apply for your own official ASN, go to http://www.iana.org/, and follow the links to the appropriate registry for your part of the world. If you use BGP to link together independent networks within a single autonomous system, and the routing data stay within that autonomous system, use one of the ASN numbers reserved for private use. The numbers 217

Note: If you are looking for good and affordable webspace to host and run your servlet application check Virtualwebstudio servlet hosting services

! Enable RIPV2 ! Advertise routes learned from OSPF with a cost of 5 ! Use simple authentication for updates password RIPItup enable password RaceitUP ! interface eth0 ip rip authentication string EZdozIt ! router rip redistribute ospf metric 5 network eth0 ! This configuration is very similar to the ripd.conf file shown in Listing 7.9, but there are differences. First, we have placed the passwords in this file so that the RIP router configuration can be maintained through the vtysh interface. Second, because this is a router, it sends routing updates. Therefore, we use a network clause under the router rip statement to specify the network on which routing updates will be distributed. As described earlier, the network can be defined by an interface name or by an IP address. In Listing 7.12, it is defined by an interface name. The third difference is that this configuration contains a redistribute clause, which defines whether routes learned from OSPF will be advertised to RIP neighbors and what RIP cost will be assigned to those routes. Routes learned from OSPF do not have a valid RIP cost. The metric defined on the redistribute clause is used as a default metric when OSPF routes are advertised to RIP neighbors. The redistribute clause in Listing 7.12 tells RIP to advertise routes learned from OSPF with a cost of 5. Of course, for RIP to learn routes from OSPF, ospfd must be properly configured. Listing 7.13 shows a possible ospfd.conf configuration for this router. Listing 7.13: A Sample ospfd.conf File ! Enable OSPF; connect to the backbone area ! Use simple authentication password Mutt-N-Jeff enable password SURtest ! interface eth1 ip ospf authentication-key UTrustME ip ospf priority 5 ! router ospf ospf router-id 172.16.1.9 network 172.16.1.0/24 area 0 ! The interface statement sets two OSPF parameters. The ip ospf authentication-key clause defines the clear text string used to identify valid OSPF advertisements. Like the clear text string used for RIPv2 authentication, this string is intended to prevent accidental updates from misconfigured systems; it is not intended to provide real security. OSPF supports MD5 for stronger authentication. The ip ospf priority clause defines the priority number this system uses when the area elects a designated router. In Listing 7.13, the priority number is set to 5 possible values are 0 to 255. The 215
Note: If you are looking for cheap and reliable provider to host and run your servlet application check Vision servlet hosting services