Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
1 result
Blame Permalink
README.md 9.29 KiB

Aufgabe 1

b)

docker build -t docker.fslab.de/tbasti2s/servmgmt-ss22 .

d)

docker run -p 20411:3000 docker.fslab.de/tbasti2s/servmgmt-ss22

f)

Das Deployment war sehr einfach. Ich denke die Konfiguration könnte dahingehend vereinfacht werden, dass kein separates Netzwerk erstellt wird.

Aufgabe 2

a)

Containername IP-Adresse Netzmaske Gateway
pr04-miniwhoami_20412-1 172.18.0.3 255.255.0.0 172.18.0.1
pr04-miniwhoami_20413-1 172.18.0.2 255.255.0.0 172.18.0.1
peaceful_galileo 172.17.0.2 255.255.0.0 172.17.0.1

Das Interface eth0 ist das Netzwerkinterface des Containers. Es besitzt keine IPv6 Adresse.

b)

NETWORK ID     NAME             DRIVER    SCOPE
406fbef57498   bridge           bridge    local
62325a2b1ac5   host             host      local
4597d12b21e9   none             null      local
112c694020b4   pr04_mynetwork   bridge    local

Mit dem Kommando: docker inspect 31d072cf33a4 -f "{{json .NetworkSettings.Networks }}" können die Netzwerke des Containers aufgelistet werden.

Die Container, die mit der docker-compose deployed wurden, sind nur mit dem pr04_mynetwork verbunden

Der Container peaceful_galileo ist ausschließlich mit dem Bridge-Netzwerk verbunden.

{
  "bridge": {
    "IPAMConfig": null,
    "Links": null,
    "Aliases": null,
    "NetworkID": "406fbef57498092c168313625a3e69d7bdd26a9576ae5ce6b15802c369f1c33d",
    "EndpointID": "9f901e4378d81af1c92a9942a077ef5c830a30cdaf096d8f816bc2aad2f9e01b",
    "Gateway": "172.17.0.1",
    "IPAddress": "172.17.0.2",
    "IPPrefixLen": 16,
    "IPv6Gateway": "",
    "GlobalIPv6Address": "",
    "GlobalIPv6PrefixLen": 0,
    "MacAddress": "02:42:ac:11:00:02",
    "DriverOpts": null
  }
}

c)

Alle Container sind mit dem Internet verbunden.

d)

Es findet eine Weiterleitung vom Host-Server statt. Die Hostserver Adresse ist unter IPv6 erreichbar. Erreichen Anfragen den Hostserver, routet Docker diese an die dazugehörigen Container.

e)

Der Container lässt sich ausschließlich über ide IP-Adresse anpingen.

f)

Die Container lassen sich über die IP-Adresse und den Servicenamen anpingen.

g)

dig miniwhoami_20413

; <<>> DiG 9.16.27 <<>> miniwhoami_20413
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41929
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;miniwhoami_20413.		IN	A

;; ANSWER SECTION:
miniwhoami_20413.	600	IN	A	172.18.0.2

;; Query time: 0 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Tue May 03 12:32:31 UTC 2022
;; MSG SIZE  rcvd: 66

Aufgabe 3

a)

2001:638:408:200:fe10::/80
2001:638:408:200:fe11::/80
2001:638:408:200:fe12::/80
2001:638:408:200:fe13::/80

Der Default-Bridge wird das neue Subnetz zugewiesen.

b)

1.

Die IP-Adresse: 2001:638:408:200:fe11:242:ac11:2/80 wurde dem Container zugewiesen. Die Adresse wird aus dem Subnetz und der MAC-Adresse des Containers gebildet. Das Interface eth0 besitzt die genannte Adresse.

2.

Die IP-Adresse kann von keinem Container aus erreicht werden. Ausschließlich der Hostserver erreicht mit einem Ping den Container.

3.

2001:638:408:200:fe11::/80 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via 2001:638:408:200:fe11::1 dev eth0 metric 1024 pref medium

Es fehlt eine Neigbour-Discovery.

4.

5.

NDP muss für die Adresse eingerichtet sein.

Aufgabe 4

a)

sudo sysctl net.ipv6.conf.ens18.proxy_ndp=1 && \
sudo ip -6 neigh add proxy 2001:638:408:200:fe11:242:ac11:2 dev ens18

b)

# route-ttl <integer> (NEW)
# This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route.
# Default value is '30000' (30 seconds).

route-ttl 30000

# proxy <interface>
# This sets up a listener, that will listen for any Neighbor Solicitation
# messages, and respond to them according to a set of rules (see below).
# <interface> is required. You may have several 'proxy' sections.

proxy ens18 {
   
   # router <yes|no|true|false>
   # This option turns on or off the router flag for Neighbor Advertisement
   # messages. Default value is 'true'.
   
   router yes

   # timeout <integer>
   # Controls how long to wait for a Neighbor Advertisment message before 
   # invalidating the entry, in milliseconds. Default value is '500'.

   timeout 500   
   
   # ttl <integer>
   # Controls how long a valid or invalid entry remains in the cache, in 
   # milliseconds. Default value is '30000' (30 seconds).
   
   ttl 30000

   # rule <ip>[/<mask>]
   # This is a rule that the target address is to match against. If no netmask
   # is provided, /128 is assumed. You may have several rule sections, and the
   # addresses may or may not overlap.

   rule 2001:638:408:200:fe11:: {
      # Only one of 'static', 'auto' and 'interface' may be specified. Please
      # read 'ndppd.conf' manpage for details about the methods below.

      # 'auto' should work in most cases.

      # static (NEW)
      # 'ndppd' will immediately answer any Neighbor Solicitation Messages
      # (if they match the IP rule).

      # iface <interface>
      # 'ndppd' will forward the Neighbor Solicitation Message through the
      # specified interface - and only respond if a matching Neighbor
      # Advertisement Message is received.
      
      # auto (NEW)
      # Same as above, but instead of manually specifying the outgoing
      # interface, 'ndppd' will check for a matching route in /proc/net/ipv6_route.

      auto

      # Note that before version 0.2.2 of 'ndppd', if you didn't choose a
      # method, it defaulted to 'static'. For compatibility reasons we choose
      # to keep this behavior - for now (it may be removed in a future version).
   }
}

proxy ens18 welches Interface weitergeleitet werden soll.

rule 2001:638:408:200:fe11:: Für welches Subnetz die Neighbor-Discovery ausgeführt werden soll.

Aufgabe 5

a)

Das Subnetz enthält 4,294,967,296 IPv6 Adressen. Das sollte ausreichend sein ;-)

b)

docker network create --subnet="2001:638:408:200:fe10:cafe::/96" --gateway="2001:638:408:200:fe10:cafe::1" --ipv6 my_ipv6

c)

# route-ttl <integer> (NEW)
# This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route.
# Default value is '30000' (30 seconds).

route-ttl 30000

# proxy <interface>
# This sets up a listener, that will listen for any Neighbor Solicitation
# messages, and respond to them according to a set of rules (see below).
# <interface> is required. You may have several 'proxy' sections.

proxy ens18 {
   
   # router <yes|no|true|false>
   # This option turns on or off the router flag for Neighbor Advertisement
   # messages. Default value is 'true'.
   
   router yes

   # timeout <integer>
   # Controls how long to wait for a Neighbor Advertisment message before 
   # invalidating the entry, in milliseconds. Default value is '500'.

   timeout 500   
   
   # ttl <integer>
   # Controls how long a valid or invalid entry remains in the cache, in 
   # milliseconds. Default value is '30000' (30 seconds).
   
   ttl 30000

   # rule <ip>[/<mask>]
   # This is a rule that the target address is to match against. If no netmask
   # is provided, /128 is assumed. You may have several rule sections, and the
   # addresses may or may not overlap.

   rule 2001:638:408:200:fe11::/80 {
      # Only one of 'static', 'auto' and 'interface' may be specified. Please
      # read 'ndppd.conf' manpage for details about the methods below.

      # 'auto' should work in most cases.

      # static (NEW)
      # 'ndppd' will immediately answer any Neighbor Solicitation Messages
      # (if they match the IP rule).

      # iface <interface>
      # 'ndppd' will forward the Neighbor Solicitation Message through the
      # specified interface - and only respond if a matching Neighbor
      # Advertisement Message is received.
      
      # auto (NEW)
      # Same as above, but instead of manually specifying the outgoing
      # interface, 'ndppd' will check for a matching route in /proc/net/ipv6_route.

      auto

      # Note that before version 0.2.2 of 'ndppd', if you didn't choose a
      # method, it defaulted to 'static'. For compatibility reasons we choose
      # to keep this behavior - for now (it may be removed in a future version).
   }
   rule 2001:638:408:200:fe10:cafe::/96 {
      # Only one of 'static', 'auto' and 'interface' may be specified. Please
      # read 'ndppd.conf' manpage for details about the methods below.

      # 'auto' should work in most cases.

      # static (NEW)
      # 'ndppd' will immediately answer any Neighbor Solicitation Messages
      # (if they match the IP rule).

      # iface <interface>
      # 'ndppd' will forward the Neighbor Solicitation Message through the
      # specified interface - and only respond if a matching Neighbor
      # Advertisement Message is received.
      
      # auto (NEW)
      # Same as above, but instead of manually specifying the outgoing
      # interface, 'ndppd' will check for a matching route in /proc/net/ipv6_route.

      auto

      # Note that before version 0.2.2 of 'ndppd', if you didn't choose a
      # method, it defaulted to 'static'. For compatibility reasons we choose
      # to keep this behavior - for now (it may be removed in a future version).
   }
}