From 4e5c6510253bc68c6d319ff7357562e0019da877 Mon Sep 17 00:00:00 2001
From: timbastin <bastin.tim@gmail.com>
Date: Wed, 4 May 2022 19:49:15 +0200
Subject: [PATCH] Changed port
---
prak/pr02/miniserver/Dockerfile | 2 +-
prak/pr02/miniserver/main.go | 2 +-
prak/pr04/README.md | 315 ++++++++++++++++++++++++++++++++
prak/pr04/docker-compose.yaml | 4 +-
4 files changed, 319 insertions(+), 4 deletions(-)
diff --git a/prak/pr02/miniserver/Dockerfile b/prak/pr02/miniserver/Dockerfile
index ecf9a7a..53955ca 100644
--- a/prak/pr02/miniserver/Dockerfile
+++ b/prak/pr02/miniserver/Dockerfile
@@ -10,6 +10,6 @@ FROM gcr.io/distroless/base
COPY --from=builder /usr/app/ /usr/app/
WORKDIR /usr/app
-EXPOSE 3000
+EXPOSE 80
CMD ["./miniserver"]
diff --git a/prak/pr02/miniserver/main.go b/prak/pr02/miniserver/main.go
index b21294f..34721f7 100644
--- a/prak/pr02/miniserver/main.go
+++ b/prak/pr02/miniserver/main.go
@@ -66,5 +66,5 @@ func main() {
}
http.HandleFunc("/", webHandlerFactory(tmpl))
log.Println("started web server")
- http.ListenAndServe(":3000", nil)
+ http.ListenAndServe(":80", nil)
}
diff --git a/prak/pr04/README.md b/prak/pr04/README.md
index 403ebd7..0db48de 100644
--- a/prak/pr04/README.md
+++ b/prak/pr04/README.md
@@ -10,4 +10,319 @@ docker build -t docker.fslab.de/tbasti2s/servmgmt-ss22 .
```
docker run -p 20411:3000 docker.fslab.de/tbasti2s/servmgmt-ss22
+```
+
+## f)
+
+Das Deployment war sehr einfach. Ich denke die Konfiguration könnte dahingehend vereinfacht werden, dass kein separates Netzwerk erstellt wird.
+
+# Aufgabe 2
+
+## a)
+
+|Containername|IP-Adresse|Netzmaske|Gateway|
+|:------------|:---------|:---------|:------|
+|pr04-miniwhoami_20412-1|172.18.0.3|255.255.0.0|172.18.0.1|
+|pr04-miniwhoami_20413-1|172.18.0.2|255.255.0.0|172.18.0.1|
+|peaceful_galileo|172.17.0.2|255.255.0.0|172.17.0.1|
+
+Das Interface `eth0` ist das Netzwerkinterface des Containers. Es besitzt keine IPv6 Adresse.
+
+## b)
+
+```
+NETWORK ID NAME DRIVER SCOPE
+406fbef57498 bridge bridge local
+62325a2b1ac5 host host local
+4597d12b21e9 none null local
+112c694020b4 pr04_mynetwork bridge local
+```
+
+Mit dem Kommando: `docker inspect 31d072cf33a4 -f "{{json .NetworkSettings.Networks }}"` können die Netzwerke des Containers aufgelistet werden.
+
+Die Container, die mit der docker-compose deployed wurden, sind nur mit dem `pr04_mynetwork` verbunden
+
+Der Container `peaceful_galileo` ist ausschließlich mit dem Bridge-Netzwerk verbunden.
+
+```json
+{
+ "bridge": {
+ "IPAMConfig": null,
+ "Links": null,
+ "Aliases": null,
+ "NetworkID": "406fbef57498092c168313625a3e69d7bdd26a9576ae5ce6b15802c369f1c33d",
+ "EndpointID": "9f901e4378d81af1c92a9942a077ef5c830a30cdaf096d8f816bc2aad2f9e01b",
+ "Gateway": "172.17.0.1",
+ "IPAddress": "172.17.0.2",
+ "IPPrefixLen": 16,
+ "IPv6Gateway": "",
+ "GlobalIPv6Address": "",
+ "GlobalIPv6PrefixLen": 0,
+ "MacAddress": "02:42:ac:11:00:02",
+ "DriverOpts": null
+ }
+}
+```
+
+## c)
+
+Alle Container sind mit dem Internet verbunden.
+
+## d)
+
+Es findet eine Weiterleitung vom Host-Server statt. Die Hostserver Adresse ist unter IPv6 erreichbar. Erreichen Anfragen den Hostserver, routet Docker diese an die dazugehörigen Container.
+
+## e)
+
+Der Container lässt sich ausschließlich über ide IP-Adresse anpingen.
+
+## f)
+
+Die Container lassen sich über die IP-Adresse und den Servicenamen anpingen.
+
+## g)
+
+```
+dig miniwhoami_20413
+
+; <<>> DiG 9.16.27 <<>> miniwhoami_20413
+;; global options: +cmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41929
+;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
+
+;; QUESTION SECTION:
+;miniwhoami_20413. IN A
+
+;; ANSWER SECTION:
+miniwhoami_20413. 600 IN A 172.18.0.2
+
+;; Query time: 0 msec
+;; SERVER: 127.0.0.11#53(127.0.0.11)
+;; WHEN: Tue May 03 12:32:31 UTC 2022
+;; MSG SIZE rcvd: 66
+```
+
+# Aufgabe 3
+
+## a)
+
+```
+2001:638:408:200:fe10::/80
+2001:638:408:200:fe11::/80
+2001:638:408:200:fe12::/80
+2001:638:408:200:fe13::/80
+```
+
+Der Default-Bridge wird das neue Subnetz zugewiesen.
+
+
+## b)
+
+### 1.
+
+Die IP-Adresse: `2001:638:408:200:fe11:242:ac11:2/80` wurde dem Container zugewiesen. Die Adresse wird aus dem Subnetz und der MAC-Adresse des Containers gebildet. Das Interface `eth0` besitzt die genannte Adresse.
+
+### 2.
+
+Die IP-Adresse kann von keinem Container aus erreicht werden. Ausschließlich der Hostserver erreicht mit einem Ping den Container.
+
+### 3.
+
+```
+2001:638:408:200:fe11::/80 dev eth0 proto kernel metric 256 pref medium
+fe80::/64 dev eth0 proto kernel metric 256 pref medium
+default via 2001:638:408:200:fe11::1 dev eth0 metric 1024 pref medium
+```
+
+Es fehlt eine Neigbour-Discovery.
+
+### 4.
+
+### 5.
+
+NDP muss für die Adresse eingerichtet sein.
+
+# Aufgabe 4
+
+## a)
+
+```
+sudo sysctl net.ipv6.conf.ens18.proxy_ndp=1 && \
+sudo ip -6 neigh add proxy 2001:638:408:200:fe11:242:ac11:2 dev ens18
+```
+
+## b)
+
+```
+# route-ttl <integer> (NEW)
+# This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route.
+# Default value is '30000' (30 seconds).
+
+route-ttl 30000
+
+# proxy <interface>
+# This sets up a listener, that will listen for any Neighbor Solicitation
+# messages, and respond to them according to a set of rules (see below).
+# <interface> is required. You may have several 'proxy' sections.
+
+proxy ens18 {
+
+ # router <yes|no|true|false>
+ # This option turns on or off the router flag for Neighbor Advertisement
+ # messages. Default value is 'true'.
+
+ router yes
+
+ # timeout <integer>
+ # Controls how long to wait for a Neighbor Advertisment message before
+ # invalidating the entry, in milliseconds. Default value is '500'.
+
+ timeout 500
+
+ # ttl <integer>
+ # Controls how long a valid or invalid entry remains in the cache, in
+ # milliseconds. Default value is '30000' (30 seconds).
+
+ ttl 30000
+
+ # rule <ip>[/<mask>]
+ # This is a rule that the target address is to match against. If no netmask
+ # is provided, /128 is assumed. You may have several rule sections, and the
+ # addresses may or may not overlap.
+
+ rule 2001:638:408:200:fe11:: {
+ # Only one of 'static', 'auto' and 'interface' may be specified. Please
+ # read 'ndppd.conf' manpage for details about the methods below.
+
+ # 'auto' should work in most cases.
+
+ # static (NEW)
+ # 'ndppd' will immediately answer any Neighbor Solicitation Messages
+ # (if they match the IP rule).
+
+ # iface <interface>
+ # 'ndppd' will forward the Neighbor Solicitation Message through the
+ # specified interface - and only respond if a matching Neighbor
+ # Advertisement Message is received.
+
+ # auto (NEW)
+ # Same as above, but instead of manually specifying the outgoing
+ # interface, 'ndppd' will check for a matching route in /proc/net/ipv6_route.
+
+ auto
+
+ # Note that before version 0.2.2 of 'ndppd', if you didn't choose a
+ # method, it defaulted to 'static'. For compatibility reasons we choose
+ # to keep this behavior - for now (it may be removed in a future version).
+ }
+}
+```
+
+`proxy ens18` welches Interface weitergeleitet werden soll.
+
+`rule 2001:638:408:200:fe11::` Für welches Subnetz die Neighbor-Discovery ausgeführt werden soll.
+
+# Aufgabe 5
+
+## a)
+Das Subnetz enthält `4,294,967,296` IPv6 Adressen. Das sollte ausreichend sein ;-)
+
+## b)
+
+```
+docker network create --subnet="2001:638:408:200:fe10:cafe::/96" --gateway="2001:638:408:200:fe10:cafe::1" --ipv6 my_ipv6
+```
+
+
+## c)
+
+```
+# route-ttl <integer> (NEW)
+# This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route.
+# Default value is '30000' (30 seconds).
+
+route-ttl 30000
+
+# proxy <interface>
+# This sets up a listener, that will listen for any Neighbor Solicitation
+# messages, and respond to them according to a set of rules (see below).
+# <interface> is required. You may have several 'proxy' sections.
+
+proxy ens18 {
+
+ # router <yes|no|true|false>
+ # This option turns on or off the router flag for Neighbor Advertisement
+ # messages. Default value is 'true'.
+
+ router yes
+
+ # timeout <integer>
+ # Controls how long to wait for a Neighbor Advertisment message before
+ # invalidating the entry, in milliseconds. Default value is '500'.
+
+ timeout 500
+
+ # ttl <integer>
+ # Controls how long a valid or invalid entry remains in the cache, in
+ # milliseconds. Default value is '30000' (30 seconds).
+
+ ttl 30000
+
+ # rule <ip>[/<mask>]
+ # This is a rule that the target address is to match against. If no netmask
+ # is provided, /128 is assumed. You may have several rule sections, and the
+ # addresses may or may not overlap.
+
+ rule 2001:638:408:200:fe11::/80 {
+ # Only one of 'static', 'auto' and 'interface' may be specified. Please
+ # read 'ndppd.conf' manpage for details about the methods below.
+
+ # 'auto' should work in most cases.
+
+ # static (NEW)
+ # 'ndppd' will immediately answer any Neighbor Solicitation Messages
+ # (if they match the IP rule).
+
+ # iface <interface>
+ # 'ndppd' will forward the Neighbor Solicitation Message through the
+ # specified interface - and only respond if a matching Neighbor
+ # Advertisement Message is received.
+
+ # auto (NEW)
+ # Same as above, but instead of manually specifying the outgoing
+ # interface, 'ndppd' will check for a matching route in /proc/net/ipv6_route.
+
+ auto
+
+ # Note that before version 0.2.2 of 'ndppd', if you didn't choose a
+ # method, it defaulted to 'static'. For compatibility reasons we choose
+ # to keep this behavior - for now (it may be removed in a future version).
+ }
+ rule 2001:638:408:200:fe10:cafe::/96 {
+ # Only one of 'static', 'auto' and 'interface' may be specified. Please
+ # read 'ndppd.conf' manpage for details about the methods below.
+
+ # 'auto' should work in most cases.
+
+ # static (NEW)
+ # 'ndppd' will immediately answer any Neighbor Solicitation Messages
+ # (if they match the IP rule).
+
+ # iface <interface>
+ # 'ndppd' will forward the Neighbor Solicitation Message through the
+ # specified interface - and only respond if a matching Neighbor
+ # Advertisement Message is received.
+
+ # auto (NEW)
+ # Same as above, but instead of manually specifying the outgoing
+ # interface, 'ndppd' will check for a matching route in /proc/net/ipv6_route.
+
+ auto
+
+ # Note that before version 0.2.2 of 'ndppd', if you didn't choose a
+ # method, it defaulted to 'static'. For compatibility reasons we choose
+ # to keep this behavior - for now (it may be removed in a future version).
+ }
+}
```
\ No newline at end of file
diff --git a/prak/pr04/docker-compose.yaml b/prak/pr04/docker-compose.yaml
index e867d77..b9e99e6 100644
--- a/prak/pr04/docker-compose.yaml
+++ b/prak/pr04/docker-compose.yaml
@@ -4,14 +4,14 @@ services:
miniwhoami_20412:
image: docker.fslab.de/tbasti2s/servmgmt-ss22
ports:
- - "20412:3000"
+ - "20412:80"
networks:
- mynetwork
miniwhoami_20413:
image: docker.fslab.de/tbasti2s/servmgmt-ss22
ports:
- - "20413:3000"
+ - "20413:80"
networks:
- mynetwork
--
GitLab