# Aufgabe 1
## b)
```
docker build -t docker.fslab.de/tbasti2s/servmgmt-ss22 .
```
## d)
```
docker run -p 20411:3000 docker.fslab.de/tbasti2s/servmgmt-ss22
```
## f)
Das Deployment war sehr einfach. Ich denke die Konfiguration könnte dahingehend vereinfacht werden, dass kein separates Netzwerk erstellt wird.
# Aufgabe 2
## a)
|Containername|IP-Adresse|Netzmaske|Gateway|
|:------------|:---------|:---------|:------|
|pr04-miniwhoami_20412-1|172.18.0.3|255.255.0.0|172.18.0.1|
|pr04-miniwhoami_20413-1|172.18.0.2|255.255.0.0|172.18.0.1|
|peaceful_galileo|172.17.0.2|255.255.0.0|172.17.0.1|
Das Interface `eth0` ist das Netzwerkinterface des Containers. Es besitzt keine IPv6 Adresse.
## b)
```
NETWORK ID NAME DRIVER SCOPE
406fbef57498 bridge bridge local
62325a2b1ac5 host host local
4597d12b21e9 none null local
112c694020b4 pr04_mynetwork bridge local
```
Mit dem Kommando: `docker inspect 31d072cf33a4 -f "{{json .NetworkSettings.Networks }}"` können die Netzwerke des Containers aufgelistet werden.
Die Container, die mit der docker-compose deployed wurden, sind nur mit dem `pr04_mynetwork` verbunden
Der Container `peaceful_galileo` ist ausschließlich mit dem Bridge-Netzwerk verbunden.
```json
{
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "406fbef57498092c168313625a3e69d7bdd26a9576ae5ce6b15802c369f1c33d",
"EndpointID": "9f901e4378d81af1c92a9942a077ef5c830a30cdaf096d8f816bc2aad2f9e01b",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
```
## c)
Alle Container sind mit dem Internet verbunden.
## d)
Es findet eine Weiterleitung vom Host-Server statt. Die Hostserver Adresse ist unter IPv6 erreichbar. Erreichen Anfragen den Hostserver, routet Docker diese an die dazugehörigen Container.
## e)
Der Container lässt sich ausschließlich über ide IP-Adresse anpingen.
## f)
Die Container lassen sich über die IP-Adresse und den Servicenamen anpingen.
## g)
```
dig miniwhoami_20413
; <<>> DiG 9.16.27 <<>> miniwhoami_20413
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41929
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;miniwhoami_20413. IN A
;; ANSWER SECTION:
miniwhoami_20413. 600 IN A 172.18.0.2
;; Query time: 0 msec
;; SERVER: 127.0.0.11#53(127.0.0.11)
;; WHEN: Tue May 03 12:32:31 UTC 2022
;; MSG SIZE rcvd: 66
```
# Aufgabe 3
## a)
```
2001:638:408:200:fe10::/80
2001:638:408:200:fe11::/80
2001:638:408:200:fe12::/80
2001:638:408:200:fe13::/80
```
Der Default-Bridge wird das neue Subnetz zugewiesen.
## b)
### 1.
Die IP-Adresse: `2001:638:408:200:fe11:242:ac11:2/80` wurde dem Container zugewiesen. Die Adresse wird aus dem Subnetz und der MAC-Adresse des Containers gebildet. Das Interface `eth0` besitzt die genannte Adresse.
### 2.
Die IP-Adresse kann von keinem Container aus erreicht werden. Ausschließlich der Hostserver erreicht mit einem Ping den Container.
### 3.
```
2001:638:408:200:fe11::/80 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via 2001:638:408:200:fe11::1 dev eth0 metric 1024 pref medium
```
Es fehlt eine Neigbour-Discovery.
### 4.
### 5.
NDP muss für die Adresse eingerichtet sein.
# Aufgabe 4
## a)
```
sudo sysctl net.ipv6.conf.ens18.proxy_ndp=1 && \
sudo ip -6 neigh add proxy 2001:638:408:200:fe11:242:ac11:2 dev ens18
```
## b)
```
# route-ttl <integer> (NEW)
# This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route.
# Default value is '30000' (30 seconds).
route-ttl 30000
# proxy <interface>
# This sets up a listener, that will listen for any Neighbor Solicitation
# messages, and respond to them according to a set of rules (see below).
# <interface> is required. You may have several 'proxy' sections.
proxy ens18 {
# router <yes|no|true|false>
# This option turns on or off the router flag for Neighbor Advertisement
# messages. Default value is 'true'.
router yes
# timeout <integer>
# Controls how long to wait for a Neighbor Advertisment message before
# invalidating the entry, in milliseconds. Default value is '500'.
timeout 500
# ttl <integer>
# Controls how long a valid or invalid entry remains in the cache, in
# milliseconds. Default value is '30000' (30 seconds).
ttl 30000
# rule <ip>[/<mask>]
# This is a rule that the target address is to match against. If no netmask
# is provided, /128 is assumed. You may have several rule sections, and the
# addresses may or may not overlap.
rule 2001:638:408:200:fe11:: {
# Only one of 'static', 'auto' and 'interface' may be specified. Please
# read 'ndppd.conf' manpage for details about the methods below.
# 'auto' should work in most cases.
# static (NEW)
# 'ndppd' will immediately answer any Neighbor Solicitation Messages
# (if they match the IP rule).
# iface <interface>
# 'ndppd' will forward the Neighbor Solicitation Message through the
# specified interface - and only respond if a matching Neighbor
# Advertisement Message is received.
# auto (NEW)
# Same as above, but instead of manually specifying the outgoing
# interface, 'ndppd' will check for a matching route in /proc/net/ipv6_route.
auto
# Note that before version 0.2.2 of 'ndppd', if you didn't choose a
# method, it defaulted to 'static'. For compatibility reasons we choose
# to keep this behavior - for now (it may be removed in a future version).
}
}
```
`proxy ens18` welches Interface weitergeleitet werden soll.
`rule 2001:638:408:200:fe11::` Für welches Subnetz die Neighbor-Discovery ausgeführt werden soll.
# Aufgabe 5
## a)
Das Subnetz enthält `4,294,967,296` IPv6 Adressen. Das sollte ausreichend sein ;-)
## b)
```
docker network create --subnet="2001:638:408:200:fe10:cafe::/96" --gateway="2001:638:408:200:fe10:cafe::1" --ipv6 my_ipv6
```
## c)
```
# route-ttl <integer> (NEW)
# This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route.
# Default value is '30000' (30 seconds).
route-ttl 30000
# proxy <interface>
# This sets up a listener, that will listen for any Neighbor Solicitation
# messages, and respond to them according to a set of rules (see below).
# <interface> is required. You may have several 'proxy' sections.
proxy ens18 {
# router <yes|no|true|false>
# This option turns on or off the router flag for Neighbor Advertisement
# messages. Default value is 'true'.
router yes
# timeout <integer>
# Controls how long to wait for a Neighbor Advertisment message before
# invalidating the entry, in milliseconds. Default value is '500'.
timeout 500
# ttl <integer>
# Controls how long a valid or invalid entry remains in the cache, in
# milliseconds. Default value is '30000' (30 seconds).
ttl 30000
# rule <ip>[/<mask>]
# This is a rule that the target address is to match against. If no netmask
# is provided, /128 is assumed. You may have several rule sections, and the
# addresses may or may not overlap.
rule 2001:638:408:200:fe11::/80 {
# Only one of 'static', 'auto' and 'interface' may be specified. Please
# read 'ndppd.conf' manpage for details about the methods below.
# 'auto' should work in most cases.
# static (NEW)
# 'ndppd' will immediately answer any Neighbor Solicitation Messages
# (if they match the IP rule).
# iface <interface>
# 'ndppd' will forward the Neighbor Solicitation Message through the
# specified interface - and only respond if a matching Neighbor
# Advertisement Message is received.
# auto (NEW)
# Same as above, but instead of manually specifying the outgoing
# interface, 'ndppd' will check for a matching route in /proc/net/ipv6_route.
auto
# Note that before version 0.2.2 of 'ndppd', if you didn't choose a
# method, it defaulted to 'static'. For compatibility reasons we choose
# to keep this behavior - for now (it may be removed in a future version).
}
rule 2001:638:408:200:fe10:cafe::/96 {
# Only one of 'static', 'auto' and 'interface' may be specified. Please
# read 'ndppd.conf' manpage for details about the methods below.
# 'auto' should work in most cases.
# static (NEW)
# 'ndppd' will immediately answer any Neighbor Solicitation Messages
# (if they match the IP rule).
# iface <interface>
# 'ndppd' will forward the Neighbor Solicitation Message through the
# specified interface - and only respond if a matching Neighbor
# Advertisement Message is received.
# auto (NEW)
# Same as above, but instead of manually specifying the outgoing
# interface, 'ndppd' will check for a matching route in /proc/net/ipv6_route.
auto
# Note that before version 0.2.2 of 'ndppd', if you didn't choose a
# method, it defaulted to 'static'. For compatibility reasons we choose
# to keep this behavior - for now (it may be removed in a future version).
}
}
```
# Aufgabe 6
## a)
```
docker run -it --network my_ipv6 --ip6 2001:638:408:200:fe10:cafe::1111 docker.fslab.de/tbasti2s/servmgmt-ss22:latest
```
## b)
```
version: '3'
services:
miniwhoami_20612:
image: docker.fslab.de/tbasti2s/servmgmt-ss22:latest
networks:
my_ipv6:
ipv6_address: 2001:638:408:200:fe10:cafe:0:2222
miniwhoami_20613:
image: docker.fslab.de/tbasti2s/servmgmt-ss22:latest
networks:
my_ipv6:
ipv6_address: 2001:638:408:200:fe10:cafe:0:3333
networks:
my_ipv6:
external:
name: my_ipv6
```
## d)
Der Service liegt hinter dem CloudFlare CDN. Daher ist die IP-Adresse unbekannt.
# Aufgabe 7
## a)
```
docker network create --subnet="fd00:dead:beef::/48" --gateway="fd00:dead:beef::1" --ipv6 loc_ipv6
```