Example 00 with full emulation

netarch · Jul 31, 2024 · b3ff438 · b3ff438
1 parent 4993f59
commit b3ff438
Show file tree

Hide file tree

Showing 6 changed files with 502 additions and 3 deletions.
diff --git a/full-emulation/00-reverse-path-filtering/.gitignore b/full-emulation/00-reverse-path-filtering/.gitignore
@@ -0,0 +1,4 @@
+clab-*/
+.*.bak
+
+# *.yml
diff --git a/full-emulation/00-reverse-path-filtering/confgen.py b/full-emulation/00-reverse-path-filtering/confgen.py
@@ -0,0 +1,42 @@
+#!/usr/bin/python3
+
+import argparse
+import os
+import sys
+
+sys.path.append(os.path.join(os.path.dirname(__file__), "../.."))
+from src.config import Config
+
+
+def main():
+    parser = argparse.ArgumentParser(description="00-reverse-path-filtering")
+    parser.add_argument(
+        "-n",
+        "--network",
+        type=str,
+        required=True,
+        action="store",
+        help="Input network toml file",
+    )
+    parser.add_argument(
+        "-b",
+        "--bridges",
+        default=False,
+        action="store_true",
+        help="Print out all L2 bridge names",
+    )
+    args = parser.parse_args()
+
+    lab_name = "reverse.path.filtering"
+    config = Config()
+    config.deserialize_toml(args.network)
+
+    if args.bridges:
+        for br in config.get_bridges():
+            print(br)
+    else:
+        config.output_clab_yml(name=lab_name)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/full-emulation/00-reverse-path-filtering/network.clab.yml b/full-emulation/00-reverse-path-filtering/network.clab.yml
@@ -0,0 +1,100 @@
+name: reverse.path.filtering
+prefix: ""
+topology:
+  defaults:
+    network-mode: none
+  kinds:
+    linux:
+      sysctls:
+        net.ipv4.ip_forward: 1
+        net.ipv4.conf.all.forwarding: 1
+        # 0: layer 3, 1: layer 4
+        net.ipv4.fib_multipath_hash_policy: 1
+  nodes:
+    h1:
+      kind: linux
+      image: kyechou/linux-router:latest
+      exec:
+        - ip addr add 192.168.0.1/24 dev eth0
+        - ip route add 0.0.0.0/0 via 192.168.0.254
+    h2:
+      kind: linux
+      image: kyechou/linux-router:latest
+      exec:
+        - ip addr add 192.168.0.2/24 dev eth0
+        - ip route add 0.0.0.0/0 via 192.168.0.254
+    h3:
+      kind: linux
+      image: kyechou/linux-router:latest
+      exec:
+        - ip addr add 192.168.0.3/24 dev eth0
+        - ip route add 0.0.0.0/0 via 192.168.0.254
+    s1:
+      kind: bridge
+    r1:
+      kind: linux
+      image: kyechou/linux-router:latest
+      exec:
+        - ip addr add 192.168.1.2/25 dev eth0
+        - ip addr add 192.168.1.129/25 dev eth1
+        - ip route add 192.168.0.0/22 via 192.168.1.130
+        - ip route add 0.0.0.0/0 via 192.168.1.1
+    r2:
+      kind: linux
+      image: kyechou/linux-router:latest
+      exec:
+        - ip addr add 192.168.2.2/25 dev eth0
+        - ip addr add 192.168.2.129/25 dev eth1
+        - ip route add 192.168.0.0/22 via 192.168.2.130
+        - ip route add 0.0.0.0/0 via 192.168.2.1
+    r3:
+      kind: linux
+      image: kyechou/linux-router:latest
+      exec:
+        - ip addr add 192.168.0.254/24 dev eth0
+        - ip addr add 192.168.1.130/25 dev eth1
+        - ip addr add 192.168.2.130/25 dev eth2
+        # ECMP
+        - ip route add 0.0.0.0/0 nexthop via 192.168.1.129 nexthop via 192.168.2.129
+    fw:
+      kind: linux
+      image: kyechou/iptables:latest
+      env:
+        RULES: |
+          *filter
+          :INPUT DROP [0:0]
+          :FORWARD DROP [0:0]
+          :OUTPUT ACCEPT [0:0]
+          -A INPUT -i eth1 -j ACCEPT
+          -A INPUT -i eth2 -j ACCEPT
+          -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+          -A FORWARD -i eth1 -j ACCEPT
+          -A FORWARD -i eth2 -j ACCEPT
+          -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+          COMMIT
+      sysctls:
+        net.ipv4.conf.all.forwarding: 1
+        # 0 or 2: ok. 1: n.d. fault
+        net.ipv4.conf.all.rp_filter: 1
+        net.ipv4.conf.default.rp_filter: 1
+      exec:
+        - ip addr add 10.0.0.2/24 dev eth0
+        - ip addr add 192.168.1.1/25 dev eth1
+        - ip addr add 192.168.2.1/25 dev eth2
+        - ip route add 192.168.0.0/22 via 192.168.1.2
+    server:
+      kind: linux
+      image: kyechou/linux-router:latest
+      exec:
+        - ip addr add 10.0.0.1/24 dev eth0
+        - ip route add 192.168.0.0/22 via 10.0.0.2
+  links:
+    - endpoints: ["server:eth0", "fw:eth0"]
+    - endpoints: ["fw:eth1", "r1:eth0"]
+    - endpoints: ["fw:eth2", "r2:eth0"]
+    - endpoints: ["r1:eth1", "r3:eth1"]
+    - endpoints: ["r2:eth1", "r3:eth2"]
+    - endpoints: ["r3:eth0", "s1:eth0"]
+    - endpoints: ["s1:eth1", "h1:eth0"]
+    - endpoints: ["s1:eth2", "h2:eth0"]
+    - endpoints: ["s1:eth3", "h3:eth0"]
diff --git a/full-emulation/00-reverse-path-filtering/run.sh b/full-emulation/00-reverse-path-filtering/run.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")"
+EXAMPLE_DIR="$SCRIPT_DIR/../../examples/00-reverse-path-filtering"
+export TOML_INPUT="$EXAMPLE_DIR/network.fault.toml"
+source "$SCRIPT_DIR/../../examples/common.sh"
+
+create_bridges
+sudo containerlab deploy -t "$CONF"
+
+# experiments
+sleep 60
+
+cleanup
+
+msg "Done"
diff --git a/full-emulation/common.sh b/full-emulation/common.sh
@@ -0,0 +1,113 @@
+#!/bin/bash
+
+set -euo pipefail
+
+msg() {
+    echo -e "[+] ${1-}" >&2
+}
+
+hurt() {
+    echo -e "[-] ${1-}" >&2
+}
+
+warn() {
+    echo -e "[!] ${1-}" >&2
+}
+
+die() {
+    echo -e "[!] ${1-}" >&2
+    exit 1
+}
+
+if [ $UID -eq 0 ]; then
+    die 'Please run this script without root privilege'
+fi
+
+if [ -z "${SCRIPT_DIR+x}" ]; then
+    die '"SCRIPT_DIR" is unset'
+fi
+if [ -z "${TOML_INPUT+x}" ]; then
+    die '"TOML_INPUT" is unset'
+fi
+if [[ ! -e "$TOML_INPUT" ]]; then
+    die "File not found: $TOML_INPUT"
+fi
+
+PROJECT_DIR="$(realpath "$(dirname "${BASH_SOURCE[0]}")"/..)"
+CONF="$SCRIPT_DIR/network.clab.yml"
+CONFGEN=("python3" "$SCRIPT_DIR/confgen.py")
+BRIDGES_TXT="$(realpath "$SCRIPT_DIR/bridges.txt")"
+RESULTS_DIR="$(realpath "$SCRIPT_DIR/results")"
+export CONF
+export CONFGEN
+
+create_bridges() {
+    mapfile -t bridges <"$BRIDGES_TXT"
+    for br in "${bridges[@]}"; do
+        sudo ip link add name "$br" type bridge
+        sudo ip link set dev "$br" up
+    done
+}
+
+delete_bridges() {
+    mapfile -t bridges <"$BRIDGES_TXT"
+    for br in "${bridges[@]}"; do
+        sudo ip link set dev "$br" down
+        sudo ip link delete "$br" type bridge
+    done
+}
+
+cleanup() {
+    set +e
+    sudo containerlab destroy -t "$CONF"
+    delete_bridges
+
+    unfinished_cntrs="$(docker ps -a -q)"
+    if [[ -n "$unfinished_cntrs" ]]; then
+        make -C "$PROJECT_DIR/Dockerfiles" clean
+    fi
+
+    # rm -rf clab-* .*.bak
+    set -e
+}
+
+# run() {
+#     name="$1"
+#     procs="$2"
+#     drop="$3"
+#     infile="$4"
+#     outdir="$RESULTS_DIR/$name"
+#     outlog="$SCRIPT_DIR/out.log"
+#     shift 4
+#     args=("$@")
+#     msg "Verifying $name"
+#     sudo /usr/bin/time "$NEO" -f -j "$procs" -d "$drop" -i "$infile" -o "$outdir" "${args[@]}" \
+#         2>&1 | tee "$outlog" >/dev/null
+#     cleanup
+#     sudo chown -R "$(id -u):$(id -g)" "$outdir"
+#     mv "$outlog" "$outdir/"
+#     cp "$infile" "$outdir/network.toml"
+# }
+
+int_handler() {
+    set +e
+    hurt "Interrupted. Closing the running processes and containers..."
+    cleanup
+    # sudo chown -R "$(id -u):$(id -g)" "$outdir"
+    # cp "$infile" "$outdir/network.toml"
+    hurt "Exit (interrupted)"
+    exit 1
+}
+
+_main() {
+    # Prepare input for containerlab
+    if [[ ! -e "$CONF" ]]; then
+        "${CONFGEN[@]}" --network "$TOML_INPUT" >"$CONF"
+    fi
+    "${CONFGEN[@]}" --network "$TOML_INPUT" --bridges >"$BRIDGES_TXT"
+
+    mkdir -p "$RESULTS_DIR"
+    trap int_handler SIGINT
+}
+
+_main "$@"