Friday, March 26, 2021

Cài đặt Zimbra Policyd MySQL

Posted on March 26, 2021 by  with No comments
@Domain dinguyen.com
@Kiểm tra bind-address
[root@mail ~]# vi /opt/zimbra/conf/my.cnf

[mysqld]

basedir = /opt/zimbra/mariadb
datadir = /opt/zimbra/db/data
socket = /opt/zimbra/db/mysql.sock
pid-file = /opt/zimbra/db/mysql.pid
bind-address = 127.0.0.1
port = 7306
user = zimbra
tmpdir = /opt/zimbra/data/tmp

@Tạo db và user policyd
[root@mail ~]# su - zimbra

[zimbra@mail ~]$ mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 1644
Server version: 10.0.15-MariaDB-log Zimbra binary distribution

Copyright (c) 2000, 2014, Oracle, SkySQL Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
MariaDB [(none)]> create database policyd CHARACTER SET 'UTF8';
MariaDB [(none)]> show databases;
MariaDB [(none)]> create user 'policyd'@'127.0.0.1' identified by 'DiNguyen2o2i';
Query OK, 0 rows affected (0.96 sec)

MariaDB [(none)]> grant all privileges on policyd.* to 'policyd'@'127.0.0.1' identified by 'DiNguyen2o2i' with grant option;
Query OK, 0 rows affected (0.06 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> quit;
Bye

@Convert .tsql files to .sql file
[zimbra@mail database]$ cd /opt/zimbra/common/share/database/
[zimbra@mail database]$ ll
total 48
-rw-r--r-- 1 root root 1272 Dec 31 2015 access_control.tsql
-rw-r--r-- 1 root root 2755 Dec 31 2015 accounting.tsql
-rw-r--r-- 1 root root 4147 Dec 31 2015 amavis.tsql
-rw-r--r-- 1 root root 3227 Dec 31 2015 checkhelo.tsql
-rw-r--r-- 1 root root 1295 Dec 31 2015 checkspf.tsql
-rwxr-xr-x 1 root root 3116 Dec 31 2015 convert-tsql
-rw-r--r-- 1 root root 4882 Dec 31 2015 core.tsql
-rw-r--r-- 1 root root 4417 Dec 31 2015 greylisting.tsql
-rw-r--r-- 1 root root 3137 Dec 31 2015 quotas.tsql
drwxr-xr-x 2 root root 143 Feb 26 2019 whitelists

[zimbra@mail database]$POLICYDTABLESSQL="$(mktemp /tmp/policyd-dbtables.XXXXXXXX.sql)"

[zimbra@mail database]$for i in core.tsql access_control.tsql quotas.tsql amavis.tsql checkhelo.tsql checkspf.tsql greylisting.tsql accounting.tsql;
do
./convert-tsql mysql $i;
done > "${POLICYDTABLESSQL}"

[root@mail tmp]# ll policyd-dbtables.vl6f9V4E.sql
-rw------- 1 root root 24846 Mar 19 13:26 policyd-dbtables.vl6f9V4E.sql
@import db
[zimbra@mail ~]$ /opt/zimbra/bin/mysql policyd < /tmp/policyd-dbtables.vl6f9V4E.sql
@Kiểm tra db
[zimbra@mail ~]$ mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 1782
Server version: 10.0.15-MariaDB-log Zimbra binary distribution

Copyright (c) 2000, 2014, Oracle, SkySQL Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
| mboxgroup98 |
| mboxgroup99 |
| mysql |
| performance_schema |
| policyd |
| test |
| zimbra |
+--------------------+
106 rows in set (0.00 sec)
MariaDB [(none)]> use policyd;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [policyd]> show tables;
+---------------------------+
| Tables_in_policyd |
+---------------------------+
| access_control |
| accounting |
| accounting_tracking |
| amavis_rules |
| checkhelo |
| checkhelo_blacklist |
| checkhelo_tracking |
| checkhelo_whitelist |
| checkspf |
| greylisting |
| greylisting_autoblacklist |
| greylisting_autowhitelist |
| greylisting_tracking |
| greylisting_whitelist |
| policies |
| policy_group_members |
| policy_groups |
| policy_members |
| quotas |
| quotas_limits |
| quotas_tracking |
| session_tracking |
+---------------------------+
22 rows in set (0.00 sec)

MariaDB [policyd]> quit
Bye
@Chỉnh thông số trong file /opt/zimbra/conf/cbpolicyd.conf.in
#Gán user db
[zimbra@mail ~]$ grep -lZr -e ".*sername=.*$" "/opt/zimbra/conf/cbpolicyd.conf.in" | xargs -0 sed -i "s^.*sername=.*$^Username=policyd^g"
#Gán password
[zimbra@mail ~]$ grep -lZr -e ".*assword=.*$" "/opt/zimbra/conf/cbpolicyd.conf.in" | xargs -0 sed -i "s^.*assword=.*$^Password=DiNguyen2o2i^g"
#Gán db
[zimbra@mail ~]$ grep -lZr -e "DSN=.*$" "/opt/zimbra/conf/cbpolicyd.conf.in" | xargs -0 sed -i "s^DSN=.*$^DSN=DBI:mysql:database=policyd_db;host=127.0.0.1;port=7306^g"
#Kiểm tra lại kết quả
[zimbra@mail ~]$ vi /opt/zimbra/conf/cbpolicyd.conf.in

Cấu hình các rules
@Xem db policyd tables
[zimbra@mail ~]$ mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 1818
Server version: 10.0.15-MariaDB-log Zimbra binary distribution

Copyright (c) 2000, 2014, Oracle, SkySQL Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use policyd;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [policyd]> show tables;
+---------------------------+
| Tables_in_policyd |
+---------------------------+
| access_control |
| accounting |
| accounting_tracking |
| amavis_rules |
| checkhelo |
| checkhelo_blacklist |
| checkhelo_tracking |
| checkhelo_whitelist |
| checkspf |
| greylisting |
| greylisting_autoblacklist |
| greylisting_autowhitelist |
| greylisting_tracking |
| greylisting_whitelist |
| policies |
| policy_group_members |
| policy_groups |
| policy_members |
| quotas |
| quotas_limits |
| quotas_tracking |
| session_tracking |
+---------------------------+
22 rows in set (0.00 sec)
@Sẽ thay đổi nội dung các tables sau:
| policies |
| policy_group_members |
| policy_groups |
| policy_members |
| quotas |
| quotas_limits |

@Xem các policy groups đang có
MariaDB [policyd]> select * from policy_groups;
+----+------------------+----------+---------+
| ID | Name | Disabled | Comment |
+----+------------------+----------+---------+
| 1 | internal_ips | 0 | NULL |
| 2 | internal_domains | 0 | NULL |
+----+------------------+----------+---------+
2 rows in set (0.00 sec)
@Thêm Policy group list_domain
MariaDB [policyd]> INSERT INTO policy_groups (ID, Name,Disabled,Comment) VALUES(3, 'list_domain', 0, 'NULL');
Query OK, 1 row affected (0.00 sec)
MariaDB [policyd]> select * from policy_groups;
+----+------------------+----------+---------+
| ID | Name | Disabled | Comment |
+----+------------------+----------+---------+
| 1 | internal_ips | 0 | NULL |
| 2 | internal_domains | 0 | NULL |
| 3 | list_domain | 0 | NULL |
+----+------------------+----------+---------+
3 rows in set (0.00 sec)
@Kiểm tra các Policy group member
MariaDB [policyd]> select * from policy_group_members ;
+----+---------------+--------------+----------+---------+
| ID | PolicyGroupID | Member | Disabled | Comment |
+----+---------------+--------------+----------+---------+
| 1 | 1 | 10.0.0.0/8 | 0 | NULL |
| 2 | 2 | @example.org | 0 | NULL |
| 3 | 2 | @example.com | 0 | NULL |
+----+---------------+--------------+----------+---------+
3 rows in set (0.00 sec)
@Xóa các member và thêm member @dinguyen.com
MariaDB [policyd]> DELETE FROM `policy_group_members` WHERE Member='@example.org';
Query OK, 1 row affected (0.00 sec)
MariaDB [policyd]> DELETE FROM `policy_group_members` WHERE Member='@example.com';
Query OK, 1 row affected (0.00 sec)
MariaDB [policyd]> DELETE FROM `policy_group_members` WHERE Member='10.0.0.0/8';
Query OK, 1 row affected (0.00 sec)
MariaDB [policyd]> INSERT INTO `policy_group_members`(ID,PolicyGroupID,Member,Disabled,Comment) VALUES (1,3,'@dinguyen.com',0,'NULL');
Query OK, 1 row affected (0.00 sec)
MariaDB [policyd]> select * from policy_group_members ;
+----+---------------+--------------------+----------+---------+
| ID | PolicyGroupID | Member | Disabled | Comment |
+----+---------------+--------------------+----------+---------+
| 1 | 3 | @dinguyen.com | 0 | NULL |
+----+---------------+--------------------+----------+---------+
1 row in set (0.00 sec)
#Notes: PolicyGroupID  = 3 --> chính là ID của list_domain trong policy_groups;
@Kiểm tra các polices
MariaDB [policyd]> select * from policies;
+----+------------------+----------+--------------------------------+----------+
| ID | Name | Priority | Description | Disabled |
+----+------------------+----------+--------------------------------+----------+
| 1 | Default | 0 | Default System Policy | 0 |
| 2 | Default Outbound | 10 | Default Outbound System Policy | 0 |
| 3 | Default Inbound | 10 | Default Inbound System Policy | 0 |
| 4 | Default Internal | 20 | Default Internal System Policy | 0 |
| 5 | Test | 50 | Test policy | 0 |
+----+------------------+----------+--------------------------------+----------+
@Kiểm tra các policy members
MariaDB [policyd]> select * from policy_members ;
MariaDB [policyd]> select * from policy_members ;
+----+----------+-----------------------------------+--------------------+---------+----------+
| ID | PolicyID | Source | Destination | Comment | Disabled |
+----+----------+-----------------------------------+--------------------+---------+----------+
| 1 | 1 | NULL | NULL | NULL | 0 |
| 2 | 2 | %internal_ips,%internal_domains | !%internal_domains | NULL | 0 |
| 3 | 3 | !%internal_ips,!%internal_domains | %internal_domains | NULL | 0 |
| 4 | 4 | %internal_ips,%internal_domains | %internal_domains | NULL | 0 |
| 5 | 5 | @example.net | NULL | NULL | 0 |
+----+----------+-----------------------------------+--------------------+---------+----------+
5 rows in set (0.00 sec)
@Disable tất cả các policy members trên
MariaDB [policyd]> UPDATE policy_members SET Disabled = 1 WHERE PolicyID = 1;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [policyd]> UPDATE policy_members SET Disabled = 1 WHERE PolicyID = 2;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

MariaDB [policyd]> UPDATE policy_members SET Disabled = 1 WHERE PolicyID = 3;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

MariaDB [policyd]> UPDATE policy_members SET Disabled = 1 WHERE PolicyID = 4;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

MariaDB [policyd]> UPDATE policy_members SET Disabled = 1 WHERE PolicyID = 5;
Query OK, 1 row affected (0.29 sec)
Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [policyd]> select * from policy_members ;
+----+----------+-----------------------------------+--------------------+---------+----------+
| ID | PolicyID | Source | Destination | Comment | Disabled |
+----+----------+-----------------------------------+--------------------+---------+----------+
| 1 | 1 | NULL | NULL | NULL | 1 |
| 2 | 2 | %internal_ips,%internal_domains | !%internal_domains | NULL | 1 |
| 3 | 3 | !%internal_ips,!%internal_domains | %internal_domains | NULL | 1 |
| 4 | 4 | %internal_ips,%internal_domains | %internal_domains | NULL | 1 |
| 5 | 5 | @example.net | NULL | NULL | 1 |
+----+----------+-----------------------------------+--------------------+---------+----------+
5 rows in set (0.00 sec)
@Thêm 2 policy members:
From: %list_domain to: !%list_domain --> Gửi từ mail có domain trong list_domain đến các mail khác domain
From: !%list_domain  to: any --> Gửi từ mail có domain 0 nằm trong list_domain đến các mail khác
MariaDB [policyd]> INSERT INTO policy_members (ID,PolicyID,Source,Destination,Comment,Disabled) VALUES(6,1, '%list_domain', '!%list_domain', 'NULL', 0);
Query OK, 1 row affected (0.00 sec)

MariaDB [policyd]> INSERT INTO policy_members (ID,PolicyID,Source,Destination,Comment,Disabled) VALUES(7,1, '!%list_domain', 'any', 'NULL', 0);
Query OK, 1 row affected (0.00 sec)

MariaDB [policyd]> select * from policy_members ;
+----+----------+-----------------------------------+--------------------+---------+----------+
| ID | PolicyID | Source | Destination | Comment | Disabled |
+----+----------+-----------------------------------+--------------------+---------+----------+
| 1 | 1 | NULL | NULL | NULL | 1 |
| 2 | 2 | %internal_ips,%internal_domains | !%internal_domains | NULL | 1 |
| 3 | 3 | !%internal_ips,!%internal_domains | %internal_domains | NULL | 1 |
| 4 | 4 | %internal_ips,%internal_domains | %internal_domains | NULL | 1 |
| 5 | 5 | @example.net | NULL | NULL | 1 |
| 6 | 1 | %list_domain | !%list_domain | NULL | 0 |
| 7 | 1 | !%list_domain | any | NULL | 0 |
+----+----------+-----------------------------------+--------------------+---------+----------+
Note: PolicyID=1 --> là ID của Default trong bảng policies.
@Gán Quotas
#Xem các quotas đang có
MariaDB [policyd]> select * from quotas;
+----+----------+-------------------+-----------------------+--------+---------+------+-----------+---------+----------+
| ID | PolicyID | Name | Track | Period | Verdict | Data | LastQuota | Comment | Disabled |
+----+----------+-------------------+-----------------------+--------+---------+------+-----------+---------+----------+
| 1 | 5 | Recipient quotas | Recipient:user@domain | 3600 | REJECT | NULL | 0 | NULL | 0 |
| 2 | 5 | Quota on all /24s | SenderIP:/24 | 3600 | REJECT | NULL | 0 | NULL | 0 |
+----+----------+-------------------+-----------------------+--------+---------+------+-----------+---------+----------+
2 rows in set (0.00 sec)
#Thêm quota rate_limit
MariaDB [policyd]> INSERT INTO quotas (ID,PolicyID,Name,Track,Period,Verdict,Data,LastQuota,Comment,Disabled) VALUES(3,1,'rate_limit','Sender:user@domain',3600, 'REJECT','NULL',0,'NULL',0);
Query OK, 1 row affected (0.00 sec)
MariaDB [policyd]> select * from quotas;
+----+----------+-------------------+-----------------------+--------+---------+------+-----------+---------+----------+
| ID | PolicyID | Name | Track | Period | Verdict | Data | LastQuota | Comment | Disabled |
+----+----------+-------------------+-----------------------+--------+---------+------+-----------+---------+----------+
| 1 | 5 | Recipient quotas | Recipient:user@domain | 3600 | REJECT | NULL | 0 | NULL | 0 |
| 2 | 5 | Quota on all /24s | SenderIP:/24 | 3600 | REJECT | NULL | 0 | NULL | 0 |
| 3 | 1 | rate_limit | Sender:user@domain | 3600 | REJECT | NULL | 0 | NULL | 0 |
+----+----------+-------------------+-----------------------+--------+---------+------+-----------+---------+----------+
3 rows in set (0.00 sec)

@Disable 2 quota ID=1 và ID=2
MariaDB [policyd]> UPDATE quotas SET Disabled = 1 WHERE PolicyID = 5;
Query OK, 2 rows affected (1.10 sec)
Rows matched: 2 Changed: 2 Warnings: 0

MariaDB [policyd]> select * from quotas ;
+----+----------+-------------------+-----------------------+--------+---------+------+-----------+---------+----------+
| ID | PolicyID | Name | Track | Period | Verdict | Data | LastQuota | Comment | Disabled |
+----+----------+-------------------+-----------------------+--------+---------+------+-----------+---------+----------+
| 1 | 5 | Recipient quotas | Recipient:user@domain | 3600 | REJECT | NULL | 0 | NULL | 1 |
| 2 | 5 | Quota on all /24s | SenderIP:/24 | 3600 | REJECT | NULL | 0 | NULL | 1 |
| 3 | 1 | rate_limit | Sender:user@domain | 3600 | REJECT | NULL | 0 | NULL | 0 |
+----+----------+-------------------+-----------------------+--------+---------+------+-----------+---------+----------+
3 rows in set (0.00 sec)
@Xem các qouta limit đang có
MariaDB [policyd]> select * from quotas_limits ;
+----+----------+-----------------------+--------------+---------+----------+
| ID | QuotasID | Type | CounterLimit | Comment | Disabled |
+----+----------+-----------------------+--------------+---------+----------+
| 1 | 1 | MessageCount | 10 | NULL | 0 |
| 2 | 1 | MessageCumulativeSize | 8000 | NULL | 0 |
| 3 | 2 | MessageCount | 12 | NULL | 0 |
+----+----------+-----------------------+--------------+---------+----------+
3 rows in set (0.00 sec)
@Disable 3 quota limits trên
MariaDB [policyd]> UPDATE quotas_limits SET Disabled = 1 WHERE ID = 1;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

MariaDB [policyd]> UPDATE quotas_limits SET Disabled = 1 WHERE ID = 2;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

MariaDB [policyd]> UPDATE quotas_limits SET Disabled = 1 WHERE ID = 3;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

MariaDB [policyd]> select * from quotas_limits ;
+----+----------+-----------------------+--------------+---------+----------+
| ID | QuotasID | Type | CounterLimit | Comment | Disabled |
+----+----------+-----------------------+--------------+---------+----------+
| 1 | 1 | MessageCount | 10 | NULL | 1 |
| 2 | 1 | MessageCumulativeSize | 8000 | NULL | 1 |
| 3 | 2 | MessageCount | 12 | NULL | 1 |
+----+----------+-----------------------+--------------+---------+----------+
3 rows in set (0.00 sec)
@Thêm quota limit count = 160 cho quota rate_limit ( có ID = 3 trong bảng quotas)
MariaDB [policyd]> INSERT INTO quotas_limits (ID,QuotasID,Type,CounterLimit,Comment,Disabled) VALUES(4,3,'MessageCount',160,'NULL',0);
Query OK, 1 row affected (0.00 sec)
MariaDB [policyd]> select * from quotas_limits ;
+----+----------+-----------------------+--------------+---------+----------+
| ID | QuotasID | Type | CounterLimit | Comment | Disabled |
+----+----------+-----------------------+--------------+---------+----------+
| 1 | 1 | MessageCount | 10 | NULL | 1 |
| 2 | 1 | MessageCumulativeSize | 8000 | NULL | 1 |
| 3 | 2 | MessageCount | 12 | NULL | 1 |
| 4 | 3 | MessageCount | 160 | NULL | 0 |
+----+----------+-----------------------+--------------+---------+----------+
4 rows in set (0.00 sec)
@Enable policyd
[root@mail ~]#su - zimbra
[zimbra@mail ~]$zmprov ms `zmhostname` +zimbraServiceEnabled cbpolicyd
[zimbra@mail ~]$zmprov ms `zmhostname` zimbraCBPolicydQuotasEnabled TRUE
[zimbra@mail ~]$zmcontrol restart
@Kiểm tra log
[zimbra@mail ~]$ tail -f /opt/zimbra/log/cbpolicyd.log


Thursday, March 25, 2021

Chroot là gì ?

Posted on March 25, 2021 by  with No comments




  • Trong Linux ( và các *unix based OS), Thư mục root (/) là thư mục cao nhất (top directory), chứa root file system, các file system khác cũng được mount trên root file system.
  • Khi linux os được khởi động, sẽ có root process với pid = 1, tất cả các process và job khác sẽ là process con của root process. Tất cả các process trong linux có thể truy cập vào 1 file hoặc thư mục trên file system.
  • Chroot là môt thủ tục thay đổi thư mục root cho các tiến trình đang chạy và các tiến trình con của nó. Khi đó process sẽ được chạy trên 1 thư mục có vai trò là thư mục root (khác với thư mục root /), và process với chroot có pid = 1. Và process không thể thấy và truy cập các file ở ngoài thư mục mà nó đang chạy.
  • Thư mục được chroot tạo ra để chạy process như trên gọi là chroot jail
  • Để thực hiện chroot, cần thực hiện gì?
    • Một chương trình (phần mềm) trên linux khi thực thi cần phải gọi đến các chương trình khác đã được cài đặt trên hệ thông (các gọi phụ thuộc và các thư viên/libraries phục vụ cho nó)
    • Khi chroot 1 chương trinh, thì nó chỉ có thể truy cập được các file trong chroot jail, và không thể gọi đến các chương trình và thư viện khác ở ngoài chroot jail. -> Do đó, để chương trình có thể chạy được, chroot jail phải bao gồm các file và thư viện liên quan.
    • Như hình minh họa bên dưới, để  sử dụng chroot, cần có 1 file system như 1 linux file system

                


(Còn nữa ... )



Linux virtual networking

Posted on March 25, 2021 by  with No comments

  1. Bridge

    • Linux bridge hoạt động như network switch. Nó forward packet giữa các interface. Nó thường được sử dụng để forward packet trên routers, gateways, giữa các VMs và network namespace trên 1 host. Bridge hỗ trợ STP, VLAN filter, multicast snooping
                

    • Cli

#brctl show
thiennl@VM-THIENNL:~$ brctl show
bridge name bridge id STP enabled interfaces
br-2d03c46e820a 8000.024213278b6a no
docker0 8000.02421791715d no

thiennl@VM-THIENNL:~$ ifconfig docker0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
ether 02:42:17:91:71:5d txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

thiennl@VM-THIENNL:~$ ifconfig br-2d03c46e820a
br-2d03c46e820a: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.17.1 netmask 255.255.255.0 broadcast 172.17.17.255
ether 02:42:13:27:8b:6a txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0




  • Bonded interface

  • Team Device

  • VLAN: 

    • Virtual LAN. VLAN chia nhỏ miền broadcast bằng cách gán các tags cho các network packets


    • Tạo VLAN
thiennl@ubuntu:~$ ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:c3:cb:c6 brd ff:ff:ff:ff:ff:ff
inet 172.17.16.47/24 brd 172.17.16.255 scope global dynamic ens33
valid_lft 1609sec preferred_lft 1609sec
inet6 fe80::20c:29ff:fec3:cbc6/64 scope link
valid_lft forever preferred_lft forever
3: ens38: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:c3:cb:d0 brd ff:ff:ff:ff:ff:ff

thiennl@ubuntu:~$ sudo ip link add link ens38 name ens38.2 type vlan id 2
[sudo] password for thiennl:
thiennl@ubuntu:~$ sudo ip link add link ens38 name ens38.3 type vlan id 3

thiennl@ubuntu:~$ ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:c3:cb:c6 brd ff:ff:ff:ff:ff:ff
inet 172.17.16.47/24 brd 172.17.16.255 scope global dynamic ens33
valid_lft 1553sec preferred_lft 1553sec
inet6 fe80::20c:29ff:fec3:cbc6/64 scope link
valid_lft forever preferred_lft forever
3: ens38: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:c3:cb:d0 brd ff:ff:ff:ff:ff:ff
4: ens38.2@ens38: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:c3:cb:d0 brd ff:ff:ff:ff:ff:ff
5: ens38.3@ens38: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:0c:29:c3:cb:d0 brd ff:ff:ff:ff:ff:ff
    • Mô hình sau khi tạo vlan


    • Khi tạo vlan trên host, switch kết nối đến host phải hỗ trợ vlan tag (port kết nối đến host là mode trunk)

  • VXLAN

    • VXLAN là 1 tuneling protocol, nó đóng gói L2 frame với 1 VXALN header vào trong 1 UDP-IP packet

    • VXLAN ID (VXLAN Network Identifier) gồm 24bit -> có thể tạo được 2^24 virtual LAN
    • VXLAN thường được triển khai ở các host ảo hóa trong data center



  • MACVLAN

  • IPVLAN

  • MACVTAP/IPVTAP

  • MACsec

  • VETH




Subscribe to: Posts (Atom)