Recent Changes - Search:

High Availability Advanced Linux Routing with Firewall

by Juan Carlos Maureira

Rationale

State of the Art

Methodology

Implementation

Gratuitous ARP broadcaster as service (CentOS version)

#!/bin/bash
# chkconfig: - 99 01
# config: /etc/quagga/ha_ifaces /etc/grarping.conf
# 
# Juan Carlos Maureira
# Center for Mathematical Modeling
# University of Chile, 2013

### BEGIN INIT INFO
# Provides: grarping
# Short-Description: Gratuitous ARPing
### END INIT INFO

# source function library
. /etc/rc.d/init.d/functions

function ip2dec () {
    local a b c d ip=$@
    IFS=. read -r a b c d <<< "$ip"
    printf '%d\n' "$((a * 256 ** 3 + b * 256 ** 2 + c * 256 + d))"
}

function dec2ip () {
    local ip dec=$@
    for e in {3..0}
    do
        ((octet = dec / (256 ** e) ))
        ((dec -= octet * 256 ** e))
        ip+=$delim$octet
        delim=.
    done
    printf '%s\n' "$ip"
}


function net2host {
	NET=`echo $1 | cut -f 1 -d '/'`
	CIDR=`echo $1 | cut -f 2 -d '/'`

	if [ "$CIDR" == "$NET" ];
	then
		# only one host
		echo -e "$NET"
	else	
		# ip range given as NET/CIDR
		lip=`ip addr show | grep "inet " | awk '{ print $2 }' | cut -f 1 -d '/' | xargs`
		range=`echo "32-$CIDR" | bc | awk '{ print 2^$1-1 }'`
		start=`ip2dec $NET`
		end=`echo "($start + $range) - 1" | bc`
		for i in $lip;
		do
			ldec=`ip2dec $i`
			if [ $ldec -gt $start ] && [ $ldec -lt $end ];
			then
				echo -e $i
			fi
		done
		echo 
	fi
}

HA_IFACES_FILE=/etc/quagga/ha_ifaces
CONF_FILE=/etc/grarping.conf
GRAP_COUNT=1

case "$1" in
  start)
	# Check that networking is up.
	[ "${NETWORKING}" = "no" ] && exit 1

	# The process must be configured first.
	[ -f $HA_IFACES_FILE ] || exit 6
	if [ `id -u` -ne 0 ]; then
		echo $"Insufficient privilege" 1>&2
		exit 4
	fi

	IFACES=`cat $HA_IFACES_FILE | egrep -v '^#' | xargs`
	for iface in $IFACES;
	do
		ifconfig $iface > /dev/null 2>&1
		IFACE_EXIST=$?
		if [ "$iface" != "" ] && [ "$IFACE_EXIST" -eq 0 ]; then
			IPS=`ip addr show dev $iface | grep "inet " | awk '{ print $2 }' | cut -f1 -d'/'`
			for ip in $IPS;
			do
				if [ "$ip" != "" ]; then
					echo -n "Sending Gratuitous ARP for $ip via $iface"
					# /sbin/arping -I $iface -U $ip -c $GRAP_COUNT > /dev/null 2>&1
					if [ "$?" -eq 0 ]; then
						success
					else
						failure
					fi
					echo

				fi
			done
		else 
			echo -n "Sending Gratuitous ARP via $iface"
			failure
			echo
		fi
	done	

	# grarping host/networks in config file
	while read -r line
	do
		[[ "$line" =~ ^#.*$ ]] && continue
		IFACE=`echo $line | awk '{ print $1 }'`
		NETHOSTLIST=`echo $line | awk '{for (i=2; i<NF; i++) printf $i " "; print $NF}'`
		for nethost in $NETHOSTLIST;
		do
			IPS=`net2host $nethost`
			if [ "$IPS" != "" ]; then
				echo -n "Sending Gratuitous ARP for $nethost via $IFACE"
				fail=0
				for ip in $IPS;
				do
					/sbin/arping -I $IFACE -U $ip -c $GRAP_COUNT > /dev/null 2>&1
					if [ "$?" -ne 0 ]; then
						fail=1
					fi
				done

				if [ $fail -eq 0 ]; then
					success
				else
					failure
				fi
				echo
			fi
		done
	done < $CONF_FILE

	echo
	;;
  status)
        status zebra
        RETVAL=$?
        ;;
  stop)
	echo -n $"Flushing ip neighbors"
	/sbin/ip neig flush all
	echo
	;;
  restart|reload|force-reload)
        $0 stop
        $0 start
	RETVAL=$?
        ;;
  *)
	echo $"Usage: $0 {start|stop|restart|reload|force-reload}"
	exit 2
esac

exit $RETVAL

Evaluation

Conclusions