Move access-points automation to top level
This commit is contained in:
parent
3a67df2caa
commit
9862e8ec12
67
README.md
67
README.md
|
|
@ -1,4 +1,65 @@
|
|||
IT-Syndikat Network Docs
|
||||
========================
|
||||
ITS WiFi Access Points Setup
|
||||
============================
|
||||
|
||||
- [Access Points](access-points/)
|
||||
This directory contains the scripts and configuration for the automated building
|
||||
of OpenWrt image-build based firmware images.
|
||||
|
||||
We use this to build fully pre-configured images for our 802.11
|
||||
access-points. The deployed images are completely hands-off. No configuration of
|
||||
the running firmware should be necessary as all the device specific setup is
|
||||
done using `/etc/uci-defaults/` by keying off the device's MAC address.
|
||||
|
||||
See [`files/common/its/etc/uci-defaults/50-config-from-mac`](files/common/its/etc/uci-defaults/50-config-from-mac) for details.
|
||||
|
||||
Note that some of the files in this repository contain secrets, like
|
||||
passwords. These files are stored using
|
||||
[git-annex](https://git-annex.branchable.com/) which merely stores a hash in the
|
||||
(public) git repo and ships the relevant file contents off to a fileserver or
|
||||
other internal storage location.
|
||||
|
||||
Building Images
|
||||
---------------
|
||||
|
||||
The [`Makefile`](./Makefile) provides a target for each device type we have
|
||||
images for, to build images for all devices at the space you can use:
|
||||
|
||||
```
|
||||
$ make its
|
||||
[...]
|
||||
Wrote images to images/v0.20180506-3-g115cc99-dirty
|
||||
```
|
||||
|
||||
the resulting sysupgrade images land in a directory in `images/`. The symlink
|
||||
`images/latest` points to the directory of the image built most recently. The
|
||||
build system also produces a `*.image-manifest` file which contains the URL to
|
||||
the ImageBuilder used as well its hash and the corresponding image's hash.
|
||||
|
||||
Each produced image file contains the target, subtarget and profile names for
|
||||
the targeted device (among other things), for example the Ubiquity UniFi AC
|
||||
Lite's image is called `*-ath79-generic-ubnt_unifiac-lite*-sysupgrade.bin`
|
||||
standing for `TARGET=ath79`, `SUBTARGET=generic`, `PROFILE=ubnt_unifiac-lite`.
|
||||
|
||||
These images can then be deployed by copying them to the respective device in
|
||||
`/tmp` using `scp` and then running, over ssh:
|
||||
|
||||
# sysupgrade -n /tmp/*-sysupgrade.bin
|
||||
|
||||
If this fails for some reason and the target device is subsequently bricked so
|
||||
bad it cannot even boot into
|
||||
[failsafe mode](https://openwrt.org/docs/guide-user/troubleshooting/failsafe_and_factory_reset#entering_failsafe_mode)
|
||||
any more, see
|
||||
[OpenWrt Debricking Guide](https://openwrt.org/docs/guide-user/troubleshooting/generic.debrick).
|
||||
|
||||
Using Released Binaries
|
||||
-----------------------
|
||||
|
||||
The offically released and deployed images are available in this repo in the
|
||||
[`images/`](images/) directory. They need to be retrived from an internal server
|
||||
using [`git annex`](https://git-annex.branchable.com) before they can be
|
||||
accessed. The public git repo only contains their hashes.
|
||||
|
||||
We also use git-annex to add the secrets used for generating the images to the
|
||||
repo, which will then only be available to authorized people using the internal
|
||||
git-annex store. For an example, see
|
||||
[`files/common/its/etc/uci-defaults/51-secrets`](files/common/its/etc/uci-defaults/51-secrets). This
|
||||
file just sets up secrets, such as the WiFi/root password.
|
||||
|
|
|
|||
|
|
@ -1,65 +0,0 @@
|
|||
ITS WiFi Access Points Setup
|
||||
============================
|
||||
|
||||
This directory contains the scripts and configuration for the automated building
|
||||
of OpenWrt image-build based firmware images.
|
||||
|
||||
We use this to build fully pre-configured images for our 802.11
|
||||
access-points. The deployed images are completely hands-off. No configuration of
|
||||
the running firmware should be necessary as all the device specific setup is
|
||||
done using `/etc/uci-defaults/` by keying off the device's MAC address.
|
||||
|
||||
See [`files/common/its/etc/uci-defaults/50-config-from-mac`](files/common/its/etc/uci-defaults/50-config-from-mac) for details.
|
||||
|
||||
Note that some of the files in this repository contain secrets, like
|
||||
passwords. These files are stored using
|
||||
[git-annex](https://git-annex.branchable.com/) which merely stores a hash in the
|
||||
(public) git repo and ships the relevant file contents off to a fileserver or
|
||||
other internal storage location.
|
||||
|
||||
Building Images
|
||||
---------------
|
||||
|
||||
The [`Makefile`](./Makefile) provides a target for each device type we have
|
||||
images for, to build images for all devices at the space you can use:
|
||||
|
||||
```
|
||||
$ make its
|
||||
[...]
|
||||
Wrote images to images/v0.20180506-3-g115cc99-dirty
|
||||
```
|
||||
|
||||
the resulting sysupgrade images land in a directory in `images/`. The symlink
|
||||
`images/latest` points to the directory of the image built most recently. The
|
||||
build system also produces a `*.image-manifest` file which contains the URL to
|
||||
the ImageBuilder used as well its hash and the corresponding image's hash.
|
||||
|
||||
Each produced image file contains the target, subtarget and profile names for
|
||||
the targeted device (among other things), for example the Ubiquity UniFi AC
|
||||
Lite's image is called `*-ath79-generic-ubnt_unifiac-lite*-sysupgrade.bin`
|
||||
standing for `TARGET=ath79`, `SUBTARGET=generic`, `PROFILE=ubnt_unifiac-lite`.
|
||||
|
||||
These images can then be deployed by copying them to the respective device in
|
||||
`/tmp` using `scp` and then running, over ssh:
|
||||
|
||||
# sysupgrade -n /tmp/*-sysupgrade.bin
|
||||
|
||||
If this fails for some reason and the target device is subsequently bricked so
|
||||
bad it cannot even boot into
|
||||
[failsafe mode](https://openwrt.org/docs/guide-user/troubleshooting/failsafe_and_factory_reset#entering_failsafe_mode)
|
||||
any more, see
|
||||
[OpenWrt Debricking Guide](https://openwrt.org/docs/guide-user/troubleshooting/generic.debrick).
|
||||
|
||||
Using Released Binaries
|
||||
-----------------------
|
||||
|
||||
The offically released and deployed images are available in this repo in the
|
||||
[`images/`](images/) directory. They need to be retrived from an internal server
|
||||
using [`git annex`](https://git-annex.branchable.com) before they can be
|
||||
accessed. The public git repo only contains their hashes.
|
||||
|
||||
We also use git-annex to add the secrets used for generating the images to the
|
||||
repo, which will then only be available to authorized people using the internal
|
||||
git-annex store. For an example, see
|
||||
[`files/common/its/etc/uci-defaults/51-secrets`](files/common/its/etc/uci-defaults/51-secrets). This
|
||||
file just sets up secrets, such as the WiFi/root password.
|
||||
|
|
@ -1 +0,0 @@
|
|||
../../../../../../.git/annex/objects/qZ/Z2/SHA256E-s214--aed1c032b77503779cde57f6c7d86b178fe9378b38e055db1c3c6d63bd405289/SHA256E-s214--aed1c032b77503779cde57f6c7d86b178fe9378b38e055db1c3c6d63bd405289
|
||||
|
|
@ -1 +0,0 @@
|
|||
../../../.git/annex/objects/x8/FX/SHA256E-s3342340--cc00d2ddc3972b9402dcdba12d4f5970974f0b203900b62efa5121633c5e5ba1.bin/SHA256E-s3342340--cc00d2ddc3972b9402dcdba12d4f5970974f0b203900b62efa5121633c5e5ba1.bin
|
||||
|
|
@ -1 +0,0 @@
|
|||
../../../.git/annex/objects/8V/Z2/SHA256E-s3145732--48f75b8781f0963b0beb848b1c71f9c25dc509537f6f2b6b22becec5ed138c4f.bin/SHA256E-s3145732--48f75b8781f0963b0beb848b1c71f9c25dc509537f6f2b6b22becec5ed138c4f.bin
|
||||
|
|
@ -1 +0,0 @@
|
|||
../../../.git/annex/objects/Z0/Pw/SHA256E-s3538948--2db276ba8b8daeb4256b110ee50bbdeaa8eeadab8e86b4a9fed499096c48ad79.bin/SHA256E-s3538948--2db276ba8b8daeb4256b110ee50bbdeaa8eeadab8e86b4a9fed499096c48ad79.bin
|
||||
|
|
@ -1 +0,0 @@
|
|||
../../../.git/annex/objects/xq/FF/SHA256E-s3538948--be21f68db34bc2303b5fea111923f75c513b97fd3d9fe7af4cef3485555788ae.bin/SHA256E-s3538948--be21f68db34bc2303b5fea111923f75c513b97fd3d9fe7af4cef3485555788ae.bin
|
||||
|
|
@ -1 +0,0 @@
|
|||
../../../.git/annex/objects/Qx/jq/SHA256E-s3670020--2c8c917c446ab5a322f47ae2d69ab090406b40f9f4006204b0ec3f940778974a.bin/SHA256E-s3670020--2c8c917c446ab5a322f47ae2d69ab090406b40f9f4006204b0ec3f940778974a.bin
|
||||
|
|
@ -1 +0,0 @@
|
|||
../../../.git/annex/objects/K2/vk/SHA256E-s3276804--c880339c48acbe314cb77c94d9c087dbc6cd0e875d4ffc230b9ed4dc8ff5bafa.bin/SHA256E-s3276804--c880339c48acbe314cb77c94d9c087dbc6cd0e875d4ffc230b9ed4dc8ff5bafa.bin
|
||||
|
|
@ -1 +0,0 @@
|
|||
../../../.git/annex/objects/zX/GM/SHA256E-s590--96b5b6bfeb9c1c27237d25a9c69f15574d24a0e0bbfcb4d7f7a9bd7d35943097/SHA256E-s590--96b5b6bfeb9c1c27237d25a9c69f15574d24a0e0bbfcb4d7f7a9bd7d35943097
|
||||
|
|
@ -1 +0,0 @@
|
|||
../../../.git/annex/objects/zv/F3/SHA256E-s607--76c9f63a6817c18847bf56daa2100a83dcd37159c59d4b89768bfdba980bc0f2/SHA256E-s607--76c9f63a6817c18847bf56daa2100a83dcd37159c59d4b89768bfdba980bc0f2
|
||||
|
|
@ -1 +0,0 @@
|
|||
../../../.git/annex/objects/14/pJ/SHA256E-s3735556--2d30d1a7f5404f1f74d5947763e74526fded14d127f8dd11312ce5394487fae6.bin/SHA256E-s3735556--2d30d1a7f5404f1f74d5947763e74526fded14d127f8dd11312ce5394487fae6.bin
|
||||
|
|
@ -1 +0,0 @@
|
|||
../../../.git/annex/objects/3f/pj/SHA256E-s3342340--0241343e038f69e683c04bf0980b682dc270863521c6e80de17a1909fe8bd98e.bin/SHA256E-s3342340--0241343e038f69e683c04bf0980b682dc270863521c6e80de17a1909fe8bd98e.bin
|
||||
|
|
@ -1 +0,0 @@
|
|||
../../../.git/annex/objects/WF/zv/SHA256E-s4063495--ce1e3e5f6d6550e593b1b55fcccb9a3e67a42bd760bc70aa840948aa7cca5461.bin/SHA256E-s4063495--ce1e3e5f6d6550e593b1b55fcccb9a3e67a42bd760bc70aa840948aa7cca5461.bin
|
||||
|
|
@ -1 +0,0 @@
|
|||
../../../.git/annex/objects/pQ/fq/SHA256E-s4063495--8c8cac6475a9b240e66435e0edba178e414e1622aa864954278ae00d076699be.bin/SHA256E-s4063495--8c8cac6475a9b240e66435e0edba178e414e1622aa864954278ae00d076699be.bin
|
||||
|
|
@ -1 +0,0 @@
|
|||
../../../.git/annex/objects/g9/Z1/SHA256E-s5243702--035434465d473021817534474c3a925028a2d17c071611edb49e7fc4406454fa.bin/SHA256E-s5243702--035434465d473021817534474c3a925028a2d17c071611edb49e7fc4406454fa.bin
|
||||
|
|
@ -1 +0,0 @@
|
|||
../../../.git/annex/objects/40/j2/SHA256E-s4063496--99d488f5ea7b221f3bf021d03f6404746b8656bdb04875d301367382af3771e0.bin/SHA256E-s4063496--99d488f5ea7b221f3bf021d03f6404746b8656bdb04875d301367382af3771e0.bin
|
||||
|
|
@ -1 +0,0 @@
|
|||
../../../.git/annex/objects/X4/5Q/SHA256E-s5899062--8a3ac6e4f3a01e51b0c6afdbf4c98340904c496b61d0843a0695a2cb4e83a70a.bin/SHA256E-s5899062--8a3ac6e4f3a01e51b0c6afdbf4c98340904c496b61d0843a0695a2cb4e83a70a.bin
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../../../../.git/annex/objects/qZ/Z2/SHA256E-s214--aed1c032b77503779cde57f6c7d86b178fe9378b38e055db1c3c6d63bd405289/SHA256E-s214--aed1c032b77503779cde57f6c7d86b178fe9378b38e055db1c3c6d63bd405289
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../.git/annex/objects/x8/FX/SHA256E-s3342340--cc00d2ddc3972b9402dcdba12d4f5970974f0b203900b62efa5121633c5e5ba1.bin/SHA256E-s3342340--cc00d2ddc3972b9402dcdba12d4f5970974f0b203900b62efa5121633c5e5ba1.bin
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../.git/annex/objects/8V/Z2/SHA256E-s3145732--48f75b8781f0963b0beb848b1c71f9c25dc509537f6f2b6b22becec5ed138c4f.bin/SHA256E-s3145732--48f75b8781f0963b0beb848b1c71f9c25dc509537f6f2b6b22becec5ed138c4f.bin
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../.git/annex/objects/Z0/Pw/SHA256E-s3538948--2db276ba8b8daeb4256b110ee50bbdeaa8eeadab8e86b4a9fed499096c48ad79.bin/SHA256E-s3538948--2db276ba8b8daeb4256b110ee50bbdeaa8eeadab8e86b4a9fed499096c48ad79.bin
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../.git/annex/objects/xq/FF/SHA256E-s3538948--be21f68db34bc2303b5fea111923f75c513b97fd3d9fe7af4cef3485555788ae.bin/SHA256E-s3538948--be21f68db34bc2303b5fea111923f75c513b97fd3d9fe7af4cef3485555788ae.bin
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../.git/annex/objects/Qx/jq/SHA256E-s3670020--2c8c917c446ab5a322f47ae2d69ab090406b40f9f4006204b0ec3f940778974a.bin/SHA256E-s3670020--2c8c917c446ab5a322f47ae2d69ab090406b40f9f4006204b0ec3f940778974a.bin
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../.git/annex/objects/K2/vk/SHA256E-s3276804--c880339c48acbe314cb77c94d9c087dbc6cd0e875d4ffc230b9ed4dc8ff5bafa.bin/SHA256E-s3276804--c880339c48acbe314cb77c94d9c087dbc6cd0e875d4ffc230b9ed4dc8ff5bafa.bin
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../.git/annex/objects/zX/GM/SHA256E-s590--96b5b6bfeb9c1c27237d25a9c69f15574d24a0e0bbfcb4d7f7a9bd7d35943097/SHA256E-s590--96b5b6bfeb9c1c27237d25a9c69f15574d24a0e0bbfcb4d7f7a9bd7d35943097
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../.git/annex/objects/zv/F3/SHA256E-s607--76c9f63a6817c18847bf56daa2100a83dcd37159c59d4b89768bfdba980bc0f2/SHA256E-s607--76c9f63a6817c18847bf56daa2100a83dcd37159c59d4b89768bfdba980bc0f2
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../.git/annex/objects/14/pJ/SHA256E-s3735556--2d30d1a7f5404f1f74d5947763e74526fded14d127f8dd11312ce5394487fae6.bin/SHA256E-s3735556--2d30d1a7f5404f1f74d5947763e74526fded14d127f8dd11312ce5394487fae6.bin
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../.git/annex/objects/3f/pj/SHA256E-s3342340--0241343e038f69e683c04bf0980b682dc270863521c6e80de17a1909fe8bd98e.bin/SHA256E-s3342340--0241343e038f69e683c04bf0980b682dc270863521c6e80de17a1909fe8bd98e.bin
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../.git/annex/objects/WF/zv/SHA256E-s4063495--ce1e3e5f6d6550e593b1b55fcccb9a3e67a42bd760bc70aa840948aa7cca5461.bin/SHA256E-s4063495--ce1e3e5f6d6550e593b1b55fcccb9a3e67a42bd760bc70aa840948aa7cca5461.bin
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../.git/annex/objects/pQ/fq/SHA256E-s4063495--8c8cac6475a9b240e66435e0edba178e414e1622aa864954278ae00d076699be.bin/SHA256E-s4063495--8c8cac6475a9b240e66435e0edba178e414e1622aa864954278ae00d076699be.bin
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../.git/annex/objects/g9/Z1/SHA256E-s5243702--035434465d473021817534474c3a925028a2d17c071611edb49e7fc4406454fa.bin/SHA256E-s5243702--035434465d473021817534474c3a925028a2d17c071611edb49e7fc4406454fa.bin
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../.git/annex/objects/40/j2/SHA256E-s4063496--99d488f5ea7b221f3bf021d03f6404746b8656bdb04875d301367382af3771e0.bin/SHA256E-s4063496--99d488f5ea7b221f3bf021d03f6404746b8656bdb04875d301367382af3771e0.bin
|
||||
|
|
@ -0,0 +1 @@
|
|||
../../.git/annex/objects/X4/5Q/SHA256E-s5899062--8a3ac6e4f3a01e51b0c6afdbf4c98340904c496b61d0843a0695a2cb4e83a70a.bin/SHA256E-s5899062--8a3ac6e4f3a01e51b0c6afdbf4c98340904c496b61d0843a0695a2cb4e83a70a.bin
|
||||
|
|
@ -1,59 +0,0 @@
|
|||
# sozial.asozial install guide
|
||||
|
||||
Sozial.asozial is a FW8888 (Intel Atom x86) machine with 6 network interfaces,
|
||||
eth0 throu eth5 where eth5 is a fiber slot so we're not going to use it for now.
|
||||
|
||||
## Port-eth mapping
|
||||
|
||||
Just works in OpenWRT! They sort the ethX names by MAC like they should :)
|
||||
|
||||
eth0: Port 1
|
||||
eth1: Port 2
|
||||
eth2: Port 3
|
||||
eth3: Port 4
|
||||
eth4: Port 5
|
||||
|
||||
If in doubt:
|
||||
|
||||
$ ethtool -p ethX
|
||||
|
||||
This will blink the status leds on ethX so you can identify it visually.
|
||||
|
||||
## Port Function Assignment
|
||||
|
||||
eth0: Broken causes timeouts and adapter resets occationally
|
||||
eth1: Broken --''--
|
||||
eth2: --free--
|
||||
eth3: Uplink SW0, Freifunk
|
||||
eth3.2: AP Management Plane VLAN (APCTL)
|
||||
eth4: --free--
|
||||
|
||||
## Installed stuff
|
||||
|
||||
- kmod-usb-hid
|
||||
Absolutely essential. No keyboard for VGA console otherwise!
|
||||
|
||||
- collectd - 5.4.2-1
|
||||
Statistics collection from APs.
|
||||
|
||||
- collectd-mod-interface - 5.4.2-1
|
||||
- collectd-mod-iptables - 5.4.2-1
|
||||
- collectd-mod-iwinfo - 5.4.2-1
|
||||
- collectd-mod-load - 5.4.2-1
|
||||
- collectd-mod-network - 5.4.2-1
|
||||
- collectd-mod-ping - 5.4.2-1
|
||||
- collectd-mod-rrdtool - 5.4.2-1
|
||||
- collectd-mod-wireless
|
||||
|
||||
- sqm-scripts - 1.0.3-1
|
||||
For rate limiting and (de)bufferbloat optimization on WAN
|
||||
|
||||
- ip-full - 4.0.0-1
|
||||
It's just nice to have.
|
||||
|
||||
- tcpdump
|
||||
Well you know.
|
||||
|
||||
To install use `opkg update && opkg install <package-name>`. You need to run
|
||||
`opkg update` since openwrt stores package lists in RAM so by the time you need
|
||||
them they're likely not there.
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.010035] ------------[ cut here ]------------
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.032627] WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:303 0xc138576b()
|
||||
Mon Mar 14 23:00:55 2016 kern.info kernel: [ 814.063157] NETDEV WATCHDOG: eth0 (e1000): transmit queue 0 timed out
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.091381] Modules linked in: pppoe ppp_async iptable_nat pppox ppp_generic nf_nat_ipv6 nf_nat_ipv4 nf_conntrack_ipv6 nf_conntrack_ipv4 ipt_REJECT ipt_MASQUERADE xt_time xt_tcpudp xt_state xt_nat xt_multiport xt_mark xt_mac xt_limit xt_id xt_conntrack xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_CT via_velocity via_rhine usbhid slhc sis900 r8169 pcnet32 nf_reject_ipv4 nf_nat_masquerade_ipv4 nf_nat_ftp nf_nat nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrackMon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.464766] CPU: 0 PID: 0 Comm: swapper Not tainted 3.18.20 #1
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.492993] Hardware name: PhoenixAward 945GSE/945GSE, BIOS 6.00 PG 08/25/2009
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.525431] c140194e c1030133 c14d7964 df40bf54 00000000 c14d54de 0000012f c138576b
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.559901] 00000009 df5cc000 df680780 ffff392b ffffff32 c1030183 00000009 df40bf3c
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.594465] c14d7964 df40bf54 c138576b c14d54de 0000012f c14d7964 df5cc000 e08de401
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.628997] Call Trace:
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.647116] [<c140194e>] ? 0xc140194e
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.669092] [<c1030133>] ? 0xc1030133
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.690998] [<c138576b>] ? 0xc138576b
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.712747] [<c1030183>] ? 0xc1030183
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.734379] [<c138576b>] ? 0xc138576b
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.755921] [<c1385660>] ? 0xc1385660
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.777369] [<c1053d41>] ? 0xc1053d41
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.798769] [<e0de69d7>] ? 0xe0de69d7 [e1000e@e0dd0000+0x1dce4]
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.827004] [<c1053f4e>] ? 0xc1053f4e
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.848381] [<c1031ef5>] ? 0xc1031ef5
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.869588] [<c1031e60>] ? 0xc1031e60
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.890599] [<c10033f9>] ? 0xc10033f9
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.911499] <IRQ> [<c103214e>] ? 0xc103214e
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.934411] [<c100322d>] ? 0xc100322d
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.955361] [<c1058417>] ? 0xc1058417
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.976194] [<c1405b69>] ? 0xc1405b69
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 814.996993] [<c1050000>] ? 0xc1050000
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 815.017673] [<c134044d>] ? 0xc134044d
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 815.038232] [<c104a595>] ? 0xc104a595
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 815.058685] [<c1547a87>] ? 0xc1547a87
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 815.079028] [<c1547560>] ? 0xc1547560
|
||||
Mon Mar 14 23:00:55 2016 kern.warn kernel: [ 815.099175] ---[ end trace d228a7100660f086 ]---
|
||||
Mon Mar 14 23:00:55 2016 kern.err kernel: [ 815.128211] e1000 0000:05:0a.0 eth0: Reset adapter
|
||||
|
|
@ -1,98 +0,0 @@
|
|||
\documentclass{article}
|
||||
|
||||
\usepackage{bbold}
|
||||
\usepackage{commath}
|
||||
\usepackage{parskip}
|
||||
%\usepackage{fullpage}
|
||||
|
||||
\usepackage{booktabs}
|
||||
|
||||
\begin{document}
|
||||
|
||||
\section{VLAN Introduction}
|
||||
|
||||
For those unfamilliar with the concept of a VLAN (Virtual LAN) here is a short
|
||||
formal specification of what such a thing does.
|
||||
|
||||
A switch is a 8-tuple \( \mathcal{S} = (\mathbb{A}, \mathbb{P}, \mathbb{V}, t, v, a, \beta, \epsilon) \)
|
||||
consisting of
|
||||
\begin{itemize}
|
||||
\item a finite set of (MAC) addresses \(\mathbb{A}\),
|
||||
\item a finite set of physical ports \(\mathbb{P}\),
|
||||
\item a finite set of VLANs \(\mathbb{V}\),
|
||||
\item a mapping from VLANs and physical ports to three distinct symbols
|
||||
pronounced ``tagged'', ``untagged'' and ``neither'' repectively
|
||||
\( t : \mathbb{V} \times \mathbb{P} \rightarrow \{ \tau, \upsilon, \eta \} \),
|
||||
\item a mapping from VLANs and physical ports to VLANs (Port PVID)\\
|
||||
\( v : \mathbb{V} \times \mathbb{P} \rightarrow \mathbb{V} \)
|
||||
with \(v(q, p) \mapsto q\) when \(q \neq \epsilon\)
|
||||
% When PVID of a port is not member in a VLAN an error is thrown in the web
|
||||
% interface
|
||||
and \(v(\epsilon, p) \not\mapsto q \) when \( t(q,p) = \eta \),
|
||||
\item a partial mapping from addresses and VLANs to physical ports (ARP Table)
|
||||
\( a : \mathbb{A} \times \mathbb{V} \rightharpoonup \mathbb{P} \) and
|
||||
\item the broadcast address \(\beta \in \mathbb{A}\)
|
||||
\item the empty VLAN tag \(\epsilon \in \mathbb{V}\)
|
||||
\end{itemize}
|
||||
|
||||
|
||||
\paragraph{Definition}
|
||||
A frame \( \mathcal{F}_\mathcal{S} \)
|
||||
processed by a switch \(\mathcal{S}\)
|
||||
is a tuple \( \mathcal{F}_\mathcal{S} = (d, q) \)
|
||||
consisting of a destination address \(d \in \mathbb{A} \)
|
||||
and a VLAN tag \( q \in \mathbb{V} \).
|
||||
|
||||
% TODO: switch checks if the port is even in the VLAN and discards it if not
|
||||
|
||||
When a frame \( \mathcal{F}_\mathcal{S} = (d, q) \)
|
||||
enters a port \( p \in \mathbb{P}\)
|
||||
the switch first ensures the frame has a VLAN tag for internal processing
|
||||
assigned by creating a new frame \( \mathcal{F}_\mathcal{S}^i = (d, q')\)
|
||||
with \(q' = v(q, p)\).
|
||||
|
||||
Next the switch checks if the VLAN is allowed on this port. When
|
||||
\( v(q, p) = \eta \)
|
||||
the frame is dropped and processing of this frame is complete.
|
||||
% This could also be before assigning the PVID because v(ε, p) can only be VLANs
|
||||
% q that are not t(q, p) = η
|
||||
|
||||
\paragraph{Unicast processing}
|
||||
When the frame's destination address \(d\)
|
||||
is not the broadcast address the switch first determines the egress port
|
||||
\(p = a(d, q)\).
|
||||
If it is not defined the frame is dropped and processing of this frame is
|
||||
complete. Next the final egress frame is created as in equation
|
||||
\eqref{eq:egress}. \( \mathcal{F}_{\mathcal{S}, p}^{e} \)
|
||||
is then transmitted out port \(p\) and processing of this frame is complete.
|
||||
|
||||
\begin{equation}\label{eq:egress}
|
||||
\mathcal{F}_{\mathcal{S}, p}^{e} =
|
||||
\left\{
|
||||
\begin{array}{ll}
|
||||
(d,q) & \mbox{if } t(q, p) = \tau \\
|
||||
(d, \epsilon) & \mbox{if } t(q, p) = \upsilon\\
|
||||
\end{array}
|
||||
\right.
|
||||
\end{equation}
|
||||
|
||||
|
||||
\paragraph{Broadcast processing}
|
||||
When the frame's destination address \( d = \beta \)
|
||||
the switch creates a new frame for each port
|
||||
\( p \in \{\, p \mid \forall q.\; t(q, p) \neq \eta \,\} \)
|
||||
as in equation \eqref{eq:egress}. The frames \( \mathcal{F}_{\mathcal{S}, p}^{e} \)
|
||||
are then transmitted out each port \(p\)
|
||||
respectively and processing of this frame is complete.
|
||||
|
||||
|
||||
|
||||
\end{document}
|
||||
|
||||
% \section{Version history}
|
||||
% Current Version: 2
|
||||
|
||||
% When frames are dropped was not considered,
|
||||
% Arguments to \(v\) were swapped,
|
||||
% Requirement for port PVIDs to actually be a member of the VLAN added
|
||||
% Made ARP table a partial function (duh)
|
||||
Loading…
Reference in New Issue