r6 - 29 Jan 2010 - 07:46:12 - AndriyMayevskyyYou are here: Wiki >  AppLogic27 Web > CatGatewayNet2Cid
ALERT! AppLogic 2.7/2.8 Documentation The latest production release is AppLogic 3.0.30

NET2 Gateway Implementation Design

Base Class

The custom linux distribution appliance image is used as the base class for NET2 appliance

Class Volumes

NET2 has one read-only class volume: the boot volume. The size of boot volume is 32Mb. It contains:

  • Linux kernel 2.6.18.8-xenU
  • glibc-2.5-12.2
  • Netfilter and IPTables for routing and NAT
  • Latest version of AppLogic APK
  • Busybox 1.13.4
  • OpenSSH 5.2p1 binaries (sshd, scp and others)
  • Set of userland binaries (perl v. 5.8.8, tcpdump, mount, dhclient, iptables and others ) and required libraries from CentOS 5 distribution
  • Appliance control scripts
  • bind binary, start up script and configuration files
  • libraries required for bind

Files resided in memory (ram drive)

Appliance has a ram drive that has size of 2Mb to store files that needs be changed in boot-time or run-time and to store the logs.

Symbolic links to ram drive

  • /root/.ssh
  • /var/run
  • /var/lib/dhclient
  • /etc/hosts
  • /var/empty
  • /var/lock
  • /var/log
  • /etc/sysconfig
  • /etc/resolv.conf
  • /var/spool

Packages for NET2

Binaries from following software was compiled manually

  • busybox-1.13.4
  • openssh-5.2p1

Files used in appliance were extracted from the following standard packages (from the official mirror):

  • bash-3.1-16.1
  • bind-9.3.4-10.P1.el5.i386.rpm
  • bind-libs-9.3.4-10.P1.el5.i386.rpm
  • coreutils-5.97-12.1.el5
  • curl-7.15.5-2.1.el5_3.5
  • dbus-libs-1.1.2-12.el5
  • dhclient-3.0.5-7.el5
  • e2fsprogs-libs-1.39-8.el5
  • glibc-2.5-12.2
  • grep-2.5.1-54.2.el5
  • initscripts-8.45.14.EL-1.el5.centos.1
  • iproute-2.6.18-4.el5
  • iptables-1.3.5-1.2.1
  • iptables-ipv6-1.3.5-1.2.1
  • iputils-20020927-43.el5
  • krb5-libs-1.5-23
  • libcap-1.10-26
  • libidn-0.6.5-1.1
  • libtermcap-2.0.8-46.1
  • mingetty-1.07-5.2.2
  • module-init-tools-3.3-0.pre3.1.16.el5
  • openssl-0.9.8b-8.3.el5
  • pcre-6.6-1.1
  • perl-5.8.8-10
  • procps-3.2.7-8.1.el5
  • strace-4.5.15-1.el5
  • SysVinit-2.86-14
  • tcpdump-3.9.4-11.el5
  • wget-1.10.2-7.el5
  • zlib-1.2.3-3

Contents of the release directory for NET2:

Exported appliance image:

  • NET2-1.0.4-1.tar

Automated build script: use this to automatically build NET2 appliance

  • NET2-build-1.0.4-1.tar.bz2

Appliance sources:

  • NET2-src-1.0.4-1.tar.bz2

Sources:

  • busybox-1.13.4.tar.bz2
  • openssh-5.2p1.tar.gz

Source rpms:

  • bash-3.1-16.1.src.rpm
  • bind-9.3.4-10.P1.el5.src.rpm
  • coreutils-5.97-12.1.el5.src.rpm
  • curl-7.15.5-2.1.el5_3.5.src.rpm
  • dbus-1.1.2-12.el5.src.rpm
  • dhcp-3.0.5-7.el5.src.rpm
  • e2fsprogs-1.39-8.el5.src.rpm
  • grep-2.5.1-54.2.el5.src.rpm
  • initscripts-8.45.14.EL-1.el5.centos.1.src.rpm
  • iproute-2.6.18-4.el5.src.rpm
  • iptables-1.3.5-1.2.1.src.rpm
  • iputils-20020927-43.el5.src.rpm
  • krb5-1.5-23.src.rpm
  • libcap-1.10-26.src.rpm
  • libidn-0.6.5-1.1.src.rpm
  • libtermcap-2.0.8-46.1.src.rpm
  • mingetty-1.07-5.2.2.src.rpm
  • module-init-tools-3.3-0.pre3.1.16.el5.src.rpm
  • openssl-0.9.8b-8.3.el5.src.rpm
  • pcre-6.6-1.1.src.rpm
  • perl-5.8.8-10.src.rpm
  • procps-3.2.7-8.1.el5.src.rpm
  • strace-4.5.15-1.el5.src.rpm
  • SysVinit-2.86-14.src.rpm
  • tcpdump-3.9.4-11.el5.src.rpm
  • wget-1.10.2-7.el5.src.rpm
  • zlib-1.2.3-3.src.rpm

Tests:

  • net-test-1.0.4-1.tar.bz2 - test scripts

Appliance Implementation Details

Theory of operation

NET2 is an output gateway that provides outgoing access to a network outside of an application. NET2 uses iptables to perform packets NAT and firewall functions. Appliance also include bind caching DNS server that enables host name resolving without any external DNS servers.

Configuration

The configuration for NET2 is performed at startup time by the appliance.sh init script. It takes properties defined in appliance boundary and uses them to setup iptables rules by invoking iptables.sh script.

Logging

NET2 appliance supports local and remote logging. Local log file resides in usual place /var/log/messages which is located on ram drive. This log file is automatically rotated after size of 100K and max 4 old versions of /var/log/messages are stored.
ALERT! All local log files will be lost after appliance stop or restart.
If the log terminal of NET2 appliance is connected then the appliance will both store logs locally and send it via log terminal to remote syslog server. Syslog protocol is described in RFC 3164

Appliance scripts

The NET2 appliance contains the following files in the /appliance folder on its boot volume. These files are used to implement the appliance:

File Type Description
appliance.sh Bash script Appliance main controlling script - invoked when the appliance is booted.
syslog.sh Bash script Invoked when the appliance is booted to run syslod and klogd daemons.
appliance_netsetup.sh Bash script Invoked early from appliance.sh to setup external network.
gethost.pl Perl script Auxiliary script to resolve host name to ip address
getifip.pl Perl script Auxiliary script to find the IP address of interface
iptables-bkrules.sh Bash script Sets the backup iptables rules set. Executed by iptables.sh when the main rules set fails.
iptables-fwrules.sh Bash script Sets the main iptables rules set.
iptables.sh Bash script Configures iptables rules. Invoked from appliance.sh.

-- Main.AndriyMayevskyy - 28 Jul 2009

 
Copyright © CA 2005-2011. All Rights Reserved.
%