rssLink RSS for all categories
 
icon_red
icon_green
icon_red
icon_red
icon_blue
icon_green
icon_green
icon_red
icon_red
icon_red
icon_orange
icon_green
icon_green
icon_green
icon_green
icon_blue
icon_green
icon_orange
icon_red
icon_green
icon_red
icon_red
icon_green
icon_red
icon_red
icon_red
icon_red
icon_orange
icon_green
 

FS#4778 — FS#8709 — IP verify

Attached to Project— Network
Maintenance
Whole Network
CLOSED
100%
To improve the network security and avoid the spoofs in the network (which are blocked by ACLs on the switches, but we never know) we added the commands "ip verify" on all dedicated servers infrastructure.
The router verifies that the packets coming from the server via vlan have the best root via the same vlan.

This prevents spoof problems that can be generated by vracks: the packet comes to the server via the vrack and goes out through the standard network.
This configuration is no longer possible.
The packet incoming by vrack must outcome by vrack.

You must use the iproute2 that manages this kind of routing:

Considering that the server IP is 123.123.123.123 IN THE VRACK
Considering that the gateway of the vrack is 123.123.123.254
Considering that your vlan number is 2000

ip rule add from 123.123.123.123/32 table 666
ip route add default via 123.123.123.254 dev eth0.2000 table 666

Please check this guide for further details :

http://help.ovh.co.uk/RipeVrack

Date:  Wednesday, 31 July 2013, 13:44PM
Reason for closing:  Done
Comment by OVH - Monday, 10 June 2013, 11:54AM

The configuration is being applied on the pCC.


Comment by OVH - Monday, 10 June 2013, 11:55AM

All the ACLs of all the pCCs will be removed first.


Comment by OVH - Monday, 10 June 2013, 11:56AM

Done. We are saving the config. and applying the config. patch.


Comment by OVH - Monday, 10 June 2013, 11:57AM

s5/s6 done


Comment by OVH - Monday, 10 June 2013, 12:26PM

s50/s51 done


Comment by OVH - Monday, 10 June 2013, 13:22PM

sbg-3a/b-6k done


Comment by OVH - Monday, 10 June 2013, 13:28PM

Now vRack:
s1/s2


Comment by OVH - Monday, 10 June 2013, 13:30PM

s1 done
s2 in progress


Comment by OVH - Monday, 10 June 2013, 14:37PM

s18 done


Comment by OVH - Monday, 10 June 2013, 14:37PM

s19 done


Comment by OVH - Monday, 10 June 2013, 14:37PM

Gravelines :
gra-3a-6k and gra-3b-6k done


Comment by OVH - Monday, 10 June 2013, 14:38PM

Strasbourg HG :

sbg-s3-6k and sbg-s4-6k done


Comment by OVH - Monday, 10 June 2013, 14:40PM

all done in RBX, GRA and SBG.

BHS still to go, collocation and mpCC.


Comment by OVH - Friday, 14 June 2013, 16:59PM

bhs-1/2-6k done


Comment by OVH - Friday, 14 June 2013, 17:00PM

Beauharnois HG:

bhs-s3-6k and bhs-s4-6k done


Comment by OVH - Wednesday, 19 June 2013, 09:39AM

We had a problem with the DHCP. We have found a workaround
and we are in process of resolving it.