Реализация связки Dlink DGS-3610-26G + DES-1228G(vlan на клиента) на основе схемы Cisco2 + Zyxel ( DGS-3610-26G + DES-1228G )
Материал из BiTel WiKi
(Различия между версиями)
Stark (Обсуждение | вклад) |
Stark (Обсуждение | вклад) |
||
| Строка 1: | Строка 1: | ||
| + | Подключение абонентов по схеме "vlan-на-клиента", при этом используется оборудование D-Link - на уровне доступа свитчи | ||
| + | DES-1228G, в ядре - DGS-3610-26G. | ||
| + | Это шлюз ядра(DGS-3610-26G). | ||
| + | |||
| + | конфигурация шлюза | ||
| + | |||
| + | <source lang="bash"> | ||
| + | user_rule.editor.class=bitel.billing.module.services.ipn.editor.vlan.CiscoVlanContactRuleEditor | ||
| + | gate_manager.class=bitel.billing.server.ipn.vlan.CiscoVlanGateWorker | ||
| + | use.script=1 | ||
| + | </source> | ||
| + | |||
| + | Команды шлюза | ||
| + | |||
| + | <source lang="bash"> | ||
| + | [DEFAULT] | ||
| + | |||
| + | [REMOVE] | ||
| + | no vlan {VID} | ||
| + | [/REMOVE] | ||
| + | |||
| + | [OPEN] | ||
| + | |||
| + | vlan {VID} | ||
| + | exit | ||
| + | vlan 100 | ||
| + | subvlan {VID} | ||
| + | exit | ||
| + | vlan {VID} | ||
| + | subvlan-address-range {addr1} {addr2} | ||
| + | exit | ||
| + | |||
| + | ip access-list extended 101 | ||
| + | <LOOP> | ||
| + | no deny ip host {A} any | ||
| + | no deny ip any host {A} | ||
| + | </LOOP> | ||
| + | exit | ||
| + | [/OPEN] | ||
| + | |||
| + | [CLOSE] | ||
| + | interface gigabitethernet 0/22 | ||
| + | no ip access-group 101 in | ||
| + | exit | ||
| + | ip access-list extended 101 | ||
| + | no permit ip any any | ||
| + | <LOOP> | ||
| + | deny ip host {A} any | ||
| + | deny ip any host {A} | ||
| + | </LOOP> | ||
| + | permit ip any any | ||
| + | exit | ||
| + | interface gigabitethernet 0/22 | ||
| + | ip access-group 101 in | ||
| + | exit | ||
| + | [/CLOSE] | ||
| + | [/DEFAULT] | ||
| + | |||
| + | </source> | ||
| + | |||
| + | скрпит шлюза | ||
<source lang="java"> | <source lang="java"> | ||
import java.io.IOException; | import java.io.IOException; | ||
| Строка 15: | Строка 76: | ||
import bitel.billing.server.util.DefaultServerSetup; | import bitel.billing.server.util.DefaultServerSetup; | ||
import bitel.billing.server.util.Utils; | import bitel.billing.server.util.Utils; | ||
| + | import bitel.billing.server.util.telnet.OperationTimedoutException; | ||
import bitel.billing.server.util.telnet.TelnetSession; | import bitel.billing.server.util.telnet.TelnetSession; | ||
import ru.bitel.bgbilling.common.DefaultSetup; | import ru.bitel.bgbilling.common.DefaultSetup; | ||
import bitel.billing.common.IPUtils; | import bitel.billing.common.IPUtils; | ||
import bitel.billing.server.util.Utils; | import bitel.billing.server.util.Utils; | ||
| + | import bitel.billing.server.util.telnet.OperationTimedoutException; | ||
import bitel.billing.server.util.telnet.TelnetSession; | import bitel.billing.server.util.telnet.TelnetSession; | ||
| - | + | import ru.bitel.bgbilling.modules.ipn.common.bean.*; | |
| + | import bitel.billing.server.util.telnet.ansi.TelnetAnsiSession; | ||
//includeBGBS( "bgbs://ru.bitel.bgbilling.kernel.script.common.bean.ScriptLibrary/manad" ); | //includeBGBS( "bgbs://ru.bitel.bgbilling.kernel.script.common.bean.ScriptLibrary/manad" ); | ||
| Строка 27: | Строка 91: | ||
{ | { | ||
log.info( "start of cisco........................................................"); | log.info( "start of cisco........................................................"); | ||
| + | |||
host = gate.getHost(); | host = gate.getHost(); | ||
port = gate.getPort(); | port = gate.getPort(); | ||
| Строка 47: | Строка 112: | ||
log.debug("before connect"); | log.debug("before connect"); | ||
| - | session = new | + | session = new TelnetAnsiSession( host, port); |
session.setTimeout( timeout ); | session.setTimeout( timeout ); | ||
session.setLoginPromptSequence( ":" ); | session.setLoginPromptSequence( ":" ); | ||
| - | session.connect(); | + | result.append( session.connect() ); |
log.debug("after connect"); | log.debug("after connect"); | ||
| Строка 74: | Строка 139: | ||
| - | log.info("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); | + | log.info("!!!!!!!!!!!start of log!!!!!!!!!!!!!!!!!!!!!"); |
log.info( result ); | log.info( result ); | ||
| - | log.info("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); | + | log.info("!!!!!!!!!!!!!!! end of log !!!!!!!!!!!!!!!!!"); |
log.debug( "ok" ); | log.debug( "ok" ); | ||
| Строка 82: | Строка 147: | ||
log.info( "end of cisco........................................................"); | log.info( "end of cisco........................................................"); | ||
| + | |||
} | } | ||
| Строка 90: | Строка 156: | ||
| - | private void doCommands( | + | private void doCommands( session, result, gateSetup) throws IOException, OperationTimedoutException |
{ | { | ||
acl = gateSetup.getStringValue( "acl"); | acl = gateSetup.getStringValue( "acl"); | ||
| - | vlanResult = getVlanResult( session ); | + | vlanResult = getVlanResult( session ); |
| + | log.info( "!!!!!!!!!!!!!!!!!!!!!!!!!!vlanResult!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" ); | ||
| + | log.info( vlanResult ); | ||
| + | log.info( "!!!!!!!!!!!!!!!!!!!!!!!!!!vlanResult!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" ); | ||
| + | |||
aclResult = getAclResult( session, acl ); | aclResult = getAclResult( session, acl ); | ||
| Строка 105: | Строка 175: | ||
VlanManager manager = new VlanManager(status.mid, con); | VlanManager manager = new VlanManager(status.mid, con); | ||
gateId = gate.getId(); | gateId = gate.getId(); | ||
| - | log.info("gateId=" + gateId); | + | //log.info("gateId=" + gateId); |
vid = manager.getVlan( gateId, status.contractId ); | vid = manager.getVlan( gateId, status.contractId ); | ||
| - | log.info("vid=" + vid); | + | //log.info("vid=" + vid); |
| + | log.debug( "status=" + status.status); | ||
| Строка 122: | Строка 193: | ||
addr1 = IPUtils.convertIpToString( range.getAddr1() ); | addr1 = IPUtils.convertIpToString( range.getAddr1() ); | ||
addr2 = IPUtils.convertIpToString( range.getAddr2() ); | addr2 = IPUtils.convertIpToString( range.getAddr2() ); | ||
| + | } | ||
| + | else | ||
| + | { | ||
| + | log.info( "empty adress on cid = " + status.contractId ); | ||
| + | continue; | ||
} | } | ||
| Строка 130: | Строка 206: | ||
rules = getOpenRules( status, vid, gateSetup, addr1, addr2, acl ); | rules = getOpenRules( status, vid, gateSetup, addr1, addr2, acl ); | ||
} | } | ||
| - | else if (status.status == IPNContractStatus.STATUS_REMOVED && vlanExists(vid, vlanResult) ) | + | else if (status.status == IPNContractStatus.STATUS_REMOVED && ( vlanExists(vid, vlanResult) || isUserDenied( addr1, addr2,aclResult) ) ) |
{ | { | ||
rules = getRemoveRules( status, vid, gateSetup, addr1, addr2, acl ); | rules = getRemoveRules( status, vid, gateSetup, addr1, addr2, acl ); | ||
} | } | ||
//if closed and etc | //if closed and etc | ||
| - | else if ( ! | + | else if ( status.status != IPNContractStatus.STATUS_OPEN && status.status != IPNContractStatus.STATUS_REMOVED && !isUserDenied( addr1, addr2, aclResult) ) |
{ | { | ||
rules = getCloseRules( status, vid, gateSetup, addr1, addr2, acl ); | rules = getCloseRules( status, vid, gateSetup, addr1, addr2, acl ); | ||
| Строка 144: | Строка 220: | ||
for ( String rule : rules ) | for ( String rule : rules ) | ||
{ | { | ||
| - | log.debug ("command=" + rule ); | + | //log.debug ("command=" + rule ); |
result.append( session.doCommand( rule ) ); | result.append( session.doCommand( rule ) ); | ||
} | } | ||
| Строка 155: | Строка 231: | ||
getOpenRules( status, vid, gateSetup, addr1, addr2, acl ) | getOpenRules( status, vid, gateSetup, addr1, addr2, acl ) | ||
{ | { | ||
| - | + | log.debug( "geting open rules..."); | |
| + | return getRules( status, "\\[OPEN\\](.*)\\[/OPEN\\]", vid, gateSetup, addr1, addr2, acl ); | ||
} | } | ||
getCloseRules( status, vid, gateSetup, addr1, addr2, acl ) | getCloseRules( status, vid, gateSetup, addr1, addr2, acl ) | ||
{ | { | ||
| - | + | log.debug( "geting close rules..."); | |
| + | return getRules( status, "\\[CLOSE\\](.*)\\[/CLOSE\\]", vid, gateSetup, addr1, addr2, acl ); | ||
} | } | ||
getRemoveRules( UserStatus status, vid, gateSetup, addr1, addr2, acl ) | getRemoveRules( UserStatus status, vid, gateSetup, addr1, addr2, acl ) | ||
| - | { | + | { |
| - | + | log.debug( "geting remove rules..."); | |
| + | return getRules( status, "\\[REMOVE\\](.*)\\[/REMOVE\\]", vid, gateSetup, addr1, addr2, acl ); | ||
} | } | ||
| Строка 171: | Строка 250: | ||
{ | { | ||
// пользовательское правило, без типа - то все оставляем как есть | // пользовательское правило, без типа - то все оставляем как есть | ||
| - | + | CiscoRule ciscoRule = new CiscoRule ( status.rule.getRuleText() ); | |
| - | log.info("rule=" + rule); | + | rule = ciscoRule.getAddresses(); |
| + | |||
| + | //log.info("rule=" + rule); | ||
//типизированное правило | //типизированное правило | ||
| Строка 181: | Строка 262: | ||
} | } | ||
| - | log.info("rule=" + rule); | + | //log.info("rule=" + rule); |
| Строка 234: | Строка 315: | ||
{ | { | ||
//эскейпируем точки в адресе | //эскейпируем точки в адресе | ||
| - | String address = addr1.replace( ".", "\\." ); | + | String address1 = addr1.replace( ".", "\\." ); |
| - | log.debug( "aaddr1=" + address ); | + | String address2 = addr2.replace( ".", "\\." ); |
| + | |||
| + | return isUserDeniedForAddress( address1, buffer ) && isUserDeniedForAddress( address2, buffer ); | ||
| + | } | ||
| + | |||
| + | private isUserDeniedForAddress ( address, buffer) | ||
| + | { | ||
| + | //эскейпируем точки в адресе | ||
| + | //String address = addr1.replace( ".", "\\." ); | ||
| + | //log.debug( "aaddr1=" + address ); | ||
String template = ".*deny ip host\\s+" + address + "\\s+any.*$"; | String template = ".*deny ip host\\s+" + address + "\\s+any.*$"; | ||
| - | log.debug( "template=" + template ); | + | //log.debug( "template=" + template ); |
Pattern pattern = Pattern.compile( template, Pattern.DOTALL ); | Pattern pattern = Pattern.compile( template, Pattern.DOTALL ); | ||
Matcher m = pattern.matcher( buffer ); | Matcher m = pattern.matcher( buffer ); | ||
| Строка 258: | Строка 348: | ||
} | } | ||
| + | |||
private vlanExists ( vlan, buffer) | private vlanExists ( vlan, buffer) | ||
| Строка 279: | Строка 370: | ||
return session.doCommand( "show access-lists " + acl ); | return session.doCommand( "show access-lists " + acl ); | ||
} | } | ||
| + | |||
</source> | </source> | ||
Версия 06:24, 16 апреля 2010
Подключение абонентов по схеме "vlan-на-клиента", при этом используется оборудование D-Link - на уровне доступа свитчи DES-1228G, в ядре - DGS-3610-26G. Это шлюз ядра(DGS-3610-26G).
конфигурация шлюза
user_rule.editor.class=bitel.billing.module.services.ipn.editor.vlan.CiscoVlanContactRuleEditor gate_manager.class=bitel.billing.server.ipn.vlan.CiscoVlanGateWorker use.script=1
Команды шлюза
[DEFAULT] [REMOVE] no vlan {VID} [/REMOVE] [OPEN] vlan {VID} exit vlan 100 subvlan {VID} exit vlan {VID} subvlan-address-range {addr1} {addr2} exit ip access-list extended 101 <LOOP> no deny ip host {A} any no deny ip any host {A} </LOOP> exit [/OPEN] [CLOSE] interface gigabitethernet 0/22 no ip access-group 101 in exit ip access-list extended 101 no permit ip any any <LOOP> deny ip host {A} any deny ip any host {A} </LOOP> permit ip any any exit interface gigabitethernet 0/22 ip access-group 101 in exit [/CLOSE] [/DEFAULT]
скрпит шлюза
import java.io.IOException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.regex.Matcher; import java.util.regex.Pattern; import java.util.StringTokenizer; import bitel.billing.common.module.ipn.IPNContractStatus; import bitel.billing.server.ipn.GateWorker; import bitel.billing.server.ipn.UserStatus; import bitel.billing.server.ipn.bean.*; import bitel.billing.server.util.DefaultServerSetup; import bitel.billing.server.util.Utils; import bitel.billing.server.util.telnet.OperationTimedoutException; import bitel.billing.server.util.telnet.TelnetSession; import ru.bitel.bgbilling.common.DefaultSetup; import bitel.billing.common.IPUtils; import bitel.billing.server.util.Utils; import bitel.billing.server.util.telnet.OperationTimedoutException; import bitel.billing.server.util.telnet.TelnetSession; import ru.bitel.bgbilling.modules.ipn.common.bean.*; import bitel.billing.server.util.telnet.ansi.TelnetAnsiSession; //includeBGBS( "bgbs://ru.bitel.bgbilling.kernel.script.common.bean.ScriptLibrary/manad" ); protected void doSync() { log.info( "start of cisco........................................................"); host = gate.getHost(); port = gate.getPort(); DefaultServerSetup gateSetup = new DefaultServerSetup( gate.getConfig(), "\r\n" ); pswd = gate.getKeyword(); login = gateSetup.getStringValue( "login"); timeout = gateSetup.getIntValue( "timeout", 0 ); result = new StringBuffer(); if( log.isDebugEnabled() ) { log.debug( gate.getId() + " gate: " + host + ":" + port + " login: " + login + " passwd: " + pswd ); } log.debug("before connect"); session = new TelnetAnsiSession( host, port); session.setTimeout( timeout ); session.setLoginPromptSequence( ":" ); result.append( session.connect() ); log.debug("after connect"); result.append( session.doCommand( login ) ); log.debug("after login"); session.setLoginPromptSequence( "#" ); result.append( session.doCommand( pswd ) ); log.debug("after pswd"); result.append( session.doCommand( "terminal length 0" ) ); result.append( session.doCommand( "terminal width 0" ) ); log.debug("after terminal"); result.append( session.doCommand( "configure terminal" ) ); log.debug( "execute commands" ); doCommands( session, result, gateSetup ); result.append( session.doCommand( "exit" ) ); result.append( session.doCommand( "write memory" ) ); session.doCommandAsync( "exit" ); log.info("!!!!!!!!!!!start of log!!!!!!!!!!!!!!!!!!!!!"); log.info( result ); log.info("!!!!!!!!!!!!!!! end of log !!!!!!!!!!!!!!!!!"); log.debug( "ok" ); log.info( "end of cisco........................................................"); } protected void add() { } private void doCommands( session, result, gateSetup) throws IOException, OperationTimedoutException { acl = gateSetup.getStringValue( "acl"); vlanResult = getVlanResult( session ); log.info( "!!!!!!!!!!!!!!!!!!!!!!!!!!vlanResult!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" ); log.info( vlanResult ); log.info( "!!!!!!!!!!!!!!!!!!!!!!!!!!vlanResult!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" ); aclResult = getAclResult( session, acl ); log.info( "!!!!!!!!!!!!!!!!!!!!!!!!!!aclResult!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" ); log.info( aclResult ); log.info( "!!!!!!!!!!!!!!!!!!!!!!!!!! end aclResult!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" ); for( UserStatus status : statusList ) { VlanManager manager = new VlanManager(status.mid, con); gateId = gate.getId(); //log.info("gateId=" + gateId); vid = manager.getVlan( gateId, status.contractId ); //log.info("vid=" + vid); log.debug( "status=" + status.status); String addr1 = null; String addr2 = null; date = new GregorianCalendar(); AddressRangeManager man = new AddressRangeManager( con, mid ); addressList = man.getContractAddressRange( status.contractId , date, -1 ); if ( addressList.size() > 0 ) { AddressRange range = addressList.get(0); addr1 = IPUtils.convertIpToString( range.getAddr1() ); addr2 = IPUtils.convertIpToString( range.getAddr2() ); } else { log.info( "empty adress on cid = " + status.contractId ); continue; } rules = null; if (status.status == IPNContractStatus.STATUS_OPEN && (!vlanExists(vid, vlanResult) || isUserDenied( addr1, addr2, aclResult) ) ) { rules = getOpenRules( status, vid, gateSetup, addr1, addr2, acl ); } else if (status.status == IPNContractStatus.STATUS_REMOVED && ( vlanExists(vid, vlanResult) || isUserDenied( addr1, addr2,aclResult) ) ) { rules = getRemoveRules( status, vid, gateSetup, addr1, addr2, acl ); } //if closed and etc else if ( status.status != IPNContractStatus.STATUS_OPEN && status.status != IPNContractStatus.STATUS_REMOVED && !isUserDenied( addr1, addr2, aclResult) ) { rules = getCloseRules( status, vid, gateSetup, addr1, addr2, acl ); } if (vid > 0 && rules != null ) { for ( String rule : rules ) { //log.debug ("command=" + rule ); result.append( session.doCommand( rule ) ); } } } } getOpenRules( status, vid, gateSetup, addr1, addr2, acl ) { log.debug( "geting open rules..."); return getRules( status, "\\[OPEN\\](.*)\\[/OPEN\\]", vid, gateSetup, addr1, addr2, acl ); } getCloseRules( status, vid, gateSetup, addr1, addr2, acl ) { log.debug( "geting close rules..."); return getRules( status, "\\[CLOSE\\](.*)\\[/CLOSE\\]", vid, gateSetup, addr1, addr2, acl ); } getRemoveRules( UserStatus status, vid, gateSetup, addr1, addr2, acl ) { log.debug( "geting remove rules..."); return getRules( status, "\\[REMOVE\\](.*)\\[/REMOVE\\]", vid, gateSetup, addr1, addr2, acl ); } getRules( status, template, vid, gateSetup, addr1, addr2, acl ) { // пользовательское правило, без типа - то все оставляем как есть CiscoRule ciscoRule = new CiscoRule ( status.rule.getRuleText() ); rule = ciscoRule.getAddresses(); //log.info("rule=" + rule); //типизированное правило if( status.ruleType != null ) { rule = generateRule( rule, status.gateType, status.ruleType, vid, status.contractId, gateSetup, addr1, addr2, acl ); } //log.info("rule=" + rule); pattern = Pattern.compile( template, Pattern.DOTALL ); m = pattern.matcher( rule ); if (m.find()) { rule = m.group( 1 ); } rule.replaceAll( "\r", "" ); parts = rule.split( "\n" ); result = new ArrayList(); for ( String part : parts ) { if ( !Utils.isEmptyString( part )) { result.add( part ); } } return result; } generateRule( addresses, gateType, ruleType, int vid, int cid, gateSetup, addr1, addr2, acl ) { supervlan = gateSetup.getIntValue( "supervlan", 0 ); Map replacements = new HashMap(); if ( addr1 != null && addr2 != null ) { replacements.put( "\\{addr1\\}", addr1 ); replacements.put( "\\{addr2\\}", addr2 ); replacements.put( "\\{SUPERVLAN\\}", String.valueOf( supervlan) ); replacements.put( "\\{ACL\\}", acl ); } ruleText = ManadUtils.getRule( gateType, ruleType ); if ( vid > 0) { replacements.put( "\\{VID\\}", String.valueOf( vid ) ); } return ManadUtils.generateRule( ruleText, addresses, replacements, ruleType ); } private isUserDenied ( addr1, addr2, buffer) { //эскейпируем точки в адресе String address1 = addr1.replace( ".", "\\." ); String address2 = addr2.replace( ".", "\\." ); return isUserDeniedForAddress( address1, buffer ) && isUserDeniedForAddress( address2, buffer ); } private isUserDeniedForAddress ( address, buffer) { //эскейпируем точки в адресе //String address = addr1.replace( ".", "\\." ); //log.debug( "aaddr1=" + address ); String template = ".*deny ip host\\s+" + address + "\\s+any.*$"; //log.debug( "template=" + template ); Pattern pattern = Pattern.compile( template, Pattern.DOTALL ); Matcher m = pattern.matcher( buffer ); boolean found = m.find(); if ( found ) { log.debug( "user2 denied" ); return true; } pattern = Pattern.compile( ".*deny ip any host\\s" + address + "\\s.*$", Pattern.DOTALL ); m = pattern.matcher( buffer ); found = m.find(); log.debug( found ? "user denied" :"user not denied" ); return found; } private vlanExists ( vlan, buffer) { Pattern pattern = Pattern.compile( ".*" + vlan + "\\s+ON\\s+.*", Pattern.DOTALL ); Matcher m = pattern.matcher( buffer ); found = m.find(); log.debug( found ? "vlan found" : "vlan not found" ); return found; } private getVlanResult( session ) { return session.doCommand( "show supervlan"); } private getAclResult( session, acl ) { return session.doCommand( "show access-lists " + acl ); }
