From 6f766ffae703cb89bbd562d1cf45d472372d9817 Mon Sep 17 00:00:00 2001 From: siddharthchhabra Date: Mon, 15 Apr 2019 11:30:33 -0400 Subject: [PATCH 1/4] sample problem 1 directory for testing use only --- Problem1/problem_1_troubleshooting | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 Problem1/problem_1_troubleshooting diff --git a/Problem1/problem_1_troubleshooting b/Problem1/problem_1_troubleshooting new file mode 100644 index 0000000..e69de29 From ffb18515d100cb9bdc8662b9c7349041c53f9622 Mon Sep 17 00:00:00 2001 From: siddharthchhabra Date: Mon, 15 Apr 2019 11:59:33 -0400 Subject: [PATCH 2/4] answered all 3 problems 1) troubleshooting steps 2) added printer 4 for dns resolution 3) added vlan 5 to firewall config for internet access only --- network_config/firewall.conf | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/network_config/firewall.conf b/network_config/firewall.conf index e5c2007..cce38e8 100644 --- a/network_config/firewall.conf +++ b/network_config/firewall.conf @@ -69,6 +69,18 @@ ip dhcp pool Network_Pool_VLAN4 lease 3 0 0 dhcp-option 42 NTP_Server ip 10.0.0.15 10.0.0.16 10.0.0.17 ! + +! +ip dhcp pool Network_Pool_VLAN5 + network 10.0.5.0 255.255.255.0 + default-router 10.0.5.1 + starting-address 10.0.5.100 pool-size 100 + first-dns-server 10.0.0.10 + second-dns-server 10.0.0.11 + third-dns-server 10.0.0.12 + lease 24 0 0 + dhcp-option 42 NTP_Server ip 10.0.0.15 10.0.0.16 10.0.0.17 +! interface ge1 type external upstream 1048576 @@ -188,6 +200,22 @@ interface vlan4 ip ospf cost 10 description 80:Voice: 5th floor ip dhcp-pool Network_Pool_VLAN4 + ! +interface vlan5 + port lag1 + vlan-id 5 + ip address 10.0.5.1 255.255.255.0 + upstream 1048576 + downstream 1048576 + mtu 1500 + type internal + ip rip send version 2 + ip rip receive version 2 + ip ospf priority 1 + ip ospf cost 10 + description 80:Internet: schhabra + ip dhcp-pool Network_Pool_VLAN5 + interface ge1_ppp account GE1_PPPoE_ACCOUNT ! @@ -1408,6 +1436,7 @@ zone WAN interface ge2_ppp ! zone DMZ +interface vlan5 ! zone SSL_VPN ! From 36b65703e78aaad0c3716f8888f343079e45a108 Mon Sep 17 00:00:00 2001 From: siddharthchhabra Date: Mon, 15 Apr 2019 12:03:28 -0400 Subject: [PATCH 3/4] fixed formatting of troubleshooting steps and time renewal for dhcp server --- Problem1/problem_1_troubleshooting | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/Problem1/problem_1_troubleshooting b/Problem1/problem_1_troubleshooting index e69de29..91e6a7e 100644 --- a/Problem1/problem_1_troubleshooting +++ b/Problem1/problem_1_troubleshooting @@ -0,0 +1,29 @@ +Steps taken for intermittent browser connectivity issue: + +1) Logged into amazon ec2 instance with the certificate pem key provided + +2) i had to orient myself to understand what was configured in terms of connectivity, ips, subnets, dns resolv files +etc. + +3) I used ifconfig -a to check the interfaces and verified that the subnets, broadcast, ip address were all proper + +4) from there I also checked the resolv.conf file to understand the name servers config as wrong ip addressing, +subnetting, gateway address, and dns resolvers are the usual culprits when it comes to connectivity issues especially +with browsers when we need name resolution + +5) I then proceeded to check the logs in /var/log directory and noticed DHCP renewal is happening every 1800 seconds or +30 minutes + +6) I also checked the cd /var/lib/dhclient directory for the dhcp leases, but I'm use to the dhclient leases being +kept in a different directory so i had to verify which directory it was on the ec2 instance + +7) from there i checked all the leases assigned to eth 0 in (cat dhclient--eth0.lease) +and noticed they were renewing every 30 minutes or so + +8) so based on those two files and assuming this is the server for the webpage the clients are browsing the renewal +of the lease every 30 minutes, involvoing the DORA process of DHCP which is discovery, offer, request, accept the IP +address of the webserver was changing or could change which would start the prcess of binding all over again that could +cause disruption and hence the timeoout on the webpages every 30 minutes for a few seconds till the server got it's IP +again through the DHCP server + +9) general practice is to keep the IPs static in this case and exclude it from the DHCP pool From 7940c2c511f1920fe371394f0fc042ee134143cc Mon Sep 17 00:00:00 2001 From: siddharthchhabra Date: Mon, 15 Apr 2019 12:52:18 -0400 Subject: [PATCH 4/4] finalized troubleshooting steps for problem 1, renamed problem 1 text file, added a readme for the firewall question, fixed directory for docker files --- Problem1/README.problem_1_troubleshooting | 29 +++++++++++++++++++ Problem1/README.problem_3_troubleshooting | 10 +++++++ Problem1/problem_1_troubleshooting | 29 ------------------- .../dns_server/files/bind/db.testroot.local | 1 + network_config/firewall.conf | 2 +- 5 files changed, 41 insertions(+), 30 deletions(-) create mode 100644 Problem1/README.problem_1_troubleshooting create mode 100644 Problem1/README.problem_3_troubleshooting delete mode 100644 Problem1/problem_1_troubleshooting diff --git a/Problem1/README.problem_1_troubleshooting b/Problem1/README.problem_1_troubleshooting new file mode 100644 index 0000000..5ba6dab --- /dev/null +++ b/Problem1/README.problem_1_troubleshooting @@ -0,0 +1,29 @@ +Steps taken for intermittent browser connectivity issue: + +1) Logged into amazon ec2 instance with the certificate pem key provided + +2) I had to orient myself to understand what was configured in terms of connectivity, ips, subnets, dns resolv files +etc. + +3) I used ifconfig -a to check the interfaces and verified that the subnets, broadcast, ip address were all proper + +4) From there I also checked the resolv.conf file to understand the name servers config; as wrong ip addressing, +subnetting, gateway address, and dns resolvers are the usual culprits when it comes to connectivity issues, especially +with browsers when we need name resolution + +5) I then proceeded to check the logs in /var/log directory and noticed DHCP renewal is happening every 1800 seconds or +30 minutes + +6) I also checked the /var/lib/dhclient directory for the dhcp leases, ( I'm use to the dhclient leases being +kept in a different directory) so i had to verify which directory it was on the ec2 instance + +7) From there I checked all the leases assigned to eth 0 in (cat dhclient--eth0.lease) +and noticed they were renewing every 30 minutes or so + +8) So based on those two files and assuming this is the server that the clients are browsing the renewal of the lease +every 30 minutes, involving the DHCP DORA process which is discovery, offer, request, accept the IP address of the +webserver was changing or in this case being renewed which would start the process of binding all over again which +would cause disruption and hence the time out on the webpages every 30 minutes for a few seconds till the server got +it's IP again through the DHCP server + +9) General practice is to keep the IPs static in this case and exclude it from the DHCP pool diff --git a/Problem1/README.problem_3_troubleshooting b/Problem1/README.problem_3_troubleshooting new file mode 100644 index 0000000..64f31be --- /dev/null +++ b/Problem1/README.problem_3_troubleshooting @@ -0,0 +1,10 @@ +Steps taken for problem 3 Zyxel firewall config + +1) I do not have experience in Zyxel firewalls but after looking at the configuration, it was very similar to Cisco +routers configuration + +2) I leveraged the standard configuration and some preliminary searches to make sure I get the syntax right for the +DHCP lease time + +3) Once I configure VLAN 5 DHCP pool and the interface vlan settings, I added the VLAN 5 to the DMZ considering that is +the standard internet access \ No newline at end of file diff --git a/Problem1/problem_1_troubleshooting b/Problem1/problem_1_troubleshooting deleted file mode 100644 index 91e6a7e..0000000 --- a/Problem1/problem_1_troubleshooting +++ /dev/null @@ -1,29 +0,0 @@ -Steps taken for intermittent browser connectivity issue: - -1) Logged into amazon ec2 instance with the certificate pem key provided - -2) i had to orient myself to understand what was configured in terms of connectivity, ips, subnets, dns resolv files -etc. - -3) I used ifconfig -a to check the interfaces and verified that the subnets, broadcast, ip address were all proper - -4) from there I also checked the resolv.conf file to understand the name servers config as wrong ip addressing, -subnetting, gateway address, and dns resolvers are the usual culprits when it comes to connectivity issues especially -with browsers when we need name resolution - -5) I then proceeded to check the logs in /var/log directory and noticed DHCP renewal is happening every 1800 seconds or -30 minutes - -6) I also checked the cd /var/lib/dhclient directory for the dhcp leases, but I'm use to the dhclient leases being -kept in a different directory so i had to verify which directory it was on the ec2 instance - -7) from there i checked all the leases assigned to eth 0 in (cat dhclient--eth0.lease) -and noticed they were renewing every 30 minutes or so - -8) so based on those two files and assuming this is the server for the webpage the clients are browsing the renewal -of the lease every 30 minutes, involvoing the DORA process of DHCP which is discovery, offer, request, accept the IP -address of the webserver was changing or could change which would start the prcess of binding all over again that could -cause disruption and hence the timeoout on the webpages every 30 minutes for a few seconds till the server got it's IP -again through the DHCP server - -9) general practice is to keep the IPs static in this case and exclude it from the DHCP pool diff --git a/docker/dns_server/files/bind/db.testroot.local b/docker/dns_server/files/bind/db.testroot.local index a302edb..2edaa71 100644 --- a/docker/dns_server/files/bind/db.testroot.local +++ b/docker/dns_server/files/bind/db.testroot.local @@ -20,3 +20,4 @@ ns3.testroot.local. IN A 10.0.0.12 printer1.testroot.local. IN A 10.0.1.200 printer2.testroot.local. IN A 10.1.4.147 printer3.testroot.local. IN A 10.9.7.34 +printer4.testroot.local. IN A 10.4.7.19 diff --git a/network_config/firewall.conf b/network_config/firewall.conf index cce38e8..66a8937 100644 --- a/network_config/firewall.conf +++ b/network_config/firewall.conf @@ -78,7 +78,7 @@ ip dhcp pool Network_Pool_VLAN5 first-dns-server 10.0.0.10 second-dns-server 10.0.0.11 third-dns-server 10.0.0.12 - lease 24 0 0 + lease 1 0 0 dhcp-option 42 NTP_Server ip 10.0.0.15 10.0.0.16 10.0.0.17 ! interface ge1