# This definition sets up a network according to the diagram below which
# covers a multitude of possible scenarios.
#
# Install graphviz to produce a nice graph:
#   vnetbuild vnetbuild-complex.conf graphviz vnetbuild-complex.png
#
# To get iptables logs for "fw", ulogd must be installed. A sed command
# is configured which will create a custom logfile from the system standard
# /etc/ulogd.conf - this may need editing to match your system.
#
# Run:
#   sudo vnetbuild vnetbuild.conf start
#
# A network namespace is created for each host and switch to keep everything
# isolated. You can apply different networking setups including routing,
# firewalling and QOS in every namespace. Add more "exec" commands to
# automate this at start time.
#
# Note that there are no virtual machines in use, all processing is done
# on the host but with separate views of what the network looks like.
#
# The name of a host or switch in the configuration is the name used for
# the namespace making it easy to use "ip netns exec" to specify where
# commands should run. Examples:
#
#   Tcpdump traffic passing through a switch
#     sudo ip netns exec sw0 tcpdump -i switch -w capfile
#
#   Tcpdump traffic seen by a device on a host
#     sudo ip netns exec host12 tcpdump -i veth0 -w capfile
#
#   Ping "from" host01 (10.0.0.1) to host12 via switch sw0 and hosts fw and gw:
#     sudo ip netns exec host01 ping 192.168.2.12
#
#   Start netcat on port 23 of host52 to receive telnet:
#     sudo ip netns exec host52 nc -l -p 23
#
#   In a different terminal, telnet "from" host21 (10.0.0.1) to host52
#   via fw, switches and bridges:
#     sudo ip netns exec host21 telnet 10.45.45.52
#
#   Start firehol in fw host namespace:
#     sudo ip netns exec fw firehol some-firehol.conf start
#
#   Panic firehol in fw host namespace (now previous commands are blocked):
#     sudo ip netns exec fw firehol panic
#
# Key:
#    hostname
#    [device]   (hosts have just a [veth0] unless otherwise noted)
#    (switch)
#
#  host21                    +- host01            host41
#   |                        |                    |
#   |    host22              +- host02            |     host42
#   |     |                  | (sw0)              |     |
#   |     |  . . . . . . . . | . . . . . . . . .  |     |
#   |     |  .            [veth0]              .  |     |
#   +-----+----[vbr0eth2]    |      [vbr1eth4]----+-----+
#     (sw2)  .     |         | fw       |      .    (sw4)
#            .     + [vbr0]--+---[vbr1] +      .
#     (sw3)  .     |         |          |      .    (sw5)
#   +-----+----[vbr0eth3]    |      [vbr1eth5]----+-----+
#   |     |  .            [veth1]              .  |     |
#   |     |  . . . . . . . . | . . . . . . . . .  |     |
#   |     |                  | (<direct>)         |     |
#   |    host31           [veth0]                 |     host52
#   |                       gw                    |
#  host32             [veth1]  [veth2]           host51
#              (<direct>) /      \ (<direct>)
#                      host11   host12

host fw
  dev veth0 10.0.0.254/24
  dev veth1 10.1.1.254/24
  dev vbr0eth2
  dev vbr0eth3
  dev vbr1eth4
  dev vbr1eth5
  bridgedev vbr0 vbr0eth2 vbr0eth3 10.23.23.254/24
  pre_up vbr0 echo 2 > /sys/class/net/vbr0/bridge/stp_state
  bridgedev vbr1 vbr1eth4 vbr1eth5 10.45.45.254/24
  pre_up vbr1 echo 2 > /sys/class/net/vbr0/bridge/stp_state
  route default via 10.1.1.253
  exec echo 1 > /proc/sys/net/ipv4/ip_forward
  exec sed 's:/var/log/ulog/syslogemu.log:/var/log/ulog/fw.log:' /etc/ulogd.conf > $NSTMP/ulogd.conf
  exec /usr/sbin/ulogd -d -c $NSTMP/ulogd.conf

host gw
  dev veth0 fw/veth1 10.1.1.253/24
  dev veth1 192.168.1.254/24
  dev veth2 192.168.2.254/24
  route default via 10.1.1.254
  exec echo 1 > /proc/sys/net/ipv4/ip_forward

host host01
  dev veth0 10.0.0.1/24
  route default via 10.0.0.254

host host02
  dev veth0 10.0.0.2/24
  route default via 10.0.0.254

host host11
  dev veth0 gw/veth1 192.168.1.11/24
  route default via 192.168.1.254

host host12
  dev veth0 gw/veth2 192.168.2.12/24
  route default via 192.168.2.254

host host21
  dev veth0 10.23.23.21/24
  route default via 10.23.23.254

host host22
  dev veth0 10.23.23.22/24
  route default via 10.23.23.254

host host31
  dev veth0 10.23.23.31/24
  route default via 10.23.23.254

host host32
  dev veth0 10.23.23.32/24
  route default via 10.23.23.254

host host41
  dev veth0 10.45.45.41/24
  route default via 10.45.45.254

host host42
  dev veth0 10.45.45.42/24
  route default via 10.45.45.254

host host51
  dev veth0 10.45.45.51/24
  route default via 10.45.45.254

host host52
  dev veth0 10.45.45.52/24
  route default via 10.45.45.254

switch sw0
  pre_up switch echo 2 > /sys/class/net/switch/bridge/stp_state
  dev d01 fw/veth0
  dev d02 host01/veth0
  dev d03 host02/veth0

switch sw2
  pre_up switch echo 2 > /sys/class/net/switch/bridge/stp_state
  dev d01 fw/vbr0eth2
  dev d02 host21/veth0
  dev d03 host22/veth0

switch sw3
  pre_up switch echo 2 > /sys/class/net/switch/bridge/stp_state
  dev d01 fw/vbr0eth3
  dev d02 host31/veth0
  dev d03 host32/veth0

switch sw4
  pre_up switch echo 2 > /sys/class/net/switch/bridge/stp_state
  dev d01 fw/vbr1eth4
  dev d02 host41/veth0
  dev d03 host42/veth0

switch sw5
  pre_up switch echo 2 > /sys/class/net/switch/bridge/stp_state
  dev d01 fw/vbr1eth5
  dev d02 host51/veth0
  dev d03 host52/veth0