File: README

package info (click to toggle)
ramond 0.5-4
  • links: PTS, VCS
  • area: main
  • in suites: buster, jessie, jessie-kfreebsd, stretch, wheezy
  • size: 248 kB
  • ctags: 174
  • sloc: ansic: 1,418; sh: 82; makefile: 26; perl: 10
file content (50 lines) | stat: -rw-r--r-- 2,039 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
*****************************************************
*                                                   *
*    MIS-CONFIGURATION WILL DESTROY YOUR NETWORK    *
*                                                   *
*****************************************************

Recommended Hardware:
	The author intended this program to run on one machine with two network
	cards. One card (the monitoring interface) uses 802.1q and connects to
	a switch trunk port. Virtual interfaces should be created for every vlan
	that needs monitoring.

	There is no need for the monitoring interface to be registered on any
	of these networks. You are advised to use the operating systems firewall
	to block all non-icmpv6 traffic entering/leaving the monitoring
	interface. (this includes IPv4 traffic).

	The second 'management interface' sits on a trusted network, where no
	rogue routers will ever appear. Your <execute/>d scripts should use
	this interface for outbound notifications. If you need to administer
	the machine, it should be via this interface.

	You should disable all auto configuration and ip-forwarding features
	of the machine.

Configuration:
	The sample configuration contains an explanation of the xml syntax
	required.

	The path to the configuration file is passed using the`-c' command-line
	option. A few obvious places are checked if this is missing.

	Only <clear/> routes that you know should never appear on a link.

	Notification is always the best policy.

	Do not <clear/> a route that you own, even if it is on the wrong link,
	the two networks may be joined at the link-layer, you will DOS your own
	network.

Logging:
	Ramond _will_not_ log every Router-Advert it sees. On a medium sized
	deployment this can be ~10M a day.

	If you want a log of every RA, either parse the messages coming to
	stdout, or `<execute/>' a script which generates your log.

	Messages that affect the programs operation are written to the log-file
	and syslog. These are messages like `file not found' or `could not open
	raw socket'.