I'm working for an automation job about virtual machine deploying with use vRealize Orchestrator.
I want IP addresses from user by virual machine number. So if the requester want 3 virtual machines, my workflow must take IP addresses for 3 virtual machines. if the requester want 2, then my workflow must take addresses for 2 virtual machine.
Example Screenshots:
Workflow ask IP Address for 1 VM
Workflow ask IP Address for 2 VM
I can hide/show input at presentation but I don't want it because it damages the flexibility of workflow. It maybe works for 4-5 VM but I can need more. How can I do this for more VMs?
Note: I can take the IP addresses as an array but in this option the length of array must be equal to VM number.
You can request all the IPs in a single string separated by comas then parse them later on. For example: 1.1.1.1,2.2.2.2,3.3.3.3 etc. That is probably the easiest method.
Method 2:
One separate user interaction to request the number of VMs. Let's say vmCount
Another separate user interaction to request exactly 1 IP address string. Let's say ipAddr
Scriptable task after this user interaction that does array.push(ipAddr)
Loop over this user interaction and scriptable task as many times as vmCount
At the end you will have an array that contains as many IPs as vmCount.
Related
I am wondering if it is possible to compute some kind of hash value from ip address or do modulo operation on the last numeric value from ip address (for example on 24 given 172.16.4.24)? Based on this, I want to send the request to different endpoints (not to different servers). If this can be done without installing any new module, that would be the best.
As far as I can see, I feel like I should do something similar using the regex?
We are developing a Server software on Linux using C/C++, this software will limit the download rate for those requests which are from the Internet, but for those from local machines (intranet) it won't set any limit.
The problem is how to judge an IP address is local or not, is it possible to do it through c/c++ by reading some network number settings (maybe from router?)?
UPDATE
When I say local ip, I mean it is from within the company. For example, suppose the company has three subnets (this company only has a DSL link to the internet), they are 10.123.1.xxx, 172.16.1.xxx and 192.168.1.xxx, then all ip addresses from these three subnets should be considered as local address.
The private address ranges are:
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
You might also want to filter out link-local addresses (169.254/16)
You could then parse the ip address in your code(to get the addresses you could use avahi or something similiar and save all the addresses to a file and then parse each address individually)and check it matches these addresses. If it does not then limit its connection
Edit
You could also look into using the getifaddrs function that will list local addresses
If you run a traceroute on the IP address of the machine requesting a connection, you should be able to see whether the route takes you through the "gateway outside the company" (typically your ISP). A simple example in my house would be the Time Warner gateway that my internal router connects to. If the route to the client does not go through the ISP (as you mentioned, you have a DSL link; so the IP address of the DSL endpoint should be known), then it's an internal request. This doesn't require you to know the full map of IP addresses inside the company - you can assume your routers have it figured out.
To get this information you can run a system command from inside your program and parse the response.
To start with, run it from the command line (with a known "internal" and "external" IP address), and look at the difference. If you need further help after that, please update your question with the information you gathered.
A consultant at work mentioned that you can have web services running on different endpoints and hence utilize the network correctly if I have more than one network card with different bandwidths.
Not being too network savvy, is he saying I can take my web service and tie it down to one network card and make sure clients make calls at that network card to access it as I have more bandwidth at that card?
Can I do this without changing the clients?
Also if my web service has a number of web methods and I want some web methods to run on a different network card, would I have to split the web service so that the web methods are on different web services? In other words I would have to write two web services?
Are you really maxing out your network that you need to implement something like this? I would look into bottlenecks within the application first before going down this road.
If your network is the bottleneck, then perhaps moving you web service to a completely different server might be a better solution. It'll mostly likely be cleaner and easier to implement.
Having said that, it can probably be done, but would be convoluted. Network cards would need to be on different networks. Wouldn't make sense if it's the same network. Each network card will have different IP address assigned.
In IIS, you'll need to make sure that site which houses your web service is configured for one particular IP address.
Can I do this without changing the clients?
Depends. You will need to make sure whoever is calling your web service does it using the IP address configured within IIS. That might mean either creating a DNS record that points to that particular IP address OR editing your clients to point to the right IP address.
Lets say my IP currently is: 123.123.123.123
How can I get that string programmatically?
Note: I don't want to get this IP: 192.168.0.10, I want that IP which others can use to connect into my computer via HTTP or anything.
NOTE: I dont want to open some web-page such as ip4.me to get the address, I want to get it with just C++.
I tried to google but every suggestion was "load a page and read the IP it tells you". Is that really the only way?!
You can fetch it from http://api.externalip.net/ip/ or some similar services, but I'm not sure how reliable these sites are, in means of availability
Any other way would be extremely complicated, as in general, no network equipment has api to tell external IP, and even if it had, you can not tell is there a simple xDSL router in front of you or Cisco ASA nating outbound traffic
My recommendation is to send a packet with the record route option.
If you know your upstream gateway, you should be able to find a ping command that allows you to set record route, and then either stores that data in an array or something you can regex.
Your WAN IP should be either record 0 or record 1, I believe.
What network library are you using?
So this is more of a general question on the best practice of preventing DoS attacks, I'm just trying to get a grasp on how most people handle malicious requests from the same IP address which is the problem we are currently having.
I figure it's better to block the IP of a truly malicious IP as high up as possible as to prevent using more resources, especially when it comes to loading you application.
Thoughts?
You can prevent DoS attacks from occuring in various ways.
Limiting the number of queries/second
from a particular ip address. Once
the limit is reached, you can send a
redirect to a cached error page to
limit any further processing. You
might also be able to get these IP
address firewalled so that you don't
have to process their requests at
all. Limiting requests per IP address
wont work very well though if the
attacker forges the source IP address
in the packets they are sending.
I'd also be trying to build some
smarts into your application to help
dealing with a DoS. Take Google maps
as an example. Each individual site
has to have it's own API key which I
believe is limited to 50,000 requests
per day. If your application worked
in a similar way, then you'd want to
validate this key very early on in
the request so that you don't use too
many resources for the request. Once
the 50,000 requests for that key are
used, you can send appropriate proxy
headers such that all future requests
(for the next hour for example) for
that key are handled by the reverse
proxy. It's not fool proof though. If
each request has a different url,
then the reverse proxy will have to
pass through the request to the
backend server. You would also run
into a problem if the DDOS used lots
of different API keys.
Depending on the target audience for
your application, you might be able
to black list large IP ranges that
contribute significantly to the DDOS.
For example, if your web service is
for Australian's only, but you were
getting a lot of DDOS requests from
some networks in Korea, then you
could firewall the Korean networks.
If you want your service to be
accessible by anyone, then you're out
of luck on this one.
Another approach to dealing with a DDOS is to
close up shop and wait it out. If
you've got your own IP address or IP
range then you, your hosting company
or the data centre can null route the
traffic so that it goes into a block
hole.
Referenced from here. There are other solutions too on same thread.
iptables -I INPUT -p tcp -s 1.2.3.4 -m statistic --probability 0.5 -j DROP iptables -I INPUT n -p tcp -s 1.2.3.4 -m rpfilter --loose -j ACCEPT
# n would be an numeric index into the INPUT CHAIN -- default is append to INPUT chain
more at...
Can't Access Plesk Admin Because Of DOS Attack, Block IP Address Through SSH?