- en
- fr
This is an old revision of the document!
Table of Contents
Aggregating multiple ISP links
This lab shows an example of aggregating multiple independent ISP links with MLVPN.
Network diagram
Virtual Lab setp
This chapter will describe how to start each routers and configuring the 3 centrals routers.
More information on these BSDRP lab scripts available on How to build a BSDRP router lab.
Start the Virtual lab (example using bhyve):
# ./tools/BSDRP-lab-bhyve.sh -n 5 BSD Router Project (http://bsdrp.net) - bhyve full-meshed lab script Setting-up a virtual lab with 5 VM(s): - Working directory: /tmp/BSDRP - Each VM have 1 core(s) and 256M RAM - Switch mode: bridge + tap - 0 LAN(s) between all VM - Full mesh Ethernet links between each VM VM 1 have the following NIC: - vtnet0 connected to VM 2. - vtnet1 connected to VM 3. - vtnet2 connected to VM 4. - vtnet3 connected to VM 5. VM 2 have the following NIC: - vtnet0 connected to VM 1. - vtnet1 connected to VM 3. - vtnet2 connected to VM 4. - vtnet3 connected to VM 5. VM 3 have the following NIC: - vtnet0 connected to VM 1. - vtnet1 connected to VM 2. - vtnet2 connected to VM 4. - vtnet3 connected to VM 5. VM 4 have the following NIC: - vtnet0 connected to VM 1. - vtnet1 connected to VM 2. - vtnet2 connected to VM 3. - vtnet3 connected to VM 5. VM 5 have the following NIC: - vtnet0 connected to VM 1. - vtnet1 connected to VM 2. - vtnet2 connected to VM 3. - vtnet3 connected to VM 4. For connecting to VM'serial console, you can use: - VM 1 : cu -l /dev/nmdm1B - VM 2 : cu -l /dev/nmdm2B - VM 3 : cu -l /dev/nmdm3B - VM 4 : cu -l /dev/nmdm4B - VM 5 : cu -l /dev/nmdm5B
Backbone routers configuration
Router 2
Router 2 is configured for rate-limiting traffic at 10 Mb/s on interface to/from R1.
sysrc hostname=R2 sysrc ifconfig_vtnet0="10.0.12.2/24" sysrc ifconfig_vtnet2="10.0.24.2/24" sysrc static_routes="R5" sysrc route_R5="-net 10.0.45.0/24 10.0.24.4" sysrc firewall_enable=YES sysrc firewall_script="/etc/ipfw.rules" cat > /etc/ipfw.rules <<'EOF' #!/bin/sh fwcmd="/sbin/ipfw" kldstat -q -m dummynet || kldload dummynet # Flush out the list before we begin. ${fwcmd} -f flush #Create pipes (one for each direction) ${fwcmd} pipe 10 config bw 10Mbit/s ${fwcmd} pipe 20 config bw 10Mbit/s #Traffic getting out vtnet0 is limited to 10Mbit/s ${fwcmd} add 1000 pipe 10 all from any to any out via vtnet0 #Traffic getting int vtnet0 is limited to 10Mbit/s ${fwcmd} add 2000 pipe 20 all from any to any in via vtnet0 #We don't want to block traffic, only shape some ${fwcmd} add 3000 allow ip from any to any 'EOF' service netif restart service routing restart service ipfw start config save
Router 3
Router 3 is configured for rate-limiting traffic at 10 Mb/s on interface to/from R1.
sysrc hostname=R3 sysrc ifconfig_vtnet0="10.0.13.3/24" sysrc ifconfig_vtnet2="10.0.34.3/24" sysrc static_routes="R5" sysrc route_R5="-net 10.0.45.0/24 10.0.34.4" sysrc firewall_enable=YES sysrc firewall_script="/etc/ipfw.rules" cat > /etc/ipfw.rules <<'EOF' #!/bin/sh fwcmd="/sbin/ipfw" kldstat -q -m dummynet || kldload dummynet # Flush out the list before we begin. ${fwcmd} -f flush #Create pipes (one for each direction) ${fwcmd} pipe 10 config bw 10Mbit/s ${fwcmd} pipe 20 config bw 10Mbit/s #Traffic getting out vtnet0 is limited to 10Mbit/s ${fwcmd} add 1000 pipe 10 all from any to any out via vtnet0 #Traffic getting int vtnet0 is limited to 10Mbit/s ${fwcmd} add 2000 pipe 20 all from any to any in via vtnet0 #We don't want to block traffic, only shape some ${fwcmd} add 3000 allow ip from any to any 'EOF' service netif restart service routing restart service ipfw start config save
Router 4
Router 4 is the aggregating server's default gateway.
sysrc hostname=R4 sysrc ifconfig_vtnet1="10.0.24.4/24" sysrc ifconfig_vtnet2="10.0.34.4/24" sysrc ifconfig_vtnet3="10.0.45.4/24" sysrc static_routes="R2 R3" sysrc route_R2="-net 10.0.12.0/24 10.0.24.2" sysrc route_R3="-net 10.0.13.0/24 10.0.34.3" service netif restart service routing restart config save
Router 1 : MLVPN client
Router 1 is configured as a MLVPN client router connected to 3 different Internet links. The big difference with MLPPP: We can't use 3 differents IP addresses on our server, then can't simply install 3 differents static routes. We need a 3 default routes, then a minimum of 4 differents routing table.
sysrc hostname=R1 sysrc cloned_interfaces="lo1" sysrc ifconfig_lo1="inet 10.1.1.1/32" sysrc ifconfig_vtnet0="10.0.12.1/24 fib 2" sysrc ifconfig_vtnet1="10.0.13.1/24 fib 3" sysrc static_routes="ISP1 ISP2" sysrc route_ISP1="-fib 2 default 10.0.12.2" sysrc route_ISP2="-fib 3 default 10.0.13.3" sysrc mlvpn_enable=YES cat <<EOF > /usr/local/etc/mlvpn/mlvpn.conf [general] statuscommand = "/usr/local/etc/mlvpn/mlvpn_updown.sh" mode = "client" mtu = 1452 tuntap = "tun" ip4 = "10.0.15.1/30" ip4_gateway = "10.0.15.5" ip4_routes = "10.5.5.5/32" timeout = 30 password = "pleasechangeme!" #reorder_buffer_size = 64 loss_tolerence = 10 [dsl2] bindhost = "10.0.12.1" bindport = 5082 bindfib = 2 remotehost = "10.0.45.5" remoteport = 5082 [dsl3] bindhost = "10.0.13.1" bindport = 5083 bindfib = 3 remotehost = "10.0.45.5" remoteport = 5083 EOF service netif restart service routing restart service mlvpn start config save
Router 5 : MLVPN server
Router 5 is configured as a aggregating server.
sysrc hostname=R5 sysrc cloned_interfaces="lo1" sysrc ifconfig_lo1="inet 10.5.5.5/32" sysrc ifconfig_vtnet3="10.0.45.5/24" sysrc defaultrouter=10.0.45.4 sysrc mlvpn_enable=YES cat <<'EOF' > /usr/local/etc/mlvpn/mlvpn.conf [general] statuscommand = "/usr/local/etc/mlvpn/mlvpn_updown.sh" tuntap = "tun" mode = "server" ip4 = "10.0.15.5/30" ip4_gateway = "10.0.15.1" ip4_routes = "10.1.1.1/32" timeout = 30 password = "pleasechangeme!" #reorder_buffer_size = 64 loss_tolerence = 10 [adsl2] bindhost = "10.0.45.5" bindport = 5082 [adsl3] bindhost = "10.0.45.5" bindport = 5083 'EOF' service netif restart service routing restart service mlvpn start config save
Basic Tests
FIB test
Start by checking that R5 is reacheable from each R1's fib (2, 3):
[root@R1]~# setfib 2 ping -c 2 10.0.45.5 PING 10.0.45.5 (10.0.45.5): 56 data bytes 64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=2.057 ms 64 bytes from 10.0.45.5: icmp_seq=1 ttl=62 time=1.336 ms --- 10.0.45.5 ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 1.336/1.696/2.057/0.361 ms [root@R1]~# setfib 3 ping -c 2 10.0.45.5 PING 10.0.45.5 (10.0.45.5): 56 data bytes 64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=1.806 ms 64 bytes from 10.0.45.5: icmp_seq=1 ttl=62 time=1.852 ms --- 10.0.45.5 ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 1.806/1.829/1.852/0.023 ms
Links bandwidth
Test bandwidth of each link by starting an iperf on MLVPN server:
[root@R5]# iperf -s
Then from the MLVPN client, test bandwidth for each ISP links:
[root@R1]~# setfib 2 iperf -c 10.0.45.5 ------------------------------------------------------------ Client connecting to 10.0.45.5, TCP port 5001 TCP window size: 32.5 KByte (default) ------------------------------------------------------------ [ 3] local 10.0.12.1 port 59888 connected with 10.0.45.5 port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.1 sec 11.8 MBytes 9.75 Mbits/sec [root@R1]~# setfib 3 iperf -c 10.0.45.5 ------------------------------------------------------------ Client connecting to 10.0.45.5, TCP port 5001 TCP window size: 32.5 KByte (default) ------------------------------------------------------------ [ 3] local 10.0.13.1 port 53380 connected with 10.0.45.5 port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.1 sec 11.8 MBytes 9.75 Mbits/sec
MLVPN tests
tunnel
MLVPN can be started in debug mode:
[root@R1]# mlvpn --debug -n mlvpn -u mlvpn 2016-04-19T23:48:21 [INFO/config] new password set 2016-04-19T23:48:21 [INFO/config] dsl2 tunnel added 2016-04-19T23:48:21 [INFO/config] dsl3 tunnel added 2016-04-19T23:48:21 [INFO] created interface `tun0' 2016-04-19T23:48:21 [INFO] dsl2 bind to 10.0.12.1 2016-04-19T23:48:21 [INFO] dsl3 bind to 10.0.13.1 2016-04-19T23:48:21 [INFO/protocol] dsl3 authenticated 2016-04-19T23:48:21 [INFO/protocol] dsl2 authenticated
tun interface need to be check (correct IP address and non-1500 MTU):
[root@R1]# ifconfig tun0 tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1452 options=80000<LINKSTATE> inet6 fe80::5a9c:fcff:fe01:201%tun0 prefixlen 64 scopeid 0x7 inet 10.0.15.1 --> 10.0.15.5 netmask 0xfffffffc nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> Opened by PID 2326
And static route(s) needs to be installed (10.5.5.5/32 in this example):
[root@R1]~# netstat -rn4 Routing tables Internet: Destination Gateway Flags Netif Expire 10.0.12.0/24 link#1 U vtnet0 10.0.13.0/24 link#2 U vtnet1 10.0.15.1 link#7 UHS lo0 10.0.15.5 link#7 UH tun0 10.5.5.5/32 10.0.15.5 UGS tun0 127.0.0.1 link#6 UH lo0
Aggregated bandwidth
Check that aggregated bandwitdh is 10+10 = 20Mbit/s on this lab.
[root@R1]# iperf --bind 10.1.1.1 -c 10.5.5.5 -t 60 ------------------------------------------------------------ Client connecting to 10.5.5.5, TCP port 5001 Binding to local address 10.1.1.1 TCP window size: 32.3 KByte (default) ------------------------------------------------------------ [ 3] local 10.1.1.1 port 5001 connected with 10.5.5.5 port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-60.0 sec 129 MBytes 18.1 Mbits/sec