User Tools

Site Tools


documentation:examples:maximum_bsdrp_features_lab

Maximum BSDRP features lab

This lab is used for testing BSDRP before releasing new version.

Presentation

Network diagram

Here is the logical and physical view:

Setting-up the lab

Downloading BSD Router Project images

Download BSDRP serial image (prevent to have to use an X display) on Sourceforge.

Download Lab scripts

More information on these BSDRP lab scripts available on How to build a BSDRP router lab.

Start the lab with full-meshed 5 routers and a share-with-host LAN.

vtnet (VirtIO) NIC didn't support ALTQ, you can't do traffic shapping in virtIO mode

With virtualbox under FreeBSD/Linux:

BSDRP-lab-vbox.sh -i BSDRP-1.2-full-i386-serial.img -n 5 -c

You can start in virtio mode (but ALTQ is not supported on this NIC) by adding the ”-v” option.

here is an example with VirtualBox PowerShell script:

PS C:\Users\olivier\Documents\BSDRP> .\BSDRP-lab-vbox.ps1
[Dirty Hack] Relaunching PowerShell script in STA mode
Stop all running BSDRP
True

BSD Router Project - VirtualBox lab
Enabling one LAN between routers and the host ? (Permit IP access between host and routers)
[Y] Yes  [N] No  [?] Help (default is "Y"):

BSD Router Project - VirtualBox lab
Do you want to enable virtio NIC type ? (Increase perfomance, but don't forget to load virtio drivers with cmd: system
virtualized
[Y] Yes  [N] No  [?] Help (default is "Y"): n
How many other LAN dedicaced to the lab? (between 0 and 35): 0

BSD Router Project - VirtualBox lab
Enable full mesh links between all routers ?
[Y] Yes  [N] No  [?] Help (default is "Y"): y
How many routers ? (between 2 and 36): 5
Setting-up a lab with 5 routers
- All routers and the host will be connected to a shared LAN
- Full mesh ethernet point-to-point link between each routers
Router 1 have the folllowing NIC:
em0 connected to Router2.
em1 connected to Router3.
em2 connected to Router4.
em3 connected to Router5.
em4 connected to the shared-with-host LAN.
Router 2 have the folllowing NIC:
em0 connected to Router1.
em1 connected to Router3.
em2 connected to Router4.
em3 connected to Router5.
em4 connected to the shared-with-host LAN.
Router 3 have the folllowing NIC:
em0 connected to Router1.
em1 connected to Router2.
em2 connected to Router4.
em3 connected to Router5.
em4 connected to the shared-with-host LAN.
Router 4 have the folllowing NIC:
em0 connected to Router1.
em1 connected to Router2.
em2 connected to Router3.
em3 connected to Router5.
em4 connected to the shared-with-host LAN.
Router 5 have the folllowing NIC:
em0 connected to Router1.
em1 connected to Router2.
em2 connected to Router3.
em3 connected to Router4.
em4 connected to the shared-with-host LAN.
All routers started, connect to them using:
 - For BSDRP vga release, with mstsc (included in MS Windows):
     mstsc /v:127.0.0.1:505x (replacing x by router number)
 - For BSDRP serial and vga release: Configure PuTTY to connect to:
     connection type: Serial
     serial line: \\.\pipe\BSDRP_lab_Rx (replacing x by router number)
Press any key to continue...

Routers configuration

Router 1

Root password

This router will be used for backuping all other routers configuration files, then it need a root password for enabling SSH access to it. We will use “root” password for this lab.

[root@router]~# passwd
Changing local password for root
New Password: root
Retype New Password: root

rc.conf

Configure these parameters:

sysrc hostname=R1
sysrc gateway_enable=NO
sysrc ipv6_gateway_enable=NO
sysrc ifconfig_em0=up
sysrc cloned_interfaces=lagg0
sysrc ifconfig_lagg0="laggproto lacp laggport em0 SYNCDHCP"
sysrc ifconfig_lagg0_ipv6="inet6 accept_rtadv"
sysrc quagga_enable=NO
sysrc ifconfig_em4="inet 192.168.56.11/24"

Saving configuration

Save configuration:

config save

Applying configuration

service netif restart
service routing restart
service quagga onestop

Router 2

rc.conf

Set these parameters:

sysrc hostname=R2
sysrc rtadvd_enable=YES
sysrc rtadvd_interfaces="em0"
sysrc ifconfig_em0="inet 10.0.12.2/24"
sysrc ifconfig_em0_ipv6="inet6 2001:db8:12::2 prefixlen 64"
sysrc ifconfig_em1="inet 10.0.23.2/24"
sysrc ifconfig_em1_ipv6="inet6 2001:db8:23::2 prefixlen 64"
sysrc ifconfig_em4="inet 192.168.56.12/24"
sysrc cloned_interfaces="carp0"
sysrc ifconfig_carp0="vhid 1 pass testpass 10.0.12.254/24"
sysrc ipv6_ifconfig_carp0="vhid 1 pass testpass6 2001:db8:12::fe prefixlen 64"
sysrc quagga_daemons="zebra ripd ripngd"
sysrc dhcrelay_enable=YES
sysrc dhcrelay_servers="10.0.3.3"
sysrc dhcrelay_ifaces="em0 em1"
sysrc mpd_enable=YES
sysrc mpd_flags="-b -s ppp"
sysrc ngnetflow_enable=YES
sysrc ngnetflow_if=em0
sysrc ngnetflow_dst="10.0.12.1:2055"

mpd.conf

This file is used for configuring a server PPTP VPN with tunnels to R4.

Create this mpd.conf file:

cat > /usr/local/etc/mpd5/mpd.conf <<'EOF'
default:
        load vpnipv4
        load vpnipv6
vpnipv4:
        # Create bundle called vpnipv4
        create bundle static vpnipv4
        # IP of client and server, on another subnet for avoiding problems
        set ipcp ranges 10.4.15.2/32 10.4.15.4/32
        # Remote LAN subnet
        set iface route 10.0.45.0/24
        # Enable Microsoft Point-to-Point encryption (MPPE)
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set bundle enable crypt-reqd
        set mppc yes stateless
        # Create a static pptp link called lvpnipv4
        create link static lvpnipv4 pptp
        # Attach this link to vpnipv4
        set link action bundle vpnipv4
        # Set somes link settings
        set link no pap
        set link yes chap
        set auth authname "VpnLogin4"
        # Reduce the size of the outgoing packet for avoiding fragmentation
        set link mtu 1460
        set link keep-alive 10 75
        # max-redial:
        # Server side, need to be "-1"
        # Client side, need to be positive (0 for allways)
        set link max-redial -1
        # Local WAN IP addresse
        set pptp self 10.0.23.2
        # Remote WAN IP addresse
        set pptp peer 10.0.34.4
        # Allow incoming call
        set link enable incoming

vpnipv6:
        # Create bundle called vpnipv6
        create bundle static vpnipv6
        # Don't know how to disable IPv4 ipcp
        set ipcp ranges 10.6.15.2/32 10.6.15.4/32
        # Enable IPv6
        set bundle enable ipv6cp
        # Remote LAN subnet
        set iface route 2001:db8:45::/64
        # Enable Microsoft Point-to-Point encryption (MPPE)
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set bundle enable crypt-reqd
        set mppc yes stateless
        # Create a static pptp link called lvpnipv4
        create link static lvpnipv6 pptp
        # Attach this link to vpnipv6
        set link action bundle vpnipv6
        # Set somes link settings
        set link no pap
        set link yes chap
        set auth authname "VpnLogin6"
        # Reduce the size of the outgoing packet for avoiding fragmentation
        set link mtu 1460
        set link keep-alive 10 75
        # max-redial:
        # Server side, need to be "-1"
        # Client side, need to be positive (0 for allways)
        set link max-redial -1
        # Local WAN IP addresse
        set pptp self 2001:db8:23::2
        # Remote WAN IP addresse
        set pptp peer 2001:db8:34::4
        # Allow incoming call
        set link enable incoming
'EOF'

mpd.secret

This file is used for storing remote user/password for PPTP VPN.

Create this mpd.secret file:

cat > /usr/local/etc/mpd5/mpd.secret <<'EOF'
VpnLogin4       VpnPassword4
VpnLogin6       VpnPassword6
'EOF'

Quagga

Now configure Quagga:

cli
conf t
key chain pass
key 1
key-string rippassword
exit
exit
interface vtnet1
ip rip authentication mode md5 auth-length rfc
ip rip authentication key-chain pass
interface em1
ip rip authentication mode md5 auth-length rfc
ip rip authentication key-chain pass
router rip
network 10.0.23.0/24
network 10.0.12.0/24
passive-interface vtnet0
passive-interface em0
exit
router ripng
network 2001:db8:12::/64
network 2001:db8:23::/64
passive-interface vtnet0
passive-interface em0
exit
exit
wr
exit

Saving configuration

Save configuration:

config save

Applying configuration

service netif restart
service isc-dhcrelay start
service mpd5 start
service ngnetflow start

Router 3

rc.conf

Set these parameters file:

sysrc hostname=R3
sysrc ifconfig_em1="inet 10.0.23.3/24"
sysrc ifconfig_em2="inet 10.0.34.3/24"
sysrc ifconfig_em1_ipv6="inet6 2001:db8:23::3 prefixlen 64"
sysrc ifconfig_em2_ipv6="inet6 2001:db8:34::3 prefixlen 64"
sysrc cloned_interfaces="lo1"
sysrc ifconfig_lo1="inet 10.0.3.3/24"
sysrc ifconfig_lo1_ipv6="inet6 2001:db8:3::3 prefixlen 64"
sysrc ifconfig_em4="inet 192.168.56.13/24"
sysrc quagga_enable=YES
sysrc quagga_daemons="zebra ripd ripngd ospfd ospf6d"
sysrc dhcpd_enable=YES
sysrc dhcpd_flags="-q"
sysrc dhcpd_conf="/usr/local/etc/dhcpd.conf"
sysrc pf_enable=YES
sysrc pf_rules="/etc/pf.conf"

pf.conf

Create this /etc/pf.conf file:

cat > /etc/pf.conf <<'EOF'
#Variables definitions
TO_R2_if = "{" vtnet1 em1 "}"
TO_R4_if = "{" vtnet2 em2 "}"
R2 = "10.0.23.2/32"
R4 = "10.0.34.4/32"

## ALTQ rules
# Queue outgoing from $TO_R4_if (R2 => R4)
# Rate-limit VPN traffic to 64Kb
altq on $TO_R4_if hfsc bandwidth 100Mb queue { VPN4_TO_R4, OTHER_TO_R4 }
queue VPN4_TO_R4 bandwidth 64Kb hfsc(upperlimit 64Kb)
queue OTHER_TO_R4 bandwidth 99Mb hfsc(default)

# Queue for outgoing traffic from $TO_R2_if (R4 => R2)
altq on $TO_R2_if hfsc bandwidth 100Mb queue { VPN4_TO_R2, OTHER_TO_R2 }
queue VPN4_TO_R2 bandwidth 64Kb hfsc(upperlimit 64Kb)
queue OTHER_TO_R2 bandwidth 99Mb hfsc(default)

## PF rules

# R2 => R4
# Shapping works on outgoing traffic only, but need to 'mark' traffic
# entering the interface for putting returning traffic in the good queue
pass in quick on $TO_R2_if proto gre from $R2 to $R4 queue VPN4_TO_R2
# Apply ALTQ to traffic that get out from $TO_R4_if
pass out quick on $TO_R4_if proto gre from $R2 to $R4 queue VPN4_TO_R4

# PF rules R4 => R2
pass in quick on $TO_R4_if proto gre from $R4 to $R2 queue VPN4_TO_R4
pass out quick on $TO_R2_if proto gre from $R4 to $R2 queue VPN4_TO_R2
'EOF'

dhcpd.conf

Create this dhcpd.conf file:

cat > /usr/local/etc/dhcpd.conf <<'EOF'
option domain-name "bsdrp.net";
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
#Declare loopback network
subnet 10.0.3.0 netmask 255.255.255.0 {
}
#Declare em1/vtnet1 network
subnet 10.0.23.0 netmask 255.255.255.0 {
}
#Declare em2/vtnet2 network
subnet 10.0.34.0 netmask 255.255.255.0 {
}
#Declare R1 LAN and gateway
subnet 10.0.12.0 netmask 255.255.255.0 {
  range 10.0.12.1 10.0.12.1;
  option routers 10.0.12.254;
}
#Declare R5 subnet and gateway
subnet 10.0.45.0 netmask 255.255.255.0 {
  range 10.0.45.5 10.0.45.5;
  option routers 10.0.45.254;
}
'EOF'

Quagga

Now configure Quagga:

cli
conf t
key chain pass
key 1
key-string rippassword
exit
exit
interface vtnet1
ip rip authentication mode md5 auth-length rfc
ip rip authentication key-chain pass
interface em1
ip rip authentication mode md5 auth-length rfc
ip rip authentication key-chain pass
int vtnet2
ospf message-digest-key 1 md5 superpass
int em2
ospf message-digest-key 1 md5 superpass
exit
router rip
network 10.0.23.0/24
network 10.0.34.0/24
network 10.0.3.0/24
passive-interface vtnet2
passive-interface em2
exit
router ripng
network 2001:db8:3::/64
network 2001:db8:23::/64
network 2001:db8:34::/64
passive-interface vtnet2
passive-interface em2
exit
router ospf
router-id 0.0.0.3
network 10.0.3.0/24 area 0.0.0.0
network 10.0.23.0/24 area 0.0.0.0
network 10.0.34.0/24 area 0.0.0.0
passive-interface vtnet1
passive-interface em1
area 0.0.0.0 authentication message-digest
exit
int vtnet1
ipv6 ospf6 passive
int em1
ipv6 ospf6 passive
exit
router ospf6
router-id 0.0.0.3
interface vtnet2 area 0.0.0.0
interface vtnet1 area 0.0.0.0
interface em2 area 0.0.0.0
interface em1 area 0.0.0.0
interface lo1 area 0.0.0.0
exit
exit
wr
exit

Saving configuration

Save configuration:

config save

Applying configuration

service netif restart
service isc-dhcpd start
service pf start

Router 4

rc.conf

Set theses parameters:

sysrc hostname=R4
sysrc rtadvd_enable=YES
sysrc rtadvd_interfaces=em3
sysrc ifconfig_em3="inet 10.0.45.4/24"
sysrc ifconfig_em3_ipv6="inet6 2001:db8:45::4 prefixlen 64"
sysrc ifconfig_em2="10.0.34.4/24"
sysrc ifconfig_em2_ipv6="inet6 2001:db8:34::4 prefixlen 64"
sysrc ifconfig_em4="inet 192.168.56.14/24"
sysrc quagga_enable=NO
sysrc bird_enable=YES
sysrc bird6_enable=YES
sysrc freevrrpd_enable=YES
sysrc dhcrelay_enable=YES
sysrc dhcrelay_servers=10.0.3.3
sysrc dhcrelay_ifaces="em3 em2"
sysrc mpd_enable=YES
sysrc mpd_flags="-b -s ppp"
sysrc firewall_enable=YES
sysrc firewall_script="/etc/ipfw.rules"

Bird

Create bird (IPv4) configuration file:

cat > /usr/local/etc/bird.conf <<'EOF'
# Configure logging
log syslog all;
log "/var/log/bird.log" all;
log stderr all;

# Override router ID
router id 0.0.0.4;

# Sync bird routing table with kernel
protocol kernel {
        #import all;
        export all;
}

# Include device route (warning, a device route is a /32)
protocol device {
        scan time 10;
}

# Include directly connected network
protocol direct {
        interface "vtnet3", "em3";
}

protocol ospf R4 {
        export all;
        rfc1583compat yes;
        area 0.0.0.0 {
                interface "vtnet2","em2" {
                        cost 10;
                        type broadcast;
                        passwords {
                               password "superpass" {
                                       id 1;
                               };
                       };
                       authentication cryptographic;
                };
        };
}
'EOF'

Bird6

Create bird (IPv6) configuration file:

cat > /usr/local/etc/bird6.conf <<'EOF'
# Configure logging
log syslog all;
log "/var/log/bird6.log" all;
log stderr all;

# Override router ID
router id 0.0.0.4;

# Sync bird routing table with kernel
protocol kernel {
        #import all;
        export all;
}

protocol device {
        scan time 10;
}
protocol direct {
        interface "vtnet3","em3";
}
protocol ospf R4 {
        export all;
        rfc1583compat yes;
        area 0.0.0.0 {
                interface "vtnet2","em2" {
                        cost 10;
                        type broadcast;
                };
        };
}
'EOF'

mpd.conf

Create the client mpd (PPTP VPN) configuration:

cat > /usr/local/etc/mpd5/mpd.conf <<'EOF'
default:
        load vpnipv4
        load vpnipv6
vpnipv4:
        # Create bundle called vpnipv4
        create bundle static vpnipv4
        # Getting IP from the server
        set ipcp ranges 0.0.0.0/0
        # Remote LAN subnet
        set iface route 10.0.12.0/24
        # Enable Microsoft Point-to-Point encryption (MPPE)
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set bundle enable crypt-reqd
        set mppc yes stateless
        # Create a static pptp link called lvpnipv4
        create link static lvpnipv4 pptp
        # Attach this link to vpnipv4
        set link action bundle vpnipv4
        # Set somes link settings
        set link no pap
        set link yes chap
        set auth authname VpnLogin4
        # Reduce the size of the outgoing packet for avoiding fragmentation
        set link mtu 1460
        set link keep-alive 10 75
        # max-redial:
        # Server side, need to be "-1"
        # Client side, need to be positive (0 for allways)
        set link max-redial 0
        # Local WAN IP addresse
        set pptp self 10.0.34.4
        # Remote WAN IP addresse
        set pptp peer 10.0.23.2
        # Open (initiate) the link to the server
        open
vpnipv6:
        # Create bundle called vpnipv6
        create bundle static vpnipv6
        # Getting IP from the server
        set ipcp ranges 0.0.0.0/0
        # Enable IPv6
        set bundle enable ipv6cp
        # Remote LAN subnet
        set iface route 2001:db8:12::/64
        # Create a static pptp link called lvpnipv6
        create link static lvpnipv6 pptp
        # Attach this link to vpnipv6
        set link action bundle vpnipv6
        # Set somes link settings
        set link no pap
        set link yes chap
        set auth authname VpnLogin6
        # Reduce the size of the outgoing packet for avoiding fragmentation
        set link mtu 1460
        set link keep-alive 10 75
        # max-redial:
        # Server side, need to be "-1"
        # Client side, need to be positive (0 for allways)
        set link max-redial 0
        # Local WAN IP addresse
        set pptp self 2001:db8:34::4
        # Remote WAN IP addresse
        set pptp peer 2001:db8:23::2
        # Open (initiate) the link to the server
        open
'EOF'

mpd.secret

This file is used for storing user/pass for PPTP VPN.

Edit mpd.secret file:

cat > /usr/local/etc/mpd5/mpd.secret <<'EOF'
VpnLogin4       VpnPassword4
VpnLogin6       VpnPassword6
'EOF'

freevrrpd.conf

Create FreeVRRPd configuration file:

cat > /usr/local/etc/freevrrpd.conf <<'EOF'
[VRID]
serverid = 1
#interface = vtnet3
interface = em3
# We want that this router is the master
priority = 101
addr = 10.0.45.254/24
password = vrid1
'EOF'

sysctl.conf

Before to enable IPFW we need to let it to pass IPv6 Unknown Extension Header: IPv6 PPTP links will be denied otherwise.

echo "net.inet6.ip6.fw.deny_unknown_exthdrs=0" >> /etc/sysctl.conf

ipfw.rules

Create rules that shape IPv6 PPTP tunnel with IPFW:

cat > /etc/ipfw.rules <<'EOF'
#!/bin/sh
fwcmd="/sbin/ipfw"
if ! dummynet -q -m ng_ether; then
        kldload dummynet
fi

# Flush out the list before we begin.
${fwcmd} -f flush
#Need to reduce the default queue size too
#explanation on chapter "7.2.1.        Pipe Queues"
#http://www.freebsd-howto.com/HOWTO/Ipfw-HOWTO
${fwcmd} pipe 10 config bw 128Kbit/s queue 10Kbytes
${fwcmd} pipe 20 config bw 128Kbit/s queue 10Kbytes
#Traffic getting out vtnet2, is VPN PPTP traffic
${fwcmd} add 1000 pipe 10 all from 2001:db8:34::4 to 2001:db8:23::2 out via any
#Traffic getting out em3, is clear traffic
${fwcmd} add 2000 pipe 20 all from 2001:db8:12::/64 to 2001:db8:45::/64 out via any
#We don't want to block traffic, only shape some
${fwcmd} add 3000 allow ip from any to any
'EOF'

Saving configuration

Save configuration:

config save

Applying configuration

service netif restart
service bird start
service bird6 start
service mpd5 start
service isc-dhcrelay start
service freevrrpd start
service ipfw start
service sysctl reload

Router 5

rc.conf

Set these parameters:

sysrc hostname=R5
sysrc ifconfig_em3="up"
sysrc cloned_interfaces="lagg0"
sysrc ifconfig_lagg0="laggproto failover laggport em3 SYNCDHCP"
sysrc ifconfig_lagg0_ipv6="inet6 accept_rtadv"
sysrc ifconfig_em4="inet 192.168.56.15/24"
sysrc bsnmpd_enable=YES
sysrc quagga_enable=NO
sysrc gateway_enable=NO
sysrc ipv6_gateway_enable=NO

Saving configuration

Save configuration:

config save

Applying configuration

service netif restart
service routing restart
service quagga onestop
service bsnmpd start

Final testing

Enable IPerf instances on R5

Launch tmux and create 2 windows, one with iperf in IPv4 (default) mode:

[root@R5]~#iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 64.0 KByte (default)
------------------------------------------------------------

And a second with iperf in server IPv6 mode:

[root@R5]~#iperf -V -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 64.0 KByte (default)
------------------------------------------------------------

IPerf client instances and netflow dump on R1

Now, start 2 tmux windows on R1.

On the first tmux window, start a tcpdump filtering netflow coming from R2.

[root@R1]~# tcpdump -pni lagg0 -s 0 -vv udp port 2055
tcpdump: WARNING: em0: no IPv4 address assigned
tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes

And on the second tmux window start an IPerf client on R1 to R5 and check maximum bandwitdh (64kb/s for IPv4 and 128kb/s for IPv6):

[root@R1]~# iperf -c 10.0.45.5 -t 30
------------------------------------------------------------
Client connecting to 10.0.45.5, TCP port 5001
TCP window size: 32.5 KByte (default)
------------------------------------------------------------
[  3] local 10.0.12.1 port 51097 connected with 10.0.45.5 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-45.1 sec   384 KBytes  69.7 Kbits/sec


[root@R1]~# iperf -V -c 2001:db8:45:0:a8aa:ff:fe05:405 -t 30
------------------------------------------------------------
Client connecting to 2001:db8:45:0:a8aa:ff:fe00:545, TCP port 5001
TCP window size: 32.1 KByte (default)
------------------------------------------------------------
[  3] local 2001:db8:12:0:a8aa:ff:fe01:102 port 32880 connected with 2001:db8:45:0:a8aa:ff:fe05:405 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-32.3 sec   512 KBytes   130 Kbits/sec

The IPv4 traffic send by the client to the server is more than 64Kb/s, but it's a correct behavior because the exceeded traffic will be dropped later: We need to check the bandwidth received on R5 for verifying traffic shaping features.

After IPerf tests, check that the tcpdump (on the first tmux window) receive netflow packets from R2:

15:58:47.424286 IP (tos 0x0, ttl 64, id 9855, offset 0, flags [none], proto UDP (17), length 292)
    10.0.12.2.14197 > 10.0.12.1.2055: [udp sum ok] UDP, length 264
16:00:02.443348 IP (tos 0x0, ttl 64, id 9998, offset 0, flags [none], proto UDP (17), length 244)
    10.0.12.2.14197 > 10.0.12.1.2055: [udp sum ok] UDP, length 216

IPerf bandwitdh result received on R5

------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 64.0 KByte (default)
------------------------------------------------------------
[  4] local 10.0.45.5 port 5001 connected with 10.0.12.1 port 41621
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0-35.0 sec   256 KBytes  59.9 Kbits/sec

R5 receive about 60Kb/s of traffic.

Same behaviour for IPv6:

------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 64.0 KByte (default)
------------------------------------------------------------
[  4] local 2001:db8:45:0:a8aa:ff:fe00:545 port 5001 connected with 2001:db8:12:0:a8aa:ff:fe00:112 port 63275
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0-34.8 sec   512 KBytes   120 Kbits/sec

SNMP

From R1, get 2 SNMP values of R5:

  • The basic sysname
  • The UCD module version
[root@R1]~# bsnmpget -s 10.0.45.5 sysName.0
sysName.0 = R5.bsdrp.net
[root@R1]~# bsnmpwalk -s 10.0.45.5 1.3.6.1.4.1.2021.100.2.0
1.3.6.1.4.1.2021.100.2.0 = $Name: bsnmp-ucd-0-3-6 $

Configurations files network backup

R1 will be use as a configuration files backup repository

Mounting data partition on R1

[root@R1]~# mount /data/

Sending configuration archive file to R1

From all others routers, send the configuration file to the /data partition of R1:

[root@R2]/# config put scp root@10.0.12.1:/data/R2.tar.xz
Send saved configuration by SCP to root@10.0.12.1:/data/R2.tar.xz
The authenticity of host '10.0.12.1 (10.0.12.1)' can't be established.
RSA key fingerprint is 4d:e9:ce:26:d4:2f:92:15:5e:06:97:a8:83:78:0c:e5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.12.1' (RSA) to the list of known hosts.
Password:
config.3803.tar.xz                            100% 7100     6.9KB/s   00:00

System integrity check

Download the mtree reference file corresponding to your BSDRP release and start a system integrity check. In this lab, we put the reference file in the /tmp folder of R1:

[root@R1]~# system integrity /tmp/BSDRP-1.4-amd64-serial.mtree.xz
Here is the modified files comparing to the reference mtree file:
dev extra
etc extra
tmp extra
var extra

Extra files and folder are normal regarding your previous tests.

documentation/examples/maximum_bsdrp_features_lab.txt · Last modified: 2014/03/15 13:26 by olivier