User Tools

Site Tools


documentation:examples:maximum_bsdrp_features_lab

Maximum BSDRP features lab

This lab is used for testing BSDRP before releasing new version.

Presentation

Network diagram

Here is the logical and physical view:

Setting-up the lab

Downloading BSD Router Project images

Download BSDRP serial image (prevent to have to use an X display) on Sourceforge.

Download Lab scripts

More information on these BSDRP lab scripts available on How to build a BSDRP router lab.

Start the lab with full-meshed 5 routers and a share-with-host LAN.

vtnet (VirtIO) NIC didn't support ALTQ, you can't do traffic shapping in virtIO mode

With virtualbox under FreeBSD/Linux:

BSDRP-lab-vbox.sh -i BSDRP-1.2-full-i386-serial.img -n 5 -c

You can start in VirtIO mode (but ALTQ is not supported on this NIC) by adding the “-v” option.

VirtIO users need to adapt configurations before saving/applying like that:

sed -i "" 's/em/vtnet/g' /etc/rc.conf

here is an example with VirtualBox PowerShell script:

PS C:\Users\olivier\Documents\BSDRP> .\BSDRP-lab-vbox.ps1
[Dirty Hack] Relaunching PowerShell script in STA mode
Stop all running BSDRP
True

BSD Router Project - VirtualBox lab
Enabling one LAN between routers and the host ? (Permit IP access between host and routers)
[Y] Yes  [N] No  [?] Help (default is "Y"):

BSD Router Project - VirtualBox lab
Do you want to enable virtio NIC type ? (Increase perfomance, but don't forget to load virtio drivers with cmd: system
virtualized
[Y] Yes  [N] No  [?] Help (default is "Y"): n
How many other LAN dedicaced to the lab? (between 0 and 35): 0

BSD Router Project - VirtualBox lab
Enable full mesh links between all routers ?
[Y] Yes  [N] No  [?] Help (default is "Y"): y
How many routers ? (between 2 and 36): 5
Setting-up a lab with 5 routers
- All routers and the host will be connected to a shared LAN
- Full mesh ethernet point-to-point link between each routers
Router 1 have the folllowing NIC:
em0 connected to Router2.
em1 connected to Router3.
em2 connected to Router4.
em3 connected to Router5.
em4 connected to the shared-with-host LAN.
Router 2 have the folllowing NIC:
em0 connected to Router1.
em1 connected to Router3.
em2 connected to Router4.
em3 connected to Router5.
em4 connected to the shared-with-host LAN.
Router 3 have the folllowing NIC:
em0 connected to Router1.
em1 connected to Router2.
em2 connected to Router4.
em3 connected to Router5.
em4 connected to the shared-with-host LAN.
Router 4 have the folllowing NIC:
em0 connected to Router1.
em1 connected to Router2.
em2 connected to Router3.
em3 connected to Router5.
em4 connected to the shared-with-host LAN.
Router 5 have the folllowing NIC:
em0 connected to Router1.
em1 connected to Router2.
em2 connected to Router3.
em3 connected to Router4.
em4 connected to the shared-with-host LAN.
All routers started, connect to them using:
 - For BSDRP vga release, with mstsc (included in MS Windows):
     mstsc /v:127.0.0.1:505x (replacing x by router number)
 - For BSDRP serial and vga release: Configure PuTTY to connect to:
     connection type: Serial
     serial line: \\.\pipe\BSDRP_lab_Rx (replacing x by router number)
Press any key to continue...

Routers configuration

Router 1

Root password

This router will be used for backuping all other routers configuration files, then it need a root password for enabling SSH access to it. We will use “root” password for this lab.

[root@router]~# passwd
Changing local password for root
New Password: root
Retype New Password: root

rc.conf

Configure these parameters:

sysrc hostname=R1
sysrc gateway_enable=NO
sysrc ipv6_gateway_enable=NO
sysrc ifconfig_em0=up
sysrc cloned_interfaces=lagg0
sysrc ifconfig_lagg0="laggproto lacp laggport em0 SYNCDHCP"
sysrc ifconfig_lagg0_ipv6="inet6 accept_rtadv"
sysrc quagga_enable=NO
sysrc ifconfig_em4="inet 192.168.56.11/24"
echo "net.link.lagg.0.lacp.lacp_strict_mode=0" >> /etc/sysctl.conf

Saving configuration

Save configuration:

config save

Applying configuration

hostname R1
service netif restart
sysctl net.link.lagg.0.lacp.lacp_strict_mode=0
service routing restart
service quagga onestop

Router 2

rc.conf

Set these parameters:

sysrc hostname=R2
sysrc rtadvd_enable=YES
sysrc kld_list="carp"
sysrc rtadvd_interfaces="em0"
sysrc ifconfig_em0="inet 10.0.12.2/24"
sysrc ifconfig_em0_ipv6="inet6 2001:db8:12::2 prefixlen 64"
sysrc ifconfig_em0_alias0="alias inet 10.0.12.254/32 vhid 1 pass testpass"
sysrc ifconfig_em0_alias1="inet6 2001:db8:12::fe prefixlen 128 vhid 1"
sysrc ifconfig_em1="inet 10.0.23.2/24"
sysrc ifconfig_em1_ipv6="inet6 2001:db8:23::2 prefixlen 64"
sysrc ifconfig_em4="inet 192.168.56.12/24"
sysrc quagga_daemons="zebra ripd ripngd"
sysrc dhcprelya_enable=YES
sysrc dhcprelya_servers="10.0.3.3"
sysrc dhcprelya_ifaces="em0"
sysrc mpd_enable=YES
sysrc mpd_flags="-b -s ppp"
sysrc ngnetflow_enable=YES
sysrc ngnetflow_if=em0
sysrc ngnetflow_dst="10.0.12.1:2055"

mpd.conf

This file is used for configuring a server PPTP VPN with tunnels to R4.

Create this mpd.conf file:

cat > /usr/local/etc/mpd5/mpd.conf <<'EOF'
default:
        load vpnipv4
        load vpnipv6
vpnipv4:
        # Create bundle called vpnipv4
        create bundle static vpnipv4
        # IP of client and server, on another subnet for avoiding problems
        set ipcp ranges 10.4.15.2/32 10.4.15.4/32
        # Remote LAN subnet
        set iface route 10.0.45.0/24
        # Enable Microsoft Point-to-Point encryption (MPPE)
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set bundle enable crypt-reqd
        set mppc yes stateless
        # Create a static pptp link called lvpnipv4
        create link static lvpnipv4 pptp
        # Attach this link to vpnipv4
        set link action bundle vpnipv4
        # Set somes link settings
        set link no pap
        set link yes chap
        set auth authname "VpnLogin4"
        # Reduce the size of the outgoing packet for avoiding fragmentation
        set link mtu 1460
        set link keep-alive 10 75
        # max-redial:
        # Server side, need to be "-1"
        # Client side, need to be positive (0 for allways)
        set link max-redial -1
        # Local WAN IP addresse
        set pptp self 10.0.23.2
        # Remote WAN IP addresse
        set pptp peer 10.0.34.4
        # Allow incoming call
        set link enable incoming

vpnipv6:
        # Create bundle called vpnipv6
        create bundle static vpnipv6
        # Don't know how to disable IPv4 ipcp
        set ipcp ranges 10.6.15.2/32 10.6.15.4/32
        # Enable IPv6
        set bundle enable ipv6cp
        # Remote LAN subnet
        set iface route 2001:db8:45::/64
        # Enable Microsoft Point-to-Point encryption (MPPE)
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set bundle enable crypt-reqd
        set mppc yes stateless
        # Create a static pptp link called lvpnipv4
        create link static lvpnipv6 pptp
        # Attach this link to vpnipv6
        set link action bundle vpnipv6
        # Set somes link settings
        set link no pap
        set link yes chap
        set auth authname "VpnLogin6"
        # Reduce the size of the outgoing packet for avoiding fragmentation
        set link mtu 1460
        set link keep-alive 10 75
        # max-redial:
        # Server side, need to be "-1"
        # Client side, need to be positive (0 for allways)
        set link max-redial -1
        # Local WAN IP addresse
        set pptp self 2001:db8:23::2
        # Remote WAN IP addresse
        set pptp peer 2001:db8:34::4
        # Allow incoming call
        set link enable incoming
'EOF'

mpd.secret

This file is used for storing remote user/password for PPTP VPN.

Create this mpd.secret file:

cat > /usr/local/etc/mpd5/mpd.secret <<'EOF'
VpnLogin4       VpnPassword4
VpnLogin6       VpnPassword6
'EOF'

Quagga

Now configure Quagga:

cli
conf t
key chain pass
key 1
key-string rippassword
exit
exit
interface vtnet1
ip rip authentication mode md5 auth-length rfc
ip rip authentication key-chain pass
interface em1
ip rip authentication mode md5 auth-length rfc
ip rip authentication key-chain pass
router rip
network 10.0.23.0/24
network 10.0.12.0/24
passive-interface vtnet0
passive-interface em0
exit
router ripng
network 2001:db8:12::/64
network 2001:db8:23::/64
passive-interface vtnet0
passive-interface em0
exit
exit
wr
exit

Saving configuration

Save configuration:

config save

Applying configuration

hostname R2
kldload carp
service netif restart
service dhcprelya start
service mpd5 start
service ngnetflow start

Router 3

rc.conf

Set these parameters file:

sysrc hostname=R3
sysrc ifconfig_em1="inet 10.0.23.3/24"
sysrc ifconfig_em2="inet 10.0.34.3/24"
sysrc ifconfig_em1_ipv6="inet6 2001:db8:23::3 prefixlen 64"
sysrc ifconfig_em2_ipv6="inet6 2001:db8:34::3 prefixlen 64"
sysrc cloned_interfaces="lo1"
sysrc ifconfig_lo1="inet 10.0.3.3/24"
sysrc ifconfig_lo1_ipv6="inet6 2001:db8:3::3 prefixlen 64"
sysrc ifconfig_em4="inet 192.168.56.13/24"
sysrc quagga_enable=YES
sysrc quagga_daemons="zebra ripd ripngd ospfd ospf6d"
sysrc dhcpd_enable=YES
sysrc dhcpd_flags="-q"
sysrc dhcpd_conf="/usr/local/etc/dhcpd.conf"
sysrc pf_enable=YES
sysrc pf_rules="/etc/pf.conf"

pf.conf

Create this /etc/pf.conf file:

cat > /etc/pf.conf <<'EOF'
#Variables definitions
TO_R2_if = "{" vtnet1 em1 "}"
TO_R4_if = "{" vtnet2 em2 "}"
R2 = "10.0.23.2/32"
R4 = "10.0.34.4/32"

## ALTQ rules
# Queue outgoing from $TO_R4_if (R2 => R4)
# Rate-limit VPN traffic to 64Kb
altq on $TO_R4_if hfsc bandwidth 100Mb queue { VPN4_TO_R4, OTHER_TO_R4 }
queue VPN4_TO_R4 bandwidth 64Kb hfsc(upperlimit 64Kb)
queue OTHER_TO_R4 bandwidth 99Mb hfsc(default)

# Queue for outgoing traffic from $TO_R2_if (R4 => R2)
altq on $TO_R2_if hfsc bandwidth 100Mb queue { VPN4_TO_R2, OTHER_TO_R2 }
queue VPN4_TO_R2 bandwidth 64Kb hfsc(upperlimit 64Kb)
queue OTHER_TO_R2 bandwidth 99Mb hfsc(default)

## PF rules

# R2 => R4
# Shapping works on outgoing traffic only, but need to 'mark' traffic
# entering the interface for putting returning traffic in the good queue
pass in quick on $TO_R2_if proto gre from $R2 to $R4 queue VPN4_TO_R2
# Apply ALTQ to traffic that get out from $TO_R4_if
pass out quick on $TO_R4_if proto gre from $R2 to $R4 queue VPN4_TO_R4

# PF rules R4 => R2
pass in quick on $TO_R4_if proto gre from $R4 to $R2 queue VPN4_TO_R4
pass out quick on $TO_R2_if proto gre from $R4 to $R2 queue VPN4_TO_R2
'EOF'

dhcpd.conf

Create this dhcpd.conf file:

cat > /usr/local/etc/dhcpd.conf <<'EOF'
option domain-name "bsdrp.net";
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
#Declare loopback network
subnet 10.0.3.0 netmask 255.255.255.0 {
}
#Declare em1/vtnet1 network
subnet 10.0.23.0 netmask 255.255.255.0 {
}
#Declare em2/vtnet2 network
subnet 10.0.34.0 netmask 255.255.255.0 {
}
#Declare R1 LAN and gateway
subnet 10.0.12.0 netmask 255.255.255.0 {
  range 10.0.12.1 10.0.12.1;
  option routers 10.0.12.254;
}
#Declare R5 subnet and gateway
subnet 10.0.45.0 netmask 255.255.255.0 {
  range 10.0.45.5 10.0.45.5;
  option routers 10.0.45.254;
}
'EOF'

Quagga

Now configure Quagga:

cli
conf t
key chain pass
key 1
key-string rippassword
exit
exit
interface vtnet1
ip rip authentication mode md5 auth-length rfc
ip rip authentication key-chain pass
interface em1
ip rip authentication mode md5 auth-length rfc
ip rip authentication key-chain pass
int vtnet2
ospf message-digest-key 1 md5 superpass
int em2
ospf message-digest-key 1 md5 superpass
exit
router rip
network 10.0.23.0/24
network 10.0.34.0/24
network 10.0.3.0/24
passive-interface vtnet2
passive-interface em2
exit
router ripng
network 2001:db8:3::/64
network 2001:db8:23::/64
network 2001:db8:34::/64
passive-interface vtnet2
passive-interface em2
exit
router ospf
router-id 0.0.0.3
network 10.0.3.0/24 area 0.0.0.0
network 10.0.23.0/24 area 0.0.0.0
network 10.0.34.0/24 area 0.0.0.0
passive-interface vtnet1
passive-interface em1
area 0.0.0.0 authentication message-digest
exit
int vtnet1
ipv6 ospf6 passive
int em1
ipv6 ospf6 passive
exit
router ospf6
router-id 0.0.0.3
interface vtnet2 area 0.0.0.0
interface vtnet1 area 0.0.0.0
interface em2 area 0.0.0.0
interface em1 area 0.0.0.0
interface lo1 area 0.0.0.0
exit
exit
wr
exit

Saving configuration

Save configuration:

config save

Applying configuration

hostname R3
service netif restart
service isc-dhcpd start
service pf start

Router 4

rc.conf

Set theses parameters:

sysrc hostname=R4
sysrc rtadvd_enable=YES
sysrc rtadvd_interfaces=em3
sysrc ifconfig_em3="inet 10.0.45.4/24"
sysrc ifconfig_em3_ipv6="inet6 2001:db8:45::4 prefixlen 64"
sysrc ifconfig_em2="10.0.34.4/24"
sysrc ifconfig_em2_ipv6="inet6 2001:db8:34::4 prefixlen 64"
sysrc ifconfig_em4="inet 192.168.56.14/24"
sysrc quagga_enable=NO
sysrc bird_enable=YES
sysrc bird6_enable=YES
sysrc freevrrpd_enable=YES
sysrc dhcprelya_enable=YES
sysrc dhcprelya_servers=10.0.3.3
sysrc dhcprelya_ifaces=em3
sysrc mpd_enable=YES
sysrc mpd_flags="-b -s ppp"
sysrc firewall_enable=YES
sysrc firewall_script="/etc/ipfw.rules"

Bird

Create bird (IPv4) configuration file:

cat > /usr/local/etc/bird.conf <<'EOF'
# Configure logging
log syslog all;
log "/var/log/bird.log" all;
log stderr all;

# Override router ID
router id 0.0.0.4;

# Sync bird routing table with kernel
protocol kernel {
        #import all;
        export all;
}

# Include device route (warning, a device route is a /32)
protocol device {
        scan time 10;
}

# Include directly connected network
protocol direct {
        interface "vtnet3", "em3";
}

protocol ospf R4 {
        export all;
        rfc1583compat yes;
        area 0.0.0.0 {
                interface "vtnet2","em2" {
                        cost 10;
                        type broadcast;
                        passwords {
                               password "superpass" {
                                       id 1;
                               };
                       };
                       authentication cryptographic;
                };
        };
}
'EOF'

Bird6

Create bird (IPv6) configuration file:

cat > /usr/local/etc/bird6.conf <<'EOF'
# Configure logging
log syslog all;
log "/var/log/bird6.log" all;
log stderr all;

# Override router ID
router id 0.0.0.4;

# Sync bird routing table with kernel
protocol kernel {
        #import all;
        export all;
}

protocol device {
        scan time 10;
}
protocol direct {
        interface "vtnet3","em3";
}
protocol ospf R4 {
        export all;
        rfc1583compat yes;
        area 0.0.0.0 {
                interface "vtnet2","em2" {
                        cost 10;
                        type broadcast;
                };
        };
}
'EOF'

mpd.conf

Create the client mpd (PPTP VPN) configuration:

cat > /usr/local/etc/mpd5/mpd.conf <<'EOF'
default:
        load vpnipv4
        load vpnipv6
vpnipv4:
        # Create bundle called vpnipv4
        create bundle static vpnipv4
        # Getting IP from the server
        set ipcp ranges 0.0.0.0/0
        # Remote LAN subnet
        set iface route 10.0.12.0/24
        # Enable Microsoft Point-to-Point encryption (MPPE)
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set bundle enable crypt-reqd
        set mppc yes stateless
        # Create a static pptp link called lvpnipv4
        create link static lvpnipv4 pptp
        # Attach this link to vpnipv4
        set link action bundle vpnipv4
        # Set somes link settings
        set link no pap
        set link yes chap
        set auth authname VpnLogin4
        # Reduce the size of the outgoing packet for avoiding fragmentation
        set link mtu 1460
        set link keep-alive 10 75
        # max-redial:
        # Server side, need to be "-1"
        # Client side, need to be positive (0 for allways)
        set link max-redial 0
        # Local WAN IP addresse
        set pptp self 10.0.34.4
        # Remote WAN IP addresse
        set pptp peer 10.0.23.2
        # Open (initiate) the link to the server
        open
vpnipv6:
        # Create bundle called vpnipv6
        create bundle static vpnipv6
        # Getting IP from the server
        set ipcp ranges 0.0.0.0/0
        # Enable IPv6
        set bundle enable ipv6cp
        # Remote LAN subnet
        set iface route 2001:db8:12::/64
        # Create a static pptp link called lvpnipv6
        create link static lvpnipv6 pptp
        # Attach this link to vpnipv6
        set link action bundle vpnipv6
        # Set somes link settings
        set link no pap
        set link yes chap
        set auth authname VpnLogin6
        # Reduce the size of the outgoing packet for avoiding fragmentation
        set link mtu 1460
        set link keep-alive 10 75
        # max-redial:
        # Server side, need to be "-1"
        # Client side, need to be positive (0 for allways)
        set link max-redial 0
        # Local WAN IP addresse
        set pptp self 2001:db8:34::4
        # Remote WAN IP addresse
        set pptp peer 2001:db8:23::2
        # Open (initiate) the link to the server
        open
'EOF'

mpd.secret

This file is used for storing user/pass for PPTP VPN.

Edit mpd.secret file:

cat > /usr/local/etc/mpd5/mpd.secret <<'EOF'
VpnLogin4       VpnPassword4
VpnLogin6       VpnPassword6
'EOF'

freevrrpd.conf

Create FreeVRRPd configuration file:

cat > /usr/local/etc/freevrrpd.conf <<'EOF'
[VRID]
serverid = 1
#interface = vtnet3
interface = em3
# We want that this router is the master
priority = 101
addr = 10.0.45.254/24
password = vrid1
'EOF'

sysctl.conf

Before to enable IPFW we need to let it to pass IPv6 Unknown Extension Header: IPv6 PPTP links will be denied otherwise.

echo "net.inet6.ip6.fw.deny_unknown_exthdrs=0" >> /etc/sysctl.conf

ipfw.rules

Create rules that shape IPv6 PPTP tunnel with IPFW:

cat > /etc/ipfw.rules <<'EOF'
#!/bin/sh
fwcmd="/sbin/ipfw"
if ! dummynet -q -m ng_ether; then
        kldload dummynet
fi

# Flush out the list before we begin.
${fwcmd} -f flush
#Need to reduce the default queue size too
#explanation on chapter "7.2.1.        Pipe Queues"
#http://www.freebsd-howto.com/HOWTO/Ipfw-HOWTO
${fwcmd} pipe 10 config bw 128Kbit/s queue 10Kbytes
${fwcmd} pipe 20 config bw 128Kbit/s queue 10Kbytes
#Traffic getting out vtnet2, is VPN PPTP traffic
${fwcmd} add 1000 pipe 10 all from 2001:db8:34::4 to 2001:db8:23::2 out via any
#Traffic getting out em3, is clear traffic
${fwcmd} add 2000 pipe 20 all from 2001:db8:12::/64 to 2001:db8:45::/64 out via any
#We don't want to block traffic, only shape some
${fwcmd} add 3000 allow ip from any to any
'EOF'

Saving configuration

Save configuration:

config save

Applying configuration

hostname R4
service netif restart
service bird start
service bird6 start
service mpd5 start
service dhcprelya start
service freevrrpd start
service ipfw start
service sysctl reload

Router 5

rc.conf

Set these parameters:

sysrc hostname=R5
sysrc ifconfig_em3="up"
sysrc cloned_interfaces="lagg0"
sysrc ifconfig_lagg0="laggproto failover laggport em3 SYNCDHCP"
sysrc ifconfig_lagg0_ipv6="inet6 accept_rtadv"
sysrc ifconfig_em4="inet 192.168.56.15/24"
sysrc bsnmpd_enable=YES
sysrc quagga_enable=NO
sysrc gateway_enable=NO
sysrc ipv6_gateway_enable=NO

Saving configuration

Save configuration:

config save

Applying configuration

hostname R5
service netif restart
service routing restart
service quagga onestop
service bsnmpd start

Final testing

Enable IPerf instances on R5

Launch tmux and create 2 windows, one with iperf in IPv4 (default) mode:

[root@R5]~#iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 64.0 KByte (default)
------------------------------------------------------------

And a second with iperf in server IPv6 mode:

[root@R5]~#iperf -V -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 64.0 KByte (default)
------------------------------------------------------------

IPerf client instances and netflow dump on R1

Now, start 2 tmux windows on R1.

On the first tmux window, start a tcpdump filtering netflow coming from R2.

[root@R1]~# tcpdump -pni lagg0 -s 0 -vv udp port 2055
tcpdump: WARNING: em0: no IPv4 address assigned
tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes

And on the second tmux window start an IPerf client on R1 to R5 and check maximum bandwitdh (64kb/s for IPv4 and 128kb/s for IPv6):

[root@R1]~# iperf -c 10.0.45.5 -t 30
------------------------------------------------------------
Client connecting to 10.0.45.5, TCP port 5001
TCP window size: 32.5 KByte (default)
------------------------------------------------------------
[  3] local 10.0.12.1 port 51097 connected with 10.0.45.5 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-45.1 sec   384 KBytes  69.7 Kbits/sec


[root@R1]~# iperf -V -c 2001:db8:45:0:a8aa:ff:fe05:405 -t 30
------------------------------------------------------------
Client connecting to 2001:db8:45:0:a8aa:ff:fe00:545, TCP port 5001
TCP window size: 32.1 KByte (default)
------------------------------------------------------------
[  3] local 2001:db8:12:0:a8aa:ff:fe01:102 port 32880 connected with 2001:db8:45:0:a8aa:ff:fe05:405 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-32.3 sec   512 KBytes   130 Kbits/sec

The IPv4 traffic send by the client to the server is more than 64Kb/s, but it's a correct behavior because the exceeded traffic will be dropped later: We need to check the bandwidth received on R5 for verifying traffic shaping features.

After IPerf tests, check that the tcpdump (on the first tmux window) receive netflow packets from R2:

15:58:47.424286 IP (tos 0x0, ttl 64, id 9855, offset 0, flags [none], proto UDP (17), length 292)
    10.0.12.2.14197 > 10.0.12.1.2055: [udp sum ok] UDP, length 264
16:00:02.443348 IP (tos 0x0, ttl 64, id 9998, offset 0, flags [none], proto UDP (17), length 244)
    10.0.12.2.14197 > 10.0.12.1.2055: [udp sum ok] UDP, length 216

IPerf bandwitdh result received on R5

------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 64.0 KByte (default)
------------------------------------------------------------
[  4] local 10.0.45.5 port 5001 connected with 10.0.12.1 port 41621
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0-35.0 sec   256 KBytes  59.9 Kbits/sec

R5 receive about 60Kb/s of traffic.

Same behaviour for IPv6:

------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 64.0 KByte (default)
------------------------------------------------------------
[  4] local 2001:db8:45:0:a8aa:ff:fe00:545 port 5001 connected with 2001:db8:12:0:a8aa:ff:fe00:112 port 63275
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0-34.8 sec   512 KBytes   120 Kbits/sec

SNMP

From R1, get 2 SNMP values of R5:

  • The basic sysname
  • The UCD module version
[root@R1]~# bsnmpget -s 10.0.45.5 sysName.0
sysName.0 = R5.bsdrp.net
[root@R1]~# bsnmpwalk -s 10.0.45.5 1.3.6.1.4.1.2021.100.2.0
1.3.6.1.4.1.2021.100.2.0 = $Name: bsnmp-ucd-0-3-6 $

Configurations files network backup

R1 will be use as a configuration files backup repository

Mounting data partition on R1

[root@R1]~# mount /data/

Sending configuration archive file to R1

From all others routers, send the configuration file to the /data partition of R1:

[root@R2]/# config put scp root@10.0.12.1:/data/R2.tar.xz
Send saved configuration by SCP to root@10.0.12.1:/data/R2.tar.xz
The authenticity of host '10.0.12.1 (10.0.12.1)' can't be established.
RSA key fingerprint is 4d:e9:ce:26:d4:2f:92:15:5e:06:97:a8:83:78:0c:e5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.12.1' (RSA) to the list of known hosts.
Password:
config.3803.tar.xz                            100% 7100     6.9KB/s   00:00

System integrity check

Download the mtree reference file corresponding to your BSDRP release and start a system integrity check. In this lab, we put the reference file in the /tmp folder of R1:

[root@R1]~# system integrity /tmp/BSDRP-1.4-amd64-serial.mtree.xz
Here is the modified files comparing to the reference mtree file:
dev extra
etc extra
tmp extra
var extra

Extra files and folder are normal regarding your previous tests.

documentation/examples/maximum_bsdrp_features_lab.txt · Last modified: 2014/09/01 18:57 by olivier