Table of Contents
BGP/OSPF/RIP/BABEL lab with bird
This Labs is done from one BSDRP VM and it explains how to use BSDRP using bird 2.
Presentation
Network diagram
Here is the logical and physical view:
Router configuration
All the configurations details here could be generated by the BSDRP lab script embedded that will creates 5 jails and configure them:
labconfig bird_jails
Host
Unhide bpf interface to jails to be able to use tcpdump inside them.
sysrc hostname=host \ cloned_interfaces="epair0 epair1 epair2 epair3 epair4" \ kld_list="ipsec" cat > /etc/devfs.rules <<'EOF' [devfsrules_jailbpf=4] add include \$devfsrules_hide_all add include \$devfsrules_unhide_basic add include \$devfsrules_unhide_login add path 'bpf*' unhide 'EOF' service devfs restart service netif restart service hostname restart service kld start tenant -c -j jail1 -i epair0a tenant -c -j jail2 -i epair0b,epair1a tenant -c -j jail3 -i epair1b,epair2a tenant -c -j jail4 -i epair2b,epair3a tenant -c -j jail5 -i epair3b,epair4a tenant -c -j jail6 -i epair4b
Jail 1
cat > /etc/jails/jail1/rc.conf <<EOF
hostname="jail1"
gateway_enable=YES
ipv6_gateway_enable=YES
sysrc cloned_interfaces=lo1
ifconfig_lo1="inet 192.168.10.1/24"
ifconfig_lo1_ipv6="inet6 2001:db8:10::1/64"
ifconfig_epair0a="inet 192.168.12.1/24"
ifconfig_epair0a_ipv6="inet6 2001:db8:12::1/64"
bird_enable=yes
EOF
cat > /etc/jails/jail1/local/bird.conf <<EOF
# Configure logging
log syslog all;
log "/var/log/bird.log" all;
log stderr all;
# Override router ID
router id 192.168.10.1;
# Sync bird routing table with kernel
protocol kernel kernel4 {
ipv4 {
export all;
};
}
protocol kernel kernel6 {
ipv6 {
export all;
};
}
protocol device {
scan time 10;
}
# Include directly connected networks
protocol direct {
ipv4;
ipv6;
}
protocol bgp bgp4 {
local as 12;
# Bird creates IPSEC SAD entry automatically but it need to know the source IP address
# Otherwise it will use the wrong 0.0.0.0 IP as source
source address 192.168.12.1;
neighbor 192.168.12.2 as 12;
password "abigpassword";
ipv4 {
import all;
export all;
};
}
protocol bgp bgp6 {
local as 12;
# Bird creates IPSEC SAD entry automatically but it need to know the source IP address
# Otherwise it will use the wrong :: IP as source
source address 2001:db8:12::1;
neighbor 2001:db8:12::2 as 12;
password "abigpassword";
ipv6 {
import all;
export all;
};
}
protocol bfd {}
EOF
Jail 2
cat > /etc/jails/jail2/rc.conf <<EOF
hostname="jail2"
gateway_enable=YES
ipv6_gateway_enable=YES
ifconfig_epair0b="inet 192.168.12.2/24"
ifconfig_epair0b_ipv6="inet6 2001:db8:12::2/64"
ifconfig_epair1a="inet 192.168.23.2/24"
ifconfig_epair1a_ipv6="inet6 2001:db8:23::2/64"
bird_enable=yes
EOF
cat > /etc/jails/jail2/local/bird.conf <<EOF
# Configure logging
log syslog all;
log "/var/log/bird.log" all;
log stderr all;
# Override router ID
router id 192.168.10.2;
# Sync bird routing table with kernel
protocol kernel kernel4 {
ipv4 {
export all;
};
}
protocol kernel kernel6 {
ipv6 {
export all;
};
}
protocol device {
scan time 10;
}
# Include directly connected networks
protocol direct {
ipv4;
ipv6;
}
protocol bgp bgp4 {
local as 12;
# Bird creates IPSEC SAD entry automatically but it need to know the source IP address
# Otherwise it will use the wrong 0.0.0.0 IP as source
source address 192.168.12.2;
neighbor 192.168.12.1 as 12;
password "abigpassword";
ipv4 {
import all;
export all;
next hop self;
};
}
protocol bgp bgp6 {
local as 12;
# Bird creates IPSEC SAD entry automatically but it need to know the source IP address
# Otherwise it will use the wrong :: IP as source
source address 2001:db8:12::2;
neighbor 2001:db8:12::1 as 12;
password "abigpassword";
ipv6 {
import all;
export all;
next hop self;
};
}
protocol bfd {}
protocol rip rip4 {
ipv4 { import all; export all;};
interface "epair1a" {};
}
protocol rip ng rip6 {
ipv6 { import all; export all;};
interface "epair1a" {};
}
EOF
Jail 3
cat > /etc/jails/jail3/rc.conf <<EOF
hostname="jail3"
gateway_enable=YES
ipv6_gateway_enable=YES
ifconfig_epair1b="inet 192.168.23.3/24"
ifconfig_epair1b_ipv6="inet6 2001:db8:23::3/64"
ifconfig_epair2a="inet 192.168.34.3/24"
ifconfig_epair2a_ipv6="inet6 2001:db8:34::3/64"
bird_enable=yes
EOF
cat > /etc/jails/jail3/local/bird.conf <<EOF
# Configure logging
log syslog all;
log "/var/log/bird.log" all;
log stderr all;
# Override router ID
router id 192.168.10.3;
# Sync bird routing table with kernel
protocol kernel kernel4 {
ipv4 {
export all;
};
}
protocol kernel kernel6 {
ipv6 {
export all;
};
}
protocol device {
scan time 10;
}
# Include directly connected networks
protocol direct {
ipv4;
ipv6;
}
protocol bfd {}
protocol rip rip4 {
ipv4 { import all; export all;};
interface "epair1b" {};
}
protocol rip ng rip6 {
ipv6 { import all; export all;};
interface "epair1b" {};
}
protocol ospf v2 opsf4 {
ipv4 { import all; export all;};
area 0 {
interface "epair2a" {};
};
}
protocol ospf v3 ospf6 {
ipv6 { import all; export all;};
area 0 {
interface "epair2a" {};
};
}
EOF
Jail 4
cat > /etc/jails/jail4/rc.conf <<EOF
hostname="jail4"
gateway_enable=YES
ipv6_gateway_enable=YES
ifconfig_epair2b="inet 192.168.34.4/24"
ifconfig_epair2b_ipv6="inet6 2001:db8:34::4/64"
ifconfig_epair3a="inet 192.168.45.4/24"
ifconfig_epair3a_ipv6="inet6 2001:db8:45::4/64"
bird_enable=yes
EOF
cat > /etc/jails/jail4/local/bird.conf <<EOF
# Configure logging
log syslog all;
log "/var/log/bird.log" all;
log stderr all;
# Override router ID
router id 192.168.10.4;
# Sync bird routing table with kernel
protocol kernel kernel4 {
ipv4 {
export all;
};
}
protocol kernel kernel6 {
ipv6 {
export all;
};
}
protocol device {
scan time 10;
}
# Include directly connected networks
protocol direct {
ipv4;
ipv6;
}
protocol bfd {}
protocol ospf v2 ospf4 {
ipv4 { import all; export all;};
area 0 {
interface "epair2b" {};
};
}
protocol ospf v3 ospf6 {
ipv6 { import all; export all;};
area 0 {
interface "epair2b" {};
};
}
protocol babel {
interface "epair3a" { type wired; };
ipv4 { import all; export all;};
ipv6 { import all; export all;};
}
EOF
Jail 5
cat > /etc/jails/jail5/rc.conf <<EOF
hostname="jail5"
gateway_enable=YES
ipv6_gateway_enable=YES
ifconfig_epair3b="inet 192.168.45.5/24"
ifconfig_epair3b_ipv6="inet6 2001:db8:45::5/64"
ifconfig_epair4a="inet 192.168.56.5/24"
ifconfig_epair4a_ipv6="inet6 2001:db8:56::5/64"
bird_enable=yes
EOF
cat > /etc/jails/jail5/local/bird.conf <<EOF
# Configure logging
log syslog all;
log "/var/log/bird.log" all;
log stderr all;
# Override router ID
router id 192.168.10.5;
# Sync bird routing table with kernel
protocol kernel kernel4 {
ipv4 {
export all;
};
}
protocol kernel kernel6 {
ipv6 {
export all;
};
}
protocol device {
scan time 10;
}
# Include directly connected networks
protocol direct {
ipv4;
ipv6;
}
protocol babel {
interface "epair3b" { type wired; };
ipv4 { import all; export all;};
ipv6 { import all; export all;};
}
protocol static static4 {
ipv4;
route 192.168.60.0/24 via 192.168.56.6;
}
protocol static static6 {
ipv6;
route 2001:db8:60::/64 via 2001:db8:56::6;
}
EOF
Jail 6
cat > /etc/jails/jail6/rc.conf <<EOF
hostname="jail6"
gateway_enable=YES
ipv6_gateway_enable=YES
cloned_interfaces=lo1
ifconfig_epair4b="inet 192.168.56.6/24"
ifconfig_epair4b_ipv6="inet6 2001:db8:56::6/64"
ifconfig_lo1="inet 192.168.60.6/24"
ifconfig_lo1_ipv6="inet6 2001:db8:60::6/64"
bird_enable=yes
EOF
cat > /etc/jails/jail6/local/bird.conf <<EOF
# Configure logging
log syslog all;
log "/var/log/bird.log" all;
log stderr all;
# Override router ID
router id 192.168.10.6;
# Sync bird routing table with kernel
protocol kernel kernel4 {
ipv4 {
export all;
};
}
protocol kernel kernel6 {
ipv6 {
export all;
};
}
protocol device {
scan time 10;
}
# Include directly connected networks
protocol direct {
ipv4;
ipv6;
}
protocol static static4 {
ipv4;
route 0.0.0.0/0 via 192.168.56.5;
}
protocol static static6 {
ipv6;
route ::/0 via 2001:db8:56::5;
}
EOF
Testing
Jail 1 routing table:
root@host:~ # jexec jail1 netstat -rn Routing tables Internet: Destination Gateway Flags Netif Expire 127.0.0.1 link#16 UH lo0 192.168.10.0/24 link#26 U1 lo1 192.168.10.1 link#26 UH lo1 192.168.12.0/24 link#4 U epair0a 192.168.12.1 link#4 UHS lo0 192.168.23.0/24 192.168.12.2 UG1 epair0a 192.168.34.0/24 192.168.12.2 UG1 epair0a 192.168.45.0/24 192.168.12.2 UG1 epair0a 192.168.56.0/24 192.168.12.2 UG1 epair0a 192.168.60.0/24 192.168.12.2 UG1 epair0a Internet6: Destination Gateway Flags Netif Expire ::/96 ::1 UGRS lo0 ::1 link#16 UHS lo0 ::ffff:0.0.0.0/96 ::1 UGRS lo0 2001:db8:10::/64 link#26 U lo1 2001:db8:10::1 link#26 UHS lo0 2001:db8:12::/64 link#4 U epair0a 2001:db8:12::1 link#4 UHS lo0 2001:db8:23::/64 2001:db8:12::2 UG1 epair0a 2001:db8:34::/64 2001:db8:12::2 UG1 epair0a 2001:db8:45::/64 2001:db8:12::2 UG1 epair0a 2001:db8:56::/64 2001:db8:12::2 UG1 epair0a 2001:db8:60::/64 2001:db8:12::2 UG1 epair0a fe80::/10 ::1 UGRS lo0 fe80::%epair0a/64 link#4 U epair0a fe80::99:d6ff:fe95:710a%epair0a link#4 UHS lo0 fe80::%lo0/64 link#16 U lo0 fe80::1%lo0 link#16 UHS lo0 fe80::%lo1/64 link#26 U lo1 fe80::1%lo1 link#26 UHS lo0 ff02::/16 ::1 UGRS lo0
And traceroute from jail1 to jail6:
root@host:~ # jexec jail1 traceroute 192.168.60.6 traceroute to 192.168.60.6 (192.168.60.6), 64 hops max, 40 byte packets 1 192.168.12.2 (192.168.12.2) 0.038 ms 0.030 ms 0.014 ms 2 192.168.23.3 (192.168.23.3) 0.020 ms 0.025 ms 0.014 ms 3 192.168.34.4 (192.168.34.4) 0.020 ms 0.026 ms 0.016 ms 4 192.168.45.5 (192.168.45.5) 0.033 ms 0.027 ms 0.020 ms 5 192.168.60.6 (192.168.60.6) 0.031 ms 0.030 ms 0.020 ms
root@host:~ # jexec jail1 ping -c 2 2001:db8:60::6 PING6(56=40+8+8 bytes) 2001:db8:12::1 --> 2001:db8:60::6 16 bytes from 2001:db8:60::6, icmp_seq=0 hlim=60 time=0.091 ms 16 bytes from 2001:db8:60::6, icmp_seq=1 hlim=60 time=0.056 ms --- 2001:db8:60::6 ping6 statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.056/0.073/0.091/0.018 ms