documentation:examples:aggregating_multiple_isp_links_with_mlvpn
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
Next revision | |||
— | documentation:examples:aggregating_multiple_isp_links_with_mlvpn [2017/07/07 00:28] – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Aggregating multiple ISP links ====== | ||
+ | This lab shows an example of aggregating multiple independent ISP links with [[https:// | ||
+ | |||
+ | ===== Network diagram ==== | ||
+ | |||
+ | Here is the concept: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | And here is this lab detailed diagram: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | ===== Virtual Lab setp ===== | ||
+ | |||
+ | This chapter will describe how to start each routers and configuring the 3 centrals routers. | ||
+ | |||
+ | More information on these BSDRP lab scripts available on [[documentation: | ||
+ | |||
+ | Start the Virtual lab (example using bhyve): | ||
+ | |||
+ | < | ||
+ | # ./ | ||
+ | BSD Router Project (http:// | ||
+ | Setting-up a virtual lab with 5 VM(s): | ||
+ | - Working directory: /tmp/BSDRP | ||
+ | - Each VM have 1 core(s) and 256M RAM | ||
+ | - Switch mode: bridge + tap | ||
+ | - 0 LAN(s) between all VM | ||
+ | - Full mesh Ethernet links between each VM | ||
+ | VM 1 have the following NIC: | ||
+ | - vtnet0 connected to VM 2. | ||
+ | - vtnet1 connected to VM 3. | ||
+ | - vtnet2 connected to VM 4. | ||
+ | - vtnet3 connected to VM 5. | ||
+ | VM 2 have the following NIC: | ||
+ | - vtnet0 connected to VM 1. | ||
+ | - vtnet1 connected to VM 3. | ||
+ | - vtnet2 connected to VM 4. | ||
+ | - vtnet3 connected to VM 5. | ||
+ | VM 3 have the following NIC: | ||
+ | - vtnet0 connected to VM 1. | ||
+ | - vtnet1 connected to VM 2. | ||
+ | - vtnet2 connected to VM 4. | ||
+ | - vtnet3 connected to VM 5. | ||
+ | VM 4 have the following NIC: | ||
+ | - vtnet0 connected to VM 1. | ||
+ | - vtnet1 connected to VM 2. | ||
+ | - vtnet2 connected to VM 3. | ||
+ | - vtnet3 connected to VM 5. | ||
+ | VM 5 have the following NIC: | ||
+ | - vtnet0 connected to VM 1. | ||
+ | - vtnet1 connected to VM 2. | ||
+ | - vtnet2 connected to VM 3. | ||
+ | - vtnet3 connected to VM 4. | ||
+ | For connecting to VM' | ||
+ | - VM 1 : cu -l /dev/nmdm1B | ||
+ | - VM 2 : cu -l /dev/nmdm2B | ||
+ | - VM 3 : cu -l /dev/nmdm3B | ||
+ | - VM 4 : cu -l /dev/nmdm4B | ||
+ | - VM 5 : cu -l /dev/nmdm5B | ||
+ | </ | ||
+ | |||
+ | ==== Backbone routers configuration ==== | ||
+ | |||
+ | === Router 2 === | ||
+ | |||
+ | Router 2 is configured for rate-limiting traffic at 10 Mb/s on interface to/from R1. | ||
+ | |||
+ | < | ||
+ | sysrc hostname=R2 | ||
+ | sysrc ifconfig_vtnet0=" | ||
+ | sysrc ifconfig_vtnet2=" | ||
+ | sysrc static_routes=" | ||
+ | sysrc route_R5=" | ||
+ | sysrc firewall_enable=YES | ||
+ | sysrc firewall_script="/ | ||
+ | |||
+ | cat > / | ||
+ | #!/bin/sh | ||
+ | fwcmd="/ | ||
+ | kldstat -q -m dummynet || kldload dummynet | ||
+ | # Flush out the list before we begin. | ||
+ | ${fwcmd} -f flush | ||
+ | #Create pipes (one for each direction) | ||
+ | ${fwcmd} pipe 10 config bw 10Mbit/s | ||
+ | ${fwcmd} pipe 20 config bw 10Mbit/s | ||
+ | #Traffic getting out vtnet0 is limited to 10Mbit/s | ||
+ | ${fwcmd} add 1000 pipe 10 all from any to any out via vtnet0 | ||
+ | #Traffic getting int vtnet0 is limited to 10Mbit/s | ||
+ | ${fwcmd} add 2000 pipe 20 all from any to any in via vtnet0 | ||
+ | #We don't want to block traffic, only shape some | ||
+ | ${fwcmd} add 3000 allow ip from any to any | ||
+ | ' | ||
+ | |||
+ | service netif restart | ||
+ | service routing restart | ||
+ | service ipfw start | ||
+ | config save | ||
+ | </ | ||
+ | |||
+ | === Router 3 === | ||
+ | |||
+ | Router 3 is configured for rate-limiting traffic at 10 Mb/s on interface to/from R1. | ||
+ | |||
+ | < | ||
+ | sysrc hostname=R3 | ||
+ | sysrc ifconfig_vtnet0=" | ||
+ | sysrc ifconfig_vtnet2=" | ||
+ | sysrc static_routes=" | ||
+ | sysrc route_R5=" | ||
+ | sysrc firewall_enable=YES | ||
+ | sysrc firewall_script="/ | ||
+ | |||
+ | cat > / | ||
+ | #!/bin/sh | ||
+ | fwcmd="/ | ||
+ | kldstat -q -m dummynet || kldload dummynet | ||
+ | # Flush out the list before we begin. | ||
+ | ${fwcmd} -f flush | ||
+ | #Create pipes (one for each direction) | ||
+ | ${fwcmd} pipe 10 config bw 10Mbit/s | ||
+ | ${fwcmd} pipe 20 config bw 10Mbit/s | ||
+ | #Traffic getting out vtnet0 is limited to 10Mbit/s | ||
+ | ${fwcmd} add 1000 pipe 10 all from any to any out via vtnet0 | ||
+ | #Traffic getting int vtnet0 is limited to 10Mbit/s | ||
+ | ${fwcmd} add 2000 pipe 20 all from any to any in via vtnet0 | ||
+ | #We don't want to block traffic, only shape some | ||
+ | ${fwcmd} add 3000 allow ip from any to any | ||
+ | ' | ||
+ | |||
+ | service netif restart | ||
+ | service routing restart | ||
+ | service ipfw start | ||
+ | config save | ||
+ | </ | ||
+ | |||
+ | === Router 4 === | ||
+ | |||
+ | Router 4 is the aggregating server' | ||
+ | |||
+ | < | ||
+ | sysrc hostname=R4 | ||
+ | sysrc ifconfig_vtnet1=" | ||
+ | sysrc ifconfig_vtnet2=" | ||
+ | sysrc ifconfig_vtnet3=" | ||
+ | sysrc static_routes=" | ||
+ | sysrc route_R2=" | ||
+ | sysrc route_R3=" | ||
+ | service netif restart | ||
+ | service routing restart | ||
+ | config save | ||
+ | </ | ||
+ | ==== Router 1 : MLVPN client ==== | ||
+ | |||
+ | Router 1 is configured as a MLVPN client router connected to 3 different Internet links. | ||
+ | The big difference with MLPPP: We can't use 3 differents IP addresses on our server, then can't simply install 3 differents static routes. We need a 3 default routes, then a minimum of 4 differents routing table. | ||
+ | |||
+ | < | ||
+ | sysrc hostname=R1 | ||
+ | sysrc cloned_interfaces=" | ||
+ | sysrc ifconfig_lo1=" | ||
+ | sysrc ifconfig_vtnet0=" | ||
+ | sysrc ifconfig_vtnet1=" | ||
+ | sysrc static_routes=" | ||
+ | sysrc route_ISP1=" | ||
+ | sysrc route_ISP2=" | ||
+ | sysrc mlvpn_enable=YES | ||
+ | |||
+ | cat <<EOF > / | ||
+ | [general] | ||
+ | statuscommand = "/ | ||
+ | mode = " | ||
+ | mtu = 1452 | ||
+ | tuntap = " | ||
+ | ip4 = " | ||
+ | ip4_gateway = " | ||
+ | ip4_routes = " | ||
+ | timeout = 30 | ||
+ | password = " | ||
+ | # | ||
+ | loss_tolerence = 10 | ||
+ | |||
+ | [dsl2] | ||
+ | bindhost = " | ||
+ | bindport = 5082 | ||
+ | bindfib = 2 | ||
+ | remotehost = " | ||
+ | remoteport = 5082 | ||
+ | |||
+ | [dsl3] | ||
+ | bindhost = " | ||
+ | bindport = 5083 | ||
+ | bindfib = 3 | ||
+ | remotehost = " | ||
+ | remoteport = 5083 | ||
+ | |||
+ | EOF | ||
+ | |||
+ | service netif restart | ||
+ | service routing restart | ||
+ | service mlvpn start | ||
+ | config save | ||
+ | </ | ||
+ | |||
+ | ==== Router 5 : MLVPN server ==== | ||
+ | |||
+ | Router 5 is configured as a aggregating server. | ||
+ | |||
+ | < | ||
+ | sysrc hostname=R5 | ||
+ | sysrc cloned_interfaces=" | ||
+ | sysrc ifconfig_lo1=" | ||
+ | sysrc ifconfig_vtnet3=" | ||
+ | sysrc defaultrouter=10.0.45.4 | ||
+ | sysrc mlvpn_enable=YES | ||
+ | |||
+ | cat <<' | ||
+ | [general] | ||
+ | statuscommand = "/ | ||
+ | tuntap = " | ||
+ | mode = " | ||
+ | ip4 = " | ||
+ | ip4_gateway = " | ||
+ | ip4_routes = " | ||
+ | timeout = 30 | ||
+ | password = " | ||
+ | # | ||
+ | loss_tolerence = 10 | ||
+ | |||
+ | [adsl2] | ||
+ | bindhost = " | ||
+ | bindport = 5082 | ||
+ | |||
+ | [adsl3] | ||
+ | bindhost = " | ||
+ | bindport = 5083 | ||
+ | ' | ||
+ | |||
+ | service netif restart | ||
+ | service routing restart | ||
+ | service mlvpn start | ||
+ | config save | ||
+ | </ | ||
+ | |||
+ | ===== Basic Tests ===== | ||
+ | |||
+ | ==== FIB test ==== | ||
+ | Start by checking that R5 is reacheable from each R1's fib (2, 3): | ||
+ | |||
+ | < | ||
+ | [root@R1]~# setfib 2 ping -c 2 10.0.45.5 | ||
+ | PING 10.0.45.5 (10.0.45.5): | ||
+ | 64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=2.057 ms | ||
+ | 64 bytes from 10.0.45.5: icmp_seq=1 ttl=62 time=1.336 ms | ||
+ | |||
+ | --- 10.0.45.5 ping statistics --- | ||
+ | 2 packets transmitted, | ||
+ | round-trip min/ | ||
+ | [root@R1]~# setfib 3 ping -c 2 10.0.45.5 | ||
+ | PING 10.0.45.5 (10.0.45.5): | ||
+ | 64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=1.806 ms | ||
+ | 64 bytes from 10.0.45.5: icmp_seq=1 ttl=62 time=1.852 ms | ||
+ | |||
+ | --- 10.0.45.5 ping statistics --- | ||
+ | 2 packets transmitted, | ||
+ | round-trip min/ | ||
+ | |||
+ | </ | ||
+ | |||
+ | ==== Links bandwidth ==== | ||
+ | |||
+ | Test bandwidth of each link by starting an iperf on MLVPN server: | ||
+ | < | ||
+ | [root@R5]# iperf -s | ||
+ | </ | ||
+ | |||
+ | Then from the MLVPN client, test bandwidth for each ISP links: | ||
+ | < | ||
+ | [root@R1]~# setfib 2 iperf -c 10.0.45.5 | ||
+ | ------------------------------------------------------------ | ||
+ | Client connecting to 10.0.45.5, TCP port 5001 | ||
+ | TCP window size: 32.5 KByte (default) | ||
+ | ------------------------------------------------------------ | ||
+ | [ 3] local 10.0.12.1 port 59888 connected with 10.0.45.5 port 5001 | ||
+ | [ ID] Interval | ||
+ | [ 3] 0.0-10.1 sec 11.8 MBytes | ||
+ | |||
+ | [root@R1]~# setfib 3 iperf -c 10.0.45.5 | ||
+ | ------------------------------------------------------------ | ||
+ | Client connecting to 10.0.45.5, TCP port 5001 | ||
+ | TCP window size: 32.5 KByte (default) | ||
+ | ------------------------------------------------------------ | ||
+ | [ 3] local 10.0.13.1 port 53380 connected with 10.0.45.5 port 5001 | ||
+ | [ ID] Interval | ||
+ | [ 3] 0.0-10.1 sec 11.8 MBytes | ||
+ | |||
+ | </ | ||
+ | |||
+ | ===== MLVPN tests ===== | ||
+ | ==== tunnel ==== | ||
+ | |||
+ | MLVPN can be started in debug mode: | ||
+ | < | ||
+ | [root@R1]# mlvpn --debug -n mlvpn -u mlvpn | ||
+ | 2016-04-19T23: | ||
+ | 2016-04-19T23: | ||
+ | 2016-04-19T23: | ||
+ | 2016-04-19T23: | ||
+ | 2016-04-19T23: | ||
+ | 2016-04-19T23: | ||
+ | 2016-04-19T23: | ||
+ | 2016-04-19T23: | ||
+ | </ | ||
+ | |||
+ | tun interface need to be check (correct IP address and non-1500 MTU): | ||
+ | < | ||
+ | [root@R1]# ifconfig tun0 | ||
+ | tun0: flags=8051< | ||
+ | options=80000< | ||
+ | inet6 fe80:: | ||
+ | inet 10.0.15.1 --> 10.0.15.5 netmask 0xfffffffc | ||
+ | nd6 options=21< | ||
+ | Opened by PID 2326 | ||
+ | </ | ||
+ | |||
+ | And static route(s) needs to be installed (10.5.5.5/ | ||
+ | < | ||
+ | [root@R1]~# netstat -rn4 | ||
+ | Routing tables | ||
+ | |||
+ | Internet: | ||
+ | Destination | ||
+ | 10.0.12.0/ | ||
+ | 10.0.13.0/ | ||
+ | 10.0.15.1 | ||
+ | 10.0.15.5 | ||
+ | 10.5.5.5/ | ||
+ | 127.0.0.1 | ||
+ | </ | ||
+ | ==== Aggregated bandwidth ==== | ||
+ | |||
+ | Check that aggregated bandwitdh is 10+10 = 20Mbit/s on this lab. | ||
+ | |||
+ | < | ||
+ | [root@R1]# iperf --bind 10.1.1.1 -c 10.5.5.5 -t 60 | ||
+ | ------------------------------------------------------------ | ||
+ | Client connecting to 10.5.5.5, TCP port 5001 | ||
+ | Binding to local address 10.1.1.1 | ||
+ | TCP window size: 32.3 KByte (default) | ||
+ | ------------------------------------------------------------ | ||
+ | [ 3] local 10.1.1.1 port 5001 connected with 10.5.5.5 port 5001 | ||
+ | [ ID] Interval | ||
+ | [ 3] 0.0-60.0 sec 129 MBytes | ||
+ | </ |
documentation/examples/aggregating_multiple_isp_links_with_mlvpn.txt · Last modified: 2020/02/21 21:42 by olivier