BSD Router Project

User Tools

Site Tools

Trace:
documentation:examples:aggregating_multiple_isp_links_with_mlvpn
no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


Next revision
documentation:examples:aggregating_multiple_isp_links_with_mlvpn [2017/07/07 00:28] – external edit 127.0.0.1
Line 1: Line 1:
 +====== Aggregating multiple ISP links ======
  
 +This lab shows an example of aggregating multiple independent ISP links with [[https://zehome.github.io/MLVPN/|MLVPN]].
 +
 +===== Network diagram ====
 +
 +Here is the concept:
 +
 +{{:documentation:examples:bsdrp-lab-mlvpn-global.png|}}
 +
 +And here is this lab detailed diagram:
 +
 +{{:documentation:examples:bsdrp-lab-mlvpn-details.png|}}
 +
 +===== Virtual Lab setp =====
 +
 +This chapter will describe how to start each routers and configuring the 3 centrals routers.
 +
 +More information on these BSDRP lab scripts available on [[documentation:examples:How to build a BSDRP router lab]].
 +
 +Start the Virtual lab (example using bhyve):
 +
 +<code>
 +# ./tools/BSDRP-lab-bhyve.sh -n 5
 +BSD Router Project (http://bsdrp.net) - bhyve full-meshed lab script
 +Setting-up a virtual lab with 5 VM(s):
 +- Working directory: /tmp/BSDRP
 +- Each VM have 1 core(s) and 256M RAM
 +- Switch mode: bridge + tap
 +- 0 LAN(s) between all VM
 +- Full mesh Ethernet links between each VM
 +VM 1 have the following NIC:
 +- vtnet0 connected to VM 2.
 +- vtnet1 connected to VM 3.
 +- vtnet2 connected to VM 4.
 +- vtnet3 connected to VM 5.
 +VM 2 have the following NIC:
 +- vtnet0 connected to VM 1.
 +- vtnet1 connected to VM 3.
 +- vtnet2 connected to VM 4.
 +- vtnet3 connected to VM 5.
 +VM 3 have the following NIC:
 +- vtnet0 connected to VM 1.
 +- vtnet1 connected to VM 2.
 +- vtnet2 connected to VM 4.
 +- vtnet3 connected to VM 5.
 +VM 4 have the following NIC:
 +- vtnet0 connected to VM 1.
 +- vtnet1 connected to VM 2.
 +- vtnet2 connected to VM 3.
 +- vtnet3 connected to VM 5.
 +VM 5 have the following NIC:
 +- vtnet0 connected to VM 1.
 +- vtnet1 connected to VM 2.
 +- vtnet2 connected to VM 3.
 +- vtnet3 connected to VM 4.
 +For connecting to VM'serial console, you can use:
 +- VM 1 : cu -l /dev/nmdm1B
 +- VM 2 : cu -l /dev/nmdm2B
 +- VM 3 : cu -l /dev/nmdm3B
 +- VM 4 : cu -l /dev/nmdm4B
 +- VM 5 : cu -l /dev/nmdm5B
 +</code>
 +
 +==== Backbone routers configuration ====
 +
 +=== Router 2 ===
 +
 +Router 2 is configured for rate-limiting traffic at 10 Mb/s on interface to/from R1.
 +
 +<code>
 +sysrc hostname=R2
 +sysrc ifconfig_vtnet0="10.0.12.2/24"
 +sysrc ifconfig_vtnet2="10.0.24.2/24"
 +sysrc static_routes="R5"
 +sysrc route_R5="-net 10.0.45.0/24 10.0.24.4"
 +sysrc firewall_enable=YES
 +sysrc firewall_script="/etc/ipfw.rules"
 +
 +cat > /etc/ipfw.rules <<'EOF'
 +#!/bin/sh
 +fwcmd="/sbin/ipfw"
 +kldstat -q -m dummynet || kldload dummynet
 +# Flush out the list before we begin.
 +${fwcmd} -f flush
 +#Create pipes (one for each direction)
 +${fwcmd} pipe 10 config bw 10Mbit/s
 +${fwcmd} pipe 20 config bw 10Mbit/s
 +#Traffic getting out vtnet0 is limited to 10Mbit/s
 +${fwcmd} add 1000 pipe 10 all from any to any out via vtnet0
 +#Traffic getting int vtnet0 is limited to 10Mbit/s
 +${fwcmd} add 2000 pipe 20 all from any to any in via vtnet0
 +#We don't want to block traffic, only shape some
 +${fwcmd} add 3000 allow ip from any to any
 +'EOF'
 +
 +service netif restart
 +service routing restart
 +service ipfw start
 +config save
 +</code>
 +
 +=== Router 3 ===
 +
 +Router 3 is configured for rate-limiting traffic at 10 Mb/s on interface to/from R1.
 +
 +<code>
 +sysrc hostname=R3
 +sysrc ifconfig_vtnet0="10.0.13.3/24"
 +sysrc ifconfig_vtnet2="10.0.34.3/24"
 +sysrc static_routes="R5"
 +sysrc route_R5="-net 10.0.45.0/24 10.0.34.4"
 +sysrc firewall_enable=YES
 +sysrc firewall_script="/etc/ipfw.rules"
 +
 +cat > /etc/ipfw.rules <<'EOF'
 +#!/bin/sh
 +fwcmd="/sbin/ipfw"
 +kldstat -q -m dummynet || kldload dummynet
 +# Flush out the list before we begin.
 +${fwcmd} -f flush
 +#Create pipes (one for each direction)
 +${fwcmd} pipe 10 config bw 10Mbit/s
 +${fwcmd} pipe 20 config bw 10Mbit/s
 +#Traffic getting out vtnet0 is limited to 10Mbit/s
 +${fwcmd} add 1000 pipe 10 all from any to any out via vtnet0
 +#Traffic getting int vtnet0 is limited to 10Mbit/s
 +${fwcmd} add 2000 pipe 20 all from any to any in via vtnet0
 +#We don't want to block traffic, only shape some
 +${fwcmd} add 3000 allow ip from any to any
 +'EOF'
 +
 +service netif restart
 +service routing restart
 +service ipfw start
 +config save
 +</code>
 +
 +=== Router 4 ===
 +
 +Router 4 is the aggregating server's default gateway.
 +
 +<code>
 +sysrc hostname=R4
 +sysrc ifconfig_vtnet1="10.0.24.4/24"
 +sysrc ifconfig_vtnet2="10.0.34.4/24"
 +sysrc ifconfig_vtnet3="10.0.45.4/24"
 +sysrc static_routes="R2 R3"
 +sysrc route_R2="-net 10.0.12.0/24 10.0.24.2"
 +sysrc route_R3="-net 10.0.13.0/24 10.0.34.3"
 +service netif restart
 +service routing restart
 +config save
 +</code>
 +==== Router 1 : MLVPN client ====
 +
 +Router 1 is configured as a  MLVPN client router connected to 3 different Internet links.
 +The big difference with MLPPP: We can't use 3 differents IP addresses on our server, then can't simply install 3 differents static routes. We need a 3 default routes, then a minimum of 4 differents routing table.
 +
 +<code>
 +sysrc hostname=R1
 +sysrc cloned_interfaces="lo1"
 +sysrc ifconfig_lo1="inet 10.1.1.1/32"
 +sysrc ifconfig_vtnet0="10.0.12.1/24 fib 2"
 +sysrc ifconfig_vtnet1="10.0.13.1/24 fib 3"
 +sysrc static_routes="ISP1 ISP2"
 +sysrc route_ISP1="-fib 2 default 10.0.12.2"
 +sysrc route_ISP2="-fib 3 default 10.0.13.3"
 +sysrc mlvpn_enable=YES
 +
 +cat <<EOF > /usr/local/etc/mlvpn/mlvpn.conf
 +[general]
 +statuscommand = "/usr/local/etc/mlvpn/mlvpn_updown.sh"
 +mode = "client"
 +mtu = 1452
 +tuntap = "tun"
 +ip4 = "10.0.15.1/30"
 +ip4_gateway = "10.0.15.5"
 +ip4_routes = "10.5.5.5/32"
 +timeout = 30
 +password = "pleasechangeme!"
 +#reorder_buffer_size = 64
 +loss_tolerence = 10
 +
 +[dsl2]
 +bindhost = "10.0.12.1"
 +bindport = 5082
 +bindfib = 2
 +remotehost = "10.0.45.5"
 +remoteport = 5082
 +
 +[dsl3]
 +bindhost = "10.0.13.1"
 +bindport = 5083
 +bindfib = 3
 +remotehost = "10.0.45.5"
 +remoteport = 5083
 +
 +EOF
 +
 +service netif restart
 +service routing restart
 +service mlvpn start
 +config save
 +</code>
 +
 +==== Router 5 : MLVPN server ====
 +
 +Router 5 is configured as a aggregating server.
 +
 +<code>
 +sysrc hostname=R5
 +sysrc cloned_interfaces="lo1"
 +sysrc ifconfig_lo1="inet 10.5.5.5/32"
 +sysrc ifconfig_vtnet3="10.0.45.5/24"
 +sysrc defaultrouter=10.0.45.4
 +sysrc mlvpn_enable=YES
 +
 +cat <<'EOF' > /usr/local/etc/mlvpn/mlvpn.conf
 +[general]
 +statuscommand = "/usr/local/etc/mlvpn/mlvpn_updown.sh"
 +tuntap = "tun"
 +mode = "server"
 +ip4 = "10.0.15.5/30"
 +ip4_gateway = "10.0.15.1"
 +ip4_routes = "10.1.1.1/32"
 +timeout = 30
 +password = "pleasechangeme!"
 +#reorder_buffer_size = 64
 +loss_tolerence = 10
 +
 +[adsl2]
 +bindhost = "10.0.45.5"
 +bindport = 5082
 +
 +[adsl3]
 +bindhost = "10.0.45.5"
 +bindport = 5083
 +'EOF'
 +
 +service netif restart
 +service routing restart
 +service mlvpn start
 +config save
 +</code>
 +
 +===== Basic Tests =====
 +
 +==== FIB test ====
 +Start by checking that R5 is reacheable from each R1's fib (2, 3):
 +
 +<code>
 +[root@R1]~# setfib 2 ping -c 2 10.0.45.5
 +PING 10.0.45.5 (10.0.45.5): 56 data bytes
 +64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=2.057 ms
 +64 bytes from 10.0.45.5: icmp_seq=1 ttl=62 time=1.336 ms
 +
 +--- 10.0.45.5 ping statistics ---
 +2 packets transmitted, 2 packets received, 0.0% packet loss
 +round-trip min/avg/max/stddev = 1.336/1.696/2.057/0.361 ms
 +[root@R1]~# setfib 3 ping -c 2 10.0.45.5
 +PING 10.0.45.5 (10.0.45.5): 56 data bytes
 +64 bytes from 10.0.45.5: icmp_seq=0 ttl=62 time=1.806 ms
 +64 bytes from 10.0.45.5: icmp_seq=1 ttl=62 time=1.852 ms
 +
 +--- 10.0.45.5 ping statistics ---
 +2 packets transmitted, 2 packets received, 0.0% packet loss
 +round-trip min/avg/max/stddev = 1.806/1.829/1.852/0.023 ms
 +
 +</code>
 +
 +==== Links bandwidth ====
 +
 +Test bandwidth of each link by starting an iperf on MLVPN server:
 +<code>
 +[root@R5]# iperf -s
 +</code>
 +
 +Then from the MLVPN client, test bandwidth for each ISP links:
 +<code>
 +[root@R1]~# setfib 2 iperf -c 10.0.45.5
 +------------------------------------------------------------
 +Client connecting to 10.0.45.5, TCP port 5001
 +TCP window size: 32.5 KByte (default)
 +------------------------------------------------------------
 +[  3] local 10.0.12.1 port 59888 connected with 10.0.45.5 port 5001
 +[ ID] Interval       Transfer     Bandwidth
 +[  3]  0.0-10.1 sec  11.8 MBytes  9.75 Mbits/sec
 +
 +[root@R1]~# setfib 3 iperf -c 10.0.45.5
 +------------------------------------------------------------
 +Client connecting to 10.0.45.5, TCP port 5001
 +TCP window size: 32.5 KByte (default)
 +------------------------------------------------------------
 +[  3] local 10.0.13.1 port 53380 connected with 10.0.45.5 port 5001
 +[ ID] Interval       Transfer     Bandwidth
 +[  3]  0.0-10.1 sec  11.8 MBytes  9.75 Mbits/sec
 +
 +</code>
 +
 +===== MLVPN tests =====
 +==== tunnel ====
 +
 +MLVPN can be started in debug mode: 
 +<code>
 +[root@R1]# mlvpn --debug -n mlvpn -u mlvpn
 +2016-04-19T23:48:21 [INFO/config] new password set
 +2016-04-19T23:48:21 [INFO/config] dsl2 tunnel added
 +2016-04-19T23:48:21 [INFO/config] dsl3 tunnel added
 +2016-04-19T23:48:21 [INFO] created interface `tun0'
 +2016-04-19T23:48:21 [INFO] dsl2 bind to 10.0.12.1
 +2016-04-19T23:48:21 [INFO] dsl3 bind to 10.0.13.1
 +2016-04-19T23:48:21 [INFO/protocol] dsl3 authenticated
 +2016-04-19T23:48:21 [INFO/protocol] dsl2 authenticated
 +</code>
 +
 +tun interface need to be check (correct IP address and non-1500 MTU):
 +<code>
 +[root@R1]# ifconfig tun0
 +tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1452
 +        options=80000<LINKSTATE>
 +        inet6 fe80::5a9c:fcff:fe01:201%tun0 prefixlen 64 scopeid 0x7
 +        inet 10.0.15.1 --> 10.0.15.5 netmask 0xfffffffc
 +        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
 +        Opened by PID 2326
 +</code>
 +
 +And static route(s) needs to be installed (10.5.5.5/32 in this example):
 +<code>
 +[root@R1]~# netstat -rn4
 +Routing tables
 +
 +Internet:
 +Destination        Gateway            Flags      Netif Expire
 +10.0.12.0/24       link#                   vtnet0
 +10.0.13.0/24       link#                   vtnet1
 +10.0.15.1          link#            UHS         lo0
 +10.0.15.5          link#            UH         tun0
 +10.5.5.5/32        10.0.15.5          UGS        tun0
 +127.0.0.1          link#            UH          lo0
 +</code>
 +==== Aggregated bandwidth ====
 +
 +Check that aggregated bandwitdh is 10+10 = 20Mbit/s on this lab.
 +
 +<code>
 +[root@R1]# iperf --bind 10.1.1.1 -c 10.5.5.5 -t 60
 +------------------------------------------------------------
 +Client connecting to 10.5.5.5, TCP port 5001
 +Binding to local address 10.1.1.1
 +TCP window size: 32.3 KByte (default)
 +------------------------------------------------------------
 +[  3] local 10.1.1.1 port 5001 connected with 10.5.5.5 port 5001
 +[ ID] Interval       Transfer     Bandwidth
 +[  3]  0.0-60.0 sec   129 MBytes  18.1 Mbits/sec
 +</code>
documentation/examples/aggregating_multiple_isp_links_with_mlvpn.txt · Last modified: 2020/02/21 21:42 by olivier
Except where otherwise noted, content on this wiki is licensed under the following license: BSD 2-Clause
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki