User Tools

Site Tools


documentation:examples:maximum_bsdrp_features_lab

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Next revisionBoth sides next revision
documentation:examples:maximum_bsdrp_features_lab [2019/05/29 17:32] – external edit 127.0.0.1documentation:examples:maximum_bsdrp_features_lab [2019/11/04 21:47] – [Router 4] olivier
Line 215: Line 215:
 sysrc rtadvd_interfaces="em0" sysrc rtadvd_interfaces="em0"
 sysrc vlans_em1="23" sysrc vlans_em1="23"
-sysrc ifconfig_em1="up"+sysrc ifconfig_em1="up mtu 1528"
 sysrc ifconfig_em0="inet 10.0.12.2/24" sysrc ifconfig_em0="inet 10.0.12.2/24"
 sysrc ifconfig_em0_ipv6="inet6 2001:db8:12::2 prefixlen 64" sysrc ifconfig_em0_ipv6="inet6 2001:db8:12::2 prefixlen 64"
Line 430: Line 430:
 sysrc hostname=R3 sysrc hostname=R3
 sysrc vlans_em1="23" sysrc vlans_em1="23"
-sysrc ifconfig_em1="up"+sysrc ifconfig_em1="up mtu 1528"
 sysrc ifconfig_em1_23="inet 10.0.23.3/24" sysrc ifconfig_em1_23="inet 10.0.23.3/24"
 sysrc ifconfig_em1_23_ipv6="inet6 2001:db8:23::3 prefixlen 64" sysrc ifconfig_em1_23_ipv6="inet6 2001:db8:23::3 prefixlen 64"
-sysrc ifconfig_em2="inet 10.0.34.3/24"+sysrc ifconfig_em2="inet 10.0.34.3/24 mtu 1528"
 sysrc ifconfig_em2_ipv6="inet6 2001:db8:34::3 prefixlen 64" sysrc ifconfig_em2_ipv6="inet6 2001:db8:34::3 prefixlen 64"
 sysrc bird_enable=YES sysrc bird_enable=YES
-sysrc bird6_enable=YES 
 sysrc pf_enable=YES sysrc pf_enable=YES
 sysrc pf_rules="/etc/pf.conf" sysrc pf_rules="/etc/pf.conf"
Line 442: Line 441:
  
 cat > /etc/pf.conf <<EOF cat > /etc/pf.conf <<EOF
 +#Variables definitions
 +#TO_R2_if = "{" vtnet1.23 em1.23 "}"
 +#TO_R4_if = "{" vtnet2 em2 "}"
 +#R2 = "10.0.0.2/32"
 +#R4 = "10.0.0.4/32"
 +
 +## ALTQ rules
 +# Queue outgoing from \$TO_R4_if (R2 => R4)
 +# Rate-limit inet 4 VPN traffic to 10Mb
 +#altq on \$TO_R4_if hfsc bandwidth 100Mb queue { VPN4_TO_R4, OTHER_TO_R4 }
 +#queue VPN4_TO_R4 bandwidth 10Mb hfsc(upperlimit 10Mb)
 +#queue OTHER_TO_R4 bandwidth 90Mb hfsc(default)
 +
 +# Queue for outgoing traffic from \$TO_R2_if (R4 => R2)
 +#altq on \$TO_R2_if hfsc bandwidth 100Mb queue { VPN4_TO_R2, OTHER_TO_R2 }
 +#queue VPN4_TO_R2 bandwidth 10Mb hfsc(upperlimit 10Mb)
 +#queue OTHER_TO_R2 bandwidth 90Mb hfsc(default)
 +
 +## PF rules
 +
 +# R2 => R4
 +# Shapping works on outgoing traffic only, but need to 'mark' traffic
 +# entering the interface for putting returning traffic in the good queue
 +#pass in quick on \$TO_R2_if proto gre from \$R2 to \$R4 queue VPN4_TO_R2
 +# Apply ALTQ to traffic that get out from \$TO_R4_if
 +#pass out quick on \$TO_R4_if proto gre from \$R2 to \$R4 queue VPN4_TO_R4
 +
 +# PF rules R4 => R2
 +#pass in quick on \$TO_R4_if proto gre from \$R4 to \$R2 queue VPN4_TO_R4
 +#pass out quick on \$TO_R2_if proto gre from \$R4 to \$R2 queue VPN4_TO_R2
 +
 # ALTQ is disabled since BSDRP 1.81 (too much performance impact) # ALTQ is disabled since BSDRP 1.81 (too much performance impact)
 pass all pass all
Line 456: Line 486:
  
 # Sync bird routing table with kernel # Sync bird routing table with kernel
-protocol kernel {+protocol kernel kernel4 { 
 +    ipv4 {
         export all;         export all;
 +    };
 +}
 +protocol kernel kernel6 {
 +    ipv6 {
 +        export all;
 +    };
 } }
  
Line 465: Line 502:
 } }
  
-# Include directly connected network+# Include directly connected networks
 protocol direct { protocol direct {
-        interface "vtnet1", "em1", "vtnet2", "em2";+        ipv4; 
 +        ipv6;
 } }
  
-protocol rip R4 +protocol rip R4inet4 
-        export all; +    interface "vtnet2","em2"
-        interface "vtnet2","em2"+        version 2; 
-            version 2; +    }; 
-            password "rippassword" { algorithm keyed md5; }; +    ipv4 { 
-            authentication cryptographic+         export all
-        };+    };
 } }
  
-protocol bgp R2 +protocol rip ng R4inet6 
-        local as 100; +    interface "vtnet2","em2" ; 
-        # Bird creates IPSEC SAD entry automatically but it need to know the source IP address +    ipv6 {
-        # Otherwise it will use the wrong 0.0.0.0 IP as source +
-        source address 10.0.23.3; +
-        neighbor 10.0.23.2 as 100; +
-        password "abigpassword";  +
-        import all;+
         export all;         export all;
 +    };
 } }
-EOF 
  
-cat > /usr/local/etc/bird6.conf <<EOF +protocol bgp R2inet4 { 
-Configure logging +    local as 100; 
-log syslog all; +    Bird creates IPSEC SAD entry automatically but it need to know the source IP address 
-log "/var/log/bird6.log" all; +    Otherwise it will use the wrong 0.0.0.0 IP as source 
-log stderr all; +    source address 10.0.23.3; 
- +    neighbor 10.0.23.2 as 100
-Override router ID +    password "abigpassword"
-router id 0.0.0.3; +    ipv4 
- +        import all;
-# Sync bird routing table with kernel +
-protocol kernel { +
-        export all+
-+
- +
-protocol device { +
-        scan time 10+
-+
-protocol direct +
-        interface "vtnet1", "em1", "vtnet2", "em2"; +
-+
- +
-protocol rip R4 {+
         export all;         export all;
-        interface "vtnet2","em2" ;+    };
 } }
  
-protocol bgp R2 +protocol bgp R2inet6 
-        local as 100; +    local as 100; 
-        # Bird creates IPSEC SAD entry automatically but it need to know the source IP address +    # Bird creates IPSEC SAD entry automatically but it need to know the source IP address 
-        # Otherwise it will use the wrong :: IP as source +    # Otherwise it will use the wrong :: IP as source 
-        source address 2001:db8:23::3; +    source address 2001:db8:23::3; 
-        neighbor 2001:db8:23::2 as 100; +    neighbor 2001:db8:23::2 as 100; 
-        password "abigpassword";+    password "abigpassword"; 
 +    ipv6 {
         import all;         import all;
         export all;         export all;
 +    };
 } }
 EOF EOF
Line 534: Line 556:
 service pf start service pf start
 service bird start service bird start
-service bird6 start 
 </code> </code>
 ==== Router 4 ==== ==== Router 4 ====
Line 544: Line 565:
 sysrc ifconfig_em3="inet 10.0.45.4/24" sysrc ifconfig_em3="inet 10.0.45.4/24"
 sysrc ifconfig_em3_ipv6="inet6 2001:db8:45::4 prefixlen 64" sysrc ifconfig_em3_ipv6="inet6 2001:db8:45::4 prefixlen 64"
-sysrc ifconfig_em2="10.0.34.4/24"+sysrc ifconfig_em2="10.0.34.4/24 mtu 1528"
 sysrc ifconfig_em2_ipv6="inet6 2001:db8:34::4 prefixlen 64" sysrc ifconfig_em2_ipv6="inet6 2001:db8:34::4 prefixlen 64"
 sysrc cloned_interfaces="lo1" sysrc cloned_interfaces="lo1"
Line 735: Line 756:
         kldload dummynet         kldload dummynet
 fi fi
 +
 # Flush out the list before we begin. # Flush out the list before we begin.
 \${fwcmd} -f flush \${fwcmd} -f flush
Line 846: Line 868:
 Start an iperf3 ipv6 client on R1, and check available bandwith is about 20Mb/s: Start an iperf3 ipv6 client on R1, and check available bandwith is about 20Mb/s:
  
 +<code>
 +[root@R1]~# iperf3 -c 2001:db8:56:0:cf:8fff:fea9:490b
 +Connecting to host 2001:db8:56:0:cf:8fff:fea9:490b, port 5201
 +[  5] local 2001:db8:12:0:5a9c:fcff:fe01:201 port 62845 connected to 2001:db8:56:0:cf:8fff:fea9:490b port 5201
 +[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
 +[  5]   0.00-1.00   sec  1.74 MBytes  14.6 Mbits/sec    0   68.2 KBytes
 +[  5]   1.00-2.00   sec  2.23 MBytes  18.7 Mbits/sec    3   65.2 KBytes
 +[  5]   2.00-3.00   sec  2.19 MBytes  18.3 Mbits/sec    2   77.6 KBytes
 +[  5]   3.00-4.00   sec  2.19 MBytes  18.3 Mbits/sec    8   57.1 KBytes
 +[  5]   4.00-5.00   sec  2.19 MBytes  18.3 Mbits/sec    2   38.0 KBytes
 +[  5]   5.00-6.00   sec  2.19 MBytes  18.3 Mbits/sec    1   61.2 KBytes
 +[  5]   6.00-7.00   sec  2.19 MBytes  18.4 Mbits/sec    2   42.1 KBytes
 +[  5]   7.00-8.00   sec  2.19 MBytes  18.3 Mbits/sec    1   61.2 KBytes
 +[  5]   8.00-9.00   sec  2.19 MBytes  18.3 Mbits/sec    2   44.8 KBytes
 +[  5]   9.00-10.00  sec  2.18 MBytes  18.3 Mbits/sec    1   65.3 KBytes
 +- - - - - - - - - - - - - - - - - - - - - - - - -
 +[ ID] Interval           Transfer     Bitrate         Retr
 +[  5]   0.00-10.00  sec  21.5 MBytes  18.0 Mbits/sec   22             sender
 +[  5]   0.00-10.03  sec  21.3 MBytes  17.8 Mbits/sec                  receiver
 +
 +iperf Done.
 +[root@R1]~#
 +</code>
 ==== netflow ==== ==== netflow ====
  
documentation/examples/maximum_bsdrp_features_lab.txt · Last modified: 2022/07/07 13:23 by olivier

Except where otherwise noted, content on this wiki is licensed under the following license: BSD 2-Clause
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki