Differences

This shows you the differences between two versions of the page.

--- documentation:examples:maximum_bsdrp_features_lab [2019/10/03 13:51] – [IPv6 traffic shaping] olivier
+++ documentation:examples:maximum_bsdrp_features_lab [2019/11/04 21:48] – [Router 5 (including jail5 and jail6)] olivier
@@ Line 130: / Line 130: @@
 subnet 10.0.45.0 netmask 255.255.255.0 {
 }
 #Declare R1 LAN and gateway
 subnet 10.0.12.0 netmask 255.255.255.0 {
@@ Line 215: / Line 216: @@
 sysrc rtadvd_interfaces="em0"
 sysrc vlans_em1="23"
-sysrc ifconfig_em1="up"
+sysrc ifconfig_em1="up mtu 1528"
 sysrc ifconfig_em0="inet 10.0.12.2/24"
 sysrc ifconfig_em0_ipv6="inet6 2001:db8:12::2 prefixlen 64"
@@ Line 430: / Line 431: @@
 sysrc hostname=R3
 sysrc vlans_em1="23"
-sysrc ifconfig_em1="up"
+sysrc ifconfig_em1="up mtu 1528"
 sysrc ifconfig_em1_23="inet 10.0.23.3/24"
 sysrc ifconfig_em1_23_ipv6="inet6 2001:db8:23::3 prefixlen 64"
-sysrc ifconfig_em2="inet 10.0.34.3/24"
+sysrc ifconfig_em2="inet 10.0.34.3/24 mtu 1528"
 sysrc ifconfig_em2_ipv6="inet6 2001:db8:34::3 prefixlen 64"
 sysrc bird_enable=YES
-sysrc bird6_enable=YES
 sysrc pf_enable=YES
 sysrc pf_rules="/etc/pf.conf"
@@ Line 442: / Line 442: @@
 cat > /etc/pf.conf <<EOF
+#Variables definitions
+#TO_R2_if = "{" vtnet1.23 em1.23 "}"
+#TO_R4_if = "{" vtnet2 em2 "}"
+#R2 = "10.0.0.2/32"
+#R4 = "10.0.0.4/32"
+## ALTQ rules
+# Queue outgoing from \$TO_R4_if (R2 => R4)
+# Rate-limit inet 4 VPN traffic to 10Mb
+#altq on \$TO_R4_if hfsc bandwidth 100Mb queue { VPN4_TO_R4, OTHER_TO_R4 }
+#queue VPN4_TO_R4 bandwidth 10Mb hfsc(upperlimit 10Mb)
+#queue OTHER_TO_R4 bandwidth 90Mb hfsc(default)
+# Queue for outgoing traffic from \$TO_R2_if (R4 => R2)
+#altq on \$TO_R2_if hfsc bandwidth 100Mb queue { VPN4_TO_R2, OTHER_TO_R2 }
+#queue VPN4_TO_R2 bandwidth 10Mb hfsc(upperlimit 10Mb)
+#queue OTHER_TO_R2 bandwidth 90Mb hfsc(default)
+## PF rules
+# R2 => R4
+# Shapping works on outgoing traffic only, but need to 'mark' traffic
+# entering the interface for putting returning traffic in the good queue
+#pass in quick on \$TO_R2_if proto gre from \$R2 to \$R4 queue VPN4_TO_R2
+# Apply ALTQ to traffic that get out from \$TO_R4_if
+#pass out quick on \$TO_R4_if proto gre from \$R2 to \$R4 queue VPN4_TO_R4
+# PF rules R4 => R2
+#pass in quick on \$TO_R4_if proto gre from \$R4 to \$R2 queue VPN4_TO_R4
+#pass out quick on \$TO_R2_if proto gre from \$R4 to \$R2 queue VPN4_TO_R2
 # ALTQ is disabled since BSDRP 1.81 (too much performance impact)
 pass all
@@ Line 456: / Line 487: @@
 # Sync bird routing table with kernel
-protocol kernel {
+protocol kernel kernel4 {
+    ipv4 {
         export all;
+    };
+}
+protocol kernel kernel6 {
+    ipv6 {
+        export all;
+    };
 }
@@ Line 465: / Line 503: @@
 }
-# Include directly connected network
+# Include directly connected networks
 protocol direct {
-        interface "vtnet1", "em1", "vtnet2", "em2";
+        ipv4;
+        ipv6;
 }
-protocol rip R4 {
+protocol rip R4inet4 {
-        export all;
+    interface "vtnet2","em2" {
-        interface "vtnet2","em2" {
+        version 2;
-            version 2;
+    };
-            password "rippassword" { algorithm keyed md5; };
+    ipv4 {
-            authentication cryptographic;
+         export all;
-        };
+    };
 }
-protocol bgp R2 {
+protocol rip ng R4inet6 {
-        local as 100;
+    interface "vtnet2","em2" ;
-        # Bird creates IPSEC SAD entry automatically but it need to know the source IP address
+    ipv6 {
-        # Otherwise it will use the wrong 0.0.0.0 IP as source
-        source address 10.0.23.3;
-        neighbor 10.0.23.2 as 100;
-        password "abigpassword";
-        import all;
         export all;
+    };
 }
-EOF
-cat > /usr/local/etc/bird6.conf <<EOF
+protocol bgp R2inet4 {
-# Configure logging
+    local as 100;
-log syslog all;
+    # Bird creates IPSEC SAD entry automatically but it need to know the source IP address
-log "/var/log/bird6.log" all;
+    # Otherwise it will use the wrong 0.0.0.0 IP as source
-log stderr all;
+    source address 10.0.23.3;
+    neighbor 10.0.23.2 as 100;
-# Override router ID
+    password "abigpassword";
-router id 0.0.0.3;
+    ipv4 {
+        import all;
-# Sync bird routing table with kernel
-protocol kernel {
         export all;
+    };
 }
-protocol device {
+protocol bgp R2inet6 {
-        scan time 10;
+    local as 100;
-}
+    # Bird creates IPSEC SAD entry automatically but it need to know the source IP address
-protocol direct {
+    # Otherwise it will use the wrong :: IP as source
-        interface "vtnet1", "em1", "vtnet2", "em2";
+    source address 2001:db8:23::3;
-}
+    neighbor 2001:db8:23::2 as 100;
+    password "abigpassword";
-protocol rip R4 {
+    ipv6 {
-        export all;
-        interface "vtnet2","em2" ;
-}
-protocol bgp R2 {
-        local as 100;
-        # Bird creates IPSEC SAD entry automatically but it need to know the source IP address
-        # Otherwise it will use the wrong :: IP as source
-        source address 2001:db8:23::3;
-        neighbor 2001:db8:23::2 as 100;
-        password "abigpassword";
         import all;
         export all;
+    };
 }
 EOF
@@ Line 534: / Line 557: @@
 service pf start
 service bird start
-service bird6 start
 </code>
 ==== Router 4 ====
@@ Line 544: / Line 566: @@
 sysrc ifconfig_em3="inet 10.0.45.4/24"
 sysrc ifconfig_em3_ipv6="inet6 2001:db8:45::4 prefixlen 64"
-sysrc ifconfig_em2="10.0.34.4/24"
+sysrc ifconfig_em2="10.0.34.4/24 mtu 1528"
 sysrc ifconfig_em2_ipv6="inet6 2001:db8:34::4 prefixlen 64"
 sysrc cloned_interfaces="lo1"
@@ Line 735: / Line 757: @@
         kldload dummynet
 fi
 # Flush out the list before we begin.
 \${fwcmd} -f flush
@@ Line 849: / Line 872: @@
 [root@R1]~# iperf3 -c 2001:db8:56:0:cf:8fff:fea9:490b
 Connecting to host 2001:db8:56:0:cf:8fff:fea9:490b, port 5201
-[  5] local 2001:db8:12:0:5a9c:fcff:fe01:201 port 57675 connected to 2001:db8:56:0:cf:8fff:fea9:490b port 5201
+[  5] local 2001:db8:12:0:5a9c:fcff:fe01:201 port 62845 connected to 2001:db8:56:0:cf:8fff:fea9:490b port 5201
 [ ID] Interval           Transfer     Bitrate         Retr  Cwnd
-[  5]   0.00-1.00   sec  1.05 MBytes  8.79 Mbits/sec   24   27.2 KBytes
+[  5]   0.00-1.00   sec  1.74 MBytes  14.6 Mbits/sec    0   68.2 KBytes
-[  5]   1.00-2.00   sec  1.73 MBytes  14.5 Mbits/sec   11   16.3 KBytes
+[  5]   1.00-2.00   sec  2.23 MBytes  18.7 Mbits/sec    3   65.2 KBytes
-[  5]   2.00-3.00   sec  1.34 MBytes  11.3 Mbits/sec    4   36.8 KBytes
+[  5]   2.00-3.00   sec  2.19 MBytes  18.3 Mbits/sec    2   77.6 KBytes
-[  5]   3.00-4.00   sec   736 KBytes  6.03 Mbits/sec    7   23.1 KBytes
+[  5]   3.00-4.00   sec  2.19 MBytes  18.3 Mbits/sec    8   57.1 KBytes
-[  5]   4.00-5.00   sec   733 KBytes  6.01 Mbits/sec    9   15.0 KBytes
+[  5]   4.00-5.00   sec  2.19 MBytes  18.3 Mbits/sec    2   38.0 KBytes
-[  5]   5.00-6.00   sec  1.23 MBytes  10.3 Mbits/sec    4   28.6 KBytes
+[  5]   5.00-6.00   sec  2.19 MBytes  18.3 Mbits/sec    1   61.2 KBytes
-[  5]   6.00-7.00   sec  1.28 MBytes  10.8 Mbits/sec    6   28.6 KBytes
+[  5]   6.00-7.00   sec  2.19 MBytes  18.4 Mbits/sec    2   42.1 KBytes
-[  5]   7.00-8.00   sec  1.40 MBytes  11.7 Mbits/sec   11   9.50 KBytes
+[  5]   7.00-8.00   sec  2.19 MBytes  18.3 Mbits/sec    1   61.2 KBytes
-[  5]   8.00-9.00   sec   969 KBytes  7.94 Mbits/sec    7   17.7 KBytes
+[  5]   8.00-9.00   sec  2.19 MBytes  18.3 Mbits/sec    2   44.8 KBytes
-[  5]   9.00-10.00  sec   956 KBytes  7.83 Mbits/sec    8   8.14 KBytes
+[  5]   9.00-10.00  sec  2.18 MBytes  18.3 Mbits/sec    1   65.3 KBytes
 - - - - - - - - - - - - - - - - - - - - - - - - -
 [ ID] Interval           Transfer     Bitrate         Retr
-[  5]   0.00-10.00  sec  11.3 MBytes  9.52 Mbits/sec   91             sender
+[  5]   0.00-10.00  sec  21.5 MBytes  18.0 Mbits/sec   22             sender
-[  5]   0.00-10.02  sec  11.3 MBytes  9.42 Mbits/sec                  receiver
+[  5]   0.00-10.03  sec  21.3 MBytes  17.8 Mbits/sec                  receiver
 iperf Done.
+[root@R1]~#
 </code>
 ==== netflow ====