documentation:examples:maximum_bsdrp_features_lab
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
documentation:examples:maximum_bsdrp_features_lab [2019/10/03 14:09] – [Router 3] olivier | documentation:examples:maximum_bsdrp_features_lab [2019/11/04 21:48] – [Router 5 (including jail5 and jail6)] olivier | ||
---|---|---|---|
Line 130: | Line 130: | ||
subnet 10.0.45.0 netmask 255.255.255.0 { | subnet 10.0.45.0 netmask 255.255.255.0 { | ||
} | } | ||
+ | |||
#Declare R1 LAN and gateway | #Declare R1 LAN and gateway | ||
subnet 10.0.12.0 netmask 255.255.255.0 { | subnet 10.0.12.0 netmask 255.255.255.0 { | ||
Line 436: | Line 437: | ||
sysrc ifconfig_em2_ipv6=" | sysrc ifconfig_em2_ipv6=" | ||
sysrc bird_enable=YES | sysrc bird_enable=YES | ||
- | sysrc bird6_enable=YES | ||
sysrc pf_enable=YES | sysrc pf_enable=YES | ||
sysrc pf_rules="/ | sysrc pf_rules="/ | ||
Line 442: | Line 442: | ||
cat > / | cat > / | ||
+ | #Variables definitions | ||
+ | #TO_R2_if = " | ||
+ | #TO_R4_if = " | ||
+ | #R2 = " | ||
+ | #R4 = " | ||
+ | |||
+ | ## ALTQ rules | ||
+ | # Queue outgoing from \$TO_R4_if (R2 => R4) | ||
+ | # Rate-limit inet 4 VPN traffic to 10Mb | ||
+ | #altq on \$TO_R4_if hfsc bandwidth 100Mb queue { VPN4_TO_R4, OTHER_TO_R4 } | ||
+ | #queue VPN4_TO_R4 bandwidth 10Mb hfsc(upperlimit 10Mb) | ||
+ | #queue OTHER_TO_R4 bandwidth 90Mb hfsc(default) | ||
+ | |||
+ | # Queue for outgoing traffic from \$TO_R2_if (R4 => R2) | ||
+ | #altq on \$TO_R2_if hfsc bandwidth 100Mb queue { VPN4_TO_R2, OTHER_TO_R2 } | ||
+ | #queue VPN4_TO_R2 bandwidth 10Mb hfsc(upperlimit 10Mb) | ||
+ | #queue OTHER_TO_R2 bandwidth 90Mb hfsc(default) | ||
+ | |||
+ | ## PF rules | ||
+ | |||
+ | # R2 => R4 | ||
+ | # Shapping works on outgoing traffic only, but need to ' | ||
+ | # entering the interface for putting returning traffic in the good queue | ||
+ | #pass in quick on \$TO_R2_if proto gre from \$R2 to \$R4 queue VPN4_TO_R2 | ||
+ | # Apply ALTQ to traffic that get out from \$TO_R4_if | ||
+ | #pass out quick on \$TO_R4_if proto gre from \$R2 to \$R4 queue VPN4_TO_R4 | ||
+ | |||
+ | # PF rules R4 => R2 | ||
+ | #pass in quick on \$TO_R4_if proto gre from \$R4 to \$R2 queue VPN4_TO_R4 | ||
+ | #pass out quick on \$TO_R2_if proto gre from \$R4 to \$R2 queue VPN4_TO_R2 | ||
+ | |||
# ALTQ is disabled since BSDRP 1.81 (too much performance impact) | # ALTQ is disabled since BSDRP 1.81 (too much performance impact) | ||
pass all | pass all | ||
Line 456: | Line 487: | ||
# Sync bird routing table with kernel | # Sync bird routing table with kernel | ||
- | protocol kernel { | + | protocol kernel |
+ | ipv4 { | ||
export all; | export all; | ||
+ | }; | ||
+ | } | ||
+ | protocol kernel kernel6 { | ||
+ | ipv6 { | ||
+ | export all; | ||
+ | }; | ||
} | } | ||
Line 465: | Line 503: | ||
} | } | ||
- | # Include directly connected | + | # Include directly connected |
protocol direct { | protocol direct { | ||
- | | + | |
+ | ipv6; | ||
} | } | ||
- | protocol rip R4 { | + | protocol rip R4inet4 |
- | | + | interface " |
- | | + | version 2; |
- | version 2; | + | }; |
- | | + | ipv4 { |
- | | + | |
- | }; | + | }; |
} | } | ||
- | protocol | + | protocol |
- | local as 100; | + | |
- | # Bird creates IPSEC SAD entry automatically but it need to know the source IP address | + | ipv6 { |
- | # Otherwise it will use the wrong 0.0.0.0 IP as source | + | |
- | source address 10.0.23.3; | + | |
- | neighbor 10.0.23.2 as 100; | + | |
- | password | + | |
- | | + | |
export all; | export all; | ||
+ | }; | ||
} | } | ||
- | EOF | ||
- | cat > / | + | protocol bgp R2inet4 { |
- | # Configure logging | + | local as 100; |
- | log syslog all; | + | # Bird creates IPSEC SAD entry automatically but it need to know the source IP address |
- | log "/ | + | # Otherwise it will use the wrong 0.0.0.0 IP as source |
- | log stderr all; | + | source address 10.0.23.3; |
- | + | | |
- | # Override router ID | + | |
- | router id 0.0.0.3; | + | |
- | + | import all; | |
- | # Sync bird routing table with kernel | + | |
- | protocol kernel | + | |
export all; | export all; | ||
+ | }; | ||
} | } | ||
- | protocol device { | + | protocol bgp R2inet6 |
- | scan time 10; | + | local as 100; |
- | } | + | # Bird creates IPSEC SAD entry automatically but it need to know the source IP address |
- | protocol direct { | + | # Otherwise it will use the wrong :: IP as source |
- | interface " | + | source address 2001: |
- | } | + | neighbor 2001: |
- | + | password " | |
- | protocol rip R4 { | + | ipv6 { |
- | export all; | + | |
- | interface " | + | |
- | } | + | |
- | + | ||
- | protocol bgp R2 { | + | |
- | local as 100; | + | |
- | # Bird creates IPSEC SAD entry automatically but it need to know the source IP address | + | |
- | # Otherwise it will use the wrong :: IP as source | + | |
- | source address 2001: | + | |
- | neighbor 2001: | + | |
- | password " | + | |
import all; | import all; | ||
export all; | export all; | ||
+ | }; | ||
} | } | ||
EOF | EOF | ||
Line 534: | Line 557: | ||
service pf start | service pf start | ||
service bird start | service bird start | ||
- | service bird6 start | ||
</ | </ | ||
==== Router 4 ==== | ==== Router 4 ==== | ||
Line 544: | Line 566: | ||
sysrc ifconfig_em3=" | sysrc ifconfig_em3=" | ||
sysrc ifconfig_em3_ipv6=" | sysrc ifconfig_em3_ipv6=" | ||
- | sysrc ifconfig_em2=" | + | sysrc ifconfig_em2=" |
sysrc ifconfig_em2_ipv6=" | sysrc ifconfig_em2_ipv6=" | ||
sysrc cloned_interfaces=" | sysrc cloned_interfaces=" | ||
Line 735: | Line 757: | ||
kldload dummynet | kldload dummynet | ||
fi | fi | ||
+ | |||
# Flush out the list before we begin. | # Flush out the list before we begin. | ||
\${fwcmd} -f flush | \${fwcmd} -f flush |
documentation/examples/maximum_bsdrp_features_lab.txt · Last modified: 2022/07/07 13:23 by olivier