Differences

This shows you the differences between two versions of the page.

--- documentation:examples:maximum_bsdrp_features_lab [2019/10/03 14:09] – [Router 4] olivier
+++ documentation:examples:maximum_bsdrp_features_lab [2019/11/04 21:47] – [Router 3] olivier
@@ Line 436: / Line 436: @@
 sysrc ifconfig_em2_ipv6="inet6 2001:db8:34::3 prefixlen 64"
 sysrc bird_enable=YES
-sysrc bird6_enable=YES
 sysrc pf_enable=YES
 sysrc pf_rules="/etc/pf.conf"
@@ Line 442: / Line 441: @@
 cat > /etc/pf.conf <<EOF
+#Variables definitions
+#TO_R2_if = "{" vtnet1.23 em1.23 "}"
+#TO_R4_if = "{" vtnet2 em2 "}"
+#R2 = "10.0.0.2/32"
+#R4 = "10.0.0.4/32"
+## ALTQ rules
+# Queue outgoing from \$TO_R4_if (R2 => R4)
+# Rate-limit inet 4 VPN traffic to 10Mb
+#altq on \$TO_R4_if hfsc bandwidth 100Mb queue { VPN4_TO_R4, OTHER_TO_R4 }
+#queue VPN4_TO_R4 bandwidth 10Mb hfsc(upperlimit 10Mb)
+#queue OTHER_TO_R4 bandwidth 90Mb hfsc(default)
+# Queue for outgoing traffic from \$TO_R2_if (R4 => R2)
+#altq on \$TO_R2_if hfsc bandwidth 100Mb queue { VPN4_TO_R2, OTHER_TO_R2 }
+#queue VPN4_TO_R2 bandwidth 10Mb hfsc(upperlimit 10Mb)
+#queue OTHER_TO_R2 bandwidth 90Mb hfsc(default)
+## PF rules
+# R2 => R4
+# Shapping works on outgoing traffic only, but need to 'mark' traffic
+# entering the interface for putting returning traffic in the good queue
+#pass in quick on \$TO_R2_if proto gre from \$R2 to \$R4 queue VPN4_TO_R2
+# Apply ALTQ to traffic that get out from \$TO_R4_if
+#pass out quick on \$TO_R4_if proto gre from \$R2 to \$R4 queue VPN4_TO_R4
+# PF rules R4 => R2
+#pass in quick on \$TO_R4_if proto gre from \$R4 to \$R2 queue VPN4_TO_R4
+#pass out quick on \$TO_R2_if proto gre from \$R4 to \$R2 queue VPN4_TO_R2
 # ALTQ is disabled since BSDRP 1.81 (too much performance impact)
 pass all
@@ Line 456: / Line 486: @@
 # Sync bird routing table with kernel
-protocol kernel {
+protocol kernel kernel4 {
+    ipv4 {
         export all;
+    };
+}
+protocol kernel kernel6 {
+    ipv6 {
+        export all;
+    };
 }
@@ Line 465: / Line 502: @@
 }
-# Include directly connected network
+# Include directly connected networks
 protocol direct {
-        interface "vtnet1", "em1", "vtnet2", "em2";
+        ipv4;
+        ipv6;
 }
-protocol rip R4 {
+protocol rip R4inet4 {
-        export all;
+    interface "vtnet2","em2" {
-        interface "vtnet2","em2" {
+        version 2;
-            version 2;
+    };
-            password "rippassword" { algorithm keyed md5; };
+    ipv4 {
-            authentication cryptographic;
+         export all;
-        };
+    };
 }
-protocol bgp R2 {
+protocol rip ng R4inet6 {
-        local as 100;
+    interface "vtnet2","em2" ;
-        # Bird creates IPSEC SAD entry automatically but it need to know the source IP address
+    ipv6 {
-        # Otherwise it will use the wrong 0.0.0.0 IP as source
-        source address 10.0.23.3;
-        neighbor 10.0.23.2 as 100;
-        password "abigpassword";
-        import all;
         export all;
+    };
 }
-EOF
-cat > /usr/local/etc/bird6.conf <<EOF
+protocol bgp R2inet4 {
-# Configure logging
+    local as 100;
-log syslog all;
+    # Bird creates IPSEC SAD entry automatically but it need to know the source IP address
-log "/var/log/bird6.log" all;
+    # Otherwise it will use the wrong 0.0.0.0 IP as source
-log stderr all;
+    source address 10.0.23.3;
+    neighbor 10.0.23.2 as 100;
-# Override router ID
+    password "abigpassword";
-router id 0.0.0.3;
+    ipv4 {
+        import all;
-# Sync bird routing table with kernel
-protocol kernel {
-        export all;
-}
-protocol device {
-        scan time 10;
-}
-protocol direct {
-        interface "vtnet1", "em1", "vtnet2", "em2";
-}
-protocol rip R4 {
         export all;
-        interface "vtnet2","em2" ;
+    };
 }
-protocol bgp R2 {
+protocol bgp R2inet6 {
-        local as 100;
+    local as 100;
-        # Bird creates IPSEC SAD entry automatically but it need to know the source IP address
+    # Bird creates IPSEC SAD entry automatically but it need to know the source IP address
-        # Otherwise it will use the wrong :: IP as source
+    # Otherwise it will use the wrong :: IP as source
-        source address 2001:db8:23::3;
+    source address 2001:db8:23::3;
-        neighbor 2001:db8:23::2 as 100;
+    neighbor 2001:db8:23::2 as 100;
-        password "abigpassword";
+    password "abigpassword";
+    ipv6 {
         import all;
         export all;
+    };
 }
 EOF
@@ Line 534: / Line 556: @@
 service pf start
 service bird start
-service bird6 start
 </code>
 ==== Router 4 ====