BSD Router Project

User Tools

Site Tools

Trace:
documentation:examples:maximum_bsdrp_features_lab

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
documentation:examples:maximum_bsdrp_features_lab [2019/10/03 14:09] – [Router 4] olivierdocumentation:examples:maximum_bsdrp_features_lab [2019/11/04 21:47] – [Router 4] olivier
Line 436: Line 436:
 sysrc ifconfig_em2_ipv6="inet6 2001:db8:34::3 prefixlen 64" sysrc ifconfig_em2_ipv6="inet6 2001:db8:34::3 prefixlen 64"
 sysrc bird_enable=YES sysrc bird_enable=YES
-sysrc bird6_enable=YES 
 sysrc pf_enable=YES sysrc pf_enable=YES
 sysrc pf_rules="/etc/pf.conf" sysrc pf_rules="/etc/pf.conf"
Line 442: Line 441:
  
 cat > /etc/pf.conf <<EOF cat > /etc/pf.conf <<EOF
 +#Variables definitions
 +#TO_R2_if = "{" vtnet1.23 em1.23 "}"
 +#TO_R4_if = "{" vtnet2 em2 "}"
 +#R2 = "10.0.0.2/32"
 +#R4 = "10.0.0.4/32"
 +
 +## ALTQ rules
 +# Queue outgoing from \$TO_R4_if (R2 => R4)
 +# Rate-limit inet 4 VPN traffic to 10Mb
 +#altq on \$TO_R4_if hfsc bandwidth 100Mb queue { VPN4_TO_R4, OTHER_TO_R4 }
 +#queue VPN4_TO_R4 bandwidth 10Mb hfsc(upperlimit 10Mb)
 +#queue OTHER_TO_R4 bandwidth 90Mb hfsc(default)
 +
 +# Queue for outgoing traffic from \$TO_R2_if (R4 => R2)
 +#altq on \$TO_R2_if hfsc bandwidth 100Mb queue { VPN4_TO_R2, OTHER_TO_R2 }
 +#queue VPN4_TO_R2 bandwidth 10Mb hfsc(upperlimit 10Mb)
 +#queue OTHER_TO_R2 bandwidth 90Mb hfsc(default)
 +
 +## PF rules
 +
 +# R2 => R4
 +# Shapping works on outgoing traffic only, but need to 'mark' traffic
 +# entering the interface for putting returning traffic in the good queue
 +#pass in quick on \$TO_R2_if proto gre from \$R2 to \$R4 queue VPN4_TO_R2
 +# Apply ALTQ to traffic that get out from \$TO_R4_if
 +#pass out quick on \$TO_R4_if proto gre from \$R2 to \$R4 queue VPN4_TO_R4
 +
 +# PF rules R4 => R2
 +#pass in quick on \$TO_R4_if proto gre from \$R4 to \$R2 queue VPN4_TO_R4
 +#pass out quick on \$TO_R2_if proto gre from \$R4 to \$R2 queue VPN4_TO_R2
 +
 # ALTQ is disabled since BSDRP 1.81 (too much performance impact) # ALTQ is disabled since BSDRP 1.81 (too much performance impact)
 pass all pass all
Line 456: Line 486:
  
 # Sync bird routing table with kernel # Sync bird routing table with kernel
-protocol kernel {+protocol kernel kernel4 { 
 +    ipv4 { 
 +        export all; 
 +    }; 
 +
 +protocol kernel kernel6 { 
 +    ipv6 {
         export all;         export all;
 +    };
 } }
  
Line 465: Line 502:
 } }
  
-# Include directly connected network+# Include directly connected networks
 protocol direct { protocol direct {
-        interface "vtnet1", "em1", "vtnet2", "em2";+        ipv4; 
 +        ipv6;
 } }
  
-protocol rip R4 +protocol rip R4inet4 
-        export all; +    interface "vtnet2","em2"
-        interface "vtnet2","em2"+        version 2; 
-            version 2; +    }; 
-            password "rippassword" { algorithm keyed md5; }; +    ipv4 { 
-            authentication cryptographic+         export all
-        };+    };
 } }
  
-protocol bgp R2 +protocol rip ng R4inet6 
-        local as 100; +    interface "vtnet2","em2" ; 
-        # Bird creates IPSEC SAD entry automatically but it need to know the source IP address +    ipv6 {
-        # Otherwise it will use the wrong 0.0.0.0 IP as source +
-        source address 10.0.23.3; +
-        neighbor 10.0.23.2 as 100; +
-        password "abigpassword";  +
-        import all;+
         export all;         export all;
 +    };
 } }
-EOF 
  
-cat > /usr/local/etc/bird6.conf <<EOF +protocol bgp R2inet4 { 
-Configure logging +    local as 100; 
-log syslog all; +    Bird creates IPSEC SAD entry automatically but it need to know the source IP address 
-log "/var/log/bird6.log" all; +    Otherwise it will use the wrong 0.0.0.0 IP as source 
-log stderr all; +    source address 10.0.23.3; 
- +    neighbor 10.0.23.2 as 100
-Override router ID +    password "abigpassword"
-router id 0.0.0.3; +    ipv4 
- +        import all;
-# Sync bird routing table with kernel +
-protocol kernel { +
-        export all+
-+
- +
-protocol device { +
-        scan time 10+
-+
-protocol direct +
-        interface "vtnet1", "em1", "vtnet2", "em2"; +
-+
- +
-protocol rip R4 {+
         export all;         export all;
-        interface "vtnet2","em2" ;+    };
 } }
  
-protocol bgp R2 +protocol bgp R2inet6 
-        local as 100; +    local as 100; 
-        # Bird creates IPSEC SAD entry automatically but it need to know the source IP address +    # Bird creates IPSEC SAD entry automatically but it need to know the source IP address 
-        # Otherwise it will use the wrong :: IP as source +    # Otherwise it will use the wrong :: IP as source 
-        source address 2001:db8:23::3; +    source address 2001:db8:23::3; 
-        neighbor 2001:db8:23::2 as 100; +    neighbor 2001:db8:23::2 as 100; 
-        password "abigpassword";+    password "abigpassword"; 
 +    ipv6 {
         import all;         import all;
         export all;         export all;
 +    };
 } }
 EOF EOF
Line 534: Line 556:
 service pf start service pf start
 service bird start service bird start
-service bird6 start 
 </code> </code>
 ==== Router 4 ==== ==== Router 4 ====
Line 735: Line 756:
         kldload dummynet         kldload dummynet
 fi fi
 +
 # Flush out the list before we begin. # Flush out the list before we begin.
 \${fwcmd} -f flush \${fwcmd} -f flush
documentation/examples/maximum_bsdrp_features_lab.txt · Last modified: 2022/07/07 13:23 by olivier
Except where otherwise noted, content on this wiki is licensed under the following license: BSD 2-Clause
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki