BSD Router Project

User Tools

Site Tools

Trace:
documentation:examples:maximum_bsdrp_features_lab

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
documentation:examples:maximum_bsdrp_features_lab [2019/10/03 14:09] – [Router 4] olivierdocumentation:examples:maximum_bsdrp_features_lab [2019/12/31 17:05] – [Router 1] olivier
Line 80: Line 80:
  
 <code> <code>
-sysrc hostname=R5 +sysrc hostname=R5 \ 
-sysrc ifconfig_em3=up + ifconfig_em3=up \ 
-sysrc cloned_interfaces=epair0 + cloned_interfaces=epair0 \ 
-sysrc ifconfig_epair0a=up + ifconfig_epair0a=up \ 
-sysrc kld_list+=" if_lagg carp"+ kld_list+=" if_lagg carp"
 ifconfig -l | grep -q vtnet && sed -i "" 's/em/vtnet/g' /etc/rc.conf ifconfig -l | grep -q vtnet && sed -i "" 's/em/vtnet/g' /etc/rc.conf
 cat > /etc/devfs.rules <<EOF cat > /etc/devfs.rules <<EOF
Line 104: Line 104:
 fi fi
 tenant -c -j jail6 -i epair0b tenant -c -j jail6 -i epair0b
-sysrc -f /etc/jails/jail5/rc.conf hostname=jail5 +sysrc -f /etc/jails/jail5/rc.conf hostname=jail5 \ 
-sysrc -f /etc/jails/jail5/rc.conf ifconfig_em3="inet 10.0.45.5/24" + ifconfig_em3="inet 10.0.45.5/24" \ 
-sysrc -f /etc/jails/jail5/rc.conf ifconfig_em3_ipv6="inet6 2001:db8:45::5 prefixlen 64" + ifconfig_em3_ipv6="inet6 2001:db8:45::5 prefixlen 64" \ 
-sysrc -f /etc/jails/jail5/rc.conf ifconfig_epair0a="10.0.56.5/24" + ifconfig_epair0a="10.0.56.5/24" \ 
-sysrc -f /etc/jails/jail5/rc.conf ifconfig_epair0a_ipv6="inet6 2001:db8:56::5 prefixlen 64" + ifconfig_epair0a_ipv6="inet6 2001:db8:56::5 prefixlen 64" \ 
-sysrc -f /etc/jails/jail5/rc.conf ifconfig_epair0a_alias0="inet 10.0.56.254/32 vhid 1 pass testpass" + ifconfig_epair0a_alias0="inet 10.0.56.254/32 vhid 1 pass testpass" \ 
-sysrc -f /etc/jails/jail5/rc.conf ifconfig_epair0a_alias1="inet6 2001:db8:56::fe prefixlen 128 vhid 1 pass testpass" + ifconfig_epair0a_alias1="inet6 2001:db8:56::fe prefixlen 128 vhid 1 pass testpass" \ 
-sysrc -f /etc/jails/jail5/rc.conf rtadvd_enable=YES + rtadvd_enable=YES \ 
-sysrc -f /etc/jails/jail5/rc.conf rtadvd_interfaces=epair0a + rtadvd_interfaces=epair0a \ 
-sysrc -f /etc/jails/jail5/rc.conf dhcpd_enable=YES + dhcpd_enable=YES \ 
-sysrc -f /etc/jails/jail5/rc.conf dhcpd_flags="-q" + dhcpd_flags="-q" \ 
-sysrc -f /etc/jails/jail5/rc.conf dhcpd_conf="/usr/local/etc/dhcpd.conf" + dhcpd_conf="/usr/local/etc/dhcpd.conf" \ 
-sysrc -f /etc/jails/jail5/rc.conf frr_enable=YES + frr_enable=YES \ 
-sysrc -f /etc/jails/jail5/rc.conf frr_vtysh_boot="YES" + frr_vtysh_boot=YES \ 
-sysrc -f /etc/jails/jail5/rc.conf nfacctd_enable=YES + nfacctd_enable=YES \ 
-sysrc -f /etc/jails/jail5/rc.conf pimd_enable=YES+ pimd_enable=YES
 ifconfig -l | grep -q vtnet && sed -i "" 's/em/vtnet/g' /etc/jails/jail5/rc.conf ifconfig -l | grep -q vtnet && sed -i "" 's/em/vtnet/g' /etc/jails/jail5/rc.conf
 mkdir -p /etc/jails/jail5/local/frr mkdir -p /etc/jails/jail5/local/frr
Line 130: Line 130:
 subnet 10.0.45.0 netmask 255.255.255.0 { subnet 10.0.45.0 netmask 255.255.255.0 {
 } }
 +
 #Declare R1 LAN and gateway #Declare R1 LAN and gateway
 subnet 10.0.12.0 netmask 255.255.255.0 { subnet 10.0.12.0 netmask 255.255.255.0 {
Line 193: Line 194:
 EOF EOF
  
-sysrc -f /etc/jails/jail6/rc.conf hostname=jail6 +sysrc -f /etc/jails/jail6/rc.conf hostname=jail6 \ 
-sysrc -f /etc/jails/jail6/rc.conf ifconfig_epair0b="up" + ifconfig_epair0b="up" \ 
-sysrc -f /etc/jails/jail6/rc.conf cloned_interfaces="lagg0" + cloned_interfaces="lagg0" \ 
-sysrc -f /etc/jails/jail6/rc.conf ifconfig_lagg0="laggproto failover laggport epair0b SYNCDHCP" + ifconfig_lagg0="laggproto failover laggport epair0b SYNCDHCP" \ 
-sysrc -f /etc/jails/jail6/rc.conf ifconfig_lagg0_ipv6="inet6 accept_rtadv" + ifconfig_lagg0_ipv6="inet6 accept_rtadv" \ 
-sysrc -f /etc/jails/jail6/rc.conf rtsold_enable=YES + rtsold_enable=YES \ 
-sysrc -f /etc/jails/jail6/rc.conf bsnmpd_enable=YES + bsnmpd_enable=YES \ 
-sysrc -f /etc/jails/jail6/rc.conf gateway_enable=NO + gateway_enable=NO \ 
-sysrc -f /etc/jails/jail6/rc.conf ipv6_gateway_enable=NO+ ipv6_gateway_enable=NO
 service jail start service jail start
 </code> </code>
Line 436: Line 437:
 sysrc ifconfig_em2_ipv6="inet6 2001:db8:34::3 prefixlen 64" sysrc ifconfig_em2_ipv6="inet6 2001:db8:34::3 prefixlen 64"
 sysrc bird_enable=YES sysrc bird_enable=YES
-sysrc bird6_enable=YES 
 sysrc pf_enable=YES sysrc pf_enable=YES
 sysrc pf_rules="/etc/pf.conf" sysrc pf_rules="/etc/pf.conf"
Line 442: Line 442:
  
 cat > /etc/pf.conf <<EOF cat > /etc/pf.conf <<EOF
 +#Variables definitions
 +#TO_R2_if = "{" vtnet1.23 em1.23 "}"
 +#TO_R4_if = "{" vtnet2 em2 "}"
 +#R2 = "10.0.0.2/32"
 +#R4 = "10.0.0.4/32"
 +
 +## ALTQ rules
 +# Queue outgoing from \$TO_R4_if (R2 => R4)
 +# Rate-limit inet 4 VPN traffic to 10Mb
 +#altq on \$TO_R4_if hfsc bandwidth 100Mb queue { VPN4_TO_R4, OTHER_TO_R4 }
 +#queue VPN4_TO_R4 bandwidth 10Mb hfsc(upperlimit 10Mb)
 +#queue OTHER_TO_R4 bandwidth 90Mb hfsc(default)
 +
 +# Queue for outgoing traffic from \$TO_R2_if (R4 => R2)
 +#altq on \$TO_R2_if hfsc bandwidth 100Mb queue { VPN4_TO_R2, OTHER_TO_R2 }
 +#queue VPN4_TO_R2 bandwidth 10Mb hfsc(upperlimit 10Mb)
 +#queue OTHER_TO_R2 bandwidth 90Mb hfsc(default)
 +
 +## PF rules
 +
 +# R2 => R4
 +# Shapping works on outgoing traffic only, but need to 'mark' traffic
 +# entering the interface for putting returning traffic in the good queue
 +#pass in quick on \$TO_R2_if proto gre from \$R2 to \$R4 queue VPN4_TO_R2
 +# Apply ALTQ to traffic that get out from \$TO_R4_if
 +#pass out quick on \$TO_R4_if proto gre from \$R2 to \$R4 queue VPN4_TO_R4
 +
 +# PF rules R4 => R2
 +#pass in quick on \$TO_R4_if proto gre from \$R4 to \$R2 queue VPN4_TO_R4
 +#pass out quick on \$TO_R2_if proto gre from \$R4 to \$R2 queue VPN4_TO_R2
 +
 # ALTQ is disabled since BSDRP 1.81 (too much performance impact) # ALTQ is disabled since BSDRP 1.81 (too much performance impact)
 pass all pass all
Line 456: Line 487:
  
 # Sync bird routing table with kernel # Sync bird routing table with kernel
-protocol kernel {+protocol kernel kernel4 { 
 +    ipv4 {
         export all;         export all;
 +    };
 +}
 +protocol kernel kernel6 {
 +    ipv6 {
 +        export all;
 +    };
 } }
  
Line 465: Line 503:
 } }
  
-# Include directly connected network+# Include directly connected networks
 protocol direct { protocol direct {
-        interface "vtnet1", "em1", "vtnet2", "em2";+        ipv4; 
 +        ipv6;
 } }
  
-protocol rip R4 +protocol rip R4inet4 
-        export all; +    interface "vtnet2","em2"
-        interface "vtnet2","em2"+        version 2; 
-            version 2; +    }; 
-            password "rippassword" { algorithm keyed md5; }; +    ipv4 { 
-            authentication cryptographic+         export all
-        };+    };
 } }
  
-protocol bgp R2 +protocol rip ng R4inet6 
-        local as 100; +    interface "vtnet2","em2" ; 
-        # Bird creates IPSEC SAD entry automatically but it need to know the source IP address +    ipv6 {
-        # Otherwise it will use the wrong 0.0.0.0 IP as source +
-        source address 10.0.23.3; +
-        neighbor 10.0.23.2 as 100; +
-        password "abigpassword";  +
-        import all;+
         export all;         export all;
 +    };
 } }
-EOF 
  
-cat > /usr/local/etc/bird6.conf <<EOF +protocol bgp R2inet4 { 
-Configure logging +    local as 100; 
-log syslog all; +    Bird creates IPSEC SAD entry automatically but it need to know the source IP address 
-log "/var/log/bird6.log" all; +    Otherwise it will use the wrong 0.0.0.0 IP as source 
-log stderr all; +    source address 10.0.23.3; 
- +    neighbor 10.0.23.2 as 100
-Override router ID +    password "abigpassword"
-router id 0.0.0.3; +    ipv4 
- +        import all;
-# Sync bird routing table with kernel +
-protocol kernel { +
-        export all+
-+
- +
-protocol device { +
-        scan time 10+
-+
-protocol direct +
-        interface "vtnet1", "em1", "vtnet2", "em2"; +
-+
- +
-protocol rip R4 {+
         export all;         export all;
-        interface "vtnet2","em2" ;+    };
 } }
  
-protocol bgp R2 +protocol bgp R2inet6 
-        local as 100; +    local as 100; 
-        # Bird creates IPSEC SAD entry automatically but it need to know the source IP address +    # Bird creates IPSEC SAD entry automatically but it need to know the source IP address 
-        # Otherwise it will use the wrong :: IP as source +    # Otherwise it will use the wrong :: IP as source 
-        source address 2001:db8:23::3; +    source address 2001:db8:23::3; 
-        neighbor 2001:db8:23::2 as 100; +    neighbor 2001:db8:23::2 as 100; 
-        password "abigpassword";+    password "abigpassword"; 
 +    ipv6 {
         import all;         import all;
         export all;         export all;
 +    };
 } }
 EOF EOF
Line 534: Line 557:
 service pf start service pf start
 service bird start service bird start
-service bird6 start 
 </code> </code>
 ==== Router 4 ==== ==== Router 4 ====
Line 735: Line 757:
         kldload dummynet         kldload dummynet
 fi fi
 +
 # Flush out the list before we begin. # Flush out the list before we begin.
 \${fwcmd} -f flush \${fwcmd} -f flush
Line 768: Line 791:
  
 <code> <code>
-sysrc hostname=R1 +sysrc hostname=R1 \ 
-sysrc gateway_enable=NO + gateway_enable=NO \ 
-sysrc ipv6_gateway_enable=NO + ipv6_gateway_enable=NO \ 
-sysrc ifconfig_em0=up + ifconfig_em0=up \ 
-sysrc cloned_interfaces=lagg0 + cloned_interfaces=lagg0 \ 
-sysrc ifconfig_lagg0="laggproto loadbalance laggport em0 SYNCDHCP" + ifconfig_lagg0="laggproto loadbalance laggport em0 SYNCDHCP" \ 
-sysrc ifconfig_lagg0_ipv6="inet6 accept_rtadv" + ifconfig_lagg0_ipv6="inet6 accept_rtadv" \ 
-sysrc sshd_enable=yes+ sshd_enable=yes
 ifconfig -l | grep -q vtnet && sed -i "" 's/em/vtnet/g' /etc/rc.conf ifconfig -l | grep -q vtnet && sed -i "" 's/em/vtnet/g' /etc/rc.conf
 config save config save
documentation/examples/maximum_bsdrp_features_lab.txt · Last modified: 2022/07/07 13:23 by olivier
Except where otherwise noted, content on this wiki is licensed under the following license: BSD 2-Clause
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki