User Tools

Site Tools


documentation:examples:maximum_bsdrp_features_lab

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
documentation:examples:maximum_bsdrp_features_lab [2019/05/29 17:32]
127.0.0.1 external edit
documentation:examples:maximum_bsdrp_features_lab [2019/11/04 21:48] (current)
olivier [Router 5 (including jail5 and jail6)]
Line 130: Line 130:
 subnet 10.0.45.0 netmask 255.255.255.0 { subnet 10.0.45.0 netmask 255.255.255.0 {
 } }
 +
 #Declare R1 LAN and gateway #Declare R1 LAN and gateway
 subnet 10.0.12.0 netmask 255.255.255.0 { subnet 10.0.12.0 netmask 255.255.255.0 {
Line 215: Line 216:
 sysrc rtadvd_interfaces="​em0"​ sysrc rtadvd_interfaces="​em0"​
 sysrc vlans_em1="​23"​ sysrc vlans_em1="​23"​
-sysrc ifconfig_em1="​up"​+sysrc ifconfig_em1="​up ​mtu 1528"
 sysrc ifconfig_em0="​inet 10.0.12.2/​24"​ sysrc ifconfig_em0="​inet 10.0.12.2/​24"​
 sysrc ifconfig_em0_ipv6="​inet6 2001:​db8:​12::​2 prefixlen 64" sysrc ifconfig_em0_ipv6="​inet6 2001:​db8:​12::​2 prefixlen 64"
Line 430: Line 431:
 sysrc hostname=R3 sysrc hostname=R3
 sysrc vlans_em1="​23"​ sysrc vlans_em1="​23"​
-sysrc ifconfig_em1="​up"​+sysrc ifconfig_em1="​up ​mtu 1528"
 sysrc ifconfig_em1_23="​inet 10.0.23.3/​24"​ sysrc ifconfig_em1_23="​inet 10.0.23.3/​24"​
 sysrc ifconfig_em1_23_ipv6="​inet6 2001:​db8:​23::​3 prefixlen 64" sysrc ifconfig_em1_23_ipv6="​inet6 2001:​db8:​23::​3 prefixlen 64"
-sysrc ifconfig_em2="​inet 10.0.34.3/​24"​+sysrc ifconfig_em2="​inet 10.0.34.3/​24 ​mtu 1528"
 sysrc ifconfig_em2_ipv6="​inet6 2001:​db8:​34::​3 prefixlen 64" sysrc ifconfig_em2_ipv6="​inet6 2001:​db8:​34::​3 prefixlen 64"
 sysrc bird_enable=YES sysrc bird_enable=YES
-sysrc bird6_enable=YES 
 sysrc pf_enable=YES sysrc pf_enable=YES
 sysrc pf_rules="/​etc/​pf.conf"​ sysrc pf_rules="/​etc/​pf.conf"​
Line 442: Line 442:
  
 cat > /​etc/​pf.conf <<EOF cat > /​etc/​pf.conf <<EOF
 +#Variables definitions
 +#TO_R2_if = "​{"​ vtnet1.23 em1.23 "​}"​
 +#TO_R4_if = "​{"​ vtnet2 em2 "​}"​
 +#R2 = "​10.0.0.2/​32"​
 +#R4 = "​10.0.0.4/​32"​
 +
 +## ALTQ rules
 +# Queue outgoing from \$TO_R4_if (R2 => R4)
 +# Rate-limit inet 4 VPN traffic to 10Mb
 +#altq on \$TO_R4_if hfsc bandwidth 100Mb queue { VPN4_TO_R4, OTHER_TO_R4 }
 +#queue VPN4_TO_R4 bandwidth 10Mb hfsc(upperlimit 10Mb)
 +#queue OTHER_TO_R4 bandwidth 90Mb hfsc(default)
 +
 +# Queue for outgoing traffic from \$TO_R2_if (R4 => R2)
 +#altq on \$TO_R2_if hfsc bandwidth 100Mb queue { VPN4_TO_R2, OTHER_TO_R2 }
 +#queue VPN4_TO_R2 bandwidth 10Mb hfsc(upperlimit 10Mb)
 +#queue OTHER_TO_R2 bandwidth 90Mb hfsc(default)
 +
 +## PF rules
 +
 +# R2 => R4
 +# Shapping works on outgoing traffic only, but need to '​mark'​ traffic
 +# entering the interface for putting returning traffic in the good queue
 +#pass in quick on \$TO_R2_if proto gre from \$R2 to \$R4 queue VPN4_TO_R2
 +# Apply ALTQ to traffic that get out from \$TO_R4_if
 +#pass out quick on \$TO_R4_if proto gre from \$R2 to \$R4 queue VPN4_TO_R4
 +
 +# PF rules R4 => R2
 +#pass in quick on \$TO_R4_if proto gre from \$R4 to \$R2 queue VPN4_TO_R4
 +#pass out quick on \$TO_R2_if proto gre from \$R4 to \$R2 queue VPN4_TO_R2
 +
 # ALTQ is disabled since BSDRP 1.81 (too much performance impact) # ALTQ is disabled since BSDRP 1.81 (too much performance impact)
 pass all pass all
Line 456: Line 487:
  
 # Sync bird routing table with kernel # Sync bird routing table with kernel
-protocol kernel {+protocol kernel ​kernel4 { 
 +    ipv4 { 
 +        export all; 
 +    }; 
 +
 +protocol kernel kernel6 { 
 +    ipv6 {
         export all;         export all;
 +    };
 } }
  
Line 465: Line 503:
 } }
  
-# Include directly connected ​network+# Include directly connected ​networks
 protocol direct { protocol direct {
-        ​interface "​vtnet1",​ "​em1",​ "​vtnet2",​ "​em2"​;+        ​ipv4; 
 +        ipv6;
 } }
  
-protocol rip R4 +protocol rip R4inet4 ​
-        ​export all; +    interface "​vtnet2","​em2"​ { 
-        ​interface "​vtnet2","​em2"​ { +        version 2; 
-            version 2; +    }; 
-            ​password "​rippassword"​ { algorithm keyed md5; }; +    ipv4 { 
-            ​authentication cryptographic+         ​export all
-        };+    };
 } }
  
-protocol ​bgp R2 +protocol ​rip ng R4inet6 ​
-        local as 100; +    ​interface ​"vtnet2","​em2" ; 
-        # Bird creates IPSEC SAD entry automatically but it need to know the source IP address +    ipv6 {
-        # Otherwise it will use the wrong 0.0.0.0 IP as source +
-        source address 10.0.23.3;​ +
-        neighbor 10.0.23.2 as 100; +
-        password ​"abigpassword";  +
-        ​import all;+
         export all;         export all;
 +    };
 } }
-EOF 
  
-cat > /usr/local/​etc/​bird6.conf <<EOF +protocol bgp R2inet4 { 
-Configure logging +    ​local as 100; 
-log syslog all; +    Bird creates IPSEC SAD entry automatically but it need to know the source IP address 
-log "/​var/​log/​bird6.log"​ all; +    Otherwise it will use the wrong 0.0.0.0 IP as source 
-log stderr all; +    source address 10.0.23.3; 
- +    ​neighbor 10.0.23.2 as 100
-Override router ID +    ​password "​abigpassword"​
-router id 0.0.0.3; +    ​ipv4 ​
- +        ​import all;
-# Sync bird routing table with kernel +
-protocol kernel { +
-        export all+
-+
- +
-protocol device { +
-        scan time 10+
-+
-protocol direct ​+
-        ​interface "​vtnet1",​ "​em1",​ "​vtnet2",​ "​em2"​; +
-+
- +
-protocol rip R4 {+
         export all;         export all;
-        interface "​vtnet2","​em2" ​;+    };
 } }
  
-protocol bgp R2 +protocol bgp R2inet6 ​
-        local as 100; +    local as 100; 
-        # Bird creates IPSEC SAD entry automatically but it need to know the source IP address +    # Bird creates IPSEC SAD entry automatically but it need to know the source IP address 
-        # Otherwise it will use the wrong :: IP as source +    # Otherwise it will use the wrong :: IP as source 
-        source address 2001:​db8:​23::​3;​ +    source address 2001:​db8:​23::​3;​ 
-        neighbor 2001:​db8:​23::​2 as 100; +    neighbor 2001:​db8:​23::​2 as 100; 
-        password "​abigpassword";​+    password "​abigpassword";​ 
 +    ipv6 {
         import all;         import all;
         export all;         export all;
 +    };
 } }
 EOF EOF
Line 534: Line 557:
 service pf start service pf start
 service bird start service bird start
-service bird6 start 
 </​code>​ </​code>​
 ==== Router 4 ==== ==== Router 4 ====
Line 544: Line 566:
 sysrc ifconfig_em3="​inet 10.0.45.4/​24"​ sysrc ifconfig_em3="​inet 10.0.45.4/​24"​
 sysrc ifconfig_em3_ipv6="​inet6 2001:​db8:​45::​4 prefixlen 64" sysrc ifconfig_em3_ipv6="​inet6 2001:​db8:​45::​4 prefixlen 64"
-sysrc ifconfig_em2="​10.0.34.4/​24"​+sysrc ifconfig_em2="​10.0.34.4/​24 ​mtu 1528"
 sysrc ifconfig_em2_ipv6="​inet6 2001:​db8:​34::​4 prefixlen 64" sysrc ifconfig_em2_ipv6="​inet6 2001:​db8:​34::​4 prefixlen 64"
 sysrc cloned_interfaces="​lo1"​ sysrc cloned_interfaces="​lo1"​
Line 735: Line 757:
         kldload dummynet         kldload dummynet
 fi fi
 +
 # Flush out the list before we begin. # Flush out the list before we begin.
 \${fwcmd} -f flush \${fwcmd} -f flush
Line 846: Line 869:
 Start an iperf3 ipv6 client on R1, and check available bandwith is about 20Mb/s: Start an iperf3 ipv6 client on R1, and check available bandwith is about 20Mb/s:
  
 +<​code>​
 +[root@R1]~# iperf3 -c 2001:​db8:​56:​0:​cf:​8fff:​fea9:​490b
 +Connecting to host 2001:​db8:​56:​0:​cf:​8fff:​fea9:​490b,​ port 5201
 +[  5] local 2001:​db8:​12:​0:​5a9c:​fcff:​fe01:​201 port 62845 connected to 2001:​db8:​56:​0:​cf:​8fff:​fea9:​490b port 5201
 +[ ID] Interval ​          ​Transfer ​    ​Bitrate ​        ​Retr ​ Cwnd
 +[  5]   ​0.00-1.00 ​  ​sec ​ 1.74 MBytes ​ 14.6 Mbits/​sec ​   0   68.2 KBytes
 +[  5]   ​1.00-2.00 ​  ​sec ​ 2.23 MBytes ​ 18.7 Mbits/​sec ​   3   65.2 KBytes
 +[  5]   ​2.00-3.00 ​  ​sec ​ 2.19 MBytes ​ 18.3 Mbits/​sec ​   2   77.6 KBytes
 +[  5]   ​3.00-4.00 ​  ​sec ​ 2.19 MBytes ​ 18.3 Mbits/​sec ​   8   57.1 KBytes
 +[  5]   ​4.00-5.00 ​  ​sec ​ 2.19 MBytes ​ 18.3 Mbits/​sec ​   2   38.0 KBytes
 +[  5]   ​5.00-6.00 ​  ​sec ​ 2.19 MBytes ​ 18.3 Mbits/​sec ​   1   61.2 KBytes
 +[  5]   ​6.00-7.00 ​  ​sec ​ 2.19 MBytes ​ 18.4 Mbits/​sec ​   2   42.1 KBytes
 +[  5]   ​7.00-8.00 ​  ​sec ​ 2.19 MBytes ​ 18.3 Mbits/​sec ​   1   61.2 KBytes
 +[  5]   ​8.00-9.00 ​  ​sec ​ 2.19 MBytes ​ 18.3 Mbits/​sec ​   2   44.8 KBytes
 +[  5]   ​9.00-10.00 ​ sec  2.18 MBytes ​ 18.3 Mbits/​sec ​   1   65.3 KBytes
 +- - - - - - - - - - - - - - - - - - - - - - - - -
 +[ ID] Interval ​          ​Transfer ​    ​Bitrate ​        Retr
 +[  5]   ​0.00-10.00 ​ sec  21.5 MBytes ​ 18.0 Mbits/​sec ​  ​22 ​            ​sender
 +[  5]   ​0.00-10.03 ​ sec  21.3 MBytes ​ 17.8 Mbits/​sec ​                 receiver
 +
 +iperf Done.
 +[root@R1]~#
 +</​code>​
 ==== netflow ==== ==== netflow ====
  
documentation/examples/maximum_bsdrp_features_lab.1559143964.txt.gz · Last modified: 2019/05/29 17:32 by 127.0.0.1