documentation:examples:simple_bgp-rip-ospf_lab_with_bird
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
documentation:examples:simple_bgp-rip-ospf_lab_with_bird [2020/12/15 01:12] – created olivier | documentation:examples:simple_bgp-rip-ospf_lab_with_bird [2022/02/21 16:16] – [Jail 6] olivier | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== BGP/ | ====== BGP/ | ||
- | This Labs is done with BSDRP' | + | This Labs is done from one BSDRP VM and it explains how to use BSDRP using bird 2. |
===== Presentation ===== | ===== Presentation ===== | ||
Line 9: | Line 9: | ||
Here is the logical and physical view: | Here is the logical and physical view: | ||
- | {{: | + | {{: |
+ | |||
+ | ===== Router configuration ===== | ||
+ | |||
+ | All the configurations details here could be generated by the BSDRP lab script embedded that will creates 5 jails and configure them: | ||
+ | < | ||
+ | labconfig bird_jails | ||
+ | </ | ||
+ | |||
+ | ==== Host ==== | ||
+ | |||
+ | Unhide bpf interface to jails to be able to use tcpdump inside them. | ||
+ | |||
+ | < | ||
+ | sysrc hostname=host \ | ||
+ | cloned_interfaces=" | ||
+ | kld_list=" | ||
+ | cat > / | ||
+ | [devfsrules_jailbpf=4] | ||
+ | add include \$devfsrules_hide_all | ||
+ | add include \$devfsrules_unhide_basic | ||
+ | add include \$devfsrules_unhide_login | ||
+ | add path ' | ||
+ | ' | ||
+ | service devfs restart | ||
+ | service netif restart | ||
+ | service hostname restart | ||
+ | service kld start | ||
+ | tenant -c -j jail1 -i epair0a | ||
+ | tenant -c -j jail2 -i epair0b, | ||
+ | tenant -c -j jail3 -i epair1b, | ||
+ | tenant -c -j jail4 -i epair2b, | ||
+ | tenant -c -j jail5 -i epair3b | ||
+ | |||
+ | </ | ||
+ | ==== Jail 1 ==== | ||
+ | |||
+ | < | ||
+ | cat > / | ||
+ | hostname=" | ||
+ | gateway_enable=YES | ||
+ | ipv6_gateway_enable=YES | ||
+ | sysrc cloned_interfaces=lo1 | ||
+ | ifconfig_lo1=" | ||
+ | ifconfig_lo1_ipv6=" | ||
+ | ifconfig_epair0a=" | ||
+ | ifconfig_epair0a_ipv6=" | ||
+ | bird_enable=yes | ||
+ | EOF | ||
+ | |||
+ | cat > / | ||
+ | # Configure logging | ||
+ | log syslog all; | ||
+ | log "/ | ||
+ | log stderr all; | ||
+ | |||
+ | # Override router ID | ||
+ | router id 192.168.10.1; | ||
+ | |||
+ | # Sync bird routing table with kernel | ||
+ | protocol kernel kernel4 { | ||
+ | ipv4 { | ||
+ | export all; | ||
+ | }; | ||
+ | } | ||
+ | protocol kernel kernel6 { | ||
+ | ipv6 { | ||
+ | export all; | ||
+ | }; | ||
+ | } | ||
+ | |||
+ | protocol device { | ||
+ | scan time 10; | ||
+ | } | ||
+ | |||
+ | # Include directly connected networks | ||
+ | protocol direct { | ||
+ | ipv4; | ||
+ | ipv6; | ||
+ | } | ||
+ | protocol bgp bgp4 { | ||
+ | local as 12; | ||
+ | # Bird creates IPSEC SAD entry automatically but it need to know the source IP address | ||
+ | # Otherwise it will use the wrong 0.0.0.0 IP as source | ||
+ | source address 192.168.12.1; | ||
+ | neighbor 192.168.12.2 as 12; | ||
+ | password " | ||
+ | ipv4 { | ||
+ | import all; | ||
+ | export all; | ||
+ | }; | ||
+ | } | ||
+ | |||
+ | protocol bgp bgp6 { | ||
+ | local as 12; | ||
+ | # Bird creates IPSEC SAD entry automatically but it need to know the source IP address | ||
+ | # Otherwise it will use the wrong :: IP as source | ||
+ | source address 2001: | ||
+ | neighbor 2001: | ||
+ | password " | ||
+ | ipv6 { | ||
+ | import all; | ||
+ | export all; | ||
+ | }; | ||
+ | } | ||
+ | |||
+ | protocol bfd {} | ||
+ | EOF | ||
+ | </ | ||
+ | |||
+ | ==== Jail 2 ==== | ||
+ | |||
+ | < | ||
+ | cat > / | ||
+ | hostname=" | ||
+ | gateway_enable=YES | ||
+ | ipv6_gateway_enable=YES | ||
+ | ifconfig_epair0b=" | ||
+ | ifconfig_epair0b_ipv6=" | ||
+ | ifconfig_epair1a=" | ||
+ | ifconfig_epair1a_ipv6=" | ||
+ | bird_enable=yes | ||
+ | EOF | ||
+ | |||
+ | cat > / | ||
+ | # Configure logging | ||
+ | log syslog all; | ||
+ | log "/ | ||
+ | log stderr all; | ||
+ | |||
+ | # Override router ID | ||
+ | router id 192.168.10.2; | ||
+ | |||
+ | # Sync bird routing table with kernel | ||
+ | protocol kernel kernel4 { | ||
+ | ipv4 { | ||
+ | export all; | ||
+ | }; | ||
+ | } | ||
+ | protocol kernel kernel6 { | ||
+ | ipv6 { | ||
+ | export all; | ||
+ | }; | ||
+ | } | ||
+ | |||
+ | protocol device { | ||
+ | scan time 10; | ||
+ | } | ||
+ | |||
+ | # Include directly connected networks | ||
+ | protocol direct { | ||
+ | ipv4; | ||
+ | ipv6; | ||
+ | } | ||
+ | protocol bgp bgp4 { | ||
+ | local as 12; | ||
+ | # Bird creates IPSEC SAD entry automatically but it need to know the source IP address | ||
+ | # Otherwise it will use the wrong 0.0.0.0 IP as source | ||
+ | source address 192.168.12.2; | ||
+ | neighbor 192.168.12.1 as 12; | ||
+ | password " | ||
+ | ipv4 { | ||
+ | import all; | ||
+ | export all; | ||
+ | next hop self; | ||
+ | }; | ||
+ | } | ||
+ | |||
+ | protocol bgp bgp6 { | ||
+ | local as 12; | ||
+ | # Bird creates IPSEC SAD entry automatically but it need to know the source IP address | ||
+ | # Otherwise it will use the wrong :: IP as source | ||
+ | source address 2001: | ||
+ | neighbor 2001: | ||
+ | password " | ||
+ | ipv6 { | ||
+ | import all; | ||
+ | export all; | ||
+ | next hop self; | ||
+ | }; | ||
+ | } | ||
+ | |||
+ | protocol bfd {} | ||
+ | |||
+ | protocol rip rip4 { | ||
+ | ipv4 { import all; export all;}; | ||
+ | interface " | ||
+ | } | ||
+ | |||
+ | protocol rip ng rip6 { | ||
+ | ipv6 { import all; export all;}; | ||
+ | interface " | ||
+ | } | ||
+ | EOF | ||
+ | </ | ||
+ | |||
+ | ==== Jail 3 ==== | ||
+ | |||
+ | < | ||
+ | cat > / | ||
+ | hostname=" | ||
+ | gateway_enable=YES | ||
+ | ipv6_gateway_enable=YES | ||
+ | ifconfig_epair1b=" | ||
+ | ifconfig_epair1b_ipv6=" | ||
+ | ifconfig_epair2a=" | ||
+ | ifconfig_epair2a_ipv6=" | ||
+ | bird_enable=yes | ||
+ | EOF | ||
+ | |||
+ | cat > / | ||
+ | # Configure logging | ||
+ | log syslog all; | ||
+ | log "/ | ||
+ | log stderr all; | ||
+ | |||
+ | # Override router ID | ||
+ | router id 192.168.10.3; | ||
+ | |||
+ | # Sync bird routing table with kernel | ||
+ | protocol kernel kernel4 { | ||
+ | ipv4 { | ||
+ | export all; | ||
+ | }; | ||
+ | } | ||
+ | protocol kernel kernel6 { | ||
+ | ipv6 { | ||
+ | export all; | ||
+ | }; | ||
+ | } | ||
+ | |||
+ | protocol device { | ||
+ | scan time 10; | ||
+ | } | ||
+ | |||
+ | # Include directly connected networks | ||
+ | protocol direct { | ||
+ | ipv4; | ||
+ | ipv6; | ||
+ | } | ||
+ | |||
+ | protocol bfd {} | ||
+ | |||
+ | protocol rip rip4 { | ||
+ | ipv4 { import all; export all;}; | ||
+ | interface " | ||
+ | } | ||
+ | |||
+ | protocol rip ng rip6 { | ||
+ | ipv6 { import all; export all;}; | ||
+ | interface " | ||
+ | } | ||
+ | |||
+ | protocol ospf v2 opsf4 { | ||
+ | ipv4 { import all; export all;}; | ||
+ | area 0 { | ||
+ | interface " | ||
+ | }; | ||
+ | } | ||
+ | |||
+ | protocol ospf v3 ospf6 { | ||
+ | ipv6 { import all; export all;}; | ||
+ | area 0 { | ||
+ | interface " | ||
+ | }; | ||
+ | } | ||
+ | EOF | ||
+ | </ | ||
+ | |||
+ | ==== Jail 4 ==== | ||
+ | |||
+ | < | ||
+ | cat > / | ||
+ | hostname=" | ||
+ | gateway_enable=YES | ||
+ | ipv6_gateway_enable=YES | ||
+ | ifconfig_epair2b=" | ||
+ | ifconfig_epair2b_ipv6=" | ||
+ | ifconfig_epair3a=" | ||
+ | ifconfig_epair3a_ipv6=" | ||
+ | bird_enable=yes | ||
+ | EOF | ||
+ | |||
+ | cat > / | ||
+ | # Configure logging | ||
+ | log syslog all; | ||
+ | log "/ | ||
+ | log stderr all; | ||
+ | |||
+ | # Override router ID | ||
+ | router id 192.168.10.4; | ||
+ | |||
+ | # Sync bird routing table with kernel | ||
+ | protocol kernel kernel4 { | ||
+ | ipv4 { | ||
+ | export all; | ||
+ | }; | ||
+ | } | ||
+ | protocol kernel kernel6 { | ||
+ | ipv6 { | ||
+ | export all; | ||
+ | }; | ||
+ | } | ||
+ | |||
+ | protocol device { | ||
+ | scan time 10; | ||
+ | } | ||
+ | |||
+ | # Include directly connected networks | ||
+ | protocol direct { | ||
+ | ipv4; | ||
+ | ipv6; | ||
+ | } | ||
+ | |||
+ | protocol bfd {} | ||
+ | protocol ospf v2 ospf4 { | ||
+ | ipv4 { import all; export all;}; | ||
+ | area 0 { | ||
+ | interface " | ||
+ | }; | ||
+ | } | ||
+ | |||
+ | protocol ospf v3 ospf6 { | ||
+ | ipv6 { import all; export all;}; | ||
+ | area 0 { | ||
+ | interface " | ||
+ | }; | ||
+ | } | ||
+ | |||
+ | protocol babel { | ||
+ | interface " | ||
+ | ipv4 { import all; export all;}; | ||
+ | ipv6 { import all; export all;}; | ||
+ | } | ||
+ | |||
+ | EOF | ||
+ | </ | ||
+ | |||
+ | ==== Jail 5 ==== | ||
+ | |||
+ | < | ||
+ | cat > / | ||
+ | hostname=" | ||
+ | gateway_enable=YES | ||
+ | ipv6_gateway_enable=YES | ||
+ | ifconfig_epair3b=" | ||
+ | ifconfig_epair3b_ipv6=" | ||
+ | ifconfig_epair4a=" | ||
+ | ifconfig_epair4a_ipv6=" | ||
+ | bird_enable=yes | ||
+ | EOF | ||
+ | |||
+ | cat > / | ||
+ | # Configure logging | ||
+ | log syslog all; | ||
+ | log "/ | ||
+ | log stderr all; | ||
+ | |||
+ | # Override router ID | ||
+ | router id 192.168.10.5; | ||
+ | |||
+ | # Sync bird routing table with kernel | ||
+ | protocol kernel kernel4 { | ||
+ | ipv4 { | ||
+ | export all; | ||
+ | }; | ||
+ | } | ||
+ | protocol kernel kernel6 { | ||
+ | ipv6 { | ||
+ | export all; | ||
+ | }; | ||
+ | } | ||
+ | |||
+ | protocol device { | ||
+ | scan time 10; | ||
+ | } | ||
+ | |||
+ | # Include directly connected networks | ||
+ | protocol direct { | ||
+ | ipv4; | ||
+ | ipv6; | ||
+ | } | ||
+ | |||
+ | protocol babel { | ||
+ | interface " | ||
+ | ipv4 { import all; export all;}; | ||
+ | ipv6 { import all; export all;}; | ||
+ | } | ||
+ | |||
+ | protocol static static4 { | ||
+ | ipv4; | ||
+ | route 192.168.60.0/ | ||
+ | } | ||
+ | |||
+ | protocol static static6 { | ||
+ | ipv6; | ||
+ | route 2001: | ||
+ | } | ||
+ | |||
+ | EOF | ||
+ | </ | ||
+ | |||
+ | |||
+ | ==== Jail 6 ==== | ||
+ | |||
+ | < | ||
+ | cat > / | ||
+ | hostname=" | ||
+ | gateway_enable=YES | ||
+ | ipv6_gateway_enable=YES | ||
+ | cloned_interfaces=lo1 | ||
+ | ifconfig_epair4b=" | ||
+ | ifconfig_epair4b_ipv6=" | ||
+ | ifconfig_lo1=" | ||
+ | ifconfig_lo1_ipv6=" | ||
+ | bird_enable=yes | ||
+ | EOF | ||
+ | |||
+ | cat > / | ||
+ | # Configure logging | ||
+ | log syslog all; | ||
+ | log "/ | ||
+ | log stderr all; | ||
+ | |||
+ | # Override router ID | ||
+ | router id 192.168.10.6; | ||
+ | |||
+ | # Sync bird routing table with kernel | ||
+ | protocol kernel kernel4 { | ||
+ | ipv4 { | ||
+ | export all; | ||
+ | }; | ||
+ | } | ||
+ | protocol kernel kernel6 { | ||
+ | ipv6 { | ||
+ | export all; | ||
+ | }; | ||
+ | } | ||
+ | |||
+ | protocol device { | ||
+ | scan time 10; | ||
+ | } | ||
+ | |||
+ | # Include directly connected networks | ||
+ | protocol direct { | ||
+ | ipv4; | ||
+ | ipv6; | ||
+ | } | ||
+ | protocol static static4 { | ||
+ | ipv4; | ||
+ | route 0.0.0.0/0 via 192.168.56.5; | ||
+ | } | ||
+ | protocol static static6 { | ||
+ | ipv6; | ||
+ | route ::/0 via 2001: | ||
+ | } | ||
+ | |||
+ | EOF | ||
+ | </ | ||
+ | |||
+ | ===== Testing ===== | ||
+ | |||
+ | Jail 1 routing table: | ||
+ | < | ||
+ | [root@host]~# | ||
+ | Routing tables | ||
+ | |||
+ | Internet: | ||
+ | Destination | ||
+ | 127.0.0.1 | ||
+ | 192.168.10.0/ | ||
+ | 192.168.10.1 | ||
+ | 192.168.12.0/ | ||
+ | 192.168.12.1 | ||
+ | 192.168.23.0/ | ||
+ | 192.168.34.0/ | ||
+ | 192.168.45.0/ | ||
+ | 192.168.50.0/ | ||
+ | |||
+ | Internet6: | ||
+ | Destination | ||
+ | ::/96 :: | ||
+ | ::1 | ||
+ | :: | ||
+ | 2001: | ||
+ | 2001: | ||
+ | 2001: | ||
+ | 2001: | ||
+ | 2001: | ||
+ | 2001: | ||
+ | 2001: | ||
+ | 2001: | ||
+ | fe80::/ | ||
+ | fe80:: | ||
+ | fe80:: | ||
+ | fe80:: | ||
+ | fe80:: | ||
+ | fe80:: | ||
+ | fe80:: | ||
+ | ff02::/ | ||
+ | </ | ||
+ | |||
+ | And traceroute toward jail5: | ||
+ | < | ||
+ | [root@host]~# | ||
+ | traceroute to 192.168.50.5 (192.168.50.5), | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | [root@host]~# | ||
+ | PING6(56=40+8+8 bytes) 2001: | ||
+ | 16 bytes from 2001: | ||
+ | 16 bytes from 2001: | ||
+ | |||
+ | --- 2001: | ||
+ | 2 packets transmitted, | ||
+ | round-trip min/ | ||
+ | </ |
documentation/examples/simple_bgp-rip-ospf_lab_with_bird.txt · Last modified: 2022/02/21 17:06 by olivier