Differences

This shows you the differences between two versions of the page.

--- documentation:examples:simple_bgp-rip-ospf_lab_with_bird [2020/12/15 01:12] – created olivier
+++ documentation:examples:simple_bgp-rip-ospf_lab_with_bird [2022/02/21 17:06] (current) – [Testing] olivier
@@ Line 1: / Line 1: @@
-====== BGP/OSPF/RIP/ lab with bird======
+====== BGP/OSPF/RIP/BABEL lab with bird======
-This Labs is done with BSDRP's VM and it explains how to use BSDRP using bird 2.
+This Labs is done from one BSDRP VM and it explains how to use BSDRP using bird 2.
 ===== Presentation =====
@@ Line 9: / Line 9: @@
 Here is the logical and physical view:
-{{:documentation:examples:simple_bgp-rip-ospf_lab.png|}}
+{{:documentation:examples:bird_jails.png|}}
+===== Router configuration =====
+All the configurations details here could be generated by the BSDRP lab script embedded that will creates 5 jails and configure them:
+<code>
+labconfig bird_jails
+</code>
+==== Host ====
+Unhide bpf interface to jails to be able to use tcpdump inside them.
+<code>
+sysrc hostname=host \
+  cloned_interfaces="epair0 epair1 epair2 epair3 epair4" \
+  kld_list="ipsec"
+cat > /etc/devfs.rules <<'EOF'
+[devfsrules_jailbpf=4]
+add include \$devfsrules_hide_all
+add include \$devfsrules_unhide_basic
+add include \$devfsrules_unhide_login
+add path 'bpf*' unhide
+'EOF'
+service devfs restart
+service netif restart
+service hostname restart
+service kld start
+tenant -c -j jail1 -i epair0a
+tenant -c -j jail2 -i epair0b,epair1a
+tenant -c -j jail3 -i epair1b,epair2a
+tenant -c -j jail4 -i epair2b,epair3a
+tenant -c -j jail5 -i epair3b,epair4a
+tenant -c -j jail6 -i epair4b
+</code>
+==== Jail 1 ====
+<code>
+cat > /etc/jails/jail1/rc.conf <<EOF
+hostname="jail1"
+gateway_enable=YES
+ipv6_gateway_enable=YES
+sysrc cloned_interfaces=lo1
+ifconfig_lo1="inet 192.168.10.1/24"
+ifconfig_lo1_ipv6="inet6 2001:db8:10::1/64"
+ifconfig_epair0a="inet 192.168.12.1/24"
+ifconfig_epair0a_ipv6="inet6 2001:db8:12::1/64"
+bird_enable=yes
+EOF
+cat > /etc/jails/jail1/local/bird.conf <<EOF
+# Configure logging
+log syslog all;
+log "/var/log/bird.log" all;
+log stderr all;
+# Override router ID
+router id 192.168.10.1;
+# Sync bird routing table with kernel
+protocol kernel kernel4 {
+    ipv4 {
+        export all;
+    };
+}
+protocol kernel kernel6 {
+    ipv6 {
+        export all;
+    };
+}
+protocol device {
+        scan time 10;
+}
+# Include directly connected networks
+protocol direct {
+        ipv4;
+        ipv6;
+}
+protocol bgp bgp4 {
+        local as 12;
+        # Bird creates IPSEC SAD entry automatically but it need to know the source IP address
+        # Otherwise it will use the wrong 0.0.0.0 IP as source
+        source address 192.168.12.1;
+        neighbor 192.168.12.2 as 12;
+        password "abigpassword";
+        ipv4 {
+            import all;
+            export all;
+        };
+}
+protocol bgp bgp6 {
+        local as 12;
+        # Bird creates IPSEC SAD entry automatically but it need to know the source IP address
+        # Otherwise it will use the wrong :: IP as source
+        source address 2001:db8:12::1;
+        neighbor 2001:db8:12::2 as 12;
+        password "abigpassword";
+        ipv6 {
+            import all;
+            export all;
+        };
+}
+protocol bfd {}
+EOF
+</code>
+==== Jail 2 ====
+<code>
+cat > /etc/jails/jail2/rc.conf <<EOF
+hostname="jail2"
+gateway_enable=YES
+ipv6_gateway_enable=YES
+ifconfig_epair0b="inet 192.168.12.2/24"
+ifconfig_epair0b_ipv6="inet6 2001:db8:12::2/64"
+ifconfig_epair1a="inet 192.168.23.2/24"
+ifconfig_epair1a_ipv6="inet6 2001:db8:23::2/64"
+bird_enable=yes
+EOF
+cat > /etc/jails/jail2/local/bird.conf <<EOF
+# Configure logging
+log syslog all;
+log "/var/log/bird.log" all;
+log stderr all;
+# Override router ID
+router id 192.168.10.2;
+# Sync bird routing table with kernel
+protocol kernel kernel4 {
+    ipv4 {
+        export all;
+    };
+}
+protocol kernel kernel6 {
+    ipv6 {
+        export all;
+    };
+}
+protocol device {
+        scan time 10;
+}
+# Include directly connected networks
+protocol direct {
+        ipv4;
+        ipv6;
+}
+protocol bgp bgp4 {
+        local as 12;
+        # Bird creates IPSEC SAD entry automatically but it need to know the source IP address
+        # Otherwise it will use the wrong 0.0.0.0 IP as source
+        source address 192.168.12.2;
+        neighbor 192.168.12.1 as 12;
+        password "abigpassword";
+        ipv4 {
+            import all;
+            export all;
+            next hop self;
+        };
+}
+protocol bgp bgp6 {
+        local as 12;
+        # Bird creates IPSEC SAD entry automatically but it need to know the source IP address
+        # Otherwise it will use the wrong :: IP as source
+        source address 2001:db8:12::2;
+        neighbor 2001:db8:12::1 as 12;
+        password "abigpassword";
+        ipv6 {
+            import all;
+            export all;
+            next hop self;
+        };
+}
+protocol bfd {}
+protocol rip rip4 {
+  ipv4 { import all; export all;};
+  interface "epair1a" {};
+}
+protocol rip ng rip6 {
+  ipv6 { import all; export all;};
+  interface "epair1a" {};
+}
+EOF
+</code>
+==== Jail 3 ====
+<code>
+cat > /etc/jails/jail3/rc.conf <<EOF
+hostname="jail3"
+gateway_enable=YES
+ipv6_gateway_enable=YES
+ifconfig_epair1b="inet 192.168.23.3/24"
+ifconfig_epair1b_ipv6="inet6 2001:db8:23::3/64"
+ifconfig_epair2a="inet 192.168.34.3/24"
+ifconfig_epair2a_ipv6="inet6 2001:db8:34::3/64"
+bird_enable=yes
+EOF
+cat > /etc/jails/jail3/local/bird.conf <<EOF
+# Configure logging
+log syslog all;
+log "/var/log/bird.log" all;
+log stderr all;
+# Override router ID
+router id 192.168.10.3;
+# Sync bird routing table with kernel
+protocol kernel kernel4 {
+    ipv4 {
+        export all;
+    };
+}
+protocol kernel kernel6 {
+    ipv6 {
+        export all;
+    };
+}
+protocol device {
+        scan time 10;
+}
+# Include directly connected networks
+protocol direct {
+        ipv4;
+        ipv6;
+}
+protocol bfd {}
+protocol rip rip4 {
+  ipv4 { import all; export all;};
+  interface "epair1b" {};
+}
+protocol rip ng rip6 {
+  ipv6 { import all; export all;};
+  interface "epair1b" {};
+}
+protocol ospf v2 opsf4 {
+  ipv4 { import all; export all;};
+  area 0 {
+    interface "epair2a" {};
+    };
+}
+protocol ospf v3 ospf6 {
+  ipv6 { import all; export all;};
+  area 0 {
+    interface "epair2a" {};
+    };
+}
+EOF
+</code>
+==== Jail 4 ====
+<code>
+cat > /etc/jails/jail4/rc.conf <<EOF
+hostname="jail4"
+gateway_enable=YES
+ipv6_gateway_enable=YES
+ifconfig_epair2b="inet 192.168.34.4/24"
+ifconfig_epair2b_ipv6="inet6 2001:db8:34::4/64"
+ifconfig_epair3a="inet 192.168.45.4/24"
+ifconfig_epair3a_ipv6="inet6 2001:db8:45::4/64"
+bird_enable=yes
+EOF
+cat > /etc/jails/jail4/local/bird.conf <<EOF
+# Configure logging
+log syslog all;
+log "/var/log/bird.log" all;
+log stderr all;
+# Override router ID
+router id 192.168.10.4;
+# Sync bird routing table with kernel
+protocol kernel kernel4 {
+    ipv4 {
+        export all;
+    };
+}
+protocol kernel kernel6 {
+    ipv6 {
+        export all;
+    };
+}
+protocol device {
+        scan time 10;
+}
+# Include directly connected networks
+protocol direct {
+        ipv4;
+        ipv6;
+}
+protocol bfd {}
+protocol ospf v2 ospf4 {
+  ipv4 { import all; export all;};
+  area 0 {
+    interface "epair2b" {};
+    };
+}
+protocol ospf v3 ospf6 {
+  ipv6 { import all; export all;};
+  area 0 {
+    interface "epair2b" {};
+    };
+}
+protocol babel {
+  interface "epair3a" { type wired; };
+  ipv4 { import all; export all;};
+  ipv6 { import all; export all;};
+}
+EOF
+</code>
+==== Jail 5 ====
+<code>
+cat > /etc/jails/jail5/rc.conf <<EOF
+hostname="jail5"
+gateway_enable=YES
+ipv6_gateway_enable=YES
+ifconfig_epair3b="inet 192.168.45.5/24"
+ifconfig_epair3b_ipv6="inet6 2001:db8:45::5/64"
+ifconfig_epair4a="inet 192.168.56.5/24"
+ifconfig_epair4a_ipv6="inet6 2001:db8:56::5/64"
+bird_enable=yes
+EOF
+cat > /etc/jails/jail5/local/bird.conf <<EOF
+# Configure logging
+log syslog all;
+log "/var/log/bird.log" all;
+log stderr all;
+# Override router ID
+router id 192.168.10.5;
+# Sync bird routing table with kernel
+protocol kernel kernel4 {
+    ipv4 {
+        export all;
+    };
+}
+protocol kernel kernel6 {
+    ipv6 {
+        export all;
+    };
+}
+protocol device {
+        scan time 10;
+}
+# Include directly connected networks
+protocol direct {
+        ipv4;
+        ipv6;
+}
+protocol babel {
+  interface "epair3b" { type wired; };
+  ipv4 { import all; export all;};
+  ipv6 { import all; export all;};
+}
+protocol static static4 {
+    ipv4;
+    route 192.168.60.0/24 via 192.168.56.6;
+}
+protocol static static6 {
+    ipv6;
+    route 2001:db8:60::/64 via 2001:db8:56::6;
+}
+EOF
+</code>
+==== Jail 6 ====
+<code>
+cat > /etc/jails/jail6/rc.conf <<EOF
+hostname="jail6"
+gateway_enable=YES
+ipv6_gateway_enable=YES
+cloned_interfaces=lo1
+ifconfig_epair4b="inet 192.168.56.6/24"
+ifconfig_epair4b_ipv6="inet6 2001:db8:56::6/64"
+ifconfig_lo1="inet 192.168.60.6/24"
+ifconfig_lo1_ipv6="inet6 2001:db8:60::6/64"
+bird_enable=yes
+EOF
+cat > /etc/jails/jail6/local/bird.conf <<EOF
+# Configure logging
+log syslog all;
+log "/var/log/bird.log" all;
+log stderr all;
+# Override router ID
+router id 192.168.10.6;
+# Sync bird routing table with kernel
+protocol kernel kernel4 {
+    ipv4 {
+        export all;
+    };
+}
+protocol kernel kernel6 {
+    ipv6 {
+        export all;
+    };
+}
+protocol device {
+        scan time 10;
+}
+# Include directly connected networks
+protocol direct {
+        ipv4;
+        ipv6;
+}
+protocol static static4 {
+        ipv4;
+        route 0.0.0.0/0 via 192.168.56.5;
+}
+protocol static static6 {
+        ipv6;
+        route ::/0 via 2001:db8:56::5;
+}
+EOF
+</code>
+===== Testing =====
+Jail 1 routing table:
+<code>
+root@host:~ # jexec jail1 netstat -rn
+Routing tables
+Internet:
+Destination        Gateway            Flags     Netif Expire
+.0.0.1          link#16            UH          lo0
+.168.10.0/24    link#26            U1          lo1
+.168.10.1       link#26            UH          lo1
+.168.12.0/24    link#4             U       epair0a
+.168.12.1       link#4             UHS         lo0
+.168.23.0/24    192.168.12.2       UG1     epair0a
+.168.34.0/24    192.168.12.2       UG1     epair0a
+.168.45.0/24    192.168.12.2       UG1     epair0a
+.168.56.0/24    192.168.12.2       UG1     epair0a
+.168.60.0/24    192.168.12.2       UG1     epair0a
+Internet6:
+Destination                       Gateway                       Flags     Netif Expire
+::/96                             ::1                           UGRS        lo0
+::1                               link#16                       UHS         lo0
+::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
+:db8:10::/64                  link#26                       U           lo1
+:db8:10::1                    link#26                       UHS         lo0
+:db8:12::/64                  link#4                        U       epair0a
+:db8:12::1                    link#4                        UHS         lo0
+:db8:23::/64                  2001:db8:12::2                UG1     epair0a
+:db8:34::/64                  2001:db8:12::2                UG1     epair0a
+:db8:45::/64                  2001:db8:12::2                UG1     epair0a
+:db8:56::/64                  2001:db8:12::2                UG1     epair0a
+:db8:60::/64                  2001:db8:12::2                UG1     epair0a
+fe80::/10                         ::1                           UGRS        lo0
+fe80::%epair0a/64                 link#4                        U       epair0a
+fe80::99:d6ff:fe95:710a%epair0a   link#4                        UHS         lo0
+fe80::%lo0/64                     link#16                       U           lo0
+fe80::1%lo0                       link#16                       UHS         lo0
+fe80::%lo1/64                     link#26                       U           lo1
+fe80::1%lo1                       link#26                       UHS         lo0
+ff02::/16                         ::1                           UGRS        lo0
+</code>
+And traceroute from jail1 to jail6:
+<code>
+root@host:~ # jexec jail1 traceroute 192.168.60.6
+traceroute to 192.168.60.6 (192.168.60.6), 64 hops max, 40 byte packets
+  192.168.12.2 (192.168.12.2)  0.038 ms  0.030 ms  0.014 ms
+  192.168.23.3 (192.168.23.3)  0.020 ms  0.025 ms  0.014 ms
+  192.168.34.4 (192.168.34.4)  0.020 ms  0.026 ms  0.016 ms
+  192.168.45.5 (192.168.45.5)  0.033 ms  0.027 ms  0.020 ms
+  192.168.60.6 (192.168.60.6)  0.031 ms  0.030 ms  0.020 ms
+</code>
+<code>
+root@host:~ # jexec jail1 ping -c 2 2001:db8:60::6
+PING6(56=40+8+8 bytes) 2001:db8:12::1 --> 2001:db8:60::6
+bytes from 2001:db8:60::6, icmp_seq=0 hlim=60 time=0.091 ms
+bytes from 2001:db8:60::6, icmp_seq=1 hlim=60 time=0.056 ms
+--- 2001:db8:60::6 ping6 statistics ---
+packets transmitted, 2 packets received, 0.0% packet loss
+round-trip min/avg/max/std-dev = 0.056/0.073/0.091/0.018 ms
+</code>