-
Notifications
You must be signed in to change notification settings - Fork 6
/
frr_lab.sh
executable file
·502 lines (481 loc) · 13.3 KB
/
frr_lab.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
#!/bin/sh
# FRR regression lab using empty vnet jails
# https://bsdrp.net/documentation/examples/simple_bgp-rip-ospf_lab
#
set -eu
cat > /tmp/topo.txt <<EOF
******************************************************************************
* net/frr regression lab using vnet jails *
******************************************************************************
192.168.10.1/24
2001:db8:10::1/64
lo110
|
-------- -------- --------
| frr1 | | frr2 | | frr3 |
| | .1 (192.168.12.0/24) .2 | | | |
| BGP |--epair112a<-->epair112b--| BGP | .2 (192.168.23.0/24) .3 | |
-------- | RIP |--epair123a<-->epair123b--| RIP |
-------- | |
| |
-------- -------- | |
| frr5 | | frr4 | | |
| | | | .4 (192.168.34.0/24) .3 | |
| | .5 (192.168.45.0/24) .4 | OSPF |--epair134b<-->epair134a--| OSPF |
| ISIS |--epair145b<-->epair145a--| ISIS | --------
| | --------
| |
| | -------- --------
| | | frr6 | | frr7 |
| | .5 (192.168.56.0/24) .6 | | | |
|BABEL |--epair156a<-->epair156b--|BABEL | .6 (192.168.67.0/24) .7 | |
-------- |STATIC|--epair167a<-->epair167b--|STATIC|
-------- --------
|
lo170
192.168.70.7/24
2001:db8:70::7/64
****** Expected results *******
# jexec frr1 netstat -rn | grep -v '^fe80'
Routing tables
Internet:
Destination Gateway Flags Netif Expire
192.168.10.1 link#2 UH lo110
192.168.12.0/24 link#3 U epair112
192.168.12.1 link#3 UHS lo0
192.168.34.0/24 192.168.12.2 UG1 epair112
192.168.45.0/24 192.168.12.2 UG1 epair112
192.168.56.0/24 192.168.12.2 UG1 epair112
192.168.67.0/24 192.168.12.2 UG1 epair112
192.168.70.0/24 192.168.12.2 UG1 epair112
Internet6:
Destination Gateway Flags Netif Expire
::1 link#2 UHS lo0
2001:db8:10::/64 link#2 U lo110
2001:db8:10::1 link#2 UHS lo0
2001:db8:12::/64 link#3 U epair112
2001:db8:12::1 link#3 UHS lo0
2001:db8:34::/64 fe80::4:c1ff:fe7a:ef0b%epair112a UG1 epair112
# jexec frr1 traceroute -ns 192.168.10.1 192.168.70.7
traceroute to 192.168.70.7 (192.168.70.7) from 192.168.10.1, 64 hops max, 40 byte packets
1 192.168.12.2 0.044 ms 0.017 ms 0.013 ms
2 192.168.23.3 0.020 ms 0.016 ms 0.015 ms
3 192.168.34.4 0.022 ms 0.018 ms 0.017 ms
4 192.168.45.5 0.026 ms 0.021 ms 0.020 ms
5 192.168.56.6 0.028 ms 0.023 ms 0.023 ms
6 192.168.70.7 0.032 ms 0.027 ms 0.025 ms
EOF
# Routers configuration
frr1_ifa=lo110
frr1_ifa_p=""
frr1_ifb=epair112
frr1_ifb_p=a
frr1_daemons="zebra bgpd bfdd"
mkdir -p /var/run/frr/frr1
cat > /var/run/frr/frr1/ipsec.conf <<EOF
flush ;
add 192.168.12.1 192.168.12.2 tcp 0x1000 -A tcp-md5 "abigpassword" ;
add 192.168.12.2 192.168.12.1 tcp 0x1001 -A tcp-md5 "abigpassword" ;
add -6 2001:db8:12::1 2001:db8:12::2 tcp 0x1002 -A tcp-md5 "abigpassword" ;
add -6 2001:db8:12::2 2001:db8:12::1 tcp 0x1003 -A tcp-md5 "abigpassword" ;
EOF
cat > /var/run/frr/frr1/frr.conf <<EOF
log file /var/run/frr/frr1/frr.log
!
interface lo110
ip address 192.168.10.1/24
ipv6 address 2001:db8:10::1/64
!
interface epair112a
ip address 192.168.12.1/24
ipv6 address 2001:db8:12::1/64
!
router bgp 12
bgp router-id 192.168.10.1
neighbor 192.168.12.2 remote-as 12
neighbor 192.168.12.2 bfd
neighbor 192.168.12.2 password abigpassword
neighbor 2001:db8:12::2 remote-as 12
neighbor 2001:db8:12::2 bfd
neighbor 2001:db8:12::2 password abigpassword
!
address-family ipv4 unicast
network 192.168.10.0/24
neighbor 192.168.12.2 soft-reconfiguration inbound
no neighbor 2001:db8:12::2 activate
exit-address-family
!
address-family ipv6 unicast
network 2001:db8:10::/64
neighbor 2001:db8:12::2 activate
neighbor 2001:db8:12::2 soft-reconfiguration inbound
exit-address-family
!
bfd
peer 2001:db8:12::2 local-address 2001:db8:12::1
no shutdown
!
peer 192.168.12.2
no shutdown
!
!
EOF
frr2_ifa=epair112
frr2_ifa_p=b
frr2_ifb=epair123
frr2_ifb_p=a
frr2_daemons="zebra bgpd bfdd ripd ripngd"
mkdir -p /var/run/frr/frr2
cat > /var/run/frr/frr2/ipsec.conf <<EOF
flush ;
add 192.168.12.2 192.168.12.1 tcp 0x1000 -A tcp-md5 "abigpassword" ;
add 192.168.12.1 192.168.12.2 tcp 0x1001 -A tcp-md5 "abigpassword" ;
add -6 2001:db8:12::2 2001:db8:12::1 tcp 0x1002 -A tcp-md5 "abigpassword" ;
add -6 2001:db8:12::1 2001:db8:12::2 tcp 0x1003 -A tcp-md5 "abigpassword" ;
EOF
cat > /var/run/frr/frr2/frr.conf <<EOF
log file /var/run/frr/frr2/frr.log
!
key chain rippass
key 1
key-string rippassword
key 1
key-string rippassword
!
interface epair112b
ip address 192.168.12.2/24
ipv6 address 2001:db8:12::2/64
!
interface epair123a
ip address 192.168.23.2/24
ip rip authentication key-chain rippass
ip rip authentication mode md5
ipv6 address 2001:db8:23::2/64
!
router rip
network epair123a
redistribute bgp
redistribute connected
version 2
!
router ripng
network epair123a
redistribute bgp
redistribute connected
!
router bgp 12
bgp router-id 192.168.10.2
neighbor 192.168.12.1 remote-as 12
neighbor 192.168.12.1 bfd
neighbor 192.168.12.1 password abigpassword
neighbor 2001:db8:12::1 remote-as 12
neighbor 2001:db8:12::1 bfd
neighbor 2001:db8:12::1 password abigpassword
!
address-family ipv4 unicast
network 192.168.12.0/24
redistribute rip
neighbor 192.168.12.1 next-hop-self
neighbor 192.168.12.1 soft-reconfiguration inbound
no neighbor 2001:db8:12::1 activate
exit-address-family
!
address-family ipv6 unicast
network 2001:db8:12::/64
redistribute ripng
neighbor 2001:db8:12::1 activate
neighbor 2001:db8:12::1 soft-reconfiguration inbound
exit-address-family
!
bfd
peer 192.168.12.1
no shutdown
!
peer 2001:db8:12::1 local-address 2001:db8:12::2
no shutdown
!
!
EOF
frr3_ifa=epair123
frr3_ifa_p=b
frr3_ifb=epair134
frr3_ifb_p=a
frr3_daemons="zebra ospfd ospf6d ripd ripngd bfdd"
mkdir -p /var/run/frr/frr3
cat > /var/run/frr/frr3/frr.conf <<EOF
log file /var/run/frr/frr3/frr.log
!
key chain rippass
key 1
key-string rippassword
key 1
key-string rippassword
!
interface epair123b
ip address 192.168.23.3/24
ip rip authentication key-chain rippass
ip rip authentication mode md5
ipv6 address 2001:db8:23::3/64
!
interface epair134a
ip address 192.168.34.3/24
ip ospf bfd
ip ospf message-digest-key 1 md5 superpass
ipv6 address 2001:db8:34::3/64
ipv6 ospf6 bfd
ipv6 ospf6 area 0.0.0.0
!
router rip
network epair123b
redistribute connected
redistribute ospf
version 2
!
router ripng
network epair123b
redistribute connected
redistribute ospf6
!
router ospf
ospf router-id 3.3.3.3
redistribute connected
redistribute rip
network 192.168.34.0/24 area 0.0.0.0
area 0.0.0.0 authentication message-digest
!
router ospf6
redistribute connected
redistribute ripng
interface epair134a area 0.0.0.0
!
bfd
peer 2001:db8:34::4 local-address 2001:db8:34::3
no shutdown
!
peer 192.168.34.4
no shutdown
!
!
EOF
frr4_ifa=epair134
frr4_ifa_p=b
frr4_ifb=epair145
frr4_ifb_p=a
frr4_daemons="zebra ospfd ospf6d isisd bfdd"
mkdir -p /var/run/frr/frr4
cat > /var/run/frr/frr4/frr.conf <<EOF
log file /var/run/frr/frr4/frr.log
!
interface epair134b
ip address 192.168.34.4/24
ip ospf bfd
ip ospf message-digest-key 1 md5 superpass
ipv6 address 2001:db8:34::4/64
ipv6 ospf6 bfd
ipv6 ospf6 area 0.0.0.0
!
interface epair145a
ip address 192.168.45.4/24
ip router isis BSDRP
ipv6 address 2001:db8:45::4/64
ipv6 router isis BSDRP
isis circuit-type level-2-only
!
router ospf
ospf router-id 4.4.4.4
redistribute connected
redistribute isis
network 192.168.34.0/24 area 0.0.0.0
area 0.0.0.0 authentication message-digest
!
router ospf6
redistribute connected
redistribute isis
interface epair134b area 0.0.0.0
!
router isis BSDRP
is-type level-1-2
net 49.0000.0000.0004.00
redistribute ipv4 ospf level-2
redistribute ipv4 connected level-2
redistribute ipv6 ospf6 level-2
redistribute ipv6 connected level-2
!
bfd
peer 2001:db8:34::3 local-address 2001:db8:34::4
no shutdown
!
peer 192.168.34.3
no shutdown
!
!
EOF
frr5_ifa=epair145
frr5_ifa_p=b
frr5_ifb=epair156
frr5_ifb_p=a
frr5_daemons="zebra babeld isisd"
mkdir -p /var/run/frr/frr5
cat > /var/run/frr/frr5/frr.conf <<EOF
log file /var/run/frr/frr5/frr.log
!
interface epair145b
ip address 192.168.45.5/24
ip router isis BSDRP
ipv6 address 2001:db8:45::5/64
ipv6 router isis BSDRP
isis circuit-type level-2-only
!
interface epair156a
ip address 192.168.56.5/24
ip router isis BSDRP
ipv6 address 2001:db8:56::5/64
ipv6 router isis BSDRP
isis circuit-type level-2-only
isis passive
!
router babel
network epair145b
network epair156a
redistribute ipv4 isis
redistribute ipv6 isis
!
router isis BSDRP
is-type level-1-2
net 49.0000.0000.0005.00
redistribute ipv4 babel level-2
redistribute ipv6 babel level-2
!
EOF
frr6_ifa=epair156
frr6_ifa_p=b
frr6_ifb=epair167
frr6_ifb_p=a
frr6_daemons="zebra babeld staticd"
mkdir -p /var/run/frr/frr6
cat > /var/run/frr/frr6/frr.conf <<EOF
log file /var/run/frr/frr6/frr.log
!
ip route 192.168.70.0/24 192.168.67.7
ipv6 route 2001:db8:70::/64 2001:db8:67::7
!
interface epair156b
ip address 192.168.56.6/24
ipv6 address 2001:db8:56::6/64
!
interface epair167a
ip address 192.168.67.6/24
ipv6 address 2001:db8:67::6/64
!
router babel
network epair156b
redistribute ipv4 connected
redistribute ipv4 static
redistribute ipv6 connected
redistribute ipv6 static
!
EOF
frr7_ifa=epair167
frr7_ifa_p=b
frr7_ifb=lo170
frr7_ifb_p=""
frr7_daemons="zebra staticd"
mkdir -p /var/run/frr/frr7
cat > /var/run/frr/frr7/frr.conf <<EOF
log file /var/run/frr/frr7/frr.log
!
ip route 0.0.0.0/0 192.168.67.6
ipv6 route ::/0 2001:db8:67::6
!
interface lo170
ip address 192.168.70.7/24
ipv6 address 2001:db8:70::7/64
!
interface epair167b
ip address 192.168.67.7/24
ipv6 address 2001:db8:67::7/64
!
EOF
# A usefull function (from: http://code.google.com/p/sh-die/)
die() { echo -n "EXIT: " >&2; echo "$@" >&2; exit 1; }
usage () {
echo "$0 start|stop"
}
check_req () {
which vtysh > /dev/null 2>&1 || die "net/frr not installed: vtysh not found"
[ "$(id -u)" != "0" ] && die "Need to be root" || true
}
create_jail () {
id=$1
if [ "$(jls -d -j frr${id} dying)" = "true" ]; then
echo "BUG: Previous jail stuck in dying state"
echo "https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264981"
exit 1
fi
eval "
if [ -z "\$frr${id}_ifa_p" ] || [ "\$frr${id}_ifa_p" != b ]; then
ifconfig \$frr${id}_ifa create group frr
fi
if [ -z "\$frr${id}_ifb_p" ] || [ "\$frr${id}_ifb_p" != b ]; then
ifconfig \$frr${id}_ifb create group frr
fi
jail -c name=frr${id} host.hostname=frr${id} persist \
vnet vnet.interface=\$frr${id}_ifa\$frr${id}_ifa_p \
vnet vnet.interface=\$frr${id}_ifb\$frr${id}_ifb_p
jexec frr${id} sysctl net.inet.ip.forwarding=1
jexec frr${id} sysctl net.inet6.ip6.forwarding=1
mkdir -p /var/run/frr/frr${id}.sock
chown frr /var/run/frr/frr${id}.sock
touch /var/run/frr/frr${id}/vtysh.conf
if [ -f /var/run/frr/frr${id}/ipsec.conf ]; then
echo "Loading ipsec.conf for jail frr${id}"
kldstat -qm ipsec || kldload ipsec
kldstat -qm tcpmd5 || kldload tcpmd5
jexec frr${id} setkey -vf /var/run/frr/frr${id}/ipsec.conf
fi
for daemon in \$frr${id}_daemons; do
jexec frr${id} \$daemon -d -i /var/run/frr/frr${id}_\$daemon.pid --vty_socket /var/run/frr/frr${id}.sock
done
jexec frr${id} vtysh -b --config_dir /var/run/frr/frr${id}/ --vty_socket /var/run/frr/frr${id}.sock || true
"
}
destroy_jail () {
# FreeBSD bug https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264981
# $1: jail id
iflist=$(jexec frr$1 ifconfig -l | sed 's/lo0//')
jail -R frr$1 || true
sleep 2
for iftodestroy in $iflist; do
ifconfig $iftodestroy destroy || true
done
}
start () {
echo start
check_req
chown -R frr /var/run/frr/
for i in $(seq 7); do
create_jail $i
done
echo "All jails configured with FRR running on them"
echo "Network topology:"
cat /tmp/topo.txt
echo "To run command from jail, some examples:"
echo "jexec frr1 ping -c 4 -S 192.168.10.1 192.168.70.7"
echo "jexec frr3 vtysh --vty_socket /var/run/frr/frr3.sock"
echo "jexec frr4"
exit 0
}
stop () {
echo stop
for i in $(seq 7); do
destroy_jail $i
rm -rf /var/run/frr/frr${i}
rm -f /var/run/frr/frr${i}_*
done
}
if [ $# -eq 0 ] ; then
usage
exit 2
else
$1
fi