From 2bcf4e2c175b8a081b546de4a6d2b27b5616d314 Mon Sep 17 00:00:00 2001 From: Hiroki Shirokura Date: Sat, 12 Sep 2020 21:06:31 +0900 Subject: [PATCH 1/6] Dockerfiles: add tinet/centos7:centos7 Signed-off-by: Hiroki Shirokura --- Dockerfiles/centos7/Dockerfile | 10 ++++++++++ Dockerfiles/centos7/build.sh | 3 +++ 2 files changed, 13 insertions(+) create mode 100644 Dockerfiles/centos7/Dockerfile create mode 100755 Dockerfiles/centos7/build.sh diff --git a/Dockerfiles/centos7/Dockerfile b/Dockerfiles/centos7/Dockerfile new file mode 100644 index 0000000..f54634e --- /dev/null +++ b/Dockerfiles/centos7/Dockerfile @@ -0,0 +1,10 @@ +FROM centos:centos7 + +RUN yum -y install git autoconf automake libtool make \ + readline-devel texinfo net-snmp-devel groff pkgconfig \ + json-c-devel pam-devel bison flex pytest c-ares-devel \ + python-devel systemd-devel python-sphinx libcap-devel \ + sudo iproute traceroute iputils bash-completion tcpdump \ + wireshark gdb wget vim libunwind libunwind-devel \ + iptables-services +RUN yum -y install libreswan diff --git a/Dockerfiles/centos7/build.sh b/Dockerfiles/centos7/build.sh new file mode 100755 index 0000000..2c12e38 --- /dev/null +++ b/Dockerfiles/centos7/build.sh @@ -0,0 +1,3 @@ +#!/bin/sh -xe +IMG=tinet/centos:centos7 +docker build -t $IMG . From 01676fa3243ccb8c260ac4722b21a8299b51ef29 Mon Sep 17 00:00:00 2001 From: Hiroki Shirokura Date: Sat, 12 Sep 2020 21:06:55 +0900 Subject: [PATCH 2/6] Dockerfiles: add tinet/cloudvpn Signed-off-by: Hiroki Shirokura --- Dockerfiles/cloudvpn/Dockerfile | 4 ++++ Dockerfiles/cloudvpn/build.sh | 3 +++ 2 files changed, 7 insertions(+) create mode 100644 Dockerfiles/cloudvpn/Dockerfile create mode 100755 Dockerfiles/cloudvpn/build.sh diff --git a/Dockerfiles/cloudvpn/Dockerfile b/Dockerfiles/cloudvpn/Dockerfile new file mode 100644 index 0000000..5cc176b --- /dev/null +++ b/Dockerfiles/cloudvpn/Dockerfile @@ -0,0 +1,4 @@ +FROM tinet/centos:centos7 + +RUN yum -y install https://rpm.frrouting.org/repo/frr-stable-repo-1-0.el7.noarch.rpm \ + && yum -y install frr-7.3.1-01.el7.x86_64 frr-pythontools diff --git a/Dockerfiles/cloudvpn/build.sh b/Dockerfiles/cloudvpn/build.sh new file mode 100755 index 0000000..c47f02e --- /dev/null +++ b/Dockerfiles/cloudvpn/build.sh @@ -0,0 +1,3 @@ +#!/bin/sh -xe +IMG=tinet/cloudvpn +docker build -t $IMG . From 6ac13626785d666d49810d2f260c2e57b5792816 Mon Sep 17 00:00:00 2001 From: Hiroki Shirokura Date: Sat, 12 Sep 2020 21:07:38 +0900 Subject: [PATCH 3/6] examples: add basic_ipsec Signed-off-by: Hiroki Shirokura --- examples/basic_ipsec/bgp/README.md | 3 + examples/basic_ipsec/bgp/spec.yaml | 151 ++++++++++++ examples/basic_ipsec/bgp_ha/in.pcap | Bin 0 -> 6884 bytes examples/basic_ipsec/bgp_ha/spec.yaml | 291 ++++++++++++++++++++++++ examples/basic_ipsec/simple/README.md | 14 ++ examples/basic_ipsec/simple/spec.yaml | 99 ++++++++ examples/basic_ipsec/with_vti/README.md | 14 ++ examples/basic_ipsec/with_vti/spec.yaml | 115 ++++++++++ 8 files changed, 687 insertions(+) create mode 100644 examples/basic_ipsec/bgp/README.md create mode 100644 examples/basic_ipsec/bgp/spec.yaml create mode 100644 examples/basic_ipsec/bgp_ha/in.pcap create mode 100644 examples/basic_ipsec/bgp_ha/spec.yaml create mode 100644 examples/basic_ipsec/simple/README.md create mode 100644 examples/basic_ipsec/simple/spec.yaml create mode 100644 examples/basic_ipsec/with_vti/README.md create mode 100644 examples/basic_ipsec/with_vti/spec.yaml diff --git a/examples/basic_ipsec/bgp/README.md b/examples/basic_ipsec/bgp/README.md new file mode 100644 index 0000000..5352244 --- /dev/null +++ b/examples/basic_ipsec/bgp/README.md @@ -0,0 +1,3 @@ +## References + +https://gist.github.com/Manouchehri/de3adfb02c5b55f3edc2da9e8ee59fae diff --git a/examples/basic_ipsec/bgp/spec.yaml b/examples/basic_ipsec/bgp/spec.yaml new file mode 100644 index 0000000..eed4905 --- /dev/null +++ b/examples/basic_ipsec/bgp/spec.yaml @@ -0,0 +1,151 @@ +--- +postinit: + cmds: + - cmd: | + cat </tmp/vpn1.r1.secrets + : PSK "sekainoichihara" + EOF + - cmd: | + cat </tmp/vpn1.r2.secrets + : PSK "sekainoichihara" + EOF + - cmd: | + cat </tmp/vpn1.r1.conf + conn vpn1 + authby=secret + left=10.91.0.2 + right=10.92.0.2 + leftsubnet=0.0.0.0/0 + rightsubnet=0.0.0.0/0 + auto=start + mark=100/0xffffffff + vti-interface=vti0 + vti-routing=no + dpddelay=10 + dpdtimeout=5 + dpdaction=restart + EOF + - cmd: | + cat </tmp/vpn1.r2.conf + conn vpn1 + authby=secret + left=10.92.0.2 + right=10.91.0.2 + leftsubnet=0.0.0.0/0 + rightsubnet=0.0.0.0/0 + auto=start + mark=100/0xffffffff + vti-interface=vti0 + vti-routing=no + dpddelay=10 + dpdtimeout=5 + dpdaction=restart + EOF + - cmd: docker cp /tmp/vpn1.r1.secrets R1:/etc/ipsec.d/vpn1.secrets + - cmd: docker cp /tmp/vpn1.r2.secrets R2:/etc/ipsec.d/vpn1.secrets + - cmd: docker cp /tmp/vpn1.r1.conf R1:/etc/ipsec.d/vpn1.conf + - cmd: docker cp /tmp/vpn1.r2.conf R2:/etc/ipsec.d/vpn1.conf + - cmd: docker exec R1 chmod 600 /etc/ipsec.d/vpn1.conf + - cmd: docker exec R1 chmod 600 /etc/ipsec.d/vpn1.secrets + - cmd: docker exec R2 chmod 600 /etc/ipsec.d/vpn1.conf + - cmd: docker exec R2 chmod 600 /etc/ipsec.d/vpn1.secrets + +nodes: +- name: R0 + image: tinet/cloudvpn + interfaces: + - { name: net0, type: direct, args: R1#net0 } + - { name: net1, type: direct, args: R2#net0 } +- name: R1 + image: tinet/cloudvpn + interfaces: + - { name: net0, type: direct, args: R0#net0 } + - { name: net1, type: direct, args: C1#net0 } +- name: R2 + image: tinet/cloudvpn + interfaces: + - { name: net0, type: direct, args: R0#net1 } + - { name: net1, type: direct, args: C2#net0 } +- name: C1 + image: tinet/centos:centos7 + interfaces: + - { name: net0, type: direct, args: R1#net1 } +- name: C2 + image: tinet/centos:centos7 + interfaces: + - { name: net0, type: direct, args: R2#net1 } + +node_configs: +- name: R0 + cmds: + - cmd: ip addr add 10.91.0.1/24 dev net0 + - cmd: ip addr add 10.92.0.1/24 dev net1 + +- name: R1 + cmds: + - cmd: ip addr add 10.91.0.2/24 dev net0 + - cmd: ip addr add 10.1.0.1/24 dev net1 + - cmd: ip route add 10.92.0.0/24 via 10.91.0.1 + + - cmd: ip link add vti0 type vti key 100 remote 10.92.0.2 local 10.91.0.2 + - cmd: ip link set vti0 up + - cmd: sysctl -w net.ipv4.conf.vti0.disable_policy=1 + - cmd: ip addr add 169.254.0.1/30 remote 169.254.0.2/30 dev vti0 + + - cmd: /usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig + - cmd: /usr/libexec/ipsec/_stackmanager start + - cmd: /usr/sbin/ipsec --checknss + - cmd: /usr/sbin/ipsec --checknflog + - cmd: /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf + + - cmd: sed -i -e "s/bgpd=no/bgpd=yes/g" /etc/frr/daemons + - cmd: /usr/lib/frr/frrinit.sh start + - cmd: >- + vtysh -c 'conf t' + -c 'router bgp 65001' + -c ' bgp router-id 169.254.0.1' + -c ' neighbor 169.254.0.2 remote-as 65002' + -c ' !' + -c ' address-family ipv4 unicast' + -c ' network 10.1.0.0/24' + -c ' exit-address-family' + -c '!' + +- name: R2 + cmds: + - cmd: ip addr add 10.92.0.2/24 dev net0 + - cmd: ip addr add 10.2.0.1/24 dev net1 + - cmd: ip route add 10.91.0.0/24 via 10.92.0.1 + + - cmd: ip link add vti0 type vti key 100 remote 10.91.0.2 local 10.92.0.2 + - cmd: ip link set vti0 up + - cmd: sysctl -w net.ipv4.conf.vti0.disable_policy=1 + - cmd: ip addr add 169.254.0.2/30 remote 169.254.0.1/30 dev vti0 + + - cmd: /usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig + - cmd: /usr/libexec/ipsec/_stackmanager start + - cmd: /usr/sbin/ipsec --checknss + - cmd: /usr/sbin/ipsec --checknflog + - cmd: /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf + + - cmd: sed -i -e "s/bgpd=no/bgpd=yes/g" /etc/frr/daemons + - cmd: /usr/lib/frr/frrinit.sh start + - cmd: >- + vtysh -c 'conf t' + -c 'router bgp 65002' + -c ' bgp router-id 169.254.0.2' + -c ' neighbor 169.254.0.1 remote-as 65001' + -c ' !' + -c ' address-family ipv4 unicast' + -c ' network 10.2.0.0/24' + -c ' exit-address-family' + -c '!' + +- name: C1 + cmds: + - cmd: ip addr add 10.1.0.2/24 dev net0 + - cmd: ip route add default via 10.1.0.1 +- name: C2 + cmds: + - cmd: ip addr add 10.2.0.2/24 dev net0 + - cmd: ip route add default via 10.2.0.1 diff --git a/examples/basic_ipsec/bgp_ha/in.pcap b/examples/basic_ipsec/bgp_ha/in.pcap new file mode 100644 index 0000000000000000000000000000000000000000..954fffd671af786992eecd647e603c2a56156448 GIT binary patch literal 6884 zcmeHKXHZmGx4oT+l9Ljo1tcm_f`UjRAV`wXAOZ>ql0g&&M4-u0G73%3L9&8KBSCT& z5Rq|+k|Ye0Q9xf`eInC-<;=fV_3G=Y)7AH$-RJJJ_gd?o^}4Y<9SXpKpC32?!Cw>~ zSG{IU3rU0OR_zUm>_yKjrf79Y0zy)4m$N>oE5G6GR0uW>HDPdsv zYdAoOp@aZn4CJ>l06rYxg8mvqM7R#@w=v(>f&Ur~yJ9ct$MkI#;J0dHOofcGxav3e83E-M=8^R80HDGGu2JYtXJ=ume!o?uFjX3$R7 z1Mfw4VxnYm)(#}sy(<>w-P!Ru(07|CofjWFwtauEeAlWnOBrO;a}pR(jh_U^cP@SB z704){P|I5mkfV8x0NDhx3S<-z&tU$8QMDi5F1qGBzy8T6AQJy{Dg0vi{eBxK@ZaF? ze`FMx^}neCeyv}s0PchY&)Z7;lfXf!4Ujx7M^GDHvmDe0NGziX;ZETD+5ib710Zl$ zckY1?ac%~AH&rlot?&}srxzb74WcH)P>H2qq(VoC3dpWapzEw2n6)^~R4wo|Cc}Bf zB*+{Ji@wUCEhn_=Gt6+F$XLX2WEIZ2Z6&12c+r**0MdT?{kZZuV>yj?52qi^{}x{bo24EvVGV zpJnET%RT6hvGA(So&*t)94iULcXMhn@7ZvqH8Z&+m0l@E=jY7#9hHur`8tUMyQt0h zvx|gy#COpb#Nz<*K|KDOF5+I3gfkpnz_GiSa97l^1f?gwR7tAwFs{9LI&7{vO_!>n zO_)p2U*)P@!DNbSC{~v(=aV{1I&%Y&@53Ia=v@Z3480RYr~+Q7NIZ*VL!Q*SLFW3_o~W#ZCaV1&JbJ*03eWzDVns^EIB zPV!1=?~+>;SJzJFbNgYdC)ysRO#@!}XC6?$(<^WZtk*EVN>?}YzC<21LTjSZd;PrW zJZq)f9f>Y#W(CQ;4VHG9E4m1th8=|TpYY|kc)sW1Co%72x{={`R${&%H4EGAijDr zHkA$&+x)V3<=)Vy@#xoZ)m~DbH0{YA4(G}ZDn!$rQn6kioONL>n1#|Y7!ZK}J2(ij z1h{JXebY9HgIEI08H9h6h0)gH4%*5WTho3=Rc^L7s7jH+`-H9VtyXOu=G3fq+fHA* zVl|OdbEs@tJM~kYW|?ydbH??R{!>xD5sIdqDyd*rY1}Y?2!8+p2Vrd>+geUwZ3fy8 z)&?@gSW1``2{jU8fgD)Ji|n5Plj5EjBi1F?V%Xeqw>KL*Fk{)iNoc>}bdhZ~2D=ut zY;5%hu#>}gKeq3|_%UzB=8m3 zTD~!FLnCKwVA&eK#KPrNl~l8?S&+Dwz+nkw5rPPk*Moxf6Jc|!ow&< zK5*MV@R-M@75Qdc-L|#t{_5W+v9!q>#UZ$bDO$?nZ<4QU%ud?rFxAyM znK2i+>T=xIaG-A8ch*>dp9-dvcK`5*&>wF7ugm>4L_V(EVT0sI>899gl-HDlUuP|5U6(okD`%698x1=Q(PrYw@$Tan z-~njQrd6M5ha#<4lNZ_lnBFB{-^5;a=9iZ`p-VY(i`tcwhEYNO4u6SXz&*c{Jx0>v zvGZzYZRcuY_cr>%M#63uwus171?@D|h|(aMsuAAUlY(hu)qSh+RNB+mOEq46w18Hm z@DGU}8PQ=mE4CdWb(MLm;vy$WLg2W+8d0I>73jPzE;B#F=^UKh1aj)WZD?QngofZN z4y7@oLWa#E+GXBwy{+tb585gUt#sh|UX4rCGE%8bT$wiKn@`$itQnV|lSJM@4vq@P zr1(=^db@6L>V>YnLc?Dbr;un}%)p8A)L0qHyCpH+%L&(pv7Q*O<7YAqvNj#kG}Qw6 z)+2Z}BOdydmDPrgzi`d>hNsdm1Q#DeD{U!~P;q$vnXO#plqP zS6C0CK>7V|bu<2(Zi*h%hX16SKeYi+8`&+N_9Qv6{>(n8)u|O*lJ6q@%Cl)yOk{0% zxW6fYz9!Xg^UEuidn&W(1OY}gIEMzRz(*O<{~6L z^j)y=y0m|i`mf8v9B_}ITllZb0zhZD?|?9r|9@Q;$f#a4V&7#EzVm@XZI^G}gz9g+ z#=EQ^jH(H^V1oEuO8%2k|2HlR+=+xSV&7#EY6B!sClGv3^}!Bm19(0s+zFw}3P(Py z&cFV)kD-fU6aw#orH8ur+2E*=s%IBNb(bpU$*v?D00kYFc?TwaI|1>~hReO_N!X0g+bRfH90WpgF;*;|qF`vES+;8feO}~xrJePt|^`V84g?0+gr0WV=zR**t zo9%gqKwGU2^3-2t;WMHkG3|25R~~PF*TTZGu8i>)3at*jIr{veutU);XW2?Ng=%EX ziTa)!kA+dF`(oujT6Dtv?Vn@kJI!`PKWpW+e^_X3##K$3H)+fo1q(M>OtS|bU6=Wk zJjiFv|1rffm@Gxdq9`Zxf<%{N#^Q8cKXd=jOO;)xS=nczoV%o1MAkG#H~zG>V~t;i@k2HK`+QBa@9ZhpMf*-$Pi?*8wJH(t9@uZd9=6RI3bS3i$XCOBR=?oX@n15?Wh%`dAUS4d_ObFALJrK*NTGwAp?cqtZ7&OAhTn5 zVP`_-=zUJ6Bg8i_=dCQTM0~Ra=Vce~lNK2)EUn0ZS-4su_FWbsmH=1nd*8H8?jV*x zm-U-0j3P6zv(a=b6lYsS)cFv7%wFl??P4Ft3+lI+Q~Fl9Iz zSe)$iRei@>Br=Uftv%pynJ$>sNqfY;%Ob1|WLqZ~)Tvix2WtbmEW)h7lN2NC+jh`p z6?=49x_O_uRY~rZzua5T%^!P+OSp|CK#W$a`|QlKG`pd(fEQZSpJl{@NbIh2Qzz7E zNmlN}lQb+fPK|uX_4*D4opMT+i;q~DorQSFsFC14{SU(kqmFe=y?38N=4AOB^ z?lCty0}b)0-c#$|qKJyRFh6z4S(MUDc9gW3`}F>Lg*v&4-`k^n zjtI+speF&<2xW5jeVx@-If%3>dW`hQDyDR-5Pa=qgOKEGDemaGYqfG%nQhX4OR`IE z%qGu3t1T>8*kjR}_}yVB&(+%Oa%${3hi8nq!pPyV8nPJ8kOrizev%%kl|L%Jn24+{i5n!DRq*ez$?9V@s6oW;HfrE35KGnxV;pv zE2QOr4r&B?+b#MazS!S|ogEjaw~a|&!NOAA+t!2mZUf0SqPDz7lOYMC=4kkJ9|5(a zBs9a67nDe*KbCu@oQR@bl=EDD{-m3#0&||b)8Y>Q{0i_A(RYjpPuZOJgr6b?A8>!!1-3c z0kP8M0#>U{t4JlGTb;*hR`?4LCLVbk`OL}0t}x5QQh6rY`>J9A2{Bauzs&IaDj zE4sIAujYJ(rZKPab@eEdy-VDO#R;Kenfg9aqLdm$MYaSAvM%M3e=uB9d$~4G+Js&G0lJX5nlSeldL^tAV+5E=k(t z%#8--h+#95Ta;J$;f}aGnG60V%PsXW_7;pxZ+3;Kk5xP?vq^O0*An1~w=?2EX=WGG z+MS^!E0tj{;+n6QoSi^@^8HvvRKVP1JNg%CUU~B){YiFdRe5f5+Up9G@AIygOPp`% zLAQkJ-unREJmv#ImMeWeT^Abub#V3Y*1F?+^1YJHHj2ry5&Np=5%gHGe7VbsVeC!@ zZMa3XQtQvD$sPd?!db2x_mi@7M5XC!E!ELwa`)TDV{0p-BCOvqjtUnr_)c2y/tmp/vpn1.r1.secrets + : PSK "sekainoichihara" + EOF + - cmd: | + cat </tmp/vpn2.r3.secrets + : PSK "sekainoichihara" + EOF + - cmd: | + cat </tmp/vpn1.r2.secrets + : PSK "sekainoichihara" + EOF + - cmd: | + cat </tmp/vpn2.r2.secrets + : PSK "sekainoichihara" + EOF + - cmd: | + cat </tmp/vpn1.r1.conf + conn vpn1 + authby=secret + left=10.91.0.2 + right=10.92.0.2 + leftsubnet=0.0.0.0/0 + rightsubnet=0.0.0.0/0 + auto=start + mark=100/0xffffffff + vti-interface=vti0 + vti-routing=no + dpddelay=10 + dpdtimeout=5 + dpdaction=restart + EOF + - cmd: | + cat </tmp/vpn2.r3.conf + conn vpn1 + authby=secret + left=10.93.0.2 + right=10.92.0.2 + leftsubnet=0.0.0.0/0 + rightsubnet=0.0.0.0/0 + auto=start + mark=100/0xffffffff + vti-interface=vti0 + vti-routing=no + dpddelay=10 + dpdtimeout=5 + dpdaction=restart + EOF + - cmd: | + cat </tmp/vpn1.r2.conf + conn vpn1 + authby=secret + left=10.92.0.2 + right=10.91.0.2 + leftsubnet=0.0.0.0/0 + rightsubnet=0.0.0.0/0 + auto=start + mark=100/0xffffffff + vti-interface=vti0 + vti-routing=no + dpddelay=10 + dpdtimeout=5 + dpdaction=restart + EOF + - cmd: | + cat </tmp/vpn2.r2.conf + conn vpn2 + authby=secret + left=10.92.0.2 + right=10.93.0.2 + leftsubnet=0.0.0.0/0 + rightsubnet=0.0.0.0/0 + auto=start + mark=101/0xffffffff + vti-interface=vti1 + vti-routing=no + dpddelay=10 + dpdtimeout=5 + dpdaction=restart + EOF + - cmd: docker cp /tmp/vpn1.r1.secrets R1:/etc/ipsec.d/vpn1.secrets + - cmd: docker cp /tmp/vpn1.r2.secrets R2:/etc/ipsec.d/vpn1.secrets + - cmd: docker cp /tmp/vpn1.r1.conf R1:/etc/ipsec.d/vpn1.conf + - cmd: docker cp /tmp/vpn1.r2.conf R2:/etc/ipsec.d/vpn1.conf + + - cmd: docker cp /tmp/vpn2.r3.secrets R3:/etc/ipsec.d/vpn2.secrets + - cmd: docker cp /tmp/vpn2.r2.secrets R2:/etc/ipsec.d/vpn2.secrets + - cmd: docker cp /tmp/vpn2.r3.conf R3:/etc/ipsec.d/vpn2.conf + - cmd: docker cp /tmp/vpn2.r2.conf R2:/etc/ipsec.d/vpn2.conf + + - cmd: docker exec R1 chmod 600 /etc/ipsec.d/vpn1.conf + - cmd: docker exec R1 chmod 600 /etc/ipsec.d/vpn1.secrets + - cmd: docker exec R2 chmod 600 /etc/ipsec.d/vpn1.conf + - cmd: docker exec R2 chmod 600 /etc/ipsec.d/vpn1.secrets + + - cmd: docker exec R3 chmod 600 /etc/ipsec.d/vpn2.conf + - cmd: docker exec R3 chmod 600 /etc/ipsec.d/vpn2.secrets + - cmd: docker exec R2 chmod 600 /etc/ipsec.d/vpn2.conf + - cmd: docker exec R2 chmod 600 /etc/ipsec.d/vpn2.secrets + +nodes: +- name: R0 + image: tinet/cloudvpn + interfaces: + - { name: net0, type: direct, args: R1#net0 } + - { name: net1, type: direct, args: R2#net0 } + - { name: net2, type: direct, args: R3#net0 } +- name: R1 + image: tinet/cloudvpn + interfaces: + - { name: net0, type: direct, args: R0#net0 } + - { name: net1, type: direct, args: N1#net0 } + sysctls: + - { sysctl: net.ipv4.fib_multipath_hash_policy=1 } +- name: R2 + image: tinet/cloudvpn + interfaces: + - { name: net0, type: direct, args: R0#net1 } + - { name: net1, type: direct, args: C2#net0 } + sysctls: + - { sysctl: net.ipv4.fib_multipath_hash_policy=1 } +- name: R3 + image: tinet/cloudvpn + interfaces: + - { name: net0, type: direct, args: R0#net2 } + - { name: net1, type: direct, args: N1#net1 } + sysctls: + - { sysctl: net.ipv4.fib_multipath_hash_policy=1 } +- name: N1 + image: tinet/cloudvpn + interfaces: + - { name: net0, type: direct, args: R1#net1 } + - { name: net1, type: direct, args: R3#net1 } + - { name: net2, type: direct, args: C1#net0 } + sysctls: + - { sysctl: net.ipv4.fib_multipath_hash_policy=1 } +- name: C1 + image: slankdev/tmp + interfaces: + - { name: net0, type: direct, args: N1#net2 } +- name: C2 + image: slankdev/tmp + interfaces: + - { name: net0, type: direct, args: R2#net1 } + +node_configs: +- name: R0 + cmds: + - cmd: ip addr add 10.91.0.1/24 dev net0 + - cmd: ip addr add 10.92.0.1/24 dev net1 + - cmd: ip addr add 10.93.0.1/24 dev net2 + +- name: R1 + cmds: + - cmd: ip addr add 10.91.0.2/24 dev net0 + - cmd: ip addr add 10.1.0.101/24 dev net1 + - cmd: ip route add 10.92.0.0/24 via 10.91.0.1 + + - cmd: ip link add vti0 type vti key 100 remote 10.92.0.2 local 10.91.0.2 + - cmd: ip link set vti0 up + - cmd: sysctl -w net.ipv4.conf.vti0.disable_policy=1 + - cmd: ip addr add 169.254.0.1/30 remote 169.254.0.2/30 dev vti0 + + - cmd: /usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig + - cmd: /usr/libexec/ipsec/_stackmanager start + - cmd: /usr/sbin/ipsec --checknss + - cmd: /usr/sbin/ipsec --checknflog + - cmd: /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf + + - cmd: sed -i -e "s/bgpd=no/bgpd=yes/g" /etc/frr/daemons + - cmd: /usr/lib/frr/frrinit.sh start + - cmd: >- + vtysh -c 'conf t' + -c 'router bgp 65001' + -c ' bgp router-id 169.254.0.1' + -c ' neighbor 169.254.0.2 remote-as 65002' + -c ' neighbor 10.1.0.10 remote-as 65000' + -c ' !' + -c ' address-family ipv4 unicast' + -c ' network 10.1.0.0/24' + -c ' exit-address-family' + -c '!' + +- name: R3 + cmds: + - cmd: ip addr add 10.93.0.2/24 dev net0 + - cmd: ip addr add 10.1.0.103/24 dev net1 + - cmd: ip route add 10.92.0.0/24 via 10.93.0.1 + + - cmd: ip link add vti0 type vti key 100 remote 10.92.0.2 local 10.93.0.2 + - cmd: ip link set vti0 up + - cmd: sysctl -w net.ipv4.conf.vti0.disable_policy=1 + - cmd: ip addr add 169.254.1.1/30 remote 169.254.1.2/30 dev vti0 + + - cmd: /usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig + - cmd: /usr/libexec/ipsec/_stackmanager start + - cmd: /usr/sbin/ipsec --checknss + - cmd: /usr/sbin/ipsec --checknflog + - cmd: /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf + + - cmd: sed -i -e "s/bgpd=no/bgpd=yes/g" /etc/frr/daemons + - cmd: /usr/lib/frr/frrinit.sh start + - cmd: >- + vtysh -c 'conf t' + -c 'router bgp 65001' + -c ' bgp router-id 169.254.1.1' + -c ' neighbor 169.254.1.2 remote-as 65002' + -c ' neighbor 10.1.0.11 remote-as 65000' + -c ' !' + -c ' address-family ipv4 unicast' + -c ' network 10.1.0.0/24' + -c ' exit-address-family' + -c '!' + +- name: R2 + cmds: + - cmd: ip addr add 10.92.0.2/24 dev net0 + - cmd: ip addr add 10.2.0.1/24 dev net1 + - cmd: ip route add 10.91.0.0/24 via 10.92.0.1 + - cmd: ip route add 10.93.0.0/24 via 10.92.0.1 + + - cmd: ip link add vti0 type vti key 100 remote 10.91.0.2 local 10.92.0.2 + - cmd: ip link set vti0 up + - cmd: sysctl -w net.ipv4.conf.vti0.disable_policy=1 + - cmd: ip addr add 169.254.0.2/30 remote 169.254.0.1/30 dev vti0 + + - cmd: ip link add vti1 type vti key 101 remote 10.93.0.2 local 10.92.0.2 + - cmd: ip link set vti1 up + - cmd: sysctl -w net.ipv4.conf.vti1.disable_policy=1 + - cmd: ip addr add 169.254.1.2/30 remote 169.254.1.1/30 dev vti1 + + - cmd: /usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig + - cmd: /usr/libexec/ipsec/_stackmanager start + - cmd: /usr/sbin/ipsec --checknss + - cmd: /usr/sbin/ipsec --checknflog + - cmd: /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf + + - cmd: sed -i -e "s/bgpd=no/bgpd=yes/g" /etc/frr/daemons + - cmd: /usr/lib/frr/frrinit.sh start + - cmd: >- + vtysh -c 'conf t' + -c 'router bgp 65002' + -c ' bgp router-id 169.254.0.2' + -c ' neighbor 169.254.0.1 remote-as 65001' + -c ' neighbor 169.254.1.1 remote-as 65001' + -c ' !' + -c ' address-family ipv4 unicast' + -c ' network 10.2.0.0/24' + -c ' exit-address-family' + -c '!' + +- name: N1 + cmds: + - cmd: ip addr add 10.1.0.10/24 dev net0 + - cmd: ip addr add 10.1.0.11/24 dev net1 + - cmd: ip addr add 10.1.0.1/24 dev net2 + - cmd: ip route add 10.1.0.101/32 dev net0 + - cmd: ip route add 10.1.0.103/32 dev net1 + - cmd: ip route add 10.1.0.2/32 dev net2 + + - cmd: sysctl -w net.ipv4.conf.net0.proxy_arp=1 + - cmd: sysctl -w net.ipv4.conf.net1.proxy_arp=1 + - cmd: sysctl -w net.ipv4.conf.net2.proxy_arp=1 + + - cmd: sed -i -e "s/bgpd=no/bgpd=yes/g" /etc/frr/daemons + - cmd: /usr/lib/frr/frrinit.sh start + - cmd: >- + vtysh -c 'conf t' + -c 'router bgp 65000' + -c ' bgp router-id 1.1.1.1' + -c ' neighbor 10.1.0.101 remote-as 65001' + -c ' neighbor 10.1.0.101 disable-connected-check' + -c ' neighbor 10.1.0.103 remote-as 65001' + -c ' neighbor 10.1.0.103 disable-connected-check' + -c ' !' + -c ' address-family ipv4 unicast' + -c ' exit-address-family' + -c '!' + +- name: C1 + cmds: + - cmd: ip addr add 10.1.0.2/24 dev net0 + - cmd: ip route add default via 10.1.0.1 + +- name: C2 + cmds: + - cmd: ip addr add 10.2.0.2/24 dev net0 + - cmd: ip route add default via 10.2.0.1 diff --git a/examples/basic_ipsec/simple/README.md b/examples/basic_ipsec/simple/README.md new file mode 100644 index 0000000..1b24db9 --- /dev/null +++ b/examples/basic_ipsec/simple/README.md @@ -0,0 +1,14 @@ + +## IPsec Example + +- libreswan + +```bash +> docker exec R1 ipsec status | grep "Total IPsec connections" -A5 +000 Total IPsec connections: loaded 1, active 1 +000 +000 State Information: DDoS cookies not required, Accepting new IKE connections +000 IKE SAs: total(2), half-open(0), open(0), authenticated(2), anonymous(0) +000 IPsec SAs: total(2), authenticated(2), anonymous(0) +000 +``` diff --git a/examples/basic_ipsec/simple/spec.yaml b/examples/basic_ipsec/simple/spec.yaml new file mode 100644 index 0000000..572af85 --- /dev/null +++ b/examples/basic_ipsec/simple/spec.yaml @@ -0,0 +1,99 @@ +--- +postinit: + cmds: + - cmd: | + cat </tmp/vpn1.r1.secrets + : PSK "vpn1" + EOF + - cmd: | + cat </tmp/vpn1.r2.secrets + : PSK "vpn1" + EOF + - cmd: | + cat </tmp/vpn1.r1.conf + conn vpn1 + left=10.0.0.1 + leftsubnet=10.1.0.0/24 + right=10.0.0.2 + rightsubnet=10.2.0.0/24 + auto=start + authby=secret + dpddelay=10 + dpdtimeout=5 + dpdaction=restart + EOF + - cmd: | + cat </tmp/vpn1.r2.conf + conn vpn1 + left=10.0.0.2 + leftsubnet=10.2.0.0/24 + right=10.0.0.1 + rightsubnet=10.1.0.0/24 + auto=start + authby=secret + dpddelay=10 + dpdtimeout=5 + dpdaction=restart + EOF + - cmd: docker cp /tmp/vpn1.r1.secrets R1:/etc/ipsec.d/vpn1.secrets + - cmd: docker cp /tmp/vpn1.r2.secrets R2:/etc/ipsec.d/vpn1.secrets + - cmd: docker cp /tmp/vpn1.r1.conf R1:/etc/ipsec.d/vpn1.conf + - cmd: docker cp /tmp/vpn1.r2.conf R2:/etc/ipsec.d/vpn1.conf + - cmd: docker exec R1 chmod 600 /etc/ipsec.d/vpn1.conf + - cmd: docker exec R1 chmod 600 /etc/ipsec.d/vpn1.secrets + - cmd: docker exec R2 chmod 600 /etc/ipsec.d/vpn1.conf + - cmd: docker exec R2 chmod 600 /etc/ipsec.d/vpn1.secrets + +nodes: +- name: R1 + image: tinet/centos:centos7 + interfaces: + - { name: net0, type: direct, args: R2#net0 } + - { name: net1, type: direct, args: C1#net0 } +- name: R2 + image: tinet/centos:centos7 + interfaces: + - { name: net0, type: direct, args: R1#net0 } + - { name: net1, type: direct, args: C2#net0 } +- name: C1 + image: tinet/centos:centos7 + interfaces: + - { name: net0, type: direct, args: R1#net1 } +- name: C2 + image: tinet/centos:centos7 + interfaces: + - { name: net0, type: direct, args: R2#net1 } + +node_configs: +- name: R1 + cmds: + - cmd: ip addr add 10.0.0.1/24 dev net0 + - cmd: ip addr add 10.1.0.1/24 dev net1 + - cmd: ip route add 10.2.0.0/24 via 10.0.0.2 + + - cmd: /usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig + - cmd: /usr/libexec/ipsec/_stackmanager start + - cmd: /usr/sbin/ipsec --checknss + - cmd: /usr/sbin/ipsec --checknflog + - cmd: /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf + +- name: R2 + cmds: + - cmd: ip addr add 10.0.0.2/24 dev net0 + - cmd: ip addr add 10.2.0.1/24 dev net1 + - cmd: ip route add 10.1.0.0/24 via 10.0.0.1 + + - cmd: /usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig + - cmd: /usr/libexec/ipsec/_stackmanager start + - cmd: /usr/sbin/ipsec --checknss + - cmd: /usr/sbin/ipsec --checknflog + - cmd: /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf + +- name: C1 + cmds: + - cmd: ip addr add 10.1.0.2/24 dev net0 + - cmd: ip route add default via 10.1.0.1 +- name: C2 + cmds: + - cmd: ip addr add 10.2.0.2/24 dev net0 + - cmd: ip route add default via 10.2.0.1 diff --git a/examples/basic_ipsec/with_vti/README.md b/examples/basic_ipsec/with_vti/README.md new file mode 100644 index 0000000..1b24db9 --- /dev/null +++ b/examples/basic_ipsec/with_vti/README.md @@ -0,0 +1,14 @@ + +## IPsec Example + +- libreswan + +```bash +> docker exec R1 ipsec status | grep "Total IPsec connections" -A5 +000 Total IPsec connections: loaded 1, active 1 +000 +000 State Information: DDoS cookies not required, Accepting new IKE connections +000 IKE SAs: total(2), half-open(0), open(0), authenticated(2), anonymous(0) +000 IPsec SAs: total(2), authenticated(2), anonymous(0) +000 +``` diff --git a/examples/basic_ipsec/with_vti/spec.yaml b/examples/basic_ipsec/with_vti/spec.yaml new file mode 100644 index 0000000..b5d67e2 --- /dev/null +++ b/examples/basic_ipsec/with_vti/spec.yaml @@ -0,0 +1,115 @@ +--- +postinit: + cmds: + - cmd: | + cat </tmp/vpn1.r1.secrets + : PSK "vpn1" + EOF + - cmd: | + cat </tmp/vpn1.r2.secrets + : PSK "vpn1" + EOF + - cmd: | + cat </tmp/vpn1.r1.conf + conn vpn1 + authby=secret + left=10.0.0.1 + right=10.0.0.2 + leftsubnet=0.0.0.0/0 + rightsubnet=0.0.0.0/0 + auto=start + mark=100/0xffffffff + vti-interface=vti0 + vti-routing=no + dpddelay=10 + dpdtimeout=5 + dpdaction=restart + EOF + - cmd: | + cat </tmp/vpn1.r2.conf + conn vpn1 + left=10.0.0.2 + right=10.0.0.1 + leftsubnet=0.0.0.0/0 + rightsubnet=0.0.0.0/0 + auto=start + authby=secret + mark=100/0xffffffff + vti-interface=vti0 + vti-routing=no + dpddelay=10 + dpdtimeout=5 + dpdaction=restart + EOF + - cmd: docker cp /tmp/vpn1.r1.secrets R1:/etc/ipsec.d/vpn1.secrets + - cmd: docker cp /tmp/vpn1.r2.secrets R2:/etc/ipsec.d/vpn1.secrets + - cmd: docker cp /tmp/vpn1.r1.conf R1:/etc/ipsec.d/vpn1.conf + - cmd: docker cp /tmp/vpn1.r2.conf R2:/etc/ipsec.d/vpn1.conf + - cmd: docker exec R1 chmod 600 /etc/ipsec.d/vpn1.conf + - cmd: docker exec R1 chmod 600 /etc/ipsec.d/vpn1.secrets + - cmd: docker exec R2 chmod 600 /etc/ipsec.d/vpn1.conf + - cmd: docker exec R2 chmod 600 /etc/ipsec.d/vpn1.secrets + +nodes: +- name: R1 + image: tinet/centos:centos7 + interfaces: + - { name: net0, type: direct, args: R2#net0 } + - { name: net1, type: direct, args: C1#net0 } +- name: R2 + image: tinet/centos:centos7 + interfaces: + - { name: net0, type: direct, args: R1#net0 } + - { name: net1, type: direct, args: C2#net0 } +- name: C1 + image: tinet/centos:centos7 + interfaces: + - { name: net0, type: direct, args: R1#net1 } +- name: C2 + image: tinet/centos:centos7 + interfaces: + - { name: net0, type: direct, args: R2#net1 } + +node_configs: +- name: R1 + cmds: + - cmd: ip addr add 10.0.0.1/24 dev net0 + - cmd: ip addr add 10.1.0.1/24 dev net1 + + - cmd: ip link add vti0 type vti key 100 remote 10.0.0.2 local 10.0.0.1 + - cmd: ip link set vti0 up + - cmd: sysctl -w net.ipv4.conf.vti0.disable_policy=1 + - cmd: ip route add 10.2.0.0/24 dev vti0 + - cmd: ip addr add 169.254.0.1/30 remote 169.254.0.2/30 dev vti0 + + - cmd: /usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig + - cmd: /usr/libexec/ipsec/_stackmanager start + - cmd: /usr/sbin/ipsec --checknss + - cmd: /usr/sbin/ipsec --checknflog + - cmd: /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf + +- name: R2 + cmds: + - cmd: ip addr add 10.0.0.2/24 dev net0 + - cmd: ip addr add 10.2.0.1/24 dev net1 + + - cmd: ip link add vti0 type vti key 100 remote 10.0.0.1 local 10.0.0.2 + - cmd: ip link set vti0 up + - cmd: sysctl -w net.ipv4.conf.vti0.disable_policy=1 + - cmd: ip route add 10.1.0.0/24 dev vti0 + - cmd: ip addr add 169.254.0.2/30 remote 169.254.0.1/30 dev vti0 + + - cmd: /usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig + - cmd: /usr/libexec/ipsec/_stackmanager start + - cmd: /usr/sbin/ipsec --checknss + - cmd: /usr/sbin/ipsec --checknflog + - cmd: /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf + +- name: C1 + cmds: + - cmd: ip addr add 10.1.0.2/24 dev net0 + - cmd: ip route add default via 10.1.0.1 +- name: C2 + cmds: + - cmd: ip addr add 10.2.0.2/24 dev net0 + - cmd: ip route add default via 10.2.0.1 From d66c1deb7c1dc2341f69ea30086484e7b4059508 Mon Sep 17 00:00:00 2001 From: Hiroki Shirokura Date: Sat, 12 Sep 2020 21:08:04 +0900 Subject: [PATCH 4/6] examples: add basic_geneve Signed-off-by: Hiroki Shirokura --- examples/basic_geneve/in.pcap | Bin 0 -> 1224 bytes examples/basic_geneve/spec.yaml | 46 ++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 examples/basic_geneve/in.pcap create mode 100644 examples/basic_geneve/spec.yaml diff --git a/examples/basic_geneve/in.pcap b/examples/basic_geneve/in.pcap new file mode 100644 index 0000000000000000000000000000000000000000..5fc7bc6bdd47f14e606684b73ef0ad012fcbd373 GIT binary patch literal 1224 zcmbu8IY)|9#*m`B{eNQBh#Ffos*lFZz(7&DlRE4 zvzAv>R#n^VHMMp14UJ8XX7p``I0`#qDjd%r;kdN~KX^tu3Oivc9D{}2A&o7-51vG? zF*)9_W~_`w4N>=6IO{$IY(j zb9~Q0j-zfh$Jv-1{p=X*GtwaM3#D=F_W9trey2E|-10oOAqO#!VP_prlAhvu)WzAu z5?>M_Q?T0lRhDM&CBrd*ZM^`)_7O=3#Vdh~)J0Iw~4{_9F@A3uUxIV39AL$sD{h#B< Q9(PD1-|&Mc(Q! Date: Sat, 12 Sep 2020 21:08:16 +0900 Subject: [PATCH 5/6] examples: add basic_vrf2 Signed-off-by: Hiroki Shirokura --- examples/basic_vrf2/spec.yaml | 118 ++++++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 examples/basic_vrf2/spec.yaml diff --git a/examples/basic_vrf2/spec.yaml b/examples/basic_vrf2/spec.yaml new file mode 100644 index 0000000..bc28cd2 --- /dev/null +++ b/examples/basic_vrf2/spec.yaml @@ -0,0 +1,118 @@ + +nodes: +- name: R1 + image: slankdev/frr + interfaces: + - { name: net0, type: direct, args: R2#net0 } + - { name: net1, type: direct, args: C1#net0 } + - { name: net2, type: direct, args: C3#net0 } +- name: R2 + image: slankdev/frr + interfaces: + - { name: net0, type: direct, args: R1#net0 } + - { name: net1, type: direct, args: C2#net0 } + - { name: net2, type: direct, args: C4#net0 } + - { name: net3, type: direct, args: C0#net0 } + +- name: C0 + image: slankdev/frr + interfaces: + - { name: net0, type: direct, args: R2#net3 } + +- name: C1 + image: slankdev/frr + interfaces: + - { name: net0, type: direct, args: R1#net1 } +- name: C2 + image: slankdev/frr + interfaces: + - { name: net0, type: direct, args: R2#net1 } +- name: C3 + image: slankdev/frr + interfaces: + - { name: net0, type: direct, args: R1#net2 } +- name: C4 + image: slankdev/frr + interfaces: + - { name: net0, type: direct, args: R2#net2 } + +node_configs: +- name: R1 + cmds: + - cmd: ip link add link net0 name net0.10 type vlan id 10 + - cmd: ip link add link net0 name net0.20 type vlan id 20 + - cmd: ip link set net0.10 up + - cmd: ip link set net0.20 up + - cmd: ip addr add 10.0.0.1/24 dev net0.10 + - cmd: ip addr add 10.0.0.1/24 dev net0.20 + + - cmd: ip link add vrf10 type vrf table 10 + - cmd: ip link add vrf20 type vrf table 20 + - cmd: ip link set vrf10 up + - cmd: ip link set vrf20 up + + - cmd: ip link set net0.10 vrf vrf10 + - cmd: ip link set net1 vrf vrf10 + - cmd: ip addr add 10.1.0.1/24 dev net1 + - cmd: ip route add 10.2.0.0/24 via 10.0.0.2 dev net0.10 vrf vrf10 + + - cmd: ip link set net0.20 vrf vrf20 + - cmd: ip link set net2 vrf vrf20 + - cmd: ip addr add 10.1.0.1/24 dev net2 + - cmd: ip route add 10.2.0.0/24 via 10.0.0.2 dev net0.20 vrf vrf20 + +- name: R2 + cmds: + - cmd: ip link add link net0 name net0.10 type vlan id 10 + - cmd: ip link add link net0 name net0.20 type vlan id 20 + - cmd: ip link set net0.10 up + - cmd: ip link set net0.20 up + - cmd: ip addr add 10.0.0.2/24 dev net0.10 + - cmd: ip addr add 10.0.0.2/24 dev net0.20 + + - cmd: ip link add vrf10 type vrf table 10 + - cmd: ip link add vrf20 type vrf table 20 + - cmd: ip link set vrf10 up + - cmd: ip link set vrf20 up + + - cmd: ip link set net0.10 vrf vrf10 + - cmd: ip link set net1 vrf vrf10 + - cmd: ip addr add 10.2.0.1/24 dev net1 + - cmd: ip route add 10.1.0.0/24 via 10.0.0.1 dev net0.10 vrf vrf10 + + - cmd: ip link set net0.20 vrf vrf20 + - cmd: ip link set net2 vrf vrf20 + - cmd: ip addr add 10.2.0.1/24 dev net2 + - cmd: ip route add 10.1.0.0/24 via 10.0.0.1 dev net0.20 vrf vrf20 + + - cmd: ip link add vrf90 type vrf table 90 + - cmd: ip link set vrf90 up + - cmd: ip link set net3 vrf vrf90 + - cmd: ip link set net3 up + - cmd: ip addr add 10.2.0.1/24 dev net3 + - cmd: iptables -t raw -A PREROUTING -s 10.1.0.2/32 -p udp --dport 1000 -j MARK --set-mark 0x10 + - cmd: ip rule add prio 100 fwmark 0x10 lookup 90 + - cmd: ip route add default dev vrf10 + +- name: C1 + cmds: + - cmd: ip addr add 10.1.0.2/24 dev net0 + - cmd: ip route add default via 10.1.0.1 +- name: C3 + cmds: + - cmd: ip addr add 10.1.0.2/24 dev net0 + - cmd: ip route add default via 10.1.0.1 + +- name: C2 + cmds: + - cmd: ip addr add 10.2.0.2/24 dev net0 + - cmd: ip route add default via 10.2.0.1 +- name: C4 + cmds: + - cmd: ip addr add 10.2.0.2/24 dev net0 + - cmd: ip route add default via 10.2.0.1 + +- name: C0 + cmds: + - cmd: ip addr add 10.2.0.2/24 dev net0 + - cmd: ip route add default via 10.2.0.1 From 5d6d25c9f318b97a1cbd0821a7a7c06405ba02ac Mon Sep 17 00:00:00 2001 From: Hiroki Shirokura Date: Sat, 12 Sep 2020 21:09:07 +0900 Subject: [PATCH 6/6] examples: update basic_ipip/simple Signed-off-by: Hiroki Shirokura --- examples/basic_ipip/simple/spec.yaml | 68 +++++++++++++--------------- 1 file changed, 32 insertions(+), 36 deletions(-) diff --git a/examples/basic_ipip/simple/spec.yaml b/examples/basic_ipip/simple/spec.yaml index ea5fb71..e6d72b2 100644 --- a/examples/basic_ipip/simple/spec.yaml +++ b/examples/basic_ipip/simple/spec.yaml @@ -1,39 +1,35 @@ - -meta: - namespace: ns_ - +--- nodes: - - name: R1 - image: slankdev/frr:centos-7-stable-7.0 - interfaces: - - { name: net0, type: direct, args: R2#net0 } - - name: R2 - image: slankdev/frr:centos-7-stable-7.0 - interfaces: - - { name: net0, type: direct, args: R1#net0 } - - { name: net1, type: direct, args: R3#net0 } - - name: R3 - image: slankdev/frr:centos-7-stable-7.0 - interfaces: - - { name: net0, type: direct, args: R2#net1 } +- name: R1 + image: slankdev/ubuntu:18.04 + interfaces: + - { name: net0, type: direct, args: R2#net0 } +- name: R2 + image: slankdev/ubuntu:18.04 + interfaces: + - { name: net0, type: direct, args: R1#net0 } + - { name: net1, type: direct, args: R3#net0 } +- name: R3 + image: slankdev/ubuntu:18.04 + interfaces: + - { name: net0, type: direct, args: R2#net1 } node_configs: - - name: R1 - cmds: - - cmd: ip addr add 10.0.0.1/24 dev net0 - - cmd: ip route add default via 10.0.0.2 - - cmd: ip tunnel add tun0 mode ipip remote 10.1.0.2 local 10.0.0.1 dev net0 - - cmd: ip addr add 1.1.1.1 peer 1.1.1.2 dev tun0 - - cmd: ip link set tun0 up - - name: R2 - cmds: - - cmd: ip addr add 10.0.0.2/24 dev net0 - - cmd: ip addr add 10.1.0.1/24 dev net1 - - name: R3 - cmds: - - cmd: ip addr add 10.1.0.2/24 dev net0 - - cmd: ip route add default via 10.1.0.1 - - cmd: ip tunnel add tun0 mode ipip remote 10.0.0.1 local 10.1.0.2 dev net0 - - cmd: ip addr add 1.1.1.2 peer 1.1.1.1 dev tun0 - - cmd: ip link set tun0 up - +- name: R1 + cmds: + - cmd: ip addr add 10.0.0.1/24 dev net0 + - cmd: ip route add default via 10.0.0.2 + - cmd: ip tunnel add tun0 mode ipip remote 10.1.0.2 local 10.0.0.1 dev net0 + - cmd: ip addr add 1.1.1.1 peer 1.1.1.2 dev tun0 + - cmd: ip link set tun0 up +- name: R2 + cmds: + - cmd: ip addr add 10.0.0.2/24 dev net0 + - cmd: ip addr add 10.1.0.1/24 dev net1 +- name: R3 + cmds: + - cmd: ip addr add 10.1.0.2/24 dev net0 + - cmd: ip route add default via 10.1.0.1 + - cmd: ip tunnel add tun0 mode ipip remote 10.0.0.1 local 10.1.0.2 dev net0 + - cmd: ip addr add 1.1.1.2 peer 1.1.1.1 dev tun0 + - cmd: ip link set tun0 up