This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
how_route_lacnic_ipv4_block_with_oneprovider [2018/02/09 13:43] admin |
how_route_lacnic_ipv4_block_with_oneprovider [2019/05/31 00:40] (current) admin |
||
---|---|---|---|
Line 1: | Line 1: | ||
You need **have public IPv4** for the tunnel type in this howto. **One server with BGP session options** and talk to oneprovider to enable the option (it's not free, the price is on demand, here +50€/month). | You need **have public IPv4** for the tunnel type in this howto. **One server with BGP session options** and talk to oneprovider to enable the option (it's not free, the price is on demand, here +50€/month). | ||
- | Our ASN for the exemple is ASN 266671, announced route is: 45.225.75.0/24, oneprovider ASN is 61272 | + | Our ASN for the exemple is ASN 266671, announced route is: 45.225.75.0/24, oneprovider ASN is 9009 |
Here we use limited MTU to work over PPP (GPON) | Here we use limited MTU to work over PPP (GPON) | ||
+ | |||
+ | PS: 00:22:4d:a4:3b:51 from I receive my trafic (MITAC INTERNATIONAL CORP.) | ||
== Please add a route object from your LACNIC account pointing your range to your ASN 266671. == | == Please add a route object from your LACNIC account pointing your range to your ASN 266671. == | ||
Line 10: | Line 12: | ||
{{:lacnic-2.png?direct|}} | {{:lacnic-2.png?direct|}} | ||
- | == /etc/quagga/zebra.conf == | + | == /etc/bird/bird6.conf == |
- | ! | + | router id 37.120.157.227; |
- | ! Zebra configuration saved from vty | + | |
- | ! 2017/12/17 00:41:25 | + | protocol bgp ONEPROVIDER |
- | ! | + | { |
- | hostname XXXX | + | local as 266671; |
- | password XXXXXXXX | + | source address 2A0D:5600:X:2; |
- | log file /var/log/bgpd.log | + | import none; |
- | log stdout | + | export all; |
- | ! | + | graceful restart on; |
- | line vty | + | multihop 2; |
- | ! | + | neighbor 2A0D:5600:X::1 as 9009; |
+ | } | ||
+ | |||
+ | protocol static | ||
+ | { | ||
+ | route 2803:1920::/32 via 2A0D:5600:X::2; | ||
+ | } | ||
+ | |||
+ | protocol device | ||
+ | { | ||
+ | scan time 5; | ||
+ | } | ||
+ | |||
+ | == /etc/bird/bird.conf == | ||
+ | router id 185.64.105.21; | ||
+ | |||
+ | protocol bgp ONEPROVIDER | ||
+ | { | ||
+ | local as 266671; | ||
+ | source address 185.64.105.21; | ||
+ | import none; | ||
+ | export all; | ||
+ | graceful restart on; | ||
+ | multihop 2; | ||
+ | neighbor 185.64.105.1 as 9009; | ||
+ | } | ||
+ | |||
+ | protocol static | ||
+ | { | ||
+ | route 45.225.75.0/24 via 185.64.105.21; | ||
+ | } | ||
+ | |||
+ | protocol device | ||
+ | { | ||
+ | scan time 5; | ||
+ | } | ||
+ | |||
+ | == should show == | ||
+ | bird> show proto all | ||
+ | name proto table state since info | ||
+ | ONEPROVIDER BGP master up 14:14:14 Established | ||
+ | Preference: 100 | ||
+ | Input filter: REJECT | ||
+ | Output filter: ACCEPT | ||
+ | Routes: 0 imported, 1 exported, 0 preferred | ||
+ | Route change stats: received rejected filtered ignored accepted | ||
+ | Import updates: 2 0 2 0 0 | ||
+ | Import withdraws: 0 0 --- 2 0 | ||
+ | Export updates: 1 0 0 --- 1 | ||
+ | Export withdraws: 0 --- --- --- 0 | ||
+ | BGP state: Established | ||
+ | Neighbor address: 185.64.105.1 | ||
+ | Neighbor AS: 9009 | ||
+ | Neighbor ID: 91.216.163.254 | ||
+ | Neighbor caps: refresh restart-aware AS4 | ||
+ | Session: external multihop AS4 | ||
+ | Source address: 185.64.105.21 | ||
+ | Hold timer: 155/240 | ||
+ | Keepalive timer: 52/80 | ||
+ | |||
+ | static1 Static master up 14:13:47 | ||
+ | Preference: 200 | ||
+ | Input filter: ACCEPT | ||
+ | Output filter: REJECT | ||
+ | Routes: 1 imported, 0 exported, 1 preferred | ||
+ | Route change stats: received rejected filtered ignored accepted | ||
+ | Import updates: 1 0 0 0 1 | ||
+ | Import withdraws: 0 0 --- 0 0 | ||
+ | Export updates: 0 0 0 --- 0 | ||
+ | Export withdraws: 0 --- --- --- 0 | ||
+ | |||
+ | device1 Device master up 14:13:47 | ||
+ | Preference: 240 | ||
+ | Input filter: ACCEPT | ||
+ | Output filter: REJECT | ||
+ | Routes: 0 imported, 0 exported, 0 preferred | ||
== /etc/quagga/bgpd.conf == | == /etc/quagga/bgpd.conf == | ||
! | ! | ||
- | ! Zebra configuration saved from vty | + | hostname hades |
- | ! 2017/12/17 00:41:25 | + | password Ddnv6ovqSEwtdiL9q89KKAmV |
- | ! | + | |
- | hostname XXXXXXXXXXXX | + | |
- | password XXXXXXXXXXXX | + | |
log file /var/log/bgpd.log | log file /var/log/bgpd.log | ||
log stdout | log stdout | ||
! | ! | ||
router bgp 266671 | router bgp 266671 | ||
- | bgp router-id 185.64.105.21 | + | bgp router-id 37.120.157.Z |
- | neighbor 185.64.105.1 remote-as 61272 | + | neighbor 37.120.157.Y remote-as 9009 |
+ | neighbor 2A0D:5600:X::1 remote-as 9009 | ||
! | ! | ||
+ | address-family ipv6 | ||
+ | network 2803:1920::/32 | ||
+ | neighbor 2A0D:5600:X::1 activate | ||
+ | exit-address-family | ||
+ | address-family ipv4 | ||
network 45.225.75.0/24 | network 45.225.75.0/24 | ||
- | neighbor 185.64.105.1 activate | + | neighbor 37.120.157.Y activate |
+ | exit-address-family | ||
exit | exit | ||
! | ! | ||
line vty | line vty | ||
! | ! | ||
+ | |||
+ | == /etc/network/interfaces == | ||
+ | source /etc/network/interfaces.d/* | ||
| | ||
- | == command == | + | # The loopback network interface |
- | echo '' > /var/log/bgpd.log | + | auto lo |
- | mkdir -p /run/quagga | + | iface lo inet loopback |
- | chown quagga.quagga /run/quagga /var/log/bgpd.log | + | |
- | /usr/sbin/zebra --daemon -A 127.0.0.1 -g quagga -u quagga -f /etc/quagga/zebra.conf | + | # The primary network interface |
- | sleep 20 | + | allow-hotplug eth0 |
- | /usr/sbin/bgpd --daemon -A 127.0.0.1 -g quagga -u quagga -f /etc/quagga/bgpd.conf | + | iface eth0 inet static |
- | + | address 185.64.105.21/24 | |
- | == check BGP == | + | gateway 185.64.105.1 |
- | * vtysh | + | # dns-* options are implemented by the resolvconf package, if installed |
- | * show ip bgp summary | + | dns-nameservers 91.216.163.2 91.216.163.3 |
- | * Should show: | + | dns-search op-net.com |
- | + | ||
- | BGP router identifier 185.64.105.21, local AS number 266671 | + | #router gateway |
- | RIB entries 4, using 448 bytes of memory | + | |
- | Peers 1, using 9088 bytes of memory | + | auto eth0:0 |
- | Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd | + | iface eth0:0 inet static |
- | 185.64.105.1 4 61272 8 9 0 0 0 00:04:22 2 | + | address 45.225.75.1 |
- | Total number of neighbors 1 | + | netmask 255.255.255.255 |
+ | |||
+ | ## Ipv6 configuration | ||
+ | iface eth0 inet6 static | ||
+ | address 2a04:2180:0:2::12b | ||
+ | netmask 64 | ||
+ | gateway 2a04:2180:0:2::1 | ||
+ | dns-nameservers 2a04:2180::101:53 2a04:2180::102:53 | ||
== Setup the tunnel from oneprovider to confiared == | == Setup the tunnel from oneprovider to confiared == | ||
Line 68: | Line 159: | ||
/sbin/modprobe ipip | /sbin/modprobe ipip | ||
/sbin/ip tu ad confiared mode ipip local 185.64.105.21 remote 190.186.245.10 ttl 64 dev eth0 | /sbin/ip tu ad confiared mode ipip local 185.64.105.21 remote 190.186.245.10 ttl 64 dev eth0 | ||
- | /sbin/ip ad ad dev confiared 10.0.0.1 peer 10.0.0.2/32 | + | /sbin/ip ad ad dev confiared 10.0.0.1 peer 45.225.75.2/32 |
/sbin/ip li se dev confiared up | /sbin/ip li se dev confiared up | ||
/sbin/ip link set dev confiared mtu 1280 | /sbin/ip link set dev confiared mtu 1280 | ||
- | /bin/ping 10.0.0.2 & | + | /bin/ping 45.225.75.2 & |
- | /sbin/ip ro ad 45.225.75.0/24 via 10.0.0.2 | + | /sbin/ip ro ad 45.225.75.0/24 via 45.225.75.2 |
| | ||
== service script == | == service script == | ||
- | #! /bin/sh | + | #! /bin/sh |
- | ### BEGIN INIT INFO | + | ### BEGIN INIT INFO |
- | # Provides: uptunnel | + | # Provides: uptunnel |
- | # Required-Start: $remote_fs $time | + | # Required-Start: $remote_fs $time |
- | # Required-Stop: umountnfs $time | + | # Required-Stop: umountnfs $time |
- | # X-Stop-After: sendsigs | + | # X-Stop-After: sendsigs |
- | # Default-Start: 2 3 4 5 | + | # Default-Start: 2 3 4 5 |
- | # Default-Stop: 0 1 6 | + | # Default-Stop: 0 1 6 |
- | # Short-Description: up tunnel | + | # Short-Description: up tunnel |
- | # Description: up tunnel | + | # Description: up tunnel |
- | ## END INIT INFO | + | ## END INIT INFO |
+ | |||
+ | # | ||
+ | # Author: BRULE Herman Jacques Roger <alpha_one_x86@first-world.info> | ||
+ | # | ||
+ | |||
+ | # PATH should only include /usr/* if it runs after the mountnfs.sh script | ||
+ | PATH=/sbin:/usr/sbin:/bin:/usr/bin | ||
+ | DESC="up tunnel" | ||
+ | NAME=uptunnel | ||
+ | |||
+ | uptunnel=uptunnel | ||
+ | DAEMON=/root/up-tunnel.sh | ||
+ | PIDFILE=/var/run/uptunnel.pid | ||
+ | |||
+ | SCRIPTNAME=/etc/init.d/$NAME | ||
- | # | + | # Define LSB log_* functions. |
- | # Author: BRULE Herman Jacques Roger <alpha_one_x86@first-world.info> | + | . /lib/lsb/init-functions |
- | # | + | |
- | + | case "$1" in | |
- | # PATH should only include /usr/* if it runs after the mountnfs.sh script | + | start) |
- | PATH=/sbin:/usr/sbin:/bin:/usr/bin | + | log_daemon_msg "Starting $DESC" "$uptunnel" |
- | DESC="up tunnel" | + | start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON |
- | NAME=uptunnel | + | |
- | + | ;; | |
- | uptunnel=uptunnel | + | stop) |
- | DAEMON=/root/up-tunnel.sh | + | log_daemon_msg "Stopping $DESC" "$uptunnel" |
- | PIDFILE=/var/run/uptunnel.pid | + | start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON |
- | + | ||
- | SCRIPTNAME=/etc/init.d/$NAME | + | ;; |
- | + | restart|force-reload) | |
- | # Define LSB log_* functions. | + | $0 stop |
- | . /lib/lsb/init-functions | + | $0 start |
- | + | ;; | |
- | case "$1" in | + | try-restart) |
- | start) | + | $0 status >/dev/null 2>&1 && $0 restart |
- | log_daemon_msg "Starting $DESC" "$uptunnel" | + | ;; |
- | start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON | + | status) |
- | + | status_of_proc -p $PIDFILE $DAEMON $uptunnel && exit 0 || exit $? | |
- | ;; | + | ;; |
- | stop) | + | *) |
- | log_daemon_msg "Stopping $DESC" "$uptunnel" | + | echo "Usage: $SCRIPTNAME {start|stop|rotate|restart|force-reload|try-restart|status}" >&2 |
- | start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON | + | exit 3 |
- | + | ;; | |
- | ;; | + | esac |
- | restart|force-reload) | + | |
- | $0 stop | + | : |
- | $0 start | + | |
- | ;; | + | |
- | try-restart) | + | |
- | $0 status >/dev/null 2>&1 && $0 restart | + | |
- | ;; | + | |
- | status) | + | |
- | status_of_proc -p $PIDFILE $DAEMON $uptunnel && exit 0 || exit $? | + | |
- | ;; | + | |
- | *) | + | |
- | echo "Usage: $SCRIPTNAME {start|stop|rotate|restart|force-reload|try-restart|status}" >&2 | + | |
- | exit 3 | + | |
- | ;; | + | |
- | esac | + | |
- | + | ||
- | : | + | |
== Setup the tunnel from confiared to oneprovider == | == Setup the tunnel from confiared to oneprovider == | ||
+ | |||
+ | Add into /etc/iproute2/rt_tables: 200 confiared | ||
/sbin/modprobe ipip | /sbin/modprobe ipip | ||
- | /sbin/ip tu ad oneprovider mode ipip local 190.186.245.10 remote 185.64.105.21 ttl 64 dev eth0 | + | /bin/ip tu ad oneprovider mode ipip local 190.186.245.10 remote 185.64.105.21 ttl 64 dev eth0 |
- | /sbin/ip ad ad dev oneprovider 10.0.0.2 peer 10.0.0.1/32 | + | /bin/ip ad ad dev oneprovider 45.225.75.2 peer 10.0.0.1/32 |
- | /sbin/ip li se dev oneprovider up | + | /bin/ip li se dev oneprovider up |
- | /sbin/ip link set dev oneprovider mtu 1280 | + | /bin/ip link set dev oneprovider mtu 1280 |
/bin/ping 10.0.0.1 & | /bin/ping 10.0.0.1 & | ||
# real ISP | # real ISP | ||
- | /sbin/ip ro ad 185.64.105.21/32 via ISPIPv4Gateway | + | /bin/ip ro ad 185.64.105.21/32 via ISPIPv4Gateway |
+ | # return gateway | ||
+ | /bin/ip rule add from 45.225.75.0/24 table confiared | ||
+ | /bin/ip route add default via 10.0.0.1 dev oneprovider table confiared | ||
+ | /bin/ip route add 172.20.0.0/16 dev eth0 table confiared | ||
+ | | ||
== Registring to RIPE == | == Registring to RIPE == |