How to train your L3DSR with PBR - MEMO -
•
6 likes•1,807 views
How to train your L3DSR with PBR - MEMO - 10-Nov-2015 SAKURA Internet Research Center. Senior Researcher / Naoto MATSUMOTO
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (14)
Similar to How to train your L3DSR with PBR - MEMO -
Similar to How to train your L3DSR with PBR - MEMO - (20)
More from Naoto MATSUMOTO
More from Naoto MATSUMOTO (20)
Recently uploaded
Recently uploaded (20)
How to train your L3DSR with PBR - MEMO -
- 1. 10-Nov-2015 SAKURA Internet Research Center. Senior Researcher / Naoto MATSUMOTO
- 2. VRRP/PBR Config on vRouter 1) VRRP Config (Brocade vRouter 5600 3.5 R6 /2015) $ configure # set interfaces dataplane dp0p224p1 vrrp vrrp-group 10 virtual-address Q.Q.Q.Q **(VRRP VIP) # set interfaces dataplane dp0p224p1 vrrp vrrp-group 10 rfc-compatibility : # commit # save 2) PBR (Policy Base Routing) Config (..3.5 R6 /2015) $ configure # set policy route pbr L3DSR rule 1 source address X.X.X.X/24 **(CIDR_BLK) # set protocols static table 1 route 0.0.0.0/0 next-hop V.V.V.1 **(Linux / UCARP VIP) # set policy route pbr L3DSR rule 1 destination address A.A.A.A **(Linux / loopback) # set policy route pbr SRC-IP-L3DSR rule 1 table 1 # set policy route pbr SRC-IP-L3DSR rule 1 address-family ipv4 # set policy route pbr SRC-IP-L3DSR rule 1 protocol tcp # set policy route pbr SRC-IP-L3DSR rule 1 action accept # set interfaces dataplane dp0p224p1 policy route L3DSR : # commit # save SOURCE: SAKURA Internet Research Center. 11/2015 vRouter vRouter Linux Linux TCP/UDP CIDR_BLK CIDR_BLK VRRP UCARP PBR L3DSR loopback Q.Q.Q.Q (VIP) V.V.V.1 (VIP) X.X.X.X/24 A.A.A.A (lo:0)
- 3. UCARP/L3DSR Config on Linux 3) UCARP Config (CentOS 7.1/x86_64) # systemctl disable firewalld; systemctl stop firewalld # yum install -y epel-release; yum install -y ucarp #echo <<EOF > /etc/ucarp/vip-common.conf PASSWORD="SeCrEt" BIND_INTERFACE="eth0" SOURCE_ADDRESS="V.V.V.66" OPTIONS="--shutdown --preempt --deadratio=3" EOF # echo <<EOF> /etc/ucarp/vip-99.conf VIP_ADDRESS="V.V.V.1" EOF # systemctl enable ucarp@vip-99; systemctl start ucarp@vip-99 4) L3DSR Config (CentOS 7.1/x86_64) # echo <<EOF>> /etc/sysctl.conf net.ipv4.ip_forwarding = 1 net.ipv4.conf.all.arp_announce = 2 net.ipv4.conf.all.arp_ignore = 1 EOF # sysctl -p # echo <<EOF > /etc/sysconfig/network-scripts/ifcfg-lo:0 DEVICE=lo:0 IPADDR=A.A.A.A NETMASK=255.255.255.255 ONBOOT=yes EOF # service network restart SOURCE: SAKURA Internet Research Center. 11/2015 vRouter vRouter Linux Linux TCP/UDP CIDR_BLK CIDR_BLK VRRP UCARP PBR L3DSR loopback Q.Q.Q.Q (VIP) V.V.V.1 (VIP) X.X.X.X/24 A.A.A.A (lo:0)
- 4. Scale Out scenario SOURCE: SAKURA Internet Research Center. 11/2015 vRouter vRouter TCP/UDP CIDR_BLK CIDR_BLK VRRP PBR Linux Linux UCARP L3DSR loopback CIDR_BLK CIDR_BLK CIDR_BLK CIDR_BLK CIDR_BLK CIDR_BLK Linux Linux UCARP L3DSR loopback Linux Linux UCARP L3DSR loopback Linux Linux UCARP L3DSR loopback