Stephen Hemminger, profile picture
Uploaded byStephen Hemminger
ODP, PDF1,468 views

Integrating Linux routing with FusionCLI™

Herding networking cats: Integrating Linux routing with FusionCLITM Vyatta provides an open source routing platform built on Debian GNU/Linux and the Linux kernel. It uses FusionCLITM to provide a consistent CLI for network configuration and management. Vyatta supports quality of service configuration using Linux traffic control tools like fair queueing and traffic shaping policies. While the CLI is integrated with the operating system, some issues remain in fully integrating Vyatta configurations with underlying Linux management. Future work includes adding richer features, a graphical user interface, and improving performance.

Embed presentation

Downloaded 34 times
Herding networking cats: Integrating Linux routing with FusionCLI™ Stephen Hemminger shemminger@vyatta.com
Outline Introduction FusionCLI™ QoS configuration Issues
My background OSDL – Linux Foundation Linux 2.5 network infrastructure → bridging TCP congestion control → netem → iproute Network performance → Marvell replacement drivers Vyatta Kernel performance Quality Of Service support
Vyatta versions http://vyatta.org http://vyatta.com Free download Subscription livecd Update 2x year Update 4x year Community forums Software or Hardware Phone and Email Support Same source and features
Vyatta Distribution Debian GNU/Linux Current version based on testing → lenny Linux kernel 2.6.24 + bugfix Filesystems: unionfs, squashfs Serial driver: wanpipe Additional packages CLI infrastructure Configuration templates Updated routing related packages Quagga, SNMP, SNORT, ...
Linux cats
CLI Requirements Router look & feel Command completion Roles: Administrator, operator Configure mode Extensible Text based Language neutral Integrated with operating system
Vyatta Proprietary Open System System Monolithic SW Graphical User Interface Network Apps FusionCLITM Internet Protocols WAN Optimization Open API Load Balancing Scalable Routing NW Functions Security Extensible Internet Protocols DHCP, NAT, Radius… Firewall, VPN Anti-X PBX Linux Kernel IDS Unique HW Massive open-source Standard HW ecosystem…
CLI architecture
Demo 1: Basic interface $ show interfaces  Interface    IP Address         State       Link   Description eth0         192.168.111.132/24 up          up eth1         ­                  up          up  lo           127.0.0.1/8        up          up   lo           ::1/128            up          up $ show interfaces et<tab>hernet <tab>    detail  eth0    eth1     $ show interfaces ethernet eth0  eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast  state UNKNOWN qlen 1000     link/ether 00:0c:29:f6:20:9e brd ff:ff:ff:ff:ff:ff     inet 192.168.111.132/24 brd 192.168.111.255 scope global eth0     inet6 fe80::20c:29ff:fef6:209e/64 scope link         valid_lft forever preferred_lft forever ...
Template hierarchy /opt/vyatta/share/vyatta­op/templates/show/interfaces/ethernet |­­ detail |   `­­ node.def |­­ node.def `­­ node.tag     |­­ brief     |   `­­ node.def     |­­ capture     |   |­­ node.def     |   |­­ not     |   |   |­­ node.def     |   |   `­­ port     |   |       |­­ node.def     |   |       `­­ node.tag     |   |           `­­ node.def     |   `­­ port     |       |­­ node.def     |       `­­ node.tag     |           `­­ node.def     |­­ identify     |   `­­ node.def     |­­ node.def     |­­ physical     |   `­­ node.def
Operational template show/interfaces/ethernet/node.tag/node.def help: Show specified ethernet interface information allowed: for dev in /sys/class/net/*;           do if [[ ­L $dev/device ]]             then if [[ $(cat $dev/type) ­eq 1 ]]                  then echo ­n ${dev##*/} " "                  fi             fi          done run: vyatta­show­interfaces.pl ­­intf="$4"
Demo 2: Configuration $ configure [edit] # set interfaces ethernet eth0 description 'Vmware NAT' [edit] # show interfaces ethernet eth0  address dhcp +description "Vmware NAT"  hw­id 00:0c:29:f6:20:9e [edit] # mount ... unionfs on /opt/vyatta/config/tmp/new_config_5035 type unionfs     (rw,dirs=/tmp/changes_only_5035=rw:/opt/vyatta/config/active=r o) [edit] vyatta@vc3­1­3# commit
Configuration templates multi: type: txt help: Set an IP address for this interface syntax:expression: exec "/opt/vyatta/sbin/vyatta­interfaces.pl      ­­valid­addr $VAR(@) ­­dev $VAR(../@)"     ; "Invalid IP address/prefix [$VAR(@)] for interface $VAR(../@)" update: /opt/vyatta/sbin/vyatta­interfaces.pl     ­­eth­addr­update $VAR(@) ­­dev $VAR(../@) delete: /opt/vyatta/sbin/vyatta­interfaces.pl      ­­eth­addr­delete $VAR(@) ­­dev $VAR(../@) allowed: echo "dhcp <>" comp_help:Possible completions:   <x.x.x.x/x> Set the IP address and prefix length   <h:h:h:h:h:h:h:h/x>   Set the IPv6 address and prefix length   dhcp Set the IP address and prefix length via DHCP
Configuration save restore interfaces {     ethernet eth0 {         address dhcp         duplex auto         hw­id 00:0c:29:f6:20:9e         speed auto     }     loopback lo {     } } service {     ssh {         port 22         protocol­version v2     } }
Quality of Service (QoS) usage models Real time services VOIP Network control plane BGP, OSPF, STP Fairness Throttle batch services P2P, backup,
Vyatta QoS Organized by policy types Fair queue => sfq Traffic shaper => htb Drop tail => fifo Rate limiter => tbf Traffic limiter => ingress ...
fair-queue # set qos­policy fair­queue fq [edit] # set interfaces ethernet eth0 qos­policy out fq [edit] # commit [edit] # run show queueing    Output queues: Interface  Qos­Policy             Sent    Dropped   Overlimit eth0       fair­queue             4578          0          0 eth1       default                 468          0          0
fair-queue template set/qos-policy/fair-queue/node.def tag: type: txt help: Set fair queueing policy syntax:expression: pattern $VAR(@) "^[[:alnum:]][­_[:alnum:]]*$"                    ; "only alpha­numeric policy name allowed" update: /opt/vyatta/sbin/vyatta­qos.pl ­­create­policy "$VAR(.)"  "$VAR(@)" delete: /opt/vyatta/sbin/vyatta­qos.pl ­­delete­policy "$VAR(@)"
Qos on Ethernet Interface set/interfaces/ethernet/node.tag/qos-policy/out/node.def type: txt help: Set outbound QOS policy for specified ethernet interface allowed: /opt/vyatta/sbin/vyatta­qos.pl ­­list­policy update: /opt/vyatta/sbin/vyatta­qos.pl  ­­update­interface $VAR(../../@) $VAR(.) $VAR(@) delete: /opt/vyatta/sbin/vyatta­qos.pl  ­­delete­interface $VAR(../../@) $VAR(.)
Internals - perl code sub update_interface {     my ($interface, $direction, $name ) = @_;     my $config = new VyattaConfig;     ( $direction eq "out" ) or die "Only out direction  supported";     $config­>setLevel('qos­policy');     foreach my $type ( $config­>listNodes() ) {         if ( $config­>exists("$type $name") ) {           my $shaper = make_policy($config, $type, $name);           delete_interface($interface, $direction);           open my $out, "|­" or exec qw:sudo /sbin/tc ­batch ­:;           $shaper­>commands($out, $interface);           if (! close $out) {               delete_interface($interface, $direction);           }     }     die "Unknown qos­policy $namen"; }
QoS traffic-shaper # edit qos­policy traffic­shaper lartc [edit qos­policy traffic­shaper lartc] # set class 2 bandwidth 100% [edit qos­policy traffic­shaper lartc] # set class 2 match www ip destination port 80 [edit qos­policy traffic­shaper lartc] # set class 3 bandwidth 3mbit [edit qos­policy traffic­shaper lartc] # set class 3 ceiling 5mbit   [edit qos­policy traffic­shaper lartc] # set class 3 match smtp ip destination port 25 [edit qos­policy traffic­shaper lartc] # exit
Traffic-shaper continue [edit] # commit qos­policy traffic­shaper lartc configuration not complete: missing  default class Commit failed # set qos­policy traffic­shaper lartc default bandwidth 1 [edit] # commit [edit] # set interfaces ethernet eth0 qos­policy out
Result # run show queueing ethernet eth0          eth0 Output queue: Class      Qos­Policy             Sent    Dropped   Overlimit 1:        traffic­shaper        11438          0          0   4       fair­queue            11438          0          0   2       fair­queue                0          0          0   3       fair­queue                0          0          0 [edit]
Issues Developer documentation Linux Kongress paper Watch this space Vyatta ↔ Linux management Vyatta config ignores other changes CLI stays loosely coupled Vyatta package changes Every distribution is a fork All changes are fed to upstream
SPC-FLOSS: orphaned projects Users want support for orphaned projects Multicast routing MPLS RSTP IPV6
Future Richer features QoS+, bonding, … GUI Multi-queue Performance

More Related Content

PDF
Performance challenges in software networking
byStephen Hemminger
 
PPTX
Packet Framework - Cristian Dumitrescu
byharryvanhaaren
 
ODP
Dpdk performance
byStephen Hemminger
 
PDF
Userspace networking
byStephen Hemminger
 
ODP
Virtual net performance
byStephen Hemminger
 
PDF
Recent advance in netmap/VALE(mSwitch)
bymicchie
 
PDF
How to Speak Intel DPDK KNI for Web Services.
byNaoto MATSUMOTO
 
PDF
DPDK in Containers Hands-on Lab
byMichelle Holley
 
Performance challenges in software networking
byStephen Hemminger
 
Packet Framework - Cristian Dumitrescu
byharryvanhaaren
 
Dpdk performance
byStephen Hemminger
 
Userspace networking
byStephen Hemminger
 
Virtual net performance
byStephen Hemminger
 
Recent advance in netmap/VALE(mSwitch)
bymicchie
 
How to Speak Intel DPDK KNI for Web Services.
byNaoto MATSUMOTO
 
DPDK in Containers Hands-on Lab
byMichelle Holley
 

What's hot

PDF
DPDK Summit 2015 - HP - Al Sanders
byJim St. Leger
 
PPTX
High Performance Networking Leveraging the DPDK and Growing Community
by6WIND
 
PDF
mSwitch: A Highly-Scalable, Modular Software Switch
bymicchie
 
PDF
100 M pps on PC.
byRedge Technologies
 
PPTX
Introduction to DPDK
byKernel TLV
 
PPTX
DPDK KNI interface
byDenys Haryachyy
 
PDF
Intel DPDK Step by Step instructions
byHisaki Ohara
 
PDF
Accelerate Service Function Chaining Vertical Solution with DPDK
byOPNFV
 
PDF
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...
byJim St. Leger
 
PPTX
Enable DPDK and SR-IOV for containerized virtual network functions with zun
byheut2008
 
PPSX
FD.io Vector Packet Processing (VPP)
byKirill Tsym
 
PPTX
The n00bs guide to ovs dpdk
bymarkdgray
 
PDF
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
byJim St. Leger
 
PPTX
Accelerating Neutron with Intel DPDK
byAlexander Shalimov
 
PPTX
TRex Realistic Traffic Generator - Stateless support
byHanoch Haim
 
PDF
DPDK Summit 2015 - RIFT.io - Tim Mortsolf
byJim St. Leger
 
PDF
VLANs in the Linux Kernel
byKernel TLV
 
PDF
PASTE: Network Stacks Must Integrate with NVMM Abstractions
bymicchie
 
PPTX
DPDK summit 2015: It's kind of fun to do the impossible with DPDK
byLagopus SDN/OpenFlow switch
 
PDF
Lagopus presentation on 14th Annual ON*VECTOR International Photonics Workshop
byLagopus SDN/OpenFlow switch
 
DPDK Summit 2015 - HP - Al Sanders
byJim St. Leger
 
High Performance Networking Leveraging the DPDK and Growing Community
by6WIND
 
mSwitch: A Highly-Scalable, Modular Software Switch
bymicchie
 
100 M pps on PC.
byRedge Technologies
 
Introduction to DPDK
byKernel TLV
 
DPDK KNI interface
byDenys Haryachyy
 
Intel DPDK Step by Step instructions
byHisaki Ohara
 
Accelerate Service Function Chaining Vertical Solution with DPDK
byOPNFV
 
DPDK Summit - 08 Sept 2014 - Futurewei - Jun Xu - Revisit the IP Stack in Lin...
byJim St. Leger
 
Enable DPDK and SR-IOV for containerized virtual network functions with zun
byheut2008
 
FD.io Vector Packet Processing (VPP)
byKirill Tsym
 
The n00bs guide to ovs dpdk
bymarkdgray
 
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
byJim St. Leger
 
Accelerating Neutron with Intel DPDK
byAlexander Shalimov
 
TRex Realistic Traffic Generator - Stateless support
byHanoch Haim
 
DPDK Summit 2015 - RIFT.io - Tim Mortsolf
byJim St. Leger
 
VLANs in the Linux Kernel
byKernel TLV
 
PASTE: Network Stacks Must Integrate with NVMM Abstractions
bymicchie
 
DPDK summit 2015: It's kind of fun to do the impossible with DPDK
byLagopus SDN/OpenFlow switch
 
Lagopus presentation on 14th Annual ON*VECTOR International Photonics Workshop
byLagopus SDN/OpenFlow switch
 

Viewers also liked

PDF
6 networking
byricharddxd
 
PPT
Linux Based DiffServ. Router
byTarek Amr
 
PPT
Lession3 Routing
byleminhvuong
 
PPT
Linux Based Advanced Routing with Firewall and Traffic Control
bysandy_vasan
 
PPTX
Linux routing and firewall for beginners
byn|u - The Open Security Community
 
PPTX
Linux – routing and firewall for beginners v 1.0
bySriram Narayanan
 
PDF
Linux router
byMiguel E Arellano Quezada
 
6 networking
byricharddxd
 
Linux Based DiffServ. Router
byTarek Amr
 
Lession3 Routing
byleminhvuong
 
Linux Based Advanced Routing with Firewall and Traffic Control
bysandy_vasan
 
Linux routing and firewall for beginners
byn|u - The Open Security Community
 
Linux – routing and firewall for beginners v 1.0
bySriram Narayanan
 
Linux router
byMiguel E Arellano Quezada
 

Similar to Integrating Linux routing with FusionCLI™

PPTX
The Potential Impact of Software Defined Networking SDN on Security
byBrent Salisbury
 
PDF
Server-side Intelligent Switching using vyatta
byNaoto MATSUMOTO
 
PDF
Network Virtualization with quantum
byopenstackindia
 
PPT
Training Day Slides
byadam_merritt
 
PDF
CCNA Syllabus pdf
byHub4Tech.com
 
PDF
Linux hpc-cluster-setup-guide
byjasembo
 
PDF
Network commands
byDr. Mahadev Gawas
 
PPT
CloudStack and SDN
bySebastien Goasguen
 
PDF
Networking is NOT Free: Lessons in Network Design
byRandy Bias
 
PPT
Scalable networking in Apache CloudStack
byChiradeep Vittal
 
PPTX
FlowER Erlang Openflow Controller
byHolger Winkelmann
 
PDF
Open Source Networking with Vyatta
byMatthew Turland
 
PPTX
Windows Server 8 Hyper V Networking
byAidan Finn
 
PPTX
14 network tools
byShay Cohen
 
PDF
Open stack advanced_part
bylilliput12
 
PDF
Tudor Damian - Hyper-V 3.0 overview
byITCamp
 
PDF
Hyper-V 3.0 Overview
byTudor Damian
 
PDF
Linux network tools (Maarten Blomme)
byAvansa Mid- en Zuidwest
 
PDF
Windows server 8 hyper v networking (aidan finn)
byhypervnu
 
PDF
IPv6 strategy for deployment at ETH Switzerland
bySwiss IPv6 Council
 
The Potential Impact of Software Defined Networking SDN on Security
byBrent Salisbury
 
Server-side Intelligent Switching using vyatta
byNaoto MATSUMOTO
 
Network Virtualization with quantum
byopenstackindia
 
Training Day Slides
byadam_merritt
 
CCNA Syllabus pdf
byHub4Tech.com
 
Linux hpc-cluster-setup-guide
byjasembo
 
Network commands
byDr. Mahadev Gawas
 
CloudStack and SDN
bySebastien Goasguen
 
Networking is NOT Free: Lessons in Network Design
byRandy Bias
 
Scalable networking in Apache CloudStack
byChiradeep Vittal
 
FlowER Erlang Openflow Controller
byHolger Winkelmann
 
Open Source Networking with Vyatta
byMatthew Turland
 
Windows Server 8 Hyper V Networking
byAidan Finn
 
14 network tools
byShay Cohen
 
Open stack advanced_part
bylilliput12
 
Tudor Damian - Hyper-V 3.0 overview
byITCamp
 
Hyper-V 3.0 Overview
byTudor Damian
 
Linux network tools (Maarten Blomme)
byAvansa Mid- en Zuidwest
 
Windows server 8 hyper v networking (aidan finn)
byhypervnu
 
IPv6 strategy for deployment at ETH Switzerland
bySwiss IPv6 Council
 

More from Stephen Hemminger

PDF
Staging driver sins
byStephen Hemminger
 
PDF
Netem -emulating real networks in the lab
byStephen Hemminger
 
PDF
Untold story
byStephen Hemminger
 
PDF
Llnw bufferbloat
byStephen Hemminger
 
ODP
Bufferbloat is alll Wet!
byStephen Hemminger
 
PDF
Linux Bridging: Teaching an old dog new tricks
byStephen Hemminger
 
PDF
Taking the Fear Out of Contributing
byStephen Hemminger
 
ODP
Virtual Network Performance Challenge
byStephen Hemminger
 
ODP
A Baker's dozen of TCP
byStephen Hemminger
 
ODP
Online tools
byStephen Hemminger
 
Staging driver sins
byStephen Hemminger
 
Netem -emulating real networks in the lab
byStephen Hemminger
 
Untold story
byStephen Hemminger
 
Llnw bufferbloat
byStephen Hemminger
 
Bufferbloat is alll Wet!
byStephen Hemminger
 
Linux Bridging: Teaching an old dog new tricks
byStephen Hemminger
 
Taking the Fear Out of Contributing
byStephen Hemminger
 
Virtual Network Performance Challenge
byStephen Hemminger
 
A Baker's dozen of TCP
byStephen Hemminger
 
Online tools
byStephen Hemminger
 

Recently uploaded

PDF
Higgsfield AI: The New Way to Create Cinematic Video
bytechnologyupside
 
PDF
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
PDF
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
PDF
Governing Agentic Enterprise - From Shadow AI to Autonomous Security.pdf
bysajjasridhar1990
 
PPTX
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
PPTX
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
PPTX
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
PPTX
Software Tools for penetration Testing (1).pptx
byAmosCheruiyot13
 
PPTX
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
PDF
Using Change Data Capture (CDC) to Ingest Data into Apache Kafka
byGiovanni Marigi
 
PDF
SAP WalkMe Overview.pdf SAP WalkMe Overview.pdf
byMurniatiSimbolon2
 
PDF
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
PDF
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
PDF
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Best Bank Statement Converter Software - A Documentation-Based Meta-Analysis ...
bylewisconrada
 
PDF
Louisville User Group: Transforming Technical Debt into Technical Wealth
byLynda Kane
 
PPTX
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
PPTX
Full course that Prymehat uploads for you version 2
byOhenebaManu1
 
PDF
Josh Chu Boston - An Innovative Technology Executive
byJosh Chu Boston
 
PPTX
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
Higgsfield AI: The New Way to Create Cinematic Video
bytechnologyupside
 
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
Governing Agentic Enterprise - From Shadow AI to Autonomous Security.pdf
bysajjasridhar1990
 
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
Design Flaws and Known Attacks in Agentic AI - ITI Business Session
byInformation Technology Institute
 
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
Software Tools for penetration Testing (1).pptx
byAmosCheruiyot13
 
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
Using Change Data Capture (CDC) to Ingest Data into Apache Kafka
byGiovanni Marigi
 
SAP WalkMe Overview.pdf SAP WalkMe Overview.pdf
byMurniatiSimbolon2
 
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
Best Bank Statement Converter Software - A Documentation-Based Meta-Analysis ...
bylewisconrada
 
Louisville User Group: Transforming Technical Debt into Technical Wealth
byLynda Kane
 
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
Full course that Prymehat uploads for you version 2
byOhenebaManu1
 
Josh Chu Boston - An Innovative Technology Executive
byJosh Chu Boston
 
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 

Integrating Linux routing with FusionCLI™

  • 1.
    Herding networking cats: IntegratingLinux routing with FusionCLI™ Stephen Hemminger shemminger@vyatta.com
  • 2.
    Outline Introduction FusionCLI™ QoS configuration Issues
  • 3.
    My background OSDL – Linux Foundation Linux 2.5 network infrastructure → bridging TCP congestion control → netem → iproute Network performance → Marvell replacement drivers Vyatta Kernel performance Quality Of Service support
  • 7.
    Vyatta versions http://vyatta.org http://vyatta.com Free download Subscription livecd Update 2x year Update 4x year Community forums Software or Hardware Phone and Email Support Same source and features
  • 8.
    Vyatta Distribution Debian GNU/Linux Current version based on testing → lenny Linux kernel 2.6.24 + bugfix Filesystems: unionfs, squashfs Serial driver: wanpipe Additional packages CLI infrastructure Configuration templates Updated routing related packages Quagga, SNMP, SNORT, ...
  • 10.
  • 11.
    CLI Requirements Router look & feel Command completion Roles: Administrator, operator Configure mode Extensible Text based Language neutral Integrated with operating system
  • 12.
    Vyatta Proprietary Open System System Monolithic SW Graphical User Interface Network Apps FusionCLITM Internet Protocols WAN Optimization Open API Load Balancing Scalable Routing NW Functions Security Extensible Internet Protocols DHCP, NAT, Radius… Firewall, VPN Anti-X PBX Linux Kernel IDS Unique HW Massive open-source Standard HW ecosystem…
  • 13.
  • 14.
    Demo 1: Basicinterface $ show interfaces  Interface    IP Address         State       Link   Description eth0         192.168.111.132/24 up          up eth1         ­                  up          up  lo           127.0.0.1/8        up          up   lo           ::1/128            up          up $ show interfaces et<tab>hernet <tab>    detail  eth0    eth1     $ show interfaces ethernet eth0  eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast  state UNKNOWN qlen 1000     link/ether 00:0c:29:f6:20:9e brd ff:ff:ff:ff:ff:ff     inet 192.168.111.132/24 brd 192.168.111.255 scope global eth0     inet6 fe80::20c:29ff:fef6:209e/64 scope link         valid_lft forever preferred_lft forever ...
  • 15.
    Template hierarchy /opt/vyatta/share/vyatta­op/templates/show/interfaces/ethernet |­­ detail |   `­­ node.def |­­ node.def `­­ node.tag     |­­ brief     |   `­­ node.def     |­­ capture     |   |­­ node.def     |   |­­ not     |   |   |­­ node.def     |   |   `­­ port     |   |       |­­ node.def     |   |       `­­ node.tag     |   |           `­­ node.def     |   `­­ port     |       |­­ node.def     |       `­­ node.tag     |           `­­ node.def     |­­ identify     |   `­­ node.def     |­­ node.def     |­­ physical     |   `­­ node.def
  • 16.
    Operational template show/interfaces/ethernet/node.tag/node.def help: Show specified ethernet interface information allowed: for dev in /sys/class/net/*;           do if [[ ­L $dev/device ]]             then if [[ $(cat $dev/type) ­eq 1 ]]                  then echo ­n ${dev##*/} " "                  fi             fi          done run: vyatta­show­interfaces.pl ­­intf="$4"
  • 17.
    Demo 2: Configuration $ configure [edit] # set interfaces ethernet eth0 description 'Vmware NAT' [edit] # show interfaces ethernet eth0  address dhcp +description "Vmware NAT"  hw­id 00:0c:29:f6:20:9e [edit] # mount ... unionfs on /opt/vyatta/config/tmp/new_config_5035 type unionfs     (rw,dirs=/tmp/changes_only_5035=rw:/opt/vyatta/config/active=r o) [edit] vyatta@vc3­1­3# commit
  • 18.
    Configuration templates multi: type: txt help: Set an IP address for this interface syntax:expression: exec "/opt/vyatta/sbin/vyatta­interfaces.pl      ­­valid­addr $VAR(@) ­­dev $VAR(../@)"     ; "Invalid IP address/prefix [$VAR(@)] for interface $VAR(../@)" update: /opt/vyatta/sbin/vyatta­interfaces.pl     ­­eth­addr­update $VAR(@) ­­dev $VAR(../@) delete: /opt/vyatta/sbin/vyatta­interfaces.pl      ­­eth­addr­delete $VAR(@) ­­dev $VAR(../@) allowed: echo "dhcp <>" comp_help:Possible completions:   <x.x.x.x/x> Set the IP address and prefix length   <h:h:h:h:h:h:h:h/x>   Set the IPv6 address and prefix length   dhcp Set the IP address and prefix length via DHCP
  • 19.
    Configuration save restore interfaces {     ethernet eth0 {         address dhcp         duplex auto         hw­id 00:0c:29:f6:20:9e         speed auto     }     loopback lo {     } } service {     ssh {         port 22         protocol­version v2     } }
  • 21.
    Quality of Service(QoS) usage models Real time services VOIP Network control plane BGP, OSPF, STP Fairness Throttle batch services P2P, backup,
  • 22.
    Vyatta QoS Organized by policy types Fair queue => sfq Traffic shaper => htb Drop tail => fifo Rate limiter => tbf Traffic limiter => ingress ...
  • 23.
    fair-queue # set qos­policy fair­queue fq [edit] # set interfaces ethernet eth0 qos­policy out fq [edit] # commit [edit] # run show queueing    Output queues: Interface  Qos­Policy             Sent    Dropped   Overlimit eth0       fair­queue             4578          0          0 eth1       default                 468          0          0
  • 24.
    fair-queue template set/qos-policy/fair-queue/node.def tag: type: txt help: Set fair queueing policy syntax:expression: pattern $VAR(@) "^[[:alnum:]][­_[:alnum:]]*$"                    ; "only alpha­numeric policy name allowed" update: /opt/vyatta/sbin/vyatta­qos.pl ­­create­policy "$VAR(.)"  "$VAR(@)" delete: /opt/vyatta/sbin/vyatta­qos.pl ­­delete­policy "$VAR(@)"
  • 25.
    Qos on EthernetInterface set/interfaces/ethernet/node.tag/qos-policy/out/node.def type: txt help: Set outbound QOS policy for specified ethernet interface allowed: /opt/vyatta/sbin/vyatta­qos.pl ­­list­policy update: /opt/vyatta/sbin/vyatta­qos.pl  ­­update­interface $VAR(../../@) $VAR(.) $VAR(@) delete: /opt/vyatta/sbin/vyatta­qos.pl  ­­delete­interface $VAR(../../@) $VAR(.)
  • 26.
    Internals - perlcode sub update_interface {     my ($interface, $direction, $name ) = @_;     my $config = new VyattaConfig;     ( $direction eq "out" ) or die "Only out direction  supported";     $config­>setLevel('qos­policy');     foreach my $type ( $config­>listNodes() ) {         if ( $config­>exists("$type $name") ) {           my $shaper = make_policy($config, $type, $name);           delete_interface($interface, $direction);           open my $out, "|­" or exec qw:sudo /sbin/tc ­batch ­:;           $shaper­>commands($out, $interface);           if (! close $out) {               delete_interface($interface, $direction);           }     }     die "Unknown qos­policy $namen"; }
  • 27.
    QoS traffic-shaper # edit qos­policy traffic­shaper lartc [edit qos­policy traffic­shaper lartc] # set class 2 bandwidth 100% [edit qos­policy traffic­shaper lartc] # set class 2 match www ip destination port 80 [edit qos­policy traffic­shaper lartc] # set class 3 bandwidth 3mbit [edit qos­policy traffic­shaper lartc] # set class 3 ceiling 5mbit   [edit qos­policy traffic­shaper lartc] # set class 3 match smtp ip destination port 25 [edit qos­policy traffic­shaper lartc] # exit
  • 28.
    Traffic-shaper continue [edit] # commit qos­policy traffic­shaper lartc configuration not complete: missing  default class Commit failed # set qos­policy traffic­shaper lartc default bandwidth 1 [edit] # commit [edit] # set interfaces ethernet eth0 qos­policy out
  • 29.
    Result # run show queueing ethernet eth0          eth0 Output queue: Class      Qos­Policy             Sent    Dropped   Overlimit 1:        traffic­shaper        11438          0          0   4       fair­queue            11438          0          0   2       fair­queue                0          0          0   3       fair­queue                0          0          0 [edit]
  • 30.
    Issues Developerdocumentation Linux Kongress paper Watch this space Vyatta ↔ Linux management Vyatta config ignores other changes CLI stays loosely coupled Vyatta package changes Every distribution is a fork All changes are fed to upstream
  • 31.
    SPC-FLOSS: orphaned projects Users want support for orphaned projects Multicast routing MPLS RSTP IPV6
  • 32.
    Future Richer features QoS+, bonding, … GUI Multi-queue Performance

Editor's Notes

  • #2 Today, I am going to talk about Vyatta&apos;s Command Line Interface. The CLI tries to integrate existing Linux projects which as they say in the US is a bit like herding cats.. Maybe that is a US expression so let me explain...
  • #9 Vyatta Debian mirror repository Does include all the networking packages on livecd Does not include X / Gnome /KD Can use packages from Debian except overlaps.
  • #11 Start with Linux + ipv6 + serial + bonding + bridging + vlan + QoS + Quagga + Snort + clam + ...
  • #12 Command completion with TAB and ? Admin is like root Operator is the guy you only partially trust Vyatta has 4 modes: root, admin, operator, normal
  • #13 IOS is monolithic. Not extensible Explain layers Marketing != reality
  • #15 Use slogin to VM Show system kernel-messages Cd /opt/vyatta/share/vyatta-op/templates Cat show/kernel-messages/node.def (Explain template hierarchy and run tag) Show interfaces ethernet eth0 Cat show/interfaces/ethernet/node.tag/node.def (Explain tag nodes and allowed, etc)
  • #18 Cd # home Show how values are stored Show how snapshots are done; mount Emphasize that this is internals (like .git) Explain save/load If that was all CLI could do this would be...
  • #22 Use QoS as example, most familiar to me, less to audience
  • #23 Mapping from policy to internals
  • #28 Example from LARTC, Linux server with total of 10Mbit available bandwidth. You want to limit webserver traffic to 5Mbit, SMTP traffic to 3Mbit and everything else (unclassified traffic) to 1Kbit. In case there is unused bandwidth, you want to share it between SMTP and unclassified traffic. The &amp;quot;total bandwidth&amp;quot; implies one top-level class with maximum bandwidth of 5Mbit. Under the top-level class, there are three child classes. set qos-policy traffic-shaper lartc bandwidth 10mbit edit qos-policy traffic-shaper lartc set class 2 bandwidth 50% set class 2 match www ip destination port 80 set class 3 bandwidth 3mbit set class 3 ceiling 100% set class 3 match smtp ip destination port 25 Commit # Fix missing default bandwidth class for unclassified traffic is allowed to use 1K but must not exceed 5Mbit. set default bandwidth 1 set default ceiling 5mbit Exit # edit mode commit # Apply to eth0 set interfaces ethernet eth0 qos-policy out lartc commit
  • #31 These are projects customers want, but upstream project is abandoned IPV6 is not really abandoned but we want to make sure it has a good home after the end of the WIDE project
  • #33 Current release (3.1.3) aka Hollywood is finally out GUI is in next release along with lots more little pieces Excited about opportunity offered by MQ...