Blog from June, 2020

RARE/FreeRouter-101 [ #003 ] - "Are you P4 compliant ?"
Fréderic LOUI posted on Jun 30, 2020

"Are you P4 compliant ?". In France in the 1990's it was a pure French private joke before the military service was officially abolished. At that time being "classé P4" meant that you were mentally unable to join the French military army. Even if you wanted to. Therefore, at the age of 18, some daring people faked mental illness in order to avoid the "Service militaire" (1 year duration). Of course here, P4 is about the data plane programming language from P4Lang project.

Requirement

  • Basic Linux/Unix knowledge
  • Basic networking knowledge

Overview

For those who are not familiar with data plane programming and especially with P4, "P4 is a domain-specific programming language for specifying the behaviour of the dataplanes of network-forwarding elements." (from p4.org) in short it helps you to write a "program specifying how a switch processes packets".

Article objective

In this article we'll using freeRouter setup deployed in #002 and replace the pcapInt providing freeRouter native software dataplane with P4Lang's dataplane. Actually the effective dataplane is ensured P4lang virtual simple_switch_grpc running RARE P4 program called: router.p4.

Diagram

[ #003 ] - Cookbook

In our example we will use the same debian stable image (buster) installed as a VirtualBox VM as in #002.

and we add a bridge network interface to or laptop RJ45 connection.

mkdir -p ~/freeRouter/bin ~/freeRouter/lib ~/freeRouter/etc ~/freeRouter/log
cd ~/freeRouter/lib
wget http://freerouter.nop.hu/rtr.jar
Update & Upgrade system
╭─[11:11:54]floui@debian ~ 
╰─➤ tree freeRouter
freeRouter
├── bin   # binary files      
├── etc   # configuration files      
├── lib   # library files      
└── log   # log files
get freeRouter net-tools tarball
wget freerouter.nop.hu/rtr.tar
Install build tools
tar xvf rtr.tar -C ~/freeRouter/bin/

For those you would like to rebuild these binaries you can find the compilation shell script in freeRouter cloned git repository in: ~/freeRouter/src/native/c.sh

add p4lang repository in /etc/apt/sources.list.d/p4.list
deb https://download.opensuse.org/repositories/home:/frederic-loui:/p4lang:/p4c:/master/Debian_10/ ./
add debian 10 repository key from download.opensuse.org
wget https://download.opensuse.org/repositories/home:/frederic-loui:/p4lang:/p4c:/master/Debian_10/Release.key
sudo apt-key add ./Release.key
install p4lang packages (just install p4c and it will install p4lang-pi and bmv2)
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install p4c
check p4lang packages installation
╭─[4:59:33]floui@debian ~/freeRouter/etc  
╰─➤  dpkg -l | grep p4lang
ii  bmv2                                   20200615~d447b6a~release~nightly-0+57.1 amd64        p4lang behavioral-model
ii  p4c                                    20200628~7c03f854~release~nightly-0     amd64        p4c p4lang project compiler
ii  p4lang-pi                              20200601~822a0d1~release~nightly-0+39.1 amd64        Implementation framework of a P4Runtime server
Clone RARE code from repository 
cd ~/
git clone https://github.com/frederic-loui/RARE.git
compile RARE router.p4
cd ~/RARE/02-PE-labs/p4src
╭─[5:26:06]floui@debian ~/RARE/02-PE-labs/p4src  ‹master› 
╰─➤  make build
mkdir -p ../build ../run/log
p4c --std p4-16 --target bmv2 --arch v1model \
        -I ./ -o ../build --p4runtime-files ../build/router.txt router.p4

FreeRouter uses 2 configuration files in order to run, let's write these configuration files for R1 in ~/freeRouter/etc

freeRouter hardware configuration file: p4-freerouter-hw.txt
int eth0 eth 0000.1111.00fb 127.0.0.1 22710 127.0.0.1 22709
tcp2vrf 2323 v1 23
tcp2vrf 9080 v1 9080
freeRouter software configuration file: p4-freerouter-sw.txt
hostname p4-freerouter
buggy
!
vrf definition v1
 exit
!
interface ethernet0
 description freerouter@P4_CPU_PORT[veth251]
 no shutdown
 no log-link-change
 exit
!
interface sdn1
 description freerouter@sdn1[enp0s9]
 mtu 9000
 macaddr 0072.3e18.1b6f
 vrf forwarding v1
 ipv4 address 192.168.1.131 255.255.255.0
 ipv6 address fd7d:a59c:650b::666 ffff:ffff:ffff:fff0::
 ipv6 enable
 no shutdown
 no log-link-change
 exit
!
!
!
!
!
!
!
!
!
!
!
!
!
!
server telnet tel
 security protocol telnet
 no exec authorization
 no login authentication
 vrf v1
 exit
!
server p4lang p4
 export-vrf v1 1
 export-port sdn1 1 0
 interconnect ethernet0
 vrf v1
 exit
!
client tcp-checksum transmit
!
end
Setup BMv2 P4 dataplane communication channel via veth pair
sudo ip link add veth251 type veth peer name veth250
sudo ip link set veth250 up  
sudo ip link set veth251 up
freeRouter launch with supplied p4-freerouter-hw.txt and p4-freerouter-sw.txt with a console prompt
╭─[6:06:13]floui@debian ~/freeRouter  
╰─➤  java -jar lib/rtr.jar routersc etc/p4-freerouter-hw.txt etc/p4-freerouter-sw.txt
info cfg.cfgInit.doInit:cfgInit.java:556 booting
info cfg.cfgInit.doInit:cfgInit.java:680 initializing hardware
info cfg.cfgInit.doInit:cfgInit.java:687 applying defaults
info cfg.cfgInit.doInit:cfgInit.java:695 applying configuration
info cfg.cfgInit.doInit:cfgInit.java:721 done
welcome
line ready
freerouter#
launch freeRouter pcapInt in order to stitch control plane and P4 BMv2 dataplane communication
╭─[1:00:53]floui@debian[1]  ~/freeRouter/bin  
╰─➤  sudo ./pcapInt.bin veth251 22709 127.0.0.1 22710 127.0.0.1
binded to local port 127.0.0.1 22709.
will send to 127.0.0.1 22710.
pcap version: libpcap version 1.8.1
opening interface veth251 with pcap1.x api
serving others
>
Run RARE P4 dataplane - simple_switch_grpc router.p4 
export P4_RARE_ROOT=/home/floui/RARE/02-PE-labs
sudo simple_switch_grpc --log-file $P4_RARE_ROOT/run/log/p4-freerouter.log \                                               
                        -i 1@enp0s9 \                        
                        -i 64@veth250 \                                                
                        --thrift-port 9090 --nanolog ipc://$P4_RARE_ROOT/run/bm-0-log.ipc --device-id 0 $P4_RARE_ROOT/build/simple_switch_grpc.json \
                        -- --grpc-server-addr 127.0.0.1:50051 > $P4_RARE_ROOT/run/log/p4-freerouter.out 2>&1 &
Launch forwarder.p4 (p4runtime GRPC based interface)
╭─[2:07:10]floui@debian[1]  ~/RARE/02-PE-labs/p4src  ‹master*› 
╰─➤  ./forwarder.py
rx:  ['myaddr4_add', '224.0.0.0/4', '0', '1', '\n']
rx:  ['myaddr4_add', '255.255.255.255/32', '0', '1', '\n']
rx:  ['myaddr6_add', 'ff00::/8', '0', '1', '\n']
rx:  ['myaddr4_add', '192.168.1.0/24', '-1', '1', '\n']
rx:  ['myaddr4_add', '192.168.1.131/32', '-1', '1', '\n']
rx:  ['myaddr6_add', 'fd7d:a59c:650b::/60', '-1', '1', '\n']
rx:  ['myaddr6_add', 'fd7d:a59c:650b::666/128', '-1', '1', '\n']
rx:  ['myaddr6_add', 'fe80::/64', '-1', '1', '\n']
rx:  ['mylabel6_add', '270549', '1', '\n']
rx:  ['mylabel4_add', '606864', '1', '\n']
rx:  ['state', '1', '1', '0', '\n']
rx:  ['mtu', '1', '9000', '\n']
rx:  ['portvrf_add', '1', '1', '\n']
rx:  ['neigh4_add', '14252', '192.168.1.1', '34:ce:00:67:18:c2', '1', '00:72:3e:18:1b:6f', '1', '\n']
rx:  ['neigh4_add', '52194', '192.168.1.143', '9c:eb:e8:d5:2c:51', '1', '00:72:3e:18:1b:6f', '1', '\n']
rx:  ['keepalive', '\n']
rx:  ['keepalive', '\n']
...

Verification

FreeRouter telnet access from Virtualbox VM guest via port 2323
╭─[7:07:41]floui@debian[1]  ~/freeRouter/etc  
╰─➤  telnet localhost 2323
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
welcome
line ready
freerouter#
freerouter running configuration
p4-freerouter#sh run                                                           
hostname p4-freerouter
buggy
!
vrf definition v1
 exit
!
interface ethernet0
 description freerouter@P4_CPU_PORT[veth251]
 no shutdown
 no log-link-change
 exit
!
interface sdn1
 description freerouter@sdn1[enp0s9]
 mtu 9000
 macaddr 0072.3e18.1b6f
 vrf forwarding v1
 ipv4 address 192.168.1.131 255.255.255.0
 ipv6 address fd7d:a59c:650b::666 ffff:ffff:ffff:fff0::
 ipv6 enable
 no shutdown
 no log-link-change
 exit
!
!
!
!
!
!
!
!
!
!
!
!
!
!
server telnet tel
 security protocol telnet
 no exec authorization
 no login authentication
 vrf v1
 exit
!
server p4lang p4
 export-vrf v1 1
 export-port sdn1 1 0
 interconnect ethernet0
 vrf v1
 exit
!
client tcp-checksum transmit
!
end
Check control plane is communicating with bmv2 p4 dataplane
p4-freerouter#show interfaces summary                                          
interface  state  tx     rx    drop
ethernet0  up     10616  9243  0
sdn1       up     10340  9069  0
Ping IPv4 from freerouter -> LAN router gateway
p4-freerouter#ping 192.168.1.131 /vrf v1                                       
pinging 192.168.1.131, src=null, cnt=5, len=64, tim=1000, ttl=255, tos=0, sweep=false
!!!!!
result=100%, recv/sent/lost=5/5/0, rtt min/avg/max/total=0/0/0/0
p4-freerouter#ping 192.168.1.1 /vrf v1                                         
pinging 192.168.1.1, src=null, cnt=5, len=64, tim=1000, ttl=255, tos=0, sweep=false
!!!!!
result=100%, recv/sent/lost=5/5/0, rtt min/avg/max/total=3/5/10/28
IPv4 arp check ( 192.168.1.1 is the gateway, 192.168.1.143 is the VM host)
p4-freerouter#sh ipv4 arp sdn1                                                 
mac             address        time      static
34ce.0067.18c2  192.168.1.1    00:00:35  false
9ceb.e8d5.2c51  192.168.1.143  00:00:35  false
6420.0c65.437b  192.168.1.173  00:01:35  false

Ping IPv6 from freerouter -> LAN router gateway
p4-freerouter#ping fd7d:a59c:650b::666 /vrf v1                                 
pinging fd7d:a59c:650b::666, src=null, cnt=5, len=64, tim=1000, ttl=255, tos=0, sweep=false
!!!!!
result=100%, recv/sent/lost=5/5/0, rtt min/avg/max/total=0/0/0/1
p4-freerouter#ping fd7d:a59c:650b::1 /vrf v1                                   
pinging fd7d:a59c:650b::1, src=null, cnt=5, len=64, tim=1000, ttl=255, tos=0, sweep=false
!!!!!
result=100%, recv/sent/lost=5/5/0, rtt min/avg/max/total=2/2/3/13
IPv6 neighbor discovery check ( 192.168.1.1 is the gateway, 192.168.1.143 is the VM host)
p4-freerouter#show ipv6 neighbors sdn1                                         
mac             address                    time      static  router
34ce.0067.18c2  fd7d:a59c:650b::1          00:01:22  false   false
9ceb.e8d5.2c51  fe80::10e6:87a7:6a9:f14a   00:01:22  false   false
34ce.0067.18c2  fe80::36ce:ff:fe67:18c2    00:01:22  false   false
b6be.fdcf.d0f9  fe80::b4be:fdff:fecf:d0f9  00:01:22  false   false
Initiate IPv4 ssh from freerouter -> LAN router gateway
p4-freerouter#ssh 192.168.1.1 /vrf v1 /user root                               
 - connecting to 192.168.1.1 22
password: ***************
                
 - securing connection



BusyBox v1.28.4 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 18.06.2, r7676-cddd7b4c77
 -----------------------------------------------------
root@OpenWrt:~#


Initiate IPv6 ssh from freerouter -> LAN router gateway
p4-freerouter#ssh fd7d:a59c:650b::1 /vrf v1 /user root                         
 - connecting to fd7d:a59c:650b::1 22
password: ***************
                
 - securing connection



BusyBox v1.28.4 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 18.06.2, r7676-cddd7b4c77
 -----------------------------------------------------

Conclusion

In this article you:

  • had a demonstration of how to integrate freeRouter into a local area network (Similar to article #002)
  • However instead of using pcapInt you are now using a software P4 dataplane from P4lang project: bmv2 
  • BMv2 simple_switch_grpc target is used an run RARE router.p4
  • communication between freeRouter control plane and bmv2 is ensured by pcapInt via veth pair [ veth250 - veth251 ]
  • This communication is possible via RARE forwarder.py based on GRPC P4Lang P4Runtime python binding
  • In this example the BMv2 P4 switch has only 1 dataplane interface that is bound to enp0s9 VM interface exposed to the local network as a bridged interface

[ #003 ] RARE/FreeRouter-101 - key take-away

  • FreeRouter is using UNIX socket in order to forward packet dedicated to control plane + dataplane communication.

This essential paradigm is used to ensure communication between freeRouter and BMv2 P4 dataplane. It is ensured by pcapInt binary from freeRouter net-tools that will bind freeRouter socket (veth251@locathost:22710) to a virtual network interface (veth250@localhost:22709)  connected to CPU_PORT 64.

  • freeRouter control plane and dataplane communication is enabled by RARE forwarder.py 

forwarder.py is a simple python script based on GRPC P4Runtime python library.

freeRouter is doing all the control plane route computation and write/modify/remove message entry via P4Runtime so that P4 entries are created/modified/removed accordingly from P4 tables

While BMv2 target is a very good choice for packet processing algorithm validation, it is not an ideal target for production use. We will see in next articles how we can reach a higher rate throughput related required by use cases defined by network operators.  

RARE/FreeRouter-101 [ #002 ] - "Let me get out !"
Fréderic LOUI posted on Jun 29, 2020

While in article #001 of the 101 series we learnt how to spawn 2 router instances on the same VM, this use case is only useful for learning/pedagogic purposes. freeRouter can be considered as networking Swiss Army Knife in real networks. We will demonstrate further freeRouter capability to take control a a full VM and then be able to directly communicate with the external real world via the VM network device interface. i.e Out of the VM scope.

Requirement

  • Basic Linux/Unix knowledge
  • Basic networking knowledge

Overview

 Working with freeRouter inside VM is interesting but working and interact with the outside world is way more exciting !

Article objective

In this article we'll explain how to integrate freeRouter in an existing local area network (my home network) and how to inherit from IPv4 DHCP and IPv6 SLAAC. Though this simple example is consumer/end user oriented, freeRouter can be incorporated into a Internet Service provider environment.  You can easily imagine how to build a highly scalable and versatile BGP route Reflector, sophisticated route server, ROA/RPKI validator or even a BGP BMP server ... (and the list of features set is huge). For example, in one of my project since 2015 I'm using freeRouter as a BGP route reflector inside a k8s cluster running calico network plugin.

Diagram

[ #002 ] - Cookbook

In our example we will use a genuine debian stable image (buster) installed as a VirtualBox VM.

and we add a bridge network interface to or laptop RJ45 connection.

mkdir -p ~/freeRouter/bin ~/freeRouter/lib ~/freeRouter/etc ~/freeRouter/log
cd ~/freeRouter/lib
wget http://freerouter.nop.hu/rtr.jar
Update & Upgrade system
╭─[11:11:54]floui@debian ~ 
╰─➤ tree freeRouter
freeRouter
├── bin   # binary files      
├── etc   # configuration files      
├── lib   # library files      
└── log   # log files
get freeRouter net-tools tarball
wget freerouter.nop.hu/rtr.tar
Install build tools
tar xvf rtr.tar -C ~/freeRouter/bin/

For those you would like to rebuild these binaries you can find the compilation shell script in freeRouter cloned git repository in: ~/freeRouter/src/native/c.sh

FreeRouter uses 2 configuration files in order to run, let's write these configuration files for R1 in ~/freeRouter/etc

freeRouter hardware file: freerouter-hw.txt
int eth1 eth 0000.1111.0001 127.0.0.1 26011 127.0.0.1 26021
tcp2vrf 2323 v1 23
freeRouter software configuration file: r1-sw.txt
freerouter#sh run                                                              
hostname freerouter
buggy
!
!
prefix-list p4
 sequence 10 permit 0.0.0.0/0 ge 0 le 0
 exit
!
prefix-list p6
 sequence 10 permit ::/0 ge 0 le 0
 exit
!
vrf definition v1
 exit
!
interface ethernet1
 description freerouter@enp0s9
 vrf forwarding v1
 ipv4 address dynamic 255.255.255.0
 ipv4 gateway-prefix p4
 ipv4 dhcp-client enable
 ipv4 dhcp-client early
 ipv6 address dynamic ffff:ffff:ffff:ffff::
 ipv6 gateway-prefix p6
 ipv6 slaac
 no shutdown
 no log-link-change
 exit
!
!
!
!
!
!
!
!
!
!
!
!
!
!
server telnet tel
 security protocol telnet
 no exec authorization
 no login authentication
 vrf v1
 exit
!
!
end

freerouter#
freeRouter launch with supplied freerouter-hw.txt and freerouter-sw.txt with a console prompt
╭─[6:06:13]floui@debian[3]  ~/freeRouter  
╰─➤  java -jar lib/rtr.jar routersc etc/freerouter-hw.txt etc/freerouter-sw.txt                                                                                      3 ↵
info cfg.cfgInit.doInit:cfgInit.java:556 booting
info cfg.cfgInit.doInit:cfgInit.java:680 initializing hardware
info cfg.cfgInit.doInit:cfgInit.java:687 applying defaults
info cfg.cfgInit.doInit:cfgInit.java:695 applying configuration
info cfg.cfgInit.doInit:cfgInit.java:721 done
welcome
line ready
freerouter#
Launch pcapInt in order to bind socket localhost:26011 to localhost26021@enp0s9
╭─[6:06:13]floui@debian[1]  ~/freeRouter/bin  
╰─➤  sudo ./pcapInt.bin enp0s9 26021 127.0.0.1 26011 127.0.0.1                                                                                                       1 ↵
binded to local port 127.0.0.1 26021.
will send to 127.0.0.1 26011.
pcap version: libpcap version 1.8.1
opening interface enp0s9 with pcap1.x api
serving others
>

Verification

FreeRouter telnet access from Virtualbox VM guest via port 2323
╭─[7:07:41]floui@debian[1]  ~/freeRouter/etc  
╰─➤  telnet localhost 2323                                                                                                                                           1 ↵
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
welcome
line ready
freerouter#
freerouter running configuration
freerouter#sh run                                                              
hostname freerouter
buggy
!
!
prefix-list p4
 sequence 10 permit 0.0.0.0/0 ge 0 le 0
 exit
!
prefix-list p6
 sequence 10 permit ::/0 ge 0 le 0
 exit
!
vrf definition v1
 exit
!
interface ethernet1
 description freerouter@enp0s9
 vrf forwarding v1
 ipv4 address dynamic 255.255.255.0
 ipv4 gateway-prefix p4
 ipv4 dhcp-client enable
 ipv4 dhcp-client early
 ipv6 address dynamic ffff:ffff:ffff:ffff::
 ipv6 gateway-prefix p6
 ipv6 slaac
 no shutdown
 no log-link-change
 exit
!
!
!
!
!
!
!
!
!
!
!
!
!
!
server telnet tel
 security protocol telnet
 no exec authorization
 no login authentication
 vrf v1
 exit
!
!
end

freerouter#
Ping IPv4 from freerouter -> LAN router gateway
freerouter#ping 192.168.1.1 /vrf v1                                            
pinging 192.168.1.1, src=null, cnt=5, len=64, tim=1000, ttl=255, tos=0, sweep=false
!!!!!
result=100%, recv/sent/lost=5/5/0, rtt min/avg/max/total=1/1/1/5
freerouter#
IPv4 arp check ( 192.168.1.1 is the gateway, 192.168.1.143 is the VM host)
freerouter#sh ipv4 arp eth1                                                    
mac             address        time      static
34ce.0067.18c2  192.168.1.1    00:00:43  false
9ceb.e8d5.2c51  192.168.1.143  00:00:43  false

freerouter#

Ping IPv6 from freerouter -> LAN router gateway
freerouter#ping fd7d:a59c:650b::1 /vrf v1                                      
pinging fd7d:a59c:650b::1, src=null, cnt=5, len=64, tim=1000, ttl=255, tos=0, sweep=false
!!!!!
result=100%, recv/sent/lost=5/5/0, rtt min/avg/max/total=0/0/2/4
freerouter#
IPv6 neighbor discovery check ( 192.168.1.1 is the gateway, 192.168.1.143 is the VM host)
freerouter#show ipv6 neighbors eth1                                            
mac             address                              time      static  router
34ce.0067.18c2  fd7d:a59c:650b::1                    00:01:44  false   false
9ceb.e8d5.2c51  fd7d:a59c:650b::8926:98c9:bbde:8ed7  00:01:44  false   false

freerouter#
Initiate IPv4 ssh from freerouter -> LAN router gateway
freerouter#ssh 192.168.1.1 /vrf v1 /user root                                  
 - connecting to 192.168.1.1 22
password: ***************
                
 - securing connection



BusyBox v1.28.4 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 18.06.2, r7676-cddd7b4c77
 -----------------------------------------------------
root@OpenWrt:~#


Initiate IPv6 ssh from freerouter -> LAN router gateway
freerouter#ssh fd7d:a59c:650b::1 /vrf v1 /user root                            
 - connecting to fd7d:a59c:650b::1 22
password: ***************
                
 - securing connection



BusyBox v1.28.4 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 18.06.2, r7676-cddd7b4c77
 -----------------------------------------------------
root@OpenWrt:~

Conclusion

In this article you:

  • had a demonstration of how to integrate freeRouter to a local area network
  • learn how to configure an interface in order to act as an IPv4 DCHP client 
  • learn how to configure an interface using IPv6 SLAAC 

[ #002 ] RARE/FreeRouter-101 - key take-away

  • FreeRouter is using UNIX socket in order to forward packet.

You can use pcapInt binary from freeRouter net-tools that will bind freeRouter socket (locathost:26011) to a physical network interface (localhost:26021@enp0s9) 

It support a huge list of feature with IPv4/IPv6 parity. In this example we demonstrated how an interface can inherit IPv4/IPv6 addresses from IPv4 DHCP server or IPv6 SLAAC

  • freeRouter can interact with the real network (in various flavors. We will develop this in further articles)

It can be used as a BGP route reflector in Internet Service Provider environment, as ROA/RPKI validator, BMP server, BGP looking glass, route server etc.

RARE/FreeRouter-101 [ #001 ] - "Hello FreeRouter !"
Fréderic LOUI posted on Jun 29, 2020

The main objective of [RARE / FreeRouter 101] series is to help you getting started with FreeRouter from scratch without any prior knowledge.

Requirement

  • Basic Linux/Unix knowledge
  • Basic networking knowledge

Overview

freeRouter is a free, open source router control plane software. For nostalgic and networkers from prehistoric era (like me), freeRouter besides Ethernet, is able to handle HDLC, X25, frame-relay, ATM encapsulation. Since it handles packets itself at the socket layer, it is independent of underlying Operation System capabilities. We will see in the next articles how freeRouter subtlety leverage this inherently independence to connect different data-plane such as OpenFlow, P4 and other possible data-plane that would appear in the near future.

The command line tries to mimic the industry standards with one exception:

  • no global routing table: every routed interface must be in a virtual routing table
  • positive side effect: there are no vrf-awareness questions

Article objective

This article is meant to simply deploy 2 instances of freeRouter on the same fresh linux installed linux box. We are voluntary using freeRouter (freerouter.nop.hu) "raw" official repository in order to get familiar with the deployment manual process. Even if the deployment process is straightforward, it is not self explanatory for people non familiar with java/linux.

In order to simplify the deployment we have automated freeRouter daily builds on:

But let's get our "hand dirty" and follow the simple manual installation. 

Diagram

[ #001 ] - Cookbook

In our example we will use a genuine debian stable image (buster) installed as a VirtualBox VM.

  • Start & connect your VM as root 
  • Update your VM
apt-get update
apt-get upgrade

In this example, we won't recompile freeRouter so installing headless java runtime is enough. This set up is recommended for production environment in order to ensure minimal software footprint

apt-get install default-jre-headless --no-install-recommends

Let's create the following structure, even if some folder are empty for now:

mkdir -p ~/freeRouter/bin ~/freeRouter/lib ~/freeRouter/etc ~/freeRouter/log
cd ~/freeRouter/lib
wget http://freerouter.nop.hu/rtr.jar

so you have have the following environment:

╭─[11:11:54]floui@debian ~ 
╰─➤ tree freeRouter
freeRouter
├── bin   # binary files      
├── etc   # configuration files      
├── lib   # library files      
└── log   # log files

FreeRouter uses 2 configuration files in order to run, let's write these configuration files for R1 in ~/freeRouter/etc

freeRouter hardware file: r1-hw.txt
int eth1 eth 0000.1111.0001 127.0.0.1 26011 127.0.0.1 26021
tcp2vrf 1123 v1 23
freeRouter software configuration file: r1-sw.txt
hostname r1
!
vrf definition v1
 exit
!
int eth1
desc r1@e1 -> r2@e1
vrf forwarding v1
 ipv4 address 1.1.1.1 255.255.255.252
 ipv6 address 1234::1 ffff:ffff:ffff:ffff::
 exit
!
server telnet tel
 security protocol telnet
 no exec authorization
 no login authentication
 vrf v1
 exit
!

Repeat the same configuration for R2 in ~/freeRouter/etc

freeRouter hardware file: r2-hw.txt
int eth1 eth 0000.2222.0001 127.0.0.1 26021 127.0.0.1 26011
tcp2vrf 2223 v1 23
freeRouter software configuration file: r2-sw.txt
hostname r2
!
vrf definition v1
 exit
!
int eth1
desc r2@e1 -> r1@e1
vrf forwarding v1
 ipv4 address 1.1.1.2 255.255.255.252
 ipv6 address 1234::2 ffff:ffff:ffff:ffff::
 exit
!
server telnet tel
 security protocol telnet
 no exec authorization
 no login authentication
 vrf v1
 exit
!
freeRrouter launch with blank parameters
╭─[12:58:45]floui@debian ~/freeRouter  
╰─➤  java -jar ./lib/rtr.jar 
java -jar ./lib/rtr.jar <parameters>
parameters:
  router <cfg>            - start router background
  routerc <cfg>           - start router with console
  routerw <cfg>           - start router with window
  routercw <cfg>          - start router with console and window
  routers <hwcfg> <swcfg> - start router from separate configs
  routera <swcfg>         - start router with sw config
  test <cmd>              - execute test command
  show <cmd>              - execute show command
  exec <cmd>              - execute exec command
R1 launch with supplied r1-hw.txt and r1-sw.txt with a console prompt
╭─[12:59:11]floui@debian ~/freeRouter  
╰─➤  java -jar lib/rtr.jar routersc etc/r1-hw.txt etc/r1-sw.txt 
info cfg.cfgInit.doInit:cfgInit.java:556 booting
info cfg.cfgInit.doInit:cfgInit.java:680 initializing hardware
info cfg.cfgInit.doInit:cfgInit.java:687 applying defaults
info cfg.cfgInit.doInit:cfgInit.java:695 applying configuration
info cfg.cfgInit.doInit:cfgInit.java:721 done
welcome
line ready
r1#
R2 launch with supplied r2-hw.txt and r2-sw.txt with a console prompt
╭─[12:58:52]floui@debian ~/freeRouter  
╰─➤  java -jar lib/rtr.jar routersc etc/r2-hw.txt etc/r2-sw.txt
info cfg.cfgInit.doInit:cfgInit.java:556 booting
info cfg.cfgInit.doInit:cfgInit.java:680 initializing hardware
info cfg.cfgInit.doInit:cfgInit.java:687 applying defaults
info cfg.cfgInit.doInit:cfgInit.java:695 applying configuration
info cfg.cfgInit.doInit:cfgInit.java:721 done
welcome
line ready
r2#

Verification

R1 telnet access from Virtualbox VM guest via port 1123
╭─[1:09:28]floui@debian ~  
╰─➤  telnet localhost 1123
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
welcome
line ready
r1#
R2 telnet access from Virtualbox VM guest via port 2223
╭─[1:15:37]floui@debian ~  
╰─➤  telnet localhost 2223                                                                                                                                           1 ↵
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
welcome
line ready
r2#
R1 running configuration
r1#sh run                                                                      
hostname r1
buggy
!
!
vrf definition v1
 exit
!
interface ethernet1
 description r1@e1 -> r2@e1
 vrf forwarding v1
 ipv4 address 1.1.1.1 255.255.255.252
 ipv6 address 1234::1 ffff:ffff:ffff:ffff::
 no shutdown
 no log-link-change
 exit
!
!
!
!
!
!
!
!
!
!                  
!
!
!
!
server telnet tel
 security protocol telnet
 no exec authorization
 no login authentication
 vrf v1
 exit
!
!
end

r1#
R2 running configuration
r2#sh run                                                                      
hostname r2
buggy
!
!
vrf definition v1
 exit
!
interface ethernet1
 description r2@e1 -> r1@e1
 vrf forwarding v1
 ipv4 address 1.1.1.2 255.255.255.252
 ipv6 address 1234::2 ffff:ffff:ffff:ffff::
 no shutdown
 no log-link-change
 exit
!
!
!
!
!
!
!
!
!
!                  
!
!
!
!
server telnet tel
 security protocol telnet
 no exec authorization
 no login authentication
 vrf v1
 exit
!
!
end

r2#
Ping from R1 -> R2
r1#ping 1.1.1.2 /vrf v1                                                        
pinging 1.1.1.2, src=null, cnt=5, len=64, tim=1000, ttl=255, tos=0, sweep=false
!!!!!
result=100%, recv/sent/lost=5/5/0, rtt min/avg/max/total=1/2/3/13
r1#
r1#ping 1234::2 /vrf v1                                                        
pinging 1234::2, src=null, cnt=5, len=64, tim=1000, ttl=255, tos=0, sweep=false
!!!!!
result=100%, recv/sent/lost=5/5/0, rtt min/avg/max/total=1/4/11/23
r1#
Ping from R2 -> R1
r2#ping 1.1.1.1 /vrf v1                                                        
pinging 1.1.1.1, src=null, cnt=5, len=64, tim=1000, ttl=255, tos=0, sweep=false
!!!!!
result=100%, recv/sent/lost=5/5/0, rtt min/avg/max/total=0/1/2/12
r2#    
r2#ping 1234::1 /vrf v1                                                        
pinging 1234::1, src=null, cnt=5, len=64, tim=1000, ttl=255, tos=0, sweep=false
!!!!!
result=100%, recv/sent/lost=5/5/0, rtt min/avg/max/total=0/1/3/7
r2#
Initiate IPv4 telnet from R1 -> R2 (inside freeRouter scope)
r1#telnet 1.1.1.2 23 /vrf v1                                                   
 - connecting to 1.1.1.2 23

welcome
line ready
r2#
Initiate IPv6 telnet from R2 -> R1 (inside freeRouter scope)
r2#telnet 1234::1 /vrf v1                                                      
 - connecting to 1234::1 23

welcome
line ready
r1#

Conclusion

In this article you:

  • had a brief introduction of freeRouter networking Swiss army knife
  • learn how to deploy 2 instances of freeRouter and interconnect them via 2 UNIX sockets on a VM guest running on VirtualBox 
  • this setup is ideal, for network simulation encompassing hundreds of nodes, self contained in the same VM without interaction with the external world. (protocol experimentation, convergence test etc.)

[ #001 ] RARE/FreeRouter-101 - key take-away

  • FreeRouter is using UNIX socket in order to forward packet.

This is a key feature that will be leveraged to connect freeRouter control plane to any type of data-plane

  • In FreeRouter everything is in a VRF (so there is no global VRF)

This design choice has very positive consequences like: No VRF awareness questions,have multiple bgp processes for the same freeRouter instance (each bound to a different VRF) 

All the feature set is IPv4 and IPv6 compliant. So there is no compromised !