Vyatta small ISP Border router

Vyatta винаги ми е била слабост, признавам си. А и идеята да събереш различните инструменти в един функционален шел е повече от добра. Навсякъде където може да се вземе мрежово решение с Линукс мисля първо за нея. И не защото съм предал другите дистрибуции а защото найстина се убедих в нейната функционалност и лекота на работа. Като се замисли човек първо получаваш един добре оптимизиран рутер с шел ала Juniper а после можеш да ползваш всяко хранилище на Debian и да си инсталираш каквото пожелаеш от света на Линукс. Също мисля, че на много места я подценяват но ако проекта върви така за бъдеще може да се превърне и в нещо като стандарт при Линукс рутерите. В долната конфигурация имах нужда от граничен маршрутизатор който замених от Debian към Vyatta и въпреки, че самата vyatta е дериват на Debian се държа доста различно главно поради различния подход към конфигуриране на мрежата. Например всички маршрути в Vyatta се изпълняват от демона зебра или пък мрежовите интерфейси се конфигурират с ip address а не с ifconfig и така нататък. Определено операцията която извърших имаше смисъл и усетих удовлетворение когато видях колко малко ресурси харчи и с каква лекота работи новият маршрутизатор …
Commands CLI …………………………………………..
set firewall conntrack-table-size 50000000
set interfaces ethernet eth0 vif 100 address 93.155.131.1/28
set interfaces ethernet eth0 vif 100 address 93.155.162.1/24
set interfaces ethernet eth0 vif 100 address 93.155.169.1/24
set interfaces ethernet eth0 vif 100 address 93.155.130.17/28
set interfaces ethernet eth0 vif 100 address 93.155.130.65/26
set interfaces ethernet eth0 vif 100 address 93.155.130.129/25
set interfaces ethernet eth0 vif 100 address 93.155.131.25/29
set interfaces ethernet eth0 vif 100 address 93.155.131.33/27
set interfaces ethernet eth0 vif 100 address 93.155.131.65/26
set interfaces ethernet eth0 vif 100 address 93.155.131.129/25
set interfaces ethernet eth0 vif 523 address 93.155.131.17/29
set interfaces ethernet eth1 vif 149 address 212.70.158.90/30
set interfaces ethernet eth1 address 93.155.130.1/28
set interfaces tunnel tun1 address 93.155.130.33/30
set interfaces tunnel tun1 encapsulation gre
set interfaces tunnel tun1 local-ip 93.155.131.1
set interfaces tunnel tun1 multicast enable
set interfaces tunnel tun1 remote-ip 10.18.9.2
set interfaces tunnel tun1 ttl 255
set interfaces tunnel tun2 address 93.155.130.37/30
set interfaces tunnel tun2 encapsulation gre
set interfaces tunnel tun2 local-ip 93.155.131.1
set interfaces tunnel tun2 multicast enable
set interfaces tunnel tun2 remote-ip 10.18.9.3
set interfaces tunnel tun2 ttl 255
set policy prefix-list GCN rule 1 action permit
set policy prefix-list GCN rule 1 prefix 93.155.130.0/24
set policy prefix-list GCN rule 2 action permit
set policy prefix-list GCN rule 2 prefix 93.155.131.0/24
set policy prefix-list GCN rule 3 action permit
set policy prefix-list GCN rule 3 prefix 93.155.162.0/24
set policy prefix-list GCN rule 4 action permit
set policy prefix-list GCN rule 4 prefix 93.155.169.0/24
set protocols bgp 47453 aggregate-address 93.155.130.0/24
set protocols bgp 47453 aggregate-address 93.155.131.0/24
set protocols bgp 47453 aggregate-address 93.155.162.0/24
set protocols bgp 47453 aggregate-address 93.155.169.0/24
set protocols bgp 47453 neighbor 212.70.158.89 nexthop-self
set protocols bgp 47453 neighbor 212.70.158.89 prefix-list export GCN
set protocols bgp 47453 neighbor 212.70.158.89 remote-as 12615
set protocols bgp 47453 neighbor 212.70.158.89 soft-reconfiguration inbound
set protocols bgp 47453 network 93.155.130.0/24
set protocols bgp 47453 network 93.155.131.0/24
set protocols bgp 47453 network 93.155.162.0/24
set protocols bgp 47453 network 93.155.169.0/24
set protocols bgp 47453 parameters router-id 212.70.158.89
set protocols bgp 47453 redistribute connected
set protocols bgp 47453 redistribute static
set protocols static route 10.18.1.0/24 next-hop 93.155.131.11
set protocols static route 10.18.7.0/24 next-hop 93.155.131.7
set protocols static route 10.18.8.0/24 next-hop 93.155.131.8
set protocols static route 10.18.9.0/24 next-hop 93.155.131.9
set protocols static route 10.122.0.0/16 next-hop 93.155.131.11
set protocols static route 10.123.0.0/16 next-hop 93.155.131.11
set protocols static route 10.124.0.0/16 next-hop 93.155.131.11
set protocols static route 10.125.0.0/16 next-hop 93.155.131.11
set protocols static route 10.126.0.0/16 next-hop 93.155.131.11
set protocols static route 10.127.0.0/16 next-hop 93.155.131.11
set protocols static route 194.141.67.0/24 next-hop 93.155.131.19
set protocols static route 194.141.68.0/24 next-hop 93.155.131.19
set protocols static route 194.141.69.0/24 next-hop 93.155.131.19
set service dns forwarding cache-size 2000
set service dns forwarding listen-on eth3
set service dns forwarding listen-on eth0.100
set service dns forwarding name-server 208.67.222.222
set service dns forwarding name-server 208.67.220.220
set service dns forwarding system
set service snmp community public authorization ro
set service snmp contact support@itservice-bg.net
set service snmp listen-address 93.155.130.1 port 161
set service snmp location Bulgaria
set service ssh port 22
set system time-zone Europe/Sofia
Show config file …………………………………………………..
firewall {
all-ping enable
broadcast-ping disable
conntrack-expect-table-size 4096
conntrack-hash-size 4096
conntrack-table-size 50000000
conntrack-tcp-loose enable
ip-src-route disable
ipv6-receive-redirects disable
ipv6-src-route disable
log-martians enable
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
duplex auto
hw-id 00:13:72:52:92:bf
smp_affinity auto
speed auto
vif 100 {
address 93.155.131.1/28
address 93.155.162.1/24
address 93.155.169.1/24
address 93.155.130.17/28
address 93.155.130.65/26
address 93.155.130.129/25
address 93.155.131.25/29
address 93.155.131.33/27
address 93.155.131.65/26
address 93.155.131.129/25
}
vif 523 {
address 93.155.131.17/29
}
}
ethernet eth1 {
duplex auto
hw-id 00:13:72:52:92:c0
smp_affinity auto
speed auto
vif 149 {
address 212.70.158.90/30
}
}
ethernet eth2 {
address 93.155.130.1/28
duplex auto
hw-id 00:04:23:ab:7d:7a
smp_affinity auto
speed auto
}
ethernet eth3 {
address 192.168.1.200/24
duplex auto
hw-id 00:04:23:ab:7d:7b
smp_affinity auto
speed auto
}
loopback lo {
}
tunnel tun1 {
address 93.155.130.33/30
description IordanSpasov
encapsulation gre
local-ip 93.155.131.1
multicast enable
remote-ip 10.18.9.2
ttl 255
}
tunnel tun2 {
address 93.155.130.37/30
description Filipov
encapsulation gre
local-ip 93.155.131.1
multicast enable
remote-ip 10.18.9.3
ttl 255
}
}
policy {
prefix-list GCN {
rule 1 {
action permit
prefix 93.155.130.0/24
}
rule 2 {
action permit
prefix 93.155.131.0/24
}
rule 3 {
action permit
prefix 93.155.162.0/24
}
rule 4 {
action permit
prefix 93.155.169.0/24
}
}
}
protocols {
bgp 47453 {
aggregate-address 93.155.130.0/24 {
}
aggregate-address 93.155.131.0/24 {
}
aggregate-address 93.155.162.0/24 {
}
aggregate-address 93.155.169.0/24 {
}
neighbor 212.70.158.89 {
nexthop-self
prefix-list {
export GCN
}
remote-as 12615
soft-reconfiguration {
inbound
}
}
network 93.155.130.0/24 {
}
network 93.155.131.0/24 {
}
network 93.155.162.0/24 {
}
network 93.155.169.0/24 {
}
parameters {
router-id 212.70.158.89
}
redistribute {
connected {
}
static {
}
}
}
static {
route 10.18.1.0/24 {
next-hop 93.155.131.11 {
}
}
route 10.18.7.0/24 {
next-hop 93.155.131.7 {
}
}
route 10.18.8.0/24 {
next-hop 93.155.131.8 {
}
}
route 10.18.9.0/24 {
next-hop 93.155.131.9 {
}
}
route 10.122.0.0/16 {
next-hop 93.155.131.11 {
}
}
route 10.123.0.0/16 {
next-hop 93.155.131.11 {
}
}
route 10.124.0.0/16 {
next-hop 93.155.131.11 {
}
}
route 10.125.0.0/16 {
next-hop 93.155.131.11 {
}
}
route 10.126.0.0/16 {
next-hop 93.155.131.11 {
}
}
route 10.127.0.0/16 {
next-hop 93.155.131.11 {
}
}
route 194.141.67.0/24 {
next-hop 93.155.131.19 {
}
}
route 194.141.68.0/24 {
next-hop 93.155.131.19 {
}
}
route 194.141.69.0/24 {
next-hop 93.155.131.19 {
}
}
}
}
service {
dns {
forwarding {
cache-size 2000
listen-on eth3
listen-on eth0.100
name-server 208.67.222.222
name-server 208.67.220.220
system
}
}
snmp {
community public {
authorization ro
}
contact support@itservice-bg.net
listen-address 93.155.130.14 {
port 161
}
location Bulgaria
}
ssh {
port 22
protocol-version v2
}
}
system {
host-name core2
login {
user vyatta {
authentication {
encrypted-password $1$ZohN7ZE.$2Ho4fiOy4AHpfhFS9/
}
level admin
}
}
ntp-server 0.vyatta.pool.ntp.org
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone Europe/Sofia
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "cluster@1:system@3:dhcp-server@4:ipsec@2:webgui@1:wanloadbalance@2:dhcp-relay@1:quagga@2:qos@1:firewall@3:vrrp@1:nat@3:webproxy@1:conntrack-sync@1" === */