January | 2011 | Brezular's Technical Blog

Router on a Stick Configuration – Juniper, Cisco, Vyatta

January 30, 2011 1 Comment

Layer 2 switch is a network device which provides network access for hosts connected to its ports. Hosts are grouped in to VLANs according to switch port configuration. If they are hosts belonging to different VLANs it is not connectivity between hosts (http://en.wikipedia.org/wiki/Virtual_LAN) so it must be a mechanism which provides connectivity – routing between hosts on different VLANs. Each VLAN should have assigned its own IP address space – subnet. Layer 2 switch can’t do routing between subnets and frames destinated outside of VLAN must be sent to device which is capable of routing between VLAN. This device is known as router and when it is connected with its only one interface to L2 switch this concept is called Router-on-a-Stick configuration. http://en.wikipedia.org/wiki/IEEE_802.1Q

Instead of transferring frames from particular VLAN on dedicated switch port it exists a method which allows to send frames from multiple VLANs through one port of switch. This switch port is called a trunk port and frames sent through the trunk port must carry information about VLAN they are coming from. The VLAN-ID information is placed in to 802.1 tag and a tag is added to original Ethernet frame right after source MAC address. VLAN-id field inside 802.1q tag is determined according to VLAN configured on switchport where a frame originally enters switch.

On opposite side of trunk there is a Router-on-a-Stick which needs to understand tagged 802.1q frames coming from trunk port of switch. Physical interface of router connected to switch is divided to multiple logical sub-interfaces. Each sub-interface is configured with IP subnet, VLAN-id and type of encapsulation (802.1q standard or proprietary Cisco ISL). Router’s job is routing between subnets and encapsulating frames with proper 802.1q tag according to VLAN-id configured on sub-interface.

The router port must be Fast Ethernet or Gigabit Ethernet port because it must be able to receive and send frames at the same time – working in duplex mode. Funny to say but Juniper shows speed 10M with half-duplex for interface fxp3 and Router-on-a-stick configuration is working.

The goal of this tutorial is to show Router-on-a-Stick configuration for different vendor products – Juniper, Cisco, Vyatta. I’m using LiSA Multilayer switch as layer 2 switch in this Lab for pure layer 2 switching – no layer 3 interfaces are configured on LiSA. The VLAN 100 and VLAN200 are created on LiSA and interface Ethernet 3 is a trunk port with only VLAN 100 and 200 allowed on this port. Host PC100 is connected to interface Ethernet0 with VLAN100 configured on this interface. VLAN 200 is configured on interface Ethernet 1 and it connects host PC200.

Router-on-a-Stick Juniper – click image to enlarge

There is Juniper on the picture doing intervlan routing between Vlan 100 and 200. I’m posting only one topology picture for all router-on-a-stick configurations but keep in mind Juniper should be replaced with particular type of router (Vyatta, Cisco) for following lab.

1. Linux Microcore host PC 100, PC 200 and LiSA configuration

LiSA and Microcore hosts configuration is quite common for all Labs so I’m posting it only once.

1.1 Microcore PC 100 host configuration

echo “ifconfig eth0 192.168.100.2 netmask 255.255.255.0″ >> /opt/bootlocal.sh
echo “route add default gw 192.168.100.1″ >> /opt/bootlocal.sh
echo “hostname PC100″ >> /opt/bootlocal.sh
/usr/bin/filetool.sh -b

sudo /opt/bootlocal.sh

1.2 Microcore PC 200 host configuration

echo “ifconfig eth1 192.168.200.2 netmask 255.255.255.0″ >> /opt/bootlocal.sh
echo “route add default gw 192.168.200.1″ >> /opt/bootlocal.sh
echo “hostname PC200″ >> /opt/bootlocal.sh
/usr/bin/filetool.sh -b

sudo /opt/bootlocal.sh

1.3 Linux Multilayer Switch – LiSA configuration

Configuration shouldn’t be a problem for people familiar with Cisco.

LiSA#show running-config
Building configuration…

Current configuration : 352 bytes
!
hostname LiSA
!
!
!
vlan 100
name Access100
!
vlan 200
name Access200
!
interface Ethernet 3
description Trunk to Router
switchport trunk allowed vlan 100,200
switchport mode trunk
!
!
interface Ethernet 0
description Link to PC 100
switchport access vlan 100
!
!
interface Ethernet 1
description Link to PC 200
switchport access vlan 200
!
end

2. Router-on-a-Stick – Juniper configuration

The configuration below is using Gigabit NIC e1000 (em interface). Ping between PC 100 and PC 200 is successful at the time of configuration but after reboot of Olive, em3 interface is stacked in administratively shutdown state regardless of configuration. I can’t find a solution to this issue but according to Olive Clue multiple VLANs should not be working for em interfaces.

For this reason I recommend to use NIC i82559er which is working flawlessly (fxp interface).

root@JUNOS4> show configuration

## Last commit: 2011-01-28 19:14:35 UTC by root
version 10.1R1.8;
system {
host-name JUNOS4;
root-authentication {
encrypted-password “$1$zjHC5DHn$p1x2.U8FZjdXBPY/qsVvu1″; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
em3 {
vlan-tagging;
unit 100 {
vlan-id 100;
family inet {
address 192.168.100.1/24;
}
}
unit 200 {
vlan-id 200;
family inet {
address 192.168.200.1/24;
}
}
}
}

I’ve attached captured traffic between Juniper and LiSA during ping from PC 100 (192.168.100.2) to PC 200 (192.168.200.2). All frames seems to have correct 802.1 tags.

3. Router-on-a-Stick – Vyatta 6.1 Core configuration

Vyatta is open-sorce routing solution running on x86 hardware. Read more about Vyatta here. I created tutorial how to install Vyatta on Qemu image available here.

vyatta@vyatta:~$ show configuration

interfaces {
ethernet eth3 {
duplex auto
smp_affinity auto
speed auto
vif 100 {
address 192.168.100.1/24
}
vif 200 {
address 192.168.200.1/24
}
}
loopback lo {
}
}
system {
host-name VYATTA
login {
user root {
authentication {
encrypted-password ****************
plaintext-password ****************
}
level admin
}
user vyatta {
authentication {
encrypted-password ****************
}
level admin
}
}
ntp-server 0.vyatta.pool.ntp.org
package {
auto-sync 1
repository community {
components main
distribution stable
password ****************
url http://packages.vyatta.com/vyatta
username “”
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone GMT
}

4. Router-on-a-Stick – Cisco 3725 configuration

Cisco#show run

Building configuration…

Current configuration : 1017 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
archive
log config
hidekeys
!
!
interface FastEthernet0/0
description Link to LiSA
no ip address
speed 100
full-duplex
!
interface FastEthernet0/0.100
description Sub-interface VLAN 100
encapsulation dot1Q 100
ip address 192.168.100.1 255.255.255.0
!
interface FastEthernet0/0.200
description Sub-interface VLAN 200
encapsulation dot1Q 200
ip address 192.168.200.1 255.255.255.0
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end

End.

Filed under GNS3 labs Tagged with c3725, Core, core linux, Juniper, linux router, Microcore, Olive, router on a stick, vyatta

How to setup Router based on Linux Core 4.x as Qemu Image in Fedora Linux – part1

January 26, 2011 21 Comments

GNS3 0.7 version and above implements lightweight GUI for Qemu virtualizer and emulator. The GUI allows to start/stop Qemu Virtual machines and configure Qemu Virtual machine parameters from GNS3 desktop. Adding Qemu support into GNS3 enable users to run various Qemu appliances. One of them is a Linux router based on Core Linux.

In fact, many people are using Linux Core to simulate endpoint devices in a GNS3 lab. But as any other Linux, Core can also switch packets between its interfaces and act as a router. Of course, it cannot compete with Cisco or any other vendor router in any way but could be considered as a tool for those who want to learn networking in Linux.

Despite the lack of performance and available features, Linux Core with installed Quagga routing software has one major benefit comparing to top network routers. It’s absolutely free, Linux based, running on x86 architecture and can profit from the fact that it is open source software. New features and protocols can be easily implemented from the Linux world.

My goal was to install Quagga in to Linux Core and to add some networking protocols available for Linux. (VRRP, Etherchannel, CDP)

The part one shows Linux Core installation on Qemu image in Fedora Linux. Reading this part can be helpful if you plan to build your own Core Qemu image and install basic extensions (applications) such as ssh, iptables, ip route, mtr, etc.

Please, notice the Qemu installation (patched for UDP tunnels and multicast) on Fedora Linux is not shown in this tutorial. For detailed steps visit the GNS3 blog.

http://blog.gns3.net/2009/10/olive-juniper/2/

Part two shows the steps of creating a router based on Linux Core. After installation additional extensions the Linux host is to a Linux router. Thanks to Quagga the router supports dynamic routing protocols such as RIP, OSPF, BGP, IS-IS and offers features such as VRRP, CDP that can be found in commercial Linux network OS.

http://brezular.wordpress.com/2011/01/20/how-to-setup-linux-microcore-3-x-router-qemu-image-in-fedora-linux-part2/

1) Core Linux Installation with console support

1.1 Download current core image (live CD iso version 4.x)

wget http://distro.ibiblio.org/tinycorelinux/4.x/x86/release/Core-current.iso

1.2 Create virtual qemu disk (we use qcow2 format to reduce size of image)

Assuming that Qemu has been installed.

/usr/local/bin/qemu-img create -f qcow2 ./linux-core-4.6.2.img 200M

1.3 Start qemu virtual disk “linux-core-4.6.2.img” with Core-current.iso mounted to cdrom

/usr/local/bin/qemu-system-i386 -boot d -cdrom ./Core-current.iso -hda linux-core-4.6.2.img

1.4 Install “cfdisk.tcz” and “grub-0.97-splash.tcz” on qemu disk (image)

Assuming the Fedora Linux is connected to the Internet.

tce-load -w -i cfdisk.tcz grub-0.97-splash.tcz

1.5 Run cfdisk command to create partition on /dev/hda

sudo su

cfdisk /dev/sda

Now the cfdisk Menu is opened. Use arrow keys and ENTER for navigate through Menu.

Navigate and select NEW -> Primary

Leave default size 98.71 MB for partition.

Select Bootable for new Primary partition. Select Write - partiton will be written on disk Select Quit – you leave Menu.

1.6 Format new partition for ext4 file system

mkfs.ext4 /dev/sda1

1.7 Rebuild fstab file

rebuildfstab

1.8 Mount the new installed partition

Edit /etc/fstab and add line to the end of file (in Microcore version 3.4 line is already added).

/dev/sda1/ /mnt/sda1/ ext4 noauto,users,exec 0 0

Now re-mount content of /etc/fstab

mount -av

Check if /dev/sda1 is mounted with df.

df -h

If not, try to mount it:

mount /mnt/sda1

1.9 Create directories /mnt/hda1/boot/grub/

sudo mkdir -p /mnt/sda1/boot/grub/

1.10 Mount CD with Microcore Live CD

mount /mnt/sr0

1.11 Copy content of /mnt/hdc/boot/ from CD to /mnt/hda1/boot/

cp -p /mnt/sr0/boot/* /mnt/sda1/boot

files vmlinuz and core.gz are copied to /mnt/sda1/boot/ directory.

1.12 Create tce directory for extension

sudo mkdir -p /mnt/sda1/tce

Change owner and group for ./tce directory

sudo chown tc /mnt/sda1/tce && sudo chgrp staff /mnt/sda1/tce/

1.13 Prepare file for backup and restore (create empty file mydata.tgz)

touch /mnt/sda1/tce/mydata.tgz

1.14 Check if directory /usr/lib/grub/ exist

If does not exist, reboot qemu image, else go to step 1.15.

reboot

Run image.

/usr/local/bin/qemu-system-i386 -boot d -cdrom ./Core-current.iso -hda linux-core-4.6.2.img

You need to install grub-0.97-splash again.

tce-load -w -i grub-0.97-splash.tcz

1.15 Install grub

sudo cp -p /usr/lib/grub/i386-pc/* /mnt/sda1/boot/grub/

1.16 Create file /mnt/hda1/boot/grub/menu.lst

sudo vi /mnt/sda1/boot/grub/menu.lst

default 0
timeout 0
title core-4.6.2
kernel /boot/vmlinuz quiet console=ttyS0,9600n8 home=sda1
initrd /boot/core.gz

1.17 Run grub

grub

Write following lines to grub prompt:

root (hd0,0)
setup (hd0)
quit

1.18 Umount Live CD and reboot

umout /dev/sr0

poweroff

1.19 Start qemu disk

/usr/local/bin/qemu-system-i386 -boot c -hda linux-core-4.6.2.img

Your new image should boot now and you might configure Core for redirecting VGA output to the serial port.

1.20 Remaster Core for VGA output to the serial port

In this step you need extract file core.gz, make changes in /etc/inittab and pack extracted system back to core.gz.

a) Extract core.gz to /home/tc/temp/extract/

Create an extract directory and copy core.gz to this directory:

mkdir -p /home/tc/temp/extract

sudo cp /mnt/sda1/boot/core.gz /home/tc/temp/

cd /home/tc/temp/extract/

zcat ../core.gz | sudo cpio -i -H newc -d

Now, the full filesystem is extracted in /home/tc/temp/extract/

tc@box:~/temp/extract$ ls

bin dev etc home init lib mnt opt proc root sbin sys tmp usr var

b) Configure /etc/inittab to support serial console logins (getty daemon will be listen on serial port ttyS0)

sudo vi ./etc/inittab

ttyS0::respawn:/sbin/getty -nl /sbin/autologin 9600 ttyS0

c) Edit /etc/securetty to allow user root login to serial port ttyS0

Uncomment the line # ttyS0. If you plan to setup a telnet server, add terminals pts/0, pts/1, pts/2, pts/3 superuser login.

sudo vi ./etc/securetty

ttyS0
pts/0
pts/1
pts/2
pts/3

d) Pack filesystem back to the file core.gz

sudo su

mv /home/tc/temp/core.gz /home/tc/temp/core.gz-backup

cd /home/tc/temp/extract/

find | cpio -o -H newc | gzip -2 > /mnt/sda1/boot/core.gz

rm -rf /home/tc/temp/
rm /home/tc/temp/core.gz-backup

1.21 Test telnet to serial Core serial port

Run Qemu image:

/usr/local/bin/qemu -m 128 -hda ./linux-core-4.6.2.img -serial telnet:0.0.0.0:3000,server,nowait

During the boot, telnet to Core from Fedora:

telnet localhost 3000

You should see whole boot process on console. After boot, hit Enter and for login to box.

1.22 Set password for superuser

Core comes with two users - tc and root. Password for user tc is not set.

Change for root account password to “root”

sudo su

passwd root

Exit from superuser account: exit

Make superuser’s password permanent after Core reboot:

echo “/etc/shadow” >> /opt/.filetool.lst

/usr/bin/filetool.sh -b

1.23 Delete command history

sudo su

echo > /home/tc/.ash_history

2. Basic extensions installation and configuration

2.1 IPv6 support in Microcore Linux

a) Download and install ipv6-3.0.3-tinycore.tcz to add IPv6 support to Microcore

tce-load -w -i ipv6-3.0.3-tinycore.tcz

b) Load IPv6 module to kernel and make it persistent

echo “modprobe ipv6″ >> /opt/bootlocal.sh

sudo modprobe ipv6

/usr/bin/filestool.sh -b

2.2 Basic network extensions installation - iptables, tcpdump, iperf, iproute2, mtr, d-itg

tce-load -w -i iptables tcpdump iperf openssh iproute2 mtr d-itg

Iptables is the userspace tool to control the linux kernel firewall.

Tcpdump is a tool for network monitoring and data acquisition.

Iperf is a tool for measuring Internet bandwidth performance.

Iproute2 is a collection of utilities for controlling TCP/IP networking and traffic control.

Mtr combines the functionality of the traceroute and ping programs in a single network diagnostic tool.

D-ITG is a distributed traffic generator and it is capable to generate traffic at network, transport, and application layer. It supports both IPv4 and IPv6 traffic generation.

Note: netfilter-2.6.33.3-tinycore is automatically installed with ipv6-2.6.33.3-tinycore extension. It enables fire-walling and IPv6 support.

2.3 SSH server configuration

Assuming openssh and openssl extensions have been installed.

a) Check if openssh extension is installed

ls /mnt/hda1/tce/optional/openssh*

/mnt/hda1/tce/optional/openssh.tcz /mnt/hda1/tce/optional/openssh.tcz.dep /mnt/hda1/tce/optional/openssh.tcz.md5.txt

If there is not openssh.tcz in the list install it. Openssl is automatically installed with openssh extesnion.

tc-load -w -i openssh

Openssh extension should be added to the list of loaded extensions during the boot of Microcore Linux. Check it with command:

cat /mnt/hda1/tce/onboot.lst

If there is not openssh in the list of onboot extensions, add it:

echo “openssh.tcz” >> /mnt/hda1/tce/onboot.lst

/usr/bin/filetool.sh -b

b) Create openssh config file

sudo mv /usr/local/etc/ssh/sshd_config.example /usr/local/etc/ssh/sshd_config

c) Start openssh daemon

sudo /usr/local/etc/init.d/openssh start

The public/private rsa key pair and public/private dsa key are generated.

d) Make openssh deamon started during the boot

echo “/usr/local/etc/init.d/openssh start” >> /opt/bootlocal.sh

e) Backup keys in ssh configuration directory

echo “/usr/local/etc/ssh” >> /opt/.filetool.lst

/usr/bin/filetool.sh – b

f) Test ssh server

Password is root.

ssh root@localhost

2.4 Telnet server configuration on Microcore

You can skip the steps b) and c) if you modified /etc/securetty for pts in part 1.20 e ) (Remastering Microcore)

a) Add telnet deamon to the list of running application after boot

sudo /usr/sbin/telnetd

echo “/usr/sbin/telnetd” >> /opt/bootlocal.sh

b) Configure terminals on which root is allowed to login

sudo vi /etc/securetty

pts/0 pts/1 pts/2 pts/3 pts/4

It allows 5 telnet sessions.

c) Make /etc/securetty being on the list of saved files

echo “/etc/securetty” >> /opt/.filetool.lst

d) Save configuration

/usr/bin/filetool.sh -b

2.5 Script for using dhclient

Microcore uses udhcpc instead of ISC dhclient by default. This script calls udhcpc when command dhclient is invoked.

sudo su

echo “udhcpc” > /sbin/dhclient

chmod 744 /sbin/dhclient

echo “/sbin/dhclient” >> /opt/.filetool.lst

/usr/bin/filetool.sh -b

2.6 Load basic iptables modules to Microcore

vi /opt/bootlocal.sh

modprobe iptable_mangle
modprobe iptable_nat
modprobe ipt_limit
modprobe ipt_multiport
modprobe ipt_tos
modprobe ipt_TOS
modprobe ipt_REJECT
modprobe ipt_TCPMSS
modprobe ipt_tcpmss
modprobe ipt_ttl
modprobe ipt_LOG
modprobe ipt_length
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
modprobe ipt_conntrack
modprobe ipt_state
modprobe ipt_helper
modprobe ip_nat_ftp
modprobe ip_nat_irc

Save /opt/bootlocal.sh configuration.

/usr/bin/filetool.sh -b

2.7 Secure locate – slocate installation and configuration

Secure Locate provides a secure way to index and quickly search for files on system. It also stores file permissions and ownership so that users will not see files they do not have access to.

tce-load -w -i slocate

echo “/usr/local/bin/slocate -u” >> /opt/bootlocal.sh

/usr/bin/filetool.sh -b

End.

Microcore 3.4.1 host Qemu image is available for download here.

http://www.4shared.com/file/vy0CTqce/linux-microcore-341.html

Microcore 3.8.2 host Qemu image is available for download here.

http://www.4shared.com/file/OJLoHTAn/linux-microcore-382.html

Used Links

How to setup Linux Microcore 3.x Router Qemu Image in Fedora Linux – part2
http://brezular.wordpress.com/2011/01/20/how-to-setup-linux-microcore-3-x-router-qemu-image-in-fedora-linux-part2/

How to install Tinycore (Microcore + GUI)
http://tinycorelinux.com/install.html http://wiki.tinycorelinux.com/tiki-index.php

Console part of the tutorial
http://theanand.info/
http://wiki.tinycorelinux.com/tiki-index.php?page=Remastering
http://www.vanemery.com/Linux/Serial/serial-console.html

Boot codes
http://wiki.tinycorelinux.net/wiki:persistence_for_dummies
http://wiki.tinycorelinux.net/wiki:boot_codes_explained
http://wiki.tinycorelinux.net/wiki:boot_options

Filed under Linux Core Tagged with Core, core linux, Fedora, GNS3, linux router, Microcore, Qemu

How to setup Linux Microcore 3.x Router Qemu Image in Fedora Linux – part2

January 20, 2011 5 Comments

In this tutorial I am going to setup router on Microcore 3.4.1 Qemu image. Assuming you created Microcore Qemu image in part1 we will continue to install applications that change our Linux host image to functional Linux router.

1. Quagga routing daemon installation and configuration

Quagga is IPv4 and IPv6 routing software suite, GPL licensed. The Quagga extension I have made for Microcore 3.x was added to repository and can be found here:

http://distro.ibiblio.org/pub/linux/distributions/tinycorelinux/tcz_3x.html

The Quagga extension supports both IPv4 and IPv6 routing protocols.

1.1 Quagga installation

tce-load -wi quagga

Check if Quagga is included in the list of after boot running extensions.

cat /mnt/hda1/tce/onboot.lst
quagga.tcz

1.2 Run Zebra – kernel routing manager

/usr/local/sbin/zebra
privs_init: could not lookup user quagga

We need to to create user quagga:

sudo adduser quagga -H -D -s /bin/sh

passwd: quagga

-H don’t create home directory
-s shell

Get information about the user quagga:

cat /etc/passwd
quagga:x:1001:1002:Linux User,,,:/home/quagga:/bin/sh

User quagga (ID 1001) is member of group quagga (ID 1002), with password quagga and without home directory. The preferred shell is Bourne shell for this user.
Invoke zebra the second time:

sudo /usr/local/sbin/zebra
vty_read_config: failed to open configuration file /usr/local/etc/zebra.conf : No such file or directory

1.3 Create configuration file for zebra and routing daemons

Each routing daemon need to have own configuration file. Password must be set for telnet connection to daemon.

sudo su
mkdir /usr/local/etc/quagga/
echo “password quagga” > /usr/local/etc/quagga/zebra.conf
echo “password quagga” > /usr/local/etc/quagga/ripd.conf
echo “password quagga” > /usr/local/etc/quagga/ripngd.conf
echo “password quagga” > /usr/local/etc/quagga/ospfd.conf
echo “password quagga” > /usr/local/etc/quagga/ospf6d.conf
echo “password quagga” > /usr/local/etc/quagga/bgpd.conf
echo “password quagga” > /usr/local/etc/quagga/isisd.conf

1.4 Make Zebra and routing protocols running after boot of Microcore

echo “/usr/local/sbin/zebra -u root -d -f /usr/local/etc/quagga/zebra.conf” >> /opt/bootlocal.sh
echo “/usr/local/sbin/ripd -u root -d -f /usr/local/etc/quagga/ripd.conf” >> /opt/bootlocal.sh
echo “/usr/local/sbin/ripngd -u root -d -f /usr/local/etc/quagga/ripngd.conf” >> /opt/bootlocal.sh
echo “/usr/local/sbin/ospfd -u root -d -f /usr/local/etc/quagga/ospfd.conf” >> /opt/bootlocal.sh
echo “/usr/local/sbin/ospf6d -u root -d -f /usr/local/etc/quagga/ospf6d.conf” >> /opt/bootlocal.sh
echo “/usr/local/sbin/bgpd -u root -d -f /usr/local/etc/quagga/bgpd.conf” >> /opt/bootlocal.sh
echo “/usr/local/sbin/isisd -u root -d -f /usr/local/etc/quagga/isisd.conf” >> /opt/bootlocal.sh

I configured all the routing daemons being started after boot of Microcore. I guess you are not going to use all routing protocol so my advice is adding only necessary daemon to /opt/bootlocal.sh. I helps you save memory and CPU (about 2 MB for each daemon).

Add Quagga configuration files to the list of permanent files and backup it.

echo “/usr/local/etc/quagga” >> /opt/.filetool.lst
echo “/etc/group” >> /opt/.filetool.lst
echo “/etc/passwd” >> /opt/.filetool.lst
echo “/etc/shadow” >> /opt/.filetool.lst
/usr/bin/filetool.sh -b

1.5 Quagga operation

Each routing daemon listens on dedicated port:

zebrasrv…..2600/tcp——–# zebra service
zebra………2601/tcp——–# zebra vty
ripd………..2602/tcp——-# RIPd vty
ripngd……..2603/tcp——–# RIPngd vty
ospfd………2604/tcp——–# OSPFd vty
bgpd……….2605/tcp——–# BGPd vty
ospf6d……..2606/tcp——–# OSPF6d vty
ospfapi…….2607/tcp——–# ospfapi
isisd………..2608/tcp——-# ISISd vty

Enter telnet and the port on which is daemon listening. For access to zebra, telnet to zebra daemon.

telnet localhost 2601

Hostname, static route, ip addres of interfaces can be configured here.

Note: You have to call command /usr/bin/filetool.sh -b to keep changes in deamon configuration file. If you don’t do it, changes will not be kept after reboot of Microcore.

1.6 Enable IPv4 and IPv6 packets forwarding between interfaces

Forwarding between network interfaces is disabled by default. To activate ipv4 and ipv6 forwarding you need to do:

sudo su
echo “net.ipv4.ip_forward = 1″ >> /etc/sysctl.conf
echo “net.ipv6.conf.all.forwarding = 1″ >> /etc/sysctl.conf
exit
echo “/etc/sysctl.conf” >> /opt/.filetool.lst
echo “sysctl -p /etc/sysctl.conf” >> /opt/bootlocal.sh

/usr/bin/filetool.sh -b

After reboot you can check if ipv4 and ipv6 forwarding is enabled (value 1).

systcl -a | grep forward

2. CDP-tools installation and configuration

The Cisco Discovery Protocol (CDP) is a proprietary Data Link Layer network protocol developed by Cisco Systems that is implemented in most Cisco networking equipment. It is used to share information about other directly connected Cisco equipment, such as the operating system version and IP address.

Cdp-tools is a set of tools for working with the Cisco Discovery Protocol.

cdp-listen is used for receiving CDP packets.
cdp-send is used for sending CDP packets. It can pretend to be just about any kind of Cisco hardware.

2.1 CDP-tools installation

tce-load -wi cdp-tools

2.2 CDP-tools configuration

cdp-send configuration
Use vi editor to create cdp_config script which starts cdp-send daemon. CDP_config script should be placed in /opt/bootlocal.sh which starts cdp_config during boot of Microcore. Unfortunately no all Ethernet interfaces are really up when cdp-send is started and cdp-send cannot start for interfaces in down state. For this reason CDP_config must bring up all Ethernet interfaces used by cdp-send before cdp_send is started over interfaces.

On the other hand bridging Ethernet interfaces up by cdp_config started from /opt/bootlocal.sh script can lead to unexpected behaviour of applications using Ethernet interfaces (ifconfig, keepalived) if these applications are started after Ethernet interfaces are bridging up by cdp_config script. For this reason I recommend to add /usr/local/etc/cdp-tools/cdp_config as a last line in /opt/bootlocal.sh startup script.

sudo su
mkdir /usr/local/etc/cdp-tools/
vi /usr/local/etc/cdp-tools/cdp_config

for i in /sys/class/net/*
do
j=$(echo $i | cut -d “/” -f5)
if [ "$j" != dummy0 ] && [ "$j" != lo ] && [ "$j" != bonding_masters ]; then

ifconfig $j up
fi
done

cdp-send -s “$(uname -ra)” -c l3txrx -c l3r `ls /sys/class/net | grep -v lo | grep -v dummy | grep -v \ bonding_masters`

CDP updates are sent out of available Ethernet interfaces, with these capabilities.

l3r – L3 router
l3txrx – host

cdp-listen
This command checks CDP updates coming from neighbour to eth0 Microcore interface.

sudo /usr/local/bin/cdp-listen eth0

Note CDP-listen must be kept as a last line in /opt/bootlocal.sh otherwise your application using network can’t work properly (loosing network configuration etc.).

2.3 Saving configuration

chmod +x /usr/local/etc/cdp_tools/cdp_config
echo “/usr/local/etc/cdp_tools/cdp_config” >> /opt/.filetool.lst
echo “/usr/local/etc/cdp_tools/cdp_config” >> /opt/bootlocal.sh
/usr/bin/filetool.sh -b

Note CDP-listen must be kept as a last line in /opt/bootlocal.sh otherwise your application using network can’t work properly (loosing network configuration etc.).

3. VRRP stack installation and configuration

VRRP /Virtual Router Redundancy Protocol/ is implemented as a part of keepalived project which brings keepalive facility to the Linux Virtual Server project.

Keepalived available in Microcore 3.x repository is compiled for VRRP support only.

3.1 Keepalived installation

tce-load -wi keepalived

Create keepalived directory, configuration file and script for restarting VRRP daemon – child of keepalived daemon.

sudo su
mkdir /usr/local/etc/keepalived/
touch /usr/local/etc/keepalived/keepalived.conf

vi /usr/local/sbin/keepalived-restart.sh

pid=`cat /var/run/vrrp.pid`
sudo kill $pid

chmod +x /usr/local/sbin/keepalived-restart.sh

Save configuration directory and make keepalived started during Micocore boot. Parameter -p means only VRRP subsystem is started.

echo “/usr/local/etc/keepalived/” >> /opt/.filetool.lst
echo “/usr/local/sbin/keepalived-restart.sh” >> /opt/.filetool.lst
echo “/usr/local/sbin/keepalived -P -f /usr/local/etc/keepalived/keepalived.conf” >> /opt/bootlocal.sh
/usr/bin/filetool.sh -b

3.2 Keepalived configuration

Let’s say we have two Microcore routers – R1 and R2. Router R1 is master router because its priority is 150 and it is higher than router R2 priority 100. Router R1 and R2 eth0 interfaces are connected to L2 switch and they are on the same subnet 192.168.1.0/24. Both routers have same virtual IP address 192.168.1.1 which is used as default gateway for host connected to 192.168.1.0/24 subnet.

Traffic leaving 192.168.1.0/24 subnet is forwarded to R1 eth0 interface because router R1 priority is 150 thus considered as Master router. If router R1 fails traffic sent outside 192.168.1.0/24 subnet is forwarded to router Backup router R2 eth0 interface. R2 is considered as Backup router because its priority is 100 is lower than R2 priority 150.

3.2.1 Keepalived configuration for Master router R1

This is an example of keepalived configuration file on Master router R1. After you edit configuration, please uncomment all the lines started with #

sudo su
vi /usr/local/etc/keepalived/keepalived.conf

#vrrp_instance VI_1 {
#state MASTER
#interface eth0
#virtual_router_id 1
#priority 150
#virtual_ipaddress {
#192.168.1.1/24 brd 192.168.1.255 dev eth0
}
}

VRRP daemon must be restarted after each change in keepalived.conf file.

/usr/local/sbin/keepalived-restart.sh

Configuration changes in keepalived.conf must be saved with /opt/filetool.sh -b.

/usr/bin/filetool.sh -b

3.2.2 Keepalived configuration for Backup router R2

This is an example of keepalived configuration file on Backup router R2. After you edit configuration, please uncomment all the lines started with #

sudo su
vi /usr/local/etc/keepalived/keepalived.conf

#vrrp_instance VI_1 {
#state BACKUP
#interface eth0
#virtual_router_id 1
#priority 100
#virtual_ipaddress {
#192.168.1.1/24 brd 192.168.1.255 dev eth0
}
}

VRRP daemon must be restarted after each change in keepalived.conf file.

/usr/local/sbin/keepalived-restart.sh

Configuration changes in keepalived.conf must be saved with /opt/filetool.sh -b.

/usr/bin/filetool.sh -b

4. Bonding /EtherChannel/ in Linux Microcore

Bonding /EtherChannel in Cisco terminology/ is aggregation several network interfaces to to single logical interface. If the physical links are Layer2 links (STP is running over these links) no physical links is blocked by STP /Spanning Tree Protocol) because STP sees only one logical link thus it keeps it up. If one of the links in bundle fails traffic is sent trough other links. Bonding brings redundancy and increase available bandwidth using load-balancing traffic over links. Bonding can be set manually or be negotiated using 802.3ad – Link Aggregation Control Protocol.

Kernel of Microcore has been compiled for bonding driver support and bonding can be loaded as module to kernel.

Ifenslave utility is userspace for for aggregating multiple network links into a single link. The ifenslave user level control program is included in the kernel source tree, in the file Documentation/networking/ifenslave.c. I created ifenslave.tcz extension and sent it to Microcore upstream unfortunately it has not been added to repository yet.

Yo can download ifenslave.tcz, ifenslave.tcz.info and ifenslav.tcz.md5.txt from here.

http://www.4shared.com/file/YE8V1eig/ifenslave.html
http://www.4shared.com/file/GJY6w2AE/ifenslavetcz.html
http://www.4shared.com/document/Fpa6XPkv/ifenslavetczmd5.html

4.1 Ifenslave installation

If ifenslave is available in Microcore repository you can install it.

tce-load -wi ifenslave.tcz

If you notice HTTP 404 Not Found warning message, you need to use links I have provided and download ifenslave.tcz and ifenslav.tcz.md5.txt. Copy these files to Microcore image and install it.

tce-load -i ./ifenslave.tcz

mv ./ifenslave.tcz ./ifenslave.tcz.md5.txt /mnt/hda1/tce/optional/
echo “ifenslave.tcz” >> /mnt/hda1/tce/onboot.lst
/usr/bin/filetool.sh -b

4.2 Bonding configuration

The easiest way to configure bonding is to create a script which load bonding module to kernel with specific type of bonding, Script also creates bonding interface, change its MAC address , assign an IP address and adds Ethernet interfaces to bond interface.

sudo su
vi /usr/local/bin/bonding.sh

#modprobe bonding mode=0 miimon=100 # load bonding module

#ifconfig eth0 down    # putting down the eth0 interface
#ifconfig eth1 down    # putting down the eth1 interface

#ifconfig bond0 hw ether 00:11:22:33:44:55    # changing the MAC address of the bond0 interface
#ifconfig bond0 192.168.1.1 up    # to set ethX interfaces as slave the bond0 must have an ip.

#ifenslave bond0 eth0    # putting the eth0 interface in the slave mod for bond0
#ifenslave bond0 eth1    # putting the eth1 interface in the slave mod for bond0

Edit script according to your needs and delete # char at the beginning of each line. They are several bonding modes, check the url below for explanation, please.

http://www.linuxhorizon.ro/bonding.html

Script for restart bonding after change in /usr/local/bin/bonding.sh file

vi /usr/local/bin/bonding-restart.sh

sudo ifconfig bond0 down
sudo rmmod bonding
sudo /usr/local/bin/bonding.sh

This script should be called after each change in bonding.sh file.

Assign run privileges to the scripts , add it to the list of kept files, make them run after boot of Microcore and saved it.

chmod +x /usr/local/bin/bonding.sh
chmod +x ./usr/local/bin/bonding-restart.sh
echo “/usr/local/bin/bonding.sh” >> /opt/.filetool.lst
echo “/usr/local/bin/bonding-restart.sh” >> /opt/.filetool.lst
echo “/usr/local/bin/bonding.sh” >> /opt/bootlocal.sh
/usr/bin/filetool.sh -b

To see status Ethernet interfaces in bundle, bonding method try command.

cat /proc/net/bonding/bond0

5. DHCP server configuration

Microcore uses udhcpc for dhcp client and it is running on all Ethernet interfaces by default. Microcore uses udhcpd for DHCP server configuration. Both utilities are part of Microcore kernel you don’t need to install them.

Let’s say we want to run DHCP server for hosts connected to eth0 and eth1 interface. First we need to assign IP address, network mask for both interfaces. After that we can start to configure Microcore as a DHCP server for eth0 and eth1. Configuration is straightforward and does not need any further explanation.

sudo mkdir /etc/udhcpd/
echo “/etc/udhcpd/” >> /opt/.filetool.lst

5.1 Ethernet0 configuration

sudo touch /etc/udhcpd/udhcpd-eth0.leases
sudo vi /etc/udhcpd/udhcpd-eth0.conf

start 192.168.1.10
end 192.168.1.254
interface eth0
lease_file     /etc/udhcpd/udhcpd-eth0.leases
pidfile        /var/run/udhcpd-eth0.pid
option     dns     192.168.1.8 192.168.1.9
option subnet 255.255.255.0
option    router 192.168.1.1
option domain microcore.linux.eu

echo “/usr/sbin/udhcpd /etc/udhcpd/udhcpd-eth0.conf” >> /opt/bootlocal.sh
/usr/bin/filetool.sh -b

5.2 Ethernet1 configuration

sudo touch /etc/udhcpd/udhcpd-eth1.leases
sudo vi /etc/udhcpd/udhcpd-eth1.conf

start 192.168.2.10
end 192.168.2.254
interface eth1
lease_file     /etc/udhcpd/udhcpd-eth1.leases
pidfile        /var/run/udhcpd-eth1.pid
option     dns     192.168.2.8 192.168.2.9
option subnet 255.255.255.0
option    router 192.168.2.1
option domain microcore.linux.eu