SlideShare uma empresa Scribd logo

Dynamic Routing with FRR - pfSense Hangout December 2017

Netgate
Netgate

Slides for the December 2017 pfSense Hangout video

Tecnologia
1 de 24
Baixar para ler offline
Dynamic Routing with FRR December 2017 Hangout Jim Pingle
About this Hangout ● Project News ● Why use a routing protocol? ● Terminology ● BGP Intro ● OSPF Intro ● Compare/Contrast BGP and OSPF ● FRR Intro ● FRR package for pfSense ● Configuring FRR/Zebra ● BGP Setup Prep ● BGP Configuration ● OSPF Setup Prep ● OSPF Configuration ● Converting OpenBGPD to FRR ● Converting Quagga to FRR
Project News ● 2.4.2-RELEASE-p1 / 2.3.5-RELEASE-p1 – Security and bug fixes – https://www.netgate.com/blog/pfsense-2-4-2-release-p1-and-2-3-5-release-p1-now-available.html ● Article on Snort and openappid for application detection – https://www.netgate.com/blog/application-detection-on-pfsense-software.html ● Netgate was at the DPDK Summit, FD.io mini summit, and AWS re:Invent conferences ● New Netgate products TNSR and SCLR announced – Based on VPP from FD.io for a data plane, may also support netmap in the future ● VPP is capable of performance far beyond FreeBSD or Linux kernel networing ● Currently using Linux as a base OS to run VPP – 40+Gbit/s IPsec – TNSR is high-throughput enterprise focused, SCLR is Small/Medium Business – TNSR is CLI-based, SCLR will have a web interface – RESTCONF API – First offering is TNSR for AWS Transit VPC to connect between AWS VPC regions at high speeds ● Sneak peek at upcoming c3000 based platform, PLCC-B – https://twitter.com/pfsense/status/943879263165517824 – C3xxx CPU, built-in switch, exact specs of production units are not yet set ● Netgate office is moving to a new location in Austin next month – There should be minimal, if any, disruption in system lead times and deliveries
Disclaimer ● In some areas this hangout will stay light on detail – No time to get into the intricacies of how the protocols work, advanced setups, etc ● Some terminology and examples will be simplified, so if you are very familiar with BGP or OSPF you might find some omissions or contradictions made here for the sake of simplicity ● Many more advanced configurations are possible than will be covered in this introductory hangout! – Not covering advanced settings or concepts such as multiple areas, route maps, communities, access lists, prefix lists, etc.
Why use a routing protocol? ● Easier than maintaining static routes ● Each router knows its own connected networks and will tell other routers about them, rather than having to manually configure routes everywhere ● Scales better for larger networks vs manual configuration ● Can react dynamically to events (e.g. WAN or other path failures) ● Can calculate best path to reach another network when multiple paths are possible ● Generally falls into two classes: – IGP - Interior Gateway Protocol, manages routing between internal segments of a single network ● Example: OSPF between local segments or site-to-site links – EGP - Exterior Gateway Protocol, routing between discrete networks ● Example: BGP between a site and its ISP
Terminology ● Autonomous System (AS) - The network of an entire organization ● AS Number - A number assigned to a specific Autonomous System – Depending on peer capabilities, can either be 2 byte (0-65534) or 4 byte (0-4294967294) value ● Area - A set of related routers – An Area is typically represented as an IPv4 address in dotted quad notation, such as 0.0.0.0 ● Router ID - Used to uniquely identify a router – Usually an IPv4 address on a router, but can be any IPv4 address so long as it is unique to the router ● Neighbor - A peer in a directly connected network that is running the same routing protocol ● Adjacency - A relationship between two neighbors ● Next Hop - Host through which traffic for a route is delivered ● Metric / Preference / Weight - Used to signify which paths are best when there are multiple choices
BGP Introduction ● BGP stands for Border Gateway Protocol ● Routes between autonomous systems ● Each Neighbor must have a BGP connection defined for every other Neighbor to exchange routes ● Neighbors connect to each other using TCP port 179 ● Uses path length and other configured policies to make decisions ● Most commonly used for exterior use cases such as reaching the Internet (ebgp) ● Can also be used inside an AS for interior routing (ibgp) ● Example use cases – ISP full feeds (ebgp) ● When full feeds are available from multiple ISPs, routing decisions can be made about what traffic to send along each path ● Lots o' RAM and CPU for that! – Public IP allocation routing (ebgp) – Internal routing (ibgp)
OSPF Introduction ● OSPF stands for Open Shortest Path First ● Routes internally within an autonomous system or single routing domain (not over the Internet, only local directly connected paths) ● Routers do not need to know about other routers beforehand, they find other routers automatically ● Uses protocol 89 (OSPF), not TCP or UDP ● Uses multicast to distribute routes inside a broadcast domain – Connections between OSPF neighbors must be capable of using multicast! ● Uses Area designations to divide portions of networks – Every router inside an area must keep a database of networks inside that area, so a single area doesn’t scale well on large networks – Routes between areas can be summarized – Different types of areas accept different types of routes, but this is beyond the scope of what we’re talking about today (e.g. stub areas) ● Example use cases – Edge router to L3 switch or internal router – VPN or dedicated site-to-site circuit – Multiple paths for VPN or other networks
Choosing between BGP and OSPF ● BGP can work externally and internally, but is better at the border or handling border-related tasks ● OSPF is for internal use only ● The two can work together, BGP at the edge (or setup to let routers find a path to the edge), OSPF internally so routers know how to reach each other and other local networks ● Both can work with IPv4 and IPv6, depending on the implementations – OSPF/OSPFv2 for IPv4, OSPF6/OSPFv3 for IPv6 – FRR uses BGP version 4 which can handle IPv4 or IPv6 ● BGP has strictly defined peers, better security, autonomous systems ● BGP requires a full mesh where every peer defines every other peer, thus scales poorly on large internal networks – Route reflectors and confederation can help, but are beyond the scope of what we’re covering today
Choosing between BGP and OSPF ● OSPF works much more dynamically, less admin overhead for each node ● OSPF converges faster in most common cases ● BGP uses TCP, OSPF requires multicast and uses its own protocol (89) ● BGP can use TCP-MD5 signatures for authentication/security – Not on OpenVPN, but on regular interfaces – OSPF can have password authentication, but it uses a different mechanism ● FRR is capable of redistributing BGP routes to OSPF and vice versa – Route maps can be used to filter what routes go where, at least on the BGP side – The OSPF GUI in the pfSense FRR package does not have proper support for route-maps but the same effect can be obtained using the “do not redistribute” list ● OSPF routers know the entire topology to every segment within the area, BGP may only know the next hop depending on the setup
What is FRR? ● FRRouting, also known as Free Range Routing ● Fork of the Quagga project from large contributors looking to increase the pace of development ● Handles dynamic routing protocols such as BGP, OSPF, OSPFv3/OSPF6, IS-IS, LDP, PIM, and RIP – pfSense FRR GUI only currently supports BGP, OSPF, and OSPF6 ● Like Quagga, it has dedicated daemons for each protocol, plus the zebra demon to coordinate everything
FRR Package for pfSense ● Available on 2.4.2 and 2.3.5 ● Designed as a replacement for both Quagga and OpenBGPD which both have problems – The Quagga package only had GUI controls for OSPF, but could be manually configured in some cases for BGP – The OpenBGPD package had several behavioral problems which limited its usefulness – Due to both Quagga and OpenBGPD having “bgpd” binaries they could not be installed at the same time – OpenBGPD had problems with IPsec, PFKEY errors, the problem does not occur with FRR (e.g. AWS VPC VPN) ● By unifying features in one package, BGP and OSPF can both be used without manual workarounds ● Extensive GUI for configuring OSPF and BGP ● Improved status combined from Quagga and OpenBGPD and enhanced – Status > FRR menu entry – Filtering, data limiting to help deal with large routing tables – Multiple status views, tab per protocol, plus general status with summary info ● May gain support for additional protocols in the future ● Why FRR and not something else like BIRD? Familiarity, stability on FreeBSD, and preference
FRR Package for pfSense ● Installing the package – Installs via the package manager like any other package, System > Package Manager, Available Packages tab – The package adds Services menu entries for each section of FRR (Global/Zebra, BGP, OSPF, OSPF6), plus a Status menu link ● Navigating the package – Too many tabs in each section to show them all at once, so each section only shows its own options, plus links to other sections – Tabs in [Brackets] go to other sections ● Example: When in BGP, click [OSPF] to switch to the OSPF section with its own set of tabs ● Always enable the main FRR tab checkbox in addition to the individual daemons (master on/off switch!) – Example: To enable OSPF, visit OSPF Settings and check Enable OSPF Routing, then on the Global Settings tab, check Enable FRR ● Status section has an All page with some information from each enabled section, plus tabs for each section with more detail ● Do not be intimidated by the complexity of the GUI! – There are many, many options in FRR but odds are if you don’t know or recognize them, you probably don’t need them for basic use cases – FRR is very powerful, but not everyone needs all of that power, and it isn’t practical to make numerous “Advanced” sections for everything – If any terms or concepts are unfamiliar, read through the FRR user guide at https://frrouting.org/user-guide/ ● Dynamic routes in routing table have a “1” flag when viewed at Diagnostics > Routes
Configuring FRR/Zebra ● No matter which protocol is used, first enable the main settings of FRR ● Navigate to Services > FRR Global/Zebra ● Check Enable FRR ● Enter a Master Password ● Set logging as desired ● Enter a Router ID (e.g. LAN IP Address of this firewall)
BGP Setup Preparations ● Determine the setup type (e.g. site to site, ISP uplink, etc) – This is example is a site-to-site example, but others are similar ● Determine the local AS number – If this is local/private, use a private AS number in the range 64512-65534 (16 bit/2 byte AS) or 4200000000- 4294967294 (32 bit/4 byte AS) – If this is a public allocation, ask your RIR and/or ISP ● Determine the remote neighbor address and AS number – Consult the administrator of the far-side firewall – If this is you, and it’s internal, pick another private AS number ● Decide which networks will be advertised through BGP – If this is private, it’s up to you – If this is for a vendor link, it must be agreed upon by both sides – If it’s public, it will be the address block allocated to you ● Firewall rules must allow tcp/179 from the neighbor to this device, e.g. on WAN or VPN link
Configuring BGP ● Configure FRR/Zebra as mentioned previously ● Navigate to the BGP Settings via [BGP] tab or Services > FRR BGP ● Check Enable BGP Routing ● Set logging as desired ● Enter the AS number for this router ● Enter a Router ID, or leave it blank to use the ID defined in the global settings ● Under Network Distribution, enter the local networks which will be advertised to BGP neighbors (e.g. LAN, DMZ, or a summary of all) ● Save the settings
Configuring BGP ● Switch to the Neighbors tab, add an entry for each neighbor/address family (e.g. one entry for IPv4, one for IPv6) ● Enter the Name/Address, typically the IP address of the neighbor in a directly- connected network ● Enter a Description for the neighbor to make it easier to identify ● Enter the Remote AS, which is the AS number of the neighbor ● Other options may be set as needed, depending on the requirements of the peer, but no other options are required ● Save, and visit the BGP tab and Save there again to ensure all settings are activated ● Navigate to the Status page and check if an adjacency has been formed to the neighbor
OSPF Setup Preparations ● Determine which interfaces will be involved in OSPF, and how – Active interfaces will advertise OSPF to other OSPF neighbors (e.g. VPN links, links to other routers or L3 switches) – Passive interfaces will have routes to their networks distributed to other OSPF neighbors (e.g. LAN) – For configurations with multiple links to the same remote, decide which interfaces are the preferred path ● Determine the OSPF area(s) this router will be involved in (e.g. 0.0.0.0) ● Firewall rules must allow the OSPF protocol on active interfaces ● Active interfaces must support multicast in a way that OSPF can use – OpenVPN must be static key site-to-site or tap with a subnet
Configuring OSPF ● Configure FRR/Zebra as mentioned previously ● Navigate to the OSPF Settings via [OSPF] tab or Services > FRR OSPF ● Switch to the OSPF Interfaces tab, since interfaces must be added before configuring the general OSPF settings ● Add entries on this tab for each interface involved with OSPF ● Enter a Description for the interface to identify it ● For interfaces that link to other routers, enter a Metric to help OSPF decide which link to use when there are multiple choices (e.g. redundant VPN), lower metrics are preferred by the protocol ● Enter an Area for the interface if it differs from the main area for this router ● For local interfaces not directly involved in OSPF, such as a LAN that contains no other routers, check Interface is Passive – This will configure the network in OSPF but advertisements are disabled ● If there are multiple links to the same destination which could create a loop, check Accept Filter which tells FRR to ignore routes received from peers for the network on this interface – This can help with multiple links and OpenVPN so OpenVPN doesn’t fail due to its own interface route being in the table unexpectedly ● Save the settings, add the rest of the interfaces
Configuring OSPF ● Switch the the OSPF Settings tab ● Check Enable OSPF Routing ● Set logging as desired ● Enter a Router ID, or leave it blank to use the ID defined in the global settings ● Enter an Area ID, or use 0.0.0.0 if one is not known ● Choose any Redistribute options that you want – Redistribute Connected will distribute routes for any directly connected subnets – Redistribute Kernel will distribute routes present in the kernel, such as static routes from pfSense defined under System > Routing – Redistribute static will distribute routes defined on the main FRR/Global Settings tab ● Change any other options if needed to match the other routers in the area ● Save the settings ● Check the status to see if an adjacency has been formed to the neighbor(s)
Converting from OpenBGPD to FRR ● Groups are not required in FRR as they were in OpenBGPD – If there was only one neighbor in a group in OpenBGPD, do not make a group in FRR, simply define the remote AS directly on the neighbor ● The Neighbor Parameters in OpenBGPD are nearly all present in FRR but they may not work 100% the same, or may require additional parameters – Example: “Local Address X” on OpenBGPD is “Update Source” on FRR and requires also choosing the correct address family, such as IPv4, and picking the source from an interface and VIP list rather than entering it manually – Example: TCP MD5 options on OpenBGP are under “Password” on FRR with the Type set to “FRR and setkey Bidirectional” ● For converting a raw configuration, refer to the FRR docs to locate equivalent statements
Converting from Quagga to FRR ● Since FRR is a fork of Quagga, the configuration is nearly identical ● The GUI has some slight differences but nothing major for OSPF ● The configuration cannot be automatically imported from Quagga, but it is simple to note down the settings, take screenshots, or refer to the config.xml and re-create an identical configuration, screen for screen within the FRR OSPF section ● For a manual configuration it should import as-is, but if any problems are encountered, refer to the FRR docs
Bonus Slide: FRR for AWS VPC VPN ● Exact details vary depending on the setup, but are not that different from a standard setup ● Global/Zebra – Enable FRR – Router ID: Virtual IP address for local end of tunnel ● BGP Settings – BGP: Enable – AS Number: Local AS – Hold Time: Hold Time set in VPC – Networks: Add local networks to the list, local networks from your IPsec P2 (no route-map selected) ● BGP Neighbor – Name/Address: VPC remote address – Remote AS: VPN remote AS number – Update Source: Virtual IP address for local end of tunnel ● If you are using a Netgate device with the factory image, the VPC wizard can get you started, but … – Remove OpenBGPD first, then install FRR – Edit/save the VIPs created by the wizard before configuring FRR to work around a bug that’s being addressed in the next update of the wizard
Conclusion ● Questions? ● Ideas for hangout topics? Post on forum, comment on the blog posts, Reddit, etc

Recomendados

BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotikAchmad Mardiansyah
 
Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network GLC Networks
 
Mikrotik Load Balancing with PCC
Mikrotik Load Balancing with PCCMikrotik Load Balancing with PCC
Mikrotik Load Balancing with PCCGLC Networks
 
MPLS on Router OS V7 - Part 1
MPLS on Router OS V7 - Part 1MPLS on Router OS V7 - Part 1
MPLS on Router OS V7 - Part 1GLC Networks
 
Mikrotik firewall raw table
Mikrotik firewall raw tableMikrotik firewall raw table
Mikrotik firewall raw tableAchmad Mardiansyah
 
Creating a DMZ - pfSense Hangout January 2016
Creating a DMZ - pfSense Hangout January 2016Creating a DMZ - pfSense Hangout January 2016
Creating a DMZ - pfSense Hangout January 2016Netgate
 
ISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPGLC Networks
 
Mikrotik Fastpath vs Fasttrack
Mikrotik Fastpath vs FasttrackMikrotik Fastpath vs Fasttrack
Mikrotik Fastpath vs FasttrackGLC Networks
 

Recomendados

BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotikAchmad Mardiansyah
 
Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network GLC Networks
 
Mikrotik Load Balancing with PCC
Mikrotik Load Balancing with PCCMikrotik Load Balancing with PCC
Mikrotik Load Balancing with PCCGLC Networks
 
MPLS on Router OS V7 - Part 1
MPLS on Router OS V7 - Part 1MPLS on Router OS V7 - Part 1
MPLS on Router OS V7 - Part 1GLC Networks
 
Mikrotik firewall raw table
Mikrotik firewall raw tableMikrotik firewall raw table
Mikrotik firewall raw tableAchmad Mardiansyah
 
Creating a DMZ - pfSense Hangout January 2016
Creating a DMZ - pfSense Hangout January 2016Creating a DMZ - pfSense Hangout January 2016
Creating a DMZ - pfSense Hangout January 2016Netgate
 
ISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPGLC Networks
 
Mikrotik Fastpath vs Fasttrack
Mikrotik Fastpath vs FasttrackMikrotik Fastpath vs Fasttrack
Mikrotik Fastpath vs FasttrackGLC Networks
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
OpeVPN on Mikrotik
OpeVPN on MikrotikOpeVPN on Mikrotik
OpeVPN on MikrotikGLC Networks
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsPavel Odintsov
 
BGP vs OSPF on Mikrotik
BGP vs OSPF on MikrotikBGP vs OSPF on Mikrotik
BGP vs OSPF on MikrotikGLC Networks
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionAPNIC
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRoutingFaisal Reza
 
Advanced percona xtra db cluster in a nutshell... la suite plsc2016
Advanced percona xtra db cluster in a nutshell... la suite plsc2016Advanced percona xtra db cluster in a nutshell... la suite plsc2016
Advanced percona xtra db cluster in a nutshell... la suite plsc2016Frederic Descamps
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN DeploymentAPNIC
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
Policy Based Routing (PBR)
Policy Based Routing (PBR)Policy Based Routing (PBR)
Policy Based Routing (PBR)KHNOG
 
VietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedVietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedPavel Odintsov
 
Let's Encrypt - pfSense Hangout April 2017
Let's Encrypt - pfSense Hangout April 2017Let's Encrypt - pfSense Hangout April 2017
Let's Encrypt - pfSense Hangout April 2017Netgate
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkPavel Odintsov
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDPDaniel T. Lee
 
66 pfsense tutorial
66 pfsense tutorial66 pfsense tutorial
66 pfsense tutorialequinonesr
 
Network LACP/Bonding/Teaming with Mikrotik
Network LACP/Bonding/Teaming with MikrotikNetwork LACP/Bonding/Teaming with Mikrotik
Network LACP/Bonding/Teaming with MikrotikGLC Networks
 
Aaron Mildenstein - Using Logstash with Zabbix
Aaron Mildenstein - Using Logstash with ZabbixAaron Mildenstein - Using Logstash with Zabbix
Aaron Mildenstein - Using Logstash with ZabbixZabbix
 
BGP
BGP BGP
BGP Reza Farahani
 
PostgreSQL : Introduction
PostgreSQL : IntroductionPostgreSQL : Introduction
PostgreSQL : IntroductionOpen Source School
 
Cisco ospf
Cisco ospf Cisco ospf
Cisco ospf sarasanandam
 
Ospf and eigrp concepts and configuration
Ospf and eigrp concepts and configurationOspf and eigrp concepts and configuration
Ospf and eigrp concepts and configurationIT Tech
 
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018Netgate
 

Mais conteúdo relacionado

Mais procurados

DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
OpeVPN on Mikrotik
OpeVPN on MikrotikOpeVPN on Mikrotik
OpeVPN on MikrotikGLC Networks
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsPavel Odintsov
 
BGP vs OSPF on Mikrotik
BGP vs OSPF on MikrotikBGP vs OSPF on Mikrotik
BGP vs OSPF on MikrotikGLC Networks
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionAPNIC
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRoutingFaisal Reza
 
Advanced percona xtra db cluster in a nutshell... la suite plsc2016
Advanced percona xtra db cluster in a nutshell... la suite plsc2016Advanced percona xtra db cluster in a nutshell... la suite plsc2016
Advanced percona xtra db cluster in a nutshell... la suite plsc2016Frederic Descamps
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN DeploymentAPNIC
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
Policy Based Routing (PBR)
Policy Based Routing (PBR)Policy Based Routing (PBR)
Policy Based Routing (PBR)KHNOG
 
VietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedVietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedPavel Odintsov
 
Let's Encrypt - pfSense Hangout April 2017
Let's Encrypt - pfSense Hangout April 2017Let's Encrypt - pfSense Hangout April 2017
Let's Encrypt - pfSense Hangout April 2017Netgate
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkPavel Odintsov
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDPDaniel T. Lee
 
66 pfsense tutorial
66 pfsense tutorial66 pfsense tutorial
66 pfsense tutorialequinonesr
 
Network LACP/Bonding/Teaming with Mikrotik
Network LACP/Bonding/Teaming with MikrotikNetwork LACP/Bonding/Teaming with Mikrotik
Network LACP/Bonding/Teaming with MikrotikGLC Networks
 
Aaron Mildenstein - Using Logstash with Zabbix
Aaron Mildenstein - Using Logstash with ZabbixAaron Mildenstein - Using Logstash with Zabbix
Aaron Mildenstein - Using Logstash with ZabbixZabbix
 

Mais procurados (20)

DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
 
OpeVPN on Mikrotik
OpeVPN on MikrotikOpeVPN on Mikrotik
OpeVPN on Mikrotik
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developments
 
BGP vs OSPF on Mikrotik
BGP vs OSPF on MikrotikBGP vs OSPF on Mikrotik
BGP vs OSPF on Mikrotik
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and Discussion
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRouting
 
Advanced percona xtra db cluster in a nutshell... la suite plsc2016
Advanced percona xtra db cluster in a nutshell... la suite plsc2016Advanced percona xtra db cluster in a nutshell... la suite plsc2016
Advanced percona xtra db cluster in a nutshell... la suite plsc2016
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN Deployment
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and Techniques
 
Policy Based Routing (PBR)
Policy Based Routing (PBR)Policy Based Routing (PBR)
Policy Based Routing (PBR)
 
VietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedVietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume Based
 
Let's Encrypt - pfSense Hangout April 2017
Let's Encrypt - pfSense Hangout April 2017Let's Encrypt - pfSense Hangout April 2017
Let's Encrypt - pfSense Hangout April 2017
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit network
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDP
 
66 pfsense tutorial
66 pfsense tutorial66 pfsense tutorial
66 pfsense tutorial
 
Network LACP/Bonding/Teaming with Mikrotik
Network LACP/Bonding/Teaming with MikrotikNetwork LACP/Bonding/Teaming with Mikrotik
Network LACP/Bonding/Teaming with Mikrotik
 
Aaron Mildenstein - Using Logstash with Zabbix
Aaron Mildenstein - Using Logstash with ZabbixAaron Mildenstein - Using Logstash with Zabbix
Aaron Mildenstein - Using Logstash with Zabbix
 
BGP
BGP BGP
BGP
 
PostgreSQL : Introduction
PostgreSQL : IntroductionPostgreSQL : Introduction
PostgreSQL : Introduction
 
Cisco ospf
Cisco ospf Cisco ospf
Cisco ospf
 

Semelhante a Dynamic Routing with FRR - pfSense Hangout December 2017

Ospf and eigrp concepts and configuration
Ospf and eigrp concepts and configurationOspf and eigrp concepts and configuration
Ospf and eigrp concepts and configurationIT Tech
 
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018Netgate
 
Layer3protocols
Layer3protocolsLayer3protocols
Layer3protocolsassinha
 
High Availability on pfSense 2.4 - pfSense Hangout March 2017
High Availability on pfSense 2.4 - pfSense Hangout March 2017High Availability on pfSense 2.4 - pfSense Hangout March 2017
High Availability on pfSense 2.4 - pfSense Hangout March 2017Netgate
 
Computer network (14)
Computer network (14)Computer network (14)
Computer network (14)NYversity
 
Site-to-Site VPNs - pfSense Hangout November 2015
Site-to-Site VPNs - pfSense Hangout November 2015Site-to-Site VPNs - pfSense Hangout November 2015
Site-to-Site VPNs - pfSense Hangout November 2015Netgate
 
BGP (border gateway routing protocol)
BGP (border gateway routing protocol)BGP (border gateway routing protocol)
BGP (border gateway routing protocol)Netwax Lab
 
pfSense 2.2 Preview - pfSense Hangout November 2014
pfSense 2.2 Preview - pfSense Hangout November 2014pfSense 2.2 Preview - pfSense Hangout November 2014
pfSense 2.2 Preview - pfSense Hangout November 2014Netgate
 
Multi-WAN on pfSense 2.3 - pfSense Hangout March 2016
Multi-WAN on pfSense 2.3 - pfSense Hangout March 2016Multi-WAN on pfSense 2.3 - pfSense Hangout March 2016
Multi-WAN on pfSense 2.3 - pfSense Hangout March 2016Netgate
 
routing Protocols and Virtual private network
routing Protocols and Virtual private networkrouting Protocols and Virtual private network
routing Protocols and Virtual private networkhayenas
 
Cisco ccnp 642-902 practice tests for quick preparation
Cisco ccnp 642-902 practice tests for quick preparationCisco ccnp 642-902 practice tests for quick preparation
Cisco ccnp 642-902 practice tests for quick preparationCisco-642-902
 

Semelhante a Dynamic Routing with FRR - pfSense Hangout December 2017 (20)

Ospf and eigrp concepts and configuration
Ospf and eigrp concepts and configurationOspf and eigrp concepts and configuration
Ospf and eigrp concepts and configuration
 
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
 
Layer3protocols
Layer3protocolsLayer3protocols
Layer3protocols
 
High Availability on pfSense 2.4 - pfSense Hangout March 2017
High Availability on pfSense 2.4 - pfSense Hangout March 2017High Availability on pfSense 2.4 - pfSense Hangout March 2017
High Availability on pfSense 2.4 - pfSense Hangout March 2017
 
Part8-ibgp.pptx
Part8-ibgp.pptxPart8-ibgp.pptx
Part8-ibgp.pptx
 
Computer network (14)
Computer network (14)Computer network (14)
Computer network (14)
 
Site-to-Site VPNs - pfSense Hangout November 2015
Site-to-Site VPNs - pfSense Hangout November 2015Site-to-Site VPNs - pfSense Hangout November 2015
Site-to-Site VPNs - pfSense Hangout November 2015
 
BGP
BGPBGP
BGP
 
OSPF by Abdullah Mukhtar
OSPF by Abdullah MukhtarOSPF by Abdullah Mukhtar
OSPF by Abdullah Mukhtar
 
BGP (border gateway routing protocol)
BGP (border gateway routing protocol)BGP (border gateway routing protocol)
BGP (border gateway routing protocol)
 
pfSense 2.2 Preview - pfSense Hangout November 2014
pfSense 2.2 Preview - pfSense Hangout November 2014pfSense 2.2 Preview - pfSense Hangout November 2014
pfSense 2.2 Preview - pfSense Hangout November 2014
 
Multi-WAN on pfSense 2.3 - pfSense Hangout March 2016
Multi-WAN on pfSense 2.3 - pfSense Hangout March 2016Multi-WAN on pfSense 2.3 - pfSense Hangout March 2016
Multi-WAN on pfSense 2.3 - pfSense Hangout March 2016
 
Ospf
Ospf Ospf
Ospf
 
BGP Advanced topics
BGP Advanced topicsBGP Advanced topics
BGP Advanced topics
 
Networking Fundamentals
Networking FundamentalsNetworking Fundamentals
Networking Fundamentals
 
routing Protocols and Virtual private network
routing Protocols and Virtual private networkrouting Protocols and Virtual private network
routing Protocols and Virtual private network
 
Bgp protocol
Bgp protocolBgp protocol
Bgp protocol
 
Cisco ccnp 642-902 practice tests for quick preparation
Cisco ccnp 642-902 practice tests for quick preparationCisco ccnp 642-902 practice tests for quick preparation
Cisco ccnp 642-902 practice tests for quick preparation
 
Dynamic routing protocols (CCNA)
Dynamic routing protocols (CCNA)Dynamic routing protocols (CCNA)
Dynamic routing protocols (CCNA)
 
Routing Protocols
Routing Protocols Routing Protocols
Routing Protocols
 

Mais de Netgate

Using Google Cloud Identity Secure LDAP with pfSense - Netgate Hangout Octobe...
Using Google Cloud Identity Secure LDAP with pfSense - Netgate Hangout Octobe...Using Google Cloud Identity Secure LDAP with pfSense - Netgate Hangout Octobe...
Using Google Cloud Identity Secure LDAP with pfSense - Netgate Hangout Octobe...Netgate
 
pfSense 2.4.4 Short Topic Miscellany - pfSense Hangout August 2018
pfSense 2.4.4 Short Topic Miscellany - pfSense Hangout August 2018pfSense 2.4.4 Short Topic Miscellany - pfSense Hangout August 2018
pfSense 2.4.4 Short Topic Miscellany - pfSense Hangout August 2018Netgate
 
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...Netgate
 
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018Netgate
 
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Netgate
 
RADIUS and LDAP on pfSense 2.4 - pfSense Hangout February 2018
RADIUS and LDAP on pfSense 2.4 - pfSense Hangout February 2018RADIUS and LDAP on pfSense 2.4 - pfSense Hangout February 2018
RADIUS and LDAP on pfSense 2.4 - pfSense Hangout February 2018Netgate
 
User Management and Privileges on pfSense 2.4 - pfSense Hangout January 2018
User Management and Privileges on pfSense 2.4 - pfSense Hangout January 2018User Management and Privileges on pfSense 2.4 - pfSense Hangout January 2018
User Management and Privileges on pfSense 2.4 - pfSense Hangout January 2018Netgate
 
Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017
Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017
Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017Netgate
 
Certificate Management on pfSense 2.4 - pfSense Hangout September 2017
Certificate Management on pfSense 2.4 - pfSense Hangout September 2017Certificate Management on pfSense 2.4 - pfSense Hangout September 2017
Certificate Management on pfSense 2.4 - pfSense Hangout September 2017Netgate
 
Backup and Restore with pfSense 2.4 - pfSense Hangout August 2017
Backup and Restore with pfSense 2.4 - pfSense Hangout August 2017Backup and Restore with pfSense 2.4 - pfSense Hangout August 2017
Backup and Restore with pfSense 2.4 - pfSense Hangout August 2017Netgate
 
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017Netgate
 
Advanced Captive Portal - pfSense Hangout June 2017
Advanced Captive Portal - pfSense Hangout June 2017Advanced Captive Portal - pfSense Hangout June 2017
Advanced Captive Portal - pfSense Hangout June 2017Netgate
 
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017Netgate
 
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...Netgate
 
Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016Netgate
 
OpenVPN as a WAN - pfSense Hangout October 2016
OpenVPN as a WAN - pfSense Hangout October 2016OpenVPN as a WAN - pfSense Hangout October 2016
OpenVPN as a WAN - pfSense Hangout October 2016Netgate
 
DHCP Server - pfSense Hangout September 2016
DHCP Server - pfSense Hangout September 2016DHCP Server - pfSense Hangout September 2016
DHCP Server - pfSense Hangout September 2016Netgate
 
Providing Local DNS with pfSense - pfSense Hangout August 2016
Providing Local DNS with pfSense - pfSense Hangout August 2016Providing Local DNS with pfSense - pfSense Hangout August 2016
Providing Local DNS with pfSense - pfSense Hangout August 2016Netgate
 
High Availability Part 2 - pfSense Hangout July 2016
High Availability Part 2 - pfSense Hangout July 2016High Availability Part 2 - pfSense Hangout July 2016
High Availability Part 2 - pfSense Hangout July 2016Netgate
 
Connectivity Troubleshooting - pfSense Hangout June 2016
Connectivity Troubleshooting - pfSense Hangout June 2016Connectivity Troubleshooting - pfSense Hangout June 2016
Connectivity Troubleshooting - pfSense Hangout June 2016Netgate
 

Mais de Netgate (20)

Using Google Cloud Identity Secure LDAP with pfSense - Netgate Hangout Octobe...
Using Google Cloud Identity Secure LDAP with pfSense - Netgate Hangout Octobe...Using Google Cloud Identity Secure LDAP with pfSense - Netgate Hangout Octobe...
Using Google Cloud Identity Secure LDAP with pfSense - Netgate Hangout Octobe...
 
pfSense 2.4.4 Short Topic Miscellany - pfSense Hangout August 2018
pfSense 2.4.4 Short Topic Miscellany - pfSense Hangout August 2018pfSense 2.4.4 Short Topic Miscellany - pfSense Hangout August 2018
pfSense 2.4.4 Short Topic Miscellany - pfSense Hangout August 2018
 
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
Configuring Netgate Appliance Integrated Switches on pfSense 2.4.4 - pfSense ...
 
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018Local DNS with pfSense 2.4 - pfSense Hangout April 2018
Local DNS with pfSense 2.4 - pfSense Hangout April 2018
 
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
 
RADIUS and LDAP on pfSense 2.4 - pfSense Hangout February 2018
RADIUS and LDAP on pfSense 2.4 - pfSense Hangout February 2018RADIUS and LDAP on pfSense 2.4 - pfSense Hangout February 2018
RADIUS and LDAP on pfSense 2.4 - pfSense Hangout February 2018
 
User Management and Privileges on pfSense 2.4 - pfSense Hangout January 2018
User Management and Privileges on pfSense 2.4 - pfSense Hangout January 2018User Management and Privileges on pfSense 2.4 - pfSense Hangout January 2018
User Management and Privileges on pfSense 2.4 - pfSense Hangout January 2018
 
Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017
Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017
Firewall Best Practices for VoIP on pfSense - pfSense Hangout October 2017
 
Certificate Management on pfSense 2.4 - pfSense Hangout September 2017
Certificate Management on pfSense 2.4 - pfSense Hangout September 2017Certificate Management on pfSense 2.4 - pfSense Hangout September 2017
Certificate Management on pfSense 2.4 - pfSense Hangout September 2017
 
Backup and Restore with pfSense 2.4 - pfSense Hangout August 2017
Backup and Restore with pfSense 2.4 - pfSense Hangout August 2017Backup and Restore with pfSense 2.4 - pfSense Hangout August 2017
Backup and Restore with pfSense 2.4 - pfSense Hangout August 2017
 
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
Server Load Balancing on pfSense 2.4 - pfSense Hangout July 2017
 
Advanced Captive Portal - pfSense Hangout June 2017
Advanced Captive Portal - pfSense Hangout June 2017Advanced Captive Portal - pfSense Hangout June 2017
Advanced Captive Portal - pfSense Hangout June 2017
 
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
 
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...
Squid, SquidGuard, and Lightsquid on pfSense 2.3 & 2.4 - pfSense Hangout Janu...
 
Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016Console Menu - pfSense Hangout December 2016
Console Menu - pfSense Hangout December 2016
 
OpenVPN as a WAN - pfSense Hangout October 2016
OpenVPN as a WAN - pfSense Hangout October 2016OpenVPN as a WAN - pfSense Hangout October 2016
OpenVPN as a WAN - pfSense Hangout October 2016
 
DHCP Server - pfSense Hangout September 2016
DHCP Server - pfSense Hangout September 2016DHCP Server - pfSense Hangout September 2016
DHCP Server - pfSense Hangout September 2016
 
Providing Local DNS with pfSense - pfSense Hangout August 2016
Providing Local DNS with pfSense - pfSense Hangout August 2016Providing Local DNS with pfSense - pfSense Hangout August 2016
Providing Local DNS with pfSense - pfSense Hangout August 2016
 
High Availability Part 2 - pfSense Hangout July 2016
High Availability Part 2 - pfSense Hangout July 2016High Availability Part 2 - pfSense Hangout July 2016
High Availability Part 2 - pfSense Hangout July 2016
 
Connectivity Troubleshooting - pfSense Hangout June 2016
Connectivity Troubleshooting - pfSense Hangout June 2016Connectivity Troubleshooting - pfSense Hangout June 2016
Connectivity Troubleshooting - pfSense Hangout June 2016
 

Último

So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 

Último (20)

So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 

Dynamic Routing with FRR - pfSense Hangout December 2017

  • 1. Dynamic Routing with FRR December 2017 Hangout Jim Pingle
  • 2. About this Hangout ● Project News ● Why use a routing protocol? ● Terminology ● BGP Intro ● OSPF Intro ● Compare/Contrast BGP and OSPF ● FRR Intro ● FRR package for pfSense ● Configuring FRR/Zebra ● BGP Setup Prep ● BGP Configuration ● OSPF Setup Prep ● OSPF Configuration ● Converting OpenBGPD to FRR ● Converting Quagga to FRR
  • 3. Project News ● 2.4.2-RELEASE-p1 / 2.3.5-RELEASE-p1 – Security and bug fixes – https://www.netgate.com/blog/pfsense-2-4-2-release-p1-and-2-3-5-release-p1-now-available.html ● Article on Snort and openappid for application detection – https://www.netgate.com/blog/application-detection-on-pfsense-software.html ● Netgate was at the DPDK Summit, FD.io mini summit, and AWS re:Invent conferences ● New Netgate products TNSR and SCLR announced – Based on VPP from FD.io for a data plane, may also support netmap in the future ● VPP is capable of performance far beyond FreeBSD or Linux kernel networing ● Currently using Linux as a base OS to run VPP – 40+Gbit/s IPsec – TNSR is high-throughput enterprise focused, SCLR is Small/Medium Business – TNSR is CLI-based, SCLR will have a web interface – RESTCONF API – First offering is TNSR for AWS Transit VPC to connect between AWS VPC regions at high speeds ● Sneak peek at upcoming c3000 based platform, PLCC-B – https://twitter.com/pfsense/status/943879263165517824 – C3xxx CPU, built-in switch, exact specs of production units are not yet set ● Netgate office is moving to a new location in Austin next month – There should be minimal, if any, disruption in system lead times and deliveries
  • 4. Disclaimer ● In some areas this hangout will stay light on detail – No time to get into the intricacies of how the protocols work, advanced setups, etc ● Some terminology and examples will be simplified, so if you are very familiar with BGP or OSPF you might find some omissions or contradictions made here for the sake of simplicity ● Many more advanced configurations are possible than will be covered in this introductory hangout! – Not covering advanced settings or concepts such as multiple areas, route maps, communities, access lists, prefix lists, etc.
  • 5. Why use a routing protocol? ● Easier than maintaining static routes ● Each router knows its own connected networks and will tell other routers about them, rather than having to manually configure routes everywhere ● Scales better for larger networks vs manual configuration ● Can react dynamically to events (e.g. WAN or other path failures) ● Can calculate best path to reach another network when multiple paths are possible ● Generally falls into two classes: – IGP - Interior Gateway Protocol, manages routing between internal segments of a single network ● Example: OSPF between local segments or site-to-site links – EGP - Exterior Gateway Protocol, routing between discrete networks ● Example: BGP between a site and its ISP
  • 6. Terminology ● Autonomous System (AS) - The network of an entire organization ● AS Number - A number assigned to a specific Autonomous System – Depending on peer capabilities, can either be 2 byte (0-65534) or 4 byte (0-4294967294) value ● Area - A set of related routers – An Area is typically represented as an IPv4 address in dotted quad notation, such as 0.0.0.0 ● Router ID - Used to uniquely identify a router – Usually an IPv4 address on a router, but can be any IPv4 address so long as it is unique to the router ● Neighbor - A peer in a directly connected network that is running the same routing protocol ● Adjacency - A relationship between two neighbors ● Next Hop - Host through which traffic for a route is delivered ● Metric / Preference / Weight - Used to signify which paths are best when there are multiple choices
  • 7. BGP Introduction ● BGP stands for Border Gateway Protocol ● Routes between autonomous systems ● Each Neighbor must have a BGP connection defined for every other Neighbor to exchange routes ● Neighbors connect to each other using TCP port 179 ● Uses path length and other configured policies to make decisions ● Most commonly used for exterior use cases such as reaching the Internet (ebgp) ● Can also be used inside an AS for interior routing (ibgp) ● Example use cases – ISP full feeds (ebgp) ● When full feeds are available from multiple ISPs, routing decisions can be made about what traffic to send along each path ● Lots o' RAM and CPU for that! – Public IP allocation routing (ebgp) – Internal routing (ibgp)
  • 8. OSPF Introduction ● OSPF stands for Open Shortest Path First ● Routes internally within an autonomous system or single routing domain (not over the Internet, only local directly connected paths) ● Routers do not need to know about other routers beforehand, they find other routers automatically ● Uses protocol 89 (OSPF), not TCP or UDP ● Uses multicast to distribute routes inside a broadcast domain – Connections between OSPF neighbors must be capable of using multicast! ● Uses Area designations to divide portions of networks – Every router inside an area must keep a database of networks inside that area, so a single area doesn’t scale well on large networks – Routes between areas can be summarized – Different types of areas accept different types of routes, but this is beyond the scope of what we’re talking about today (e.g. stub areas) ● Example use cases – Edge router to L3 switch or internal router – VPN or dedicated site-to-site circuit – Multiple paths for VPN or other networks
  • 9. Choosing between BGP and OSPF ● BGP can work externally and internally, but is better at the border or handling border-related tasks ● OSPF is for internal use only ● The two can work together, BGP at the edge (or setup to let routers find a path to the edge), OSPF internally so routers know how to reach each other and other local networks ● Both can work with IPv4 and IPv6, depending on the implementations – OSPF/OSPFv2 for IPv4, OSPF6/OSPFv3 for IPv6 – FRR uses BGP version 4 which can handle IPv4 or IPv6 ● BGP has strictly defined peers, better security, autonomous systems ● BGP requires a full mesh where every peer defines every other peer, thus scales poorly on large internal networks – Route reflectors and confederation can help, but are beyond the scope of what we’re covering today
  • 10. Choosing between BGP and OSPF ● OSPF works much more dynamically, less admin overhead for each node ● OSPF converges faster in most common cases ● BGP uses TCP, OSPF requires multicast and uses its own protocol (89) ● BGP can use TCP-MD5 signatures for authentication/security – Not on OpenVPN, but on regular interfaces – OSPF can have password authentication, but it uses a different mechanism ● FRR is capable of redistributing BGP routes to OSPF and vice versa – Route maps can be used to filter what routes go where, at least on the BGP side – The OSPF GUI in the pfSense FRR package does not have proper support for route-maps but the same effect can be obtained using the “do not redistribute” list ● OSPF routers know the entire topology to every segment within the area, BGP may only know the next hop depending on the setup
  • 11. What is FRR? ● FRRouting, also known as Free Range Routing ● Fork of the Quagga project from large contributors looking to increase the pace of development ● Handles dynamic routing protocols such as BGP, OSPF, OSPFv3/OSPF6, IS-IS, LDP, PIM, and RIP – pfSense FRR GUI only currently supports BGP, OSPF, and OSPF6 ● Like Quagga, it has dedicated daemons for each protocol, plus the zebra demon to coordinate everything
  • 12. FRR Package for pfSense ● Available on 2.4.2 and 2.3.5 ● Designed as a replacement for both Quagga and OpenBGPD which both have problems – The Quagga package only had GUI controls for OSPF, but could be manually configured in some cases for BGP – The OpenBGPD package had several behavioral problems which limited its usefulness – Due to both Quagga and OpenBGPD having “bgpd” binaries they could not be installed at the same time – OpenBGPD had problems with IPsec, PFKEY errors, the problem does not occur with FRR (e.g. AWS VPC VPN) ● By unifying features in one package, BGP and OSPF can both be used without manual workarounds ● Extensive GUI for configuring OSPF and BGP ● Improved status combined from Quagga and OpenBGPD and enhanced – Status > FRR menu entry – Filtering, data limiting to help deal with large routing tables – Multiple status views, tab per protocol, plus general status with summary info ● May gain support for additional protocols in the future ● Why FRR and not something else like BIRD? Familiarity, stability on FreeBSD, and preference
  • 13. FRR Package for pfSense ● Installing the package – Installs via the package manager like any other package, System > Package Manager, Available Packages tab – The package adds Services menu entries for each section of FRR (Global/Zebra, BGP, OSPF, OSPF6), plus a Status menu link ● Navigating the package – Too many tabs in each section to show them all at once, so each section only shows its own options, plus links to other sections – Tabs in [Brackets] go to other sections ● Example: When in BGP, click [OSPF] to switch to the OSPF section with its own set of tabs ● Always enable the main FRR tab checkbox in addition to the individual daemons (master on/off switch!) – Example: To enable OSPF, visit OSPF Settings and check Enable OSPF Routing, then on the Global Settings tab, check Enable FRR ● Status section has an All page with some information from each enabled section, plus tabs for each section with more detail ● Do not be intimidated by the complexity of the GUI! – There are many, many options in FRR but odds are if you don’t know or recognize them, you probably don’t need them for basic use cases – FRR is very powerful, but not everyone needs all of that power, and it isn’t practical to make numerous “Advanced” sections for everything – If any terms or concepts are unfamiliar, read through the FRR user guide at https://frrouting.org/user-guide/ ● Dynamic routes in routing table have a “1” flag when viewed at Diagnostics > Routes
  • 14. Configuring FRR/Zebra ● No matter which protocol is used, first enable the main settings of FRR ● Navigate to Services > FRR Global/Zebra ● Check Enable FRR ● Enter a Master Password ● Set logging as desired ● Enter a Router ID (e.g. LAN IP Address of this firewall)
  • 15. BGP Setup Preparations ● Determine the setup type (e.g. site to site, ISP uplink, etc) – This is example is a site-to-site example, but others are similar ● Determine the local AS number – If this is local/private, use a private AS number in the range 64512-65534 (16 bit/2 byte AS) or 4200000000- 4294967294 (32 bit/4 byte AS) – If this is a public allocation, ask your RIR and/or ISP ● Determine the remote neighbor address and AS number – Consult the administrator of the far-side firewall – If this is you, and it’s internal, pick another private AS number ● Decide which networks will be advertised through BGP – If this is private, it’s up to you – If this is for a vendor link, it must be agreed upon by both sides – If it’s public, it will be the address block allocated to you ● Firewall rules must allow tcp/179 from the neighbor to this device, e.g. on WAN or VPN link
  • 16. Configuring BGP ● Configure FRR/Zebra as mentioned previously ● Navigate to the BGP Settings via [BGP] tab or Services > FRR BGP ● Check Enable BGP Routing ● Set logging as desired ● Enter the AS number for this router ● Enter a Router ID, or leave it blank to use the ID defined in the global settings ● Under Network Distribution, enter the local networks which will be advertised to BGP neighbors (e.g. LAN, DMZ, or a summary of all) ● Save the settings
  • 17. Configuring BGP ● Switch to the Neighbors tab, add an entry for each neighbor/address family (e.g. one entry for IPv4, one for IPv6) ● Enter the Name/Address, typically the IP address of the neighbor in a directly- connected network ● Enter a Description for the neighbor to make it easier to identify ● Enter the Remote AS, which is the AS number of the neighbor ● Other options may be set as needed, depending on the requirements of the peer, but no other options are required ● Save, and visit the BGP tab and Save there again to ensure all settings are activated ● Navigate to the Status page and check if an adjacency has been formed to the neighbor
  • 18. OSPF Setup Preparations ● Determine which interfaces will be involved in OSPF, and how – Active interfaces will advertise OSPF to other OSPF neighbors (e.g. VPN links, links to other routers or L3 switches) – Passive interfaces will have routes to their networks distributed to other OSPF neighbors (e.g. LAN) – For configurations with multiple links to the same remote, decide which interfaces are the preferred path ● Determine the OSPF area(s) this router will be involved in (e.g. 0.0.0.0) ● Firewall rules must allow the OSPF protocol on active interfaces ● Active interfaces must support multicast in a way that OSPF can use – OpenVPN must be static key site-to-site or tap with a subnet
  • 19. Configuring OSPF ● Configure FRR/Zebra as mentioned previously ● Navigate to the OSPF Settings via [OSPF] tab or Services > FRR OSPF ● Switch to the OSPF Interfaces tab, since interfaces must be added before configuring the general OSPF settings ● Add entries on this tab for each interface involved with OSPF ● Enter a Description for the interface to identify it ● For interfaces that link to other routers, enter a Metric to help OSPF decide which link to use when there are multiple choices (e.g. redundant VPN), lower metrics are preferred by the protocol ● Enter an Area for the interface if it differs from the main area for this router ● For local interfaces not directly involved in OSPF, such as a LAN that contains no other routers, check Interface is Passive – This will configure the network in OSPF but advertisements are disabled ● If there are multiple links to the same destination which could create a loop, check Accept Filter which tells FRR to ignore routes received from peers for the network on this interface – This can help with multiple links and OpenVPN so OpenVPN doesn’t fail due to its own interface route being in the table unexpectedly ● Save the settings, add the rest of the interfaces
  • 20. Configuring OSPF ● Switch the the OSPF Settings tab ● Check Enable OSPF Routing ● Set logging as desired ● Enter a Router ID, or leave it blank to use the ID defined in the global settings ● Enter an Area ID, or use 0.0.0.0 if one is not known ● Choose any Redistribute options that you want – Redistribute Connected will distribute routes for any directly connected subnets – Redistribute Kernel will distribute routes present in the kernel, such as static routes from pfSense defined under System > Routing – Redistribute static will distribute routes defined on the main FRR/Global Settings tab ● Change any other options if needed to match the other routers in the area ● Save the settings ● Check the status to see if an adjacency has been formed to the neighbor(s)
  • 21. Converting from OpenBGPD to FRR ● Groups are not required in FRR as they were in OpenBGPD – If there was only one neighbor in a group in OpenBGPD, do not make a group in FRR, simply define the remote AS directly on the neighbor ● The Neighbor Parameters in OpenBGPD are nearly all present in FRR but they may not work 100% the same, or may require additional parameters – Example: “Local Address X” on OpenBGPD is “Update Source” on FRR and requires also choosing the correct address family, such as IPv4, and picking the source from an interface and VIP list rather than entering it manually – Example: TCP MD5 options on OpenBGP are under “Password” on FRR with the Type set to “FRR and setkey Bidirectional” ● For converting a raw configuration, refer to the FRR docs to locate equivalent statements
  • 22. Converting from Quagga to FRR ● Since FRR is a fork of Quagga, the configuration is nearly identical ● The GUI has some slight differences but nothing major for OSPF ● The configuration cannot be automatically imported from Quagga, but it is simple to note down the settings, take screenshots, or refer to the config.xml and re-create an identical configuration, screen for screen within the FRR OSPF section ● For a manual configuration it should import as-is, but if any problems are encountered, refer to the FRR docs
  • 23. Bonus Slide: FRR for AWS VPC VPN ● Exact details vary depending on the setup, but are not that different from a standard setup ● Global/Zebra – Enable FRR – Router ID: Virtual IP address for local end of tunnel ● BGP Settings – BGP: Enable – AS Number: Local AS – Hold Time: Hold Time set in VPC – Networks: Add local networks to the list, local networks from your IPsec P2 (no route-map selected) ● BGP Neighbor – Name/Address: VPC remote address – Remote AS: VPN remote AS number – Update Source: Virtual IP address for local end of tunnel ● If you are using a Netgate device with the factory image, the VPC wizard can get you started, but … – Remove OpenBGPD first, then install FRR – Edit/save the VIPs created by the wizard before configuring FRR to work around a bug that’s being addressed in the next update of the wizard
  • 24. Conclusion ● Questions? ● Ideas for hangout topics? Post on forum, comment on the blog posts, Reddit, etc