implementation of business linux routers
play

Implementation of Business Linux Routers Presenter: Joseph Flasch - PowerPoint PPT Presentation

Sep 07, 2023 •182 likes •451 views

Implementation of Business Linux Routers Presenter: Joseph Flasch jpflasch@gmail.com Why Use Linux as a Router ? Cost Performance Reliability Open nature of Linux It's not IOS Multi-function nature of Linux Strong

  1. Implementation of Business Linux Routers Presenter: Joseph Flasch jpflasch@gmail.com

  2. Why Use Linux as a Router ? ● Cost ● Performance ● Reliability ● Open nature of Linux ● It's not IOS ● Multi-function nature of Linux ● Strong networking ● One-box-does-it-all nature of Linux

  3. Tools for a Linux Router ● Zebra / Quagga – BGP – Metric, weighted, multiple routes – OSPF – IOS-like ● IP route 2 / Linux kernel / Unix tools ● Iptables / Firewall ● HA Tools, Ultra-Monkey Project / Keep alive ● Tracing tools, network reporting tools

  4. Zebra / Quagga ● IOS-like Routing Daemons – OSPFv2, OSPFv3, RIP v1, v2, RIPng BGP-4 – Quagga fork of Zebra www.quagga.net – TTY type interface language, IOS-like – Documentation assumes Cisco experience – About 80% like a Cisco router IOS – BGP is the work horse of ISP connections – Actively supported

  5. Typical ISP Router connect ISP-A ISP-B IP range IP range 66.21.21.0/24 64.75.75.0/24 Router 1 Router 2 Firewall Load Balance

  6. Setting up the Linux Router ● Physical Hardware: Making it work – Strong Open Source NIC Drivers – Solid Server Hardware, memory – Flash-based HDs or raid1 HDs – Server BIOS, serial port, TTY access – 1U network rack – 10 Gig fiber – High end switches

  7. Setting up the Software/Linux ● The Distribution: load it, like it, reload, reload... – Can you upgrade? ease of use, philosophy – Packages, up to date, feature selection? – Red Hat, Debian, Suse, Slackware, Gentoo ... – Kernel Building, you should/have to – Can you control what gets loaded/started? – Setting up network daemons, Quagga – SSH access, key based , IP based – TTY console, TTY Zebra, BGP access

  8. Kernel Building 101 ● Set up Kernel CPU / NIC / ACPI / Network Iproute2 needs this Ipsec/Tun/Gre

  9. Bridge support Vlan Support

  10. Iptables

  11. State full FW Protocols

  12. NAT: Dnat Snat

  14. Setup of the Network parts ! Zebra configuration saved from vty ! 2008/06/05 05:21:02 ! hostname Router password verybigpw enable password verbigpw log stdout log syslog ! interface eth0 shutdown interface lo !

  15. ! interface vlan100 description My ISP info phone # ticket instructions etc ip address 109.16.19.129/29 ipv6 nd suppress-ra ! interface vlan200 ip address 10.129.28.50/24 ipv6 nd suppress-ra ! access-list 10 permit 192.168.1.0 0.0.0.255 ! ip forwarding ip route 0.0.0.0/0 10.199.128.221 200 ip route 0.0.0.0/0 10.199.128.2 205 ip route 65.44.42.0 255.255.255.0 10.129.28.1 ip route 68.17.188.0 255.255.255.0 10.129.28.1 ! line vty !

  16. BGP Config ASA # router bgp 77688 bgp router-id 217.201.249.2 Floating ip ranges network 217.201.249.0/25 network 64.87.141.0/24 network 67.128.177.0/24 neighbor ibgp-eb peer-group Internal BGP neighbor ibgp-eb remote-as 77688 group def. neighbor ibgp-eb next-hop-self neighbor ibgp-eb default-originate neighbor ibgp-eb soft-reconfiguration inbound neighbor ibgp-eb route-map INT_WO_PRE out neighbor ibgp-eb filter-list 6 out

  17. BGP Internal neighbor ibgp-eb filter-list 6 out Neighbor statements: neighbor 10.199.128.251 peer-group ibgp-eb Note the use of group description 221 is the secondary site1 router Ibgp-eb and weight neighbor 10.252.1.221 peer-group ibgp-eb neighbor 10.252.1.221 weight 11 description 222 is thel primary verizon router neighbor 10.252.1.222 peer-group ibgp-eb neighbor 10.252.1.222 weight 12 description 242 is the secondary site2 router neighbor 10.252.1.242 peer-group ibgp-eb neighbor 10.252.1.242 weight 9

  18. BGP external neighbor ebgp-eb peer-group neighbor ebgp-eb remote-as 6461 neighbor ebgp-eb soft-reconfiguration inbound neighbor ebgp-eb route-map AB_net_IN in neighbor ebgp-eb route-map AB_net_Out_PRE out neighbor ebgp-eb weight 300 neighbor 212.66.199.226 peer-group ebgp-eb neighbor 212.66.199.227 peer-group ebgp-eb

  19. BGP Filters access-list 15 permit 216.200.249.0 0.0.0.128 Like Cisco Access access-list 25 permit 66.117.177.0 0.0.0.255 List builds IP filters access-list 25 permit 63.86.141.0 0.0.0.255 for allowing IP ranges access-list 35 permit 216.200.249.0 0.0.0.128 ! ip as-path access-list 6 permit ^$ ip as-path access-list 8 permit ^$ Regx expressions ip as-path access-list 8 permit .* ! route-map AB_net_Out_PRE permit 20 The longer the path, match ip address 25 the more the path will not be used set as-path prepend 77688 77688 77688 ! route-map AB_net_Out_PRE permit 30 Host this IP range match ip address 15 ! route-map INT_WO_PRE permit 20 match ip address 35 ! route-map AB_net_IN permit 10 match as-path 8

  20. Typical ISP Router connect IP range 217.201.249.0/25 ISP-A ISP-B IP range IP range 64.87.141.0/24 67.128.177.0/24 Router 1 Router 2 Firewall Load Balance

  21. BGP Summary ● Used to get the default route from ISP ● Used to manage active ISP IP Ranges ● Used to manage groups of routers ● Problems with BGP – Old, well-supported, but not as nice as OSPF – BGP ISO support language is hard to understand

  22. Linux Firewall ● Input, Output and Forward queues ● Nat, Dnat, Snat and MASQUERAD ● Mangle, a packet ● Load Balance ● Map IP to IP ranges ● Randomize to a dest ● And more … Very active development in the Kernel

  23. Linux LB (IP virtual server) ● IP virtual server, in the Linux kernel since 2.4 – Many Load Balance types round-robin scheduling – weighted round-robin scheduling – least-connection scheduling – weighted least-connection scheduling – locality-based least-connection scheduling – locality-based least-connection with replication scheduling – destination hashing scheduling – source hashing scheduling – shortest expected delay scheduling – never queue scheduling –

  24. Using IP Virtual Server ● Ipvsadm – base package to control IP VS ● HA Heart Beat or Keepalive to control IP VS ● HA uses ld director perl script to control VIP and target hosts, and test if active ● Ld director will test many types of services, lots of flexible options for testing

  25. Conclusions, Observations ● The Linux platform opens networking up to many normal Unix administration employees, whereas Cisco networking is very specialized and can take years to learn. Many small businesses can't handle this. ● The equipment cost savings can be huge at high bandwidth rates, and taking ownership of your network has many other advantages. ● Upgrade of software is easy and painless. ● Combining routers with FW/LB is possible .

  26. More info on Topics ● Zebra/Quagga - quagga.net, zebra.org ● BGP – O'Reilly BGP ● Iptables/Netfilter - netfilter.org ● HA Project - linux-ha.org ● IP route2 - linuxfoundation.org/en/Net:Iproute2 ● Keep alive - www.keepalived.org

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Linux Routers and Community Networks Lloren Cerd-Alabern http://personals.ac.upc.edu/llorenc

Linux Routers and Community Networks Lloren Cerd-Alabern http://personals.ac.upc.edu/llorenc

Summer Course at Mekelle Institute of Technology. July, 2015. Linux Routers and Community Networks Lloren Cerd-Alabern http://personals.ac.upc.edu/llorenc llorenc@ac.upc.edu Universitat Politnica de Catalunya, Barcelona, Spain

597 views • 21 slides
Linux Routers and Community Networks Lloren Cerd-Alabern http://personals.ac.upc.edu/llorenc

Linux Routers and Community Networks Lloren Cerd-Alabern http://personals.ac.upc.edu/llorenc

Summer Course at Mekelle Institute of Technology. July, 2015. Linux Routers and Community Networks Lloren Cerd-Alabern http://personals.ac.upc.edu/llorenc llorenc@ac.upc.edu Universitat Politnica de Catalunya, Barcelona, Spain

968 views • 63 slides
Hierarchical Content Stores in High-Speed ICN Routers: Emulation and Prototype Implementation

Hierarchical Content Stores in High-Speed ICN Routers: Emulation and Prototype Implementation

Hierarchical Content Stores in High-Speed ICN Routers: Emulation and Prototype Implementation Rodrigo B. Mansilha 1,2,6 , Lorenzo Saino 3,6 , Marinho P. Barcellos 2 , Massimo Gallo 4,6 , Emilio Leonardi 5 , Diego Perino 4,6 , Dario Rossi 1,6 1

653 views • 28 slides
Design and implementation of a DECT stack for Linux Patrick McHardy <kaber@trash.net>

Design and implementation of a DECT stack for Linux Patrick McHardy <kaber@trash.net>

Design and implementation of a DECT stack for Linux Patrick McHardy <kaber@trash.net> Linux Kongress 2010, Nrnberg http://dect.osmocom.org/ About This presentation will present a DECT stack for Linux, containing all components

1.31k views • 94 slides
Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions that use the Linux

562 views • 53 slides
Implementation of linux SH2 Yoshinori Sato <ysato@users.sourceforge.jp> Contents

Implementation of linux SH2 Yoshinori Sato <ysato@users.sourceforge.jp> Contents

Implementation of linux SH2 Yoshinori Sato <ysato@users.sourceforge.jp> Contents Current status A policy Implementation Exception handling Peripheral support Future working 2 Current status It was done merge

608 views • 26 slides
BYOD Revisited: BUILD Your Own Device Ron Munitz The PSCG about://Ron_Munitz Distributed

BYOD Revisited: BUILD Your Own Device Ron Munitz The PSCG about://Ron_Munitz Distributed

BYOD Revisited: BUILD Your Own Device Ron Munitz The PSCG about://Ron_Munitz Distributed Fault Tolerant Avionic Systems Linux, VxWorks, very esoteric libraries, 0s and 1s Highly distributed video routers Linux Real

617 views • 49 slides
Survey of Linux and Open Source Technologies and their Business Functions An Introduction to

Survey of Linux and Open Source Technologies and their Business Functions An Introduction to

Survey of Linux and Open Source Technologies and their Business Functions An Introduction to Linux and Open Source for Computer Consultants Christopher J. Fearnley LinuxForce, Inc. http://www.LinuxForce.net 9 December 2004 / ICCA Delaware

682 views • 54 slides
Linux on Sun Logical Domains David S. Miller Red Hat Inc. linux.conf.au, MEL8OURNE, 2008 David

Linux on Sun Logical Domains David S. Miller Red Hat Inc. linux.conf.au, MEL8OURNE, 2008 David

Background Userland Simulator Implementation Challenges/Futures Summary Linux on Sun Logical Domains David S. Miller Red Hat Inc. linux.conf.au, MEL8OURNE, 2008 David S. Miller Red Hat Inc. Linux on Sun LDOMs Background Userland

515 views • 36 slides
Zentyal Linux small business server Julien Kerihuel Zentyal CTO 2013 [

Zentyal Linux small business server Julien Kerihuel Zentyal CTO 2013 [

Zentyal Linux small business server Julien Kerihuel Zentyal CTO 2013 [ jkerihuel@zentyal.com ] What is Zentyal? 2 of 26 Linux small business server www.zentyal.com 5/22/13 What is Zentyal? Linux server for SMBs Full-featured

369 views • 26 slides
Linux from Sensors to Servers ! When is Linux Not Linux? ! 1 1 Linux runs across a huge range

Linux from Sensors to Servers ! When is Linux Not Linux? ! 1 1 Linux runs across a huge range

Linux from Sensors to Servers ! When is Linux Not Linux? ! 1 1 Linux runs across a huge range of systems ! CC BY-SA 2.0 FHKE, Flickr 2 Whats the difference between Linux on a big thing and Linux on a little thing? ! 3 ! Whats the

900 views • 52 slides
How to Design Fast Asynchronous How to Design Fast Asynchronous Routers for Asynchronous Routers

How to Design Fast Asynchronous How to Design Fast Asynchronous Routers for Asynchronous Routers

How to Design Fast Asynchronous How to Design Fast Asynchronous Routers for Asynchronous Routers for Asynchronous On- -chip Networks chip Networks On Wei Song Supervisor: Doug Edwards Advanced Processor Technologies Group Advanced

526 views • 26 slides
PGM: Reliable General Multicast Implementation for Linux? Christoph Lameter,

PGM: Reliable General Multicast Implementation for Linux? Christoph Lameter,

PGM: Reliable General Multicast Implementation for Linux? Christoph Lameter, christoph@lameter.com Overview Why reliable multicasting. Middleware for signaling Existing implementations The PGM standard in brief.

321 views • 12 slides
Computing using Linux: The Good and the Bad Christoph Lameter HPC and Linux Most of the

Computing using Linux: The Good and the Bad Christoph Lameter HPC and Linux Most of the

High Performance Computing using Linux: The Good and the Bad Christoph Lameter HPC and Linux Most of the supercomputers today run Linux. All of the computational clusters in corporations that I know of run Linux. Support for

419 views • 12 slides
Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux

Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux

Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux Distributions Linux vs Windows Linux Architecture Linux Security 2 What is Linux? Similar Operating System To Microsoft Windows, Sun

1.11k views • 55 slides
Interviews with Different Users About Their Linux Setups Steven Ovadia My Linux Rig

Interviews with Different Users About Their Linux Setups Steven Ovadia My Linux Rig

The State of Desktop Linux: Interviews with Different Users About Their Linux Setups Steven Ovadia My Linux Rig www.mylinuxrig.com @steven_ovadia *** Associate Professor/Web Services Librarian LaGuardia Community College About My Linux

458 views • 27 slides
Bag-of-features for category classification Cordelia Schmid Category recognition Image

Bag-of-features for category classification Cordelia Schmid Category recognition Image

Bag-of-features for category classification Cordelia Schmid Category recognition Image classification: assigning a class label to the image Car: present Cow: present Bike: not present Horse: not present Category recognition Tasks

659 views • 51 slides
Crowdsourcing, computer vision, and data science for ecology and conservation Tanya Ber anya

Crowdsourcing, computer vision, and data science for ecology and conservation Tanya Ber anya

Crowdsourcing, computer vision, and data science for ecology and conservation Tanya Ber anya Berger ger-Wolf olf Daniel I. Daniel I. R Rubenstein ubenstein Charles V. S Charles Stewar tewart t Jason Holmber ason Holmberg g Computa

471 views • 12 slides
GPT3 - AtishyaJain Thecontent of this presentation has beensourced fromvarious youtube videos

GPT3 - AtishyaJain Thecontent of this presentation has beensourced fromvarious youtube videos

GPT3 - AtishyaJain Thecontent of this presentation has beensourced fromvarious youtube videos andblogs apartfromtheoriginal paper Let s Dissectit Let s Dissectit Let s Dissectit Mergeaa Mergeaa Mergeab Mergeaa Mergeab MergeZY Let

1.11k views • 71 slides
Background The many dimensions of searching and indexing video collections hard tasks:

Background The many dimensions of searching and indexing video collections hard tasks:

TRECVID 2010 INSTANCE RETRIEVAL PILOT AN INTRODUCTION . Wessel Kraaij TNO, Radboud University Nijmegen Paul Over NIST 2 TRECVID 2010 @ NIST Background The many dimensions of searching and indexing video collections hard tasks:

667 views • 32 slides
Decrystallization of Adult Birdsong Anatomy of the song system by Perturbation of Auditory

Decrystallization of Adult Birdsong Anatomy of the song system by Perturbation of Auditory

12/28/2011 The Study of Birdsong B egan in 1950s with Thorpe introducing tools for recording and analyzing bird sounds (spectrogram) Thorpe (1958) showed that chaffinches selectively learn the song of their own species Also late

287 views • 7 slides
Science for All Learners 2020 Invasive Species Invasive Species: Kudzu Photo credit: Science

Science for All Learners 2020 Invasive Species Invasive Species: Kudzu Photo credit: Science

Science for All Learners 2020 Invasive Species Invasive Species: Kudzu Photo credit: Science for All Learners 2020 http://thebluebanner.net/local-non-profit-weeds-out-invasive-plants/ Engagement (Review Previous Lesson) (1)List the levels

439 views • 15 slides
(& Philosophy) David Pierre Leibovitz September 26, 2008 26 September 2008 David Pierre

(& Philosophy) David Pierre Leibovitz September 26, 2008 26 September 2008 David Pierre

Slide 1 Plants, Cognition, Time (& Philosophy) David Pierre Leibovitz September 26, 2008 26 September 2008 David Pierre Leibovitz (Carleton University) Plants, Cognition & Time - 1 http://en.wikipedia.org/wiki/Cognition Slide 2

341 views • 14 slides
Modern Process Management with SOA, BAM und CEP From static process models to executable

Modern Process Management with SOA, BAM und CEP From static process models to executable

Modern Process Management with SOA, BAM und CEP From static process models to executable workflows and monitoring on business level Daniel Jobst Dr. Torsten Greiner Version 1.0 Overview SOA, BPM, BAM, Event Processing ARIS EPK (IDS)

434 views • 19 slides

More recommend