Free Range Rou+ng - SwiNOG · Welcome Free Range Rou+ng or how we ditched OSPF for BGP unnumbered...
Transcript of Free Range Rou+ng - SwiNOG · Welcome Free Range Rou+ng or how we ditched OSPF for BGP unnumbered...
Welcome
FreeRangeRou+ng
orhowweditchedOSPFforBGPunnumbered(basedonRFC5549)2017-11-09,Gurtenpark(Berne)
YourSpeaker
ManuelSchweizer@geitguet
• NetworkEngineeratcloudscale.chAG• BoardMemberatSwissIXInternetExchange
Dayjob
Ifyouchooseto,wecanbeyour«someoneelse»
cloudscale.ch
• Foundedin2014• SwissIaaSProvider• LinuxCloudServer(VMs)• FocusonSimplicity
„ForDevelopersWhoCare“
SaaS
PaaS
IaaS
Agenda
• IniZalandTargetSituaZon• EvaluaZonPhase• Hardware• So]ware• Demo
Agenda
• Ini+alandTargetSitua+on• EvaluaZonPhase• Hardware• So]ware• Demo
IniZalSituaZon
IniZalSituaZon:Bandwidth
IniZalSituaZon:RouZngProtocols
OSPF
eBGP eBGPiBGP
IniZalSituaZon:RouZngProtocols
OSPF
eBGP eBGPiBGP
eBGP eBGP
IniZalSituaZon:Summary
• 2x1GbpsIPTransit• 2x10GbpsInterfaces(only!)• IGP:OSPF(andBGP)• EGP:BGP
TargetSituaZon:Bandwidth
TargetSituaZon:Summary
• 2x10GbpsIPTransit• 6-8x10GbpsInterfaces• ReduceComplexity!• Price...
Agenda
• IniZalandTargetSituaZon• Evalua+onPhase• Hardware• So]ware• Demo
EvaluaZonPhase:ReduceComplexity!
OSPF
eBGP eBGPiBGP
eBGP eBGP
EvaluaZonPhase:ReduceComplexity!
CanwegetridofOSPF?
eBGP eBGPiBGP
eBGP eBGP
EvaluaZonPhase:RFC5549
hcps://tools.iee.org/html/rfc5549In(very)short:„[...]thisdocumentonlyconcernsitselfwiththeadver7sementofIPv4NLRI(NetworkLayerReachabilityInforma7on)[...]withanIPv6NextHop.“
EvaluaZonPhase:RFC5549
• UseofexisZngIPv6link-localaddress• Youarerunningdual-stack,areyou?
• Nexthop:LoopbackIPaddress
EvaluaZonPhase:Price...
• Commercialrouterswith8x10Gbps:StarZngatCHF10-15k(hardwareonly!)+supportcontract+licensefees
• Experiencesofar:– TAC,ohboy– Blackbox(bugs=>workarounds?)
EvaluaZonPhase:FreeRangeRouZng
• SupportsBGPunnumbered(RFC5549)
• Runsonx86hardwareandLinux
• ProvenbasisforBigSwitch,Cumulusetc.
EvaluaZonPhase:FreeRangeRouZng
• SupportsBGPunnumbered(RFC5549)
• Runsonx86hardwareandLinux
• ProvenbasisforBigSwitch,Cumulusetc.
ReduceCom
plexity
LowPrice
Stability
FRR– AbouttheProject
• FOSS(FreeandOpenSourceSo]ware)• OpenCommunityModel• LinuxFoundaZonProject(since04/2017)• Version3.0.2released2daysago
• ForkofQuagga
FRR– What‘sDifferent?
• Methodicalverngofsubmissions• ExtensiveautomatedtesZngofcontribuZons• Gitpullrequests• Githubcentereddevelopment• Electedmaintainers&steeringcommicee• CommonassetsheldintrustbytheLinuxFoundaZon
FRR–Links
• Website:hcps://frrouZng.org
• Github:hcps://github.com/FRRouZng/frr/
• IssueTracker:hcps://github.com/FRRouZng/frr/issues
• ConZnuousIntegraZon:hcps://ci1.netdef.org/browse/FRR
Agenda
• IniZalandTargetSituaZon• EvaluaZonPhase• Hardware• So]ware• Demo
Intel1UServerHardware
Source:hcps://www.intel.com/content/dam/support/us/en/documents/motherboards/server/sb/s2600gzgl_tps_r2_4.pdf-Page11
NCA-5510BlockDiagram
Source:hcp://www.lannerinc.com/download-center/User-Manuals/x86-Network-Appliances/?download=1840-Page14
Hardware:LannerNCA-5510
• DualPSU• Hotswappablefans• 4xfront-facingPCIex8
Source:hcp://www.lannerinc.com/network-appliances/x86-rackmount-network-appliances/?view=arZcle&id=1667:nca-5510
Hardware:„Linecards“
Source:hcps://www.landitec.com/products/x86-network-appliance-hardware/ncs2-ixm405a-detail
Source:hcp://www.lannerinc.com/support/download-center/brochures?download=1086
• 4-8x1Gbps• 2-4x10Gbps• 2x40Gbps• 2x100Gbps(new!)
Hardware:TheRealDeal
• 1x1GbpsMgmtNIC• SerialConsole• 8x10GbpsSFP+• 4x1GbpsBase-T• IPMI(LOM)
Agenda
• IniZalandTargetSituaZon• EvaluaZonPhase• Hardware• SoRware• Demo
So]wareSetup
• Ubuntu16.04LTS• XenialHWEKernel(4.10)– forVRFSupport• FRR3.x
AddiZonalPackages:• ifupdown2,iproute2,vrf,mgmt-vrf• ptmd,lldpd,snmp,hsflowd
Concerns
Ques+on– AnswerGame
SecurityConcerns(1)
Ques+onYoucannothonestlyrunLinuxinthecore?AnswerOurcloudinfrastructuredependsonLinux.MostofthecommercialvendorsuseLinuxasabasisfortheirsoluZon.
SecurityConcerns(2)
Ques+onButhowaboutsecuritypatches?AnswerWhat‘sthereleasecycleofyourcurrentvendor?IncludeupdaZngyourroutersinyourscheduledmaintenancewindows.
SecurityConcerns(3)
Ques+onYouareusingafirewallthen,right?AnswerFirewall=„latencygenerator“Services(SSH,SNMP,sFlow)runinMgmt-VRFonly.
PerformanceConcerns
Ques+onButhowaboutline-rateforwarding?AnswerCurrentCPUscaneasilyhandle~100Gbps.Inourtests:20Gbps=0.5CPUcores(outof10!)
PerformanceConcerns
Ques+onCanFRRhandleaBGPfulltable?AnswerFromenablingtheBGPsessiontofullyconvergedinlessthan20seconds.„1206398RIBentries,using156MiBofmemory“
ConfiguraZonConcerns
StatementFRRisnotforme,IneedaCLI.Answervtysh,Cisco-likesyntax.vtysh–c„command“insteadofexpectscripts.SimpletransiZontoconfigmanagementwithPuppet,Ansibleetc.
MonitoringConcerns
StatementButIneedSNMP!AnswerAvailableasapackage.Also:UseZabbix,Icinga2,…directlyonyourrouters.
So]wareSetup:RouZngProtocols
eBGP eBGPiBGP
eBGP eBGP
eBGP
So]wareSetup:RouZngProtocols
eBGP eBGPiBGP
eBGP eBGP
eBGP
Agenda
• IniZalandTargetSituaZon• EvaluaZonPhase• Hardware• So]ware• Demo
DemoSetup(iBGP)
• BGPunnumbered,noOSPF• AdverZseloopbackIPsthroughiBGP
DemoConfig(iBGP) int lo ip address 203.0.113.1/32 ipv6 address 2001:db8::1/128 router-id 203.0.113.1
int s1p1 no ipv6 nd suppress-ra ipv6 nd ra-interval 10 int s1p2 no ipv6 nd suppress-ra ipv6 nd ra-interval 10
router bgp 65001 no bgp default ipv4-unicast bgp bestpath as-path multipath-relax bgp bestpath compare-routerid neighbor PG-IBGP peer-group neighbor PG-IBGP remote-as internal neighbor PG-IBGP description iBGP Peer Group
neighbor PG-IBGP capability extended-nexthop neighbor s1p1 interface peer-group PG-IBGP neighbor s1p2 interface peer-group PG-IBGP
addr ipv4 uni network 203.0.113.1/32 neighbor PG-IBGP activate neighbor PG-IBGP next-hop-self neighbor PG-IBGP send-community
neighbor PG-IBGP soft-reconfig inbound addr ipv6 uni network 2001:db8::1/128 neighbor PG-IBGP activate neighbor PG-IBGP next-hop-self neighbor PG-IBGP send-community neighbor PG-IBGP soft-reconfig inbound
Demo
Show+me!
QuesZons
Wearehiring...
WearelookingforaSeniorLinuxSystemEngineer
(Ubuntu,Debian,OpenStack,Ceph,Ansible,Python,...)
Getintouch:[email protected]
Thankyou!
Iamlookingforwardtoyourfeedback:[email protected]