Thursday, June 30, 2011

JunOS Router testbed part 3: multicast still not working

So after a bit of research and tons of failed attempts, I've discovered that the olives really don't like multicast. Some people have had used a patch to enable it for OSPF on earlier versions of JunOS, but there's nothing for later versions (since these run fine), although MSDP and PIM still don't work.

I had heard about people using gre tunnels, and can confirm that this works. Olives only let you have one of each type of tunnel (due to there being no PIC's installed) so I used an ipip tunnel to connect two routers, got PIM and MSDP working, then gre tunnels to my two ubuntu boxes (as per http://knol.google.com/k/juniper-hacks/gre-tunnel-between-a-linux-host-and/1xqkuq3r2h459/43#).

I can see the routes filling up the MSDP table, dbeacon seems to sense get some sort of communication, but it still looks like multicast traffic isn't being routed properly.... at least it's getting across all the links now

Friday, June 17, 2011

JunOS Router testbed part 2

My topology has since become quite complicated, so I thought it would be best to draw a picture:
The fourth olive (meant to branch off like olive2 and olive3 with a separate AS number, tap interface and Ubuntu virtual machine) has been left out for simplicity at this stage. The main problem with my original design was that layer 3 separation wasn't enough - multicast skips routers at layer 2 - so I needed to give each box its own tap interface. To go with the diagram, here's the config from olive1 and olive2 (olive3 is basically the same as olive2 - this is an exercise for the reader)

Olive 1:


interfaces {
    em0 {
        unit 0 {
            family inet {
                address 192.168.2.1/24;
                address 192.168.11.1/24;
                address 10.1.1.198/8;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 1.1.1.1/32;
            }
        }
    }
}
routing-options {
    autonomous-system 65000;
}
protocols {
    bgp {
        local-as 65000;
        group branch1 {
            type external;
            export to-branch1;
            peer-as 65001;
            neighbor 192.168.2.2;
        }
        group branch2 {
            type external;
            export to-branch;
            peer-as 65002;
            neighbor 192.168.2.3;
        }
        group branch3 {
            type external;
            export to-branch;
            peer-as 65003;
            neighbor 192.168.2.4;
        }
    }
    rip {
        group gateway {
            export gateway-rip;
            neighbor em0.0;
        }
    }
}
policy-options {
    policy-statement gateway-rip {
        from protocol [ direct bgp ];
        then accept;
    }
    policy-statement to-branch {
        from protocol [ direct local ospf bgp static rip ];
        then accept;
    }
}
Olive 2:

interfaces {
    em0 {
        unit 0 {
            family inet {
                address 192.168.2.2/24;
            }
        }
    }
    em1 {
        unit 0 {
            family inet {
                address 192.168.12.1/24;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 1.1.1.2/32;
            }
        }
    }
}
routing-options {
    autonomous-system 65001;
}
protocols {
    bgp {
        local-as 65001;
        group olive {
            type external;
            export to-branch1;
            peer-as 65000;
            neighbor 192.168.2.1;
        }
    }
}
policy-options {
    policy-statement to-branch1 {
        from protocol [ direct local ospf bgp ];
        then accept;
    }
}

And here's a show route from olive 2

inet.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[BGP/170] 00:31:58, MED 3, localpref 100
                      AS path: 65000 I
                    > to 192.168.2.1 via em0.0
1.1.1.1/32         *[BGP/170] 00:31:58, localpref 100
                      AS path: 65000 I
                    > to 192.168.2.1 via em0.0
1.1.1.2/32         *[Direct/0] 00:32:02
                    > via lo0.0
1.1.1.3/32         *[BGP/170] 00:25:00, localpref 100, from 192.168.2.1
                      AS path: 65000 65002 I
                    > to 192.168.2.3 via em0.0
10.0.0.0/8         *[BGP/170] 00:31:58, localpref 100
                      AS path: 65000 I
                    > to 192.168.2.1 via em0.0
192.168.2.0/24     *[Direct/0] 00:32:02
                    > via em0.0
                    [BGP/170] 00:31:58, localpref 100
                      AS path: 65000 I
                    > to 192.168.2.1 via em0.0
192.168.2.2/32     *[Local/0] 00:32:02
                      Local via em0.0
192.168.11.0/24    *[BGP/170] 00:31:58, localpref 100
                      AS path: 65000 I
                    > to 192.168.2.1 via em0.0
192.168.12.0/24    *[Direct/0] 00:31:09
                    > via em1.0
192.168.12.1/32    *[Local/0] 00:31:09
                      Local via em1.0
192.168.13.0/24    *[BGP/170] 00:25:00, localpref 100, from 192.168.2.1
                      AS path: 65000 65002 I
                    > to 192.168.2.3 via em0.0
218.101.61.124/32  *[BGP/170] 00:31:58, MED 2, localpref 100
                      AS path: 65000 I
                    > to 192.168.2.1 via em0.0

It's all going well so far - putting each subnet on a different tap interface stops them cheating and using layer 2 for multicast, so now I can start getting PIM-SM set up (IPv4 only for starters)

Router testbed with JunOS olive on Virtualbox

I did an SRX course earlier in the week and we got to use Olive virtual machines to play with what we had learned. I'd tried making my own but got into trouble when actually installing the package, so I took a copy of this olive (8.3) and tried to get it to work at home. The first results were less than ideal - they would run fine without crashing, but setting addresses had to be done on the commandline with ifconfig rather than in the interfaces stanza. Not only this, but routing was totally broken - not even OSPF would work!

I had read that JunOS 9 didn't suffer from this, and tonight I acquired a copy of JunOS 9.6. The upgrade went smoothly (needed a force as the leftover diskspace wasn't enough, but it installed fine) and it automatically picked up the addresses from the interfaces stanza. OSPF worked fine between 4 of them, so the next thing was to use BGP to set up a basic layer 3 topology with 3 routers all with a single peering with the router in the middle.

If you've done JunOS BGP before then you'll know this is trivial - I made my life easier by making the export policy take routes from direct, local and bgp (which means readvertising happens automatically). The point of this testbed was simply to check my connectivity.

It did all work in the end, and now I'm on to part two - testing out multicast. The plan is to get a couple of virtual interfaces on a real machine, set up multicast between the routers, and have each virtual interface on a subnet owned by a different router. They're all connected to the same bridged interface which means the layer 2 topology has everything effectively hanging off the same switch, so this will be successful if I can get multicasts happening between the different subnets. This is somewhat trivial though, and the next step is to get IPv6 connectivity and testbed IPv6 multicast - if it works, then I'll put up some detailed instructions of all the ins and outs!