bong-utils/examples/split4ula at main · dmarker/bong-utils · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# This is a much larger snippet, but kept to minimum for what it does.
#
# This is useful if, like me, you have an ISP that gives you a /64 prefix. This
# allows you to continue sharing your GUA prefix while routing separate IPv4
# and ULA IPv6 addresses. I use this so that I can have DHCPv6 for the ULA on
# my LAN and keep SLAAC on WiFi (required by android).
#
# Here is what is created by this snippet:
#
#                                  GUA
#                                +------------+
#          ULA + IPv4            |  ng_eiface |        ULA + IPv4
#         +--------------+       | EIFACE=gw0 |      +---------------+
#         | ng_eiface    |       +-----+------+      | ng_eiface     |
#         | EIFACE1=lan0 |       ether |             | EIFACE2=wifi0 |
#         +-------+------+             |             +------+--------+
#           ether |                    |                    | ether
#                 |                    | nomatch            |
#                 |               +----+----+               |
#                 |     vl${TAG1} | ng_vlan | vl${TAG2}     |
#                 +---------------+ VLAN=   +---------------+
#                                 | vlan0   |
#                                 +----+----+
#                                      | downstream
#                                      |
#                                 link |
#             +------------------------+------------------------+
#             | ng_bridge         BRIDGE=br0                    |
#             +---+-----------------------------------------+---+
#                 | link                               link |
#                 |                                         |
#           untag |                                         | untag
#           +-----+------+                           +------+-----+
#           | ng_ula4tag |                           | ng_ula4tag |
#           | tag${TAG1} |                           | tag${TAG2} |
#           +-----+------+                           +------+-----+
#                 | tag                                 tag |
#           lower |                                         | lower
#        +--------+------+                           +------+--------+
#        | ng_ether      |                           | ng_ether      |
#        | ETHERDEV1=em1 |                           | ETHERDEV2=em2 |
#        | ETHER1=br0em1 |                           | ETHER2=br0em2 |
#        +--------+------+                           +------+--------+
#                 |                                         |
#                 V                                         V
#                LAN                                       WiFi
#
# Notice nodes are in three lanes of variable by suffix
#	EIFACE1, TAG1, and ETHERDEV1, ETHER1
#	EIFACE, VLAN, and BRIDGE
#	EIFACE2, TAG2, and ETHERDEV2, ETHER2
#
# TAG1 and TAG2 must be integers and they are used to create hook names on VLAN
# and are the suffix of the ng_ula4tag(4) nodes.
#
# This one is a good reminder that you don't have to connect the `upper` hook of
# ng_ether(4). In fact that would not make sense here.
#
# To give users a hint they should not configure em1/em2 we also rename them to
# br0em1 and br0em2 (prefix with bridge name).
#
# Picture above as if this was run:
#	grep -o '^[^#]*' split4ula | \
#	EIFACE=gw0 VLAN=vlan0 BRIDGE=br0 \
#	EIFACE1=lan0 TAG1=10 ETHERDEV1=em1 ETHER1=${BRIDGE}${ETHERDEV1} \
#	EIFACE2=wifi0 TAG2=20 ETHERDEV2=em2 ETHER2=${BRIDGE}${ETHERDEV2} \
#	envsubst > /usr/local/etc/ng/ngctl.conf
#
#
# TODO: you shoud configure ETHER1 and ETHER2 in rc.conf following this
# https://wiki.freebsd.org/Networking/10GbE/Router#Disabling_LRO_and_TSO
#
# So in this case it would be (remembering to use new names):
# ifconfig_br0em1="-tso4 -tso6 -lro -vlanhwtso promisc up"
# ifconfig_br0em2="-tso4 -tso6 -lro -vlanhwtso promisc up"
#
# This is passing IPv4 and IPv6 through the ula4tags. You could make a similar
# snippet that dropped IPv4 (or ULA for that matter). See ng_ula4tag(4).
#
#
# Take that Claro Brasil, you can't defeat freedave while he has FreeBSD!


# create middle lane first, starting with EIFACE as it is persistent
mkpeer .: eiface e ether
name .:e ${EIFACE}
disconnect .: e

# next VLAN
mkpeer ${EIFACE}: vlan ether nomatch
name ${EIFACE}:ether ${VLAN}
msg ${VLAN}: setencap 0

# finally BRIDGE for middle lane
mkpeer ${VLAN}: bridge downstream link
name ${VLAN}:downstream ${BRIDGE}
msg ${BRIDGE}: setpersistent


# Now the left lane (right will be nearly identical)
# We start from the bottom. This is because you can't use a `br0:link` to locate
# a node after `mkpeer`.
name ${ETHERDEV1}: ${ETHER1}
mkpeer ${ETHER1}: ula4tag lower tag
name ${ETHER1}:lower tag${TAG1}
msg tag${TAG1}: setconfig { ulatag=${TAG1}, ip4tag=${TAG1} }

connect tag${TAG1}: ${BRIDGE}: untag link

mkpeer ${VLAN}: eiface vl${TAG1} ether
name ${VLAN}:vl${TAG1} ${EIFACE1}
msg ${VLAN}: addfilter { vlan=${TAG1} hook="vl${TAG1}" pcp=0 cfi=0 }

# Finally the right lane
name ${ETHERDEV2}: ${ETHER2}
mkpeer ${ETHER2}: ula4tag lower tag
name ${ETHER2}:lower tag${TAG2}
msg tag${TAG2}: setconfig { ulatag=${TAG2}, ip4tag=${TAG2} }

connect tag${TAG2}: ${BRIDGE}: untag link

mkpeer ${VLAN}: eiface vl${TAG2} ether
name ${VLAN}:vl${TAG2} ${EIFACE2}
msg ${VLAN}: addfilter { vlan=${TAG2} hook="vl${TAG2}" pcp=0 cfi=0 }