FreerTr also know as freeRouter is an open source router written in Java by Csaba Mate. The GEANT Router for Academic Research & Education (RARE) project uses freeRouter as their router operating system.
http://www.freertr.net/
https://github.com/mc36/freeRouter
https://wiki.geant.org/display/RARE/Home
Some initial observations about freeRouter.
1) freeRouter is not like a traditional software router, where the data plane and control plane are bundled together. freeRouter allows you to use different data planes such as P4, pcap, DPDK and more using Unix sockets to map from the the physical interface to the forwarding plane of choice. Some examples I found in the rtr directory are p4dpdk.bin, p4pkt.bin, pcapInt.bin, p4emu.bin, pcap2pcap.bin and rawInt.bin. This makes freeRouter very useful for testing new forwarding planes.
2) The default install location is /rtr
3) The router configuration is stored in /rtr/rtr-sw.txt
4) While Open Vswitch is installed, it does not look like it is used.
root@freertr:/rtr# ovs-vsctl show
6eab5861-c524-4f44-ba3e-565141f07824
ovs_version: "2.13.1"
root@freertr:/rtr#
root@freertr:/rtr# ovs-vsctl list bridge
root@freertr:/rtr# ovs-vsctl list port
5) There is no default table, you must use a VRF, but you can have multiple VRFs
6) freeRouter supports lots of routing protocols and new shiny things like Telemetry.
How to get started.
There are many ways to install freeRouter. There is an excellent blog post here:
https://wiki.geant.org/pages/viewpage.action?pageId=148083914
That explains how to install freeRouter on Debian from source. I have chosen to use a one line install from the freeRouter website on a Ubuntu 20.04 LTS Virtual Machine with 3 Ethernet interfaces.
Step 1: Install Ubuntu 20.02 LTS
ekenny@freertr:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.1 LTS
Release: 20.04
Codename: focal
ekenny@freertr:~$
Step 2: Log into the Ubuntu machine a run the following:
wget http://www.freertr.net/install.sh && sudo bash install.sh
Running this command will blow away your current network setting and map the existing Ethernet Interfaces to Unix UDP sockets.
ekenny@freertr:~$ ps -ef | grep 127
root 978 901 0 15:40 ? 00:00:01 /rtr/rawInt.bin ens160 20002 127.0.0.1 20001 127.0.0.1
root 993 901 0 15:40 ? 00:00:05 /rtr/rawInt.bin ens192 20012 127.0.0.1 20011 127.0.0.1
root 994 901 0 15:40 ? 00:00:00 /rtr/rawInt.bin ens224 20022 127.0.0.1 20021 127.0.0.1
root 1004 901 0 15:40 ? 00:00:00 /rtr/tapInt.bin tap20001 20042 127.0.0.1 20041 127.0.0.1 10.255.255.1/24 10.255.255.254
It will also create one new tunnel interface "tap20001" which is used to log into the freeRouter console from the host Ubuntu operating system.
The IP addresses that were originally on the Ubuntu physical ens interfaces will now be associated with a Unix Socket and hence while still reachable for connecting to the host Ubuntu VM they will not appear on the physical interfaces where you would normally expect to see them!
The only IP address that you will see from the Unix shell is the IP address used for the tunnel interface to the freeRouter process for management. 10.255.255.1/24
ekenny@freertr:~$ ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65535 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:73:0d:6c brd ff:ff:ff:ff:ff:ff
3: ens192: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:73:0d:76 brd ff:ff:ff:ff:ff:ff
4: ens224: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:73:0d:80 brd ff:ff:ff:ff:ff:ff
5: tap20001: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether 00:00:4e:4a:4e:49 brd ff:ff:ff:ff:ff:ff
inet 10.255.255.1/24 scope global tap20001
valid_lft forever preferred_lft forever
inet6 2001:db8:ffff:ffff:200:4eff:fe4a:4e49/64 scope global dynamic mngtmpaddr
valid_lft 2591909sec preferred_lft 604709sec
inet6 fe80::200:4eff:fe4a:4e49/64 scope link
valid_lft forever preferred_lft forever
After a reboot you can still ssh to the Ubuntu host and then from the Ubuntu host you can telnet to the freeRouter management IP address 10.255.255.254
ekenny@freertr:~$ telnet 10.255.255.254
Trying 10.255.255.254...
Connected to 10.255.255.254.
Escape character is '^]'.
welcome
line ready
rtr#
There is no default username or password set.
The comand line experience is very similar to your traditional router CLI.
rtr#show interfaces full | include ip4
ip4 address=192.168.5.55/24, netmask=255.255.255.0, ifcid=10011
ip4 address=192.168.249.194/26, netmask=255.255.255.192, ifcid=10012
ip4 address=10.255.255.254/24, netmask=255.255.255.0, ifcid=10013
ip4 address=192.168.1.100/24, netmask=255.255.255.0, ifcid=10014
rtr#
The 192 addresses are the addresses that were originally on the physical ens unterfaces before the installation. While the 10.255.255.254 is the management interface.
Useful commands
- show running
rtr#show running-config
hostname rtr
rtr#show version
freeRouter v20.11.10-rel, done by cs@nop.
- config terminal
rtr#configure terminal
rtr(cfg)#
- show config-changes
rtr(cfg)#banner set My Test freeRouter banner
rtr(cfg)#show config-differences
banner encoded TXkgVGVzdCBmcmVlUm91dGVyIGJhbm5lcg0K
- write
rtr#write
% saving configuration
% success
rtr#exit
rtr#show startup-config isis
router isis4 1
vrf inet
net-id 49.0001.0192.0168.0005.0055.00
traffeng-id ::
is-type level1
exit
rtr#show running-config interface eth1
interface ethernet1
description uplink
vrf forwarding inet
ipv4 address 192.168.5.55 255.255.255.0
ipv6 address dynamic dynamic
ipv6 gateway-prefix all6
ipv6 slaac
ipv6 prefix-suppress
no shutdown
no log-link-change
exit
!
Changing the forwarding plane/data plane...
We now have a software router up and working. It is possible though to use hardware forwarding or DPDK or emulated P4. Probably a whole lot more as well. On the freeRouter website there is a clue. It says to activate external forwarding,
activate external forwarding:
write
test hwext path /rtr/rtr- dataplane p4emu
reload cold
I suspect this is enabling P4 emulation rather than forwarding via the freeRouter process itself. That said I cannot find the "hwext" command in the install I have just done or the source.
Documentation
freeRouter documentation is sparse and the main places I have found are the GEANT RARE website https://wiki.geant.org/pages/viewrecentblogposts.action?key=RARE
and the unit tests for freeRouter are a good place to find configuration examples. http://www.freertr.net/tests.html
The interop tests, provide a good idea of what the equivalent freeRouter config looks like in comparison to Juniper (interop9) and Cisco IOS (Interop2).
Source code - http://sources.nop.hu/
https://github.com/mc36/freeRouter
And Telemetry sensors at: http://sources.nop.hu/misc/sensor/
Grafana dashboard plugins for freeRouter. https://grafana.com/grafana/dashboards?search=rare
rtr#?
attach - connect to system resources
clear - clear running conditions
configure - enter configuration mode
debug - start debugging one protocol
delete - remove configuration command
differs - running system difference information
disable - drop privileges
display - running system periodic information
dtls - start dtls session
enable - gain privileges
exit - close this exec session
flash - file system utility
gpsemu - start gps emulation session
gpstime - start gps session
hostscan - scan ports on remote
listen - start listen session
logout - close this exec session
lookup - domain name lookup
menu - start menu session
modememu - start modem emulation session
netconf - start netconf session
nullemu - start null session
packet - packet related things
ping - send echo request
portscan - scan ports on remote
ppp - start framed session
reload - restart the system
set - insert configuration command
show - running system information
sleep - do nothing for a while
ssh - start ssh session
ssl - start ssl session
tclsh - run tcl shell
telnet - start telnet session
terminal - terminal specific parameters
test - test various things
tls - start tls session
traceroute - trace route to target
undebug - stop debugging one protocol
view - running system information
watch - running system periodic information
whois - perform whois query
write - save configuration
xml - start xml session
rtr#
rtr(cfg)#?
aaa - authentication configuration
access-list - build an access list
alias - configure a command alias
banner - banner of system
bridge - transparent bridging parameters
buggy - enable dangerous things
bundle - interface bundle parameters
chat-script - build a chat script
client - specify address of name server
connect - define one interface cross connection
crypto - cryptographic configuration
dial-peer - dial peer parameters
do - execute one exec command
enable - set enable password
end - close this config session
event-manager - build an event manager
exit - go back to previous mode
hairpin - interface hairpin parameters
hostname - set name of system
interface - select an interface to configure
ipv4 - internet protocol config commands
ipv6 - internet protocol config commands
ipx - ipx config commands
line - select a line to configure
logging - set logging parameters
menu - define one menu
mtracker - configure a mtracker
no - negate a command
nsh - specify service chaining
object-group - build an object group
password-encrypt - set password encryption key
policy-map - build a policy map
prefix-list - build a prefix list
process - configure a external process
proxy-profile - proxy profile parameters
route-map - build a route map
route-policy - build a route policy
router - enable a routing protocol
scheduler - configure a scheduler
script - configure a script
sensor - sensor parameters
server - create new or update existing server process
show - running system information
telemetry - telemetry configuration
time-map - time map parameters
tracker - configure a tracker
translation-rule - translation rule parameters
vdc - configure a virtual device context
vpdn - vpdn client parameters
vrf - configure a virtual routing forwarding
xconnect - define one protocol cross connection
rtr(cfg)#
rtr(cfg)#show running-config
hostname rtr
buggy
banner encoded TXkgVGVzdCBmcmVlUm91dGVyIGJhbm5lcg0K
!
logging file debug zzz.log
logging rotate 65536000 zzz.old
!
crypto rsakey test_rsa import $v10$TUlJRW93SUJBQUtDQVFFQWxEaDlOeE91SSt4ZWZ2MTEyOVJPUXJZNmJnS1EyVDduWE41WDlGcG5VSGQ1ZHF6VHo5OFBObGdEaWw3VzZ4SklrTHJnanZSZmhHd2JNczJsa2FKR3FyK3VMd2ZVWCtBeTlBWHlCZVM0ajA4S0tvYjN2ZTZEUE8zOFVsdythKzJNNkdyOFEzZnp2SWZKN2xUWVdvNnhrMkFtV0pWOHZRK0IwcDhsMmtrVWcrK1dhSEFacFZySis3QUMrS2hBTmQ3VE9Nd2t1dnVUKzUzTHVUV2orZ1ppYWlxeUluL1ZoM3g1NW0zbUdRaXlwd1RwcFJRcWdTY2VCQzlMZnphcXZ4OXpnUUdOaDliZnQ5WXNwRWNuT2FFdlZkckJ5ZDR2eVJTZkFBaER2Q1V6alJiVWpxWC9HSmI1TjhhQXhzYnFUcDhBdW5KbXJtZ2dhR09zRHZQbTg4R3JCd0lEQVFBQkFvSUJBRWtUOE9pTzAzVHl2VVJ2UXdTM2tENWtDanJqR1BlRGhCN05vUi9nMHI5aHFJbFNmTHdvaGgrTkZYSExnTHMxc0lGcklmeFprQjZDRG9ibHpaUVlKaTlaZ2srOTFIL1EwazV0Ly8zWDN3Y0pPVUh1ZVljemFaRkk1UGJXZEJCU2R2N0FnTS9pL0ZFZndmZTM3VlA0dHFTcTZ6MFJ0d2FmOXFvWnZWZjZZQnNMNlk4L3J5VWREYi9vZUFUbGZnNWFmYlBPeWdQc1BPdEFQVW93bjdsLzd6dEMyeFVqZlBSKzVIcHRySFFCUzl3aVFadGFkL3pqYjk2aGJmQlZjLzVHZHppYkVFWEsxYVRXWlpueTR0Zm5hNjR0Wk84djVJUXh3cFZZUlF4dzI0ckdZSjk2L280MGhSeDNIS2h5dFFzc01qYTNyaytuZm9MdWVPTThldjB1c1VFQ2dZRUE3VVkwWDlxUDY3QmZIMi9mMHkzOVd2dkZmSkdFZ3NmMXBpc3JXWkhoaVN5a2JvRmcrbXZEVjJaUEZreUxtUm5XUW1WSHMxRCtBRCtTeGZnQWI3YklzSWZib3hVUUxmeHZRMHlvMGtibkhsM3BRUTVoRmFyYmFzc3BzdTM4U25NbDJ5UVA5Ym5NVVJFSjcvZE5INmF5elQwcG84c3lSNEtXL29xbE5PZXdNR01DZ1lFQW4rc1V3aThYeXB0Qk8ramp5SlpiOUhzS21wT2swb1ZnOXVMczNjRFJicHMvL0pRREE3eCtMb2hYelE5ZjRidDNUcGpCT0hIc2pIcmpTSG94RC9kMXRqMmxYcjloWWUvSmM0TW9kM2dneDdmSzBLOG5nY2RYSVVNcnp6TUVaeE4yRExPUzBkYVBMYUJGRk9idW4rUFBFT3hRaEhZbHN3b1Q4OHRBczc3SzBnMENnWUFpZ2JJK09tL3h5OTJabWRDSVNzanN3VzdRRmUyYWczQVRNWFlGZWJTK0dWTDBpelpLVlArOHB6RmJRZGlQZEhWM2hIa3Y5OWhvdXRZaW1sV2Q2WXc0T0JuV0Zzc2FsUHF0WSttdFl3aGJuemE3OGxabUswbnJ0dzRpYW4vbForZWFmaDBnRkZ4RmNkL3JHU0VMT0ZnS2h4bVdLNGZ0WkcySEtTeXJqQUpRbHdLQmdRQ2VYY3BINXlVVGNwNnVlcHFnK1M0Rk5aZ3hyZ2JxcUVWM0dSRGpKZUVCUE9PbitOZm5hbEkzT0xSaWtWZ3RqbDIvU3cwR0hlUFkxcFdnSDhuWWV3SnFRREExWFNkT09vMXdSREhkNWV2b2ZIMXdIaFRzczRENG9yR08xb0lFcGNRaEhmQkd0OGxBc05mWXREMFp3QnMrTWhnbXBXMytHUHZiVWF3NGxMZjhQUUtCZ0FvRmZwOURiVkQ5SmhxWU10T0lFVlVYa1VabnN5U1VlTjc0U3ZhUXBNU2JxQjJNN3JwRDhrZnBJVDIwdjhlRHBBa3hnSGFDb1d2M2JVQ3ZUL3A0aFA0NFlNZjhIOVRNaFo4cW5YSk83SytGbzZCeEZ6QWV3TnpzUU80QTBGaWNNa0N1dW5CNFRhaGNDVFgycENudXA2dkJMeGdDUUsxVUJGNEZSK3cxekhqUw==
!
crypto dsakey test_dsa import $v10$TUlJQnVRSUJBQUtCZ0NkeVN5OXZSQ1JrSEk0eXcxY241Z3pLTWtsVm9RVUx3cW5wZTBVRnZDZWdFc25Ma0dtdUdFclFwaFEySGJNZHNZTjVhOWFqcHFySWtLc29NRU16ZkpBclF3UlNkRWFOelBjUElpYmN2ZmxUQUlQWjYzQWs0OSt3b2t5cHBBZWlUWXp4OTgxRGMxWkdSdVRham1GbWw1OWpzZmJRaDhFSG1vTmFNcmlpUExsVEFoVUE0TC9CSHZlR0hKQ093ekF3RnlpcTZCVk5PakVDZ1lBTTVsamNiLzFCZi9XQzVoc3FVK25vS2poeDBnMGphVnNHdG9nR1dnUFpJSnl1UW5VR0lKS3JrMEkveEczc0UvbVE2Q0E2YmVjZWdIYUFYOW5Tc0QxWHJHNDUrVGJZd3N3RE54RUVkZ2lSUjY2dDRhWFdFRENMTy8xQVZLdFdwNU9PZDYzRkxyL0x0UFIwM3FybXFrSUYrejRjbVFoWTBUWUJCNHFPb0ZuVjFBS0JnQnp1RmRVRTJ6U1lON1dBRDFuUk5GS29aeGx4SzVvUGYydUhMamtMTUJEV3BGcUt0c3ZFVThTMDFCR0FiR3EwWlYrNkJGVm8wRGRiZmdHaU52cHk1aHdlVWovOWE2QUxzL0w3QTFyS3YxQXRVaW5nNTQxaE53THpIYk5zdE5HT3BsTXNldzQ5WkFDVDlRQ2VkSm9KNmhCaU9rMEw0UWhlV0wvY013Y05KekcwQWhRL2NCN09aaXZWRkFXREZoSUhPRHdmZUJUWG5RPT0=
!
crypto ecdsakey test_ecdsa import $v10$TUhNQ0FRRUVId2p4QjVxNFB2ejBubG9IeVpMY2RyK2VOcVc0RGh5RmZmeVdpbElhd2k2Z0J3WUZLNEVFQUFxaFJBTkNBQVRDTWpid3lMV2YxKzJXODROZEphT1paMTlVR0JFRmlDS3BnRVBCV3lMM3p6VmZxVFZWV2JudEpFQVB4dDYvdGcyWVZCanVXU3hsdVd0UnZFR0EvSE1u
!
crypto certificate test_cert_dsa import dsa test_dsa $v10$TUlJQ1R6Q0NBZytnQXdJQkFnSUVPclBJZWpBSkJnY3Foa2pPT0FRRE1BNHhEREFLQmdOVkJBTVRBM0owY2pBZUZ3MHlNREV4TVRBeU1UQTFNREJhRncwek1ERXhNRGd5TVRBMU1EQmFNQTR4RERBS0JnTlZCQU1UQTNKMGNqQ0NBYlV3Z2dFcUJnY3Foa2pPT0FRQk1JSUJIUUtCZ0NkeVN5OXZSQ1JrSEk0eXcxY241Z3pLTWtsVm9RVUx3cW5wZTBVRnZDZWdFc25Ma0dtdUdFclFwaFEySGJNZHNZTjVhOWFqcHFySWtLc29NRU16ZkpBclF3UlNkRWFOelBjUElpYmN2ZmxUQUlQWjYzQWs0OSt3b2t5cHBBZWlUWXp4OTgxRGMxWkdSdVRham1GbWw1OWpzZmJRaDhFSG1vTmFNcmlpUExsVEFoVUE0TC9CSHZlR0hKQ093ekF3RnlpcTZCVk5PakVDZ1lBTTVsamNiLzFCZi9XQzVoc3FVK25vS2poeDBnMGphVnNHdG9nR1dnUFpJSnl1UW5VR0lKS3JrMEkveEczc0UvbVE2Q0E2YmVjZWdIYUFYOW5Tc0QxWHJHNDUrVGJZd3N3RE54RUVkZ2lSUjY2dDRhWFdFRENMTy8xQVZLdFdwNU9PZDYzRkxyL0x0UFIwM3FybXFrSUYrejRjbVFoWTBUWUJCNHFPb0ZuVjFBT0JoQUFDZ1lBYzdoWFZCTnMwbURlMWdBOVowVFJTcUdjWmNTdWFEMzlyaHk0NUN6QVExcVJhaXJiTHhGUEV0TlFSZ0d4cXRHVmZ1Z1JWYU5BM1czNEJvamI2Y3VZY0hsSS8vV3VnQzdQeSt3TmF5cjlRTFZJcDRPZU5ZVGNDOHgyemJMVFJqcVpUTEhzT1BXUUFrL1VBbm5TYUNlb1FZanBOQytFSVhsaS8zRE1IRFNjeHREQUpCZ2NxaGtqT09BUURBeThBTUN3Q0ZDemhYcGliaXF1SjhTYVRZSFh2L05NbWdyR0VBaFErdHN2N3VNT1cvdVh3ZTRXNCtFcDlNZmlIY3c9PQ==
!
crypto certificate test_cert_ecdsa import ecdsa test_ecdsa $v10$TUlJQlJqQ0JycUFEQWdFQ0FnUmdNcWtFTUFrR0J5cUdTTTQ5QkFFd0RqRU1NQW9HQTFVRUF4TURjblJ5TUI0WERUSXdNVEV4TURJeE1EVXpOVm9YRFRNd01URXdPREl4TURVek5Wb3dEakVNTUFvR0ExVUVBeE1EY25SeU1GWXdFQVlIS29aSXpqMENBUVlGSzRFRUFBb0RRZ0FFd2pJMjhNaTFuOWZ0bHZPRFhTV2ptV2RmVkJnUkJZZ2lxWUJEd1ZzaTk4ODFYNmsxVlZtNTdTUkFEOGJldjdZTm1GUVk3bGtzWmJsclVieEJnUHh6SnpBSkJnY3Foa2pPUFFRQkE0R0hBRENCZ3dJZ1lWYWNvQnNxcW5vL20zaUNJNjB3QXByZWVwZ1BhdkduZUJxN1RQcmo0dWNDWHdDdEljNWxWTFVNRENWR3hyOXFXa3hTRUxFVVFSSWQ5SER6YVQyRDA4Qy91aWhVREwzUFdOTmdJNHYvUkZxSk9NOHVBZTJ5amd6TWUwRHljRHJUcFo3OGV2S0NIc2V2eWNrdWdSOWxwc20zSUlBcERBK2ZpV1dRRFFCc25GeGc=
!
crypto certificate test_cert_rsa import rsa test_rsa $v10$TUlJQ2t6Q0NBWDZnQXdJQkFnSUVOTXB2N3pBTEJna3Foa2lHOXcwQkFRVXdEakVNTUFvR0ExVUVBeE1EY25SeU1CNFhEVEl3TVRFeE1ESXhNRFEwTWxvWERUTXdNVEV3T0RJeE1EUTBNbG93RGpFTU1Bb0dBMVVFQXhNRGNuUnlNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQWxEaDlOeE91SSt4ZWZ2MTEyOVJPUXJZNmJnS1EyVDduWE41WDlGcG5VSGQ1ZHF6VHo5OFBObGdEaWw3VzZ4SklrTHJnanZSZmhHd2JNczJsa2FKR3FyK3VMd2ZVWCtBeTlBWHlCZVM0ajA4S0tvYjN2ZTZEUE8zOFVsdythKzJNNkdyOFEzZnp2SWZKN2xUWVdvNnhrMkFtV0pWOHZRK0IwcDhsMmtrVWcrK1dhSEFacFZySis3QUMrS2hBTmQ3VE9Nd2t1dnVUKzUzTHVUV2orZ1ppYWlxeUluL1ZoM3g1NW0zbUdRaXlwd1RwcFJRcWdTY2VCQzlMZnphcXZ4OXpnUUdOaDliZnQ5WXNwRWNuT2FFdlZkckJ5ZDR2eVJTZkFBaER2Q1V6alJiVWpxWC9HSmI1TjhhQXhzYnFUcDhBdW5KbXJtZ2dhR09zRHZQbTg4R3JCd0lEQVFBQk1Bc0dDU3FHU0liM0RRRUJCUU9DQVFCTW1IL0pvQysvTjJZNkIvNnJMVTIwL3NmVjRJcSsrUVYzZHBxUGpuUlZ6ZGFNS1NwTkczekdzK051UVBESjVKSEpCU3pKSWQybnhZS253MDlQZEdyRmEwdUdubDB2VDlVNWhjYTdqYlpaT052OFNhdkI0UmpsdWF1aWlYTGh4UkhGSjNKWXBsMzk3Nkw4emRNSDROMzlWaG9LRTkrVlJjd0VJVUZiN3ByVVEyUTFiRG1oRFJ5aCs3Wit1K3JvQWVmdzdrSnBEZG1zTGVqRmdLRXFwelErNC9TUVZXSW5IbDAvSXg2SENVanVDT01tc0hYYTZmeG9EdkIyVlVIWW5DUnNYVDVQTGZHa2drTy9zV0ZSYUd3ZTlvd1hkL3JiYnZzNXd0UWIyYVMvWDJWM3Q3ZGR4YTFaaE00RnFqRjRiRStTbWFsYWcrZmRtVFdpRmNuSUVseXQ=
!
aaa userlist myuser_list
no log-error
username ekenny
username ekenny password $v10$YWxsYnJhbg==
username ekenny privilege 14
exit
!
object-group network host4
sequence 10 10.255.255.0 255.255.255.0
exit
!
object-group network host6
sequence 10 2001:db8:ffff:ffff:: ffff:ffff:ffff:ffff::
exit
!
object-group network lloc4
sequence 10 169.254.0.0 255.255.0.0
exit
!
object-group network lloc6
sequence 10 fe80:: ffff::
exit
!
object-group network mcast4
sequence 10 224.0.0.0 255.255.0.0
exit
!
object-group network mcast6
sequence 10 ff00:: ff00::
exit
!
access-list nat4
sequence 10 deny all obj lloc4 all any all
sequence 20 deny all any all obj mcast4 all
sequence 30 deny all obj host4 all obj host4 all
sequence 40 permit all obj host4 all any all
exit
!
access-list nat6
sequence 10 deny all obj lloc6 all any all
sequence 20 deny all any all obj mcast6 all
sequence 30 deny all obj host6 all obj host6 all
sequence 40 permit all obj host6 all any all
exit
!
prefix-list all4
sequence 10 permit 0.0.0.0/0 ge 0 le 0
exit
!
prefix-list all6
sequence 10 permit ::/0 ge 0 le 0
exit
!
vrf definition inet
exit
!
router isis4 1
vrf inet
net-id 49.0001.0192.0168.0005.0055.00
traffeng-id ::
is-type level1
exit
!
interface ethernet1
description uplink
vrf forwarding inet
ipv4 address 192.168.5.55 255.255.255.0
ipv6 address dynamic dynamic
ipv6 gateway-prefix all6
ipv6 slaac
ipv6 prefix-suppress
no shutdown
no log-link-change
exit
!
interface ethernet2
description "To Internet"
vrf forwarding inet
ipv4 address 192.168.249.194 255.255.255.192
no shutdown
no log-link-change
exit
!
interface ethernet20001
description linux
vrf forwarding inet
ipv4 address 10.255.255.254 255.255.255.0
ipv6 address 2001:db8:ffff:ffff::1 ffff:ffff:ffff:ffff::
no shutdown
no log-link-change
exit
!
interface ethernet3
description "Link to edge1-testlab"
vrf forwarding inet
ipv4 address 192.168.1.100 255.255.255.0
no shutdown
no log-link-change
exit
!
proxy-profile inet
vrf inet
exit
!
scheduler errors
time 600000
delay 30000
command clear errors freerror@nop.hu
start
exit
!
scheduler upgrade
time 600000
delay 60000
random-time 60000
random-delay 300000
command flash upgrade
start
exit
!
!
ipv4 route inet 172.16.11.0 255.255.255.0 192.168.5.1
ipv4 route inet 192.168.116.0 255.255.255.0 192.168.5.1
!
!
!
!
ipv4 nat inet sequence 10 srclist nat4 interface ethernet1
!
ipv6 nat inet sequence 10 srclist nat6 interface ethernet1
!
!
!
!
!
!
!
sensor ifaces-hw
path interfaces-hw/interface/counter
prefix freertr-ifaces
prepend iface_hw_byte_
command sho inter hwsumm
name 0 ifc=
key name interfaces-hw/interface
replace \. _
column 1 name st
column 1 replace admin -1
column 1 replace down 0
column 1 replace up 1
column 2 name tx
column 3 name rx
column 4 name dr
exit
!
sensor ifaces-sw
path interfaces-sw/interface/counter
prefix freertr-ifaces
prepend iface_sw_byte_
command sho inter summ
name 0 ifc=
key name interfaces-sw/interface
replace \. _
column 1 name st
column 1 replace admin -1
column 1 replace down 0
column 1 replace up 1
column 2 name tx
column 3 name rx
column 4 name dr
exit
!
alias test bash command attach shell1 socat - exec:bash,ctty,pty,stderr
alias test bash description get linux shell
alias test bash parameter optional
!
server telnet test_ssh
security protocol ssh
security authentication ekenny
security rsakey test_rsa
security dsakey test_dsa
security ecdsakey test_ecdsa
security rsacert test_cert_rsa
security dsacert test_cert_dsa
security ecdsacert test_cert_ecdsa
port 2222
no exec authorization
login authentication myuser_list
interface ethernet1
vrf inet
exit
!
server telnet inet
security protocol telnet
access-log
access-rate 5 5000
access-total 5
access-peer 5
protocol ipv4 tcp
exec logging
no exec authorization
no login authentication
login logging
interface ethernet20001
vrf inet
exit
!
server forwarder ssh2host
access-log
port 22
logging
target vrf inet
target interface ethernet20001
target address 10.255.255.1
target port 22
timeout 1000000
vrf inet
exit
!
server dns ns
recursion enable
interface ethernet20001
vrf inet
exit
!
server prometheus prom
sensor ifaces-hw
sensor ifaces-sw
vrf inet
exit
!
client proxy inet
client name-server 8.8.8.8
client upgrade-server http://upgrade.nop.hu/
client upgrade-backup
client time-server europe.pool.ntp.org
client time-zone CET
!
end
