Saturday, 14 November 2020

First Experience of FreerTr aka freeRouter aka RARE

FreerTr also know as freeRouter is an open source router written in Java by Csaba Mate. The GEANT Router for Academic Research & Education (RARE) project uses freeRouter as their router operating system. 

http://www.freertr.net/

https://github.com/mc36/freeRouter

https://wiki.geant.org/display/RARE/Home

Some initial observations about freeRouter.

1) freeRouter is not like a traditional software router, where the data plane and control plane are bundled together. freeRouter allows you to use different data planes such as P4, pcap, DPDK and more using Unix sockets to map from the the physical interface to the forwarding plane of choice. Some examples I found in the rtr directory are p4dpdk.bin, p4pkt.bin, pcapInt.bin, p4emu.bin, pcap2pcap.bin and rawInt.bin. This makes freeRouter very useful for testing new forwarding planes.

2) The default install location is /rtr

3) The router configuration is stored in /rtr/rtr-sw.txt

4) While Open Vswitch is installed, it does not look like it is used. 

root@freertr:/rtr# ovs-vsctl show
6eab5861-c524-4f44-ba3e-565141f07824
    ovs_version: "2.13.1"
root@freertr:/rtr# 

root@freertr:/rtr# ovs-vsctl list bridge
root@freertr:/rtr# ovs-vsctl list port

5) There is no default table, you must use a VRF, but you can have multiple VRFs

6) freeRouter supports lots of routing protocols and new shiny things like Telemetry. 

 

How to get started. 

There are many ways to install freeRouter. There is an excellent blog post here:

https://wiki.geant.org/pages/viewpage.action?pageId=148083914

That explains how to install freeRouter on Debian from source. I have chosen to use a one line install from the freeRouter website on a Ubuntu 20.04 LTS Virtual Machine with 3 Ethernet interfaces. 

Step 1: Install Ubuntu 20.02 LTS

ekenny@freertr:~$ lsb_release -a
No LSB modules are available.
Distributor ID:    Ubuntu
Description:    Ubuntu 20.04.1 LTS
Release:    20.04
Codename:    focal
ekenny@freertr:~$

Step 2: Log into the Ubuntu machine a run the following:

wget http://www.freertr.net/install.sh && sudo bash install.sh

Running this command will blow away your current network setting and map the existing Ethernet Interfaces to Unix UDP sockets. 

ekenny@freertr:~$ ps -ef | grep 127
root         978     901  0 15:40 ?        00:00:01 /rtr/rawInt.bin ens160 20002 127.0.0.1 20001 127.0.0.1
root         993     901  0 15:40 ?        00:00:05 /rtr/rawInt.bin ens192 20012 127.0.0.1 20011 127.0.0.1
root         994     901  0 15:40 ?        00:00:00 /rtr/rawInt.bin ens224 20022 127.0.0.1 20021 127.0.0.1
root        1004     901  0 15:40 ?        00:00:00 /rtr/tapInt.bin tap20001 20042 127.0.0.1 20041 127.0.0.1 10.255.255.1/24 10.255.255.254

It will also create one new tunnel interface "tap20001" which is used to log into the freeRouter console from the host Ubuntu operating system. 

The IP addresses that were originally on the Ubuntu physical ens interfaces will now be associated with a Unix Socket and hence while still reachable for connecting to the host Ubuntu VM they will not appear on the physical interfaces where you would normally expect to see them!

The only IP address that you will see from the Unix shell is the IP address used for the tunnel interface to the freeRouter process for management. 10.255.255.1/24

ekenny@freertr:~$ ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65535 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:73:0d:6c brd ff:ff:ff:ff:ff:ff
3: ens192: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:73:0d:76 brd ff:ff:ff:ff:ff:ff
4: ens224: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:73:0d:80 brd ff:ff:ff:ff:ff:ff
5: tap20001: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether 00:00:4e:4a:4e:49 brd ff:ff:ff:ff:ff:ff
    inet 10.255.255.1/24 scope global tap20001
       valid_lft forever preferred_lft forever
    inet6 2001:db8:ffff:ffff:200:4eff:fe4a:4e49/64 scope global dynamic mngtmpaddr
       valid_lft 2591909sec preferred_lft 604709sec
    inet6 fe80::200:4eff:fe4a:4e49/64 scope link
       valid_lft forever preferred_lft forever

After a reboot you can still ssh to the Ubuntu host and then from the Ubuntu host you can telnet to the freeRouter management IP address 10.255.255.254

ekenny@freertr:~$ telnet 10.255.255.254
Trying 10.255.255.254...
Connected to 10.255.255.254.
Escape character is '^]'.
welcome
line ready
rtr#         

There is no default username or password set.

The comand line experience is very similar to your traditional router CLI. 

rtr#show interfaces full | include ip4

ip4 address=192.168.5.55/24, netmask=255.255.255.0, ifcid=10011
ip4 address=192.168.249.194/26, netmask=255.255.255.192, ifcid=10012
ip4 address=10.255.255.254/24, netmask=255.255.255.0, ifcid=10013
ip4 address=192.168.1.100/24, netmask=255.255.255.0, ifcid=10014
rtr#                                                            

 The 192 addresses are the addresses that were originally on the physical ens unterfaces before the installation. While the 10.255.255.254 is the management interface.

 Useful commands

- show running

rtr#show running-config                                                        
hostname rtr

rtr#show version                                                               
freeRouter v20.11.10-rel, done by cs@nop.

- config terminal

rtr#configure terminal                                                         
rtr(cfg)#                                                                      

- show config-changes

rtr(cfg)#banner set My Test freeRouter banner                                  
rtr(cfg)#show config-differences                                               
banner encoded TXkgVGVzdCBmcmVlUm91dGVyIGJhbm5lcg0K

- write

rtr#write                                                                      
% saving configuration
% success
rtr#exit

rtr#show startup-config isis                                                   
router isis4 1
 vrf inet
 net-id 49.0001.0192.0168.0005.0055.00
 traffeng-id ::
 is-type level1
 exit

rtr#show running-config interface eth1                                        
interface ethernet1
 description uplink
 vrf forwarding inet
 ipv4 address 192.168.5.55 255.255.255.0
 ipv6 address dynamic dynamic
 ipv6 gateway-prefix all6
 ipv6 slaac
 ipv6 prefix-suppress
 no shutdown
 no log-link-change
 exit
!


 

Changing the forwarding plane/data plane...

We now have a software router up and working. It is possible though to use hardware forwarding or DPDK or emulated P4. Probably a whole lot more as well. On the freeRouter website there is a clue. It says to activate external forwarding, 

activate external forwarding:
write
test hwext path /rtr/rtr- dataplane p4emu
reload cold

I suspect this is enabling P4 emulation rather than forwarding via the freeRouter process itself. That said I cannot find the "hwext" command in the install I have just done or the source.

Documentation

freeRouter documentation is sparse and the main places I have found are the GEANT RARE website https://wiki.geant.org/pages/viewrecentblogposts.action?key=RARE

and the unit tests for freeRouter are a good place to find configuration examples. http://www.freertr.net/tests.html

The interop tests, provide a good idea of what the equivalent freeRouter config looks like in comparison to Juniper (interop9) and Cisco IOS (Interop2).

Source code - http://sources.nop.hu/

https://github.com/mc36/freeRouter  


And Telemetry sensors at: http://sources.nop.hu/misc/sensor/

Grafana dashboard plugins for freeRouter. https://grafana.com/grafana/dashboards?search=rare


rtr#?                                                                          
  attach     - connect to system resources
  clear      - clear running conditions
  configure  - enter configuration mode
  debug      - start debugging one protocol
  delete     - remove configuration command
  differs    - running system difference information
  disable    - drop privileges
  display    - running system periodic information
  dtls       - start dtls session
  enable     - gain privileges
  exit       - close this exec session
  flash      - file system utility
  gpsemu     - start gps emulation session
  gpstime    - start gps session
  hostscan   - scan ports on remote
  listen     - start listen session
  logout     - close this exec session
  lookup     - domain name lookup
  menu       - start menu session
  modememu   - start modem emulation session
  netconf    - start netconf session
  nullemu    - start null session
  packet     - packet related things
  ping       - send echo request
  portscan   - scan ports on remote
  ppp        - start framed session
  reload     - restart the system
  set        - insert configuration command
  show       - running system information
  sleep      - do nothing for a while
  ssh        - start ssh session
  ssl        - start ssl session
  tclsh      - run tcl shell
  telnet     - start telnet session
  terminal   - terminal specific parameters
  test       - test various things
  tls        - start tls session
  traceroute - trace route to target
  undebug    - stop debugging one protocol
  view       - running system information
  watch      - running system periodic information
  whois      - perform whois query
  write      - save configuration
  xml        - start xml session
                   
rtr#

rtr(cfg)#?                                                                     
  aaa              - authentication configuration
  access-list      - build an access list
  alias            - configure a command alias
  banner           - banner of system
  bridge           - transparent bridging parameters
  buggy            - enable dangerous things
  bundle           - interface bundle parameters
  chat-script      - build a chat script
  client           - specify address of name server
  connect          - define one interface cross connection
  crypto           - cryptographic configuration
  dial-peer        - dial peer parameters
  do               - execute one exec command
  enable           - set enable password
  end              - close this config session
  event-manager    - build an event manager
  exit             - go back to previous mode
  hairpin          - interface hairpin parameters
  hostname         - set name of system
  interface        - select an interface to configure
  ipv4             - internet protocol config commands
  ipv6             - internet protocol config commands
  ipx              - ipx config commands
  line             - select a line to configure
  logging          - set logging parameters
  menu             - define one menu
  mtracker         - configure a mtracker
  no               - negate a command
  nsh              - specify service chaining
  object-group     - build an object group
  password-encrypt - set password encryption key
  policy-map       - build a policy map
  prefix-list      - build a prefix list
  process          - configure a external process
  proxy-profile    - proxy profile parameters
  route-map        - build a route map
  route-policy     - build a route policy
  router           - enable a routing protocol
  scheduler        - configure a scheduler
  script           - configure a script
  sensor           - sensor parameters
  server           - create new or update existing server process
  show             - running system information
  telemetry        - telemetry configuration
  time-map         - time map parameters
  tracker          - configure a tracker
  translation-rule - translation rule parameters
  vdc              - configure a virtual device context
  vpdn             - vpdn client parameters
  vrf              - configure a virtual routing forwarding
  xconnect         - define one protocol cross connection

rtr(cfg)#  

rtr(cfg)#show running-config                                                   
hostname rtr
buggy
banner encoded TXkgVGVzdCBmcmVlUm91dGVyIGJhbm5lcg0K
!
logging file debug zzz.log
logging rotate 65536000 zzz.old
!
crypto rsakey test_rsa import $v10$TUlJRW93SUJBQUtDQVFFQWxEaDlOeE91SSt4ZWZ2MTEyOVJPUXJZNmJnS1EyVDduWE41WDlGcG5VSGQ1ZHF6VHo5OFBObGdEaWw3VzZ4SklrTHJnanZSZmhHd2JNczJsa2FKR3FyK3VMd2ZVWCtBeTlBWHlCZVM0ajA4S0tvYjN2ZTZEUE8zOFVsdythKzJNNkdyOFEzZnp2SWZKN2xUWVdvNnhrMkFtV0pWOHZRK0IwcDhsMmtrVWcrK1dhSEFacFZySis3QUMrS2hBTmQ3VE9Nd2t1dnVUKzUzTHVUV2orZ1ppYWlxeUluL1ZoM3g1NW0zbUdRaXlwd1RwcFJRcWdTY2VCQzlMZnphcXZ4OXpnUUdOaDliZnQ5WXNwRWNuT2FFdlZkckJ5ZDR2eVJTZkFBaER2Q1V6alJiVWpxWC9HSmI1TjhhQXhzYnFUcDhBdW5KbXJtZ2dhR09zRHZQbTg4R3JCd0lEQVFBQkFvSUJBRWtUOE9pTzAzVHl2VVJ2UXdTM2tENWtDanJqR1BlRGhCN05vUi9nMHI5aHFJbFNmTHdvaGgrTkZYSExnTHMxc0lGcklmeFprQjZDRG9ibHpaUVlKaTlaZ2srOTFIL1EwazV0Ly8zWDN3Y0pPVUh1ZVljemFaRkk1UGJXZEJCU2R2N0FnTS9pL0ZFZndmZTM3VlA0dHFTcTZ6MFJ0d2FmOXFvWnZWZjZZQnNMNlk4L3J5VWREYi9vZUFUbGZnNWFmYlBPeWdQc1BPdEFQVW93bjdsLzd6dEMyeFVqZlBSKzVIcHRySFFCUzl3aVFadGFkL3pqYjk2aGJmQlZjLzVHZHppYkVFWEsxYVRXWlpueTR0Zm5hNjR0Wk84djVJUXh3cFZZUlF4dzI0ckdZSjk2L280MGhSeDNIS2h5dFFzc01qYTNyaytuZm9MdWVPTThldjB1c1VFQ2dZRUE3VVkwWDlxUDY3QmZIMi9mMHkzOVd2dkZmSkdFZ3NmMXBpc3JXWkhoaVN5a2JvRmcrbXZEVjJaUEZreUxtUm5XUW1WSHMxRCtBRCtTeGZnQWI3YklzSWZib3hVUUxmeHZRMHlvMGtibkhsM3BRUTVoRmFyYmFzc3BzdTM4U25NbDJ5UVA5Ym5NVVJFSjcvZE5INmF5elQwcG84c3lSNEtXL29xbE5PZXdNR01DZ1lFQW4rc1V3aThYeXB0Qk8ramp5SlpiOUhzS21wT2swb1ZnOXVMczNjRFJicHMvL0pRREE3eCtMb2hYelE5ZjRidDNUcGpCT0hIc2pIcmpTSG94RC9kMXRqMmxYcjloWWUvSmM0TW9kM2dneDdmSzBLOG5nY2RYSVVNcnp6TUVaeE4yRExPUzBkYVBMYUJGRk9idW4rUFBFT3hRaEhZbHN3b1Q4OHRBczc3SzBnMENnWUFpZ2JJK09tL3h5OTJabWRDSVNzanN3VzdRRmUyYWczQVRNWFlGZWJTK0dWTDBpelpLVlArOHB6RmJRZGlQZEhWM2hIa3Y5OWhvdXRZaW1sV2Q2WXc0T0JuV0Zzc2FsUHF0WSttdFl3aGJuemE3OGxabUswbnJ0dzRpYW4vbForZWFmaDBnRkZ4RmNkL3JHU0VMT0ZnS2h4bVdLNGZ0WkcySEtTeXJqQUpRbHdLQmdRQ2VYY3BINXlVVGNwNnVlcHFnK1M0Rk5aZ3hyZ2JxcUVWM0dSRGpKZUVCUE9PbitOZm5hbEkzT0xSaWtWZ3RqbDIvU3cwR0hlUFkxcFdnSDhuWWV3SnFRREExWFNkT09vMXdSREhkNWV2b2ZIMXdIaFRzczRENG9yR08xb0lFcGNRaEhmQkd0OGxBc05mWXREMFp3QnMrTWhnbXBXMytHUHZiVWF3NGxMZjhQUUtCZ0FvRmZwOURiVkQ5SmhxWU10T0lFVlVYa1VabnN5U1VlTjc0U3ZhUXBNU2JxQjJNN3JwRDhrZnBJVDIwdjhlRHBBa3hnSGFDb1d2M2JVQ3ZUL3A0aFA0NFlNZjhIOVRNaFo4cW5YSk83SytGbzZCeEZ6QWV3TnpzUU80QTBGaWNNa0N1dW5CNFRhaGNDVFgycENudXA2dkJMeGdDUUsxVUJGNEZSK3cxekhqUw==
!
crypto dsakey test_dsa import $v10$TUlJQnVRSUJBQUtCZ0NkeVN5OXZSQ1JrSEk0eXcxY241Z3pLTWtsVm9RVUx3cW5wZTBVRnZDZWdFc25Ma0dtdUdFclFwaFEySGJNZHNZTjVhOWFqcHFySWtLc29NRU16ZkpBclF3UlNkRWFOelBjUElpYmN2ZmxUQUlQWjYzQWs0OSt3b2t5cHBBZWlUWXp4OTgxRGMxWkdSdVRham1GbWw1OWpzZmJRaDhFSG1vTmFNcmlpUExsVEFoVUE0TC9CSHZlR0hKQ093ekF3RnlpcTZCVk5PakVDZ1lBTTVsamNiLzFCZi9XQzVoc3FVK25vS2poeDBnMGphVnNHdG9nR1dnUFpJSnl1UW5VR0lKS3JrMEkveEczc0UvbVE2Q0E2YmVjZWdIYUFYOW5Tc0QxWHJHNDUrVGJZd3N3RE54RUVkZ2lSUjY2dDRhWFdFRENMTy8xQVZLdFdwNU9PZDYzRkxyL0x0UFIwM3FybXFrSUYrejRjbVFoWTBUWUJCNHFPb0ZuVjFBS0JnQnp1RmRVRTJ6U1lON1dBRDFuUk5GS29aeGx4SzVvUGYydUhMamtMTUJEV3BGcUt0c3ZFVThTMDFCR0FiR3EwWlYrNkJGVm8wRGRiZmdHaU52cHk1aHdlVWovOWE2QUxzL0w3QTFyS3YxQXRVaW5nNTQxaE53THpIYk5zdE5HT3BsTXNldzQ5WkFDVDlRQ2VkSm9KNmhCaU9rMEw0UWhlV0wvY013Y05KekcwQWhRL2NCN09aaXZWRkFXREZoSUhPRHdmZUJUWG5RPT0=
!
crypto ecdsakey test_ecdsa import $v10$TUhNQ0FRRUVId2p4QjVxNFB2ejBubG9IeVpMY2RyK2VOcVc0RGh5RmZmeVdpbElhd2k2Z0J3WUZLNEVFQUFxaFJBTkNBQVRDTWpid3lMV2YxKzJXODROZEphT1paMTlVR0JFRmlDS3BnRVBCV3lMM3p6VmZxVFZWV2JudEpFQVB4dDYvdGcyWVZCanVXU3hsdVd0UnZFR0EvSE1u
!
crypto certificate test_cert_dsa import dsa test_dsa $v10$TUlJQ1R6Q0NBZytnQXdJQkFnSUVPclBJZWpBSkJnY3Foa2pPT0FRRE1BNHhEREFLQmdOVkJBTVRBM0owY2pBZUZ3MHlNREV4TVRBeU1UQTFNREJhRncwek1ERXhNRGd5TVRBMU1EQmFNQTR4RERBS0JnTlZCQU1UQTNKMGNqQ0NBYlV3Z2dFcUJnY3Foa2pPT0FRQk1JSUJIUUtCZ0NkeVN5OXZSQ1JrSEk0eXcxY241Z3pLTWtsVm9RVUx3cW5wZTBVRnZDZWdFc25Ma0dtdUdFclFwaFEySGJNZHNZTjVhOWFqcHFySWtLc29NRU16ZkpBclF3UlNkRWFOelBjUElpYmN2ZmxUQUlQWjYzQWs0OSt3b2t5cHBBZWlUWXp4OTgxRGMxWkdSdVRham1GbWw1OWpzZmJRaDhFSG1vTmFNcmlpUExsVEFoVUE0TC9CSHZlR0hKQ093ekF3RnlpcTZCVk5PakVDZ1lBTTVsamNiLzFCZi9XQzVoc3FVK25vS2poeDBnMGphVnNHdG9nR1dnUFpJSnl1UW5VR0lKS3JrMEkveEczc0UvbVE2Q0E2YmVjZWdIYUFYOW5Tc0QxWHJHNDUrVGJZd3N3RE54RUVkZ2lSUjY2dDRhWFdFRENMTy8xQVZLdFdwNU9PZDYzRkxyL0x0UFIwM3FybXFrSUYrejRjbVFoWTBUWUJCNHFPb0ZuVjFBT0JoQUFDZ1lBYzdoWFZCTnMwbURlMWdBOVowVFJTcUdjWmNTdWFEMzlyaHk0NUN6QVExcVJhaXJiTHhGUEV0TlFSZ0d4cXRHVmZ1Z1JWYU5BM1czNEJvamI2Y3VZY0hsSS8vV3VnQzdQeSt3TmF5cjlRTFZJcDRPZU5ZVGNDOHgyemJMVFJqcVpUTEhzT1BXUUFrL1VBbm5TYUNlb1FZanBOQytFSVhsaS8zRE1IRFNjeHREQUpCZ2NxaGtqT09BUURBeThBTUN3Q0ZDemhYcGliaXF1SjhTYVRZSFh2L05NbWdyR0VBaFErdHN2N3VNT1cvdVh3ZTRXNCtFcDlNZmlIY3c9PQ==
!
crypto certificate test_cert_ecdsa import ecdsa test_ecdsa $v10$TUlJQlJqQ0JycUFEQWdFQ0FnUmdNcWtFTUFrR0J5cUdTTTQ5QkFFd0RqRU1NQW9HQTFVRUF4TURjblJ5TUI0WERUSXdNVEV4TURJeE1EVXpOVm9YRFRNd01URXdPREl4TURVek5Wb3dEakVNTUFvR0ExVUVBeE1EY25SeU1GWXdFQVlIS29aSXpqMENBUVlGSzRFRUFBb0RRZ0FFd2pJMjhNaTFuOWZ0bHZPRFhTV2ptV2RmVkJnUkJZZ2lxWUJEd1ZzaTk4ODFYNmsxVlZtNTdTUkFEOGJldjdZTm1GUVk3bGtzWmJsclVieEJnUHh6SnpBSkJnY3Foa2pPUFFRQkE0R0hBRENCZ3dJZ1lWYWNvQnNxcW5vL20zaUNJNjB3QXByZWVwZ1BhdkduZUJxN1RQcmo0dWNDWHdDdEljNWxWTFVNRENWR3hyOXFXa3hTRUxFVVFSSWQ5SER6YVQyRDA4Qy91aWhVREwzUFdOTmdJNHYvUkZxSk9NOHVBZTJ5amd6TWUwRHljRHJUcFo3OGV2S0NIc2V2eWNrdWdSOWxwc20zSUlBcERBK2ZpV1dRRFFCc25GeGc=
!
crypto certificate test_cert_rsa import rsa test_rsa $v10$TUlJQ2t6Q0NBWDZnQXdJQkFnSUVOTXB2N3pBTEJna3Foa2lHOXcwQkFRVXdEakVNTUFvR0ExVUVBeE1EY25SeU1CNFhEVEl3TVRFeE1ESXhNRFEwTWxvWERUTXdNVEV3T0RJeE1EUTBNbG93RGpFTU1Bb0dBMVVFQXhNRGNuUnlNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQWxEaDlOeE91SSt4ZWZ2MTEyOVJPUXJZNmJnS1EyVDduWE41WDlGcG5VSGQ1ZHF6VHo5OFBObGdEaWw3VzZ4SklrTHJnanZSZmhHd2JNczJsa2FKR3FyK3VMd2ZVWCtBeTlBWHlCZVM0ajA4S0tvYjN2ZTZEUE8zOFVsdythKzJNNkdyOFEzZnp2SWZKN2xUWVdvNnhrMkFtV0pWOHZRK0IwcDhsMmtrVWcrK1dhSEFacFZySis3QUMrS2hBTmQ3VE9Nd2t1dnVUKzUzTHVUV2orZ1ppYWlxeUluL1ZoM3g1NW0zbUdRaXlwd1RwcFJRcWdTY2VCQzlMZnphcXZ4OXpnUUdOaDliZnQ5WXNwRWNuT2FFdlZkckJ5ZDR2eVJTZkFBaER2Q1V6alJiVWpxWC9HSmI1TjhhQXhzYnFUcDhBdW5KbXJtZ2dhR09zRHZQbTg4R3JCd0lEQVFBQk1Bc0dDU3FHU0liM0RRRUJCUU9DQVFCTW1IL0pvQysvTjJZNkIvNnJMVTIwL3NmVjRJcSsrUVYzZHBxUGpuUlZ6ZGFNS1NwTkczekdzK051UVBESjVKSEpCU3pKSWQybnhZS253MDlQZEdyRmEwdUdubDB2VDlVNWhjYTdqYlpaT052OFNhdkI0UmpsdWF1aWlYTGh4UkhGSjNKWXBsMzk3Nkw4emRNSDROMzlWaG9LRTkrVlJjd0VJVUZiN3ByVVEyUTFiRG1oRFJ5aCs3Wit1K3JvQWVmdzdrSnBEZG1zTGVqRmdLRXFwelErNC9TUVZXSW5IbDAvSXg2SENVanVDT01tc0hYYTZmeG9EdkIyVlVIWW5DUnNYVDVQTGZHa2drTy9zV0ZSYUd3ZTlvd1hkL3JiYnZzNXd0UWIyYVMvWDJWM3Q3ZGR4YTFaaE00RnFqRjRiRStTbWFsYWcrZmRtVFdpRmNuSUVseXQ=
!
aaa userlist myuser_list
 no log-error
 username ekenny
 username ekenny password $v10$YWxsYnJhbg==
 username ekenny privilege 14
  exit
!
object-group network host4
 sequence 10 10.255.255.0 255.255.255.0
 exit
!
object-group network host6
 sequence 10 2001:db8:ffff:ffff:: ffff:ffff:ffff:ffff::
 exit
!
object-group network lloc4
 sequence 10 169.254.0.0 255.255.0.0
 exit
!
object-group network lloc6
 sequence 10 fe80:: ffff::
 exit
!
object-group network mcast4
 sequence 10 224.0.0.0 255.255.0.0
 exit
!                  
object-group network mcast6
 sequence 10 ff00:: ff00::
 exit
!
access-list nat4
 sequence 10 deny all obj lloc4 all any all
 sequence 20 deny all any all obj mcast4 all
 sequence 30 deny all obj host4 all obj host4 all
 sequence 40 permit all obj host4 all any all
 exit
!
access-list nat6
 sequence 10 deny all obj lloc6 all any all
 sequence 20 deny all any all obj mcast6 all
 sequence 30 deny all obj host6 all obj host6 all
 sequence 40 permit all obj host6 all any all
 exit
!
prefix-list all4
 sequence 10 permit 0.0.0.0/0 ge 0 le 0
 exit
!
prefix-list all6
 sequence 10 permit ::/0 ge 0 le 0
 exit
!
vrf definition inet
 exit
!
router isis4 1
 vrf inet
 net-id 49.0001.0192.0168.0005.0055.00
 traffeng-id ::
 is-type level1
 exit
!
interface ethernet1
 description uplink
 vrf forwarding inet
 ipv4 address 192.168.5.55 255.255.255.0
 ipv6 address dynamic dynamic
 ipv6 gateway-prefix all6
 ipv6 slaac
 ipv6 prefix-suppress
 no shutdown
 no log-link-change
 exit
!                  
interface ethernet2
 description "To Internet"
 vrf forwarding inet
 ipv4 address 192.168.249.194 255.255.255.192
 no shutdown
 no log-link-change
 exit
!
interface ethernet20001
 description linux
 vrf forwarding inet
 ipv4 address 10.255.255.254 255.255.255.0
 ipv6 address 2001:db8:ffff:ffff::1 ffff:ffff:ffff:ffff::
 no shutdown
 no log-link-change
 exit
!
interface ethernet3
 description "Link to edge1-testlab"
 vrf forwarding inet
 ipv4 address 192.168.1.100 255.255.255.0
 no shutdown
 no log-link-change
 exit              
!
proxy-profile inet
 vrf inet
 exit
!
scheduler errors
 time 600000
 delay 30000
 command clear errors freerror@nop.hu
 start
 exit
!
scheduler upgrade
 time 600000
 delay 60000
 random-time 60000
 random-delay 300000
 command flash upgrade
 start
 exit
!
!
ipv4 route inet 172.16.11.0 255.255.255.0 192.168.5.1
ipv4 route inet 192.168.116.0 255.255.255.0 192.168.5.1
!
!
!
!
ipv4 nat inet sequence 10 srclist nat4 interface ethernet1
!
ipv6 nat inet sequence 10 srclist nat6 interface ethernet1
!
!
!
!
!
!
!
sensor ifaces-hw
 path interfaces-hw/interface/counter
 prefix freertr-ifaces
 prepend iface_hw_byte_
 command sho inter hwsumm
 name 0 ifc=
 key name interfaces-hw/interface
 replace \. _
 column 1 name st
 column 1 replace admin -1
 column 1 replace down 0
 column 1 replace up 1
 column 2 name tx
 column 3 name rx
 column 4 name dr
 exit
!
sensor ifaces-sw
 path interfaces-sw/interface/counter
 prefix freertr-ifaces
 prepend iface_sw_byte_
 command sho inter summ
 name 0 ifc=
 key name interfaces-sw/interface
 replace \. _
 column 1 name st
 column 1 replace admin -1
 column 1 replace down 0
 column 1 replace up 1
 column 2 name tx
 column 3 name rx
 column 4 name dr
 exit
!                  
alias test bash command attach shell1 socat - exec:bash,ctty,pty,stderr
alias test bash description get linux shell
alias test bash parameter optional
!
server telnet test_ssh
 security protocol ssh
 security authentication ekenny
 security rsakey test_rsa
 security dsakey test_dsa
 security ecdsakey test_ecdsa
 security rsacert test_cert_rsa
 security dsacert test_cert_dsa
 security ecdsacert test_cert_ecdsa
 port 2222
 no exec authorization
 login authentication myuser_list
 interface ethernet1
 vrf inet
 exit
!
server telnet inet
 security protocol telnet
 access-log
 access-rate 5 5000
 access-total 5
 access-peer 5
 protocol ipv4 tcp
 exec logging
 no exec authorization
 no login authentication
 login logging
 interface ethernet20001
 vrf inet
 exit
!
server forwarder ssh2host
 access-log
 port 22
 logging
 target vrf inet
 target interface ethernet20001
 target address 10.255.255.1
 target port 22
 timeout 1000000
 vrf inet
 exit
!
server dns ns      
 recursion enable
 interface ethernet20001
 vrf inet
 exit
!
server prometheus prom
 sensor ifaces-hw
 sensor ifaces-sw
 vrf inet
 exit
!
client proxy inet
client name-server 8.8.8.8
client upgrade-server http://upgrade.nop.hu/
client upgrade-backup
client time-server europe.pool.ntp.org
client time-zone CET
!
end