Dear Tom,
I’m now running my “work” subnet behind a vpp gateway. In fact, if you see this
message, it’s working... (;-).
See below for a vpp config w/ IRB. The “lstack” tap interface allows host stack
access, and provides a path for clients on the bridged interfaces to reach the
dhcp server. I need to do a tiny bit of scripting to bring up vpp, hand it the
config shown below, then “ifconfig lstack 192.168.4.2/24 up”, and restart the
dhcp server.
In this setup, GigabitEthernet3/0/0 is the WAN link.
The snat plugin is willing to create static mappings. I use one to map a single
port to sshd, which I’ve configured onto a non-obvious port and to refuse all
but public-key authentication. We need to add a feature to the plugin similar
to “snat add interface address”, so I won’t try to explain the rigmarole
today...
HTH... D.
________________________________
set int state GigabitEthernet3/0/0 up
set dhcp client intfc GigabitEthernet3/0/0 hostname vppgate
loop create
set int l2 bridge loop0 1 bvi
set int ip address loop0 192.168.4.1/24
set int state loop0 up
set int l2 bridge GigabitEthernet0/14/0 1
set int state GigabitEthernet0/14/0 up
set int l2 bridge GigabitEthernet0/14/1 1
set int state GigabitEthernet0/14/1 up
set int l2 bridge GigabitEthernet0/14/2 1
set int state GigabitEthernet0/14/2 up
comment { dhcp server and host-stack access }
tap connect lstack hwaddr random
set int l2 bridge tap-0 1
set int state tap-0 up
snat add interface address GigabitEthernet3/0/0
set interface snat in loop0 out GigabitEthernet3/0/0
________________________________
/etc/dhcp/dhcpd.conf:
subnet 192.168.4.0 netmask 255.255.255.0 {
range 192.168.4.10 192.168.4.99;
option routers 192.168.4.1;
option domain-name-servers 8.8.8.8;
}
________________________________
/etc/default/isc-dhcp-server:
INTERFACES="lstack"
________________________________
Thanks… Dave
From: Thomas F Herbert [mailto:therb...@redhat.com]
Sent: Wednesday, January 11, 2017 6:19 PM
To: Dave Barach (dbarach) <dbar...@cisco.com>
Subject: Re: VPP home gateway
On 01/10/2017 12:53 PM, Dave Barach (dbarach) wrote:
Netgate 6x1GE System… It's pretty expensive, roughly 800 bucks. Fast enough for
some self compile action. If the price point doesn't turn you off, let me know
and I'll send details
Thanks... Dave
On Jan 10, 2017, at 12:46 PM, Thomas F Herbert
<therb...@redhat.com<mailto:therb...@redhat.com>> wrote:
Dave,
What board are you using for your Atom based VPP home gateway? I would like to
try it if I can find an adequate board at reasonable cost.
It is within budget. More details would be useful and I will try to join the
dog food consumers or maybe cat food.
Is there a thread of discussion on this topic?
--TFH
--
Thomas F Herbert
SDN Group
Office of Technology
Red Hat
--
Thomas F Herbert
SDN Group
Office of Technology
Red Hat
_______________________________________________
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev
