+Billy
On 01/11/2017 07:00 PM, Dave Barach (dbarach) wrote:
Dear Tom,
I’m now running my “work” subnet behind a vpp gateway. In fact, if you
see this message, it’s working... (;-).
Cool. I assume this is the box,
https://www.netgate.com/products/rcc-ve-4860.html. It is a 2.4 GHz
rangely with 8GB and 6 1GB ports. I don't need 6 ports but that one has 8GB.
See below for a vpp config w/ IRB. The “lstack” tap interface allows
host stack access, and provides a path for clients on the bridged
interfaces to reach the dhcp server. I need to do a tiny bit of
scripting to bring up vpp, hand it the config shown below, then
“ifconfig lstack 192.168.4.2/24 up”, and restart the dhcp server.
In this setup, GigabitEthernet3/0/0 is the WAN link.
Looks like a pretty reasonable setup with admin access and LAN side dhcp
server through centos stack's DHCP server
The snat plugin is willing to create static mappings. I use one to map
a single port to sshd, which I’ve configured onto a non-obvious port
and to refuse all but public-key authentication. We need to add a
feature to the plugin similar to “snat add interface address”, so I
won’t try to explain the rigmarole today...
HTH... D.
------------------------------------------------------------------------
set int state GigabitEthernet3/0/0 up
set dhcp client intfc GigabitEthernet3/0/0 hostname vppgate
loop create
set int l2 bridge loop0 1 bvi
set int ip address loop0 192.168.4.1/24
set int state loop0 up
set int l2 bridge GigabitEthernet0/14/0 1
set int state GigabitEthernet0/14/0 up
set int l2 bridge GigabitEthernet0/14/1 1
set int state GigabitEthernet0/14/1 up
set int l2 bridge GigabitEthernet0/14/2 1
set int state GigabitEthernet0/14/2 up
comment { dhcp server and host-stack access }
tap connect lstack hwaddr random
set int l2 bridge tap-0 1
set int state tap-0 up
snat add interface address GigabitEthernet3/0/0
set interface snat in loop0 out GigabitEthernet3/0/0
------------------------------------------------------------------------
/etc/dhcp/dhcpd.conf:
subnet 192.168.4.0 netmask 255.255.255.0 {
range 192.168.4.10 192.168.4.99;
option routers 192.168.4.1;
option domain-name-servers 8.8.8.8;
}
------------------------------------------------------------------------
/etc/default/isc-dhcp-server:
INTERFACES="lstack"
------------------------------------------------------------------------
Thanks… Dave
*From:*Thomas F Herbert [mailto:therb...@redhat.com]
*Sent:* Wednesday, January 11, 2017 6:19 PM
*To:* Dave Barach (dbarach) <dbar...@cisco.com>
*Subject:* Re: VPP home gateway
On 01/10/2017 12:53 PM, Dave Barach (dbarach) wrote:
Netgate 6x1GE System… It's pretty expensive, roughly 800 bucks.
Fast enough for some self compile action. If the price point
doesn't turn you off, let me know and I'll send details
Thanks... Dave
On Jan 10, 2017, at 12:46 PM, Thomas F Herbert
<therb...@redhat.com <mailto:therb...@redhat.com>> wrote:
Dave,
What board are you using for your Atom based VPP home gateway?
I would like to try it if I can find an adequate board at
reasonable cost.
It is within budget. More details would be useful and I will try to
join the dog food consumers or maybe cat food.
Is there a thread of discussion on this topic?
--TFH
--
*Thomas F Herbert*
SDN Group
Office of Technology
*Red Hat*
--
*Thomas F Herbert*
SDN Group
Office of Technology
*Red Hat*
--
*Thomas F Herbert*
SDN Group
Office of Technology
*Red Hat*
_______________________________________________
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev
