-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathRL-template
executable file
·200 lines (181 loc) · 7.95 KB
/
RL-template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
#!/bin/tcsh
# -----------------------------------------------------------------------------
#
# Copyright 2013-2019 lispers.net - Dino Farinacci <[email protected]>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# -----------------------------------------------------------------------------
#
# RL - Restart LISP Wrapper Script
#
# This is a wrapper script for ./RESTART-LISP. You want to use it to do
# EID address assignment on kernel created interfaces as well as setting
# default and other static route parameters.
#
# Most importantly, you can tell this script where your ./RESTART-LISP script
# is and pass parameters to the script such as the RLOC interface you use.
#
# Put a call to this script in /etc/rc.local so on system startup the LISP
# subsystem will start automatically. For example, add this line to /etc/rc.
# local:
#
# /home/<install-directory>/lispers.net/RL || exit 1
#
#------------------------------------------------------------------------------
#
# Remove the following lines (including the exit line) after this file has
# been modified and the script actually does something. Copy it from
# RL-template to file RL.
#
echo "(1) Type 'cp RL-template RL'"
echo "(2) Customize your RL file"
echo "(3) Remove the echo and exit lines from the top of your RL file"
echo "(4) Use ./RL as a wrapper script for RESTART-LISP"
exit
# -------------------- xTR EID Address Configuration --------------------
#
# If you want to set an EID on the loopback interface for IPv4 and IPv6
# respectively substitute the "x" with meaningful values. 2001:5:3::/48
# is RIPE allocated to lispers.net for IPv6 EID experimentation. Note in
# docker containers, an IPv6 EID MUST NOT be configured on the lo interface
# (on Linux).
#
# Make sure net.ipv6.conf.all.disable_ipv6=0 or ICMPv6 echo packets are not
# accepted by kernel.
#
#sudo ip addr add x.x.x.x/32 dev lo >& /dev/null
#sudo ip addr add x::x/128 dev eth0 >& /dev/null
#sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0
#
# MacOS syntax for configuring addresses. Note 240.0.0.0/4 can be used as
# an EID block. However, on MacOS systems, the kernel will not send packets
# to a 240.x.x.x address. So ping responses and TCP connections won't happen.
# Note client pings and connection initiation can happen from a 240.x.x.x
# address to any EID not in 240.0.0.0/4.
#
#sudo ifconfig lo0 x.x.x.x/32 alias
#sudo ifconfig lo0 inet6 2001:5:3::x/128 alias
# -------------------- Must set MTU on EID Interface --------------------
#sudo ifconfig lo mtu 1400
#sudo ifconfig lo0 mtu 1400
# -------------------- EID Source Address Selection --------------------
#
# If you want to use an EID for all sourced packets, use the src directive.
# Then all apps do not have to do explicit source address selection. The
# EID <eid-from-above> will be used and the lispers.net code will get all
# packets to encap to destinations LISP sites or non-LISP sites.
#
#sudo ip route add default via <default-router> src <ipv4-eid-from-above>
#sudo ip route add 0::/0 via fe80::1 dev eth0 src <ipv6-eid-from-above>
#
# Blackhole routes are useful so packets are not routed by kernel and that
# we can assign the source-EID with the route.
#
#ip route add blackhole <prefix> src <local-eid>
# -------------------- IPv6 Default Route Configuration --------------------
#
# Add default route and next-hop neighbor for IPv6 since it ususally
# doesn't get configured by default.
#
#sudo ip route add 0::/0 via fe80::1 dev eth0
#sudo ip nei add fe80::1 lladdr 0:0:0:0:0:1 dev eth0
#sudo ip nei change fe80::1 lladdr 0:0:0:0:0:1 dev eth0
#
# MacOS syntax for configuring IPv6 default routes.
#
#sudo ndp -s fe80::1%en0 0:0:0:0:0:1
#sudo route add -inet6 0::/0 fe80::1%en0
# -------------------- RTR Specific Configuration --------------------
#
# Note about RTRs that are deployed in cloud providers, which means they
# are behind NATs. You need to configure the global address on the
# loopback interface since it needs to know to get the ETR's RLOC address
# from the mapping versus its own address it could mistakenly select as an
# ETR RLOC because the RTR is comparing its local address to its global
# address in the mapping, when it isn't the same. So use the commands below
# to start the RTR.
#
# There is also situations where an RTR may supply a private address in an
# RLOC-probe reply. If it is behind a NAT, it needs to supply a global RLOC
# address because if lisp-crypto is being used you want the decap-keys on an
# xTR to reflect the same address that is being used for encapsulation from
# the RTR. So the global address needs to be assignerd to the loopback
# interface and the command line below needs to be "./RESTART-LISP 8080 lo".
#
#sudo ip addr add <rtr-translated-rloc>/32 dev lo >& /dev/null
set RTR_ADDRESS = "<rtr-translated-rloc>"
#sudo ip addr add $RTR_ADDRESS/32 dev lo >& /dev/null
#
# In RTRs doing LISP-NAT, to avoid jumbo frames with DF-bit set (which means
# the RTR would drop packets), we need to disable TCP-segment-offload and
# scatter-gather. Also, lower MSS so there is room for LISP headers for TCP
# packets. In GCP device is ens4 in AWS device is eth0.
#
set DEVICE = "eth0"
#sudo ethtool -K $DEVICE tso off
#sudo ethtool -K $DEVICE sg off
sudo iptables -t mangle -C POSTROUTING -o $DEVICE -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360
if ($status == "1") then
# sudo iptables -t mangle -A POSTROUTING -o $DEVICE -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360
endif
# -------------------- LISP Subsystem Startup --------------------
#
# Use this syntax for RESTART-LISP:
#
# ./RESTART-LISP <web-server-port> <interface:index>
#
# where <web-server-port> is what web-server listens to with SSL (https). If
# you put "-" in front of port, then web-server listens via http. Defaults
# to 8080 but must be specified if <interface:index> is used.
#
# where <interface:index> is the interface to get the RLOC used for sending
# control packets and for encapsulating data packets. If you supply an
# index (starting with value 1 and skip over link-local addresses), you can
# select an address on the interface.
#
# For example:
#
# ./RESTART-LISP 8080 eth0:3 - uses the 3rd non-link-local address on interface
# eth0.
# ./RESTART-LISP 8080 eth0 - uses the 1st non-link-local address on interface
# eth0.
#
# The same index is used for both IPv4 and IPv6. So for this interface:
# eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> ...
# link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
# inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
# valid_lft forever preferred_lft forever
# inet 1.1.1.1/32 scope global eth0
# valid_lft forever preferred_lft forever
# inet6 2002::2/128 scope global
# valid_lft forever preferred_lft forever
# inet6 dfdf::1/16 scope global
# valid_lft forever preferred_lft forever
# inet6 2001::242:ac11:2/16 scope global nodad
# valid_lft forever preferred_lft forever
# inet6 fe80::42:acff:fe11:2/64 scope link
# valid_lft forever preferred_lft forever
#
# IPv4 index 1 is 172.17.0.2
# IPv4 index 2 is 1.1.1.1
# IPv6 index 1 is 2002::2
# IPv6 index 2 is dfdf::1
# IPv6 index 3 is 2001::242:ac11:2
#
#
# Start the lispers.net LISP subsystem. Use an absolute path name.
#
#/root/lispers.net/RESTART-LISP 8080 eth0
#/lispers.net/RESTART-LISP 8080 eth0
#------------------------------------------------------------------------------