Herding networking cats: Integrating Linux routing with FusionCLI

Stephen Hemminger shemminger@vyatta.com

Vyatta versions http://vyatta.org

http://vyatta.com

Free download

Subscription Update 4x year Software or Hardware

livecd

Update 2x year Community forums

Phone and Email Support Same source and features

2

Our customer?

Linux Router Performance

Linux cats

Linux command line interfaces

Ethernet WAN Routing Bridging VLAN Bonding VPN QoS

ifconfig, ip link wanpipe route, vtysh, ip route brctl vconfig, ip link ifenslave

User mgmt adduser tc

6

CLI Requirements

Router look & feel

Command completion Roles: Administrator, operator Configure mode Text based Language neutral

Extensible

Integrated with operating system

Vyatta

Proprietary System
Monolithic SW

Open System

Graphical User Interface

Internet Protocols

Network Apps
WAN Optimization Load Balancing

FusionCLITM

Open API
Scalable Routing
Internet Protocols

NW Functions
DHCP, NAT, Radius

Security
Firewall, VPN

Extensible
PBX

Anti-X IDS

Linux Kernel
Unique HW

Standard HW

Massive open-source ecosystem

Vyatta package architecture

Debian GNU/Linux Vyatta FusionCLI

Quagga config

Snmp Snmp config

config

System config

Quagga

Snmp

iproute iptables vpn

wanpipe

Linux 2.6.X unionfs squashfs wan

9

CLI configuration modes

discard

operational
commit configure

configuration

boot
config.boot

Active configuation

save

10

CLI architecture

11

Demo 1: Basic interface

$showinterfaces InterfaceIPAddressStateLinkDescription eth0192.168.111.132/24upup eth1upup lo127.0.0.1/8upup lo::1/128upup $showinterfaceset<tab>hernet<tab> detaileth0eth1 $showinterfacesetherneteth0 eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_fast stateUNKNOWNqlen1000 link/ether00:0c:29:f6:20:9ebrdff:ff:ff:ff:ff:ff inet192.168.111.132/24brd192.168.111.255scopeglobaleth0 inet6fe80::20c:29ff:fef6:209e/64scopelink valid_lftforeverpreferred_lftforever ...

12

Template hierarchy
/opt/vyatta/share/vyattaop/templates/show/interfaces/ethernet |detail |`node.def |node.def `node.tag |brief |`node.def |capture ||node.def ||not |||node.def ||`port |||node.def ||`node.tag ||`node.def |`port ||node.def |`node.tag |`node.def |identify |`node.def |node.def |physical |`node.def

13

Operational template
show/interfaces/ethernet/node.tag/node.def
help:Showspecifiedethernetinterfaceinformation allowed:fordevin/sys/class/net/*; doif[[L$dev/device]] thenif[[$(cat$dev/type)eq1]] thenechon${dev##*/}"" fi fi done run:vyattashowinterfaces.plintf="$4"

14

Demo 2: Configuration
$configure [edit] #setinterfacesetherneteth0description'VmwareNAT' [edit] #showinterfacesetherneteth0 addressdhcp +description"VmwareNAT" hwid00:0c:29:f6:20:9e [edit] #mount ... unionfson/opt/vyatta/config/tmp/new_config_5035typeunionfs (rw,dirs=/tmp/changes_only_5035=rw:/opt/vyatta/config/active=ro) [edit] vyatta@vc313#commit

15

Configuration templates
multi: type:txt help:SetanIPaddressforthisinterface syntax:expression:exec"/opt/vyatta/sbin/vyattainterfaces.pl\ validaddr$VAR(@)dev$VAR(../@)"\ ;"InvalidIPaddress/prefix[$VAR(@)]forinterface$VAR(../@)" update:/opt/vyatta/sbin/vyattainterfaces.pl\ ethaddrupdate$VAR(@)dev$VAR(../@) delete:/opt/vyatta/sbin/vyattainterfaces.pl\ ethaddrdelete$VAR(@)dev$VAR(../@) allowed:echo"dhcp<>" comp_help:Possiblecompletions: <x.x.x.x/x> SettheIPaddressandprefixlength <h:h:h:h:h:h:h:h/x>SettheIPv6addressandprefixlength dhcp SettheIPaddressandprefixlengthviaDHCP

16

Configuration save restore

interfaces{ etherneteth0{ addressdhcp duplexauto hwid00:0c:29:f6:20:9e speedauto } loopbacklo{ } } service{ ssh{ port22 protocolversionv2 } }

17

18

Quality of Service (QoS) usage models

Real time services

VOIP BGP, OSPF, STP

Network control plane

Fairness Throttle batch services

P2P, backup,

19

Vyatta QoS

Organized by policy types

Fair queue Traffic shaper Drop tail Rate limiter Traffic limiter ...

=> sfq => htb => fifo => tbf => ingress

20

fair-queue
#setqospolicyfairqueuefq [edit] #setinterfacesetherneteth0qospolicyoutfq [edit] #commit [edit] #runshowqueueing Outputqueues: InterfaceQosPolicySentDroppedOverlimit eth0fairqueue457800 eth1default46800

21

fair-queue template

set/qos-policy/fair-queue/node.def
tag: type:txt help:Setfairqueueingpolicy syntax:expression:pattern$VAR(@)"^[[:alnum:]][_[:alnum:]]*$" ;"onlyalphanumericpolicynameallowed" update:/opt/vyatta/sbin/vyattaqos.plcreatepolicy"$VAR(.)" "$VAR(@)" delete:/opt/vyatta/sbin/vyattaqos.pldeletepolicy"$VAR(@)"

22

Qos on Ethernet Interface

set/interfaces/ethernet/node.tag/qos-policy/out/node.def
type:txt help:SetoutboundQOSpolicyforspecifiedethernetinterface allowed:/opt/vyatta/sbin/vyattaqos.pllistpolicy update:/opt/vyatta/sbin/vyattaqos.pl\ updateinterface$VAR(../../@)$VAR(.)$VAR(@) delete:/opt/vyatta/sbin/vyattaqos.pl\ deleteinterface$VAR(../../@)$VAR(.)

23

Internals - perl code

subupdate_interface{ my($interface,$direction,$name)=@_; my$config=newVyattaConfig; ($directioneq"out")ordie"Onlyoutdirectionsupported"; $config>setLevel('qospolicy'); foreachmy$type($config>listNodes()){ if($config>exists("$type$name")){ my$shaper=make_policy($config,$type,$name); delete_interface($interface,$direction); openmy$out,"|"orexecqw:sudo/sbin/tcbatch:; $shaper>commands($out,$interface); if(!close$out){ delete_interface($interface,$direction); } } die"Unknownqospolicy$name\n"; }

24

QoS traffic-shaper
#editqospolicytrafficshaperlartc [editqospolicytrafficshaperlartc] #setclass2bandwidth100% [editqospolicytrafficshaperlartc] #setclass2matchwwwipdestinationport80 [editqospolicytrafficshaperlartc] #setclass3bandwidth3mbit [editqospolicytrafficshaperlartc] #setclass3ceiling5mbit [editqospolicytrafficshaperlartc] #setclass3matchsmtpipdestinationport25 [editqospolicytrafficshaperlartc] #exit

25

Traffic-shaper continue
[edit] #commit qospolicytrafficshaperlartcconfigurationnotcomplete:missing defaultclass Commitfailed #setqospolicytrafficshaperlartcdefaultbandwidth1 [edit] #commit [edit] #setinterfacesetherneteth0qospolicyout

26

Result
#runshowqueueingetherneteth0 eth0Outputqueue: ClassQosPolicySentDroppedOverlimit 1:trafficshaper1143800 4fairqueue1143800 2fairqueue000 3fairqueue000 [edit]

27

Issues

Vyatta package changes

Every distribution is a fork All changes are fed to upstream Vyatta config ignores other changes CLI is loosely coupled Linux Kongress paper

Vyatta Linux management

Developer documentation

Watch this space

28

SPC-FLOSS: orphaned projects

Users want support for orphaned projects

Multicast routing MPLS Rapid Spanning Tree Protocol IPV6

29

Future

Richer features

QoS+, bonding,

GUI Multi-queue Performance

30