⚠⚠⚠ IN DEVELOPMENT - DO NOT USE ⚠⚠⚠
All things will be squashed, history is a lie
A work in progress attempt to learn about Vector Packet Processing by building a home gateway for my 1.25 Gb/s link. Essentially, I was motivated by interacting with some big scale routing systems to investigate faster packet processing environments for HPC and non-closed source routers.
Part of the goals in this project are to also learn some lessons from investigating embedded systems and utilize some of the lessons learned in that world to build a more robust router system.
AKA right now this configuration gets me on the internet. I have IPv6 explicitly turned off because ACLs must be used for home filtering, but I'm still figuring out the VPP syntax
aclplugins - right now NAT is the only thing that's preventing connections which is stupid and will not block IPv6. I need basic bogon and martian filtering
This weird little Aliexpress Topton, which at the time was one of the most affordable 2.5Gb/s 6x NICs. I also needed more than a few cores as I want to do pinning. Here's a quick copy-pasta of the bullet points:
I wanted to just put a model number, but as usual you have to chuckle a bit:
# cat /sys/class/dmi/id/sys_vendor Default string # cat /sys/class/dmi/id/chassis_serial Default string # cat /sys/class/dmi/id/chassis_version Default string
Hey man, whatever it goes fast.
Automation isn't fully there yet, so do a Debian Stable (bullseye) install as a normal and set up a user. Then modify the
example_init.py to match the desired settings and apply the configuration:
$ cp inventory/example_init.py inventory/router.py # Edit `inventory/router.py` to match your system needs. Options should be pretty obvious # Edit `group_data/all.py` to change all the system configuration options you want and your ssh public key $ pyinfra inventory/router.py deploy.py --ssh-user poptart --ssh-password "$PASS" --sudo
Now the system is set up and can be iterated on in a predictable manner. While this will match my exact configuration needs in the config, some things might be different depending on the hardware, primarily the PCI devices might be different than what are in the example file. The following shows how to invoke pyinfra to configure the system if you make changes and how it's a bit easier now:
pyinfra inventory/router exec --ssh-key ~/.ssh/id_vpp_ed25519 --ssh-user admin --sudo -- lshw -class network -businfo --> Loading config... --> Loading inventory... --> Connecting to hosts... Enter password for private key: /home/poptart/.ssh/id_vpp_ed25519: [10.0.0.12] Connected --> Proposed changes: Groups: router / vpp_node [10.0.0.12] Operations: 1 Change: 1 No change: 0 --> Beginning operation run... --> Starting operation: vpp1 [10.0.0.12] Bus info Device Class Description [10.0.0.12] ======================================================= [10.0.0.12] pci@0000:01:00.0 enp1s0 network Ethernet Controller I225-V [10.0.0.12] pci@0000:02:00.0 network Ethernet Controller I225-V [10.0.0.12] pci@0000:03:00.0 network Ethernet Controller I225-V [10.0.0.12] pci@0000:07:00.0 network Ethernet Controller I225-V [10.0.0.12] pci@0000:08:00.0 network Ethernet Controller I225-V [10.0.0.12] pci@0000:09:00.0 network Ethernet Controller I225-V [10.0.0.12] lstack network Ethernet interface [10.0.0.12] Success --> Results: Groups: router / vpp_node [10.0.0.12] Changed: 1 No change: 0 Errors: 0
Now any time you want to make a change or add something to the router the config can be updated with:
pyinfra inventory/router.py deploy.py --ssh-key ~/.ssh/id_vpp_ed25519 --ssh-user admin --sudo
By default the system uses: