VMware NSX-T Data Center: Install, Configure, Manage [V3.0]

  • Private Community
  • Private Community
 View Only
Back to discussions
Expand all | Collapse all

Setting up FRR for VRFs (like we have in the ICM lab)

  • 1.  Setting up FRR for VRFs (like we have in the ICM lab)

    Broadcom Employee
    Posted Apr 29, 2020 06:17 PM

    Here's a step-by-step to build a FRR router like we have in the lab.  I am still trying to figure out an elegant way to persist this configuration across reboots.  It doesn't seem like there's a reasonable way to add network namespaces and dummy interfaces to the standard network startup files (either through netplan or in /etc/network/interfaces), so you may just have to create a script for the interface/vlan/netns config and run it from /etc/rc.local or something like that. 

    Many thanks to David Belmonte Sola, the content developer that made this work in the first place and sent me his notes.

    1. Install FRR - http://docs.frrouting.org/en/latest/installation.html
    2. Configure Zebra to use Linux netns:
      1. Edit /etc/frr/daemons
      2. Modify {zebra_options=“-A 127.0.0.1 -s 9000000”} to {zebra_options=“A 127.0.0.1 -s 9000000 -n”}
        1. The “-n” (or —vrfnetns” option starts zebra with support for VRF backend based on the Linux Network Namespace infrastructure.
    3. Configure VLAN interfaces
      1. Load the VLAN kernel Module
        1. # modprobe 8021q
      2. Tell the system to load the VLAN kernel Module on reboot:
        1. # echo “8021q” >> /etc/modules
      3. Configure the VLANs with the vconfig tool
          1. Syntax: vconfig add <interface name> <VLAN ID>
          2. This requires the VLAN tools to be installed on your system.  For Ubuntu, “apt install vlan” will get them.
        2. # vconfig add ens224 10
        3. # vconfig add ens224 20
        4. # vconfig add ens224 30
        5. # vconfig add ens224 40
    4. Create dummy interfaces to use as loopback interfaces for the VRFs
      1. Load the Dummy Network Interface Module
        1. # modprobe dummy
      2. Tell the system to load the Dummy Network Interface module on reboot:
        1. # echo “dummy” >> /etc/modules
      3. Create dummy interfaces
        1. # ip link add dummy0 type dummy
        2. # ip link add dummy1 type dummy
        3. # ip link add dummy2 type dummy
        4. # ip link add dummy3 type dummy
    5. Create namespaces for VRFs
      1. # ip netns add red
      2. # ip netns add blue
    6. Assign the interfaces to Network Namespaces
      1. # ip link set ens224.10 netns red
      2. # ip link set ens224.30 netns red
      3. # ip link set dummy0 netns red
      4. # ip link set dummy2 netns red
      5. # ip link set ens224.20 netns blue
      6. # ip link set ens224.40 netns blue
      7. # ip link set dummy1 netns blue
      8. # ip link set dummy3 nets blue
    7. Bring up the interfaces
      1. # ip netns exec red ip link set ens224.10 up
      2. # ip netns exec red ip link set ens224.30 up
      3. # ip netns exec red ip link set dummy0 up
      4. # ip netns exec red ip link set dummy2 up
      5. # ip netns exec blue ip link set ens224.20 up
      6. # ip netns exec blue ip link set ens224.40 up
      7. # ip netns exec blue ip link set dummy1 up
      8. # ip netns exec blue ip link set dummy3 up
    8. Enable Network Namespace forwarding
        1. “ip netns exec <namespace> <command>” executes a command in the context of the network namespace for applications that are not explicitly namespace aware.
      2. # ip netns exec red /bin/bash // this executes the bash shell in the red network namespace
      3. # echo 1 > /proc/sys/net/ipv4/ip_forward // this will enable IPv4 packet  forwarding for the namespace
      4. # exit // this will exit the bash shell running in the red namespace
      5. # ip netns exec blue /bin/bash
      6. # echo 1 > /proc/sys/net/ipv4/ip_forward
      7. # exit
    9. Restart FRR to detect namespaces and interfaces
      1. Depending on your distribution what service subsystem you may prefer
        1. # /etc/init.d/frr restart
        2. # systemctl restart frr
    10. Configure FRR
      1. Enter configuration mode
        1. # vtysh // this enters the FRR configuration shell
        2. > configure terminal // this enters configuration mode from the terminal
      2. Create interfaces in VRF red:
        1. > interface ens224.10 vrf red // enters the ens224.10 interface configuration in VRF red
        2. > IP address 192.168.10.1/24 // sets the IPv4 address and net mask
        3. > interface dummy0 vrf red
        4. > IP address 10.0.10.1/24
        5. > interface ens224.30 vrf red
        6. > IP address 192.168.30.1/24
        7. > interface dummy2 vrf red
        8. > IP address 10.0.30.1/24
      3. Create interfaces in VRF blue
        1. > interface ens224.20 vrf blue
        2. > IP address 192.168.20.1/24
        3. > interface dummy1 vrf blue
        4. > IP address 10.0.20.1/24
        5. > interface ens224.40 vrf blue
        6. > IP address 192.168.40.1/24
        7. > interface dummy3 vrf blue
        8. > IP address 10.0.40.1/24
      4. Configure BGP on the red VRF instance
        1. > router bgp 10 vrf red
        2. > bgp router-id 192.168.10.1
        3. > bgp log-neighbor-changes
        4. > neighbor 192.168.10.2 remote-as 100
        5. > address-family ipv4 unicast
        6. > redistribute connected
        7. > exit-address-family
      5. Configure BGP on the blue VRF instance
        1. > router bgp 20 vrf blue
        2. > bgp router-id 192.168.20.1
        3. > bgp log-neighbor-changes
        4. > neighbor 192.168.20.2 remote-as 100
        5. > address-family ipv4 unicast
        6. > redistribute connected
        7. > exit-address-family
      6. Exit Router Configuration:
        1. > exit
      7. Exit configuration mode:
        1. Exit
      8. Write the configuration changes
        1. > write
      9. Exit configuration mode
        1. > exit