diff --git a/Juniper.md b/Juniper.md index 8f7f3f0..4f4bc0d 100644 --- a/Juniper.md +++ b/Juniper.md @@ -446,14 +446,20 @@ policy-options { } then accept; } + term default { + then reject; + } } policy-statement OGERO-IMPORT { term OGERO-IMPORT { then accept; } } + } ``` +*IMPORTANT*: term default then reject will prevent route leaks, dont forget it. + * x.x.x.x is your peer IP address and y.y.y.y is Ogero IP address. * a.a.a.a/24 and b.b.b.b/24 are your prefixes you want to send to Ogero. diff --git a/PPPOE_copy.md b/PPPOE_copy.md new file mode 100644 index 0000000..842d288 --- /dev/null +++ b/PPPOE_copy.md @@ -0,0 +1,99 @@ +# Copying/cloning PPPoE + +## Copy GlobalOS/Spinix + +* Issue dmesg command, you can clean current log by using `dmesg -c` +* Insert new flash into USB port +* Issue dmesg command again, you should see new device, for example /dev/sdb +* MAKE SURE THIS DEVICE IS NEW DEVICE! If you specify wrong one you might lose all data on it +* Use gs install to install GlobalOS on the new storage + +## Configuring networking + +* TBD + +## Copying PPPoE related software components + +You might need to use scp to copy files from one device to another. (WinSCP for Windows, but keep attention on file permissions) + +### Basic PPPoE components + +* accel-ppp daemon itself is included in base image, so you don't need to copy it +* copy /etc/accel-ppp.conf and adjust according to your needs, we will cover in detail later in another chapter +* /etc/add_accel_vlans.sh - script to add VLANs to accel-ppp +* Copy certain settings/commands from /etc/rc.local to your new rc.local +* /etc/firewall.cfg - firewall configuration, copy it if you need it and dont forget to adjust it +* /etc/config.json - shaper config +* /usr/local/bin/burst2d - shaper daemon + +### network.cfg adjustments + +* sysctl -w net.ipv4.conf.eth4/999.proxy_arp=1 +Enable proxy-arp if you have real IP addresses on PPPoE shared between multiple pppoe, enable it on "WAN" interface of PPPoE + +### shaper daemon startup + +* Create directory for example /etc/service-burst2d +* Create file /etc/service-burst2d/run with following content: +``` +#!/bin/sh +/usr/local/bin/burst2d +``` +* Make it executable +* add to /etc/rc.local +``` +runsv /etc/service-burst2d & +``` + +### accel-ppp.conf + +* Allocate new subnet and route on your core router +``` +[ip-pool] +gw-ip-address=10.255.255.1 +attr=Framed-Pool +X.X.X.X/MASK +``` +* Update dae-server (CoA) entry with new PPPoE IP +``` +dae-server=Z.Z.Z.Z:1700,NASSECRETSOMETHING +``` +* Make sure radius entry is correct +``` +server=X.X.X.X.... +``` + +### add_accel_vlans.sh + +In old versions of script you might have fixed interface name, make sure it match interface where pppoe vlans are connected. For example eth4: +``` + ip link add link eth4 name eth4.$VLANID type vlan id $VLANID +``` +Change if necessary over all script + +### /etc/hosts + +Make sure hosts have correct entry for localhost +``` +pppoe /etc # cat /etc/hosts +127.0.0.1 localhost + +``` + +### Preferable tuning for PPPoE + +* Disable TSO, GRO, GSO for better shaper precision on ethernet and bonding interfaces +``` +ethtool -K eth4 tso off gro off gso off +... +``` +* Make sure gc_thresh* tuned for PPPoE +``` +echo 2560 > /proc/sys/net/ipv4/neigh/default/gc_thresh1 +echo 5120 > /proc/sys/net/ipv4/neigh/default/gc_thresh2 +echo 10240 > /proc/sys/net/ipv4/neigh/default/gc_thresh3 +``` +* conntrack max entries +``` +sysctl -w net.nf_conntrack_max=2000000 +```