Add pppoe copy procedure

Juniper.md

@@ -446,14 +446,20 @@ policy-options {
             }
             then accept;
         }
+        term default {
+            then reject;
+        }
     }
     policy-statement OGERO-IMPORT {
         term OGERO-IMPORT {
             then accept;
         }
     }
+
 }
 ```
+*IMPORTANT*: term default then reject will prevent route leaks, dont forget it.
+
 * x.x.x.x is your peer IP address and y.y.y.y is Ogero IP address.
 * a.a.a.a/24 and b.b.b.b/24 are your prefixes you want to send to Ogero.
 

PPPOE_copy.md

@@ -0,0 +1,99 @@
+# Copying/cloning PPPoE
+
+## Copy GlobalOS/Spinix
+
+* Issue dmesg command, you can clean current log by using `dmesg -c`
+* Insert new flash into USB port
+* Issue dmesg command again, you should see new device, for example /dev/sdb
+* MAKE SURE THIS DEVICE IS NEW DEVICE! If you specify wrong one you might lose all data on it
+* Use gs install to install GlobalOS on the new storage
+
+## Configuring networking
+
+* TBD
+
+## Copying PPPoE related software components
+
+You might need to use scp to copy files from one device to another. (WinSCP for Windows, but keep attention on file permissions)
+
+### Basic PPPoE components
+
+* accel-ppp daemon itself is included in base image, so you don't need to copy it
+* copy /etc/accel-ppp.conf and adjust according to your needs, we will cover in detail later in another chapter
+* /etc/add_accel_vlans.sh - script to add VLANs to accel-ppp
+* Copy certain settings/commands from /etc/rc.local to your new rc.local
+* /etc/firewall.cfg - firewall configuration, copy it if you need it and dont forget to adjust it
+* /etc/config.json - shaper config
+* /usr/local/bin/burst2d - shaper daemon
+
+### network.cfg adjustments
+
+* sysctl -w net.ipv4.conf.eth4/999.proxy_arp=1
+Enable proxy-arp if you have real IP addresses on PPPoE shared between multiple pppoe, enable it on "WAN" interface of PPPoE
+
+### shaper daemon startup
+
+* Create directory for example /etc/service-burst2d
+* Create file /etc/service-burst2d/run with following content:
+```
+#!/bin/sh
+/usr/local/bin/burst2d
+```
+* Make it executable
+* add to /etc/rc.local
+```
+runsv /etc/service-burst2d &
+```
+
+### accel-ppp.conf
+
+* Allocate new subnet and route on your core router
+```
+[ip-pool]
+gw-ip-address=10.255.255.1
+attr=Framed-Pool
+X.X.X.X/MASK
+```
+* Update dae-server (CoA) entry with new PPPoE IP
+```
+dae-server=Z.Z.Z.Z:1700,NASSECRETSOMETHING
+```
+* Make sure radius entry is correct
+```
+server=X.X.X.X....
+```
+
+### add_accel_vlans.sh
+
+In old versions of script you might have fixed interface name, make sure it match interface where pppoe vlans are connected. For example eth4:
+```
+  ip link add link eth4 name eth4.$VLANID type vlan id $VLANID
+```
+Change if necessary over all script
+
+### /etc/hosts
+
+Make sure hosts have correct entry for localhost
+```
+pppoe /etc # cat /etc/hosts
+127.0.0.1 localhost
+
+```
+
+### Preferable tuning for PPPoE
+
+* Disable TSO, GRO, GSO for better shaper precision on ethernet and bonding interfaces
+```
+ethtool -K eth4 tso off gro off gso off
+...
+```
+* Make sure gc_thresh* tuned for PPPoE
+```
+echo 2560 > /proc/sys/net/ipv4/neigh/default/gc_thresh1 
+echo 5120 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
+echo 10240 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
+```
+* conntrack max entries
+```
+sysctl -w net.nf_conntrack_max=2000000
+```