Re: [opennhrp-devel] Fwd: OpenNHRP
Brought to you by:
fabled80
From: Timo T. <tim...@ik...> - 2013-04-09 09:59:33
|
Hi, For single hub setup: - hub, does not have any map directives - all spokes have one map directive to the hub with 'register' For multiple hub setup: - all hubs, have map directives to each other (no 'register') - all spokes have map directive for each hub with 'register' Alternatively, spokes can have single 'dynamic-map' which is an opennhrp extension. - Timo On Tue, 9 Apr 2013 12:09:52 +0300 Sassy Natan <sa...@gm...> wrote: > Hi Alin > > Thank you the replay. It is so nice to get help from the community! > > Sorry, but I'm still not sure I know how to do that. > > I have change my hub (machine a) to include your configuration like > this and now I can't ping from machine B or C to A. > > Here is the configuration: > > interface gre1 > multicast dynamic > holding-time 600 > redirect > cisco-authentication <if you use authentication > > > interface lo > shortcut-destination > > Basically now all the setting of Machine A B and C are the same for > opennhrp. > > I know about Quagga, and know also about OSPF, but still i didn't > manage to make it work. > > Can you help? > > Thanks > Sassy > > On Tue, Apr 9, 2013 at 10:51 AM, Alin Gruiescu > <ali...@gm...>wrote: > > > Hello, > > > > I suggest going with multipoint GRE interfaces, and not with > > point-to-point between every machine. > > > > The HUB is the one that registers, and the spokes are the one that > > are registering. > > > > For getting connectivity on the subnets behind the routers you need > > a routing protocol. > > > > Here is snippet from my config on the HUB (I have Opennhr HUB and 2 > > Cisco spokes). > > > > #!/bin/bash > > > > # Setting UP the Tunnel interface > > ip tunnel add gre1 mode gre key <tunnel key here> ttl 64 > > ip addr add <ip address here> dev gre1 > > ip link set gre1 multicast on > > ip link set gre1 mtu 1400 > > ip link set gre1 up > > > > # starting opennhrp > > /usr/sbin/opennhrp -d > > > > ================================== > > > > Opennhrp config: > > > > interface gre1 > > multicast dynamic > > holding-time 600 > > redirect > > cisco-authentication <if you use authentication > > > > > interface lo > > shortcut-destination > > > > On top I'm running Quagga and ospf for getting all routes. > > > > HTH, > > > > Thanks everyone. > > ----- > > Sincerely / Cu stimă, > > Alin Gruiescu > > Tel: +420 77 347 3250 > > > > > > On Tue, Apr 9, 2013 at 12:41 AM, Sassy Natan <sa...@gm...> > > wrote: > > > >> > >> > >> Hi, > >> > >> First thanks for the replay.. > >> > >> I'm looking to create full mesh setup. > >> The machines in my example are on the same lab. but in the real > >> academic setup I have, the machines are in different subnets > >> across all campus. > >> > >> All machine are running on VM (Xen, KVM and Vmware) and what I > >> looking is to create a Virtual LAN. > >> > >> Now, I don't want to route all traffic from a central machine, > >> What I'm looking is to create a full mesh with all 3 machine I > >> have in the same Network ID. > >> > >> So I can create on each machine 2 GRE tunnel. For example - > >> Machine A will have a GRE tunnel for B and C.. etc... ending with > >> total of 6 GRE tunnel. > >> > >> But we are talking about around 150 Machine in the physics lab we > >> want to make. So I found out about this cool and amazing product, > >> but I don't know how to setup it. > >> > >> Can u provide me a comment how to make machine B to talk to > >> machine C? > >> > >> In my example - you consider machine A as a HUB? or machine B as a > >> HUB? Not sure I get the definition right. > >> > >> Thanks > >> Sassy > >> > >> > >> > >> > >> > >> > >> > >> > >> On Mon, Apr 8, 2013 at 9:13 PM, Steve Clark <sc...@ne...> > >> wrote: > >> > >>> What kind of network are you trying to setup. Usually this is > >>> used in a Hub - Spoke arrangement. > >>> > >>> You have to Hubs setup and one spoke. Normally the Hubs are at > >>> the HQ and the spokes are in the > >>> field. So you can talk spoke to hub or spoke to spoke, but not > >>> Hub to Hub unless you have some routes > >>> setup. What does your physical network look like? > >>> > >>> > >>> On 04/08/2013 02:08 PM, Sassy Natan wrote: > >>> > >>> Thanks Man > >>> it is working! U are coool :-) > >>> > >>> One more question if I may: > >>> > >>> Here is the setup: (now with ipsec) > >>> > >>> > >>> Machine A > >>> eth0 172.16.0.200 > >>> gre1 10.255.255.1 > >>> > >>> opennhrp.conf > >>> ------------------------------- > >>> interface gre1 > >>> map 10.255.255.2/24 172.16.0.201 register > >>> map 10.255.255.3/24 172.16.0.202 register > >>> cisco-authentication 1234 > >>> shortcut > >>> redirect > >>> non-caching > >>> > >>> interface lo > >>> shortcut-destination > >>> > >>> > >>> Machine B > >>> eth0 172.16.0.201 > >>> gre1 10.255.255.2 > >>> > >>> opennhrp.conf > >>> ------------------------------- > >>> interface gre1 > >>> cisco-authentication 1234 > >>> shortcut > >>> redirect > >>> non-caching > >>> > >>> interface lo > >>> shortcut-destination > >>> > >>> Machine C > >>> eth0 172.16.0.202 > >>> gre1 10.255.255.3 > >>> > >>> opennhrp.conf > >>> ------------------------------- > >>> interface gre1 > >>> cisco-authentication 1234 > >>> shortcut > >>> redirect > >>> non-caching > >>> > >>> interface lo > >>> shortcut-destination > >>> > >>> > >>> *Now I can ping from machine A to machine B and C* > >>> > >>> root@VMX01:/etc/opennhrp# ping 10.255.255.1 > >>> PING 10.255.255.1 (10.255.255.1) 56(84) bytes of data. > >>> 64 bytes from 10.255.255.1: icmp_req=1 ttl=64 time=0.021 ms > >>> 64 bytes from 10.255.255.1: icmp_req=2 ttl=64 time=0.029 ms > >>> > >>> root@VMX01:/etc/opennhrp# ping 10.255.255.2 > >>> PING 10.255.255.2 (10.255.255.2) 56(84) bytes of data. > >>> 64 bytes from 10.255.255.2: icmp_req=1 ttl=64 time=0.211 ms > >>> 64 bytes from 10.255.255.2: icmp_req=2 ttl=64 time=0.287 ms > >>> > >>> root@VMX01:/etc/opennhrp# ping 10.255.255.3 > >>> PING 10.255.255.3 (10.255.255.3) 56(84) bytes of data. > >>> 64 bytes from 10.255.255.3: icmp_req=1 ttl=64 time=0.254 ms > >>> 64 bytes from 10.255.255.3: icmp_req=2 ttl=64 time=0.283 ms > >>> > >>> *From Machine B to A* > >>> oot@VMX02:/etc/opennhrp# ping 10.255.255.2 > >>> PING 10.255.255.2 (10.255.255.2) 56(84) bytes of data. > >>> 64 bytes from 10.255.255.2: icmp_req=1 ttl=64 time=0.022 ms > >>> 64 bytes from 10.255.255.2: icmp_req=2 ttl=64 time=0.031 ms > >>> > >>> > >>> root@VMX02:/etc/opennhrp# ping 10.255.255.1 > >>> PING 10.255.255.1 (10.255.255.1) 56(84) bytes of data. > >>> 64 bytes from 10.255.255.1: icmp_req=1 ttl=64 time=0.185 ms > >>> > >>> > >>> *From Machine C to A* > >>> > >>> root@VMX03:/etc/racoon# ping 10.255.255.3 > >>> PING 10.255.255.3 (10.255.255.3) 56(84) bytes of data. > >>> 64 bytes from 10.255.255.3: icmp_req=1 ttl=64 time=0.022 ms > >>> 64 bytes from 10.255.255.3: icmp_req=2 ttl=64 time=0.029 ms > >>> > >>> root@VMX03:/etc/racoon# ping 10.255.255.1 > >>> PING 10.255.255.1 (10.255.255.1) 56(84) bytes of data. > >>> 64 bytes from 10.255.255.1: icmp_req=1 ttl=64 time=0.248 ms > >>> 64 bytes from 10.255.255.1: icmp_req=2 ttl=64 time=0.274 ms > >>> > >>> > >>> *But not from machine B to C or C to B* > >>> What and I missing? > >>> PS. ALL ipsec tunnel are up! > >>> > >>> Thanks Man > >>> Sassy > >>> > >>> > >>> On Mon, Apr 8, 2013 at 8:11 PM, Sassy Natan <sa...@gm...> > >>> wrote: > >>> > >>>> Thanks x million :-) > >>>> I will check it and let u know! > >>>> > >>>> > >>>> > >>>> > >>>> On Mon, Apr 8, 2013 at 7:21 PM, Timo Teras <tim...@ik...> > >>>> wrote: > >>>> > >>>>> On Mon, 8 Apr 2013 18:27:42 +0300 > >>>>> Sassy Natan <sa...@gm...> wrote: > >>>>> > >>>>> > Hi All, > >>>>> > > >>>>> > I'm trying to setup OpenNHRP without a any luck > >>>>> > > >>>>> > My questions are as follow: > >>>>> > > >>>>> > 1. Do I must use IPSec? > >>>>> > >>>>> No, then you just will not have encrypted traffic. This is > >>>>> achieved basically by having empty opennhrp-script. > >>>>> > >>>>> The only down side is that, "dead" nodes are not detected until > >>>>> nhrp holding time expires. IPsec DPD timers provide lively > >>>>> detection. > >>>>> > >>>>> > 2. Can it be done with linux machines only? no Cisco? > >>>>> > >>>>> Yes. I'm aware of doing this being done successfully with > >>>>> installations > >>>>> of 200+ spokes and 6 hubs. > >>>>> > >>>>> > 3. My setup is as follow: > >>>>> > > >>>>> > a. Machine X with ip address of 172.16.0.200 > >>>>> > opennhrp.conf > >>>>> > -------------------- > >>>>> > interface gre1 > >>>>> > map 10.255.255.1/24 172.16.0.201 register > >>>>> > cisco-authentication 1234 > >>>>> > shortcut > >>>>> > redirect > >>>>> > non-caching > >>>>> > > >>>>> > b. Machine Y with ip address of 172.16.0.201 > >>>>> > > >>>>> > opennhrp.conf > >>>>> > -------------------- > >>>>> > interface gre1 > >>>>> > map 10.255.255.2/24 172.16.0.200 register > >>>>> > cisco-authentication 1234 > >>>>> > shortcut > >>>>> > redirect > >>>>> > non-caching > >>>>> > >>>>> You would just leave the 'map' directive out from the 'hub'. > >>>>> When a spoke with a map register having 'register' in it > >>>>> becomes online, the otherend automatically learns it. > >>>>> > >>>>> - Timo > >>>>> > >>>> > >>>> > >>> > >>> > >>> ------------------------------------------------------------------------------ > >>> Minimize network downtime and maximize team effectiveness. > >>> Reduce network management and security costs.Learn how to hire > >>> the most talented Cisco Certified professionals. Visit the > >>> Employer Resources > >>> Portalhttp://www.cisco.com/web/learning/employer_resources/index.html > >>> > >>> > >>> > >>> _______________________________________________ > >>> opennhrp-devel mailing > >>> lis...@li...https://lists.sourceforge.net/lists/listinfo/opennhrp-devel > >>> > >>> > >>> > >>> -- > >>> Stephen Clark > >>> *NetWolves* > >>> Director of Technology > >>> Phone: 813-579-3200 > >>> Fax: 813-882-0209 > >>> Email: ste...@ne... > >>> http://www.netwolves.com > >>> > >> > >> > >> > >> > >> ------------------------------------------------------------------------------ > >> Minimize network downtime and maximize team effectiveness. > >> Reduce network management and security costs.Learn how to hire > >> the most talented Cisco Certified professionals. Visit the > >> Employer Resources Portal > >> http://www.cisco.com/web/learning/employer_resources/index.html > >> _______________________________________________ > >> opennhrp-devel mailing list > >> ope...@li... > >> https://lists.sourceforge.net/lists/listinfo/opennhrp-devel > >> > >> > > |