Hi again guys.
After a few weeks of playing with CISCO CSR1000 VMs on VirtualBox (I'm thinking on doing a post on how to install this CISCO router on
current VirtualBox 5.1) I realized that those CISCO Virtual routers are far too heavy-weight to just make some labs.
CSR1000 is obviously designed to be used in production environments... it is powerful, but it gets a lot of resources, it boots somehow slow, and unless you apply a temporary evaluation license, after all, you'll end up with just 100 kbps usable bandwidth!!!
So... isn't there any free "just router" alternative? I don't want a firewall, I don't need web GUI, I don't want to install a Linux OS just to forward IP packets ... I just want a plain, cli managed, routing protocols featured, light, virtualization friendly, routing operating system... anyone?
YES!!! It's BSD Router Project
My two cents about BSDrp
Everything in BSDrp is like...thin...
The website, the logo, the documentation... everything seems minimal, but the project is alive, and it looks to be so for several years.
I have managed to download and install without much trouble BSDrp in VirtualBox.
My lack of much experience in BSD environments, together with spartan documentation and project environment, made early steps and installation not as straightforward as I thought, but overall, nothing bad.
If you want to download a VirtualBox .ova image of a BSDrp VM, SSH enabled, with DHCP addresing for its bridged vtnet0 interface (so, just plug and play :-), I have one just here (root password is 'bsdrp')
Also, there is a PROXMOX KVM backup just here that has a WAN interface bridged to vmbr0 and DHCP enabled, a LAN interface bridged with vmbr1, and SSH enabled (root password is again 'bsdrp')
The only problem with BSDrp is that documentation is scarce and somehow outdated (for example, contrary to what doc states... SSH is disabled by default).
But this is somehow compensated by several facts:
- The BSDrp web site includes an awesome set of examples and labs.
- BSDrp wraps the well known Quagga routing suite nicely.
- It is BSD based, so, BSD documentation may help.
To my taste, there is one thing I really miss when playing with BSDrp: NAT.
BSDrp can obviously do NAT, it is BSD!!! but not in a transparent/CISCOish way to the user... to have NAT you have to tangle with BSD Packet Filtering, thus, messing the whole thing with BSD firewalling. It would have been nice if they have made some wrapping scripts to make NAT just work without messing with pf by hand.
As soon as I need NAT, I drop BSDrp in favor of pfSense.
Additionally, BSDrp comes without nano/pico, so it is very unfriendly to edit config files, and I was unable to make the pkg packaging system to work either.
Before starting... some words about the serial console
I like using my VMs headless as long as possible.
The BSDrp image I'm using is the VGA one, which, in turn, includes support for serial management.
But getting the serial console emulation has being harder than I expected, and too often ended up with crashed VM...
My advice is to get SSH up and running using VGA console and use SSH (the .ova image I uploaded here has SSH enabled, so all this stuff is unnecessary)
Anyhow but, by experimenting with serial console emulation (Linux Debian Host) I get to a point where I got a consistent procedure.
So, at least after cloning the VM, DO NOT boot headless using serial console... instead, just setup serial in the VM, and:
Perform a normal boot, VGA only first time. until root prompt.
Then, from VGA terminal:
login as root (no password for root by default)
save config (yes)
After reboot (we are still VGA) we do connect screen to virtual COM1
in linux console, we setup socat:
socat UNIX-CONNECT:/tmp/bsdrp-socket PTY,link=/tmp/bsdrp-socket &
Then we do connect using screen command:
4. We should have successfully got prompt at the serial... now, just login and poweroff the VM.
Now on, you can boot headless.
to connect, repeat step 3... it should work!!!
First steps with BSDrp
At the time of this writing, I'm using BSDrp 1.7, amd64 with VGA.
As is, the official image comes with NO SSH, and no root password.
A hostname, some interface with IP address to bind to, and a password for root user, are required things to get SSH up and running.
If you choose to download the .ova image I uploaded, remember that it gets IP from DHCP at the first network interface (vtnet0) which is bridged to host interface, and root password is set to 'bsdrp'.
When you log into BSDrp this is what you see:
login: root Mar 29 11:01:24 router login: ROOT LOGIN (root) ON ttyu0 BSD Router project (BSDRP) (c) 2009-2017, The BSDRP Development Team All rights reserved. BSDRP is under the Simplified BSD license. Documentation: http://bsdrp.net Discover BSDRP tools with "help" command Keyboard layout can be changed with this command: kbdcontrol -l keymap_file (<TAB> for list available maps) root has logged on ttyu0 from local. [root@router]~#
To get a very thin help, just type 'help':
[root@router]~# help Welcome to BSD Router Project (BSDRP) help BSDRP is an embedded FreeBSD with some customized tools: - config : Manage config files - show : Display somes system information - upgrade : upgrade BSDRP - system : System actions - cli : Enter into quagga router mode Need to start it first with sysrc quagga_enable service quagga start - help : Display this help message Command completion is available with TAB key More information with: tools-name help Display all rc variables configured with: sysrc -a
Plying with the config
- Config is stored as a set of variables in a kind of key/value fashion.
- Key/value definition in config files can be regarded as an equivalent of CISCO 'startup config'.
- We can but alter those values on the fly and reload affected system services to apply changes, a kind of 'running config' , but without altering the configuration, upon reboot, those changes will vanish.
- Changes to values that apply to a running service have to be altered in 'startup config' fashion, and then, restart the service to make them to be applied.
- We must commit changes to 'startup config' actual files after issuing modifying commands with just an easy command... don't forget it before rebooting!
To see our 'startup config' we have to issue the sysrc -a command:
[root@router]~# sysrc -a blanktime: NO defaultroute_delay: 5 disablelrotso_enable: YES dumpdev: NO gateway_enable: YES harvest_mask: 351 hostname: router.bsdrp.net ipv6_activate_all_interfaces: YES ipv6_gateway_enable: YES moused_enable: NO moused_ums0_enable: NO polling_enable: NO rtadvd_enable: NO rtadvd_interfaces: em0 sendmail_enable: NONE syslogd_flags: -s update_motd: NO
To change some 'running config' (for instance hostname) just type variable name and new value:
To alter a value in a 'startup config' fashion, we make the change to be persistent in config (remember but, that changes have to be committed in order to survive reboot):
[root@router]~# sysrc hostname=R2 hostname: R1 -> R2
Often but, config values belong to a system service (IP addressing, for instance, apply to the netif service), then the changes are done always using the sysrc command, followed by a service manual restart:
[root@router]~# sysrc ifconfig_vtnet0="DHCP" ifconfig_vtnet0: -> "DHCP" [root@router]~# sysrc ifconfig_vtnet1="10.0.1.1" ifconfig_vtnet1: -> "10.0.1.1" [root@router]~# service netif restart
After performing 'startup config' changes with sysrc we must commit them to actual config files using the config save command:
[root@R2]~# config save Archiving previous configuration files... Saving configuration... Done.
So now, to get a very basic SSH up and running, we have the very basic knowledge on how to do it:
[root@router]~# sysrc hostname=R2 hostname: R1 -> R2 [root@router]~# sysrc ifconfig_vtnet0="DHCP" ifconfig_vtnet0: -> "DHCP" [root@router]~# passwd Changing local password for root New Password: Retype New Password: [root@router]~# [root@router]~# [root@router]~# sysrc sshd_enable=yes sshd_enable: NO -> yes [root@router]~# service sshd start Generating RSA host key. 2048 SHA256:6J45lvXRLvw+SCdd1NUbUYTobH9ia6Jaj78vo1DR6Zw email@example.com (RSA) Generating ECDSA host key. 256 SHA256:UJPNTBtxxjyZvoy5CLt1n+Omn0Gg1k4200EeHnyoRZA firstname.lastname@example.org (ECDSA) Generating ED25519 host key. 256 SHA256:FXpI4NkkDR5aCcTx41UXmIHmIVMItX94jWf5pGI4A/I email@example.com (ED25519) Performing sanity check on sshd configuration. Starting sshd. [root@router]~# [root@router]~# config save Archiving previous configuration files... Saving configuration... Done.
Finally, to get into Quagga's CLI (you can use quagga's command line interface to setup some things such as IP addressing, hostname and so, in addition to RIP, OSPF, BGP... as an alternative to sysrc) you have to enable it:
[root@router]~# sysrc quagga_enable=yes quagga_enable: -> yes [root@router]~# service quagga start Checking zebra.conf Multiple command installs to node 4 of command: show ipv6 mroute vrf all OK Starting zebra. .... [root@router]~#
Then, to enter the quaga UI, no need to telnet independent services, just type the cli command to enter the unified quagga CLI:
[root@router]~# cli Multiple command installs to node 4 of command: list Multiple command installs to node 4 of command: exit ... show ipv6 mroute vrf all Hello, this is Quagga (version 1.1.0). Copyright 1996-2005 Kunihiro Ishiguro, et al. router.bsdrp.net#
So... that's all for today.
Hope you may find useful the gret job those guys are doing!!!