As always find answers inline :)
On 18/12/15 17:10, Jose Collin wrote:
thanks albert
new few questions
1- my openwrt router use LAN 192.168.10.1 and my PBX is in static IP
192.168.10.150. in config with EID-prefix it would not be anymore
valid the 192.168.10.1 but the EID-prefix assigned by you ? or I can
still have my 192.168.10.xxx
If you want to use LISP, then your new LAN network should be the
EID-prefix I provided to you. You should replace 192.168.10.0/24 with
the provided prefix
2- when config is done. I suppouse LISPD does not run by default but
need to put a command in order to enable/ disable..... what would be
the command to enable/disable ?
Once you have edited the configuration file in /etc/config/lispd (it is
recommended to set de debug level to 0), you can start, stop the lisp
deamon using /etc/init.d/lisp [start|stop|restart]
I recommend to use the command line the first time you try LISPmob in
order to see if everything is working well: lispd -d 1 (-d is de debug
level: from 1 to 3)
3-
in the dummy config you share it, I saw address like 3.3.3.3, 4.4.4.4
this should be subsitute with the EID-Prefix provisioning data or
should remain as is ?
These addresses should be personalized with your data. I have attached
a configuration file where some of the values have been added according
to the information I sent to you to join beta network. You should add
some extra parameters like password or the name of your WAN interfaces
in the RLOC section.
4-your dummy config is only for xTR ? is the most common mode for
normal uses an multihoming? advantages of this vs RTR & MN and
advantages of RTR and MN modes? and in what scenarios should be used
each one.
MN is mobile node. It is used when you embed the xTR functionalities in
the final device (phone, laptop,...). RTR is for experimental reasons
and it does reencapsulation of lisp packets.
xTR is a LISP border router and it provide LISP connectivity to a
subnetwork connected behind it. xTR is the most common case.
5-the sponsors members of this project. has directly connected their
databases, minning etc to this projects or they only support this with
infrastructure, hardware, software. H.R. and the project is
independtly, self dependable of new code and opensource from the
sponsors member ?
Some of them are big clients, some of them are providing hardware and
network connectivity but I don't have the details
6-this is a beta network. it is planed to charge $ after for the
EID-prefixes ? if yes what about the beta lisps users ?
As far as I know, it is not planned to charge users as it is an
experimental network. Its existence depends on the resources provided by
partners but it has been working from some years and I don't believe it
will stop in a mid term.
Best regards
Albert
thanks again albert : )
On Thu, Dec 17, 2015 at 5:48 PM, Jose Collin <[email protected]
<mailto:[email protected]>> wrote:
Thanks so much for the answers. and thanks for the EID prefix.
I have other questions
1-LISP for openwrt is available for AA 12.09 in particular to
tl-wr740n and tl-mr3420 both are atheros a7xxx I check with opkg
update for lispd and it appears to be version 3.xxx
2- how about security ? it is secure the communications ?
3- I usually use in my openwrt DnsCRYPT (dnscrypt-proxy) can
exists with LISP ?
4-with my new EID prefix can have and use my 3 wan interfaces ?
you said at some point that withou EID it would be used only one
interface and other would behave as backup interfaces ( i would
like to use all my interfaces WANS to do multihoming
5- it is possible to use at full all wan interfaces with a weight
of 100 each at same time ? or should be the totals wans 100 and
from there make like wan1 weight 70 wan2 weigh 20 and wan3 weight
10 ?
6-what could be the consequences using version 5.xx LISP without
NAT. i asked because I have connected to openwrt a PBX
(freeSwitch) local and my phones are local. plus I have 2 ip
cameras ( my external wan ip for all wans are dynamic )
7- LISP make my openwrt and clients faster, and more fail
tolerance ? I suppouse for example if I have connection to a TV
stream and the wan that is used at that moment lose connection...
then with LISP automatic will still using the connection with the
other wans ? and no break of internet link with tv stream ? ZERO
down time ?
8- LISP can help to connect to my cameras by remote android phone
with dynamic IP updater like no-ip.org <http://no-ip.org> ?
9- I suppouse that EID-Prefix IP is hosted in LISPmod Servers,
this make faster and avoid down time ? security ?
could you tell some of the advantages with this ?
10- thanks thanks so much for your fast answers, and your
attentions. you are very kind
thanks
inquba
On Tue, Dec 15, 2015 at 2:36 PM, Jose Collin <[email protected]
<mailto:[email protected]>> wrote:
HI. I want to try LISPd in my openwrt router CC chaos calmer 15.05
I have Buffallo WZR-1750DHP router with openwrt, I install
LISPD by opkg update, opkg install lispd
my openwrt router is not atheros ar71x but (BCM4708) kernel
version 3.18.20
I would like to use LISPD as I want MULTIHOMING I have 3 wan
phisical interfaces in router isolated as vlans
so I have some questions and hope you can help me..
1- LISPD multihoming add bandwidth from all my wans? ex wan=
12mbpsDOWN/2mbpsUP
wan2 = 7mbpsDown/3mbpsUP wan3 = 10mbpsDown/4mpbsUP so these 3
would add the bandwidth like bonding and have
29mbpsDown/9mpsUP ???
2-I install the version 4.1 of LISPD in openwrt that was in
the update software so with this version I would have
multihoming enable ?
3- per automatic config is recomended to put this
add the following lines to `/etc/sysctl.conf`. Remember to
reboot your system after adding these lines.
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
but my openwrt LISPD version is diferent here how it is NOTE
that it is not rp_filter=0 but arp_ignore=1 and what should I
put here 0 or 1 ? default is 1
and note2 instead of all.rp_filter=0 it said all.arp_ignore=1
kernel.panic=3
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.ip_forward=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.igmp_max_memberships=100
net.ipv4.tcp_ecn=0
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_keepalive_time=120
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_timestamps=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_dsack=1
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1
net.netfilter.nf_conntrack_acct=1
4- It said that I should add all my interfaces before
activating, so my question is how I put the interfaces and how
to set routes ?
could you set this for me.. since I am very newbie with this
... here my data for interfaces
NOTE: wan's are in order of importance for the metrics... wan
is the most important then wan2 and less important is wan3
LAN= eth0.1 =ip 192.168.10.1
WAN= eth0.2 =ip is DHCP in 192.168.2.192/24
<http://192.168.2.192/24>
WAN2= eth0.200 =ip is DHCP in 192.168.11.192/24
<http://192.168.11.192/24>
WAN3= eth0.300 =ip is DHCP in 192.168.8.50/24
<http://192.168.8.50/24>
once made this the system would work out of the box ? or need
something ?
5- I have use mwan3 and multiwan but it seems it only do load
balancing but not add the bandwidth of all wans.... what would
be the advantages of multihoming vs mwan3 and multiwan if any ?
thanks so much in advance
Joseph Colin
---------
Jose A Colin G
#
# lispd example config file for OpenWRT
#
package 'lispd'
# General configuration
# debug: Debug levels [0..3]
# log_file: Specifies log file used in daemon mode. If it is not specified,
# messages are written in syslog file
# map_request_retries: Additional Map-Requests to send per map cache miss
# operating_mode: Operating mode can be any of: xTR, RTR, MN, MS
config 'daemon'
option 'debug' '0'
option 'log_file' '/tmp/lispd.log'
option 'map_request_retries' '2'
option 'operating_mode' 'xTR'
#---------------------------------------------------------------------------------------------------------------------
# Tunnel Router general configuration
# Common for xTR, RTR & MN
# RLOC Probing configuration
# rloc_probe_interval: interval at which periodic RLOC probes are sent
(seconds). A value of 0 disables RLOC Probing
# rloc_probe_retries: RLOC Probe retries before setting the locator with
status down. [0..5]
# rloc_probe_retries_interval: interval at which RLOC probes retries are sent
(seconds) [1..rloc_probe_interval]
config 'rloc-probing'
option 'rloc_probe_interval' '30'
option 'rloc_probe_retries' '2'
option 'rloc_probe_retries_interval' '5'
# Encapsulated Map-Requests are sent to this map-resolver
# You can define several map-resolvers. Encapsulated Map-Request messages will
be sent to only one.
# address: IPv4 or IPv6 address of the map resolver
config 'map-resolver'
list 'address' '198.6.255.37'
#---------------------------------------------------------------------------------------------------------------------
# xTR configuration
# Map-Registers are sent to this map-server
# You can define several map-servers. Map-Register messages will be sent to all
of them.
# address: IPv4 or IPv6 address of the map-server
# key_type: Only 1 supported (HMAC-SHA-1-96)
# key: password to authenticate with the map-server
# proxy_reply [on/off]: Configure map-server to Map-Reply on behalf of the xTR
config 'map-server'
option 'address' '198.6.255.37'
option 'key_type' '1'
option 'key' '<password>'
option 'proxy_reply' 'off'
config 'map-server'
option 'address' '173.36.254.164'
option 'key_type' '1'
option 'key' '<password>'
option 'proxy_reply' 'off'
config 'map-server'
option 'address' '206.223.132.89'
option 'key_type' '1'
option 'key' '<password>'
option 'proxy_reply' 'off'
config 'map-server'
option 'address' '149.20.48.61'
option 'key_type' '1'
option 'key' '<password>'
option 'proxy_reply' 'off'
# IPv4 / IPv6 EID of the node.
# eid-prefix: EID prefix (IPvX/mask) of the mapping
# rloc_set: Name of the set of rlocs to be used
config 'database-mapping'
option 'eid_prefix' '153.16.9.80/28'
option 'rloc_set' 'RLOC_SET_A'
# List of PITRs to SMR on handover
# address: IPv4 or IPv6 address of the Proxy-ITR
# Current LISP beta-network (lisp4.net/lisp6.net) PITR addresses
# Uncomment the IPv4 or IPv6 list based on your current locators
config 'proxy-itr'
list 'address' '69.31.31.98' #
eqx-ash-pxtr
list 'address' '149.20.48.60' #
isc-pxtr
list 'address' '198.6.255.37' #
asp-pxtr
list 'address' '173.36.193.25' #
sjc-pxtr
list 'address' '129.250.1.63' #
ntt-amer-pxtr
list 'address' '217.8.98.33' #
intouch-pxtr-1
list 'address' '217.8.98.35' #
intouch-pxtr-2
list 'address' '193.162.145.46' #
tdc-pxtr
list 'address' '158.38.1.92' #
uninett-pxtr
list 'address' '203.181.249.172' #
apan-pxtr
list 'address' '202.51.247.10' #
sg-nus-pxtr
# list 'address' '2001:590::451f:1f62' #
eqx-ash-pxtr
# list 'address' '2001:4f8:3:d::60' #
isc-pxtr
# list 'address' '2001:418:4:1:deaf:bebe::10d' #
asp-pxtr
# list 'address' '2001:418:0:1000::613' #
ntt-amer-pxtr
# list 'address' '2001:200:e000:17::17' #
intouch-pxtr-1
# list 'address' '2001:67C:21B4:108::b' #
intouch-pxtr-2
# list 'address' '2001:6c8:41:100:0:2:1:c' #
tdc-pxtr
# list 'address' '2001:700:0:52E::4' #
uninett-pxtr
# list 'address' '2001:67C:21B4:107::b' #
apan-pxtr
# Packets addressed to non-LISP sites will be encapsulated to this Proxy-ETR
# You can define several Proxy-ETR. Traffic will be balanced according to
priority and weight.
# address: IPv4 or IPv6 address of the Proxy-ETR
# priority [0-255]: Proxy-ETR with lower values are more preferable.
# weight [0-255]: When priorities are the same for multiple Proxy-ETRs, the
Weight indicates how to balance
# unicast traffic between them.
config 'proxy-etr'
option 'address' '198.6.255.37'
option 'priority' '1'
option 'weight' '100'
config 'proxy-etr'
option 'address' '69.31.31.98'
option 'priority' '1'
option 'weight' '100'
#---------------------------------------------------------------------------------------------------------------------
# Miscellaneous configuration
# Set of rlocs to be used in mappings
# name: Name of the set of rlocs
# rloc_name: List of each of the names of the rlocs to be used in the set.
# It can be used rloc-address or rloc-iface
config 'rloc-set'
option 'name' 'RLOC_SET_A'
list 'rloc_name' 'RLOC_1'
list 'rloc_name' 'RLOC_2'
# RLOC defined with a network interface
# name: Name of the rloc to be used in rloc-set
# interface: interface containing the RLOCs to be used
# ip_version: 4 to use IPv4 address of the interface and 6 to use IPv6
# address of the interface
# priority [0-255]: Priority for the IPvX RLOC. Locatorsn with
# lower values are more preferable. This is used for both incoming
# policy announcements and outgoing traffic policy management.
# weight [0-255]: When priorities are the same for multiple RLOCs, the Weight
# indicates how to balance unicast traffic between them.
config 'rloc-iface'
option 'name' 'RLOC_1'
option 'interface' 'eth1'
option 'ip_version' '4'
option 'priority' '1' # Priority of IPv4 locator of
the interface eth0 for this EID
option 'weight' '100' # Weight of IPv4 locator of the
interface eth0 for this EID
config 'rloc-iface'
option 'name' 'RLOC_2'
option 'interface' 'eth0.2'
option 'ip_version' '4'
option 'priority' '1' # Priority of IPv4 locator of
the interface eth0 for this EID
option 'weight' '100' # Weight of IPv4 locator of the
interface eth0 for this EID
