Daily Archives: May 29, 2016

Zen Broadband with IPv6 using FreeBSD ppp router

A little while ago, i switched broadband providers so that I could enjoy the greater speeds on FTTC (fibre-to-the-cabinet) technology.  My existing ISP charged an insanely high amount for their unlimited package so I went through the hassle of renumbering my home network.

I chose to go with Zen broadband… I’ve used Zen in the past, and always been happy… plus they support IPv6 (of which I’m a big supporter)

So… here’s how to connect to Zen broadband (and possibly others) using FreeBSD as a router (via PPPoE) with the Zen provided DSL modem in passthrough mode.

Zen provide a Zyxel VMG1312-B10D DSL modem.  First you need to change the modem into bridged mode.  I won’t detail that here, there’s way too many documents online that show how to do it.  (alternatively, use another modem in bridge mode… I couldn’t get a Draytek to bridge properly – so perhaps avoid that.)

On the FreeBSD router, you need a dedicated network card for running PPPoE – I added an intel gigabit card to my router, so my PPPoE interface is igb0

First, we need to load some kernel modules, so add to /boot/loader.conf:

netgraph_load=”YES”
ng_ether_load=”YES”
ng_pppoe_load=”YES”
ng_socket_load=”YES”

These will be activated when you reboot.

Now we need to configure PPP.  Replace the entire contents of /etc/ppp/ppp.conf with:

zen:
set speed sync
set mru 1492
set mtu 1492
set ctsrts off

enable echo
set echoperiod 15
enable lqr
set lqrperiod 15

set log phase connect ipcp ipv6cp tun

enable ipcp
disable dns

set device PPPoE:igb0
set redial 10
set server /tmp/pppoe-adsl0 “” 0177

set authname USERNAMEHERE
set authkey PASSWORDHERE

add! default HISADDR
add! default HISADDR6

NOTE: everything except the first “zen:” line is indented – wordpress has a habit of losing the indentation!  Put your Zen-provided username and password in place of the capitalised placeholders above.  Also, change ‘igb0’ to a different interface depending on your router configuration.

Now, we need to set ppp to start on boot, so add to /etc/rc.conf:

ipv6_cpe_wanif=”tun0″
ifconfig_tun0_ipv6=”inet6 -ifdisabled -no_radr accept_rtadv”
# PPPoE configuration
ppp_enable=”YES”
ppp_program=”/usr/sbin/ppp”
ppp_nat=”NO”
ppp_user=”root”
ppp_profile=”zen”
ppp_zen_mode=”ddial”
ppp_zen_nat=”NO”

This will load the ‘zen’ profile in ‘ddial’ mode on boot.  It disables NAT in the PPP daemon.

The above is enough to negotiate IPv4, and to start the IPv6 negotiation – but zen requires that you use SLAAC to obtain an IPv6 IP, so we need to create another file for this.  This will run after connecting.  Create the file /etc/ppp/ppp.linkup with the following contents:

zen:
shell /sbin/ifconfig tun0 inet6 -ifdisabled -no_radr accept_rtadv
shell /sbin/rtsol -a tun0 &

Again, everything except the first “zen:” line is indented.

This enables SLAAC on the tun0 interface (the pseudo-interface that ppp creates) and triggers rtsol to obtain an IPv6 IP.

Zen also issue a /48 IPv6 netblock, which seems to be routed over the link automatically (although others say you need to do proxy DHCPv6 for it to work – I certainly don’t need to)

Link Aggregation/Bonding in FreeBSD using LACP

To bond multiple ethernet links together in FreeBSD is fairly simple.  In this example, we’ll use LACP which does require some switch configuration to work.

First, we need to ensure the link aggregation module is started at boot, so edit /boot/loader.conf and add the following line:

if_lagg_load=”YES”

Now we need to configure the port… in this example we will bond igb0 and bge0 together into a two port LACP bundle.  We will assign the IP 192.0.2.10/24 to the interface.

Add the following to /etc/rc.conf:

cloned_interfaces=”lagg0″
ifconfig_igb0=”up”
ifconfig_bge0=”up”
ifconfig_lagg0=”laggproto lacp laggport igb0 laggport bge0 up”
ifconfig_lagg0_alias0=”inet 192.0.2.10/24″

Now it’s possible to put the IP assignment on the same line as the LACP definitions but I think it looks cleaner separate – so I used an alias instead.

You can use a lagg port in the same way as a normal network port (e.g. clone interfaces from it for vlans etc)

Aggregated ports will use the MAC address from the first “laggport” in the bundle for all ports.

In FreeBSD, LACP is always configured in ‘active’ mode and system/port priorities use 0x8000 – these are not configurable.

As a quick example, here’s how you would configure a Cisco 3750/3850 switchport to support a FreeBSD LACP bundle.  We’ll use ports Gi1/0/1 and Gi2/0/1 to create a bundle called Port-channel1

interface Port-channel1
description LACP Bundle 1
switchport mode access
switchport access vlan 1
switchport nonegotiate
spanning-tree portfast
!
interface Gi1/0/1
description LACP Bundle 1 – 1/2
switchport mode access
switchport access vlan 1
switchport nonegotiate
channel-group 1 mode active
spanning-tree portfast
!
interface Gi2/0/1
description LACP Bundle 1 – 2/2
switchport mode access
switchport access vlan 1
switchport nonegotiate
channel-group 1 mode active
spanning-tree portfast

And you can confirm once it’s setup and working (it requires you to have rebooted the FreeBSD server above so that it can negotiate LACP) – you can use the ‘show etherchannel summary‘ command:

Group  Port-channel  Protocol    Ports
——+————-+———–+———————————————–
1      Po1(SU)         LACP      Gi1/0/1(P) Gi2/0/1(P)

You can see Po1 is up using LACP protocol and both ports in the bundle.

On the FreeBSD server, you can check LACP with ‘ifconfig lagg0‘ command:

        laggproto lacp lagghash l2,l3,l4
laggport: igb0 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
laggport: bge0 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>

You can see both ports are connected and working fine.

Speed up FreeBSD reboots by 7 seconds

Ok, 7 seconds doesn’t seem like much… but if you’re rebooting a live server then every second of downtime counts – so why not?

This is a simple change that reduces the timer on the initial FreeBSD menu from 10 seconds to 3 seconds.  (I don’t recommend reducing it below 3 seconds, as it may make it more difficult for you to use the menu should you ever need to!)

Ok, so you need to edit the /boot/loader.conf file (or create it if it doesn’t exist) and add the following line:

autoboot_delay=”3″

and that’s all you need to do.  Next reboot, the timer will start at 3 instead of 10 and you have a reboot that takes 7 seconds less than before.