Skip to Content.
Sympa Menu

rare-users - Re: [RARE-users] Queries on FREERTR/RARE configuration

Subject: RARE user and assistance email list

List archive

Re: [RARE-users] Queries on FREERTR/RARE configuration


Chronological Thread 
  • From: Frédéric LOUI <>
  • To:
  • Cc: Raimondas Sirvinskas <>, "Balcas, Justas" <>
  • Subject: Re: [RARE-users] Queries on FREERTR/RARE configuration
  • Date: Mon, 30 Jan 2023 20:06:17 +0100
  • Dkim-filter: OpenDKIM Filter v2.10.3 zmtaauth03.partage.renater.fr 05CA18020D

Hi Preeti,

Welcome on board !

1. server telnet <vrf_name>
In freeRtr you have the concept of a « server". In your question you are
mentioning « telnet » server which is server use to provide CLI access to
freeRtr into a specific VRF.
Each server has some properties. Access-class for example give the operator
to bind an IPv4/IPv6 ACL so that you can filter which IPv4/IPv6 can access
freeRtr.
Now that being said, telnet server has also a property called: interface:

server telnet MY_SERVER
security protocol ssh
security authentication usr
security rsakey MY_FREERTR_rsakey
security dsakey MY_FREERTR_dsakey
security ecdsakey MY_FREERTR_ecdsakey
port 22
no exec authorization
no login authentication
interface sdn1
vrf inet
exit

In the example above the remote CLI access is bound to sdn1 interface.
i.e if you try to connect the router using sdn2 IP -> it will fail.

One should note also that the example above provide a remote access via SSH
using port 22. (Also declaration in the config of SSH host key MY_FREERTR_* )
For the purist telnet server is then not only telnet daemon. Please see
freertr « telnet » as a remote CLI access as in JUNOS and IOS/IOSXR.

In your example, all interfaces bind into p4 VRF is allowed.
However, if you look at the config there is no interface bind to VRF p4.

The only object in P4 VRF is the "p4lang server p4"

Therefore in that special case only, the access is possible only if you land
into Linux either via BMC or P4 switch main board CPU.

A non exhaustive list of server can be found here below: (click on server tab)
http://docs.freertr.org/guides/reference/tabbed/


>
> So do you think any alternate solution to add both ACLs?
2. Basically you create _ONE_ ACL that has both IPv4 and IPv6 rules.

Example:
access-list ACL_MY_FREERTR_ACCESS
sequence 5 permit all 195.111.95.0 255.255.255.224 all any all
sequence 50 permit all FD01:DEAD:BEEF:CC1E:: ffff:ffff:ffff:ffff:: all any all

> How to create a port channel/LAG in FREERTR/rare?

3. You can have documentation here below:
https://wiki.geant.org/display/RARE/Dataplane+specific+feature+list

And ctrl+f -> bundle

And normally you should land here:
http://sources.freertr.org/cfg/p4lang-acl09.tst

The documentation is being reworked and docs.freertr.org could not have p4
dataplane test documentation.

Other than that freeRtr with pure software forwarder the test case is here:
http://docs.freertr.org/guides/reference/md/conn-bundle01.tst/

Please have a look at this test case.

If not sufficient we can have a super short VC :)

Feel free to reach us as soon as you are stuck via the mailing list.

All the best
Frederic


> Le 30 janv. 2023 à 19:17, Bhat, Preeti P. <> a écrit :
>
> Hi All,
>
> I have a couple of FREERTR/RARE switches and I am configuring them. I have
> come across a few challenges and I am unable to find a document relevant to
> my queries.
>
> Could you please provide me with the information related to the following
> queries?
>
> • I ran a show running-config command and looked for the server
> telnet configuration. I got the following detail. What is the p4 and
> use-case?<image.png>
> • I have created 2 ACLs, 1 for ip4 and 1 for ipv6. I can not add
> both ACLs to the server telnet oob. In the case of the dell switch, 1 vty
> line can be added to ipv6 and the rest for ipv4. So do you think any
> alternate solution to add both ACLs?
>
> • How to create a port channel/LAG in FREERTR/rare?
>
> Many Thanks,
> Preeti Bhat




Archive powered by MHonArc 2.6.19.

Top of Page