IfState¶

We'll be using IfState for the network configuration of our routers.

Feel free to use its documentation, but please use our provided startup IfState configuration to keep a constistant interface naming for your router model.

Base setup¶

IfState is already installed by default on RKOS.

Grab the provided configuration and paste it in the file /etc/ifstate/ifstate.yaml. When selecting the configuration, check the label at the bottom of your router and be sure to use the correct revision ('Rev.'). Running ifstatecli apply you should see some changes:

rtr-pod0-1:~# ifstatecli apply
configure network namespaces...

configure sysctl settings...
   ipv6/optimistic_dad               change

configure interfaces...
 lo
   link                              ok
   addresses                         = 127.0.0.1/8
   addresses                         = ::1/128
 eth0
   ifname                            change
   link                              change
 eth1
   ifname                            change
   link                              change
 eth2
   ifname                            change
   link                              change
 eth3
   ifname                            change
   link                              change
   tc                                ok
   tc                                ok
   tc                                ok
   tc                                ok
   tc                                ok

Now, we have to enable IfState to make it run the network configuration on each boot.

rtr-pod0-1:~# rc-update add ifstate boot
 * service ifstate added to runlevel boot

Identifying interfaces (optional)¶

If you're not using the provided IfState interface identification or you need to configure additional (USB) network adapters, follow this chapter. Otherwise you can skip and continue configuring the SSH access.

After inserting the new port, run ip -c address. You should see a new interface at the end (e.g. eth1):

rtr-pod0-1:~# ip -c address
[...]
14: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 50:3e:aa:b7:4e:7c brd ff:ff:ff:ff:ff:ff

Next we'll use ifstatecli identify to gather the information used to identify the physical network interface.

rtr-pod0-1:~# ifstatecli identify
interfaces:
[...]
  eth1:
    link:
      kind: physical
    identify:
      perm_address: 50:3e:aa:b7:4e:7c
      parent_dev_name: 2-1.4:1.0
      parent_dev_bus_name: usb

If you're using some sort of internal network interface (e.g. parent_dev_bus_name: pci), continue using the parameters parent_dev_name and parent_dev_bus_name. If you're using a USB-based network adapter instead, use the MAC address in perm_address, since addresses on the USB bus might change when plugged into another port.

Modify your IfState configuration file /etc/ifstate/ifstate.yaml and append your new network interface. Be sure to add kind: physical under the key link.

PCIe network interfaceUSB network interface

  # …
  portINTERNAL:
    link:
      kind: physical
    identify:
      parent_dev_name: '0000:06:00.0'
      parent_dev_bus_name: pci

  # …
  portUSB:
    link:
      kind: physical
    identify:
      perm_address: 50:3e:aa:b7:4e:7c

After applying your new configuration using ifstatecli apply you should see the new name of your network interface. You can now continue assigning IP addresses.

rtr-pod0-1:~# ip -c address
[...]
14: portUSB: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 50:3e:aa:b7:4e:7c brd ff:ff:ff:ff:ff:ff

Enable SSH access¶

Now it's finally time to configure our first network interface! Choose a network port of your liking and connect it to your laptop.

In this example we'll be using eth0, apply an /64 IPv6 prefix to it as well as an /27 of our IPv4 assignment. Also, be sure to set the link state to up.

interfaces:
  eth0:
    addresses:
    - 2001:xxxx:yyyy:1::1/64
    - 212.111.xxx.33/27
    link:
      kind: physical
      state: up
    identify:
      parent_dev_name: '0000:02:00.0'
      parent_dev_bus_name: pci

After applying your changes, the link LED on the router should turn on if it was off before. Next, configure the network interface on your laptop:

IPv4 address: 212.111.xxx.34
IPv4 subnet mask: 255.255.255.224 or /27
IPv6 address: 2001:xxxx:yyyy:1::2
IPv6 prefix size: 64

Do not set the gateway right now. Otherwise you could have troubles accessing this guide.

You should now be able to ping the router's IP addresses. Also, try to establish a SSH connection.

$ ssh username@2001:xxxx:yyyy:1::1
The authenticity of host '2001:xxxx:yyyy:1::1 (2001:xxxx:yyyy:1::1)' can't be established.
ED25519 key fingerprint is SHA256:iA8SFoXbQqKSX4oBNUQ9ghkA8vHr1xg7D/C5QxJss0Q.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '2001:xxxx:yyyy:1::1' (ED25519) to the list of known hosts.
username@2001:xxxx:yyyy:1::1's password: 
Welcome to Alpine!

The Alpine Wiki contains a large amount of how-to guides and general
information about administrating Alpine systems.
See <https://wiki.alpinelinux.org/>.

You can setup the system with the command: setup-alpine

You may change this message by editing /etc/motd.

rtr-pod0-1:~$

Congratulations, you can configure your router using SSH now! To gain root privileges, run doas -s.

Loopback interface¶

Now we configure a routing loopback interface. Allocate the first IPv4 and IPv6 addresses from your assignments. It is configured like your other interfaces, it just has kind: dummy.

interfaces:
  loop:
    link:
      kind: dummy
      state: up
    addresses:
    - 2001:xxxx:yyyy::1/128
    - 212.111.xxx.1/32

IP forwarding¶

In order for our router to route packages, we have to enable forwarding for IPv4 and IPv6. These sysctl settings can be changed with IfState as well! Just append the following lines to your configuration file and run ifstatecli apply.

sysctl:
  all:
    ipv4:
      forwarding: 1
    ipv6:
      forwarding: 1

Tip

Now it is a good time to run lbu commit.

VLAN subinterfaces (optional)¶

Note

This section is important for more complex setups like the ISP pods.

Using VLANs you can achieve network segmentation over a shared physical infrastructure. This is accomplished by the VLAN header of network packets, which contains a VLAN ID. Switches and routers can distribute and isolate traffic according to the VLAN ID.

In our scenario, we're using VLANs for the communication between ISPs and our upstream to the Internet.

Configuring a VLAN interface using IfState is pretty easy. You can either try to configure it from scratch using the Configuration Schema or use the example in the IfState documentation. Just don't forget to set the state of the parent interface (link) to up.

iproute2 interfaces names

Although the ip commands show VLAN port names as port1@eth0, the interface name at kernel level is port1 without the suffix. The @ notation is only used to show that a interfaces is linked to another for the user's convenience. Specifying an interface always requires to specify it w/o any @ suffix.

Network namespaces¶

Note

This section is only important when configuring your peering LAN as IX or you want to seperate clients.

The section below defines the default-namespace. Each interface can be assigned to another defined namespace listed below. Therefore you have to create a namespace and move the interface definition into this namespace The interface connecting the IX switch and the router should be put in a seperate namespace.

interfaces:
  eth0:
    addresses:
    - 2001:xxxx:yyyy:1::1/64
    - 212.111.xxx.33/27
    link:
      kind: physical
      state: up
    identify:
      parent_dev_name: '0000:02:00.0'
      parent_dev_bus_name: pci
namespaces:
  ixp-peering:
    interfaces:
      peering:
        addresses:
        - 2001:xxxx:yyyy:2::1/64
        - 212.111.xxx.33/27
        link:
          kind: physical
          state: up
        identify:
          parent_dev_name: '0000:02:00.0'
          parent_dev_bus_name: pci