Example of Soft-Router (FRR) configuration for BNG L2-Connected

The Soft-Router feature is used to announce NAT Pool subnets and authorized subscriber IP addresses for BNG L2-connected using dynamic routing protocols (BGP, OSPF, IS-IS). The principle of operation and configuration is described in the Soft-Router section.

Use case description:

The SSG (2x10G in port, 2x10G out port) is implemented in-line of 2x10G links, which are aggregated in LAG. The SSG is configured in BRAS L2 PPPoE mode, NAT Pool 100.0.0.0/24 is created.

In this scenario we will assume that the docking network is 192.168.123.64/30, the IP on the SSG side is 192.168.123.65, the IP on the upstream router side is 192.168.123.66, ASN are 65501 and 65502 respectively. Let's configure FRR as a router with a CLI most similar to the usual and familiar to cisco-like operators. The out-interface of the SSG, in this case 13-00.0, is specified as the interface from which traffic will be diverted.

SSG (FastDPI) configuration:

/etc/dpi/fastdpi.conf: 

router=1
router_kernel_table=254
router_subs_announce=6
router_netns=router
router_device {

device=13-00.0
tap=dpi
peer=rib
subnet=192.168.123.65/30
subnet=224.0.0.5/32
subnet=224.0.0.6/32
}

Netns configuration:

ip netns add router
ip link add dpi type veth peer name rib netns router
ip netns exec router ip address add 192.168.123.65/30 dev rib
ip netns exec router ip link set dev rib arp on
ip netns exec router ethtool -K rib tx off
ip link set dev dpi arp off
echo 1>/proc/sys/net/ipv6/conf/dpi/disable_ipv6
ip link set dpi up
ip netns exec router ip link set lo up
ip netns exec router ip link set rib up
firewall-cmd --zone=internal --add-source=192.168.123.65/24
firewall-cmd --zone=internal --add-rich-rule='rule family=ipv4 source address=192.168.123.65/24 accept

We recommend adding these commands to the script and then adding the script to autorun.

FRR daemons setup:

/etc/frr/daemons: 

bgpd=yes
ospfd=yes
ospf6d=yes
ripd=no
ripngd=no
isisd=no
pimd=no
nhrpd=no
eigrpd=no
sharpd=no
pbrd=no
bfdd=no
fabricd=no
vrrpd=no

vtysh_enable=yes
zebra_options="  -A 127.0.0.1 -s 90000000 --vrfwnetns"
bgpd_options="   -A 127.0.0.1"
ospfd_options="  -A 127.0.0.1"
ospf6d_options=" -A ::1"
ripd_options="   -A 127.0.0.1"
ripngd_options=" -A ::1"
isisd_options="  -A 127.0.0.1"
pimd_options="   -A 127.0.0.1"
nhrpd_options="  -A 127.0.0.1"
eigrpd_options=" -A 127.0.0.1"
sharpd_options=" -A 127.0.0.1"
pbrd_options="   -A 127.0.0.1"
staticd_options="-A 127.0.0.1"
bfdd_options="   -A 127.0.0.1"
fabricd_options="-A 127.0.0.1"
vrrpd_options="  -A 127.0.0.1"

FRR (OSPF) setup:

/etc/frr/frr.conf: 

frr version 7.5
frr defaults traditional
hostname bras-demo-01
no ip forwarding
no ipv6 forwarding
no service integrated-vtysh-config
!
vrf router
 netns /run/netns/router
 exit-vrf
!
router ospf vrf router
 network 192.168.123.0/24 area 0
!
line vty
!

FRR (BGP) setup:

/etc/frr/frr.conf 

frr version 7.5
frr defaults traditional
hostname bras-demo-01
log file /var/log/frr/debug.log
log syslog
no ip forwarding
no ipv6 forwarding
service integrated-vtysh-config
!
router bgp 65501 vrf router
 bgp router-id 192.168.123.65
 neighbor 192.168.123.66 remote-as 65502
 !
 address-family ipv4 unicast
  redistribute kernel
  neighbor 192.168.123.66 route-map PERMIT_ALL in
  neighbor 192.168.123.66 route-map PERMIT_ALL out
  neighbor 192.168.123.66 soft-reconfiguration inbound
 exit address-family
!
route-map PERMIT_ALL permit 10
!
line vty
!