Tuesday, 13 April 2010

Router on a Stick within vSphere using Vyatta and Optimizing for 1Gbps Routing

Vyatta have released VC6.0 final so I thought I would modify it a little by removing Openvm-tools and replace it with VMware tools, configure it with vmxnet 3 then bring it all together within vSphere for some iPerf benching.

So here we have the "Router on a stick" where we use a Vyatta VM to route between two VM networks with VLAN Trunk then optimize with Jumbo Frames (MTU 9000) on the vnics,vswitch and changing adapter types.





Part 1

Lab Setup
Configuration of Vyatta
Configuration of vSphere (VLAN Trunk)
Configure Routing
Benchmark using iPerf


Router on a Stick within vSphere using Vyatta and Optimizing for 1Gbps Routing - Part 1 from Richard Vimeo on Vimeo.




Part 2
Configuring Jumbo frame on guests
Configuring Jumbo frame on vSwitch
Changing vNic type
Benchmark with iPerf


Router on a Stick within vSphere using Vyatta and Optimizing for 1Gbps Routing - Part 2 from Richard Vimeo on Vimeo.




Here is the KB relating to why Windows XP (32bit) and Windows Server (32bit) come up with a 1.4Gbps link speed for 10Gbps drivers/adapters.
http://support.microsoft.com/kb/931857

And for those that cannot wait for the VMware Appliance here is the link to:
Vyatta VC 6.0 - Final with VMware Tools

Vyatta Config

firewall {
all-ping enable
broadcast-ping disable
conntrack-table-size 32768
conntrack-tcp-loose enable
ip-src-route disable
ipv6-receive-redirects disable
ipv6-src-route disable
log-martians enable
name ALLOW_ESTABLISHED {
default-action drop
rule 10 {
action accept
state {
established enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address dhcp
description Outside
duplex auto
firewall {
in {
name ALLOW_ESTABLISHED
}
local {
name ALLOW_ESTABLISHED
}
}
hw-id 00:50:56:83:39:3e
smp_affinity auto
speed auto
}
ethernet eth1 {
MTU 9000
description Inside
duplex auto
hw-id 00:50:56:83:70:c3
smp_affinity auto
speed auto
vif 10 {
address 192.168.10.1/24
description VLAN-10
}
vif 20 {
address 192.168.20.1/24
description VLAN-20
}
}
ethernet eth2 {
description DMZ
duplex auto
hw-id 00:50:56:83:51:b7
smp_affinity auto
speed auto
}
loopback lo {
}
}
service {
dhcp-server {
disabled false
shared-network-name POOL1 {
authoritative disable
description VLAN10
subnet 192.168.10.0/24 {
default-router 192.168.10.1
dns-server 192.168.10.1
domain-name Vyatta.local
lease 86400
start 192.168.10.10 {
stop 192.168.10.200
}
}
}
shared-network-name POOL2 {
authoritative disable
description VLAN20
subnet 192.168.20.0/24 {
default-router 192.168.20.1
dns-server 192.168.20.1
domain-name vyatta.local
lease 86400
start 192.168.20.10 {
stop 192.168.20.240
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth1.10
listen-on eth1.20
name-server 208.67.222.222
name-server 208.67.220.220
}
}
nat {
rule 10 {
outbound-interface eth0
source {
address 192.168.10.0/24
}
type masquerade
}
rule 20 {
outbound-interface eth0
source {
address 192.168.20.0/24
}
type masquerade
}
}
ssh {
allow-root
port 22
protocol-version v2
}
}
system {
host-name vyatta
login {
user root {
authentication {
encrypted-password $1$ORKO400D$9GoL/vifapZLo3p.sLkUs/
plaintext-password ""
}
level admin
}
user vyatta {
authentication {
encrypted-password $1$Z9oMjC/m$r.T2vNILnVuZnIwkKhg58.
}
level admin
}
}
ntp-server 0.vyatta.pool.ntp.org
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
repository lenny {
components main
distribution lenny
password ""
url http://packages.vyatta.com/debian/
username ""
}
repository VC6 {
components main
distribution VC6.0
password ""
url http://packages.vyatta.com/vyatta/
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone GMT
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "cluster@1:dhcp-relay@1:dhcp-server@4:firewall@3:ipsec@2:nat@3:quagga@1:system@3:vrrp@1:wanloadbalance@2:webgui@1:webproxy@1" === */
/* Release version: VC6.0-2010.03.22 */



Enjoy!

14 comments:

afokkema said...

The download link isn't working. Great post though!

Roggy said...

Thanks..should be fixed now

afokkema said...

downloading as we speak :-) Thanks for fixing the download link!

Stig said...

Good stuff Roggy. I added a link to this on http://www.vyatta.org/documentation/tips-tricks

jaejaneiro said...

Hi. Can you tell me if Vyatta is a router software simulator? I had been looking for a vmware router simulator, but i don´t know if it exists...for that i ask you.
I a looking for a router IOS simulator for vmware but don´t even know if that exists.
Thank you.

Roggy said...

Vyatta is not a simulator it is a full router!

However it is great for learning routing and creating labs.

If you want something to simulate IOS I suggest you look at GNS.

Steve said...

So I am wondering if this router on a stick configuration would work with two subnets on DIFFERENT esxi hosts? One is for dev, one is for test, and there are some instances where I need to share between the two.

Steve said...
This comment has been removed by the author.
Roggy said...

Sure you would have to decide how you want to exchange routes though.
Take a look at my OSPF vmware lab for more info.

Hope that helps !

Bilâl Güvenç said...

I'm using my modem in the bridge mode but it still uses its router, 192.168.20.1 and at the starting its ping time is 7 ms but over a time it reaches up to 55 ms, modem's ip is 192.168.2.1 and its ping time is 1 ms. I tried to use static routing using the closest router as target but my modem's router in the path still. Therefore how can I disable modem's router?

WebHostingUniverse said...

You are on the same vSwitch, It will route even without a router. I tried with physical vnics but not working.

Justin Leo Rodriguez said...

Thanks for the link. I also thought at first it was a simulator. I've been looking for the best wireless routers to choose from, actually. I've been reading reviews for a month now, and I haven't decided yet. Thanks!

Damian said...
This comment has been removed by the author.
Jan said...

Thank you for the great explination and videos, well done!