VPP使用详解——使用VPP作为家庭路由器

介绍

VPP运行在Intel的Atom处理器系统上，是作为一个SOHO路由器的较好方案。

Linux发行版本

Linux发行版本使用的是Ubuntu 16.04 LTS，

安装VPP

Clone vpp 最新代码，编译软件：

$ git clone http://gerrit.fd.io/r/vpp vpp-gate
$ cd vpp-gate
$ make install-dep
$ make dpdk-install-dev
$ cd dpdk
$ sudo dpkg -i *.deb
$ cd ../build-root
$ ./bootstrap.sh
$ make PLATFORM=vpp TAG=vpp_debug install-deb
$ sudo dpkg -i *.deb
$ sudo service vpp stop

安装额外的软件包

作为最小安装需要，还需要安装sshd和isc-dhcp-server

$ apt-get install isc-dhcp-server sshd 

编辑vpp startup config

编辑 /etc/vpp/startup.conf, 按照如下内容.

unix {
  nodaemon
  log /var/log/vpp/vpp.log
  full-coredump
  cli-listen localhost:5002
  startup-config /home/userid/setup.gate
}

snat {
     max translations per user 500
}

配置isc-dhcp-server

指定内网网段，指定默认网关地址和DNS服务器地址

subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.10 192.168.1.99;
  option routers 192.168.1.1;
  option domain-name-servers 8.8.8.8;
}

配置/etc/ssh/sshd_config

# What ports, IPs and protocols we listen for
Port 

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

vpp 启动配置

这里的配置实用了IRB和SNAT插件

comment { bring the WAN interface up, then change the MAC address. Otherwise the rx filter will be misprogrammed! }

set int state GigabitEthernet3/0/0 up
set int mac address GigabitEthernet3/0/0 
set dhcp client intfc GigabitEthernet3/0/0 hostname vppgate

comment { create the IRB loopback interface, give it the usual local network IP address }
loopback create
set int l2 bridge loop0 1 bvi
set int ip address loop0 192.168.1.1/24
set int state loop0 up

comment { add other inside addresses to the IRB bridge group }
set int l2 bridge GigabitEthernet4/0/0 1
set int state GigabitEthernet4/0/0 up 

set int l2 bridge GigabitEthernet0/14/0 1
set int state GigabitEthernet0/14/0 up 
 
set int l2 bridge GigabitEthernet0/14/1 1
set int state GigabitEthernet0/14/1 up 

set int l2 bridge GigabitEthernet0/14/2 1
set int state GigabitEthernet0/14/2 up 

comment { create a tap interface for dhcp server and host-stack access }
tap connect lstack address 192.168.1.2/24
  
set int l2 bridge tap-0 1
set int state tap-0 up
 
comment { Configure the snat plugin }
   
nat44 add interface address GigabitEthernet3/0/0
set interface nat44 in loop0 out GigabitEthernet3/0/0

comment { create static outside-to-inside port mappings }

comment { Send traffic received on the WAN interface DHCP address,  to 192.168.1.xxx, 
nat44 add static mapping local 192.168.1.xxx  external GigabitEthernet3/0/0  tcp

comment { Enable the vpp DNS caching name resolver }

comment { nat44 add identity mapping external GigabitEthernet3/0/0 udp 53053  }
comment { bin dns_name_server_add_del 8.8.8.8 }
comment { bin dns_enable_disable }

验证DNS解析

vpp# bin dns_resolve_name www.cisco.com

vpp# show dns cache verbose 2

或者 $ dig @192.168.1.1 www.cisco.com # from a Linux host