The 128T software is a set of daemons (processes) that run within a Linux operating system. There are many standard Linux components leveraged by 128T (e.g., NTP, sshd, dnf, etc.) that require network access. These components (hereafter referred to as host components) will send traffic via Linux's routing table unless instructed otherwise. This document describes the best practice for routing that traffic from the underlying Linux host operating system into the 128T routing domain, for subsequent traffic forwarding using the 128T paradigm.
When running on the host platform, the 128T has its own routing table in addition to the one that is running within Linux.
This document applies specifically to 128T routers. The 128T conductor does not require any special configuration to affect Linux host networking, since it does not forward packets using any technique other than Linux host networking to begin with.
To forward traffic between Linux and 128T, we will use an interface type known as a Kernel Network Interface, or KNI. This is used to connect userspace applications with kernel networking.
By default, the 128T creates a KNI interface ("kni254") that is used to route packets to Linux as part of its host-service configuration. (A host-service is configured on a network-interface, and is used to forward various traffic types such as SSH and HTTP/HTTPS to Linux applications.) This kni254 interface is, by default, only used for inbound traffic (from Linux to the 128T) for host-services. By following the steps below, we can leverage the kni254 interface to send outbound traffic to 128T.
Create services (or modify existing services) for network access, adding an
access-policy that permits the tenant
_internal_ tenant is associated with all inbound requests arriving from Linux to 128T via kni254.
description "internet reachability"
Traffic originating from Linux and traveling through a KNI interface will have a source address of 169.254.127.127, which is a link-local address. You must ensure that
source-nat is enabled on the egress interface used to carry this traffic out of the 128T platform.
If you want to selectively forward via 128T, you can edit
/etc/sysconfig/network-scripts/route-kni254 from its default route of
0.0.0.0/0 with any address/prefix you wish. Additionally, you can edit the
route-kni254 file to contain as many individual route statements as you like; it is important to only edit this file while 128T is stopped, however, since 128T will cache the contents of the file when it starts, and restore the copy it cached when software is stopped.
- Stop 128T software on a given router. There are many ways to accomplish this, one of which is to type
sudo systemctl stop 128Tfrom the Linux shell prompt.
You must ensure you are in a position to access the Linux subsystem on a 128T router even when 128T software is not running.
- Add a route to the internet in a route file associated with
kni254(the following should all be typed on one line):
sudo echo 0.0.0.0/0 via 169.254.127.126 dev kni254 metric 200 > /etc/sysconfig/network-scripts/route-kni254
- Start 128T software:
sudo systemctl start 128T
The loopback-static-route plugin can be installed and enabled on the 128T router to dynamically manage Linux routes.
host device-interface can be configured with a vlan-enabled network interface. Doing so creates a unique linux interface that is managed for each network-interface, but only one underlying KNI will be created on the system. If there is no non-vlan network-interface on the device-interface, an implicit underlying “base” interface is instantiated for the KNI, and linux VLAN interfaces are stacked on it.
Output reflecting KNI interfaces with a VLAN of 200 configured:
admin@t124-dut1.Fabric128# show device-interface
Sat 2019-02-16 18:45:18 UTC
MAC Address: b2:9c:1f:9a:d9:7a
Admin Status: up
Operational Status: up
Redundancy Status: non-redundant
base state: good
vlan state: good
Completed in 0.24 seconds
admin@t124-dut1.Fabric128# show platform device-interfaces
Sat 2019-02-16 18:45:56 UTC
Device Interface Information
Driver Version: unavailable
MAC Address: be:0c:c2:1e:79:be
Firmware Version: unavailable
Statistics Supported: unavailable
Test Info Supported: unavailable
EEPROM Access Supported: unavailable
Register Dump Supported: unavailable
base info: good
vlan info: good
Completed in 1.29 seconds