114 min listen
Episode 258: OS Foundations | BSD Now 258
FromBSD Now
ratings:
Length:
88 minutes
Released:
Aug 7, 2018
Format:
Podcast episode
Description
FreeBSD Foundation July Newsletter, a bunch of BSDCan trip reports, HardenedBSD Foundation status, FreeBSD and OSPFd, ZFS disk structure overview, and more Spectre mitigations in OpenBSD.
##Headlines
FreeBSD Foundation Update, July 2018
MESSAGE FROM THE EXECUTIVE DIRECTOR
We’re in the middle of summer here, in Boulder, CO. While the days are typically hot, they can also be quite unpredictable. Thanks to the Rocky Mountains, waking up to 50-degree (~10 C) foggy weather is not surprising. In spite of the unpredictable weather, many of us took some vacation this month. Whether it was extending the Fourth of July celebration, spending time with family, or relaxing and enjoying the summer weather, we appreciated our time off, while still managing to accomplish a lot!
In this newsletter, Glen Barber enlightens us about the upcoming 12.0 release. I gave a recap of OSCON, that Ed Maste and I attended, and Mark Johnston explains the work on his improved microcode loading project, that we are funding. Finally, Anne Dickison gives us a rundown on upcoming events and information on submitting a talk for MeetBSD.
Your support helps us continue this work. Please consider making a donation today. We can’t do it without you. Happy reading!!
June 2018 Development Projects Update
Fundraising Update: Supporting the Project
July 2018 Release Engineering Update
OSCON 2018 Recap
Submit Your Work: MeetBSD 2018
FreeBSD Discount for 2018 SNIA Developer Conference
EuroBSDcon 2018 Travel Grant Application Deadline: August 2
iXsystems
###BSDCan Trip Reports
BSDCan 2018 Trip Report: Constantin Stan
BSDCan 2018 Trip Report: Danilo G. Baio
BSDCan 2018 Trip Report: Rodrigo Osorio
BSDCan 2018 Trip Report: Dhananjay Balan
BSDCan 2018 Trip Report: Kyle Evans
##News Roundup
FreeBSD and OSPFd
With FreeBSD jails deployed around the world, static routing was getting a bit out of hand. Plus, when I needed to move a jail from one data center to another, I would have to update routing tables across multiple sites. Not ideal. Enter dynamic routing…
OSPF (open shortest path first) is an internal dynamic routing protocol that provides the autonomy that I needed and it’s fairly easy to setup. This article does not cover configuration of VPN links, ZFS, or Freebsd jails, however it’s recommended that you use seperate ZFS datasets per jail so that migration between hosts can be done with zfs send & receive.
In this scenario, we have five FreeBSD servers in two different data centers. Each physical server runs anywhere between three to ten jails. When jails are deployed, they are assigned a /32 IP on lo2. From here, pf handles inbound port forwarding and outbound NAT. Links between each server are provided by OpenVPN TAP interfaces. (I used TAP to pass layer 2 traffic. I seem to remember that I needed TAP interfaces due to needing GRE tunnels on top of TUN interfaces to get OSPF to communicate. I’ve heard TAP is slower than TUN so I may revisit this.)
In this example, we will use 172.16.2.0/24 as the range for OpenVPN P2P links and 172.16.3.0/24 as the range of IPs available for assignment to each jail. Previously, when deploying a jail, I assigned IPs based on the following groups:
Server 1: 172.16.3.0/28
Server 2: 172.16.3.16/28
Server 3: 172.16.3.32/28
Server 4: 172.16.3.48/28
Server 5: 172.16.3.64/28
When statically routing, this made routing tables a bit smaller and easier to manage. However, when I needed to migrate a jail to a new host, I had to add a new /32 to all routing tables. Now, with OSPF, this is no longer an issue, nor is it required.
To get started, first we install the Quagga package.
The two configuration files needed to get OSPFv2 running are /usr/local/etc/quagga/zebra.conf and /usr/local/etc/quagga/ospfd.conf.
Starting with zebra.conf, we’ll define the hostname and a management password.
Second, we will populate the ospfd.conf file.
To break this down:
service advanced-vty allows you to skip the en or enable command. Si
##Headlines
FreeBSD Foundation Update, July 2018
MESSAGE FROM THE EXECUTIVE DIRECTOR
We’re in the middle of summer here, in Boulder, CO. While the days are typically hot, they can also be quite unpredictable. Thanks to the Rocky Mountains, waking up to 50-degree (~10 C) foggy weather is not surprising. In spite of the unpredictable weather, many of us took some vacation this month. Whether it was extending the Fourth of July celebration, spending time with family, or relaxing and enjoying the summer weather, we appreciated our time off, while still managing to accomplish a lot!
In this newsletter, Glen Barber enlightens us about the upcoming 12.0 release. I gave a recap of OSCON, that Ed Maste and I attended, and Mark Johnston explains the work on his improved microcode loading project, that we are funding. Finally, Anne Dickison gives us a rundown on upcoming events and information on submitting a talk for MeetBSD.
Your support helps us continue this work. Please consider making a donation today. We can’t do it without you. Happy reading!!
June 2018 Development Projects Update
Fundraising Update: Supporting the Project
July 2018 Release Engineering Update
OSCON 2018 Recap
Submit Your Work: MeetBSD 2018
FreeBSD Discount for 2018 SNIA Developer Conference
EuroBSDcon 2018 Travel Grant Application Deadline: August 2
iXsystems
###BSDCan Trip Reports
BSDCan 2018 Trip Report: Constantin Stan
BSDCan 2018 Trip Report: Danilo G. Baio
BSDCan 2018 Trip Report: Rodrigo Osorio
BSDCan 2018 Trip Report: Dhananjay Balan
BSDCan 2018 Trip Report: Kyle Evans
##News Roundup
FreeBSD and OSPFd
With FreeBSD jails deployed around the world, static routing was getting a bit out of hand. Plus, when I needed to move a jail from one data center to another, I would have to update routing tables across multiple sites. Not ideal. Enter dynamic routing…
OSPF (open shortest path first) is an internal dynamic routing protocol that provides the autonomy that I needed and it’s fairly easy to setup. This article does not cover configuration of VPN links, ZFS, or Freebsd jails, however it’s recommended that you use seperate ZFS datasets per jail so that migration between hosts can be done with zfs send & receive.
In this scenario, we have five FreeBSD servers in two different data centers. Each physical server runs anywhere between three to ten jails. When jails are deployed, they are assigned a /32 IP on lo2. From here, pf handles inbound port forwarding and outbound NAT. Links between each server are provided by OpenVPN TAP interfaces. (I used TAP to pass layer 2 traffic. I seem to remember that I needed TAP interfaces due to needing GRE tunnels on top of TUN interfaces to get OSPF to communicate. I’ve heard TAP is slower than TUN so I may revisit this.)
In this example, we will use 172.16.2.0/24 as the range for OpenVPN P2P links and 172.16.3.0/24 as the range of IPs available for assignment to each jail. Previously, when deploying a jail, I assigned IPs based on the following groups:
Server 1: 172.16.3.0/28
Server 2: 172.16.3.16/28
Server 3: 172.16.3.32/28
Server 4: 172.16.3.48/28
Server 5: 172.16.3.64/28
When statically routing, this made routing tables a bit smaller and easier to manage. However, when I needed to migrate a jail to a new host, I had to add a new /32 to all routing tables. Now, with OSPF, this is no longer an issue, nor is it required.
To get started, first we install the Quagga package.
The two configuration files needed to get OSPFv2 running are /usr/local/etc/quagga/zebra.conf and /usr/local/etc/quagga/ospfd.conf.
Starting with zebra.conf, we’ll define the hostname and a management password.
Second, we will populate the ospfd.conf file.
To break this down:
service advanced-vty allows you to skip the en or enable command. Si
Released:
Aug 7, 2018
Format:
Podcast episode
Titles in the series (100)
1: BGP & BSD: We kick off the first episode with the latest BSD news, show you how to avoid intrusion detection systems and talk to Peter Hessler about BGP spam blacklists! by BSD Now