Pages

Sunday, March 9, 2025

FreeBSD Router/DNS/DHCP configuration

General config

/etc/rc.conf

hostname="DC-CORE-ROUTER"
ifconfig_vmx0="DHCP"
ifconfig_vmx1="inet 10.160.4.254/24"
ifconfig_vmx2="up"
vlans_vmx2="5 8 9"
ifconfig_vmx2_5="inet 10.160.5.254/24"
ifconfig_vmx2_8="inet 10.160.8.254/24"
ifconfig_vmx2_9="inet 10.160.9.254/24"
gateway_enable="YES"
firewall_enable="YES"
firewall_type="open"
firewall_nat_enable="YES"
firewall_nat_interface="vmx0"
#defaultrouter="" # DHCP
sshd_enable="YES"
ntpd_enable="YES"
ntpd_sync_on_start="YES"
moused_nondefault_enable="NO"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
kea_enable="YES"
kea_dhcp4_enable="YES"
named_enable="YES"

DHCP config

/usr/local/etc/kea/kea-dhcp4.conf

{
  "Dhcp4": {
    "interfaces-config": {
      "interfaces": ["vmx1", "vmx2.5", "vmx2.8", "vmx2.9"]
    },
    "lease-database": {
      "type": "memfile",
      "persist": true,
      "name": "/var/db/kea/dhcp4.leases"
    },
    "option-data": [
      {
        "name": "domain-search",
        "data": "p6.uw.cz"
      },
      {
        "name": "domain-name-servers",
        "data": "10.160.4.254"
      }
    ],
    "subnet4": [
      {
        "id": 1,
        "subnet": "10.160.4.0/24",
        "pools": [
          {
            "pool": "10.160.4.150 - 10.160.4.199"
          }
        ],
        "option-data": [
          {
            "name": "routers",
            "data": "10.160.4.254"
          }
        ]
      },
      {
        "id": 2,
        "subnet": "10.160.5.0/24",
        "pools": [
          {
            "pool": "10.160.5.100 - 10.160.5.200"
          }
        ],
        "interface": "vmx2.5",
        "option-data": [
          {
            "name": "routers",
            "data": "10.160.5.254"
          }
        ]
      },
      {
        "id": 3,
        "subnet": "10.160.8.0/24",
        "pools": [
          {
            "pool": "10.160.8.100 - 10.160.8.200"
          }
        ],
        "interface": "vmx2.8",
        "option-data": [
          {
            "name": "routers",
            "data": "10.160.8.254"
          }
        ]
      },
      {
        "id": 4,
        "subnet": "10.160.9.0/24",
        "pools": [
          {
            "pool": "10.160.9.100 - 10.160.9.200"
          }
        ],
        "interface": "vmx2.9",
        "option-data": [
          {
            "name": "routers",
            "data": "10.160.9.254"
          }
        ]
      }
    ]
  }
}

DNS (BIND) config

/usr/local/etc/namedb/named.conf

options {
        // All file and path names are relative to the chroot directory,
        // if any, and should be fully qualified.
        directory       "/usr/local/etc/namedb/working";
        pid-file        "/var/run/named/pid";
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";
        allow-query     { any; };
        allow-transfer  { any; };
        listen-on       { 127.0.0.1; 10.160.4.254; };
        disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
        disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
        disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
        forwarders {
                1.1.1.1; 8.8.8.8; 8.8.4.4;
        };
 
zone "." { type hint; file "/usr/local/etc/namedb/named.root"; };

zone "." {
        type secondary;
        file "/usr/local/etc/namedb/secondary/root.secondary";
        primaries {
                192.0.32.132;           // lax.xfr.dns.icann.org
                2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
                192.0.47.132;           // iad.xfr.dns.icann.org
                2620:0:2830:202::132;   // iad.xfr.dns.icann.org
        };
        notify no;
};
zone "arpa" {
        type secondary;
        file "/usr/local/etc/namedb/secondary/arpa.secondary";
        primaries {
                192.0.32.132;           // lax.xfr.dns.icann.org
                2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
                192.0.47.132;           // iad.xfr.dns.icann.org
                2620:0:2830:202::132;   // iad.xfr.dns.icann.org
        };
        notify no;
};
zone "in-addr.arpa" {
        type secondary;
        file "/usr/local/etc/namedb/secondary/in-addr.arpa.secondary";
        primaries {
                192.0.32.132;           // lax.xfr.dns.icann.org
                2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
                192.0.47.132;           // iad.xfr.dns.icann.org
                2620:0:2830:202::132;   // iad.xfr.dns.icann.org
        };
        notify no;
};

zone "ip6.arpa" {
        type secondary;
        file "/usr/local/etc/namedb/secondary/ip6.arpa.secondary";
        primaries {
                192.0.32.132;           // lax.xfr.dns.icann.org
                2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
                192.0.47.132;           // iad.xfr.dns.icann.org
                2620:0:2830:202::132;   // iad.xfr.dns.icann.org
        };
        notify no;
};

// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
zone "localhost"        { type primary; file "/usr/local/etc/namedb/primary/localhost-forward.db"; };
zone "127.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/localhost-reverse.db"; };
zone "255.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };

// RFC 1912-style zone for IPv6 localhost address (RFC 6303)
zone "0.ip6.arpa"       { type primary; file "/usr/local/etc/namedb/primary/localhost-reverse.db"; };

// "This" Network (RFCs 1912, 5735 and 6303)
zone "0.in-addr.arpa"   { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };

// Private Use Networks (RFCs 1918, 5735 and 6303)
zone "10.in-addr.arpa"     { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "16.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "17.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "18.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "19.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "20.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "21.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "22.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "23.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "24.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "25.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "26.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "27.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "28.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "29.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "30.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "31.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "168.192.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
 
// Shared Address Space (RFC 6598)
zone "64.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "65.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "66.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "67.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "68.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "69.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "70.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "71.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "72.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "73.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "74.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "75.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "76.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "77.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "78.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "79.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "80.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "81.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "82.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "83.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "84.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "85.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "86.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "87.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "88.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "89.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "90.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "91.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "92.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "93.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "94.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "95.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "96.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "97.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "98.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "99.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "100.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "101.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "102.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "103.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "104.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "105.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "106.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "107.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "108.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "109.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "110.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "111.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "112.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "113.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "114.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "115.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "116.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "117.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "118.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "119.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "120.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "121.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "122.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "123.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "124.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "125.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "126.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "127.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };


// Link-local/APIPA (RFCs 3927, 5735 and 6303)
zone "254.169.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };

// IETF protocol assignments (RFCs 5735 and 5736)
zone "0.0.192.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };

// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
zone "2.0.192.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "100.51.198.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "113.0.203.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };

// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
zone "8.b.d.0.1.0.0.2.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };

// Router Benchmark Testing (RFCs 2544 and 5735)
zone "18.198.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "19.198.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };

// IANA Reserved - Old Class E Space (RFC 5735)
zone "240.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "241.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "242.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "243.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "244.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "245.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "246.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "247.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "248.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "249.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "250.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "251.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "252.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "253.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "254.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };

// IPv6 Unassigned Addresses (RFC 4291)
zone "1.ip6.arpa"       { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "3.ip6.arpa"       { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "4.ip6.arpa"       { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "5.ip6.arpa"       { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "6.ip6.arpa"       { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "7.ip6.arpa"       { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "8.ip6.arpa"       { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "9.ip6.arpa"       { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "a.ip6.arpa"       { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "b.ip6.arpa"       { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "c.ip6.arpa"       { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "d.ip6.arpa"       { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "e.ip6.arpa"       { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "0.f.ip6.arpa"     { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "1.f.ip6.arpa"     { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "2.f.ip6.arpa"     { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "3.f.ip6.arpa"     { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "4.f.ip6.arpa"     { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "5.f.ip6.arpa"     { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "6.f.ip6.arpa"     { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "7.f.ip6.arpa"     { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "8.f.ip6.arpa"     { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "9.f.ip6.arpa"     { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "a.f.ip6.arpa"     { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "b.f.ip6.arpa"     { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "0.e.f.ip6.arpa"   { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "1.e.f.ip6.arpa"   { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "2.e.f.ip6.arpa"   { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "3.e.f.ip6.arpa"   { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "4.e.f.ip6.arpa"   { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "5.e.f.ip6.arpa"   { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "6.e.f.ip6.arpa"   { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "7.e.f.ip6.arpa"   { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };

// IPv6 ULA (RFCs 4193 and 6303)
zone "c.f.ip6.arpa"     { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "d.f.ip6.arpa"     { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };

// IPv6 Link Local (RFCs 4291 and 6303)
zone "8.e.f.ip6.arpa"   { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "9.e.f.ip6.arpa"   { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "a.e.f.ip6.arpa"   { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "b.e.f.ip6.arpa"   { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };

// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
zone "c.e.f.ip6.arpa"   { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "d.e.f.ip6.arpa"   { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "e.e.f.ip6.arpa"   { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "f.e.f.ip6.arpa"   { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };

// IP6.INT is Deprecated (RFC 4159)
zone "ip6.int"          { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };

zone "p6.uw.cz" {
        type master;
        file "/usr/local/etc/namedb/master/p6.uw.cz.db";
};

/usr/local/etc/namedb/master/p6.uw.cz.db

$TTL 86400
@       IN      SOA     ns1.p6.uw.cz. admin.p6.uw.cz. (
                        2024030902  ; Serial
                        3600        ; Refresh
                        1800        ; Retry
                        1209600     ; Expire
                        86400 )     ; Minimum TTL

        IN      NS      ns1.p6.uw.cz.

gw1    IN      A       10.160.4.254
ns1     IN      A       10.160.4.254
mwin01  IN      A       10.160.4.24
mlin01  IN      A       10.160.4.26
nsxm    IN      A       10.160.4.99
vc01    IN      A       10.160.4.100
esx11   IN      A       10.160.4.111
esx12   IN      A       10.160.4.112
esx13   IN      A       10.160.4.113
esx14   IN      A       10.160.4.114

 

Posted by at No comments:

Jumbo Frames (MTU 9000) test between ESXi hosts

You must have Jumbo-Fames enabled on physical switches, in VMware Distributed Switch, and on all VMkernel interfaces where you would like to use Jumbo-Frames.

You can test Jambo-Frames (large MTU size) by pinging between two ESXi hosts. 

ESX11 has IP address 10.160.22.111 on vMotion vmk interface within vMotion TCP/IP stack. 

ESX12 has IP address 10.160.22.112 on vMotion vmk interface within vMotion TCP/IP stack.

[root@esx11:~] ping -I vmk1 -S vmotion -s 8972 -d 10.160.22.112
PING 10.160.22.112 (10.160.22.112): 8972 data bytes
8980 bytes from 10.160.22.112: icmp_seq=0 ttl=64 time=0.770 ms
8980 bytes from 10.160.22.112: icmp_seq=1 ttl=64 time=0.637 ms
8980 bytes from 10.160.22.112: icmp_seq=2 ttl=64 time=0.719 ms

Above is succesful test of large ICMP packets with flag -d (fragmentation disabled). Packets with size 8972 bytes can be transfered over the network without fragmentation. 

Bellow is visible that packets with size 8973 bytes cannot be transfered over the network without fragmentation.

[root@esx11:~] ping -I vmk1 -S vmotion -s 8973 -d 10.160.22.112
PING 10.160.22.112 (10.160.22.112): 8973 data bytes
sendto() failed (Message too long)
sendto() failed (Message too long)
sendto() failed (Message too long)

This is how network with Jumbo Frames enabled should behave.

 

Posted by at No comments:

Friday, March 7, 2025

How to run IPERF on ESXi host?

# Disable firewall
esxcli network firewall set --enabled false
# Allow execute binaries which are not part of base installation
localcli system settings advanced set -o /User/execInstalledOnly -i 0
 
# Make a copy of iperf
cd /usr/lib/vmware/vsan/bin
cp iperf3 iperf3.copy
chmod +x iperf3

# Run iperf server
./iperf3.copy -s -B 192.168.123.22

# Run iperf client (typically from another ESXi host than iperf server)
./iperf3.copy -c -B 192.168.123.22

After iperf benchmarking you should enable firewall and disallow execution of binaries which are not part of base installation
 
# Cleaning
esxcli network firewall set --enabled true
localcli system settings advanced set -o /User/execInstalledOnly -i 1
 
Posted by at No comments:

Tuesday, March 4, 2025

FreeBSD KEA DHCP Server Install and Configuration

Installation

pkg install kea

System Config

sysrc kea_enable="YES"
sysrc kea_dhcp4_enable="YES"

Start service

/usr/local/etc/rc.d/kea start

or

service kea start

Config file at /usr/local/etc/kea/kea-dhcp4.conf

{
  "Dhcp4": {
    "interfaces-config": {
      "interfaces": ["vmx1"]
    },
    "lease-database": {
      "type": "memfile",
      "persist": true,
      "name": "/var/db/kea/dhcp4.leases"
    },
    "option-data": [
      {
        "name": "domain-search",
        "data": "p6.uw.cz"
      },
      {
        "name": "domain-name-servers",
        "data": "10.160.4.254"
      }
    ],
    "subnet4": [
      {
        "id": 1,
        "subnet": "10.160.4.0/24",
        "pools": [
          {
            "pool": "10.160.4.150 - 10.160.4.199"
          }
        ],
        "option-data": [
          {
            "name": "routers",
            "data": "10.160.4.254"
          }
        ]
      }
    ]
  }
}

Restart service

/usr/local/etc/rc.d/kea restart

or

service kea restart

or

service kea stop
service kea start
Posted by at No comments:
Subscribe to: Posts (Atom)