RCPlive: Inter-VLAN Routing

Ethernet networks can be partitioned into multiple distinct broadcast domains using VLANs. VLAN domains are mutually isolated. Whenever a hosts in one VLAN domain needs to communicate with a hosts in another VLAN domain, the traffic must be routed between the two domains. This is known as inter-VLAN routing.

This document provides a VLAN configuration example for a small network split into two separate VLAN domains: SALES and ENGINEERING. The backbone consists of two VLAN bridges connected by a VLAN trunk. I will use a Linux-based router, RCPlive, connected to the trunk to provide routing between the two VLAN domains and the outside world. On the router I will also enable a number of services such as DHCP and stateful firewall.

VLAN network

VLAN network

Introducing RCPlive

RCPlive is a free, open source router live CD based on Debian 7 and RCP100 routing suite. With an ISO image size of about 50MB, RCPlive is a flexible firewalling and routing platform. It is configured using a command line interface (CLI) syntax similar to the one found in commercial routers.

The software runs directly from a read-only CD or USB stick, and it provides persistence by saving the configuration into a file placed on an existing disk partition.

RCPlive supports layer 3 VLAN interfaces. These interfaces act as any other layer 3 interface and participate in routing. All normal routing features and services are available on VLAN interfaces.

Backbone configuration

On each backbone bridge, VLANs are defined on a port by port basis. Depending where is connected, a port can be either an access port or a trunk port.

Access ports are attached to end user workstations or servers, and they belong to one and only one VLAN. VLAN tagging takes place inside the bridge, as a result the traffic on the link is normal Ethernet non-VLAN traffic.

Traffic for multiple VLANs is multiplexed over trunk links. Trunk links are used to interconnect bridges and VLAN-aware routers.

The configuration consist of going through each bridge port and setting it up as an access port or a trunk port. I set ENGINEERING ports on VLAN ID 10, and SALES ports on VLAN ID 20. More likely, the configuration is entered using CLI, although some manufacturers also provide a web-based configurator.

Basic router configuration

RCPlive runs from a bootable CD or USB stick, as such there isn’t any disk to partition and format. First boot on RCPlive media, persistence is configured by running persist.sh script. The process is simple and straightforward.

It is advisable to change the default passwords for administrator account and web-based configurator. Additional administrator accounts can also be created. From computer console I log in as user rcp, password rpc, then I go into configuration mode and change the passwords:

User: rcp
Password: 
rcp>en
rcp#configure
rcp(config)#administrator rcp password a-secret-password
rcp(config)#service http password another-secret-password

Passwords are saved as a hash in the running or startup configuration:

rcp(config)#show running-config
...
service http encrypted password VWYBTYPF$00d01c8d3151b2a3eb18746903a8e7a7
administrator rcp encrypted password OGAVBTMH$x.hn.WDEufzIRIdHH.39b1
...

The next step is to configure the outside interface eth0, the default gateway address and name servers:

rcp(config)#interface ethernet eth0
rcp(config-if eth0)#ip address 192.168.1.1/24
rcp(config-if eth0)#no shutdown 
rcp(config-if eth0)#exit
rcp(config)#ip default-gateway 192.168.1.15
rcp(config)#ip name-server 8.8.8.8 
rcp(config)#ip name-server 8.8.4.4

In this moment we should be able to go on the Internet:

rcp(config)#ping google.com
PING google.com (74.125.228.33) 56(84) bytes of data.
64 bytes from iad23s06-in-f1.1e100.net (74.125.228.33): icmp_req=1 ttl=53 time=57.0 ms
64 bytes from iad23s06-in-f1.1e100.net (74.125.228.33): icmp_req=2 ttl=53 time=60.2 ms
64 bytes from iad23s06-in-f1.1e100.net (74.125.228.33): icmp_req=3 ttl=53 time=56.6 ms
64 bytes from iad23s06-in-f1.1e100.net (74.125.228.33): icmp_req=4 ttl=53 time=57.6 ms
64 bytes from iad23s06-in-f1.1e100.net (74.125.228.33): icmp_req=5 ttl=53 time=57.7 ms

--- google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 56.655/57.863/60.241/1.264 ms
rcp(config)#
About these ads

9 thoughts on “RCPlive: Inter-VLAN Routing

  1. Pingback: RCPlive: Inter-VLAN Routing | Hallow Demon

  2. Pingback: Links 21/11/2013: Applications and Instructionals | Techrights

  3. Pingback: test my blog font | Juniper's JUNOS vs. Cisco's IOS

  4. Nick B.

    RCP100 looks a very interesting tool, particularly the cli. At first glance I thought I was reading about Quagga but I can see now it’s a completely new creation.
    I’ve been using OpenBSD to do similar things, creating routers in VMs to interface and test Cisco configs, either when I’m short of routers or just for network training. I usually create VMs under VirtualBox then connect to the outside world using .1Q and a breakout switch. I can see a definite advantage replacing it with RCP100 to keep the CLI familiarity.
    What are the plans for ipv6 support? It’s all there in the underlying OS and It’s a feature I would like to see.

    I originally landed on your blog after searching for ideas on lightweight Linux distros. Finding RCP100 was a bonus!

    Reply
    1. netblue30 Post author

      Thank you for your comment. Indeed, RCP100 is excellent for testing all kind of setups using some form of virtualization. I usually set the routers up in LXC (linux containers). IPv6 support is under development, it will be released probably later this year.

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s