Olivier Cochard-LabbΓ©, creator of the FreeNAS distribution, release of a specialized distribution (BSDRP), notable for updating the codebase to FreeBSD 12.1. The distribution is designed to create compact software routers that support a wide range of protocols such as RIP, OSPF, BGP and PIM. Management is performed in command line mode via a CLI interface reminiscent of Cisco. Distribution in builds for amd64 and i386 architectures (installation image size 140 MB).
In addition to upgrading to FreeBSD 12.1-STABLE, the new version enabling default microcode loading for Intel processors and adding the wireguard, Mellanox Firmware, vim-tiny, mrtparse, nrpe3, perl, bash and frr7-pythontools packages, as well as the if_cxgbev (Chelsio Ethernet VF) and if_qlxgb (Ethernet QLogic 3200) drivers. Correct blocking of ICMP redirects is enabled by default. Updated software versions including easy-rsa 3.0.7, FRR 7.4, pmacct 1.7.4, openvpn 2.4.9 and strongswan 5.8.4. Multicast utilities for IPv6 (pim6-tools, pim6dd, pim6sd) are excluded from the composition.
The main characteristics of the distribution:
- The kit includes two packages with the implementation of routing protocols: (a fork of Quagga) supporting BGP, RIP, RIPng (IPv6), OSPF v2, OSFP v3 (IPv6), ISIS and with support for BGP, RIP, RIPng (IPv6), OSPF v2 and OSFP v3 (IPv6);
- The distribution is adapted for the parallel use of several separate routing tables (FIB) tied to real and virtual interfaces;
- SNMP (bsnmp-ucd) can be used for monitoring and management. Export of traffic data in the form of Netflow streams is supported;
- Network performance evaluation tools include NetPIPE, iperf, netblast, netsend, and netreceive. ng_netflow is used to accumulate traffic statistics;
- The presence of freevrrpd with the implementation of the VRRP protocol (Virtual Router Redundancy Protocol, RFC 3768) and ucarp with support for the CARP protocol, designed to organize the operation of fault-tolerant routers by binding a virtual MAC address to the active server, in case of failure moving to a backup server. In normal mode, the load can be distributed to both servers, but in the event of a failure, the first router can take over the load of the second, and the second - the first;
- (Multi-link PPP daemon) supporting PPTP, PPPoE and L2TP;
- To control bandwidth, it is proposed to use a shaper from the IPFW + dummynet or ;
- For Ethernet, work with VLAN (802.1q), link aggregation and the use of network bridges using the Rapid Spanning Tree Protocol (802.1w) is supported;
- Used for monitoring ;
- VPN support provided: GRE, GIF, IPSec (IKEv1 and IKEv2 with strongswan), OpenVPN and Wireguard;
- NAT64 support using tayga daemon and native support for IPv6-to-IPv4 tunnels;
- To install additional programs, use the pkgng package manager;
- Includes DHCP server and isc-dhcp client, and ssmtp mail server;
- Support management via SSH, serial port, telnet and local console. To simplify administration, the kit includes the tmux utility (the BSD equivalent of screen);
- Boot images generated from FreeBSD using a script ;
- To ensure the system update, two partitions are created on the Flash card, if an updated image is available, it is loaded into the second partition, after rebooting this partition becomes active, and the base partition is waiting for the next update (the partitions are used in turn). It is possible to rollback to the previous state of the system in case of problems with the installed update;
- Each file has a sha256 checksum, which allows you to control the integrity of the information.
Source: opennet.ru