Skip to content

Instantly share code, notes, and snippets.

@ciis0

ciis0/fou-about.md

Last active January 16, 2024 02:42
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ciis0/b7c7b179978fa8b5b907b9abedeb6092 to your computer and use it in GitHub Desktop.
Save ciis0/b7c7b179978fa8b5b907b9abedeb6092 to your computer and use it in GitHub Desktop.
Download ZIP
setup fou (foo-over-udp) ipip tunnel on ubuntu
Raw
fou-about.md

Some networks, e.g. Azure VNets, are quite restrictive about the supported procotols. Azure for example only supports TCP and UDP. Fortunately there is the Foo-Over-UDP ("FOU"), tunneling over UDP and thus bypassing the Azure limitation.

  1. You need a Linux distribution that supports FOU, for example Ubuntu.
    RHEL for example does not support FOU (so Fedora and CentOS probably neither).
  2. the fou module must be configured to be loaded automatically. (modprobe fou, /etc/modules.conf)
  3. choose your "foo": e.g. IPIP.
    Check your OS docs what other protocols are supported, for example via man systemd.netdev.
  4. sending and receving FOU is separated, you will need to create on device for each:
    1. create one device for sending/encapsulation (fou-tx, fou-tx.netdev)
    2. create one device for receiving/decapsulation (fou-rx, fou-rx.netdev)
  5. attach network to device for sending (fou-static.network)
  6. reboot
  7. ... wait for machine(s) to come back ...
  8. profit!

Some links:

infra@left:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.3 LTS
Release:        20.04
Codename:       focal

infra@left:~$ ping 10.0.1.2 -c 4
PING 10.0.1.2 (10.0.1.2) 56(84) bytes of data.
64 bytes from 10.0.1.2: icmp_seq=1 ttl=64 time=0.463 ms
64 bytes from 10.0.1.2: icmp_seq=2 ttl=64 time=0.469 ms
64 bytes from 10.0.1.2: icmp_seq=3 ttl=64 time=0.771 ms
64 bytes from 10.0.1.2: icmp_seq=4 ttl=64 time=1.37 ms

--- 10.0.1.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3020ms
rtt min/avg/max/mdev = 0.463/0.769/1.373/0.370 ms

infra@right:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.3 LTS
Release:        20.04
Codename:       focal

infra@right:~$ ping -c 4 10.0.1.1
PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data.
64 bytes from 10.0.1.1: icmp_seq=1 ttl=64 time=0.768 ms
64 bytes from 10.0.1.1: icmp_seq=2 ttl=64 time=0.515 ms
64 bytes from 10.0.1.1: icmp_seq=3 ttl=64 time=0.745 ms
64 bytes from 10.0.1.1: icmp_seq=4 ttl=64 time=0.654 ms

--- 10.0.1.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3070ms
rtt min/avg/max/mdev = 0.515/0.670/0.768/0.099 ms
Raw
fou-left.txt
infra@left:~$ tail -n+0 /etc/modules /etc/systemd/network/{fou-tx.netdev,fou-rx.netdev,fou-static.network}
==> /etc/systemd/network/1-fou-tunnel.netdev <==
# https://freedesktop.org/software/systemd/man/systemd.netdev.html#id-1.37.5
[NetDev]
Name=fou-rx
Description=FOU receive device (decap)
Kind=fou
[FooOverUDP]
Port=5555
# 4 := IPIP
Protocol=4
==> /etc/systemd/network/25-fou-ipip.netdev <==
# https://freedesktop.org/software/systemd/man/systemd.netdev.html#id-1.37.6
[NetDev]
Name=fou-tx
Description=FOU transfer device (encap)
# must be in sync with rx/decap on other side
Kind=ipip
[Tunnel]
Independent=yes
Local=192.168.114.42
Remote=192.168.112.54
FooOverUDP=yes
FOUDestinationPort=5555
==> /etc/systemd/network/50-static.network <==
# https://freedesktop.org/software/systemd/man/systemd.network.html#id-1.57.2
[Match]
Name=fou-tx
[Network]
Address=10.0.1.2/30
==> /etc/modules <==
# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.
fou
Raw
fou-right.txt
infra@right:~$ tail -n+0 /etc/systemd/network/* /etc/modules
==> /etc/systemd/network/1-fou-tunnel.netdev <==
# https://freedesktop.org/software/systemd/man/systemd.netdev.html#id-1.37.5
[NetDev]
Name=fou-rx
Description=FOU receive device (decap)
Kind=fou
[FooOverUDP]
Port=5555
# 4 := IPIP
Protocol=4
==> /etc/systemd/network/25-fou-ipip.netdev <==
# https://freedesktop.org/software/systemd/man/systemd.netdev.html#id-1.37.6
[NetDev]
Name=fou-tx
Description=FOU transfer device (encap)
# must be in sync with rx/decap on other side
Kind=ipip
[Tunnel]
Independent=yes
Local=192.168.112.54
Remote=192.168.114.42
FooOverUDP=yes
FOUDestinationPort=5555
==> /etc/systemd/network/50-static.network <==
# https://freedesktop.org/software/systemd/man/systemd.network.html#id-1.57.2
[Match]
Name=fou-tx
[Network]
Address=10.0.1.1/30
==> /etc/modules <==
# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.
fou
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment