BGP and OSPF *nix Router ( quagga - Debian )

A quick how-to setup a quagga BGP and OSPF router on nix ( debian linux ).
The setup following describes an inner-node AWMN router that resides on the same AS and the same broadcast domain with four other Border Routers.

Install quagga
#apt-get install quagga


Check if IP Forwarding is enabled
#cat /proc/sys/net/ipv4/ip_forward 
1

if 0, then
#echo 1 > /proc/sys/net/ipv4/ip_forward
#echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf


Allow 224.0.0.0/4 - multicast OSFP traffic
#iptables -A INPUT -d 224.0.0.0/4  -m state --state NEW  -j ACCEPT


Allow BGP traffic
#iptables -A INPUT -p tcp --dport 179 -j ACCEPT
(a version of bif --that does it well and fixes many things on the old bif already exists. I will post it here soon. )

Set to yes --highest priority-- the zebra, bgpd , and ospfd daemons on /etc/quagga/daemons
#cat /etc/quagga/daemons 
# This file tells the quagga package which daemons to start.
#
# Entries are in the format: =(yes|no|priority)
#   0, "no"  = disabled
#   1, "yes" = highest priority
#   2 .. 10  = lower priorities
# Read /usr/share/doc/quagga/README.Debian for details.
#
# Sample configurations for these daemons can be found in
# /usr/share/doc/quagga/examples/.
#
# ATTENTION: 
#
# When activation a daemon at the first time, a config file, even if it is
# empty, has to be present *and* be owned by the user and group "quagga", else
# the daemon will not be started by /etc/init.d/quagga. The permissions should
# be u=rw,g=r,o=.
# When using "vtysh" such a config file is also needed. It should be owned by
# group "quaggavty" and set to ug=rw,o= though. Check /etc/pam.d/quagga, too.
#
zebra=yes
bgpd=yes
ospfd=yes
ospf6d=no
ripd=no
ripngd=no
isisd=no




Copy the ospfd and bgpd example files into /etc/quagga and adjust ownerships
#cp /usr/share/doc/quagga/examples/bgpd.conf.sample /etc/quagga/bgpd.conf
#cp /usr/share/doc/quagga/examples/ospfd.conf.sample /etc/quagga/ospfd.conf
#chown quagga.quaggavty /etc/quagga/*d.conf


This is how my bgpd.conf looks like. This router will be used mostly to monitor BGP so no filters are used, some example filters are commented out. All of its neighbors are in the same Autonomous System.
#cat /etc/quagga/bgpd.conf 
hostname ares

log file /green/log/quagga/bgpd.log
log monitor
log stdout
log syslog

!
password password0
enable password passworde0
!

router bgp 20305
 bgp router-id 10.21.241.126
 network 10.21.241.126/32

! ipduh002011
 neighbor 10.21.241.69 remote-as 20305
 neighbor 10.21.241.69 description ipduh AWMN BGP Feed
 neighbor 10.21.241.69 timers 10 30
 neighbor 10.21.241.69 capability dynamic
 neighbor 10.21.241.69 capability orf prefix-list both
 neighbor 10.21.241.69 soft-reconfiguration inbound

! neighbor 10.21.241.69 prefix-list awmn-bgp in
! neighbor 10.21.241.69 filter-list maxaslength out

! ipduh04711
 neighbor 10.21.241.68 remote-as 20305
 neighbor 10.21.241.68 description ipduh AWMN BGP Feed
 neighbor 10.21.241.68 timers 10 30
 neighbor 10.21.241.68 capability dynamic
 neighbor 10.21.241.68 capability orf prefix-list both
 neighbor 10.21.241.68 soft-reconfiguration inbound

! neighbor 10.21.241.68 prefix-list awmn-bgp in
! neighbor 10.21.241.68 filter-list maxaslength out

! ipduh01433
 neighbor 10.21.241.67 remote-as 20305
 neighbor 10.21.241.67 description ipduh AWMN BGP Feed
 neighbor 10.21.241.67 timers 10 30
 neighbor 10.21.241.67 capability dynamic
 neighbor 10.21.241.67 capability orf prefix-list both
 neighbor 10.21.241.67 soft-reconfiguration inbound

!
!

! ipduh03711
 neighbor 10.21.241.66 remote-as 20305
 neighbor 10.21.241.66 description ipduh AWMN BGP Feed
 neighbor 10.21.241.66 timers 10 30
 neighbor 10.21.241.66 capability dynamic
 neighbor 10.21.241.66 capability orf prefix-list both
 neighbor 10.21.241.66 soft-reconfiguration inbound

!
!

!Pretty much everything (even malakies) are allowed ... This is a BGP monitor
!
!ip prefix-list awmn-bgp seq 5 permit 10.0.0.0/8 ge 9 le 24
!ip prefix-list awmn-bgp seq 10 permit 10.0.0.0/15 le 32
!ip prefix-list awmn-bgp seq 15 deny any
!
!!ip as-path access-list maxaslength deny ( [0-9]+){250}$
ip as-path access-list maxaslength permit .*
!
line vty
!
end



This is how my ospfd.conf looks like. This Router is on the same broadcast domain with all his neighbors.
#cat /etc/quagga/ospfd.conf 
! -*- ospf -*-
!
! OSPFd sample configuration file
!
!
hostname ares
password anotherpassword
enable password yetanotherenablepassword
!
router ospf
  network 10.21.241.0/25 area 0
ospf router-id 10.21.241.126
!
log stdout



Restart all routing daemons.
#/etc/init.d/quagga restart
Stopping Quagga daemons (prio:0): (waiting) .. bgpd (waiting) .. ospfd (waiting) .. zebra (ripd) (ripngd) (ospf6d) (isisd).
Removing all routes made by zebra.
Loading capability module if not yet done.
Starting Quagga daemons (prio:10): zebra bgpd ospfd.


By default the quagga Daemons bound on the ports in the following list.
ZEBRA  2601
OSPF   2604
BGP    2605
RIPNG  2603
ospf6d 2606 


Check OSPF
#telnet 127.0.0.1 2604
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.

Hello, this is Quagga (version 0.99.20.1).
Copyright 1996-2005 Kunihiro Ishiguro, et al.


User Access Verification

Password: 
ares> show ip ospf neighbor all 

    Neighbor ID Pri State           Dead Time Address         Interface            RXmtL RqstL DBsmL
10.21.241.66      1 2-Way/DROther     33.906s 10.21.241.66    eth1:10.21.241.10        0     0     0
10.21.241.67      1 2-Way/DROther     36.107s 10.21.241.67    eth1:10.21.241.10        0     0     0
10.21.241.68      1 Full/Backup       35.947s 10.21.241.68    eth1:10.21.241.10        0     0     0
10.21.241.69      1 Full/DR           35.167s 10.21.241.69    eth1:10.21.241.10        0     0     0
ares> quit
Connection closed by foreign host.


Check BGP
#telnet 127.0.0.1 2605
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.

Hello, this is Quagga (version 0.99.20.1).
Copyright 1996-2005 Kunihiro Ishiguro, et al.


User Access Verification

Password: 
ares> show ip bgp
BGP table version is 0, local router ID is 10.21.241.126
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*>i10.0.0.0         10.21.241.141                 100      0 12629 16382 8266 4704 19074 14835 3352 ?
*>i10.0.0.0/9       10.21.241.141                 100      0 12629 16382 8266 4704 19074 14835 19601 172193 172194 31671 45808 10991 11023 11023 11023 4217 4319 49208 49207 i
* i10.0.0.0/10      10.21.241.134                 100      0 17925 15551 7474 18245 1702 2350 3016 263 8506 416 891 4097 12629 18242 19601 172193 i
*>i                 10.21.241.138                 100      0 18569 18606 18912 3210 13133 121 3016 263 8506 416 891 4097 12629 18242 19601 172193 i
*>i10.0.0.1/32      10.21.241.141                 100      0 12629 3936 10515 543 i
*>i10.0.0.10/32     10.21.241.141                 100      0 12629 16382 8506 263 24 9288 3665 65202 i
*>i10.0.10.0/24     10.21.241.141                 100      0 12629 18242 i
*>i10.0.11.0/24     10.21.241.141                 100      0 12629 18242 1286 14835 4758 15731 3341 i
*>i10.2.1.0/24      10.21.241.141                 100      0 12629 18242 1286 9533 16924 i
* i10.2.2.0/24      10.21.241.141                 100      0 12629 15465 2720 14209 17983 i
*>i                 10.21.241.138                 100      0 18569 6202 6801 17244 17983 i
*>i10.2.8.0/24      10.21.241.141                 100      0 12629 5078 146 280 i
*>i10.2.12.0/24     10.21.241.141                 100      0 12629 16382 11087 416 240 i
* i10.2.13.0/24     10.21.241.141                 100      0 12629 16382 11087 416 240 72 i
* i                 10.21.241.134                 100      0 17925 13835 2879 7659 2113 72 i
*>i                 10.21.241.138                 100      0 18569 6202 3667 7659 2113 72 i
*>i10.2.15.0/24     10.21.241.141                 100      0 12629 16382 11087 416 i
* i10.2.16.0/24     10.21.241.141                 100      0 12629 14822 3112 7736 8580 i
*>i                 10.21.241.138                 100      0 18569 18606 18912 7736 8580 i
* i10.2.17.0/24     10.21.241.141                 100      0 12629 16382 11087 416 240 72 i
* i                 10.21.241.134                 100      0 17925 13835 2879 7659 2113 72 i
*>i                 10.21.241.138                 100      0 18569 6202 3667 7659 2113 72 i
*>i10.2.18.0/24     10.21.241.141                 100      0 12629 18242 1286 577 4097 806 i
*>i10.2.19.0/24     10.21.241.141                 100      0 12629 10130 8137 14365 18250 646 57 3298 i
*>i10.2.20.0/24     10.21.241.141                 100      0 12629 5078 14694 i
*>i10.2.21.0/24     10.21.241.141                 100      0 12629 16382 11087 416 410 i
*>i10.2.22.0/24     10.21.241.141                 100      0 12629 16382 11087 416 891 i
*>i10.2.24.0/24     10.21.241.141                 100      0 12629 16382 11087 416 240 4003 i
*>i10.2.25.0/24     10.21.241.138                 100      0 18569 18606 4272 4263 1819 i
*>i10.2.27.0/24     10.21.241.141                 100      0 12629 17643 i
*>i10.2.31.0/24     10.21.241.141                 100      0 12629 15465 13133 121 3016 956 810 2315 2379 4758 15731 410 3200 4500 3507 2711 8580 i
*>i10.2.33.0/24     10.21.241.141                 100      0 12629 10130 8137 14365 18250 646 57 8073 7817 10030 7347 i
*>i10.2.34.0/24     10.21.241.141                 100      0 12629 18242 1286 45 34 3674 1549 i
*>i10.2.37.0/24     10.21.241.141                 100      0 12629 16455 12528 9031 2711 8580 i
*>i10.2.38.0/24     10.21.241.141                 100      0 12629 18242 1286 577 4097 i

....


OK, it works.

If you want to access all daemons from the same place look into enabling vtysh. You will have to set vtysh_enable to yes in /etc/quagga/debian.conf and create its configuration file. There is a sample file in /usr/share/doc/quagga/examples/vtysh.conf.sample.



QUAGGA BGP OSPF router