The setup following describes an inner-node AWMN router that resides on the same AS and the same broadcast domain with four other Border Routers.
Install quagga
#apt-get install quagga
Check if IP Forwarding is enabled
#cat /proc/sys/net/ipv4/ip_forward 1
if 0, then
#echo 1 > /proc/sys/net/ipv4/ip_forward #echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
Allow 224.0.0.0/4 - multicast OSFP traffic
#iptables -A INPUT -d 224.0.0.0/4 -m state --state NEW -j ACCEPT
Allow BGP traffic
#iptables -A INPUT -p tcp --dport 179 -j ACCEPT(a version of bif --that does it well and fixes many things on the old bif already exists. I will post it here soon. )
Set to yes --highest priority-- the zebra, bgpd , and ospfd daemons on /etc/quagga/daemons
#cat /etc/quagga/daemons # This file tells the quagga package which daemons to start. # # Entries are in the format:=(yes|no|priority) # 0, "no" = disabled # 1, "yes" = highest priority # 2 .. 10 = lower priorities # Read /usr/share/doc/quagga/README.Debian for details. # # Sample configurations for these daemons can be found in # /usr/share/doc/quagga/examples/. # # ATTENTION: # # When activation a daemon at the first time, a config file, even if it is # empty, has to be present *and* be owned by the user and group "quagga", else # the daemon will not be started by /etc/init.d/quagga. The permissions should # be u=rw,g=r,o=. # When using "vtysh" such a config file is also needed. It should be owned by # group "quaggavty" and set to ug=rw,o= though. Check /etc/pam.d/quagga, too. # zebra=yes bgpd=yes ospfd=yes ospf6d=no ripd=no ripngd=no isisd=no
Copy the ospfd and bgpd example files into /etc/quagga and adjust ownerships
#cp /usr/share/doc/quagga/examples/bgpd.conf.sample /etc/quagga/bgpd.conf #cp /usr/share/doc/quagga/examples/ospfd.conf.sample /etc/quagga/ospfd.conf #chown quagga.quaggavty /etc/quagga/*d.conf
This is how my bgpd.conf looks like. This router will be used mostly to monitor BGP so no filters are used, some example filters are commented out. All of its neighbors are in the same Autonomous System.
#cat /etc/quagga/bgpd.conf hostname ares log file /green/log/quagga/bgpd.log log monitor log stdout log syslog ! password password0 enable password passworde0 ! router bgp 20305 bgp router-id 10.21.241.126 network 10.21.241.126/32 ! ipduh002011 neighbor 10.21.241.69 remote-as 20305 neighbor 10.21.241.69 description ipduh AWMN BGP Feed neighbor 10.21.241.69 timers 10 30 neighbor 10.21.241.69 capability dynamic neighbor 10.21.241.69 capability orf prefix-list both neighbor 10.21.241.69 soft-reconfiguration inbound ! neighbor 10.21.241.69 prefix-list awmn-bgp in ! neighbor 10.21.241.69 filter-list maxaslength out ! ipduh04711 neighbor 10.21.241.68 remote-as 20305 neighbor 10.21.241.68 description ipduh AWMN BGP Feed neighbor 10.21.241.68 timers 10 30 neighbor 10.21.241.68 capability dynamic neighbor 10.21.241.68 capability orf prefix-list both neighbor 10.21.241.68 soft-reconfiguration inbound ! neighbor 10.21.241.68 prefix-list awmn-bgp in ! neighbor 10.21.241.68 filter-list maxaslength out ! ipduh01433 neighbor 10.21.241.67 remote-as 20305 neighbor 10.21.241.67 description ipduh AWMN BGP Feed neighbor 10.21.241.67 timers 10 30 neighbor 10.21.241.67 capability dynamic neighbor 10.21.241.67 capability orf prefix-list both neighbor 10.21.241.67 soft-reconfiguration inbound ! ! ! ipduh03711 neighbor 10.21.241.66 remote-as 20305 neighbor 10.21.241.66 description ipduh AWMN BGP Feed neighbor 10.21.241.66 timers 10 30 neighbor 10.21.241.66 capability dynamic neighbor 10.21.241.66 capability orf prefix-list both neighbor 10.21.241.66 soft-reconfiguration inbound ! ! !Pretty much everything (even malakies) are allowed ... This is a BGP monitor ! !ip prefix-list awmn-bgp seq 5 permit 10.0.0.0/8 ge 9 le 24 !ip prefix-list awmn-bgp seq 10 permit 10.0.0.0/15 le 32 !ip prefix-list awmn-bgp seq 15 deny any ! !!ip as-path access-list maxaslength deny ( [0-9]+){250}$ ip as-path access-list maxaslength permit .* ! line vty ! end
This is how my ospfd.conf looks like. This Router is on the same broadcast domain with all his neighbors.
#cat /etc/quagga/ospfd.conf ! -*- ospf -*- ! ! OSPFd sample configuration file ! ! hostname ares password anotherpassword enable password yetanotherenablepassword ! router ospf network 10.21.241.0/25 area 0 ospf router-id 10.21.241.126 ! log stdout
Restart all routing daemons.
#/etc/init.d/quagga restart Stopping Quagga daemons (prio:0): (waiting) .. bgpd (waiting) .. ospfd (waiting) .. zebra (ripd) (ripngd) (ospf6d) (isisd). Removing all routes made by zebra. Loading capability module if not yet done. Starting Quagga daemons (prio:10): zebra bgpd ospfd.
By default the quagga Daemons bound on the ports in the following list.
ZEBRA 2601 OSPF 2604 BGP 2605 RIPNG 2603 ospf6d 2606
Check OSPF
#telnet 127.0.0.1 2604 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. Hello, this is Quagga (version 0.99.20.1). Copyright 1996-2005 Kunihiro Ishiguro, et al. User Access Verification Password: ares> show ip ospf neighbor all Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL 10.21.241.66 1 2-Way/DROther 33.906s 10.21.241.66 eth1:10.21.241.10 0 0 0 10.21.241.67 1 2-Way/DROther 36.107s 10.21.241.67 eth1:10.21.241.10 0 0 0 10.21.241.68 1 Full/Backup 35.947s 10.21.241.68 eth1:10.21.241.10 0 0 0 10.21.241.69 1 Full/DR 35.167s 10.21.241.69 eth1:10.21.241.10 0 0 0 ares> quit Connection closed by foreign host.
Check BGP
#telnet 127.0.0.1 2605 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. Hello, this is Quagga (version 0.99.20.1). Copyright 1996-2005 Kunihiro Ishiguro, et al. User Access Verification Password: ares> show ip bgp BGP table version is 0, local router ID is 10.21.241.126 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, R Removed Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i10.0.0.0 10.21.241.141 100 0 12629 16382 8266 4704 19074 14835 3352 ? *>i10.0.0.0/9 10.21.241.141 100 0 12629 16382 8266 4704 19074 14835 19601 172193 172194 31671 45808 10991 11023 11023 11023 4217 4319 49208 49207 i * i10.0.0.0/10 10.21.241.134 100 0 17925 15551 7474 18245 1702 2350 3016 263 8506 416 891 4097 12629 18242 19601 172193 i *>i 10.21.241.138 100 0 18569 18606 18912 3210 13133 121 3016 263 8506 416 891 4097 12629 18242 19601 172193 i *>i10.0.0.1/32 10.21.241.141 100 0 12629 3936 10515 543 i *>i10.0.0.10/32 10.21.241.141 100 0 12629 16382 8506 263 24 9288 3665 65202 i *>i10.0.10.0/24 10.21.241.141 100 0 12629 18242 i *>i10.0.11.0/24 10.21.241.141 100 0 12629 18242 1286 14835 4758 15731 3341 i *>i10.2.1.0/24 10.21.241.141 100 0 12629 18242 1286 9533 16924 i * i10.2.2.0/24 10.21.241.141 100 0 12629 15465 2720 14209 17983 i *>i 10.21.241.138 100 0 18569 6202 6801 17244 17983 i *>i10.2.8.0/24 10.21.241.141 100 0 12629 5078 146 280 i *>i10.2.12.0/24 10.21.241.141 100 0 12629 16382 11087 416 240 i * i10.2.13.0/24 10.21.241.141 100 0 12629 16382 11087 416 240 72 i * i 10.21.241.134 100 0 17925 13835 2879 7659 2113 72 i *>i 10.21.241.138 100 0 18569 6202 3667 7659 2113 72 i *>i10.2.15.0/24 10.21.241.141 100 0 12629 16382 11087 416 i * i10.2.16.0/24 10.21.241.141 100 0 12629 14822 3112 7736 8580 i *>i 10.21.241.138 100 0 18569 18606 18912 7736 8580 i * i10.2.17.0/24 10.21.241.141 100 0 12629 16382 11087 416 240 72 i * i 10.21.241.134 100 0 17925 13835 2879 7659 2113 72 i *>i 10.21.241.138 100 0 18569 6202 3667 7659 2113 72 i *>i10.2.18.0/24 10.21.241.141 100 0 12629 18242 1286 577 4097 806 i *>i10.2.19.0/24 10.21.241.141 100 0 12629 10130 8137 14365 18250 646 57 3298 i *>i10.2.20.0/24 10.21.241.141 100 0 12629 5078 14694 i *>i10.2.21.0/24 10.21.241.141 100 0 12629 16382 11087 416 410 i *>i10.2.22.0/24 10.21.241.141 100 0 12629 16382 11087 416 891 i *>i10.2.24.0/24 10.21.241.141 100 0 12629 16382 11087 416 240 4003 i *>i10.2.25.0/24 10.21.241.138 100 0 18569 18606 4272 4263 1819 i *>i10.2.27.0/24 10.21.241.141 100 0 12629 17643 i *>i10.2.31.0/24 10.21.241.141 100 0 12629 15465 13133 121 3016 956 810 2315 2379 4758 15731 410 3200 4500 3507 2711 8580 i *>i10.2.33.0/24 10.21.241.141 100 0 12629 10130 8137 14365 18250 646 57 8073 7817 10030 7347 i *>i10.2.34.0/24 10.21.241.141 100 0 12629 18242 1286 45 34 3674 1549 i *>i10.2.37.0/24 10.21.241.141 100 0 12629 16455 12528 9031 2711 8580 i *>i10.2.38.0/24 10.21.241.141 100 0 12629 18242 1286 577 4097 i ....
OK, it works.
If you want to access all daemons from the same place look into enabling vtysh. You will have to set vtysh_enable to yes in /etc/quagga/debian.conf and create its configuration file. There is a sample file in /usr/share/doc/quagga/examples/vtysh.conf.sample.
QUAGGA BGP OSPF router