1
mirror of https://git.dn42.dev/wiki/wiki.git synced 2024-12-09 22:13:08 +01:00
wiki/howto/Quagga.md
2016-07-24 12:53:03 +02:00

5.0 KiB

Quagga

Quagga is probably one of the oldest software router around. It still works, of course, even though it has an unattractive configuration syntax (unfortunately inspired by Cisco's IOS) and has some small issues with IPv6. But since it's so old, you will find a lot of configuration examples around.

Source address selection

Use this in your zebra.conf:

route-map RM_SET_SRC permit 10
  set src 172.22.XX.XX
ip protocol bgp route-map RM_SET_SRC

Unfortunately, this is not possible with IPv6...

Important bgp commands

To connect to bgpd use:

$ vtysh

Which provides an interactive interface. In this interface '?' can be used to list the available commands or subcommands.

Configure Quagga

a minimal config would look like this:

vtysh> configure terminal
vtysh(config)> router bgp <your-asn>
vtysh(config-router)> neighbor <neighbor-ip> remote-as <neighbor-asn>
vtysh(config-router)> neighbor <neighbor-ip> interface <interface>
vtysh(config-router)> exit
vtysh(config)> exit

IPv6

for IPv6 do something like

vtysh> configure terminal
vtysh(config)> router bgp <your-asn>
vtysh(config-router)> neighbor <neighbor-ip> remote-as <neighbor-asn>
vtysh(config-router)> neighbor <neighbor-ip> interface <interface>
vtysh(config-router)> no neighbor <neighbor-ip> activate
vtysh(config-router)> address-family ipv6
vtysh(config-router-af)> neighbor <neighbor-ip> activate
vtysh(config-router-af)> exit
vtysh(config-router)> exit
vtysh(config)> exit

peer groups, prefix lists and such

If you want to use 'prefix-list' to filter some of the prefixes quagga is receiving, you can use a 'peer-group' instead of apply the prefix list to every neighbor.

Define a peer group:

vtysh(config-router)> neighbor <peer-group-name> peer-group

Apply to a neighbor:

vtysh(config-router)> neighbor <neighbor-ip> peer-group <name>

Apply a prefix list for incoming prefixes to your peer group:

vtysh(config-router)> neighbor <peer-group-name> prefix-list <prefix-list-name> in

Example filter list

ip prefix-list vpn-in description BGP IPv4 import filter
!old network:
ip prefix-list vpn-in seq 5 permit 172.22.0.0/15 ge 22 le 28
!new dn42 allocation:
ip prefix-list vpn-in seq 10 permit 172.20.0.0/16 ge 22 le 28

! Anycast /32s for Whois and DNS:
ip prefix-list vpn-in seq 11 permit 172.22.0.43/32
ip prefix-list vpn-in seq 12 permit 172.22.0.53/32

ip prefix-list vpn-in seq 18 permit 192.175.48.0/24
ip prefix-list vpn-in seq 20 deny 10.10.10.0/24
ip prefix-list vpn-in seq 21 permit 10.0.0.0/8
ip prefix-list vpn-in seq 30 permit 172.31.0.0/16
ip prefix-list vpn-in seq 39 permit 100.64.0.0/10
ip prefix-list vpn-in seq 40 permit 195.160.168.0/23
ip prefix-list vpn-in seq 41 permit 91.204.4.0/22
ip prefix-list vpn-in seq 43 permit 193.43.220.0/23
ip prefix-list vpn-in seq 46 permit 83.133.178.0/23
ip prefix-list vpn-in seq 47 permit 87.106.29.254/32
ip prefix-list vpn-in seq 50 permit 85.25.246.16/28
ip prefix-list vpn-in seq 51 permit 46.4.248.192/27
ip prefix-list vpn-in seq 60 permit 94.45.224.0/19
ip prefix-list vpn-in seq 70 permit 195.191.196.0/23
ip prefix-list vpn-in seq 80 permit 80.244.241.224/27
ip prefix-list vpn-in seq 90 permit 46.19.90.48/28
ip prefix-list vpn-in seq 91 permit 46.19.90.96/28
ip prefix-list vpn-in seq 110 permit 188.40.34.241/32
ip prefix-list vpn-in seq 130 permit 37.1.89.192/26
ip prefix-list vpn-in seq 140 permit 178.33.32.123/32
ip prefix-list vpn-in seq 150 permit 87.98.246.19/32
ip prefix-list vpn-in seq 1000 deny 0.0.0.0/0

ipv6 prefix-list vpn-in seq 10 permit fd00::/8 ge 9
ipv6 prefix-list vpn-in seq 15 deny any

Example filter list script

#!/bin/bash

vtysh -c 'conf t' -c "no ip prefix-list dn42"; #drop old prefix list

while read pl
do
   vtysh -c 'conf t' -c "$pl"; #insert prefix list row by row
done < <(curl -s https://ca.dn42.us/reg/filter.txt | grep -e  ^[0-9] | awk '{ print "ip prefix-list dn42 seq " $1 " " $2 " " $3 " ge " $4 " le " $5}' | sed "s_/\([0-9]\+\) ge \1_/\1_g;s_/\([0-9]\+\) le \1_/\1_g");
vtysh -c "wr" #write new prefix list

show bpg session status

in this example:

  • an active bgp session exists with peer 64713.
  • no (vpn) connection at all exists with peer 64692
  • a (vpn) connection with 4242421375 exists, but no bgp session
vtysh> show ip bgp summary 
BGP router identifier 172.22.100.254, local AS number 64698
RIB entries 938, using 103 KiB of memory
Peers 11, using 49 KiB of memory
Peer groups 1, using 32 bytes of memory

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
172.22.92.247   4 64692       0       0        0    0    0 never    Connect
...
172.22.113.2    4 64713    2206     865        0    0    0 01:23:11      322
....
172.23.64.1     4 4242421375  0       0        0    0    0 never    Active
fe80::deca:fbad 4 64699     902     694        0    0    0 01:23:57      486