AS – Autonomic System.
BGP – Border Gateway Protocol.
You can install quagga in Ubuntu/Debian with the following command:
sudo apt-get install quagga
We edit the config and enable demons, we write yes opposite zebra and bgpd:
sudo nano /etc/quagga/daemons
Suppose our AS1234 provider – AS4321.
Editing the bgpd config:
sudo nano /etc/quagga/bgpd.conf
Example:
hostname AS1234
password IXNFO
enable password IXNFO
log file /var/log/quagga/bgpd.log
log stdout
!
router bgp 1234
bgp router-id OUR_IP
network 1.1.1.0/24
neighbor provider_ip remote-as 4321
neighbor provider_ip update-source OUR_IP
neighbor provider_ip filter-list OUR out
!
ip as-path access-list OUR permit ^$
!
line vty
!
Edit the zebra configuration:
nano /etc/quagga/zebra.conf
Example:
hostname AS1234
password TEXT
enable password TEXT
log file /var/log/quagga/zebra.log
service password-encryption
!
interface eth0
ip address OUR_IP/24
!
ipv6 nd suppress-ra
!
interface lo
!
ip route 1.1.1.0/24 Null0
!
ip forwarding
ipv6 forwarding
!
line vty
!
Restart quagga for the changes to take effect:
sudo /etc/init.d/quagga restart
Checking:
telnet localhost 2605
show ip bgp summary
show ip bgp neighbors
show ip bgp
Debug:
debug bgp updates
debug bgp events
You can connect to zebra like this:
telnet localhost 2601
show ip route
I will give an example of a working BGP configuration with two neighbors (2.2.2.1 – the first neighbor, 2.2.2.2 – the second neighbor, 2.2.2.3 – its own IP, p2p1 is connected to the Internet, p2p2 – to the local network, emX networks are not used, 1.1.1.0 – network with white IP,):
sudo nano /etc/quagga/zebra.conf
!
! Zebra configuration saved from vty
! 2017/07/21 13:13:02
!
hostname test
password IXNFO
enable password IXNFO
log file /var/log/zebra.log
!
interface em1
ipv6 nd suppress-ra
!
interface em2
ipv6 nd suppress-ra
!
interface em3
ipv6 nd suppress-ra
!
interface em4
ipv6 nd suppress-ra
!
interface lo
!
interface p1p1
ipv6 nd suppress-ra
!
interface p1p2
ipv6 nd suppress-ra
!
ip forwarding
!
!
line vty
!
sudo nano /etc/quagga/bgpd.conf
!
! Zebra configuration saved from vty
! 2017/07/21 13:13:02
!
password IXNFO
enable password IXNFO
log file /var/log/quagga/bgpd.log
service advanced-vty
!
bgp multiple-instance
bgp config-type cisco
!
router bgp 1234
no synchronization
bgp router-id 2.2.2.3
network 1.1.1.0 mask 255.255.254.0
aggregate-address 1.1.1.0 255.255.254.0 summary-only
redistribute connected
timers bgp 20 60
neighbor 2.2.2.1 remote-as 4321
neighbor 2.2.2.1 description PROVIDER2
neighbor 2.2.2.1 soft-reconfiguration inbound
neighbor 2.2.2.1 route-map PROVIDER2-OUT out
neighbor 2.2.2.2 remote-as 4321
neighbor 2.2.2.2 description PROVIDER
neighbor 2.2.2.2 soft-reconfiguration inbound
neighbor 2.2.2.2 route-map PROVIDER-OUT out
no auto-summary
!
access-list 10 permit 127.0.0.1
access-list 10 permit 1.1.1.5
access-list 10 deny any
access-list all permit any
!
ip prefix-list DEFAULT-ONLY seq 10 deny 0.0.0.0/0 ge 1 le 31
ip prefix-list DEFAULT-ONLY seq 20 permit 0.0.0.0/0
ip prefix-list DEFAULT-STRIP seq 10 deny 0.0.0.0/0
ip prefix-list DEFAULT-STRIP seq 20 permit 0.0.0.0/0 ge 1 le 31
ip prefix-list TO-PROVIDER seq 10 permit 1.1.1.0/23
ip prefix-list TO-PROVIDER seq 100 deny 0.0.0.0/0 le 32
ip prefix-list TO-PROVIDER2 seq 10 permit 1.1.1.0/23
ip prefix-list TO-PROVIDER2 seq 100 deny 0.0.0.0/0 le 32
!
route-map PROVIDER-IN permit 10
match ip address prefix-list all
!
route-map PROVIDER2-IN permit 10
match ip address prefix-list all
!
route-map PROVIDER-OUT permit 10
description MYNETWORK <-> PROVIDER
match ip address prefix-list TO-PROVIDER
!
route-map PROVIDER2-OUT permit 10
description MYNETWORK <-> PROVIDER2
match ip address prefix-list TO-PROVIDER2
set local-preference 50
!
line vty
access-class 10
no login
IPs are assigned in /etc/network/interfaces:
auto p2p2
iface p2p2 inet static
address 10.0.0.2
netmask 255.255.255.0
auto p2p1:555
iface p2p1:555 inet static
address 2.2.2.3
netmask 255.255.255.252
#gateway 2.2.2.1
auto p2p1
iface p2p1 inet static
address 1.1.1.1
netmask 255.255.255.240
I will give an example of a working configuration with one neighbor (in /etc/network/interfaces you need to uncomment gateway):
sudo nano /etc/quagga/bgpd.conf
!
! Zebra configuration saved from vty
! 2017/07/21 13:13:02
!
password IXNFO
enable password IXNFO
log file /var/log/quagga/bgpd.log
service advanced-vty
!
bgp multiple-instance
bgp config-type cisco
!
router bgp 1234
no synchronization
bgp router-id 2.2.2.3
network 1.1.1.0 mask 255.255.254.0
aggregate-address 1.1.1.0 255.255.254.0 summary-only
redistribute connected
timers bgp 20 60
neighbor 2.2.2.1 remote-as 4321
neighbor 2.2.2.1 description PROVIDER
neighbor 2.2.2.1 soft-reconfiguration inbound
neighbor 2.2.2.1 route-map PROVIDER-OUT out
no auto-summary
!
access-list 10 permit 127.0.0.1
access-list 10 permit 1.1.1.5
access-list 10 deny any
access-list all permit any
!
ip prefix-list DEFAULT-ONLY seq 10 deny 0.0.0.0/0 ge 1 le 31
ip prefix-list DEFAULT-ONLY seq 20 permit 0.0.0.0/0
ip prefix-list DEFAULT-STRIP seq 10 deny 0.0.0.0/0
ip prefix-list DEFAULT-STRIP seq 20 permit 0.0.0.0/0 ge 1 le 31
ip prefix-list TO-PROVIDER seq 10 permit 1.1.1.0/23
ip prefix-list TO-PROVIDER seq 100 deny 0.0.0.0/0 le 32
!
route-map PROVIDER-IN permit 10
match ip address prefix-list all
!
route-map PROVIDER-OUT permit 10
description MYNETWORK <-> PROVIDER
match ip address prefix-list TO-PROVIDER
!
line vty
access-class 10
no login
!
See also my articles:
- IPTables Rules for BGP
- Configuring OSPF in Quagga
- Installing and configuring BIRD (BGP)
- Installing Quagga on Ubuntu Server 18
- BGP. Channel Balancing on Quagga
- Solution ZEBRA: netlink-listen recvmsg overrun: No buffer space available
- Quagga. Setting up logging
- Migrating from Quagga to Bird