Setting up BGP in Quagga

AS – Autonomic System.
BGP – Border Gateway Protocol.

You can install quagga in Ubuntu/Debian with the following command:

sudo apt-get install quagga

We edit the config and enable demons, we write yes opposite zebra and bgpd:

sudo nano /etc/quagga/daemons

Suppose our AS1234 provider – AS4321.
Editing the bgpd config:

sudo nano /etc/quagga/bgpd.conf

Example:

hostname AS1234
password IXNFO
enable password IXNFO
log file /var/log/quagga/bgpd.log
log stdout
!
router bgp 1234
bgp router-id OUR_IP
network 1.1.1.0/24
neighbor provider_ip remote-as 4321
neighbor provider_ip update-source OUR_IP
neighbor provider_ip filter-list OUR out
!
ip as-path access-list OUR permit ^$
!
line vty
!

Edit the zebra configuration:

nano /etc/quagga/zebra.conf

Example:

hostname AS1234
password TEXT
enable password TEXT
log file /var/log/quagga/zebra.log
service password-encryption
!
interface eth0
ip address OUR_IP/24
!
ipv6 nd suppress-ra
!
interface lo
!
ip route 1.1.1.0/24 Null0
!
ip forwarding
ipv6 forwarding
!
line vty
!

Restart quagga for the changes to take effect:

sudo /etc/init.d/quagga restart

Checking:

telnet localhost 2605
show ip bgp summary
show ip bgp neighbors
show ip bgp

Debug:

debug bgp updates
debug bgp events

You can connect to zebra like this:

telnet localhost 2601
show ip route

I will give an example of a working BGP configuration with two neighbors (2.2.2.1 – the first neighbor, 2.2.2.2 – the second neighbor, 2.2.2.3 – its own IP, p2p1 is connected to the Internet, p2p2 – to the local network, emX networks are not used, 1.1.1.0 – network with white IP,):

sudo nano /etc/quagga/zebra.conf
!
! Zebra configuration saved from vty
!   2017/07/21 13:13:02
!
hostname test
password IXNFO
enable password IXNFO
log file /var/log/zebra.log
!
interface em1
 ipv6 nd suppress-ra
!
interface em2
 ipv6 nd suppress-ra
!
interface em3
 ipv6 nd suppress-ra
!
interface em4
 ipv6 nd suppress-ra
!
interface lo
!
interface p1p1
 ipv6 nd suppress-ra
!
interface p1p2
 ipv6 nd suppress-ra
!
ip forwarding
!
!
line vty
!
 
sudo nano /etc/quagga/bgpd.conf
!
! Zebra configuration saved from vty
!   2017/07/21 13:13:02
!
password IXNFO
enable password IXNFO
log file /var/log/quagga/bgpd.log
service advanced-vty
!
bgp multiple-instance
bgp config-type cisco
!
router bgp 1234
 no synchronization
 bgp router-id 2.2.2.3
 network 1.1.1.0 mask 255.255.254.0
 aggregate-address 1.1.1.0 255.255.254.0 summary-only
 redistribute connected
 timers bgp 20 60
 neighbor 2.2.2.1 remote-as 4321
 neighbor 2.2.2.1 description PROVIDER2
 neighbor 2.2.2.1 soft-reconfiguration inbound
 neighbor 2.2.2.1 route-map PROVIDER2-OUT out
 neighbor 2.2.2.2 remote-as 4321
 neighbor 2.2.2.2 description PROVIDER
 neighbor 2.2.2.2 soft-reconfiguration inbound
 neighbor 2.2.2.2 route-map PROVIDER-OUT out
 no auto-summary
!
access-list 10 permit 127.0.0.1
access-list 10 permit 1.1.1.5
access-list 10 deny any
access-list all permit any
!
ip prefix-list DEFAULT-ONLY seq 10 deny 0.0.0.0/0 ge 1 le 31
ip prefix-list DEFAULT-ONLY seq 20 permit 0.0.0.0/0
ip prefix-list DEFAULT-STRIP seq 10 deny 0.0.0.0/0
ip prefix-list DEFAULT-STRIP seq 20 permit 0.0.0.0/0 ge 1 le 31
ip prefix-list TO-PROVIDER seq 10 permit 1.1.1.0/23
ip prefix-list TO-PROVIDER seq 100 deny 0.0.0.0/0 le 32
ip prefix-list TO-PROVIDER2 seq 10 permit 1.1.1.0/23
ip prefix-list TO-PROVIDER2 seq 100 deny 0.0.0.0/0 le 32
!
route-map PROVIDER-IN permit 10
 match ip address prefix-list all
!
route-map PROVIDER2-IN permit 10
 match ip address prefix-list all
!
route-map PROVIDER-OUT permit 10
 description MYNETWORK <-> PROVIDER
 match ip address prefix-list TO-PROVIDER
!
route-map PROVIDER2-OUT permit 10
 description MYNETWORK <-> PROVIDER2
 match ip address prefix-list TO-PROVIDER2
 set local-preference 50
!
line vty
 access-class 10
 no login

IPs are assigned in /etc/network/interfaces:

auto p2p2
iface p2p2 inet static
        address 10.0.0.2
        netmask 255.255.255.0
         
auto p2p1:555
iface p2p1:555 inet static
        address 2.2.2.3
        netmask 255.255.255.252
        #gateway 2.2.2.1
 
auto p2p1
iface p2p1 inet static
        address 1.1.1.1
        netmask 255.255.255.240

I will give an example of a working configuration with one neighbor (in /etc/network/interfaces you need to uncomment gateway):

sudo nano /etc/quagga/bgpd.conf
!
! Zebra configuration saved from vty
!   2017/07/21 13:13:02
!
password IXNFO
enable password IXNFO
log file /var/log/quagga/bgpd.log
service advanced-vty
!
bgp multiple-instance
bgp config-type cisco
!
router bgp 1234
 no synchronization
 bgp router-id 2.2.2.3
 network 1.1.1.0 mask 255.255.254.0
 aggregate-address 1.1.1.0 255.255.254.0 summary-only
 redistribute connected
 timers bgp 20 60
 neighbor 2.2.2.1 remote-as 4321
 neighbor 2.2.2.1 description PROVIDER
 neighbor 2.2.2.1 soft-reconfiguration inbound
 neighbor 2.2.2.1 route-map PROVIDER-OUT out
 no auto-summary
!
access-list 10 permit 127.0.0.1
access-list 10 permit 1.1.1.5
access-list 10 deny any
access-list all permit any
!
ip prefix-list DEFAULT-ONLY seq 10 deny 0.0.0.0/0 ge 1 le 31
ip prefix-list DEFAULT-ONLY seq 20 permit 0.0.0.0/0
ip prefix-list DEFAULT-STRIP seq 10 deny 0.0.0.0/0
ip prefix-list DEFAULT-STRIP seq 20 permit 0.0.0.0/0 ge 1 le 31
ip prefix-list TO-PROVIDER seq 10 permit 1.1.1.0/23
ip prefix-list TO-PROVIDER seq 100 deny 0.0.0.0/0 le 32
!
route-map PROVIDER-IN permit 10
 match ip address prefix-list all
!
route-map PROVIDER-OUT permit 10
 description MYNETWORK <-> PROVIDER
 match ip address prefix-list TO-PROVIDER
!
line vty
 access-class 10
 no login
!

See also my articles:
IPTables Rules for BGP
Installing Quagga on Ubuntu Server 18
BGP. Channel Balancing on Quagga
Solution ZEBRA: netlink-listen recvmsg overrun: No buffer space available

Leave a comment

Leave a Reply