Настройка BGP в Quagga

AS — (Autonomic System) автономная система.
BGP -(Border Gateway Protocol) протокол пограничного маршрутизатора.

Устанавливаем quagga:

apt-get install quagga

Редактируем конфиг и включаем демонов, пишем yes напротив zebra и bgpd:

nano /etc/quagga/daemons

Допустим наш AS1234, провайдера — AS4321.
Редактируем конфиг bgpd:

nano /etc/quagga/bgpd.conf

пример:

hostname AS1234
password пароль
enable password пароль
log file /var/log/quagga/bgpd.log
log stdout
!
router bgp 1234
bgp router-id наш_ip
network  1.1.1.0/24
neighbor провайдера_ip remote-as 4321
neighbor провайдера_ip update-source наш_ip
neighbor провайдера_ip filter-list OUR out
!
ip as-path access-list OUR permit ^$
!
line vty
!

Редактируем конфиг zebra:

nano /etc/quagga/zebra.conf

Пример:

hostname AS1234
password пароль
enable password пароль
log file /var/log/quagga/zebra.log
service password-encryption
!
interface eth0
ip address наш_ip/24
!
ipv6 nd suppress-ra
!
interface lo
!
route 1.1.1.0/24 Null0
!
ip forwarding
ipv6 forwarding
!
line vty
!

Перезапускаем quagga чтобы изменения вступили в силу:

/etc/init.d/quagga restart

Проверяем:

telnet localhost 2605
show ip bgp summary
show ip bgp neighbors
show ip bgp

Debug:

debug bgp updates
debug bgp events

Приведу пример рабочей конфигурации BGP с двумя neighbor (2.2.2.1 — первый neighbor, 2.2.2.2 — второй neighbor, 2.2.2.3 — свой IP, p2p1 смотрит в интернет, p2p2 — в локальную сеть, emX сетевые не используются, 1.1.1.0 — сеть с белыми IP, ):

sudo nano /etc/quagga/zebra.conf
!
! Zebra configuration saved from vty
!   2017/07/21 13:13:02
!
hostname exor
password zebra
enable password zebra
log file /var/log/zebra.log
!
interface em1
 ipv6 nd suppress-ra
!
interface em2
 ipv6 nd suppress-ra
!
interface em3
 ipv6 nd suppress-ra
!
interface em4
 ipv6 nd suppress-ra
!
interface lo
!
interface p1p1
 ipv6 nd suppress-ra
!
interface p1p2
 ipv6 nd suppress-ra
!
ip forwarding
!
!
line vty
!

sudo nano /etc/quagga/bgpd.conf
!
! Zebra configuration saved from vty
!   2017/07/21 13:13:02
!
password qwerty
enable password qwerty
log file /var/log/quagga/bgpd.log
service advanced-vty
!
bgp multiple-instance
bgp config-type cisco
!
router bgp 1234
 no synchronization
 bgp router-id 2.2.2.3
 network 1.1.1.0 mask 255.255.254.0
 aggregate-address 1.1.1.0 255.255.254.0 summary-only
 redistribute connected
 timers bgp 20 60
 neighbor 2.2.2.1 remote-as 4321
 neighbor 2.2.2.1 description PROVIDER2
 neighbor 2.2.2.1 soft-reconfiguration inbound
 neighbor 2.2.2.1 route-map PROVIDER2-OUT out
 neighbor 2.2.2.2 remote-as 4321
 neighbor 2.2.2.2 description PROVIDER
 neighbor 2.2.2.2 soft-reconfiguration inbound
 neighbor 2.2.2.2 route-map PROVIDER-OUT out
 no auto-summary
!
access-list 10 permit 127.0.0.1
access-list 10 permit 1.1.1.5
access-list 10 deny any
access-list all permit any
!
ip prefix-list DEFAULT-ONLY seq 10 deny 0.0.0.0/0 ge 1 le 31
ip prefix-list DEFAULT-ONLY seq 20 permit 0.0.0.0/0
ip prefix-list DEFAULT-STRIP seq 10 deny 0.0.0.0/0
ip prefix-list DEFAULT-STRIP seq 20 permit 0.0.0.0/0 ge 1 le 31
ip prefix-list TO-PROVIDER seq 10 permit 1.1.1.0/23
ip prefix-list TO-PROVIDER seq 100 deny 0.0.0.0/0 le 32
ip prefix-list TO-PROVIDER2 seq 10 permit 1.1.1.0/23
ip prefix-list TO-PROVIDER2 seq 100 deny 0.0.0.0/0 le 32
!
route-map PROVIDER-IN permit 10
 match ip address prefix-list all
!
route-map PROVIDER2-IN permit 10
 match ip address prefix-list all
!
route-map PROVIDER-OUT permit 10
 description MYNETWORK <-> PROVIDER
 match ip address prefix-list TO-PROVIDER
!
route-map PROVIDER2-OUT permit 10
 description MYNETWORK <-> PROVIDER2
 match ip address prefix-list TO-PROVIDER2
 set local-preference 50
!
line vty
 access-class 10
 no login

IP назначены в /etc/network/interfaces:

auto p2p2
iface p2p2 inet static
        address 10.0.0.2
        netmask 255.255.255.0
		
auto p2p1:555
iface p2p1:555 inet static
        address 2.2.2.3
        netmask 255.255.255.252
        #gateway 2.2.2.1

auto p2p1
iface p2p1 inet static
        address 1.1.1.1
        netmask 255.255.255.240

Приведу пример рабочей конфигурации с одним neighbor (в /etc/network/interfaces нужно раскомментироваться gateway):

sudo nano /etc/quagga/bgpd.conf
!
! Zebra configuration saved from vty
!   2017/07/21 13:13:02
!
password qwerty
enable password qwerty
log file /var/log/quagga/bgpd.log
service advanced-vty
!
bgp multiple-instance
bgp config-type cisco
!
router bgp 1234
 no synchronization
 bgp router-id 2.2.2.3
 network 1.1.1.0 mask 255.255.254.0
 aggregate-address 1.1.1.0 255.255.254.0 summary-only
 redistribute connected
 timers bgp 20 60
 neighbor 2.2.2.1 remote-as 4321
 neighbor 2.2.2.1 description PROVIDER
 neighbor 2.2.2.1 soft-reconfiguration inbound
 neighbor 2.2.2.1 route-map PROVIDER-OUT out
 no auto-summary
!
access-list 10 permit 127.0.0.1
access-list 10 permit 1.1.1.5
access-list 10 deny any
access-list all permit any
!
ip prefix-list DEFAULT-ONLY seq 10 deny 0.0.0.0/0 ge 1 le 31
ip prefix-list DEFAULT-ONLY seq 20 permit 0.0.0.0/0
ip prefix-list DEFAULT-STRIP seq 10 deny 0.0.0.0/0
ip prefix-list DEFAULT-STRIP seq 20 permit 0.0.0.0/0 ge 1 le 31
ip prefix-list TO-PROVIDER seq 10 permit 1.1.1.0/23
ip prefix-list TO-PROVIDER seq 100 deny 0.0.0.0/0 le 32
!
route-map PROVIDER-IN permit 10
 match ip address prefix-list all
!
route-map PROVIDER-OUT permit 10
 description MYNETWORK <-> PROVIDER
 match ip address prefix-list TO-PROVIDER
!
line vty
 access-class 10
 no login
!
Подписаться на IT Blog (RU) по Email
Subscribe to IT Blog (EN) by Email

Did my article help you? How about buying me a cup of coffee as an encouragement? Buy me a coffe.

Добавить комментарий