AS — (Autonomic System) автономная система.
BGP — (Border Gateway Protocol) протокол пограничного маршрутизатора.
Установить quagga в Ubuntu/Debian можно следующей командой:
sudo apt-get install quagga
Редактируем конфиг и включаем демонов, пишем yes напротив zebra и bgpd:
sudo nano /etc/quagga/daemons
Допустим наша AS1234, провайдера — AS4321.
Редактируем конфиг bgpd:
sudo nano /etc/quagga/bgpd.conf
Пример:
hostname AS1234
password IXNFO
enable password IXNFO
log file /var/log/quagga/bgpd.log
log stdout
!
router bgp 1234
bgp router-id OUR_IP
network 1.1.1.0/24
neighbor провайдера_ip remote-as 4321
neighbor провайдера_ip update-source OUR_IP
neighbor провайдера_ip filter-list OUR out
!
ip as-path access-list OUR permit ^$
!
line vty
!
Редактируем конфигурацию zebra:
nano /etc/quagga/zebra.conf
Пример:
hostname AS1234
password TEXT
enable password TEXT
log file /var/log/quagga/zebra.log
service password-encryption
!
interface eth0
ip address OUR_IP/24
!
ipv6 nd suppress-ra
!
interface lo
!
ip route 1.1.1.0/24 Null0
!
ip forwarding
ipv6 forwarding
!
line vty
!
Перезапускаем quagga чтобы изменения вступили в силу:
sudo /etc/init.d/quagga restart
Проверяем:
telnet localhost 2605
show ip bgp summary
show ip bgp neighbors
show ip bgp
Debug:
debug bgp updates
debug bgp events
Подключиться к zebra можно так:
telnet localhost 2601
show ip route
Приведу пример рабочей конфигурации BGP с двумя neighbor (2.2.2.1 — первый neighbor, 2.2.2.2 — второй neighbor, 2.2.2.3 — свой IP, p2p1 смотрит в интернет, p2p2 — в локальную сеть, emX сетевые не используются, 1.1.1.0 — сеть с белыми IP, ):
sudo nano /etc/quagga/zebra.conf
!
! Zebra configuration saved from vty
! 2017/07/21 13:13:02
!
hostname test
password IXNFO
enable password IXNFO
log file /var/log/zebra.log
!
interface em1
ipv6 nd suppress-ra
!
interface em2
ipv6 nd suppress-ra
!
interface em3
ipv6 nd suppress-ra
!
interface em4
ipv6 nd suppress-ra
!
interface lo
!
interface p1p1
ipv6 nd suppress-ra
!
interface p1p2
ipv6 nd suppress-ra
!
ip forwarding
!
!
line vty
!
sudo nano /etc/quagga/bgpd.conf
!
! Zebra configuration saved from vty
! 2017/07/21 13:13:02
!
password IXNFO
enable password IXNFO
log file /var/log/quagga/bgpd.log
service advanced-vty
!
bgp multiple-instance
bgp config-type cisco
!
router bgp 1234
no synchronization
bgp router-id 2.2.2.3
network 1.1.1.0 mask 255.255.254.0
aggregate-address 1.1.1.0 255.255.254.0 summary-only
redistribute connected
timers bgp 20 60
neighbor 2.2.2.1 remote-as 4321
neighbor 2.2.2.1 description PROVIDER2
neighbor 2.2.2.1 soft-reconfiguration inbound
neighbor 2.2.2.1 route-map PROVIDER2-OUT out
neighbor 2.2.2.2 remote-as 4321
neighbor 2.2.2.2 description PROVIDER
neighbor 2.2.2.2 soft-reconfiguration inbound
neighbor 2.2.2.2 route-map PROVIDER-OUT out
no auto-summary
!
access-list 10 permit 127.0.0.1
access-list 10 permit 1.1.1.5
access-list 10 deny any
access-list all permit any
!
ip prefix-list DEFAULT-ONLY seq 10 deny 0.0.0.0/0 ge 1 le 31
ip prefix-list DEFAULT-ONLY seq 20 permit 0.0.0.0/0
ip prefix-list DEFAULT-STRIP seq 10 deny 0.0.0.0/0
ip prefix-list DEFAULT-STRIP seq 20 permit 0.0.0.0/0 ge 1 le 31
ip prefix-list TO-PROVIDER seq 10 permit 1.1.1.0/23
ip prefix-list TO-PROVIDER seq 100 deny 0.0.0.0/0 le 32
ip prefix-list TO-PROVIDER2 seq 10 permit 1.1.1.0/23
ip prefix-list TO-PROVIDER2 seq 100 deny 0.0.0.0/0 le 32
!
route-map PROVIDER-IN permit 10
match ip address prefix-list all
!
route-map PROVIDER2-IN permit 10
match ip address prefix-list all
!
route-map PROVIDER-OUT permit 10
description MYNETWORK <-> PROVIDER
match ip address prefix-list TO-PROVIDER
!
route-map PROVIDER2-OUT permit 10
description MYNETWORK <-> PROVIDER2
match ip address prefix-list TO-PROVIDER2
set local-preference 50
!
line vty
access-class 10
no login
IP назначены в /etc/network/interfaces:
auto p2p2
iface p2p2 inet static
address 10.0.0.2
netmask 255.255.255.0
auto p2p1:555
iface p2p1:555 inet static
address 2.2.2.3
netmask 255.255.255.252
#gateway 2.2.2.1
auto p2p1
iface p2p1 inet static
address 1.1.1.1
netmask 255.255.255.240
Приведу пример рабочей конфигурации с одним neighbor (в /etc/network/interfaces нужно раскомментироваться gateway):
sudo nano /etc/quagga/bgpd.conf
!
! Zebra configuration saved from vty
! 2017/07/21 13:13:02
!
password IXNFO
enable password IXNFO
log file /var/log/quagga/bgpd.log
service advanced-vty
!
bgp multiple-instance
bgp config-type cisco
!
router bgp 1234
no synchronization
bgp router-id 2.2.2.3
network 1.1.1.0 mask 255.255.254.0
aggregate-address 1.1.1.0 255.255.254.0 summary-only
redistribute connected
timers bgp 20 60
neighbor 2.2.2.1 remote-as 4321
neighbor 2.2.2.1 description PROVIDER
neighbor 2.2.2.1 soft-reconfiguration inbound
neighbor 2.2.2.1 route-map PROVIDER-OUT out
no auto-summary
!
access-list 10 permit 127.0.0.1
access-list 10 permit 1.1.1.5
access-list 10 deny any
access-list all permit any
!
ip prefix-list DEFAULT-ONLY seq 10 deny 0.0.0.0/0 ge 1 le 31
ip prefix-list DEFAULT-ONLY seq 20 permit 0.0.0.0/0
ip prefix-list DEFAULT-STRIP seq 10 deny 0.0.0.0/0
ip prefix-list DEFAULT-STRIP seq 20 permit 0.0.0.0/0 ge 1 le 31
ip prefix-list TO-PROVIDER seq 10 permit 1.1.1.0/23
ip prefix-list TO-PROVIDER seq 100 deny 0.0.0.0/0 le 32
!
route-map PROVIDER-IN permit 10
match ip address prefix-list all
!
route-map PROVIDER-OUT permit 10
description MYNETWORK <-> PROVIDER
match ip address prefix-list TO-PROVIDER
!
line vty
access-class 10
no login
!
Смотрите также мои статьи:
- IPTables правила для BGP
- Настройка OSPF в Quagga
- Установка и настройка BIRD (BGP)
- Установка Quagga в Ubuntu Server 18
- BGP. Балансировка каналов на Quagga
- Решение ZEBRA: netlink-listen recvmsg overrun: No buffer space available
- Quagga. Настройка логов
- Миграция с Quagga на Bird