OpenWRT: quagga bgp

From OnnoWiki
Revision as of 07:34, 15 November 2018 by Onnowpurbo (talk | contribs)
Jump to navigation Jump to search

sumber: https://martybugs.net/wireless/openwrt/quagga.cgi


OpenWrt BGP Routing on OpenWrt with Quagga

This page contains an overview on how to configure the Quagga BGP daemon on a Linksys WRT54GS wireless router that is running OpenWrt.


Introductory Information

On the WAFreeNet, we have been using BGP (Border Gateway Protocol) as our dynamic routing protocol (after initial unsuccessful attempts with OSPF due to stability issues with route flapping).

The Quagga Routing Suite is an opensource software suite, and provides a stable implementation of BGPv4 for Unix platforms. It consists of a core zebra daemon, and daemons for supporting various routing protocols, including RIP, OSPF and BGP.

Any BGP node only needs to be configured with details of its immediate neighbouring nodes, and will then start exchanging routes. This means adding a new node to a network only requires BGP configuration on the new node, and its immediate neighbours, and routes to the new node will then propagate through then entire network.

Note that Quagga requires reciprocal configuration on a neighbouring node, so you'll need to add neighbour configuration details to the nearest Quagga node before it'll start exchanging routes with your WRT.

Create Configuration Files Firstly, create a directory for all Quagga configuration files on the WRT:

 mkdir /etc/quagga


Create a configuration file for the Quagga zebra daemon, /etc/quagga/zebra.conf:

 hostname jandakot
 ! define password for bgpd daemon (for connecting to daemon via telnet)
 password insertpasswordhere
 ! define enable password for bgpd daemon (for connecting to daemon via telnet)
 enable password insertpasswordhere
 !
 ! list interfaces
 interface eth1
 interface vlan0
 interface vlan1
 interface lo
 !
 ! null route to consolidate all subnets in this /24
 ip route 10.60.86.0/24 Null0 255
 !
 line vty


The null route allows us to consolidate all routes for the /24 subnet that this router is responsible for, and will cause it to propagate a single route for the entire /24 subnet, rather than multiple routes for the smaller subnets inside 10.60.86.0/24.

Create a configuration file for the Quagga bgpd daemon, /etc/quagga/bgpd.conf:

 hostname jandakot
 ! define password for bgpd daemon (for connecting to daemon via telnet)
 password insertpasswordhere
 ! define enable password for bgpd daemon (for connecting to daemon via telnet)
 enable password insertpasswordhere
 !
 ! define router's BGP AS 
 router bgp 65086
 ! define ID of router - we use IP of the router
 bgp router-id 10.60.86.1
 ! define network address that this router knows about
 network 10.60.86.0/24
 !
 ! armadale neighbour 
 neighbor 10.60.74.253 remote-as 65074
 neighbor 10.60.74.253 soft-reconfiguration inbound
 neighbor 10.60.74.253 distribute-list freenet in
 neighbor 10.60.74.253 distribute-list freenet out
 !
 ! willetton neighbour 
 neighbor 10.60.84.253 remote-as 65084
 neighbor 10.60.84.253 soft-reconfiguration inbound
 neighbor 10.60.84.253 distribute-list freenet in
 neighbor 10.60.84.253 distribute-list freenet out
 !
 ! ACLs to stop people from propagating routes to their own private networks
 access-list freenet permit 10.48.0.0/12
 access-list freenet deny any
 !
 line vty
 exec-timeout 20160 0


As the Jandakot node has links to two other WAFreeNet nodes which also run bgpd, it'll be configured as a neighbour to each of these nodes, allowing it to exchange routes with each neighbour.

The IP address specified for each neighbour is that of the remote router's interface that connects to this node, ie, the IP address that the Jandakot WRT will see the bgpd traffic as originating from. The BGP AS number of each neighbour must also be specified.

Each of the neighbours must also have reciprocal configuration in their bgpd configuration file for the router you're configuring (ie, the WRT).

Modify Init Script The current quagga package for OpenWrt creates an init script, but if using older versions of the quagga package, you'll need to manually create the init script.

Edit the init script, /etc/init.d/S49quagga, and edit the following line, removing all daemons except those listed here:

 DAEMONS="zebra bgpd"


Firewall Script Depending on the firewall script on your WRT, you may need to modify it to allow bgpd traffic. Ensure that in and outbound traffic on TCP port 179 is allowed through the firewall.


Starting Quagga on OpenWrt Starting Quagga To manually start the zebra and bgpd daemons for the first time, you can either reboot the WRT, or manually run the init script:

 /etc/init.d/S49quagga start


After making changes to bgpd.conf or zebra.conf, you'll need to restart the zebra and bgpd daemons. A reboot will certainly achieve this, but a quicker way is to terminate the daemons and restart them using the following syntax:

 /etc/init.d/S49quagga restart


Debugging Quagga Verifying BGP Operation If Quagga is configured correctly at both ends, you should see the routing table of the WRT (viewable by running route -n from a command prompt) being populated with routes from its configured neighbour(s).

If routes are not showing up in the routing table, further debugging is required. While the Quagga daemons certainly can be configured to write status and debug information to log files, this isn't really a feasible option on a device such as the WRT, with flash memory.

Both the zebra and bgpd daemons provide local telnet access for monitoring and debugging.

Telnet to BGP Daemon OpenWrt doesn't have a telnet client, and telnet support hasn't been compiled into busybox. Instead, we need to use Netcat, which is included in the standard OpenWrt build. To telnet to the bgpd daemon, run:

 nc localhost 2605


and you'll be prompted for a password. (If you have the appropriate entries defined in /etc/services, you can also use nc localhost bgpd, and similarly for zebra.)

You need to enter the first password that was defined in /etc/quagga/bgpd.conf, and you'll then be rewarded with a prompt.

 root@JANDAKOT-AP:~# nc localhost 2605
 Hello, this is Quagga (version 0.98.4).
 Copyright 1996-2005 Kunihiro Ishiguro, et al.
 User Access Verification
 Password: insertpasswordhere
 jandakot>


To view the status of the bgpd neighbours, run the following:

 jandakot> show ip bgp summary


and you should be rewarded with output similar to this:

 BGP router identifier 10.60.86.1, local AS number 65086
 6 BGP AS-PATH entries
 0 BGP community entries
 Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
 10.60.74.253    4 65074   10525   10232        0    0    0 6d21h24m        4
 10.60.84.253    4 65084   10013   10181        0    0    0 6d22h49m        2
 Total number of neighbors 2


This output provides details about how long each neighbour has been connected, and how many routes the WRT has received from each neighbour (in this example, 4 routes from the first neighbour, and 2 from the second).

The Up/Down status shows the time that that neighbour has been connected. If it shows anything other than a time, it means the bgpd daemon has not successfully connected to that neighbour, so check the bgpd configuration at both ends.

To view the BGP routing table, run the following commend in the bgpd telnet session:

 jandakot> show ip bgp


and you should get something similar to this output:

 BGP table version is 0, local router ID is 10.60.86.1
 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
 Origin codes: i - IGP, e - EGP, ? - incomplete
    Network          Next Hop            Metric LocPrf Weight Path
 *> 10.60.68.0/24    10.60.74.253                           0 65074 65068 i
 *> 10.60.74.0/24    10.60.74.253             0             0 65074 i
 *> 10.60.82.0/24    10.60.74.253                           0 65074 65082 i
 *> 10.60.84.0/24    10.60.84.253             0             0 65084 i
 *> 10.60.86.0/24    0.0.0.0                  0         32768 i
 *> 10.60.113.0/24   10.60.84.253                           0 65084 65113 i
 *> 10.64.0.0/12     10.60.74.253             0             0 65074 i
 Total number of prefixes 7


This view provides details of each route received via BGP, as well as the path to that route. For example, from the output above, we can see that the route to 10.60.82.0/24 (SouthArmadale) goes via AS65074 (the ArmadaleAP router) and AS65082 (the SouthArmadale router), and the next hop with respect to Jandakot is 10.60.74.253, which is the IP address at the ArmadaleAP end of the ArmadaleAP-Jandakot link.

To finish the telnet session, just type exit.

Telnet to Zebra Daemon To telnet to the zebra daemon, run:

 nc localhost 2601


and you'll be prompted for a password. You need to enter the first password that was defined in /etc/quagga/zebra.conf, and you'll then be rewarded with a prompt.

 root@JANDAKOT-AP:~# nc localhost 2601
 Hello, this is Quagga (version 0.98.4).
 Copyright 1996-2005 Kunihiro Ishiguro, et al.
 User Access Verification
 Password: insertpasswordhere
 jandakot>


To view the status of the routing table, run the following:

 jandakot> show ip route


and you should be rewarded with output similar to this:

 Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
        B - BGP, > - selected route, * - FIB route
 K>* 0.0.0.0/0 via 10.60.74.253, eth1
 B>* 10.60.68.0/24 [20/0] via 10.60.74.253, eth1, 6d21h25m        
 B>* 10.60.74.0/24 [20/0] via 10.60.74.253, eth1, 6d21h25m        
 C>* 10.60.74.252/30 is directly connected, eth1
 B>* 10.60.82.0/24 [20/0] via 10.60.74.253, eth1, 6d21h25m        
 B>* 10.60.84.0/24 [20/0] via 10.60.84.253, vlan1, 6d22h50m        
 C>* 10.60.84.252/30 is directly connected, vlan1
 S   10.60.86.0/24 [255/0] is directly connected, Null0, bh
 C>* 10.60.86.0/28 is directly connected, vlan0
 C>* 10.60.86.252/30 is directly connected, vlan1
 B>* 10.60.113.0/24 [20/0] via 10.60.84.253, vlan1, 6d22h50m        
 B>* 10.64.0.0/12 [20/0] via 10.60.74.253, eth1, 6d21h25m        
 C>* 127.0.0.0/8 is directly connected, lo


This output provides details about each route that currently exists in the WRT's routing table (kernel routes, dynamic routes, static routes, and routes to directly connected networks), and also provides further details about the source of the route, and how long zebra has known about that route.

Use the help command in the bgpd telnet session for more information on available commands, or refer to the Quagga documentation for more details.


References

   OpenWrt website
   Quagga Routing Suite
   RFC 1771 - A Border Gateway Protocol 4 (BGP-4)
   Border Gateway Protocol on Wikipedia 



Referensi


Pranala Menarik