OpenWRT: quagga bgp
sumber: https://martybugs.net/wireless/openwrt/quagga.cgi
OpenWrt BGP Routing on OpenWrt with Quagga
This page contains an overview on how to configure the Quagga BGP daemon on a Linksys WRT54GS wireless router that is running OpenWrt.
Introductory Information
On the WAFreeNet, we have been using BGP (Border Gateway Protocol) as our dynamic routing protocol (after initial unsuccessful attempts with OSPF due to stability issues with route flapping).
The Quagga Routing Suite is an opensource software suite, and provides a stable implementation of BGPv4 for Unix platforms. It consists of a core zebra daemon, and daemons for supporting various routing protocols, including RIP, OSPF and BGP.
Any BGP node only needs to be configured with details of its immediate neighbouring nodes, and will then start exchanging routes. This means adding a new node to a network only requires BGP configuration on the new node, and its immediate neighbours, and routes to the new node will then propagate through then entire network.
Note that Quagga requires reciprocal configuration on a neighbouring node, so you'll need to add neighbour configuration details to the nearest Quagga node before it'll start exchanging routes with your WRT.
The sample configuration shown below is for the Jandakot node on the WAFreeNet. This node uses a WRT54G running OpenWrt as a router, and the WRT provides routing, dns, dhcp and firewalling services for the node. Jandakot has an uplink to the ArmadaleAP node, and Willetton has a client link to Jandakot.
Install Components on OpenWrt
Install IPK Packages
Install the appropriate Quagga packages on OpenWrt:
ipkg install quagga quagga-bgpd
Note that this assumes your WRT has internet access, and is able to download the package list to determine where it needs to download the specified packages.
If your WRT doesn't have internet access, you'll need to use a browser to view the package list list, manually download the specified packages, and transfer them to your WRT and install them.
Create Configuration Files Firstly, create a directory for all Quagga configuration files on the WRT:
mkdir /etc/quagga
Create a configuration file for the Quagga zebra daemon, /etc/quagga/zebra.conf:
hostname jandakot ! define password for bgpd daemon (for connecting to daemon via telnet) password insertpasswordhere ! define enable password for bgpd daemon (for connecting to daemon via telnet) enable password insertpasswordhere ! ! list interfaces interface eth1 interface vlan0 interface vlan1 interface lo ! ! null route to consolidate all subnets in this /24 ip route 10.60.86.0/24 Null0 255 ! line vty
The null route allows us to consolidate all routes for the /24 subnet that this router is responsible for, and will cause it to propagate a single route for the entire /24 subnet, rather than multiple routes for the smaller subnets inside 10.60.86.0/24.
Create a configuration file for the Quagga bgpd daemon, /etc/quagga/bgpd.conf:
hostname jandakot ! define password for bgpd daemon (for connecting to daemon via telnet) password insertpasswordhere ! define enable password for bgpd daemon (for connecting to daemon via telnet) enable password insertpasswordhere ! ! define router's BGP AS router bgp 65086 ! define ID of router - we use IP of the router bgp router-id 10.60.86.1 ! define network address that this router knows about network 10.60.86.0/24 ! ! armadale neighbour neighbor 10.60.74.253 remote-as 65074 neighbor 10.60.74.253 soft-reconfiguration inbound neighbor 10.60.74.253 distribute-list freenet in neighbor 10.60.74.253 distribute-list freenet out ! ! willetton neighbour neighbor 10.60.84.253 remote-as 65084 neighbor 10.60.84.253 soft-reconfiguration inbound neighbor 10.60.84.253 distribute-list freenet in neighbor 10.60.84.253 distribute-list freenet out ! ! ACLs to stop people from propagating routes to their own private networks access-list freenet permit 10.48.0.0/12 access-list freenet deny any ! line vty exec-timeout 20160 0
As the Jandakot node has links to two other WAFreeNet nodes which also run bgpd, it'll be configured as a neighbour to each of these nodes, allowing it to exchange routes with each neighbour.
The IP address specified for each neighbour is that of the remote router's interface that connects to this node, ie, the IP address that the Jandakot WRT will see the bgpd traffic as originating from. The BGP AS number of each neighbour must also be specified.
Each of the neighbours must also have reciprocal configuration in their bgpd configuration file for the router you're configuring (ie, the WRT).
Modify Init Script The current quagga package for OpenWrt creates an init script, but if using older versions of the quagga package, you'll need to manually create the init script.
Edit the init script, /etc/init.d/S49quagga, and edit the following line, removing all daemons except those listed here:
DAEMONS="zebra bgpd"
Firewall Script
Depending on the firewall script on your WRT, you may need to modify it to allow bgpd traffic. Ensure that in and outbound traffic on TCP port 179 is allowed through the firewall.
Starting Quagga on OpenWrt
Starting Quagga
To manually start the zebra and bgpd daemons for the first time, you can either reboot the WRT, or manually run the init script:
/etc/init.d/S49quagga start
After making changes to bgpd.conf or zebra.conf, you'll need to restart the zebra and bgpd daemons. A reboot will certainly achieve this, but a quicker way is to terminate the daemons and restart them using the following syntax:
/etc/init.d/S49quagga restart
Debugging Quagga Verifying BGP Operation If Quagga is configured correctly at both ends, you should see the routing table of the WRT (viewable by running route -n from a command prompt) being populated with routes from its configured neighbour(s).
If routes are not showing up in the routing table, further debugging is required. While the Quagga daemons certainly can be configured to write status and debug information to log files, this isn't really a feasible option on a device such as the WRT, with flash memory.
Both the zebra and bgpd daemons provide local telnet access for monitoring and debugging.
Telnet to BGP Daemon OpenWrt doesn't have a telnet client, and telnet support hasn't been compiled into busybox. Instead, we need to use Netcat, which is included in the standard OpenWrt build. To telnet to the bgpd daemon, run:
nc localhost 2605
and you'll be prompted for a password.
(If you have the appropriate entries defined in /etc/services, you can also use nc localhost bgpd, and similarly for zebra.)
You need to enter the first password that was defined in /etc/quagga/bgpd.conf, and you'll then be rewarded with a prompt.
root@JANDAKOT-AP:~# nc localhost 2605
Hello, this is Quagga (version 0.98.4). Copyright 1996-2005 Kunihiro Ishiguro, et al.
User Access Verification
Password: insertpasswordhere
jandakot>
To view the status of the bgpd neighbours, run the following:
jandakot> show ip bgp summary
and you should be rewarded with output similar to this:
BGP router identifier 10.60.86.1, local AS number 65086 6 BGP AS-PATH entries 0 BGP community entries
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.60.74.253 4 65074 10525 10232 0 0 0 6d21h24m 4 10.60.84.253 4 65084 10013 10181 0 0 0 6d22h49m 2
Total number of neighbors 2
This output provides details about how long each neighbour has been connected, and how many routes the WRT has received from each neighbour (in this example, 4 routes from the first neighbour, and 2 from the second).
The Up/Down status shows the time that that neighbour has been connected. If it shows anything other than a time, it means the bgpd daemon has not successfully connected to that neighbour, so check the bgpd configuration at both ends.
To view the BGP routing table, run the following commend in the bgpd telnet session:
jandakot> show ip bgp
and you should get something similar to this output:
BGP table version is 0, local router ID is 10.60.86.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path *> 10.60.68.0/24 10.60.74.253 0 65074 65068 i *> 10.60.74.0/24 10.60.74.253 0 0 65074 i *> 10.60.82.0/24 10.60.74.253 0 65074 65082 i *> 10.60.84.0/24 10.60.84.253 0 0 65084 i *> 10.60.86.0/24 0.0.0.0 0 32768 i *> 10.60.113.0/24 10.60.84.253 0 65084 65113 i *> 10.64.0.0/12 10.60.74.253 0 0 65074 i Total number of prefixes 7
This view provides details of each route received via BGP, as well as the path to that route.
For example, from the output above, we can see that the route to 10.60.82.0/24 (SouthArmadale) goes via AS65074 (the ArmadaleAP router) and AS65082 (the SouthArmadale router), and the next hop with respect to Jandakot is 10.60.74.253, which is the IP address at the ArmadaleAP end of the ArmadaleAP-Jandakot link.
To finish the telnet session, just type exit.
Telnet to Zebra Daemon To telnet to the zebra daemon, run:
nc localhost 2601
and you'll be prompted for a password. You need to enter the first password that was defined in /etc/quagga/zebra.conf, and you'll then be rewarded with a prompt.
root@JANDAKOT-AP:~# nc localhost 2601
Hello, this is Quagga (version 0.98.4). Copyright 1996-2005 Kunihiro Ishiguro, et al.
User Access Verification
Password: insertpasswordhere
jandakot>
To view the status of the routing table, run the following:
jandakot> show ip route
and you should be rewarded with output similar to this:
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, B - BGP, > - selected route, * - FIB route
K>* 0.0.0.0/0 via 10.60.74.253, eth1 B>* 10.60.68.0/24 [20/0] via 10.60.74.253, eth1, 6d21h25m B>* 10.60.74.0/24 [20/0] via 10.60.74.253, eth1, 6d21h25m C>* 10.60.74.252/30 is directly connected, eth1 B>* 10.60.82.0/24 [20/0] via 10.60.74.253, eth1, 6d21h25m B>* 10.60.84.0/24 [20/0] via 10.60.84.253, vlan1, 6d22h50m C>* 10.60.84.252/30 is directly connected, vlan1 S 10.60.86.0/24 [255/0] is directly connected, Null0, bh C>* 10.60.86.0/28 is directly connected, vlan0 C>* 10.60.86.252/30 is directly connected, vlan1 B>* 10.60.113.0/24 [20/0] via 10.60.84.253, vlan1, 6d22h50m B>* 10.64.0.0/12 [20/0] via 10.60.74.253, eth1, 6d21h25m C>* 127.0.0.0/8 is directly connected, lo
This output provides details about each route that currently exists in the WRT's routing table (kernel routes, dynamic routes, static routes, and routes to directly connected networks), and also provides further details about the source of the route, and how long zebra has known about that route.
Use the help command in the bgpd telnet session for more information on available commands, or refer to the Quagga documentation for more details.
References
OpenWrt website Quagga Routing Suite RFC 1771 - A Border Gateway Protocol 4 (BGP-4) Border Gateway Protocol on Wikipedia
Referensi