Zebra quagga routing suite
Download
1 / 111

Zebra/Quagga Routing Suite - PowerPoint PPT Presentation

Zebra/Quagga Routing Suite Anura Abayaratne MTT Network - Sri Lanka anuraa@iee.org APRICOT 2006 22 nd Feb – 3 rd Mar 2006 Perth Western Australia Agenda Overview Installation Basic commands Setting up BGP Filtering Daemon + Server What is a routing daemon?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentation

Zebra/Quagga Routing Suite

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Zebra quagga routing suite l.jpg

Zebra/Quagga Routing Suite

Anura Abayaratne

MTT Network - Sri Lanka

anuraa@iee.org

APRICOT 2006

22nd Feb – 3rd Mar 2006

Perth Western Australia


Agenda l.jpg

Agenda

  • Overview

  • Installation

  • Basic commands

  • Setting up BGP

  • Filtering

APRICOT 2006 - Perth Western Australia


What is a routing daemon l.jpg

Daemon

+

Server

What is a routing daemon?

  • Software running on server

  • It maintains Routing Information

Router

APRICOT 2006 - Perth Western Australia


Daemons vs commercial routers l.jpg

Daemons vs. commercial Routers

  • Routing daemons

    – Low-cost solution

    – Expertise required for set-up

    – Lack of support

  • Commercial routers

    – Pricy

    – Better performance

    – Fully supported

APRICOT 2006 - Perth Western Australia


Routing daemons l.jpg

Routing Daemons

  • Zebra http://www.zebra.org

  • First daemon

  • Wide support: RIP,OSPF,BGP

  • Certain Vulnerabilities

  • Quagga http://www.quagga.net

  • Based on Zebra

  • Wide support: RIP,OSPF,BGP,ISIS

  • Development libraries

APRICOT 2006 - Perth Western Australia


Overview l.jpg

Overview


Overview7 l.jpg

Overview

  • Distributed under the GNU General Public License

  • Zebra is a routing software package that provides TCP/IP based routing services with routing protocols support such as RIPv1, RIPv2, RIPng, OSPFv2, OSPFv3, BGP-4, and BGP-4+

  • Support BGP Route Reflectors and Route server behavior

  • IPv6 Routing protocols

  • Zebra has interactive user interface for each routing protocol and supports common client commands.

APRICOT 2006 - Perth Western Australia


About zebra l.jpg

About Zebra

  • Act as a dedicated server

  • Exchange routing information with other routers using routing protocols

  • Uses these information to update kernel routing table so that right data goes to the right place.

  • Can dynamically change the configuration and you may view routing table from Zebra terminal interface

  • If the network is small, Configuring Zebra is very easy : setup interfaces, Add static routes and/or default routes

  • If the network is rather large or structure change frequently, you may need to setup Zebra dynamic routing protocol : RIP,OSPF or BGP.

  • Support unicast routing protocols.

  • Zebra has different system administration mode : Normal mode and Enable mode

  • Unix account independent feature will be great help to the router administrator.

APRICOT 2006 - Perth Western Australia


System architecture diagram l.jpg

System Architecture Diagram

ospfd

ripd

bgpd

zebra

Unix Kernel Routing Table

APRICOT 2006 - Perth Western Australia


How zebra quagga works l.jpg

How Zebra/Quagga works

  • Collection of several daemons that work together to build the routing table. (protocol specific routing daemons: ripd,ospfd,bgpd + kernel routing manager: zebrad)

  • Zebra daemon is an IP routing manager. It provides kernel routing table updates, interface lookups, and redistribution of routes between different routing protocols.

  • Each daemon has its own configuration file

    • For example, Static route – in zebrad configuration file

    • BGP – in bgpd configuration file

APRICOT 2006 - Perth Western Australia


Supported platform l.jpg

Supported Platform

  • Linux 2.2.x and higher

  • FreeBSD 4.x and higher

  • NetBSD 1.6 and higher

  • OpenBSD 2.5 and higher

  • Solaris 2.6 and higher

APRICOT 2006 - Perth Western Australia


How to get zebra quagga l.jpg

How to get Zebra/Quagga

  • http://www.zebra.org/

  • http://www.quagga.net/

APRICOT 2006 - Perth Western Australia


Installation l.jpg

Installation


Steps l.jpg

Steps

  • There are three steps for installing the software :Configuration, Compilation, Installation

  • First unzip/extract the software

    • gzip –d zebra-0.95a.tar.gz

    • tar –xvf zebra-0.95a.tar

    • cd zebra-0.95a

APRICOT 2006 - Perth Western Australia


Configure the software l.jpg

Configure the software

  • Zebra can detect the most host configuration automatically. There are additional configuration options

  • %./configure --help

    • eg.

  • %./configure

  • %./configure –-prefix=/home/zebra

  • %./configure –disable-ripd

APRICOT 2006 - Perth Western Australia


Build the software l.jpg

Build the Software

  • After configuring the software, you will need to compile it for your system

  • Issue the command make in the root of the source directory.

  • %make

APRICOT 2006 - Perth Western Australia


Install the software l.jpg

Install the Software

  • copying the compiled programs and supporting files to a standard location.

  • issue the following command at your shell prompt: make install.

  • %make install

  • default working directory: /usr/local/bin and /usr/local/etc

APRICOT 2006 - Perth Western Australia


Install the software contd l.jpg

Install the Software Contd…

  • Zebra daemons have their own terminal interface or VTY. After installation, you have to setup each beast’s port number to connect to them. Please add the following entries to‘/etc/services’.

    zebrasrv 2600/tcp # zebra service

    zebra 2601/tcp # zebra vty

    ripd 2602/tcp # RIPd vty

    ripngd 2603/tcp # RIPngd vty

    ospfd 2604/tcp # OSPFd vty

    bgpd 2605/tcp # BGPd vty

    ospf6d 2606/tcp # OSPF6d vty

    Additionally for Quagga

    ospfapi 2607/tcp # ospfapi

    isisd 2608/tcp # ISISd vty

APRICOT 2006 - Perth Western Australia


Access the router l.jpg

Access the Router

  • Telnet to the port

    • telnet <ipaddress> 2601

      ports on zebra

      2601 # zebra vty

      2602p # RIPd vty

      2603 # RIPngd vty

      2604 # OSPFd vty

      2605 # BGPd vty

      2606 # OSPF6d vty

      Additionally quagga support:

      2607 # ospfapi

      2608 # ISISd vty

  • Use VTY shell

    • To use vtysh, specify —enable-vtysh to configure script.

    • Username stored in vtysh.conf file.

      • username testuser nopassword

APRICOT 2006 - Perth Western Australia


Basic commands l.jpg

Basic Commands


Config commands l.jpg

Config Commands

  • Command common to all routing protocol

  • Config command are generally found in /usr/local/etc/*.conf or path specified in -–prefix option (eg. /home/zebra/etc/*.conf)

  • The daemon name + `.conf` is the default config file name (eg. /home/zebra/etc/zebra.conf)

  • Config file can be specified using –f or –config_file options when stating the daemon (eg. /home/zebra/sbin/zebra –d –f /home/zebra/etc/zebratest.conf)

APRICOT 2006 - Perth Western Australia


Basic config commands l.jpg

Basic Config Commands

  • hostname hostname - Set hostname of the router.

  • password password - Set password for vty interface. If there is no password, a vty won’t accept connections.

  • enable password password -Set enable password.

  • log stdout - Set logging output to stdout.

  • no log stdout -

APRICOT 2006 - Perth Western Australia


Basic config commands23 l.jpg

Basic Config Commands….

  • log file filename - If you want to log into a file please specify filename as follows.

    (eg. log file /usr/local/etc/bgpd.log

  • log syslog - Set logging output to syslog.

  • no log syslog

APRICOT 2006 - Perth Western Australia


Basic config commands24 l.jpg

Basic Config Commands…

  • write terminal - Displays the current configuration to the vty interface.

  • show running-config

  • write file - Write current configuration to configuration file.

  • copy running-config startup-config

  • configure terminal -Change to configuration mode. This command is the first step to configuration.

APRICOT 2006 - Perth Western Australia


Basic config commands25 l.jpg

Basic Config Commands…

  • who, list – List command

  • service password-encryption – Encrypt password

  • show version - Show the current version of the Zebra and its build host information.

  • line vty - Enter vty configuration mode.

  • banner motd default - Set default motd string.

  • no banner motd - No motd banner string will be printed.

APRICOT 2006 - Perth Western Australia


Basic config commands26 l.jpg

Basic Config Commands…

  • exec-timeout minute

  • exec-timeout minute second

    Set VTY connection timeout value. When only one argument is specified it is used

    for timeout value in minutes. Optional second argument is used for timeout value in seconds. Default timeout value is 10 minutes. When timeout value is zero, it means no timeout.

  • no exec-timeout - Do not perform timeout at all. This command is as same as exec-timeout 0 0.

APRICOT 2006 - Perth Western Australia


Basic config commands27 l.jpg

Basic Config Commands…

  • access-class access-list - Restrict vty connections with an access list.

    Example:

    access-list log-in permit 192.168.1.0/24

    line vty

    access-class log-in

APRICOT 2006 - Perth Western Australia


Sample config file l.jpg

Sample Config File

  • for the zebra daemon.

    hostname Router

    password zebra

    enable password zebra

    !

    interface lo

    !

    interface eth0

    ip address 172.16.1.2/24

    !

    line vty

APRICOT 2006 - Perth Western Australia


Sample config file29 l.jpg

Sample Config File

  • ’ !’ and ’#’ are comment characters. If the first character of the word is one of thecomment characters then from the rest of the line forward will be ignored as a comment.

  • password zebra!password

  • If a comment character is not the first character of the word, it’s a normal character. So in the above example ’ !’ will not be regarded as a comment and the password is set to

    ’zebra!password’.

APRICOT 2006 - Perth Western Australia


Common invocation options l.jpg

Common Invocation Options

  • Usage : zebra [OPTION...]

  • Daemon which manages kernel routing table management and redistribution between different routing protocols.

  • -b, --batch Runs in batch mode

  • -d, --daemon Runs in daemon mode

  • -f, --config_file Set configuration file name

  • -i, --pid_file Set process identifier file name

  • -k, --keep_kernel Don't delete old routes which installed by zebra.

  • -l, --log_mode Set verbose log mode flag

  • -A, --vty_addr Set vty's bind address

  • -P, --vty_port Set vty's port number

  • -r, --retain When program terminates, retain added route by zebra.

  • -v, --version Print program version

  • -h, --help Display this help and exit

  • Example: /home/zebra/sbin/zebra -d

APRICOT 2006 - Perth Western Australia


Virtual terminal interfaces l.jpg

Virtual Terminal Interfaces

  • VTY – Virtual Terminal Interface is a command line interface (CLI) for user interaction with the routing daemon.

  • To enable a VTY interface, you have to setup a VTY password. If there is no VTY password, one cannot connect to the VTY interface at all.

APRICOT 2006 - Perth Western Australia


Vty overview l.jpg

VTY Overview

  • % telnet 192.168.8.9 2601

    Hello, this is zebra (version 0.95a).

    Copyright 1996-2004 Kunihiro Ishiguro.

    User Access Verification

    Password:

    Router> enable

    Password: XXXXX

    Router# configure terminal

    Router(config)#password zzzzzzz

    Router(config)# enable password yyyyyyy

    Router(config)# interface eth0

    Router(config-if)# ip address 10.1.0.1/24

    Router(config-if)# exit

    Router(config)#access-list log-in permit 192.168.1.0/24

    Router(config)#line vty

    Router(config-line)# access-class log-in

    Router(config-line)# end

    Router#disable

    Router>

APRICOT 2006 - Perth Western Australia


Vty modes l.jpg

VTY Modes

Three VTY modes

  • VTY View Mode : Read-Only access to the CLI

  • VTY Enable mode : Read-write access to the CLI

  • VTY Other modes

APRICOT 2006 - Perth Western Australia


Zebra daemon l.jpg

Zebra Daemon


Interface commands l.jpg

Interface Commands

  • interface ifname

  • shutdown , no shutdown – up or down the current interface

  • ip address address (e.g. 10.0.0.1/8)

  • description description ……

  • multicast , no multicast - Enable or disable multicast flag for the interface

  • bandwidth <1-10000000> Bandwidth in kilobits

  • no bandwidth <1-10000000>

APRICOT 2006 - Perth Western Australia


Example l.jpg

Example

Router> enable

Password: XXXXX

Router# configure terminal

Router(config)# interface eth0

Router(config-if)# ip address 10.0.1.2/24

Router(config-if)# no ip address 10.0.2.2/24

Router(config-if)#end

Router#exit

APRICOT 2006 - Perth Western Australia


Static route commands l.jpg

Static Route Commands

  • It defines static prefix and gateway.

  • ip route network gateway

  • ip route network netmask gateway

    ip route 10.0.0.0/8 10.0.0.2

    ip route 10.0.0.0/8 ppp0

    ip route 10.0.0.0 255.255.255.0 10.0.0.2

  • ip route network gateway distance

    ip route 10.0.0.0 255.255.255.0 10.0.0.3 50

APRICOT 2006 - Perth Western Australia


Static route c l.jpg

Static Route C……

  • Router# show ip route

  • Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,

  • B - BGP, > - selected route, * - FIB route

  • K>* 0.0.0.0/0 via 192.168.8.1, eth0

  • S 10.0.0.0/24 [1/0] via 10.0.0.3 inactive

  • S>* 10.1.0.0/24 [100/0] via 192.168.8.3, eth0

  • S>* 10.2.3.0/24 [10/0] via 192.168.8.1, eth0

  • K * 127.0.0.0/8 is directly connected, lo

  • C>* 127.0.0.0/8 is directly connected, lo

  • K * 192.168.8.0/24 is directly connected, eth0

  • C>* 192.168.8.0/24 is directly connected, eth0

APRICOT 2006 - Perth Western Australia


Zebra terminal mode commands l.jpg

Zebra Terminal Mode Commands

  • show interface

  • show ip forward - Display whether the host’s IP forwarding function is enabled or not. Almost any UNIX kernel can be configured with IP forwarding disabled. If so, the box can’t work as a router.

  • cat /proc/sys/net/ipv4/ip_forward

  • To enable ip forward on Linux box

    sysctl -w net.ipv4.ip_forward=1

APRICOT 2006 - Perth Western Australia


Slide40 l.jpg

BGP

Border Gateway Protocol


Introduction to bgp l.jpg

Introduction to BGP

  • Routing Protocol used to exchange routing information between networks - Exterior gateway protocol

  • Path Vector Protocol

  • Incremental Updates

  • Many options for policy enforcement

  • Classless Inter Domain Routing (CIDR)

  • Widely used for Internet backbone

  • BGP used internally (iBGP) and externally (eBGP)

APRICOT 2006 - Perth Western Australia


Autonomous system l.jpg

AS100

AS100

Autonomous System

  • It is used to uniquely identify networks with common routing policy

  • Usually under single ownership, trust and administrative control

APRICOT 2006 - Perth Western Australia


Autonomous system number l.jpg

Autonomous System Number

  • AS number is an identification of autonomous system.

  • BGP protocol uses the AS number for detecting whether the BGP connection is internal one or external one.

  • An ASN is a 16 bit number

  • Public AS numbers 1 - 64511

  • Private AS numbers 64512 – 65535

  • 0 and 65535 are reserved

  • ASNs are distributed by the Regional Internet Registries

APRICOT 2006 - Perth Western Australia


Starting bgp l.jpg

Starting BGP

  • Default configuration file of bgpd is ‘bgpd.conf’. (eg. /home/zebra/etc/bgpd.conf)

  • /home/zebra/sbin/bgpd -d

APRICOT 2006 - Perth Western Australia


Configuring the router l.jpg

Configuring the router

  • Enable BGP

  • Add the address to be announced

  • Add the address and AS numbers of neighboring routers (peers)

  • Apply policy with BGP

    • Allow only the routes that originate here to be announced to the neighboring AS

    • Announced routes

    • Receiving routes

APRICOT 2006 - Perth Western Australia


Bgp router l.jpg

BGP Router

  • Configure BGP router with router bgp command. To configure BGP router, you need AS number.

  • router bgp asn

    Enable a BGP protocol process with the specified asn. After this statement you can input any BGP Commands. You can not create different BGP process under different asn without specifying multiple-instance

  • no router bgp asn

    Destroy a BGP protocol process with the specified asn.

APRICOT 2006 - Perth Western Australia


Configuration example l.jpg

bgpd

A

bgpd

B

AS100

AS200

Configuration example

  • % telnet 192.168.8.139 2605

    • Connected to 192.168.1.139

    • Escape character is ’^]’.

    • Hello, this is zebra (version 0.95a)

    • User Access Verification

    • Password: XXXXX

    • RouterA>

    • RouterA> enable

    • RouterA#configure terminal

    • RouterA(config)#router bgp 100

    • RouterA(config-router)#

    • RouterA(config-router)#exit

    • RouterA#exit

APRICOT 2006 - Perth Western Australia


Slide48 l.jpg

  • bgp router-id A.B.C.D

    This command specifies the router-ID. If bgpd connects to zebra it gets interface and address information. In that case default router ID value is selected as the largest IP Address of the interfaces. When router zebra is not enabled bgpd can’t get interface information so router-id is set to 0.0.0.0. So set router-id by hand.

    RouterA#configure terminal

    RouterA(config)#router bgp 100

    RouterA(config-router)#bgp router-id 172.16.1.1

APRICOT 2006 - Perth Western Australia


Configuring the router49 l.jpg

Configuring the router

  • Enable BGP

  • Add the address to be announced

  • Add the address and AS numbers of neighboring routers (peers)

  • Apply policy with BGP

    • Allow only the routes that originate here to be announced to the neighboring AS

    • Announced routes

    • Receiving routes

APRICOT 2006 - Perth Western Australia


Inserting prefixes into bgp l.jpg

Inserting prefixes into BGP

  • To add address prefix to be announced

  • Two ways :

    • redistributing internal routing protocol

    • network command

  • network A.B.C.D/M

    router bgp 100

    network 10.1.0.0/16

    no network 172.16.0.0/16

APRICOT 2006 - Perth Western Australia


Configuration example51 l.jpg

AS100

AS200

Configuration example

bgpd

bgpd

A

B

  • RouterA#configure terminal

  • RouterA(config)#router bgp 100

  • RouterA(config-router)# network 10.1.0.0/16

  • RouterA(config-router)#end

  • RouterA#exit

APRICOT 2006 - Perth Western Australia


Redistribute to bgp l.jpg

Redistribute to BGP

  • redistribute kernel

    • Redistribute kernel route to BGP process.

  • redistribute static

    • Redistribute static route to BGP process.

  • redistribute connected

    • Redistribute connected route to BGP process.

  • redistribute rip

    • Redistribute RIP route to BGP process.

  • redistribute ospf

    • Redistribute OSPF route to BGP process.

APRICOT 2006 - Perth Western Australia


Configuration example53 l.jpg

Configuration example

router bgp 100

network 10.1.0.0/16

redistribute static

redistribute connected

neighbor 192.168.8.140 remote-as 200

APRICOT 2006 - Perth Western Australia


Configuring the router54 l.jpg

Configuring the router

  • Enable BGP

  • Add the address to be announced

  • Add the address and AS numbers of neighboring routers (peers)

  • Apply policy with BGP

    • Allow only the routes that originate here to be announced to the neighboring AS

    • Announced routes

    • Receiving routes

APRICOT 2006 - Perth Western Australia


Bgp peers l.jpg

BGP Peers

  • neighbor peer remote-as asn

    • Creates a new neighbor whose remote-as is asn. peer can be an IP address

      router bgp 1

      neighbor 10.0.0.1 remote-as 2

APRICOT 2006 - Perth Western Australia


Configuration example56 l.jpg

bgpd

A

bgpd

B

AS100

AS200

Configuration example

  • RouterA#configure terminal

    • RouterA(config)#router bgp 100

    • RouterA(config-router)#neighbor 192.168.8.140 remote-as 200

    • RouterA(config-router)# network 10.1.0.0/16

    • RouterA(config-router)#end

    • Display commands-

    • A>show ip bgp summary

    • B>show ip bgp

    • B>Show ip route bgp

    • A>show ip bgp neighbors <peerIPAddress> advertised-routes

    • B>show ip bgp neighbors <peerIPAddress> routes

APRICOT 2006 - Perth Western Australia


Configuration example57 l.jpg

Configuration example ……

RouterA#show ip bgp summary

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

192.168.8.140 4 200 99 113 0 0 0 00:03:30 1

Total number of neighbors 1

RouterB# show ip bgp neighbors 192.168.8.139 routes

BGP table version is 0, local router ID is 172.16.1.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,r RIB-failure, S Stale, R Removed

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 10.1.0.0/16 192.168.8.139 0 0 100 i

Total number of prefixes 1

APRICOT 2006 - Perth Western Australia


Bgp peer commands l.jpg

BGP Peer commands

  • neighbor peer shutdown

  • no neighbor peer shutdown

    Shutdown the peer. We can delete the neighbor’s configuration by no neighbor peer remote-as as-number but all configuration of the neighbor will be deleted. When you want to preserve the configuration, but want to drop the BGP peer, use this syntax.

APRICOT 2006 - Perth Western Australia


Bgp peer commands59 l.jpg

BGP Peer commands….

  • neighbor peer ebgp-multihop num

  • no neighbor peer ebgp-multihop num

    • Peer not directly connected

  • neighbor peer description ...

  • no neighbor peer description ...

    • Set description of the peer.

  • neighbor peer version version

    • Set up the neighbor’s BGP version. version can be 4, 4+ or 4-. BGP version 4 is the default value used for BGP peering.

APRICOT 2006 - Perth Western Australia


Configuration example60 l.jpg

bgpd

A

bgpd

B

AS100

AS200

Configuration example

  • RouterA#configure terminal

    • RouterA(config)#router bgp 100

    • RouterA(config-router)#neighbor 192.168.8.140 remote-as 200

    • RouterA(config-router)#neighbor 192.168.8.140 description eBGP to RouterB

    • RouterA(config-router)#neighbor 192.168.8.140 version 4

    • RouterA(config-router)#neighbor 192.168.8.140 shutdown

    • RouterA(config-router)# network 10.1.0.0/16

APRICOT 2006 - Perth Western Australia


Bgp peer commands61 l.jpg

BGP Peer commands….

  • neighbor peer next-hop-self

    • This command specifies an announced route’s nexthop as being equivalent to the address of the bgp router. In eBGP, changing the next-hop is handled automatically. But not in iBGP

  • no neighbor peer next-hop-self

  • neighbor peer update-source interface

  • no neighbor peer update-source

  • neighbor peer default-originate

    • announce default routes to the peer

  • no neighbor peer default-originate

APRICOT 2006 - Perth Western Australia


Bgp peer commands62 l.jpg

BGP Peer commands….

  • neighbor peer send-community

  • neighbor peer weight weight

    • specifies a default weight value for the neighbor’s routes. Local to the router

    • Higher weight wins

APRICOT 2006 - Perth Western Australia


Configuration example63 l.jpg

bgpd

A

bgpd

B

AS100

AS200

Configuration example

  • RouterA#

  • router bgp 100

  • network 10.1.0.0/16

  • neighbor 192.168.8.140 remote-as 200

  • neighbor 192.168.8.140 update-source ehternet0

  • neighbor 192.168.8.140 default-originate

  • neighbor 192.168.8.140 send-community

  • neighbor 192.168.8.140weight 50

  • To apply changes :

    • clear ip bgp 192.168.8.140 out

  • RouterB#show ip route bgp

  • RouterB#show ip route

  • RouterB#show ip bgp

  • APRICOT 2006 - Perth Western Australia


    Configuration example64 l.jpg

    Configuration example ……

    • RouterB# show ip bgp

      Network Next Hop Metric LocPrf Weight Path

      *> 0.0.0.0 192.168.8.139 0 0 100 i

      *> 10.1.0.0/16 192.168.8.139 0 0 100 i

    APRICOT 2006 - Perth Western Australia


    Configuring the router65 l.jpg

    Configuring the router

    • Enable BGP

    • Add the address to be announced

    • Add the address and AS numbers of neighboring routers (peers)

    • Apply policy with BGP

      • Allow only the routes that originate here to be announced to the neighboring AS

      • Announced routes

      • Receiving routes

    APRICOT 2006 - Perth Western Australia


    Policy control l.jpg

    Policy Control

    • Policy based on AS path, community and prefixes

    • Rejecting, accepting selected routes

    • Set attribute to influence path selection

    • Zebra provides many very flexible filtering features. Filtering is used for both input and output of the routing information. Once filtering is defined, it can be applied in any direction.

    APRICOT 2006 - Perth Western Australia


    Tools for policy control l.jpg

    Tools for policy control

    • Prefix-list (Filter prefixes)

    • Filter-list (Filter ASes)

    • Route-map and communities

    • neighbor peer distribute-list name [in|out]

      • This command specifies a distribute-list for the peer. direct is ‘in’ or ‘out’.

    • neighbor peer prefix-list name [in|out]

    • neighbor peer filter-list name [in|out]

    • neighbor peer route-map name [in|out]

    APRICOT 2006 - Perth Western Australia


    Prefix list l.jpg

    Prefix List

    • ip prefix-list provides the most powerful prefix based filtering mechanism.

    • add or delete prefix based filters to arbitrary points of prefix-list using sequential number specification.

    • If no ip prefix-list is specified, it acts as permit. If ip prefix-list is defined, and no match is found, default deny is applied.

    APRICOT 2006 - Perth Western Australia


    Prefix list command l.jpg

    Prefix List command

    • ip prefix-list name (permit|deny) prefix [le len] [ge len]

    • ip prefix-list name seq-number (permit|deny) prefix [le len] [ge len]

    • ip prefix-list name description desc

    • no ip prefix-list name

    • no ip prefix-list name description [desc]

    • show ip prefix-list

      • Display all IP prefix lists.

    • show ip prefix-list name

      • Show IP prefix list can be used with a prefix list name.

    • show ip prefix-list name seq num

    APRICOT 2006 - Perth Western Australia


    Configuration example70 l.jpg

    Configuration example

    • RouterA

    • router bgp 100

    • network 10.1.0.0/16

    • neighbor 192.168.8.140 remote-as 200

    • neighbor 192.168.8.140 prefix-list PEER-IN in

    • neighbor 192.168.8.140 prefix-list PEER-OUT out

    • ip prefix-list PEER-IN deny 172.16.2.0/24

    • ip prefix-list PEER-IN permit 0.0.0.0/0 le 32

    • ip prefix-list PEER-OUT permit 10.1.0.0/16

    • To apply changes :

    • clear ip bgp 192.168.8.140 in

    • clear ip bgp 192.168.8.140 out

    • A>show ip bgp summary

    • B>show ip bgp

    • B>Show ip route bgp

    • A>show ip bgp neighbors <peerIPAddress> advertised-routes

    • B>show ip bgp neighbors <peerIPAddress> routes

    APRICOT 2006 - Perth Western Australia


    Filter list l.jpg

    Filter List

    • Filter routes based on AS path

    • Both direction – in/out

    APRICOT 2006 - Perth Western Australia


    Configuration example72 l.jpg

    Configuration example

    • router bgp 100

    • network 10.1.0.0/16

    • neighbor 192.168.8.140 remote-as 200

    • neighbor 192.168.8.140 filter-list 6 in

    • neighbor 192.168.8.140 filter-list 5 out

    • ip as-path access-list 5 permit ^100$

    • ip as-path access-list 6 permit ^200$

  • To apply the changes

  • clear ip bgp 192.168.8.140 in

  • clear ip bgp 192.168.8.140 out

    • A>show ip bgp summary

    • B>show ip bgp

    • B>Show ip route bgp

    • A>show ip bgp neighbors <peerIPAddress> advertised-routes

    • B>show ip bgp neighbors <peerIPAddress> routes

  • APRICOT 2006 - Perth Western Australia


    Regular expressions l.jpg

    Regular Expressions

    • AS path regular expression can be used for displaying BGP routes and AS path access list.

      . Matches any single character.

      * Matches 0 or more occurrences of pattern.

      + Matches 1 or more occurrences of pattern.

      ? Match 0 or 1 occurrences of pattern.

      ^ Matches the beginning of the line.

      $ Matches the end of the line.

      _ Character _ has special meanings in AS path regular expression. It matches to space and comma , and AS set delimiter { and } and AS confederation delimiter ( and ). And it also matches to the beginning of the line and the end of the

      line. So _ can be used for AS value boundaries match.

      show ip bgp regexp _7675_ matches to all of BGP routes which as AS number include 7675.

    APRICOT 2006 - Perth Western Australia


    Examples l.jpg

    Examples

    .* match anything

    .+ match at least one character

    ^$ match routes local to this AS

    _100$ originated by AS100

    ^100_ received from AS100

    _100_ via AS100

    _200_100_ via AS100 and AS200

    _(100_)+ multiple AS100 in sequence

    (used to match AS-PATH prepends)

    _\(65530\)_ via AS65530 (confederations)

    APRICOT 2006 - Perth Western Australia


    As path access list l.jpg

    AS Path Access List

    • AS path access list is user defined AS path.

    • ip as-path access-list word {permit|deny} line

      • This command defines a new AS path access list.

    • no ip as-path access-list word

    • no ip as-path access-list word {permit|deny} line

    APRICOT 2006 - Perth Western Australia


    Example76 l.jpg

    Example

    • ip as-path access-list 1 permit _100$

    • ip as-path access-list 2 permit _200_

    APRICOT 2006 - Perth Western Australia


    Route maps l.jpg

    Route Maps

    • Route map is a very useful function in zebra. There is a match and set statement permitted in a route map.

    • concepts

      if match then do expression and exit

      else

      if match then do expression and exit

      else etc

    APRICOT 2006 - Perth Western Australia


    Example route map prefix lists l.jpg

    Example - Route Map & prefix-lists

    router bgp 100

    bgp router-id 172.16.1.1

    network 10.1.0.0/16

    neighbor 192.168.8.140 remote-as 200

    neighbor 192.168.8.140 route-map filter-in in

    route-map filter-in permit 10

    match ip address prefix-list list-1

    set local-preference 120

    route-map filter-in permit 20

    match ip address prefix-list list-2

    set local-preference 80

    route-map filter-in permit 30

    ip prefix-list list-1 permit 10.2.0.0/16

    ip prefix-list list-2 permit 10.3.0.0/16

    To apply the changes

    clear ip bgp 192.168.8.140 in

    APRICOT 2006 - Perth Western Australia


    Example route map prefix lists79 l.jpg

    Example - Route Map & prefix-lists.

    • Before applying policies

      RouterA# show ip bgp 10.2.0.0

      BGP routing table entry for 10.2.0.0/16

      Paths: (1 available, best #1, table Default-IP-Routing-Table)

      Not advertised to any peer

      200

      192.168.8.140 from 192.168.8.140 (172.16.1.2)

      Origin IGP, metric 0, localpref 100, valid, external, best

      Last update: Mon Jan 30 12:40:11 2006

    • After applying policies

      RouterA# show ip bgp 10.2.0.0

      BGP routing table entry for 10.2.0.0/16

      Paths: (1 available, best #1, table Default-IP-Routing-Table)

      Not advertised to any peer

      200

      192.168.8.140 from 192.168.8.140 (172.16.1.2)

      Origin IGP, metric 0, localpref 120, valid, external, best

      Last update: Mon Jan 30 12:48:11 2006

    APRICOT 2006 - Perth Western Australia


    Example route map prefix lists80 l.jpg

    Example - Route Map & prefix-lists.

    • Before applying policies

      RouterA# show ip bgp 10.3.0.0

      BGP routing table entry for 10.3.0.0/16

      Paths: (1 available, best #1, table Default-IP-Routing-Table)

      Not advertised to any peer

      200

      192.168.8.140 from 192.168.8.140 (172.16.1.1)

      Origin IGP, metric 0, localpref 100, valid, external, best

      Last update: Mon Jan 30 12:41:41 2006

    • After applying policies

      RouterA# sh ip bgp 10.3.0.0

      BGP routing table entry for 10.3.0.0/16

      Paths: (1 available, best #1, table Default-IP-Routing-Table)

      Not advertised to any peer

      200

      192.168.8.140 from 192.168.8.140 (172.16.1.1)

      Origin IGP, metric 0, localpref 80, valid, external, best

      Last update: Mon Jan 30 12:52:11 2006

    APRICOT 2006 - Perth Western Australia


    Example route map filter lists l.jpg

    Example - Route Map & Filter lists

    router bgp 100

    network 10.1.0.0/16

    neighbor 192.168.8.140 remote-as 200

    neighbor 192.168.8.140 route-map filter-as-path in

    route-map filter-as-path permit 10

    match as-path 1

    set local-preference 90

    route-map filter-as-path permit 20

    match as-path 2

    set local-preference 150

    route-map filter-as-path permit 30

    ip as-path access-list 1 permit _200$

    ip as-path access-list 2 permit _300_

    To apply the changes

    clear ip bgp 192.168.8.140 in

    APRICOT 2006 - Perth Western Australia


    Example route map as path prepend l.jpg

    Example - Route-map & AS-PATH prepend

    RouterA

    router bgp 100

    network 10.1.0.0/16

    neighbor 192.168.8.140 remote-as 200

    neighbor 192.168.8.140 route-map set-as-path out

    !

    route-map set-as-path permit 10

    match ip address prefix-list list-3

    set as-path prepend 100 100

    route-map set-as-path permit 20

    ip prefix-list list-3 permit 10.1.0.0/16

    • Use own AS number when prepending

      To apply the changes

      clear ip bgp 192.168.8.140 out

    APRICOT 2006 - Perth Western Australia


    Example route map as path prepend83 l.jpg

    Example - Route-map & AS-PATH prepend …..

    RouterB# show ip bgp 10.1.0.0

    BGP routing table entry for 10.1.0.0/16

    Paths: (1 available, best #1, table Default-IP-Routing-Table)

    Not advertised to any peer

    100 100 100

    192.168.8.139 from 192.168.8.139 (172.16.1.1)

    Origin IGP, metric 0, localpref 100, valid, external, best

    Last update: Mon Jan 30 14:17:01 2006

    APRICOT 2006 - Perth Western Australia


    Route aggregation policies l.jpg

    Route Aggregation policies

    • aggregate-address A.B.C.D/M

      • This command specifies an aggregate address.

    • no aggregate-address A.B.C.D/M

    • aggregate-address A.B.C.D/M summary-only

      • This command specifies an aggregate address. Aggregated routes will not be announce.

    APRICOT 2006 - Perth Western Australia


    Configuring the router85 l.jpg

    Configuring the router

    • Enable BGP

    • Add the address to be announced

    • Add the address and AS numbers of neighboring routers (peers)

    • Apply policy with BGP

      • Allow only the routes that originate here to be announced to the neighboring AS

      • Announced routes

      • Receiving routes

    APRICOT 2006 - Perth Western Australia


    Example network l.jpg

    AS400

    AS300

    C

    AS200

    B

    192.168.1.2

    192.168.2.2

    10.2.0.0/16

    10.2.0.0/16

    192.168.1.1

    192.168.2.1

    AS100

    A

    10.1.0.0/16

    Example Network

    APRICOT 2006 - Perth Western Australia


    Slide87 l.jpg

    RouterC

    router bgp 200

    network 10.2.0.0/16

    neighbor 192.168.1.1 remote-as 100

    neighbor 192.168.1.1 prefix-list PEERA-IN in

    neighbor 192.168.1.1 filter-list 5 in

    ip prefix-list PEERA-IN permit 10.1.0.0/16 le 32

    ip as-path access-list 5 permit ^100

    RouterB

    router bgp 300

    network 10.3.0.0/16

    neighbor 192.168.2.1 remote-as 100

    neighbor 192.168.2.1 prefix-list PEERA-IN in

    neighbor 192.168.1.1 filter-list 5 in

    ip prefix-list PEERA-IN permit 10.1.0.0/16 le 32

    ip as-path access-list 5 permit ^100

    RouterA

    router bgp 100

    network 10.1.0.0/16

    neighbor 192.168.1.2 remote-as 200

    neighbor 192.168.1.2 prefix-list PEERC-OUT out

    neighbor 192.168.2.2 remote-as 300

    neighbor 192.168.2.2 prefix-list PEERB-OUT out

    neighbor 192.168.2.2 route-map set-as-path out

    ip prefix-list PEERB-OUT permit 10.1.0.0/16

    ip prefix-list PEERC-OUT permit 10.1.0.0/16

    ip prefix-list list-3 permit 10.1.0.0/16

    route-map set-as-path permit 10

    match ip address prefix-list list-3

    set as-path prepend 100 100

    route-map set-as-path permit 20

    AS400

    AS300

    C

    AS200

    B

    192.168.1.2

    192.168.2.2

    10.2.0.0/16

    10.2.0.0/16

    192.168.1.1

    192.168.2.1

    AS100

    A

    10.1.0.0/16

    APRICOT 2006 - Perth Western Australia


    Bgp scaling techniques l.jpg

    BGP Scaling Techniques

    • Route Refresh and Soft Reconfiguration

    • Peer Groups

    APRICOT 2006 - Perth Western Australia


    Route refresh l.jpg

    Peer IP address/ASN

    Route Refresh

    • BGP session to that neighbor has to be cleared so that it’s reinitialized after every policy change because the router does not store prefixes that are rejected by policy

    • Hard BGP reset

      • Tear down BGP peering

      • Consume CPU

      • Disrupts connectivity for all network

    • clear ip bgp peer

    • clear ip bgp *

    APRICOT 2006 - Perth Western Australia


    Route refresh capability l.jpg

    Route Refresh Capability

    • No disrupts connectivity

    • No additional memory is used

    • No configuration is needed

    • Requires peering routers to support “route refresh capability” – RFC2918

    • clear ip bgp x.x.x.x in

      • ask the peer to resend full BGP announcement

    • clear ip bgp x.x.x.x out

      • to resend full BGP announcement to peer

    APRICOT 2006 - Perth Western Australia


    Soft reconfiguration l.jpg

    Soft Reconfiguration

    • Copies of all routes received from that peer are stored separately from the regular BGP table.

    • After configuring the policy change, It is possible to apply the new policy to the stored copies of the BGP information without having to reset the session.

      router bgp 100

      network 10.1.0.0/16

      neighbor 192.168.8.140 remote-as 200

      neighbor 192.168.8.140 soft-reconfiguration inbound

    • clear ip bgp 192.168.8.140 soft [in | out]

    APRICOT 2006 - Perth Western Australia


    Bgp scaling techniques92 l.jpg

    BGP Scaling Techniques

    • Route Refresh and Soft Reconfiguration

    • Peer Groups

    APRICOT 2006 - Perth Western Australia


    Bgp peer groups l.jpg

    BGP Peer Groups

    • Some routers have long list of neighbors. It’s is then common to have several setting that are same for each neighbors.

    • Makes configuration easier

    • Makes configuration less prone to error

    • Makes configuration more readable

    • neighbor word peer-group

      • This command defines a new peer group.

    • neighbor peer peer-group word

      • This command bind specific peer to peer group word.

    APRICOT 2006 - Perth Western Australia


    Configuration example without peer groups l.jpg

    Configuration example (Without peer groups)

    router bgp 100

    network 10.1.0.0/16

    neighbor 192.168.8.140 remote-as 200

    neighbor 192.168.8.140 prefix-list PEER-IN in

    neighbor 192.168.8.140 prefix-list PEER-OUT out

    neighbor 192.168.8.140 filter-list 6 in

    neighbor 192.168.8.140 filter-list 5 out

    neighbor 192.168.8.150 remote-as 150

    neighbor 192.168.8.150 prefix-list PEER-IN in

    neighbor 192.168.8.150 prefix-list PEER-OUT out

    neighbor 192.168.8.150 filter-list 6 in

    neighbor 192.168.8.150 filter-list 5 out

    ip prefix-list PEER-IN deny 172.16.2.0/24

    ip prefix-list PEER-IN permit 0.0.0.0/0 le 32

    ip prefix-list PEER-OUT permit 10.1.0.0/16

    ip as-path access-list 5 permit ^100$

    ip as-path access-list 6 permit ^200$

    APRICOT 2006 - Perth Western Australia


    Configuration example with peer groups l.jpg

    Configuration example(With peer groups)

    router bgp 100

    network 10.1.0.0/16

    neighbor ebgp peer-group

    neighbor ebgp filter-list 6 in

    neighbor ebgp filter-list 5 out

    neighbor ebgp prefix-list PEER-IN in

    neighbor ebgp prefix-list PEER-OUT out

    neighbor 192.168.8.140 remote-as 200

    neighbor 192.168.8.140 peer-group ebgp

    neighbor 192.168.8.150 remote-as 150

    neighbor 192.168.8.150 peer-group ebgp

    APRICOT 2006 - Perth Western Australia


    Bgp scaling techniques96 l.jpg

    BGP Scaling Techniques

    • Route Refresh and Soft Reconfiguration

    • Peer Groups

    APRICOT 2006 - Perth Western Australia


    Display bgp routes l.jpg

    Display BGP Routes

    • show ip bgp regexp line

      • This commands display BGP routes that matches AS path regular expression line.

      • show ip bgp regexp _100_

    • show ip bgp summary

    • show ip bgp

    • show ip bgp A.B.C.D

    • show ip route bgp

    • show ip bgp neighbors <peerIPAddr> advertised-routes

    • show ip bgp neighbors <peerIPAddr> routes

    APRICOT 2006 - Perth Western Australia


    Route server l.jpg

    Route Server

    • At an Internet Exchange point, many ISPs are connected to each other by external BGP peering. Normally these external BGP connection are done by full mesh method. As with internal BGP full mesh formation, this method has a scaling problem.

    • Route Server is a method to resolve the problem.

    • Each ISP’s BGP router only peers to Route Server.

    • Route Server serves as BGP information exchange to other BGP routers.

    APRICOT 2006 - Perth Western Australia


    Slide99 l.jpg

    • several routing tables for managing different routing policies for each BGP speaker (Different views)

    • bgpd can work as normal BGP router or Route Server or both at the same time.

    APRICOT 2006 - Perth Western Australia


    Multiple instance l.jpg

    Multiple instance

    • To enable multiple view function of bgpd, you must turn on multiple instance feature beforehand.

    • bgp multiple-instance

    • no bgp multiple-instance

    • bgp config-type zebra

      • Zebra style BGP configuration. This is default.

    • bgp config-type cisco

      • Cisco compatible BGP configuration output.

      • When bgp config-type cisco is specified,

        “no synchronization” is displayed. “no auto-summary” is desplayed.

        “network” and “aggregate-address” argument is displayed as “A.B.C.D M.M.M.M”

        Zebra: network 10.0.0.0/8 Cisco: network 10.0.0.0

        Zebra: aggregate-address 192.168.0.0/24 Cisco: aggregate-address 192.168.0.0 255.255.255.0

    APRICOT 2006 - Perth Western Australia


    Slide101 l.jpg

    • In case of “bgp config-type cisco” is specified, community attribute is not sent to the neighbor by default. To send community attribute user has to specify “neighbor A.B.C.D send-community” command.

    • router bgp 1

      • neighbor 10.0.0.1 remote-as 1

      • neighbor 10.0.0.1 send-community

    APRICOT 2006 - Perth Western Australia


    Example102 l.jpg

    Example

    • RouterA#configure terminal

    • RouterA(config)# bgp multiple-instance

    • RouterA(config)#bgp config-type cisco

    • RouterA(config)#Ctrl Z

    • RouterA#

    APRICOT 2006 - Perth Western Australia


    Bgp views l.jpg

    BGP Views

    • BGP view is almost same as normal BGP process. The result of route selection does not go to the kernel routing table. BGP view is only for exchanging BGP routing information.

    • router bgp as-number view name

      bgp multiple-instance

      !

      router bgp 1 view 1

      neighbor 10.0.0.1 remote-as 2

      neighbor 10.0.0.2 remote-as 3

      !

      router bgp 2 view 2

      neighbor 10.0.0.3 remote-as 4

      neighbor 10.0.0.4 remote-as 5

    APRICOT 2006 - Perth Western Australia


    Bgp instance and view l.jpg

    BGP instance and view

    • You can setup different AS at the same time when BGP multiple instance feature is enabled.

    • router bgp as-number

      • Make a new BGP instance. You can use arbitrary word for the name.

        bgp multiple-instance

        !

        router bgp 1

        neighbor 10.0.0.1 remote-as 2

        neighbor 10.0.0.2 remote-as 3

        !

        router bgp 2

        neighbor 10.0.0.3 remote-as 4

        neighbor 10.0.0.4 remote-as 5

    • The result of route selection goes to the kernel routing table.

    APRICOT 2006 - Perth Western Australia


    Routing policy l.jpg

    Routing policy

    • You can set different routing policy for a peer. For example, you can set different filter for a peer.

      bgp multiple-instance

      !

      router bgp 1 view 1

      neighbor 10.0.0.1 remote-as 2

      neighbor 10.0.0.1 distribute-list 1 in

      !

      router bgp 1 view 2

      neighbor 10.0.0.1 remote-as 2

      neighbor 10.0.0.1 distribute-list 2 in

      access-list 1 permit 192.168.1.0 0.0.0.255

      access-list 2 permit 192.168.2.0 0.0.0.255

    • This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and view 2. When the update is inserted into view 1, distribute-list 1 is applied. On the other hand, when the update is inserted into view 2, distribute-list 2 is applied.

    APRICOT 2006 - Perth Western Australia


    Viewing the views l.jpg

    Viewing the views

    • show ip bgp view name

      • Display routing table of BGP view name.

    APRICOT 2006 - Perth Western Australia


    Filtering l.jpg

    Filtering


    Tools l.jpg

    Tools

    • IP Access List

    • IP Prefix List

    • Route Map

    APRICOT 2006 - Perth Western Australia


    Ip access list l.jpg

    IP Access List

    • access-list name permit ipv4-network

    • access-list name deny ipv4-network

    • Basic filtering is done by access-list as shown in the following example.

      access-list filter deny 10.0.0.0/9

      access-list filter permit 10.0.0.0/8

      access-list 100 permit ip any 192.168.1.0 0.0.0.255

      access-list 90 permit 192.168.1.0 0.0.0.255

    • Example vty access restrict, route-map match statement, distribute-list

    APRICOT 2006 - Perth Western Australia


    Zebra quagga routing suite110 l.jpg

    Zebra/Quagga Routing Suite

    Thank you


    Zebra quagga routing suite111 l.jpg

    Zebra/Quagga Routing Suite

    Anura Abayaratne

    MTT Network - Sri Lanka

    anuraa@iee.org

    APRICOT 2006

    22nd Feb – 3rd Mar 2006

    Perth Western Australia


  • Login