Zebra/Quagga Routing Suite Zebra/Quagga Routing Suite Anura Abayaratne MTT Network - Sri Lanka...

Zebra/Zebra/QuaggaQuagga Routing Suite Routing Suite

Anura AbayaratneAnura AbayaratneMTT Network - Sri LankaMTT Network - Sri Lanka

[email protected]@iee.org

APRICOT 2006APRICOT 2006

2222ndnd Feb – 3 Feb – 3rdrd Mar 2006 Mar 2006

Perth Western AustraliaPerth Western Australia

APRICOT 2006 - Perth Western AustraliaAPRICOT 2006 - Perth Western Australia 22

AgendaAgenda

OverviewOverview InstallationInstallation Basic commandsBasic commands Setting up BGPSetting up BGP FilteringFiltering


What is a routing daemon?What is a routing daemon?

Software running on serverSoftware running on server It maintains Routing InformationIt maintains Routing Information

Server

+ Daemon

Router


Routing daemonsRouting daemons

– – Low-cost solution Low-cost solution

– – Expertise required for set-upExpertise required for set-up

– – Lack of supportLack of support Commercial routersCommercial routers – – Pricy Pricy

– – Better performanceBetter performance

– – Fully supportedFully supported

Routing daemonsRouting daemons

– – Low-cost solution Low-cost solution

– – Expertise required for set-upExpertise required for set-up

– – Lack of supportLack of support Commercial routersCommercial routers – – Pricy Pricy

– – Better performanceBetter performance

– – Fully supportedFully supported

Daemons vs. commercial RoutersDaemons vs. commercial Routers


• Zebra Zebra http://www.zebra.orghttp://www.zebra.org

• Quagga Quagga http://www.quagga.nethttp://www.quagga.net

First daemonFirst daemon Wide support: RIP,OSPF,BGPWide support: RIP,OSPF,BGP Certain VulnerabilitiesCertain Vulnerabilities

Based on ZebraBased on Zebra Wide support: Wide support:

RIP,OSPF,BGP,ISISRIP,OSPF,BGP,ISIS Development librariesDevelopment libraries

Routing DaemonsRouting Daemons

OverviewOverview


OverviewOverview Distributed under the GNU General Public License Zebra is a routing software package that provides

TCP/IP based routing services with routing protocols support such as RIPv1, RIPv2, RIPng, OSPFv2, OSPFv3, BGP-4, and BGP-4+

Support BGP Route Reflectors and Route server behavior

IPv6 Routing protocols Zebra has interactive user interface for each

routing protocol and supports common client commands.


About ZebraAbout Zebra Act as a dedicated serverAct as a dedicated server Exchange routing information with other routers using routing Exchange routing information with other routers using routing

protocolsprotocols Uses these information to update kernel routing table so that right Uses these information to update kernel routing table so that right

data goes to the right place.data goes to the right place. Can dynamically change the configuration and you may view Can dynamically change the configuration and you may view

routing table from Zebra terminal interfacerouting table from Zebra terminal interface If the network is small, Configuring Zebra is very easy : setup If the network is small, Configuring Zebra is very easy : setup

interfaces, Add static routes and/or default routesinterfaces, Add static routes and/or default routes If the network is rather large or structure change frequently, you If the network is rather large or structure change frequently, you

may need to setup Zebra dynamic routing protocol : RIP,OSPF or may need to setup Zebra dynamic routing protocol : RIP,OSPF or BGP.BGP.

Support unicast routing protocols.Support unicast routing protocols. Zebra has different system administration mode : Normal mode Zebra has different system administration mode : Normal mode

and Enable modeand Enable mode Unix account independent feature will be great help to the router Unix account independent feature will be great help to the router

administrator.administrator.


System Architecture DiagramSystem Architecture Diagram

bgpdospfd ripd

zebra

Unix Kernel Routing Table


How Zebra/Quagga worksHow Zebra/Quagga works Collection of several daemons that work together Collection of several daemons that work together

to build the routing table. (protocol specific to build the routing table. (protocol specific routing daemons: routing daemons: ripd,ospfd,bgpdripd,ospfd,bgpd + kernel + kernel routing manager: routing manager: zebradzebrad))

Zebra daemon is an IP routing manager. It provides kernel routing table updates, interface lookups, and redistribution of routes between different routing protocols.

Each daemon has its own configuration file– For example, Static route – in zebrad configuration file– BGP – in bgpd configuration file


Supported PlatformSupported Platform

Linux 2.2.x and higher FreeBSD 4.x and higher NetBSD 1.6 and higher OpenBSD 2.5 and higher Solaris 2.6 and higher


How to get Zebra/QuaggaHow to get Zebra/Quagga

http://www.zebra.org/http://www.zebra.org/ http://www.quagga.net/http://www.quagga.net/

InstallationInstallation


StepsSteps

There are three steps for installing There are three steps for installing the software :Configuration, the software :Configuration, Compilation, InstallationCompilation, Installation

First unzip/extract the softwareFirst unzip/extract the softwaregzip –d zebra-0.95a.tar.gzgzip –d zebra-0.95a.tar.gztar –xvf zebra-0.95a.tartar –xvf zebra-0.95a.tarcd zebra-0.95acd zebra-0.95a


Configure the softwareConfigure the software

Zebra can detect the most host Zebra can detect the most host configuration automatically. There configuration automatically. There are additional configuration optionsare additional configuration options

%./configure --help%./configure --help– eg. eg.

%./configure %./configure %./configure –-prefix=/home/zebra%./configure –-prefix=/home/zebra %./configure –disable-ripd%./configure –disable-ripd


Build the SoftwareBuild the Software After configuring the software, you After configuring the software, you

will need to compile it for your will need to compile it for your systemsystem

Issue the command Issue the command makemake in the root in the root of the source directory.of the source directory.

%make%make


Install the SoftwareInstall the Software

copying the compiled programs and supporting files to a standard location.

issue the following command at your shell prompt: make install.

%make install default working directory: default working directory:

/usr/local/bin and /usr/local/etc/usr/local/bin and /usr/local/etc


Install the Software Contd…Install the Software Contd… Zebra daemons have their own terminal interface

or VTY. After installation, you have to setup each beast’s port number to connect to them. Please add the following entries to‘/etc/services’.

zebrasrv 2600/tcp # zebra servicezebra 2601/tcp # zebra vtyripd 2602/tcp # RIPd vtyripngd 2603/tcp # RIPngd vtyospfd 2604/tcp # OSPFd vtybgpd 2605/tcp # BGPd vtyospf6d 2606/tcp # OSPF6d vty

Additionally for Quaggaospfapi 2607/tcp # ospfapiisisd 2608/tcp # ISISd vty


Access the RouterAccess the Router Telnet to the port

– telnet <ipaddress> 2601ports on zebra

2601 # zebra vty2602p # RIPd vty2603 # RIPngd vty2604 # OSPFd vty2605 # BGPd vty2606 # OSPF6d vty

Additionally quagga support:2607 # ospfapi2608 # ISISd vty

Use VTY shellUse VTY shell– To use vtysh, specify —enable-vtysh to configure script.– Username stored in vtysh.conf file.

username testuser nopassword

Basic Commands Basic Commands


Config CommandsConfig Commands

Command common to all routing protocolCommand common to all routing protocol

Config command are generally found in Config command are generally found in /usr/local/etc/*.conf or path specified in -–/usr/local/etc/*.conf or path specified in -–prefix option prefix option (eg. /home/zebra/etc/*.conf)(eg. /home/zebra/etc/*.conf)

The daemon name + `.conf` is the default config The daemon name + `.conf` is the default config file name file name (eg. /home/zebra/etc/zebra.conf)(eg. /home/zebra/etc/zebra.conf)

Config file can be specified using Config file can be specified using –f–f or – or –config_fileconfig_file options when stating the daemon options when stating the daemon (eg. (eg. /home/zebra/sbin/zebra –d –f /home/zebra/etc/zebratest.conf)/home/zebra/sbin/zebra –d –f /home/zebra/etc/zebratest.conf)


Basic Config CommandsBasic Config Commands

hostname hostname - Set hostname of the router.

password password - Set password for vty interface. If there is no password, a vty won’t accept connections.

enable password password -Set enable password.

log stdout - Set logging output to stdout. no log stdout -


Basic Config Commands….Basic Config Commands….

log file filename - If you want to log into a file please specify filename as follows.

(eg. log file /usr/local/etc/bgpd.log log syslog - Set logging output to

syslog. no log syslog


Basic Config Commands…Basic Config Commands…

write terminal - Displays the current configuration to the vty interface.

show running-config write file - Write current

configuration to configuration file. copy running-config startup-config configure terminal -Change to

configuration mode. This command is the first step to configuration.


Basic Config Commands…Basic Config Commands… who, list – List commandwho, list – List command service password-encryption – Encrypt

password show version - Show the current version of

the Zebra and its build host information. line vty - Enter vty configuration mode. banner motd default - Set default motd

string. no banner motd - No motd banner string

will be printed.


Basic Config Commands…Basic Config Commands… exec-timeout minute exec-timeout minute secondSet VTY connection timeout value. When

only one argument is specified it is usedfor timeout value in minutes. Optional

second argument is used for timeout value in seconds. Default timeout value is 10 minutes. When timeout value is zero, it means no timeout.

no exec-timeout - Do not perform timeout at all. This command is as same as exec-timeout 0 0.


Basic Config Commands…Basic Config Commands…

access-class access-list - Restrict vty connections with an access list.

Example:access-list log-in permit 192.168.1.0/24

line vty access-class log-in


Sample Config FileSample Config File

for the zebra daemon.hostname Routerhostname Routerpassword zebrapassword zebraenable password zebraenable password zebra!!interface lointerface lo!!interface eth0interface eth0 ip address 172.16.1.2/24ip address 172.16.1.2/24!!line vtyline vty


Sample Config FileSample Config File ’ !’ and ’#’ are comment characters. If the first

character of the word is one of thecomment characters then from the rest of the line forward will be ignored as a comment.

password zebra!password If a comment character is not the first character

of the word, it’s a normal character. So in the above example ’ !’ will not be regarded as a comment and the password is set to

’zebra!password’.


Common Invocation Options

Usage : zebra [OPTION...]Usage : zebra [OPTION...]

Daemon which manages kernel routing table management and Daemon which manages kernel routing table management and redistribution between different routing protocols.redistribution between different routing protocols.

-b, --batch Runs in batch mode-b, --batch Runs in batch mode -d, --daemon Runs in daemon mode-d, --daemon Runs in daemon mode -f, --config_file Set configuration file name-f, --config_file Set configuration file name -i, --pid_file Set process identifier file name-i, --pid_file Set process identifier file name -k, --keep_kernel Don't delete old routes which installed by zebra.-k, --keep_kernel Don't delete old routes which installed by zebra. -l, --log_mode Set verbose log mode flag-l, --log_mode Set verbose log mode flag -A, --vty_addr Set vty's bind address-A, --vty_addr Set vty's bind address -P, --vty_port Set vty's port number-P, --vty_port Set vty's port number -r, --retain When program terminates, retain added route by zebra.-r, --retain When program terminates, retain added route by zebra. -v, --version Print program version-v, --version Print program version -h, --help Display this help and exit-h, --help Display this help and exit

Example: /home/zebra/sbin/zebra -dExample: /home/zebra/sbin/zebra -d


Virtual Terminal InterfacesVirtual Terminal Interfaces

VTY – Virtual Terminal Interface is a command line interface (CLI) for user interaction with the routing daemon.

To enable a VTY interface, you have to setup a VTY password. If there is no VTY password, one cannot connect to the VTY interface at all.


VTY OverviewVTY Overview % telnet 192.168.8.9 2601

Hello, this is zebra (version 0.95a).Copyright 1996-2004 Kunihiro Ishiguro.

User Access VerificationPassword:Router> enablePassword: XXXXXRouter# configure terminalRouter(config)#password zzzzzzzRouter(config)# enable password yyyyyyyRouter(config)# interface eth0Router(config-if)# ip address 10.1.0.1/24Router(config-if)# exitRouter(config)#access-list log-in permit 192.168.1.0/24Router(config)#line vtyRouter(config-line)# access-class log-inRouter(config-line)# endRouter#disableRouter>


VTY ModesVTY Modes

Three VTY modesThree VTY modes VTY View Mode : Read-Only access to VTY View Mode : Read-Only access to

the CLIthe CLI VTY Enable mode : Read-write access VTY Enable mode : Read-write access

to the CLIto the CLI VTY Other modesVTY Other modes

Zebra DaemonZebra Daemon


Interface CommandsInterface Commands

interface interface ifnameifname shutdown , no shutdown – up or down the shutdown , no shutdown – up or down the

current interfacecurrent interface ip address ip address address (e.g. 10.0.0.1/8)address (e.g. 10.0.0.1/8) description description descriptiondescription …… …… multicast , no multicast - Enable or multicast , no multicast - Enable or

disable multicast flag for the interfacedisable multicast flag for the interface bandwidth <1-10000000> bandwidth <1-10000000> Bandwidth in kilobitsBandwidth in kilobits

no bandwidth <1-10000000>no bandwidth <1-10000000>


ExampleExample

Router> enablePassword: XXXXX

Router# configure terminalRouter# configure terminal

Router(config)# interface eth0Router(config)# interface eth0

Router(config-if)# ip address 10.0.1.2/24Router(config-if)# ip address 10.0.1.2/24

Router(config-if)# no ip address 10.0.2.2/24Router(config-if)# no ip address 10.0.2.2/24

Router(config-if)#endRouter(config-if)#end

Router#exitRouter#exit


Static Route Commands

It defines static prefix and gateway. ip route network gateway ip route network netmask gatewayip route 10.0.0.0/8 10.0.0.2ip route 10.0.0.0/8 ppp0ip route 10.0.0.0 255.255.255.0 10.0.0.2 ip route network gateway distanceip route 10.0.0.0 255.255.255.0 10.0.0.3 50


Static Route C…… Router# show ip routeRouter# show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - Codes: K - kernel route, C - connected, S - static, R - RIP, O -

OSPF,OSPF, B - BGP, > - selected route, * - FIB routeB - BGP, > - selected route, * - FIB route

K>* 0.0.0.0/0 via 192.168.8.1, eth0K>* 0.0.0.0/0 via 192.168.8.1, eth0 S 10.0.0.0/24 [1/0] via 10.0.0.3 inactiveS 10.0.0.0/24 [1/0] via 10.0.0.3 inactive S>* 10.1.0.0/24 [100/0] via 192.168.8.3, eth0S>* 10.1.0.0/24 [100/0] via 192.168.8.3, eth0 S>* 10.2.3.0/24 [10/0] via 192.168.8.1, eth0S>* 10.2.3.0/24 [10/0] via 192.168.8.1, eth0 K * 127.0.0.0/8 is directly connected, loK * 127.0.0.0/8 is directly connected, lo C>* 127.0.0.0/8 is directly connected, loC>* 127.0.0.0/8 is directly connected, lo K * 192.168.8.0/24 is directly connected, eth0K * 192.168.8.0/24 is directly connected, eth0 C>* 192.168.8.0/24 is directly connected, eth0C>* 192.168.8.0/24 is directly connected, eth0


Zebra Terminal Mode Commands

show interfaceshow interface show ip forward - show ip forward - Display whether the

host’s IP forwarding function is enabled or not. Almost any UNIX kernel can be configured with IP forwarding disabled. If so, the box can’t work as a router.

cat /proc/sys/net/ipv4/ip_forwardcat /proc/sys/net/ipv4/ip_forward To enable ip forward on Linux boxTo enable ip forward on Linux box

sysctl -w net.ipv4.ip_forward=1sysctl -w net.ipv4.ip_forward=1

BGPBGP

Border Gateway ProtocolBorder Gateway Protocol


Introduction to BGPIntroduction to BGP

Routing Protocol used to exchange routing information between networks - Exterior gateway protocol Exterior gateway protocol

Path Vector Protocol Incremental Updates Many options for policy enforcement Classless Inter Domain Routing (CIDR) Widely used for Internet backbone BGP used internally (iBGP) and externally

(eBGP)


Autonomous SystemAutonomous System

AS100

It is used to uniquely identify networks with common routing policy

Usually under single ownership, trust and administrative control

AS100


Autonomous System Number AS number is an identification of

autonomous system. BGP protocol uses the AS number for

detecting whether the BGP connection is internal one or external one.

An ASN is a 16 bit number Public AS numbers 1 - 64511 Private AS numbers 64512 – 65535 0 and 65535 are reserved ASNs are distributed by the Regional

Internet Registries


Starting BGPStarting BGP

Default configuration file of bgpd is ‘bgpd.conf’. (eg. /home/zebra/etc/bgpd.conf)

/home/zebra/sbin/bgpd -d/home/zebra/sbin/bgpd -d


Configuring the routerConfiguring the router

Enable BGPEnable BGP Add the address to be announcedAdd the address to be announced Add the address and AS numbers of Add the address and AS numbers of

neighboring routers (peers)neighboring routers (peers) Apply policy with BGPApply policy with BGP

– Allow only the routes that originate here Allow only the routes that originate here to be announced to the neighboring ASto be announced to the neighboring AS

– Announced routesAnnounced routes– Receiving routesReceiving routes


BGP RouterBGP Router Configure BGP router with router bgp command.

To configure BGP router, you need AS number. router bgp asn

Enable a BGP protocol process with the specified asn. After this statement you can input any BGP Commands. You can not create different BGP process under different asn without specifying multiple-instance

no router bgp asn Destroy a BGP protocol process with the specified

asn.


Configuration exampleConfiguration example

% % telnet 192.168.8.139 2605telnet 192.168.8.139 2605Connected to 192.168.1.139Escape character is ’^]’.Hello, this is zebra (version 0.95a)User Access VerificationPassword: XXXXXRouterA> RouterA> enableRouterA#configure terminalRouterA(config)#router bgp 100RouterA(config-router)#RouterA(config-router)#exitRouterA#exit

AS100 AS200

bgpdbgpdA B


bgp router-id A.B.C.DThis command specifies the router-ID. If bgpd

connects to zebra it gets interface and address information. In that case default router ID value is selected as the largest IP Address of the interfaces. When router zebra is not enabled bgpd can’t get interface information so router-id is set to 0.0.0.0. So set router-id by hand.

RouterA#configure terminalRouterA(config)#router bgp 100RouterA(config-router)#bgp router-id 172.16.1.1








Inserting prefixes into BGP

To add address prefix to be announced Two ways :

– redistributing internal routing protocol– network command

network A.B.C.D/M

router bgp 100 network 10.1.0.0/16 no network 172.16.0.0/16


AS100 AS200


RouterA#configure terminalRouterA(config)#router bgp 100RouterA(config-router)# network 10.1.0.0/16RouterA(config-router)#endRouterA#exit

bgpdbgpdA B


Redistribute to BGP

redistribute kernel– Redistribute kernel route to BGP process.

redistribute static– Redistribute static route to BGP process.

redistribute connected– Redistribute connected route to BGP process.

redistribute rip– Redistribute RIP route to BGP process.

redistribute ospf– Redistribute OSPF route to BGP process.



router bgp 100

network 10.1.0.0/16

redistribute static redistribute connected

neighbor 192.168.8.140 remote-as 200








BGP Peers

neighbor peer remote-as asn– Creates a new neighbor whose remote-

as is asn. peer can be an IP address

router bgp 1neighbor 10.0.0.1 remote-as 2



RouterA#configure terminalRouterA(config)#router bgp 100RouterA(config-router)#neighbor 192.168.8.140 remote-as 200RouterA(config-router)# network 10.1.0.0/16RouterA(config-router)#endDisplay commands- A>show ip bgp summaryB>show ip bgpB>Show ip route bgpA>show ip bgp neighbors <peerIPAddress> advertised-routesB>show ip bgp neighbors <peerIPAddress> routes

AS100 AS200

bgpdbgpdA B


Configuration example ……Configuration example ……RouterA#show ip bgp summary

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd192.168.8.140 4 200 99 113 0 0 0 00:03:30 1Total number of neighbors 1

RouterB# show ip bgp neighbors 192.168.8.139 routes

BGP table version is 0, local router ID is 172.16.1.2Status codes: s suppressed, d damped, h history, * valid, > best, i -

internal,r RIB-failure, S Stale, R RemovedOrigin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path*> 10.1.0.0/16 192.168.8.139 0 0 100 i

Total number of prefixes 1


BGP Peer commands

neighbor peer shutdown no neighbor peer shutdownShutdown the peer. We can delete the

neighbor’s configuration by no neighbor peer remote-as as-number but all configuration of the neighbor will be deleted. When you want to preserve the configuration, but want to drop the BGP peer, use this syntax.


BGP Peer commands….

neighbor peer ebgp-multihop num no neighbor peer ebgp-multihop num

– Peer not directly connected neighbor peer description ... no neighbor peer description ...

– Set description of the peer. neighbor peer version version

– Set up the neighbor’s BGP version. version can be 4, 4+ or 4-. BGP version 4 is the default value used for BGP peering.



RouterA#configure terminalRouterA(config)#router bgp 100RouterA(config-router)#neighbor 192.168.8.140 remote-as 200RouterA(config-router)#neighbor 192.168.8.140 description eBGP to RouterBRouterA(config-router)#neighbor 192.168.8.140 version 4RouterA(config-router)#neighbor 192.168.8.140 shutdownRouterA(config-router)# network 10.1.0.0/16

AS100 AS200

bgpdbgpdA B



neighbor peer next-hop-self– This command specifies an announced route’s

nexthop as being equivalent to the address of the bgp router. In eBGP, changing the next-hop is handled automatically. But not in iBGP

no neighbor peer next-hop-self neighbor peer update-source interface no neighbor peer update-source neighbor peer default-originate

– announce default routes to the peer no neighbor peer default-originate



neighbor peer send-community neighbor peer weight weight

– specifies a default weight value for the neighbor’s routes. Local to the router

– Higher weight wins



RouterA#router bgp 100 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 update-source ehternet0 neighbor 192.168.8.140 default-originate neighbor 192.168.8.140 send-community neighbor 192.168.8.140 weight 50

To apply changes : clear ip bgp 192.168.8.140 out

RouterB#show ip route bgpRouterB#show ip routeRouterB#show ip bgp

AS100 AS200

bgpdbgpdA B


Configuration example ……Configuration example ……

RouterB# show ip bgpRouterB# show ip bgp Network Next Hop Metric LocPrf Weight PathNetwork Next Hop Metric LocPrf Weight Path

*> *> 0.0.0.0 192.168.8.139 0 0 100 i0.0.0.0 192.168.8.139 0 0 100 i

*> 10.1.0.0/16 192.168.8.139 0 0 100 i*> 10.1.0.0/16 192.168.8.139 0 0 100 i








Policy ControlPolicy Control

Policy based on AS path, community and Policy based on AS path, community and prefixesprefixes

Rejecting, accepting selected routesRejecting, accepting selected routes Set attribute to influence path selectionSet attribute to influence path selection

Zebra provides many very flexible filtering features. Filtering is used for both input and output of the routing information. Once filtering is defined, it can be applied in any direction.


Tools for policy controlTools for policy control

Prefix-list (Filter prefixes) Filter-list (Filter ASes) Route-map and communities

neighbor peer distribute-list name [in|out]– This command specifies a distribute-list for the

peer. direct is ‘in’ or ‘out’. neighbor peer prefix-list name [in|out] neighbor peer filter-list name [in|out] neighbor peer route-map name [in|out]


Prefix ListPrefix List

ip prefix-list provides the most powerful prefix based filtering mechanism.

add or delete prefix based filters to arbitrary points of prefix-list using sequential number specification.

If no ip prefix-list is specified, it acts as permit. If ip prefix-list is defined, and no match is found, default deny is applied.


Prefix List commandPrefix List command ip prefix-list name (permit|deny) prefix [le len]

[ge len] ip prefix-list name seq-number (permit|deny)

prefix [le len] [ge len] ip prefix-list name description desc no ip prefix-list name no ip prefix-list name description [desc]

show ip prefix-list– Display all IP prefix lists.

show ip prefix-list name– Show IP prefix list can be used with a prefix list name.

show ip prefix-list name seq num


Configuration exampleConfiguration exampleRouterArouter bgp 100 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 prefix-list PEER-IN in neighbor 192.168.8.140 prefix-list PEER-OUT out

ip prefix-list PEER-IN deny 172.16.2.0/24ip prefix-list PEER-IN permit 0.0.0.0/0 le 32ip prefix-list PEER-OUT permit 10.1.0.0/16

To apply changes :clear ip bgp 192.168.8.140 inclear ip bgp 192.168.8.140 outA>show ip bgp summaryB>show ip bgpB>Show ip route bgpA>show ip bgp neighbors <peerIPAddress> advertised-routesB>show ip bgp neighbors <peerIPAddress> routes


Filter ListFilter List

Filter routes based on AS path Both direction – in/outBoth direction – in/out



router bgp 100 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 filter-list 6 in neighbor 192.168.8.140 filter-list 5 out

ip as-path access-list 5 permit ^100$ip as-path access-list 6 permit ^200$

To apply the changesclear ip bgp 192.168.8.140 inclear ip bgp 192.168.8.140 out

A>show ip bgp summaryB>show ip bgpB>Show ip route bgpA>show ip bgp neighbors <peerIPAddress> advertised-routesB>show ip bgp neighbors <peerIPAddress> routes


Regular Expressions

AS path regular expression can be used for displaying BGP routes and AS path access list.

. Matches any single character.* Matches 0 or more occurrences of pattern.+ Matches 1 or more occurrences of pattern.? Match 0 or 1 occurrences of pattern.^ Matches the beginning of the line.$ Matches the end of the line._ Character _ has special meanings in AS path regular expression.

It matches to space and comma , and AS set delimiter { and } and AS confederation delimiter ( and ). And it also matches to the beginning of the line and the end of the

line. So _ can be used for AS value boundaries match. show ip bgp regexp _7675_ matches to all of BGP routes which

as AS number include 7675.


ExamplesExamples

.* match anything

.+ match at least one character^$ match routes local to this AS_100$ originated by AS100^100_ received from AS100_100_ via AS100_200_100_ via AS100 and AS200_(100_)+ multiple AS100 in sequence(used to match AS-PATH prepends)_$65530$_ via AS65530 (confederations)


AS Path Access List

AS path access list is user defined AS path.

ip as-path access-list word {permit|deny} line– This command defines a new AS path

access list. no ip as-path access-list word no ip as-path access-list word

{permit|deny} line


ExampleExample

ip as-path access-list 1 permit _100$ ip as-path access-list 2 permit _200_


Route Maps

Route map is a very useful function in zebra. There is a match and set statement permitted in a route map.

conceptsif match then do expression and exitelseif match then do expression and exitelse etc


Example - Route Map & prefix-listsExample - Route Map & prefix-lists

router bgp 100 bgp router-id 172.16.1.1 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 route-map filter-in in

route-map filter-in permit 10 match ip address prefix-list list-1 set local-preference 120

route-map filter-in permit 20 match ip address prefix-list list-2 set local-preference 80

route-map filter-in permit 30

ip prefix-list list-1 permit 10.2.0.0/16ip prefix-list list-2 permit 10.3.0.0/16

To apply the changesclear ip bgp 192.168.8.140 in


Example - Route Map & prefix-lists. Example - Route Map & prefix-lists. Before applying policiesBefore applying policiesRouterA# show ip bgp 10.2.0.0RouterA# show ip bgp 10.2.0.0BGP routing table entry for 10.2.0.0/16BGP routing table entry for 10.2.0.0/16Paths: (1 available, best #1, table Default-IP-Routing-Table)Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peerNot advertised to any peer 200200 192.168.8.140 from 192.168.8.140 (172.16.1.2)192.168.8.140 from 192.168.8.140 (172.16.1.2) Origin IGP, metric 0, Origin IGP, metric 0, localpref 100localpref 100, valid, external, best, valid, external, best Last update: Mon Jan 30 12:40:11 2006Last update: Mon Jan 30 12:40:11 2006

After applying policiesAfter applying policiesRouterA# show ip bgp 10.2.0.0RouterA# show ip bgp 10.2.0.0BGP routing table entry for 10.2.0.0/16BGP routing table entry for 10.2.0.0/16Paths: (1 available, best #1, table Default-IP-Routing-Table)Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peerNot advertised to any peer 200200 192.168.8.140 from 192.168.8.140 (172.16.1.2)192.168.8.140 from 192.168.8.140 (172.16.1.2) Origin IGP, metric 0, Origin IGP, metric 0, localpref 120localpref 120, valid, external, best, valid, external, best Last update: Mon Jan 30 12:48:11 2006Last update: Mon Jan 30 12:48:11 2006


Example - Route Map & prefix-lists.Example - Route Map & prefix-lists. Before applying policiesBefore applying policiesRouterA# show ip bgp 10.3.0.0 RouterA# show ip bgp 10.3.0.0 BGP routing table entry for 10.3.0.0/16BGP routing table entry for 10.3.0.0/16Paths: (1 available, best #1, table Default-IP-Routing-Table)Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peerNot advertised to any peer200200 192.168.8.140 from 192.168.8.140 (172.16.1.1)192.168.8.140 from 192.168.8.140 (172.16.1.1) Origin IGP, metric 0, Origin IGP, metric 0, localpref 100localpref 100, valid, external, best, valid, external, best Last update: Mon Jan 30 12:41:41 2006Last update: Mon Jan 30 12:41:41 2006

After applying policiesAfter applying policiesRouterA# sh ip bgp 10.3.0.0RouterA# sh ip bgp 10.3.0.0BGP routing table entry for 10.3.0.0/16BGP routing table entry for 10.3.0.0/16Paths: (1 available, best #1, table Default-IP-Routing-Table)Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peerNot advertised to any peer 200200 192.168.8.140 from 192.168.8.140 (172.16.1.1)192.168.8.140 from 192.168.8.140 (172.16.1.1) Origin IGP, metric 0, Origin IGP, metric 0, localpref 80localpref 80, valid, external, best, valid, external, best Last update: Mon Jan 30 12:52:11 2006Last update: Mon Jan 30 12:52:11 2006


Example - Route Map & Filter lists

router bgp 100 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 route-map filter-as-path in

route-map filter-as-path permit 10match as-path 1set local-preference 90

route-map filter-as-path permit 20match as-path 2set local-preference 150

route-map filter-as-path permit 30

ip as-path access-list 1 permit _200$ip as-path access-list 2 permit _300_

To apply the changesclear ip bgp 192.168.8.140 in


Example - Route-map & Example - Route-map & AS-PATH prepend

RouterArouter bgp 100network 10.1.0.0/16neighbor 192.168.8.140 remote-as 200neighbor 192.168.8.140 route-map set-as-path out!route-map set-as-path permit 10 match ip address prefix-list list-3 set as-path prepend 100 100

route-map set-as-path permit 20

ip prefix-list list-3 permit 10.1.0.0/16

Use own AS number when prependingTo apply the changesclear ip bgp 192.168.8.140 out


Example - Route-map & Example - Route-map & AS-PATH prepend …..

RouterB# show ip bgp 10.1.0.0RouterB# show ip bgp 10.1.0.0BGP routing table entry for 10.1.0.0/16BGP routing table entry for 10.1.0.0/16Paths: (1 available, best #1, table Default-IP-Paths: (1 available, best #1, table Default-IP-

Routing-Table)Routing-Table) Not advertised to any peerNot advertised to any peer 100 100 100100 100 100 192.168.8.139 from 192.168.8.139 192.168.8.139 from 192.168.8.139

(172.16.1.1)(172.16.1.1) Origin IGP, metric 0, localpref 100, valid, Origin IGP, metric 0, localpref 100, valid,

external, bestexternal, best Last update: Mon Jan 30 14:17:01 2006Last update: Mon Jan 30 14:17:01 2006


Route Aggregation policies

aggregate-address A.B.C.D/M– This command specifies an aggregate address.

no aggregate-address A.B.C.D/M aggregate-address A.B.C.D/M summary-

only– This command specifies an aggregate address.

Aggregated routes will not be announce.








AS200

AS300

AS100

CB

A

10.1.0.0/16

10.2.0.0/16 10.2.0.0/16

192.168.1.2

192.168.2.2

192.168.1.1 192.168.2.1

AS400

Example NetworkExample Network


AS200AS300

AS100

C B

A

10.1.0.0/16

10.2.0.0/16 10.2.0.0/16

192.168.1.2192.168.2.2

192.168.1.1 192.168.2.1

AS400

RouterARouterA

router bgp 100router bgp 100 network 10.1.0.0/16network 10.1.0.0/16 neighbor 192.168.1.2 remote-as 200neighbor 192.168.1.2 remote-as 200 neighbor 192.168.1.2 prefix-list PEERC-OUT out neighbor 192.168.1.2 prefix-list PEERC-OUT out neighbor 192.168.2.2 remote-as 300neighbor 192.168.2.2 remote-as 300 neighbor 192.168.2.2 prefix-list PEERB-OUT outneighbor 192.168.2.2 prefix-list PEERB-OUT out neighbor 192.168.2.2 route-map set-as-path outneighbor 192.168.2.2 route-map set-as-path out

ip prefix-list PEERB-OUT permit 10.1.0.0/16ip prefix-list PEERB-OUT permit 10.1.0.0/16ip prefix-list PEERC-OUT permit 10.1.0.0/16ip prefix-list PEERC-OUT permit 10.1.0.0/16ip prefix-list list-3 permit 10.1.0.0/16ip prefix-list list-3 permit 10.1.0.0/16

route-map set-as-path permit 10route-map set-as-path permit 10 match ip address prefix-list list-3 match ip address prefix-list list-3 set as-path prepend 100 100set as-path prepend 100 100

route-map set-as-path permit 20route-map set-as-path permit 20

RouterCRouterC

router bgp 200router bgp 200 network 10.2.0.0/16network 10.2.0.0/16 neighbor 192.168.1.1 remote-as 100neighbor 192.168.1.1 remote-as 100 neighbor 192.168.1.1 prefix-list PEERA-IN inneighbor 192.168.1.1 prefix-list PEERA-IN in neighbor 192.168.1.1 filter-list 5 inneighbor 192.168.1.1 filter-list 5 inip prefix-list PEERA-IN permit 10.1.0.0/16 le 32ip prefix-list PEERA-IN permit 10.1.0.0/16 le 32ip as-path access-list 5 permit ^100ip as-path access-list 5 permit ^100

RouterBRouterB

router bgp 300router bgp 300 network 10.3.0.0/16network 10.3.0.0/16 neighbor 192.168.2.1 remote-as 100neighbor 192.168.2.1 remote-as 100 neighbor 192.168.2.1 prefix-list PEERA-IN inneighbor 192.168.2.1 prefix-list PEERA-IN in neighbor 192.168.1.1 filter-list 5 inneighbor 192.168.1.1 filter-list 5 in

ip prefix-list PEERA-IN permit 10.1.0.0/16 le 32ip prefix-list PEERA-IN permit 10.1.0.0/16 le 32ip as-path access-list 5 permit ^100ip as-path access-list 5 permit ^100


BGP Scaling Techniques BGP Scaling Techniques

Route Refresh and Soft Reconfiguration

Peer GroupsPeer Groups


Route RefreshRoute Refresh BGP session to that neighbor has to be cleared so BGP session to that neighbor has to be cleared so

that it’s reinitialized after every policy change that it’s reinitialized after every policy change because the router does not store prefixes that are rejected by policy

Hard BGP reset Hard BGP reset – Tear down BGP peeringTear down BGP peering– Consume CPUConsume CPU– Disrupts connectivity for all networkDisrupts connectivity for all network

clear ip bgp peer clear ip bgp *

Peer IP address/ASN


Route Refresh CapabilityRoute Refresh Capability

No disrupts connectivityNo disrupts connectivity No additional memory is used No configuration is needed Requires peering routers to support “route

refresh capability” – RFC2918 clear ip bgp x.x.x.x in

– ask the peer to resend full BGP announcement clear ip bgp x.x.x.x out

– to resend full BGP announcement to peer


Soft Reconfiguration

Copies of all routes received from that peer are Copies of all routes received from that peer are stored separately from the regular BGP table. stored separately from the regular BGP table.

After configuring the policy change, It is possible After configuring the policy change, It is possible to apply the new policy to the stored copies of the to apply the new policy to the stored copies of the BGP information without having to reset the BGP information without having to reset the session.session.

router bgp 100 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 soft-reconfiguration inbound

clear ip bgp 192.168.8.140 soft [in | out]






BGP Peer Groups

Some routers have long list of neighbors. It’s is then common to have several setting that are same for each neighbors.

Makes configuration easier Makes configuration less prone to error Makes configuration more readable

neighbor word peer-group– This command defines a new peer group.

neighbor peer peer-group word– This command bind specific peer to peer group word.


Configuration example Configuration example (Without peer groups)(Without peer groups)

router bgp 100 network 10.1.0.0/16

neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 prefix-list PEER-IN in neighbor 192.168.8.140 prefix-list PEER-OUT out neighbor 192.168.8.140 filter-list 6 in neighbor 192.168.8.140 filter-list 5 out

neighbor 192.168.8.150 remote-as 150 neighbor 192.168.8.150 prefix-list PEER-IN in neighbor 192.168.8.150 prefix-list PEER-OUT out neighbor 192.168.8.150 filter-list 6 in neighbor 192.168.8.150 filter-list 5 out

ip prefix-list PEER-IN deny 172.16.2.0/24ip prefix-list PEER-IN permit 0.0.0.0/0 le 32ip prefix-list PEER-OUT permit 10.1.0.0/16ip as-path access-list 5 permit ^100$ip as-path access-list 6 permit ^200$


Configuration exampleConfiguration example (With peer groups)(With peer groups)

router bgp 100 network 10.1.0.0/16

neighbor ebgp peer-group neighbor ebgp filter-list 6 in neighbor ebgp filter-list 5 out neighbor ebgp prefix-list PEER-IN in neighbor ebgp prefix-list PEER-OUT out neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 peer-group ebgp neighbor 192.168.8.150 remote-as 150 neighbor 192.168.8.150 peer-group ebgp






Display BGP Routes

show ip bgp regexp line– This commands display BGP routes that matches AS

path regular expression line.– show ip bgp regexp _100_

show ip bgp summary show ip bgp show ip bgp A.B.C.D show ip route bgp show ip bgp neighbors <peerIPAddr> advertised-

routes show ip bgp neighbors <peerIPAddr> routes


Route Server

At an Internet Exchange point, many ISPs are connected to each other by external BGP peering. Normally these external BGP connection are done by full mesh method. As with internal BGP full mesh formation, this method has a scaling problem.

Route Server is a method to resolve the problem.

Each ISP’s BGP router only peers to Route Server.

Route Server serves as BGP information exchange to other BGP routers.


several routing tables for managing different routing policies for each BGP speaker (Different views)

bgpd can work as normal BGP router or Route Server or both at the same time.


Multiple instance

To enable multiple view function of bgpd, you must turn on multiple instance feature beforehand.

bgp multiple-instance no bgp multiple-instance bgp config-type zebra

– Zebra style BGP configuration. This is default. bgp config-type cisco

– Cisco compatible BGP configuration output.– When bgp config-type cisco is specified,“no synchronization” is displayed. “no auto-summary” is

desplayed.“network” and “aggregate-address” argument is displayed as

“A.B.C.D M.M.M.M”Zebra: network 10.0.0.0/8 Cisco: network 10.0.0.0Zebra: aggregate-address 192.168.0.0/24 Cisco: aggregate-

address 192.168.0.0 255.255.255.0


– In case of “bgp config-type cisco” is specified, community attribute is not sent to the neighbor by default. To send community attribute user has to specify “neighbor A.B.C.D send-community” command.

– router bgp 1 neighbor 10.0.0.1 remote-as 1 neighbor 10.0.0.1 send-community


ExampleExampleRouterA#configure terminalRouterA(config)# bgp multiple-instance RouterA(config)# bgp config-type ciscoRouterA(config)# Ctrl ZRouterA#


BGP ViewsBGP Views BGP view is almost same as normal BGP process.

The result of route selection does not go to the kernel routing table. BGP view is only for exchanging BGP routing information.

router bgp as-number view namebgp multiple-instance!router bgp 1 view 1neighbor 10.0.0.1 remote-as 2neighbor 10.0.0.2 remote-as 3!router bgp 2 view 2neighbor 10.0.0.3 remote-as 4neighbor 10.0.0.4 remote-as 5


BGP instance and view

You can setup different AS at the same time when BGP multiple instance feature is enabled.

router bgp as-number– Make a new BGP instance. You can use arbitrary word for the name.bgp multiple-instance!router bgp 1neighbor 10.0.0.1 remote-as 2neighbor 10.0.0.2 remote-as 3!router bgp 2neighbor 10.0.0.3 remote-as 4neighbor 10.0.0.4 remote-as 5

The result of route selection goes to the kernel routing table.


Routing policy

You can set different routing policy for a peer. For example, you can set different filter for a peer.

bgp multiple-instance!router bgp 1 view 1neighbor 10.0.0.1 remote-as 2neighbor 10.0.0.1 distribute-list 1 in!router bgp 1 view 2neighbor 10.0.0.1 remote-as 2neighbor 10.0.0.1 distribute-list 2 in

access-list 1 permit 192.168.1.0 0.0.0.255access-list 2 permit 192.168.2.0 0.0.0.255

This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and view 2. When the update is inserted into view 1, distribute-list 1 is applied. On the other hand, when the update is inserted into view 2, distribute-list 2 is applied.


Viewing the views

show ip bgp view name– Display routing table of BGP view name.

FilteringFiltering


ToolsTools

IP Access List IP Prefix List Route Map


IP Access List access-list name permit ipv4-network access-list name deny ipv4-network Basic filtering is done by access-list as

shown in the following example.access-list filter deny 10.0.0.0/9access-list filter permit 10.0.0.0/8access-list 100 permit ip any 192.168.1.0

0.0.0.255access-list 90 permit 192.168.1.0 0.0.0.255

Example vty access restrict, route-map match statement, distribute-list


Thank youThank you


Anura AbayaratneAnura AbayaratneMTT Network - Sri LankaMTT Network - Sri Lanka

[email protected]@iee.org

APRICOT 2006APRICOT 2006

2222ndnd Feb – 3 Feb – 3rdrd Mar 2006 Mar 2006

Perth Western AustraliaPerth Western Australia

Date post:	23-Dec-2015
Category:	Documents
Upload:	morris-long
View:	226 times
Download:	0 times

Zebra/Quagga Routing Suite Zebra/Quagga Routing Suite Anura Abayaratne MTT Network - Sri Lanka...

Documents