Sunday, April 25, 2010

How to : Quagga Routing Suite

Quagga, a routing software that run on Linux based on Zebra router, the last Zebra release was 2005. Quagga is able to act as your open-source BGPv4+, OSPFv2, OSPFv3, RIP router installed on Linux system with kernel 2.4 or higher. The best part is you can own a Cisco-IOS look alike router less than RM5K !! Strongly recommend this for your personal study and experimental use.

There’re few daemons that built-up this router :

  • zebra – routing manager
  • ospfd - implementing OSPFv2
  • ripd - implementing RIP v1 and V2
  • ospf6d - implementing OSPFv3 (IPv6)
  • ripngd - implementing RIPng (IPv6)
  • bgpd - implementing BGPv4+ (including address family support for multicast and IPv6)

Download the package from Quagga website, HERE or use Aptitude :

#apt-get install quagga

Here’re some good tips on configuring Debian/Kubuntu based Quagga upon completion of package installation.

To start/stop/restart Quagga service

#/etc/init.d/quagga <start|stop|restart>

To enable/disable the daemons:

#vim /etc/quagga/daemons

zebra=yes
bgpd=no
ospfd=yes
ospf6d=no
ripd=no
ripngd=no

To create configuration files

Firstly, you must create a configuration file, even it is not exist, and each daemons are associated with different configuration files. For example :

    • zebra – zebra.conf
    • ospfd – ospfd.conf
    • bgpd – bgpd.conf

Copy the template or sample configuration files from /usr/share/doc/quagga/examples/.. to /etc/quagga/..

#cp /usr/share/doc/quagga/examples/zebra.conf.sample /etc/quagga/zebra.conf
#cp /usr/share/doc/quagga/examples/ospfd.conf.sample /etc/quagga/ospfd.conf
#cp /usr/share/doc/quagga/examples/bgpd.conf.sample /etc/quagga/bgpd.conf

Add a password to all the newly copied files :

# echo 'password YourPassHere' > /etc/quagga/bgpd.conf
# echo 'password YourPassHere' > /etc/quagga/ospfd.conf
# echo 'password YourPassHere' > /etc/quagga/zebra.conf

You must always ensure the file permissions are correct, it may be vary from your machine/permission settings :

#chown quagga.quaggavty /etc/quagga/*.conf
#chmod 640 /etc/quagga/*.conf

Then, try to restart the Quagga.

debian.conf Configuration Guide

By default, the Quagga daemons are listening to the loopback interface 127.0.0.1 only with different ports for bgpd, ospfd, and zebra respectively, and cannot access remotely. For example, bgpd daemon is using port 2605. Which also means that you can access to the BGP router by executing the following command :

#telnet localhost 2605

If you want to access the Quagga routers remotely from specific IP address, then you may need to modify the /etc/quagga/debian.conf file.

If you want your OSPF router listen to loopback interface and 10.10.10.1, then your configuration will be like :

ospfd_options=" --daemon -A 127.0.0.1 10.10.10.1"

If you wish to let your BGP router to be access from all interfaces IP address, the configuration will be as below :

*For security measurement, I recommend you shouldn’t not allow this.

bgpd_options=” –daemon”

You may need to restart your Quagga services to take effective.

How to configure VTYSH, an integrated shell for Quagga

By instance, if you wish to access to your BGP router :

#telnet localhost 2605

If you found it is not practical or troublesome to telnet into the zebra, ospf and bgp routers separately, you can enable this feature, VTYSH. It has created an interface to access and save the configuration using a single UI, and it looks like your Cisco router!

To use this feature, you need to create the configuration by copy the sample :

#cp /usr/share/doc/quagga/examples/vtysh.conf.sample /etc/quagga/vtysh.conf

Then, edit the configuration /etc/quagga/vtysh.conf and here’s the sample configuration :

 
!
! Sample
!
! service integrated-vtysh-config
hostname quagga-router
username root nopassword
!

In the sample above, “service integrated-vtysh-config” is remarked and disabled. It would save your configuration separately into the protocol you have updated. Let’s see the example below when OSPF and BGP routers configuration are changed and saved :

#vtysh
quagga-router#write
Configuration saved to /etc/quagga/ospfd.conf
Configuration saved to /etc/quagga/bgpd.conf

If you have enabled “service integrated-vtysh-config” in the config, the configuration will be saved into another file namely, /etc/quagga/quagga.conf. By using this configuration, you will look into quagga.conf first followed by it own protocol files i.e. ospfd.conf when you telnet into it. My recommendation is to disable this feature for easier maintenance and avoid confusion.

#vtysh
quagga-router#write
Configuration saved to /etc/quagga/quagga.conf

Make sure you have enabled “vtysh_enable=yes” settings in the /etc/quagga/debian.conf.

In addition, it’s recommended to add “VTYSH_PAGER=more” in your /etc/environment file, or else you will be annoying by the blinking “END” at the left down corner & requires you to type “q” to continue.

Some of the machine may not works by adding the abovementioned, then you shall need to it in your /home/username/.profile

Ensure the file permission and restart the Quagga service :

#chown quagga.quaggavty /etc/quagga/*.conf
#chmod 640 /etc/quagga/*.conf
#/etc/init.d/quagga restart

Additional Info, IP Forwarding

By default, Linux does not allowed IP forwarding between interfaces. It’s required to enable this by executing the following configurations :

#echo "1" > /proc/sys/net/ipv4/ip_forward

No comments: