Presentation is loading. Please wait.

Presentation is loading. Please wait.

Zebra/Quagga Routing Suite Zebra/Quagga Routing Suite Anura Abayaratne MTT Network - Sri Lanka APRICOT 2006 22 nd Feb – 3 rd Mar 2006 Perth.

Similar presentations


Presentation on theme: "Zebra/Quagga Routing Suite Zebra/Quagga Routing Suite Anura Abayaratne MTT Network - Sri Lanka APRICOT 2006 22 nd Feb – 3 rd Mar 2006 Perth."— Presentation transcript:

1 Zebra/Quagga Routing Suite Zebra/Quagga Routing Suite Anura Abayaratne MTT Network - Sri Lanka anuraa@iee.org APRICOT 2006 22 nd Feb – 3 rd Mar 2006 Perth Western Australia

2 APRICOT 2006 - Perth Western Australia 2 Agenda  Overview  Installation  Basic commands  Setting up BGP  Filtering

3 APRICOT 2006 - Perth Western Australia 3 What is a routing daemon?  Software running on server  It maintains Routing Information Server + Daemon Router

4 APRICOT 2006 - Perth Western Australia 4  Routing daemons – Low-cost solution – Low-cost solution – Expertise required for set-up – Expertise required for set-up – Lack of support – Lack of support  Commercial routers – Pricy – Pricy – Better performance – Better performance – Fully supported – Fully supported  Routing daemons – Low-cost solution – Low-cost solution – Expertise required for set-up – Expertise required for set-up – Lack of support – Lack of support  Commercial routers – Pricy – Pricy – Better performance – Better performance – Fully supported – Fully supported Daemons vs. commercial Routers

5 APRICOT 2006 - Perth Western Australia 5 Zebra http://www.zebra.orgZebra http://www.zebra.org Quagga http://www.quagga.netQuagga http://www.quagga.net First daemon First daemon Wide support: RIP,OSPF,BGP Wide support: RIP,OSPF,BGP Certain Vulnerabilities Certain Vulnerabilities Based on Zebra Based on Zebra Wide support: RIP,OSPF,BGP,ISIS Wide support: RIP,OSPF,BGP,ISIS Development libraries Development libraries Routing Daemons

6 Overview

7 APRICOT 2006 - Perth Western Australia 7 Overview   Distributed under the GNU General Public License   Zebra is a routing software package that provides TCP/IP based routing services with routing protocols support such as RIPv1, RIPv2, RIPng, OSPFv2, OSPFv3, BGP-4, and BGP-4+   Support BGP Route Reflectors and Route server behavior   IPv6 Routing protocols   Zebra has interactive user interface for each routing protocol and supports common client commands.

8 APRICOT 2006 - Perth Western Australia 8 About Zebra  Act as a dedicated server  Exchange routing information with other routers using routing protocols  Uses these information to update kernel routing table so that right data goes to the right place.  Can dynamically change the configuration and you may view routing table from Zebra terminal interface  If the network is small, Configuring Zebra is very easy : setup interfaces, Add static routes and/or default routes  If the network is rather large or structure change frequently, you may need to setup Zebra dynamic routing protocol : RIP,OSPF or BGP.  Support unicast routing protocols.  Zebra has different system administration mode : Normal mode and Enable mode  Unix account independent feature will be great help to the router administrator.

9 APRICOT 2006 - Perth Western Australia 9 System Architecture Diagram bgpdospfdripd zebra Unix Kernel Routing Table

10 APRICOT 2006 - Perth Western Australia 10 How Zebra/Quagga works  Collection of several daemons that work together to build the routing table. (protocol specific routing daemons: ripd,ospfd,bgpd + kernel routing manager: zebrad)   Zebra daemon is an IP routing manager. It provides kernel routing table updates, interface lookups, and redistribution of routes between different routing protocols.   Each daemon has its own configuration file – –For example, Static route – in zebrad configuration file – –BGP – in bgpd configuration file

11 APRICOT 2006 - Perth Western Australia 11 Supported Platform   Linux 2.2.x and higher   FreeBSD 4.x and higher   NetBSD 1.6 and higher   OpenBSD 2.5 and higher   Solaris 2.6 and higher

12 APRICOT 2006 - Perth Western Australia 12 How to get Zebra/Quagga  http://www.zebra.org/ http://www.zebra.org/  http://www.quagga.net/ http://www.quagga.net/

13 Installation

14 APRICOT 2006 - Perth Western Australia 14 Steps  There are three steps for installing the software :Configuration, Compilation, Installation  First unzip/extract the software  gzip –d zebra-0.95a.tar.gz  tar –xvf zebra-0.95a.tar  cd zebra-0.95a

15 APRICOT 2006 - Perth Western Australia 15 Configure the software  Zebra can detect the most host configuration automatically. There are additional configuration options  %./configure --help –eg.  %./configure  %./configure –-prefix=/home/zebra  %./configure –disable-ripd

16 APRICOT 2006 - Perth Western Australia 16 Build the Software  After configuring the software, you will need to compile it for your system  Issue the command make in the root of the source directory.  %make

17 APRICOT 2006 - Perth Western Australia 17 Install the Software   copying the compiled programs and supporting files to a standard location.   issue the following command at your shell prompt: make install.   %make install  default working directory: /usr/local/bin and /usr/local/etc

18 APRICOT 2006 - Perth Western Australia 18 Install the Software Contd…   Zebra daemons have their own terminal interface or VTY. After installation, you have to setup each beast’s port number to connect to them. Please add the following entries to‘/etc/services’. zebrasrv 2600/tcp # zebra service zebra 2601/tcp # zebra vty ripd 2602/tcp # RIPd vty ripngd 2603/tcp # RIPngd vty ospfd 2604/tcp # OSPFd vty bgpd 2605/tcp # BGPd vty ospf6d 2606/tcp # OSPF6d vty Additionally for Quagga ospfapi 2607/tcp # ospfapi isisd 2608/tcp # ISISd vty

19 APRICOT 2006 - Perth Western Australia 19 Access the Router   Telnet to the port – –telnet 2601 ports on zebra 2601 # zebra vty 2602p # RIPd vty 2603 # RIPngd vty 2604 # OSPFd vty 2605 # BGPd vty 2606 # OSPF6d vty Additionally quagga support: 2607 # ospfapi 2608 # ISISd vty  Use VTY shell – –To use vtysh, specify —enable-vtysh to configure script. – –Username stored in vtysh.conf file.   username testuser nopassword

20 Basic Commands

21 APRICOT 2006 - Perth Western Australia 21 Config Commands  Command common to all routing protocol  Config command are generally found in /usr/local/etc/*.conf or path specified in -–prefix option (eg. /home/zebra/etc/*.conf)  The daemon name + `.conf` is the default config file name (eg. /home/zebra/etc/zebra.conf)  Config file can be specified using –f or – config_file options when stating the daemon (eg. /home/zebra/sbin/zebra –d –f /home/zebra/etc/zebratest.conf)

22 APRICOT 2006 - Perth Western Australia 22 Basic Config Commands   hostname hostname - Set hostname of the router.   password password - Set password for vty interface. If there is no password, a vty won’t accept connections.   enable password password -Set enable password.   log stdout - Set logging output to stdout.   no log stdout -

23 APRICOT 2006 - Perth Western Australia 23 Basic Config Commands….   log file filename - If you want to log into a file please specify filename as follows. (eg. log file /usr/local/etc/bgpd.log   log syslog - Set logging output to syslog.   no log syslog

24 APRICOT 2006 - Perth Western Australia 24 Basic Config Commands…   write terminal - Displays the current configuration to the vty interface.   show running-config   write file - Write current configuration to configuration file.   copy running-config startup-config   configure terminal -Change to configuration mode. This command is the first step to configuration.

25 APRICOT 2006 - Perth Western Australia 25 Basic Config Commands…  who, list – List command   service password-encryption – Encrypt password   show version - Show the current version of the Zebra and its build host information.   line vty - Enter vty configuration mode.   banner motd default - Set default motd string.   no banner motd - No motd banner string will be printed.

26 APRICOT 2006 - Perth Western Australia 26 Basic Config Commands…   exec-timeout minute   exec-timeout minute second Set VTY connection timeout value. When only one argument is specified it is used for timeout value in minutes. Optional second argument is used for timeout value in seconds. Default timeout value is 10 minutes. When timeout value is zero, it means no timeout.   no exec-timeout - Do not perform timeout at all. This command is as same as exec- timeout 0 0.

27 APRICOT 2006 - Perth Western Australia 27 Basic Config Commands…   access-class access-list - Restrict vty connections with an access list. Example: access-list log-in permit 192.168.1.0/24 line vty access-class log-in

28 APRICOT 2006 - Perth Western Australia 28 Sample Config File   for the zebra daemon. hostname Router password zebra enable password zebra ! interface lo ! interface eth0 ip address 172.16.1.2/24 ip address 172.16.1.2/24! line vty

29 APRICOT 2006 - Perth Western Australia 29 Sample Config File   ’ !’ and ’#’ are comment characters. If the first character of the word is one of thecomment characters then from the rest of the line forward will be ignored as a comment.   password zebra!password   If a comment character is not the first character of the word, it’s a normal character. So in the above example ’ !’ will not be regarded as a comment and the password is set to ’zebra!password’.

30 APRICOT 2006 - Perth Western Australia 30 Common Invocation Options  Usage : zebra [OPTION...]  Daemon which manages kernel routing table management and redistribution between different routing protocols.  -b, --batch Runs in batch mode  -d, --daemon Runs in daemon mode  -f, --config_file Set configuration file name  -i, --pid_file Set process identifier file name  -k, --keep_kernel Don't delete old routes which installed by zebra.  -l, --log_mode Set verbose log mode flag  -A, --vty_addr Set vty's bind address  -P, --vty_port Set vty's port number  -r, --retain When program terminates, retain added route by zebra.  -v, --version Print program version  -h, --help Display this help and exit  Example: /home/zebra/sbin/zebra -d

31 APRICOT 2006 - Perth Western Australia 31 Virtual Terminal Interfaces   VTY – Virtual Terminal Interface is a command line interface (CLI) for user interaction with the routing daemon.   To enable a VTY interface, you have to setup a VTY password. If there is no VTY password, one cannot connect to the VTY interface at all.

32 APRICOT 2006 - Perth Western Australia 32 VTY Overview %% telnet 192.168.8.9 2601 Hello, this is zebra (version 0.95a). Copyright 1996-2004 Kunihiro Ishiguro. User Access Verification Password: Router> enable Password: XXXXX Router# configure terminal Router(config)#password zzzzzzz Router(config)# enable password yyyyyyy Router(config)# interface eth0 Router(config-if)# ip address 10.1.0.1/24 Router(config-if)# exit Router(config)#access-list log-in permit 192.168.1.0/24 Router(config)#line vty Router(config-line)# access-class log-in Router(config-line)# end Router#disable Router>

33 APRICOT 2006 - Perth Western Australia 33 VTY Modes Three VTY modes  VTY View Mode : Read-Only access to the CLI  VTY Enable mode : Read-write access to the CLI  VTY Other modes

34 Zebra Daemon

35 APRICOT 2006 - Perth Western Australia 35 Interface Commands  interface ifname  shutdown, no shutdown – up or down the current interface  ip address address (e.g. 10.0.0.1/8)  description description ……  multicast, no multicast - Enable or disable multicast flag for the interface  bandwidth Bandwidth in kilobits  no bandwidth  no bandwidth

36 APRICOT 2006 - Perth Western Australia 36 Example Router> enable Password: XXXXX Router# configure terminal Router(config)# interface eth0 Router(config-if)# ip address 10.0.1.2/24 Router(config-if)# no ip address 10.0.2.2/24 Router(config-if)#end Router#exit

37 APRICOT 2006 - Perth Western Australia 37 Static Route Commands   It defines static prefix and gateway.   ip route network gateway   ip route network netmask gateway ip route 10.0.0.0/8 10.0.0.2 ip route 10.0.0.0/8 ppp0 ip route 10.0.0.0 255.255.255.0 10.0.0.2   ip route network gateway distance ip route 10.0.0.0 255.255.255.0 10.0.0.3 50

38 APRICOT 2006 - Perth Western Australia 38 Static Route C……  Router# show ip route  Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,  B - BGP, > - selected route, * - FIB route  K>* 0.0.0.0/0 via 192.168.8.1, eth0  S 10.0.0.0/24 [1/0] via 10.0.0.3 inactive  S>* 10.1.0.0/24 [100/0] via 192.168.8.3, eth0  S>* 10.2.3.0/24 [10/0] via 192.168.8.1, eth0  K * 127.0.0.0/8 is directly connected, lo  C>* 127.0.0.0/8 is directly connected, lo  K * 192.168.8.0/24 is directly connected, eth0  C>* 192.168.8.0/24 is directly connected, eth0

39 APRICOT 2006 - Perth Western Australia 39 Zebra Terminal Mode Commands  show interface  show ip forward -  show ip forward - Display whether the host’s IP forwarding function is enabled or not. Almost any UNIX kernel can be configured with IP forwarding disabled. If so, the box can’t work as a router.  cat /proc/sys/net/ipv4/ip_forward  To enable ip forward on Linux box sysctl -w net.ipv4.ip_forward=1

40 BGP Border Gateway Protocol

41 APRICOT 2006 - Perth Western Australia 41 Introduction to BGP  Exterior gateway protocol  Routing Protocol used to exchange routing information between networks - Exterior gateway protocol   Path Vector Protocol   Incremental Updates   Many options for policy enforcement   Classless Inter Domain Routing (CIDR)   Widely used for Internet backbone   BGP used internally (iBGP) and externally (eBGP)

42 APRICOT 2006 - Perth Western Australia 42 Autonomous System AS100   It is used to uniquely identify networks with common routing policy   Usually under single ownership, trust and administrative control AS100

43 APRICOT 2006 - Perth Western Australia 43 Autonomous System Number   AS number is an identification of autonomous system.   BGP protocol uses the AS number for detecting whether the BGP connection is internal one or external one.   An ASN is a 16 bit number   Public AS numbers 1 - 64511   Private AS numbers 64512 – 65535   0 and 65535 are reserved   ASNs are distributed by the Regional Internet Registries

44 APRICOT 2006 - Perth Western Australia 44 Starting BGP   Default configuration file of bgpd is ‘bgpd.conf’. (eg. /home/zebra/etc/bgpd.conf)  /home/zebra/sbin/bgpd -d

45 APRICOT 2006 - Perth Western Australia 45 Configuring the router  Enable BGP  Add the address to be announced  Add the address and AS numbers of neighboring routers (peers)  Apply policy with BGP –Allow only the routes that originate here to be announced to the neighboring AS –Announced routes –Receiving routes

46 APRICOT 2006 - Perth Western Australia 46 BGP Router   Configure BGP router with router bgp command. To configure BGP router, you need AS number.   router bgp asn Enable a BGP protocol process with the specified asn. After this statement you can input any BGP Commands. You can not create different BGP process under different asn without specifying multiple-instance   no router bgp asn Destroy a BGP protocol process with the specified asn.

47 APRICOT 2006 - Perth Western Australia 47 Configuration example % telnet 192.168.8.139 2605 Connected to 192.168.1.139 Escape character is ’^]’. Hello, this is zebra (version 0.95a) User Access Verification Password: XXXXX RouterA> RouterA> enable RouterA#configure terminal RouterA(config)#router bgp 100 RouterA(config-router)# RouterA(config-router)#exit RouterA#exit AS100 AS200 bgpd A B

48 APRICOT 2006 - Perth Western Australia 48   bgp router-id A.B.C.D This command specifies the router-ID. If bgpd connects to zebra it gets interface and address information. In that case default router ID value is selected as the largest IP Address of the interfaces. When router zebra is not enabled bgpd can’t get interface information so router-id is set to 0.0.0.0. So set router-id by hand. RouterA#configure terminal RouterA(config)#router bgp 100 RouterA(config-router)#bgp router-id 172.16.1.1

49 APRICOT 2006 - Perth Western Australia 49 Configuring the router  Enable BGP  Add the address to be announced  Add the address and AS numbers of neighboring routers (peers)  Apply policy with BGP –Allow only the routes that originate here to be announced to the neighboring AS –Announced routes –Receiving routes

50 APRICOT 2006 - Perth Western Australia 50 Inserting prefixes into BGP   To add address prefix to be announced   Two ways : – –redistributing internal routing protocol – –network command   network A.B.C.D/M router bgp 100 network 10.1.0.0/16 no network 172.16.0.0/16

51 APRICOT 2006 - Perth Western Australia 51 AS100 AS200 Configuration example RouterA#configure terminal RouterA(config)#router bgp 100 RouterA(config-router)# network 10.1.0.0/16 RouterA(config-router)#end RouterA#exit bgpd A B

52 APRICOT 2006 - Perth Western Australia 52 Redistribute to BGP   redistribute kernel – –Redistribute kernel route to BGP process.   redistribute static – –Redistribute static route to BGP process.   redistribute connected – –Redistribute connected route to BGP process.   redistribute rip – –Redistribute RIP route to BGP process.   redistribute ospf – –Redistribute OSPF route to BGP process.

53 APRICOT 2006 - Perth Western Australia 53 Configuration example router bgp 100 network 10.1.0.0/16 redistribute static redistribute connected neighbor 192.168.8.140 remote-as 200

54 APRICOT 2006 - Perth Western Australia 54 Configuring the router  Enable BGP  Add the address to be announced  Add the address and AS numbers of neighboring routers (peers)  Apply policy with BGP –Allow only the routes that originate here to be announced to the neighboring AS –Announced routes –Receiving routes

55 APRICOT 2006 - Perth Western Australia 55 BGP Peers   neighbor peer remote-as asn – –Creates a new neighbor whose remote- as is asn. peer can be an IP address router bgp 1 neighbor 10.0.0.1 remote-as 2

56 APRICOT 2006 - Perth Western Australia 56 Configuration example RouterA#configure terminal RouterA(config)#router bgp 100 RouterA(config-router)#neighbor 192.168.8.140 remote-as 200 RouterA(config-router)# network 10.1.0.0/16 RouterA(config-router)#end Display commands- A>show ip bgp summary B>show ip bgp B>Show ip route bgp A>show ip bgp neighbors advertised- routes B>show ip bgp neighbors routes AS100 AS200 bgpd A B

57 APRICOT 2006 - Perth Western Australia 57 Configuration example …… RouterA#show ip bgp summary Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.8.140 4 200 99 113 0 0 0 00:03:30 1 Total number of neighbors 1 RouterB# show ip bgp neighbors 192.168.8.139 routes BGP table version is 0, local router ID is 172.16.1.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,r RIB-failure, S Stale, R Removed Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.1.0.0/16 192.168.8.139 0 0 100 i Total number of prefixes 1

58 APRICOT 2006 - Perth Western Australia 58 BGP Peer commands   neighbor peer shutdown   no neighbor peer shutdown Shutdown the peer. We can delete the neighbor’s configuration by no neighbor peer remote-as as-number but all configuration of the neighbor will be deleted. When you want to preserve the configuration, but want to drop the BGP peer, use this syntax.

59 APRICOT 2006 - Perth Western Australia 59 BGP Peer commands….   neighbor peer ebgp-multihop num   no neighbor peer ebgp-multihop num – –Peer not directly connected   neighbor peer description...   no neighbor peer description... – –Set description of the peer.   neighbor peer version version – –Set up the neighbor’s BGP version. version can be 4, 4+ or 4-. BGP version 4 is the default value used for BGP peering.

60 APRICOT 2006 - Perth Western Australia 60 Configuration example RouterA#configure terminal RouterA(config)#router bgp 100 RouterA(config-router)#neighbor 192.168.8.140 remote-as 200 RouterA(config-router)#neighbor 192.168.8.140 description eBGP to RouterB RouterA(config-router)#neighbor 192.168.8.140 version 4 RouterA(config-router)#neighbor 192.168.8.140 shutdown RouterA(config-router)# network 10.1.0.0/16 AS100 AS200 bgpd A B

61 APRICOT 2006 - Perth Western Australia 61 BGP Peer commands….   neighbor peer next-hop-self – –This command specifies an announced route’s nexthop as being equivalent to the address of the bgp router. In eBGP, changing the next- hop is handled automatically. But not in iBGP   no neighbor peer next-hop-self   neighbor peer update-source interface   no neighbor peer update-source   neighbor peer default-originate – –announce default routes to the peer   no neighbor peer default-originate

62 APRICOT 2006 - Perth Western Australia 62 BGP Peer commands….   neighbor peer send-community   neighbor peer weight weight – –specifies a default weight value for the neighbor’s routes. Local to the router – –Higher weight wins

63 APRICOT 2006 - Perth Western Australia 63 Configuration example RouterA# router bgp 100 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 update-source ehternet0 neighbor 192.168.8.140 default-originate neighbor 192.168.8.140 send-community neighbor 192.168.8.140 weight 50 To apply changes : clear ip bgp 192.168.8.140 out RouterB#show ip route bgp RouterB#show ip route RouterB#show ip bgp AS100 AS200 bgpd A B

64 APRICOT 2006 - Perth Western Australia 64 Configuration example ……  RouterB# show ip bgp Network Next Hop Metric LocPrf Weight Path Network Next Hop Metric LocPrf Weight Path *> 0.0.0.0 192.168.8.139 0 0 100 i *> 10.1.0.0/16 192.168.8.139 0 0 100 i

65 APRICOT 2006 - Perth Western Australia 65 Configuring the router  Enable BGP  Add the address to be announced  Add the address and AS numbers of neighboring routers (peers)  Apply policy with BGP –Allow only the routes that originate here to be announced to the neighboring AS –Announced routes –Receiving routes

66 APRICOT 2006 - Perth Western Australia 66 Policy Control  Policy based on AS path, community and prefixes  Rejecting, accepting selected routes  Set attribute to influence path selection   Zebra provides many very flexible filtering features. Filtering is used for both input and output of the routing information. Once filtering is defined, it can be applied in any direction.

67 APRICOT 2006 - Perth Western Australia 67 Tools for policy control   Prefix-list (Filter prefixes)   Filter-list (Filter ASes)   Route-map and communities   neighbor peer distribute-list name [in|out] – –This command specifies a distribute-list for the peer. direct is ‘in’ or ‘out’.   neighbor peer prefix-list name [in|out]   neighbor peer filter-list name [in|out]   neighbor peer route-map name [in|out]

68 APRICOT 2006 - Perth Western Australia 68 Prefix List   ip prefix-list provides the most powerful prefix based filtering mechanism.   add or delete prefix based filters to arbitrary points of prefix-list using sequential number specification.   If no ip prefix-list is specified, it acts as permit. If ip prefix-list is defined, and no match is found, default deny is applied.

69 APRICOT 2006 - Perth Western Australia 69 Prefix List command   ip prefix-list name (permit|deny) prefix [le len] [ge len]   ip prefix-list name seq-number (permit|deny) prefix [le len] [ge len]   ip prefix-list name description desc   no ip prefix-list name   no ip prefix-list name description [desc]   show ip prefix-list – –Display all IP prefix lists.   show ip prefix-list name – –Show IP prefix list can be used with a prefix list name.   show ip prefix-list name seq num

70 APRICOT 2006 - Perth Western Australia 70 Configuration example RouterA router bgp 100 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 prefix-list PEER-IN in neighbor 192.168.8.140 prefix-list PEER-OUT out ip prefix-list PEER-IN deny 172.16.2.0/24 ip prefix-list PEER-IN permit 0.0.0.0/0 le 32 ip prefix-list PEER-OUT permit 10.1.0.0/16 To apply changes : clear ip bgp 192.168.8.140 in clear ip bgp 192.168.8.140 out A>show ip bgp summary B>show ip bgp B>Show ip route bgp A>show ip bgp neighbors advertised- routes B>show ip bgp neighbors routes

71 APRICOT 2006 - Perth Western Australia 71 Filter List   Filter routes based on AS path  Both direction – in/out

72 APRICOT 2006 - Perth Western Australia 72 Configuration example router bgp 100 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 filter-list 6 in neighbor 192.168.8.140 filter-list 5 out ip as-path access-list 5 permit ^100$ ip as-path access-list 6 permit ^200$ To apply the changes clear ip bgp 192.168.8.140 in clear ip bgp 192.168.8.140 out A>show ip bgp summary B>show ip bgp B>Show ip route bgp A>show ip bgp neighbors advertised- routes B>show ip bgp neighbors routes

73 APRICOT 2006 - Perth Western Australia 73 Regular Expressions   AS path regular expression can be used for displaying BGP routes and AS path access list.. Matches any single character. * Matches 0 or more occurrences of pattern. + Matches 1 or more occurrences of pattern. ? Match 0 or 1 occurrences of pattern. ^ Matches the beginning of the line. $ Matches the end of the line. _ Character _ has special meanings in AS path regular expression. It matches to space and comma, and AS set delimiter { and } and AS confederation delimiter ( and ). And it also matches to the beginning of the line and the end of the line. So _ can be used for AS value boundaries match. show ip bgp regexp _7675_ matches to all of BGP routes which as AS number include 7675.

74 APRICOT 2006 - Perth Western Australia 74 Examples.* match anything.+ match at least one character ^$ match routes local to this AS _100$ originated by AS100 ^100_ received from AS100 _100_ via AS100 _200_100_ via AS100 and AS200 _(100_)+ multiple AS100 in sequence (used to match AS-PATH prepends) _\(65530\)_ via AS65530 (confederations)

75 APRICOT 2006 - Perth Western Australia 75 AS Path Access List   AS path access list is user defined AS path.   ip as-path access-list word {permit|deny} line – –This command defines a new AS path access list.   no ip as-path access-list word   no ip as-path access-list word {permit|deny} line

76 APRICOT 2006 - Perth Western Australia 76 Example   ip as-path access-list 1 permit _100$   ip as-path access-list 2 permit _200_

77 APRICOT 2006 - Perth Western Australia 77 Route Maps   Route map is a very useful function in zebra. There is a match and set statement permitted in a route map.   concepts if match then do expression and exit else if match then do expression and exit else etc

78 APRICOT 2006 - Perth Western Australia 78 Example - Route Map & prefix-lists router bgp 100 bgp router-id 172.16.1.1 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 route-map filter-in in route-map filter-in permit 10 match ip address prefix-list list-1 set local-preference 120 route-map filter-in permit 20 match ip address prefix-list list-2 set local-preference 80 route-map filter-in permit 30 ip prefix-list list-1 permit 10.2.0.0/16 ip prefix-list list-2 permit 10.3.0.0/16 To apply the changes clear ip bgp 192.168.8.140 in

79 APRICOT 2006 - Perth Western Australia 79 Example - Route Map & prefix-lists.  Before applying policies RouterA# show ip bgp 10.2.0.0 BGP routing table entry for 10.2.0.0/16 Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peer Not advertised to any peer 200 200 192.168.8.140 from 192.168.8.140 (172.16.1.2) 192.168.8.140 from 192.168.8.140 (172.16.1.2) Origin IGP, metric 0, localpref 100, valid, external, best Origin IGP, metric 0, localpref 100, valid, external, best Last update: Mon Jan 30 12:40:11 2006 Last update: Mon Jan 30 12:40:11 2006  After applying policies RouterA# show ip bgp 10.2.0.0 BGP routing table entry for 10.2.0.0/16 Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peer Not advertised to any peer 200 200 192.168.8.140 from 192.168.8.140 (172.16.1.2) 192.168.8.140 from 192.168.8.140 (172.16.1.2) Origin IGP, metric 0, localpref 120, valid, external, best Origin IGP, metric 0, localpref 120, valid, external, best Last update: Mon Jan 30 12:48:11 2006 Last update: Mon Jan 30 12:48:11 2006

80 APRICOT 2006 - Perth Western Australia 80 Example - Route Map & prefix-lists.  Before applying policies RouterA# show ip bgp 10.3.0.0 BGP routing table entry for 10.3.0.0/16 Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peer Not advertised to any peer200 192.168.8.140 from 192.168.8.140 (172.16.1.1) 192.168.8.140 from 192.168.8.140 (172.16.1.1) Origin IGP, metric 0, localpref 100, valid, external, best Origin IGP, metric 0, localpref 100, valid, external, best Last update: Mon Jan 30 12:41:41 2006 Last update: Mon Jan 30 12:41:41 2006  After applying policies RouterA# sh ip bgp 10.3.0.0 BGP routing table entry for 10.3.0.0/16 Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peer Not advertised to any peer 200 200 192.168.8.140 from 192.168.8.140 (172.16.1.1) 192.168.8.140 from 192.168.8.140 (172.16.1.1) Origin IGP, metric 0, localpref 80, valid, external, best Origin IGP, metric 0, localpref 80, valid, external, best Last update: Mon Jan 30 12:52:11 2006 Last update: Mon Jan 30 12:52:11 2006

81 APRICOT 2006 - Perth Western Australia 81 Example - Route Map & Filter lists router bgp 100 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 route-map filter-as-path in route-map filter-as-path permit 10 match as-path 1 set local-preference 90 route-map filter-as-path permit 20 match as-path 2 set local-preference 150 route-map filter-as-path permit 30 ip as-path access-list 1 permit _200$ ip as-path access-list 2 permit _300_ To apply the changes clear ip bgp 192.168.8.140 in

82 APRICOT 2006 - Perth Western Australia 82 Example - Route-map & Example - Route-map & AS-PATH prepend RouterA router bgp 100 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 route-map set-as-path out ! route-map set-as-path permit 10 match ip address prefix-list list-3 set as-path prepend 100 100 route-map set-as-path permit 20 ip prefix-list list-3 permit 10.1.0.0/16   Use own AS number when prepending To apply the changes clear ip bgp 192.168.8.140 out

83 APRICOT 2006 - Perth Western Australia 83 Example - Route-map & Example - Route-map & AS-PATH prepend ….. RouterB# show ip bgp 10.1.0.0 BGP routing table entry for 10.1.0.0/16 Paths: (1 available, best #1, table Default- IP-Routing-Table) Not advertised to any peer Not advertised to any peer 100 100 100 100 100 100 192.168.8.139 from 192.168.8.139 (172.16.1.1) 192.168.8.139 from 192.168.8.139 (172.16.1.1) Origin IGP, metric 0, localpref 100, valid, external, best Origin IGP, metric 0, localpref 100, valid, external, best Last update: Mon Jan 30 14:17:01 2006 Last update: Mon Jan 30 14:17:01 2006

84 APRICOT 2006 - Perth Western Australia 84 Route Aggregation policies   aggregate-address A.B.C.D/M – –This command specifies an aggregate address.   no aggregate-address A.B.C.D/M   aggregate-address A.B.C.D/M summary- only – –This command specifies an aggregate address. Aggregated routes will not be announce.

85 APRICOT 2006 - Perth Western Australia 85 Configuring the router  Enable BGP  Add the address to be announced  Add the address and AS numbers of neighboring routers (peers)  Apply policy with BGP –Allow only the routes that originate here to be announced to the neighboring AS –Announced routes –Receiving routes

86 APRICOT 2006 - Perth Western Australia 86 AS200 AS300 AS100 C B A 10.1.0.0/16 10.2.0.0/16 192.168.1.2 192.168.2.2 192.168.1.1192.168.2.1 AS400 Example Network

87 APRICOT 2006 - Perth Western Australia 87 AS200 AS300 AS100 C B A 10.1.0.0/16 10.2.0.0/16 192.168.1.2 192.168.2.2 192.168.1.1192.168.2.1 AS400  RouterA router bgp 100 network 10.1.0.0/16 network 10.1.0.0/16 neighbor 192.168.1.2 remote-as 200 neighbor 192.168.1.2 remote-as 200 neighbor 192.168.1.2 prefix-list PEERC-OUT out neighbor 192.168.1.2 prefix-list PEERC-OUT out neighbor 192.168.2.2 remote-as 300 neighbor 192.168.2.2 remote-as 300 neighbor 192.168.2.2 prefix-list PEERB-OUT out neighbor 192.168.2.2 prefix-list PEERB-OUT out neighbor 192.168.2.2 route-map set-as-path out neighbor 192.168.2.2 route-map set-as-path out ip prefix-list PEERB-OUT permit 10.1.0.0/16 ip prefix-list PEERC-OUT permit 10.1.0.0/16 ip prefix-list list-3 permit 10.1.0.0/16 route-map set-as-path permit 10 match ip address prefix-list list-3 match ip address prefix-list list-3 set as-path prepend 100 100 set as-path prepend 100 100 route-map set-as-path permit 20  RouterC router bgp 200 network 10.2.0.0/16 network 10.2.0.0/16 neighbor 192.168.1.1 remote-as 100 neighbor 192.168.1.1 remote-as 100 neighbor 192.168.1.1 prefix-list PEERA-IN in neighbor 192.168.1.1 prefix-list PEERA-IN in neighbor 192.168.1.1 filter-list 5 in neighbor 192.168.1.1 filter-list 5 in ip prefix-list PEERA-IN permit 10.1.0.0/16 le 32 ip as-path access-list 5 permit ^100  RouterB router bgp 300 network 10.3.0.0/16 network 10.3.0.0/16 neighbor 192.168.2.1 remote-as 100 neighbor 192.168.2.1 remote-as 100 neighbor 192.168.2.1 prefix-list PEERA-IN in neighbor 192.168.2.1 prefix-list PEERA-IN in neighbor 192.168.1.1 filter-list 5 in neighbor 192.168.1.1 filter-list 5 in ip prefix-list PEERA-IN permit 10.1.0.0/16 le 32 ip as-path access-list 5 permit ^100

88 APRICOT 2006 - Perth Western Australia 88 BGP Scaling Techniques   Route Refresh and Soft Reconfiguration  Peer Groups

89 APRICOT 2006 - Perth Western Australia 89 Route Refresh  BGP session to that neighbor has to be cleared so that it’s reinitialized after every policy change  BGP session to that neighbor has to be cleared so that it’s reinitialized after every policy change because the router does not store prefixes that are rejected by policy  Hard BGP reset –Tear down BGP peering –Consume CPU –Disrupts connectivity for all network   clear ip bgp peer   clear ip bgp * Peer IP address/ASN

90 APRICOT 2006 - Perth Western Australia 90 Route Refresh Capability  No disrupts connectivity   No additional memory is used   No configuration is needed   Requires peering routers to support “route refresh capability” – RFC2918   clear ip bgp x.x.x.x in – –ask the peer to resend full BGP announcement   clear ip bgp x.x.x.x out – –to resend full BGP announcement to peer

91 APRICOT 2006 - Perth Western Australia 91 Soft Reconfiguration  Copies of all routes received from that peer are stored separately from the regular BGP table.  After configuring the policy change, It is possible to apply the new policy to the stored copies of the BGP information without having to reset the session. router bgp 100 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 soft-reconfiguration inbound   clear ip bgp 192.168.8.140 soft [in | out]

92 APRICOT 2006 - Perth Western Australia 92 BGP Scaling Techniques   Route Refresh and Soft Reconfiguration  Peer Groups

93 APRICOT 2006 - Perth Western Australia 93 BGP Peer Groups   Some routers have long list of neighbors. It’s is then common to have several setting that are same for each neighbors.   Makes configuration easier   Makes configuration less prone to error   Makes configuration more readable   neighbor word peer-group – –This command defines a new peer group.   neighbor peer peer-group word – –This command bind specific peer to peer group word.

94 APRICOT 2006 - Perth Western Australia 94 Configuration example (Without peer groups) router bgp 100 network 10.1.0.0/16 neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 prefix-list PEER-IN in neighbor 192.168.8.140 prefix-list PEER-OUT out neighbor 192.168.8.140 filter-list 6 in neighbor 192.168.8.140 filter-list 5 out neighbor 192.168.8.150 remote-as 150 neighbor 192.168.8.150 prefix-list PEER-IN in neighbor 192.168.8.150 prefix-list PEER-OUT out neighbor 192.168.8.150 filter-list 6 in neighbor 192.168.8.150 filter-list 5 out ip prefix-list PEER-IN deny 172.16.2.0/24 ip prefix-list PEER-IN permit 0.0.0.0/0 le 32 ip prefix-list PEER-OUT permit 10.1.0.0/16 ip as-path access-list 5 permit ^100$ ip as-path access-list 6 permit ^200$

95 APRICOT 2006 - Perth Western Australia 95 Configuration example (With peer groups) router bgp 100 network 10.1.0.0/16 neighbor ebgp peer-group neighbor ebgp filter-list 6 in neighbor ebgp filter-list 5 out neighbor ebgp prefix-list PEER-IN in neighbor ebgp prefix-list PEER-OUT out neighbor 192.168.8.140 remote-as 200 neighbor 192.168.8.140 peer-group ebgp neighbor 192.168.8.150 remote-as 150 neighbor 192.168.8.150 peer-group ebgp

96 APRICOT 2006 - Perth Western Australia 96 BGP Scaling Techniques   Route Refresh and Soft Reconfiguration  Peer Groups

97 APRICOT 2006 - Perth Western Australia 97 Display BGP Routes   show ip bgp regexp line – –This commands display BGP routes that matches AS path regular expression line. – – show ip bgp regexp _100_   show ip bgp summary   show ip bgp   show ip bgp A.B.C.D   show ip route bgp   show ip bgp neighbors advertised- routes   show ip bgp neighbors routes

98 APRICOT 2006 - Perth Western Australia 98 Route Server   At an Internet Exchange point, many ISPs are connected to each other by external BGP peering. Normally these external BGP connection are done by full mesh method. As with internal BGP full mesh formation, this method has a scaling problem.   Route Server is a method to resolve the problem.   Each ISP’s BGP router only peers to Route Server.   Route Server serves as BGP information exchange to other BGP routers.

99 APRICOT 2006 - Perth Western Australia 99   several routing tables for managing different routing policies for each BGP speaker (Different views)   bgpd can work as normal BGP router or Route Server or both at the same time.

100 APRICOT 2006 - Perth Western Australia 100 Multiple instance   To enable multiple view function of bgpd, you must turn on multiple instance feature beforehand.   bgp multiple-instance   no bgp multiple-instance   bgp config-type zebra – –Zebra style BGP configuration. This is default.   bgp config-type cisco – –Cisco compatible BGP configuration output. – –When bgp config-type cisco is specified, “no synchronization” is displayed. “no auto-summary” is desplayed. “network” and “aggregate-address” argument is displayed as “A.B.C.D M.M.M.M” Zebra: network 10.0.0.0/8 Cisco: network 10.0.0.0 Zebra: aggregate-address 192.168.0.0/24 Cisco: aggregate- address 192.168.0.0 255.255.255.0

101 APRICOT 2006 - Perth Western Australia 101 – –In case of “bgp config-type cisco” is specified, community attribute is not sent to the neighbor by default. To send community attribute user has to specify “neighbor A.B.C.D send-community” command. – –router bgp 1   neighbor 10.0.0.1 remote-as 1   neighbor 10.0.0.1 send-community

102 APRICOT 2006 - Perth Western Australia 102 Example RouterA#configure terminal RouterA(config)# bgp multiple-instance RouterA(config)# bgp config-type cisco RouterA(config)# Ctrl Z RouterA#

103 APRICOT 2006 - Perth Western Australia 103 BGP Views   BGP view is almost same as normal BGP process. The result of route selection does not go to the kernel routing table. BGP view is only for exchanging BGP routing information.   router bgp as-number view name bgp multiple-instance ! router bgp 1 view 1 neighbor 10.0.0.1 remote-as 2 neighbor 10.0.0.2 remote-as 3 ! router bgp 2 view 2 neighbor 10.0.0.3 remote-as 4 neighbor 10.0.0.4 remote-as 5

104 APRICOT 2006 - Perth Western Australia 104 BGP instance and view   You can setup different AS at the same time when BGP multiple instance feature is enabled.   router bgp as-number – –Make a new BGP instance. You can use arbitrary word for the name. bgp multiple-instance ! router bgp 1 neighbor 10.0.0.1 remote-as 2 neighbor 10.0.0.2 remote-as 3 ! router bgp 2 neighbor 10.0.0.3 remote-as 4 neighbor 10.0.0.4 remote-as 5   The result of route selection goes to the kernel routing table.

105 APRICOT 2006 - Perth Western Australia 105 Routing policy   You can set different routing policy for a peer. For example, you can set different filter for a peer. bgp multiple-instance ! router bgp 1 view 1 neighbor 10.0.0.1 remote-as 2 neighbor 10.0.0.1 distribute-list 1 in ! router bgp 1 view 2 neighbor 10.0.0.1 remote-as 2 neighbor 10.0.0.1 distribute-list 2 in access-list 1 permit 192.168.1.0 0.0.0.255 access-list 2 permit 192.168.2.0 0.0.0.255   This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and view 2. When the update is inserted into view 1, distribute-list 1 is applied. On the other hand, when the update is inserted into view 2, distribute-list 2 is applied.

106 APRICOT 2006 - Perth Western Australia 106 Viewing the views   show ip bgp view name – –Display routing table of BGP view name.

107 Filtering

108 APRICOT 2006 - Perth Western Australia 108 Tools   IP Access List   IP Prefix List   Route Map

109 APRICOT 2006 - Perth Western Australia 109 IP Access List   access-list name permit ipv4-network   access-list name deny ipv4-network   Basic filtering is done by access-list as shown in the following example. access-list filter deny 10.0.0.0/9 access-list filter permit 10.0.0.0/8 access-list 100 permit ip any 192.168.1.0 0.0.0.255 access-list 90 permit 192.168.1.0 0.0.0.255   Example vty access restrict, route-map match statement, distribute-list

110 Zebra/Quagga Routing Suite Zebra/Quagga Routing Suite Thank you

111 Zebra/Quagga Routing Suite Zebra/Quagga Routing Suite Anura Abayaratne MTT Network - Sri Lanka anuraa@iee.org APRICOT 2006 22 nd Feb – 3 rd Mar 2006 Perth Western Australia


Download ppt "Zebra/Quagga Routing Suite Zebra/Quagga Routing Suite Anura Abayaratne MTT Network - Sri Lanka APRICOT 2006 22 nd Feb – 3 rd Mar 2006 Perth."

Similar presentations


Ads by Google