Zebra/ Quagga Routing Suite

Zebra/Quagga Routing Suite
Anura Abayaratne
MTT Network - Sri Lanka
anuraa@iee.org
APRICOT 2006
22nd Feb 3rd Mar 2006
Perth Western Australia
Agenda
Overview
Installation
Basic
commands
Setting up BGP
Filtering
APRICOT 2006 - Perth Western A
What is a routing daemon?

Software running on server
It maintains Routing Information
+ Daemon
Server
Router
Daemons vs. commercial Routers
Routing daemons
Low-cost solution
Expertise required for set-up
Lack of support
Commercial routers
Pricy
Better performance
Fully supported
Routing Daemons
Zebra
http://www.zebra.org
First daemon
Wide support: RIP,OSPF,BGP
Certain Vulnerabilities
Quagga
http://www.quagga.net
Based on Zebra
Wide support:
RIP,OSPF,BGP,ISIS
Development libraries
Overview
Overview
Distributed under the GNU General Public License

Zebra is a routing software package that provides
TCP/IP based routing services with routing
protocols support such as RIPv1, RIPv2, RIPng,
OSPFv2, OSPFv3, BGP-4, and BGP-4+
Support BGP Route Reflectors and Route server
behavior
IPv6 Routing protocols
Zebra has interactive user interface for each
routing protocol and supports common client
commands.
About Zebra
Act as a dedicated server

Exchange routing information with other routers using routing
protocols
Uses these information to update kernel routing table so that right
data goes to the right place.
Can dynamically change the configuration and you may view
routing table from Zebra terminal interface
If the network is small, Configuring Zebra is very easy : setup
interfaces, Add static routes and/or default routes
If the network is rather large or structure change frequently, you
may need to setup Zebra dynamic routing protocol : RIP,OSPF or
BGP.
Support unicast routing protocols.
Zebra has different system administration mode : Normal mode
and Enable mode
Unix account independent feature will be great help to the router
administrator.
System Architecture Diagram

ospfd
ripd
bgpd
zebra
Unix Kernel Routing Table

How Zebra/Quagga works
Collection of several daemons that work together

to build the routing table. (protocol specific
routing daemons: ripd,ospfd,bgpd + kernel
routing manager: zebrad)
Zebra daemon is an IP routing manager. It
provides kernel routing table updates, interface
lookups, and redistribution of routes between
different routing protocols.
Each daemon has its own configuration file
For example, Static route in zebrad configuration file
BGP in bgpd configuration file
10
Supported Platform
Linux
2.2.x and higher

FreeBSD 4.x and higher
NetBSD 1.6 and higher
OpenBSD 2.5 and higher
Solaris 2.6 and higher
11
How to get Zebra/Quagga

http://www.zebra.org/
http://www.quagga.net/
12
Installation
Steps
There
are three steps for installing

the software :Configuration,
Compilation, Installation
First
unzip/extract the software
gzip d zebra-0.95a.tar.gz
tar xvf zebra-0.95a.tar
cd zebra-0.95a
14
Configure the software

Zebra
can detect the most host

configuration automatically. There
are additional configuration options
%./configure --help
eg.
%./configure
%./configure
-prefix=/home/zebra
%./configure disable-ripd
15
Build the Software

After
configuring the software, you

will need to compile it for your
system
Issue the command make in the
root of the source directory.
%make
16
Install the Software

copying
the compiled programs and

supporting files to a standard
location.
issue the following command at your
shell prompt: make install.
%make install
default working directory:
/usr/local/bin and /usr/local/etc
17
Install the Software Contd
Zebra daemons have their own terminal interface

or VTY. After installation, you have to setup each
beasts port number to connect to them. Please
add the following entries to/etc/services.
zebrasrv 2600/tcp # zebra service
zebra 2601/tcp # zebra vty
ripd 2602/tcp # RIPd vty
ripngd 2603/tcp # RIPngd vty
ospfd 2604/tcp # OSPFd vty
bgpd 2605/tcp # BGPd vty
ospf6d 2606/tcp # OSPF6d vty
Additionally for Quagga

ospfapi 2607/tcp # ospfapi
isisd 2608/tcp # ISISd vty
18
Access the Router
Telnet to the port
telnet <ipaddress> 2601

ports on zebra
2601
2602p
2603
2604
2605
2606
# zebra vty
# RIPd vty
# RIPngd vty
# OSPFd vty
# BGPd vty
# OSPF6d vty
Additionally quagga support:

2607 # ospfapi
2608 # ISISd vty
Use VTY shell
To use vtysh, specify enable-vtysh to configure script.

Username stored in vtysh.conf file.
username testuser nopassword
19
Basic Commands
Config Commands
Command common to all routing protocol
Config command are generally found in

/usr/local/etc/*.conf or path specified in
-prefix option (eg. /home/zebra/etc/*.conf)
The daemon name + `.conf` is the default config

file name (eg. /home/zebra/etc/zebra.conf)
Config file can be specified using f or config_file

options when stating the daemon (eg.
/home/zebra/sbin/zebra d f /home/zebra/etc/zebratest.conf)
21
Basic Config Commands

hostname hostname - Set hostname of the
router.
password password - Set password for vty
interface. If there is no password, a vty
wont accept connections.
enable password password -Set enable
password.
log stdout - Set logging output to stdout.
no log stdout
22
Basic Config Commands.

log
file filename - If you want to log

into a file please specify filename as
follows.
(eg. log file /usr/local/etc/bgpd.log
log syslog - Set logging output to
syslog.
no log syslog
23

write
terminal - Displays the current

configuration to the vty interface.
show running-config
write file - Write current
configuration to configuration file.
copy running-config startup-config
configure terminal -Change to
configuration mode. This command is
the first step to configuration.
24

who, list List command
service password-encryption Encrypt
password
show version - Show the current version of
the Zebra and its build host information.
line vty - Enter vty configuration mode.
banner motd default - Set default motd
string.
no banner motd - No motd banner string
will be printed.
25

exec-timeout minute
exec-timeout minute second
Set VTY connection timeout value. When only
one argument is specified it is used
for timeout value in minutes. Optional second
argument is used for timeout value in
seconds. Default timeout value is 10
minutes. When timeout value is zero, it
means no timeout.
no exec-timeout - Do not perform timeout
at all. This command is as same as exectimeout 0 0.
26
access-class access-list - Restrict vty

connections with an access list.
Example:
access-list log-in permit 192.168.1.0/24
line vty
access-class log-in
27
Sample Config File
for the zebra daemon.

hostname Router
password zebra
enable password zebra
!
interface lo
!
interface eth0
ip address 172.16.1.2/24
!
line vty
28
Sample Config File
! and # are comment characters. If the first

character of the word is one of thecomment
characters then from the rest of the line forward
will be ignored as a comment.
password zebra!password
If a comment character is not the first character
of the word, its a normal character. So in the
above example ! will not be regarded as a
comment and the password is set to
zebra!password.
29
Common Invocation Options
Usage : zebra [OPTION...]
Daemon which manages kernel routing table management and

redistribution between different routing protocols.
-b, --batch
Runs in batch mode
-d, --daemon
Runs in daemon mode
-f, --config_file Set configuration file name
-i, --pid_file
Set process identifier file name
-k, --keep_kernel Don't delete old routes which installed by zebra.
-l, --log_mode
Set verbose log mode flag
-A, --vty_addr
Set vty's bind address
-P, --vty_port
Set vty's port number
-r, --retain
When program terminates, retain added route by zebra.
-v, --version
Print program version
-h, --help
Display this help and exit
Example: /home/zebra/sbin/zebra -d
30
Virtual Terminal Interfaces

VTY
Virtual Terminal Interface is a

command line interface (CLI) for
user interaction with the routing
daemon.
To enable a VTY interface, you have
to setup a VTY password. If there is
no VTY password, one cannot
connect to the VTY interface at all.
31
VTY Overview
% telnet 192.168.8.9 2601

Hello, this is zebra (version 0.95a).
Copyright 1996-2004 Kunihiro Ishiguro.
User Access Verification
Password:
Router> enable
Password: XXXXX
Router# configure terminal
Router(config)#password zzzzzzz
Router(config)# enable password yyyyyyy
Router(config)# interface eth0
Router(config-if)# ip address 10.1.0.1/24
Router(config-if)# exit
Router(config)#access-list log-in permit 192.168.1.0/24
Router(config)#line vty
Router(config-line)# access-class log-in
Router(config-line)# end
Router#disable
Router>
32
VTY Modes
Three VTY modes
VTY View Mode : Read-Only access
to the CLI
VTY Enable mode : Read-write
access to the CLI
VTY Other modes
33
Zebra Daemon
Interface Commands
interface ifname
shutdown , no shutdown up or down the
current interface
ip address address (e.g. 10.0.0.1/8)
description description
multicast , no multicast - Enable or
disable multicast flag for the interface
bandwidth <1-10000000> Bandwidth in kilobits
no bandwidth <1-10000000>
35
Example
Router> enable
Password: XXXXX
Router# configure terminal
Router(config)# interface eth0
Router(config-if)# ip address 10.0.1.2/24
Router(config-if)# no ip address 10.0.2.2/24
Router(config-if)#end
Router#exit
36
Static Route Commands

It defines static prefix and gateway.
ip route network gateway
ip route network netmask gateway
ip route 10.0.0.0/8 10.0.0.2
ip route 10.0.0.0/8 ppp0
ip route 10.0.0.0 255.255.255.0 10.0.0.2
ip route network gateway distance
ip route 10.0.0.0 255.255.255.0 10.0.0.3 50
37
Static Route C
Router# show ip route

Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF,
B - BGP, > - selected route, * - FIB route
K>* 0.0.0.0/0 via 192.168.8.1, eth0
S 10.0.0.0/24 [1/0] via 10.0.0.3 inactive
S>* 10.1.0.0/24 [100/0] via 192.168.8.3, eth0
S>* 10.2.3.0/24 [10/0] via 192.168.8.1, eth0
K * 127.0.0.0/8 is directly connected, lo
C>* 127.0.0.0/8 is directly connected, lo
K * 192.168.8.0/24 is directly connected, eth0
C>* 192.168.8.0/24 is directly connected, eth0
38
Zebra Terminal Mode Commands

show interface
show ip forward - Display whether the
hosts IP forwarding function is enabled or
not. Almost any UNIX kernel can be
configured with IP forwarding disabled. If
so, the box cant work as a router.
cat /proc/sys/net/ipv4/ip_forward
To enable ip forward on Linux box
sysctl -w net.ipv4.ip_forward=1
39
BGP
Border Gateway Protocol
Introduction to BGP
Routing
Protocol used to exchange

routing information between
networks - Exterior gateway protocol
Path Vector Protocol

Incremental Updates
Many options for policy enforcement
Classless Inter Domain Routing (CIDR)
Widely used for Internet backbone
BGP used internally (iBGP) and externally
(eBGP)
41
Autonomous System
AS100
It is used to uniquely identify networks

with common routing policy
Usually under single ownership, trust and
administrative control
42
Autonomous System Number

AS number is an identification of
autonomous system.
BGP protocol uses the AS number for
detecting whether the BGP connection is
internal one or external one.
An ASN is a 16 bit number
Public AS numbers 1 - 64511
Private AS numbers 64512 65535
0 and 65535 are reserved
ASNs are distributed by the Regional
Internet Registries
43
Starting BGP
Default
configuration file of bgpd is

bgpd.conf. (eg.
/home/zebra/etc/bgpd.conf)
/home/zebra/sbin/bgpd -d
44
Configuring the router

Enable
BGP
Add the address to be announced
Add the address and AS numbers of
neighboring routers (peers)
Apply policy with BGP
Allow only the routes that originate here
to be announced to the neighboring AS
Announced routes
Receiving routes
45
BGP Router
Configure BGP router with router bgp command.

To configure BGP router, you need AS number.
router bgp asn
Enable a BGP protocol process with the specified
asn. After this statement you can input any BGP
Commands. You can not create different BGP
process under different asn without specifying
multiple-instance
no router bgp asn
Destroy a BGP protocol process with the specified
asn.
46
Configuration example
bgpd
AS100
bgpd
B
AS200
% telnet 192.168.8.139 2605

Connected to 192.168.1.139
Escape character is ^].
Hello, this is zebra (version 0.95a)
User Access Verification
Password: XXXXX
RouterA>
RouterA> enable
RouterA#configure terminal
RouterA(config)#router bgp 100
RouterA(config-router)#
RouterA(config-router)#exit
RouterA#exit APRICOT 2006 - Perth Western A
47
bgp router-id A.B.C.D

This command specifies the router-ID. If bgpd
connects to zebra it gets interface and address
information. In that case default router ID value
is selected as the largest IP Address of the
interfaces. When router zebra is not enabled bgpd
cant get interface information so router-id is set
to 0.0.0.0. So set router-id by hand.
RouterA(config-router)#bgp router-id 172.16.1.1
48

Enable
BGP
Announced routes
Receiving routes
49
Inserting prefixes into BGP
To add address prefix to be announced

Two ways :
redistributing internal routing protocol

network command
network A.B.C.D/M
router bgp 100
network 10.1.0.0/16
no network 172.16.0.0/16
50
bgpd
AS100
bgpd
B
AS200
RouterA(config-router)# network 10.1.0.0/16
RouterA(config-router)#end
RouterA#exit
51
Redistribute to BGP
redistribute kernel
Redistribute kernel route to BGP process.
redistribute static
Redistribute static route to BGP process.
redistribute connected
Redistribute connected route to BGP process.
redistribute rip
Redistribute RIP route to BGP process.
redistribute ospf
Redistribute OSPF route to BGP process.
52
router bgp 100
network 10.1.0.0/16
redistribute static
redistribute connected
neighbor 192.168.8.140 remote-as 200
53

Enable
BGP
Announced routes
Receiving routes
54
BGP Peers
neighbor
peer remote-as asn
Creates a new neighbor whose remoteas is asn. peer can be an IP address

router bgp 1
55
bgpd
AS100
bgpd
B
AS200
RouterA(config-router)#neighbor 192.168.8.140
remote-as 200
RouterA(config-router)#end
Display commands-
A>show ip bgp summary

B>show ip bgp
B>Show ip route bgp
A>show ip bgp neighbors <peerIPAddress> advertisedroutes
B>show ip bgp neighbors
<peerIPAddress>
APRICOT 2006
- Perth Western routes
A
56
RouterA#show ip bgp summary
Neighbor
V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.8.140 4 200
99
113
0
0
0
00:03:30
1
Total number of neighbors 1
RouterB# show ip bgp neighbors 192.168.8.139 routes

BGP table version is 0, local router ID is 172.16.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i internal,r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
*> 10.1.0.0/16
192.168.8.139
0
0 100 i
Total number of prefixes 1
57
BGP Peer commands

neighbor peer shutdown
no neighbor peer shutdown
Shutdown the peer. We can delete the
neighbors configuration by no neighbor
peer remote-as as-number but all
configuration of the neighbor will be
deleted. When you want to preserve the
configuration, but want to drop the BGP
peer, use this syntax.
58
BGP Peer commands.

neighbor peer ebgp-multihop num
no neighbor peer ebgp-multihop num
Peer not directly connected
neighbor peer description ...

no neighbor peer description ...
Set description of the peer.
neighbor peer version version

Set up the neighbors BGP version. version can
be 4, 4+ or 4-. BGP version 4 is the default
value used for BGP peering.
59
bgpd
AS100
bgpd
B
AS200
RouterA(config-router)#neighbor 192.168.8.140 remote-as
200
description eBGP to RouterB
RouterA(config-router)#neighbor 192.168.8.140 version
4
shutdown
60
BGP Peer commands.
neighbor peer next-hop-self
This command specifies an announced routes

nexthop as being equivalent to the address of
the bgp router. In eBGP, changing the next-hop
is handled automatically. But not in iBGP
no neighbor peer next-hop-self

neighbor peer update-source interface
no neighbor peer update-source
neighbor peer default-originate
announce default routes to the peer
no neighbor peer default-originate

61
BGP Peer commands.

neighbor
peer send-community
neighbor peer weight weight
specifies a default weight value for the
neighbors routes. Local to the router
Higher weight wins
62
bgpd
AS100
bgpd
B
AS200
RouterA#
router bgp 100
network 10.1.0.0/16
neighbor 192.168.8.140 update-source ehternet0
neighbor 192.168.8.140 default-originate
neighbor 192.168.8.140 send-community
neighbor 192.168.8.140 weight 50
To apply changes :
clear ip bgp 192.168.8.140 out
RouterB#show ip route bgp
RouterB#show ip
route 2006 - Perth Western A
APRICOT
RouterB#show ip bgp
63
RouterB#
Network
*> 0.0.0.0
*> 10.1.0.0/16
show ip bgp
Next Hop
192.168.8.139
192.168.8.139
Metric LocPrf Weight Path

0
0
0 100 i
0 100 i
64

Enable
BGP
Announced routes
Receiving routes
65
Policy Control
Policy based on AS path, community and
prefixes
Rejecting, accepting selected routes
Set attribute to influence path selection
Zebra provides many very flexible filtering

features. Filtering is used for both input
and output of the routing information.
Once filtering is defined, it can be applied
in any direction.
66
Tools for policy control

Prefix-list (Filter prefixes)
Filter-list (Filter ASes)
Route-map and communities
neighbor peer distribute-list name [in|out]

This command specifies a distribute-list for the
peer. direct is in or out.
neighbor peer prefix-list name [in|out]

neighbor peer filter-list name [in|out]
neighbor peer route-map name [in|out]
67
Prefix List
ip prefix-list provides the most powerful
prefix based filtering mechanism.
add or delete prefix based filters to
arbitrary points of prefix-list using
sequential number specification.
If no ip prefix-list is specified, it acts as
permit. If ip prefix-list is defined, and no
match is found, default deny is applied.
68
Prefix List command
ip prefix-list name (permit|deny) prefix [le len]

[ge len]
ip prefix-list name seq-number (permit|deny)
prefix [le len] [ge len]
ip prefix-list name description desc
no ip prefix-list name
no ip prefix-list name description [desc]
show ip prefix-list
Display all IP prefix lists.
show ip prefix-list name
Show IP prefix list can be used with a prefix list name.
show ip prefix-list name seq num
69
RouterA
router bgp 100
network 10.1.0.0/16
neighbor 192.168.8.140 prefix-list PEER-IN in
neighbor 192.168.8.140 prefix-list PEER-OUT out
ip prefix-list PEER-IN deny 172.16.2.0/24
ip prefix-list PEER-IN permit 0.0.0.0/0 le 32
ip prefix-list PEER-OUT permit 10.1.0.0/16
To apply changes :
clear ip bgp 192.168.8.140 in
B>show ip bgp
B>Show ip route bgp
70
Filter List
Filter
routes based on AS path

Both direction in/out
71
router bgp 100
network 10.1.0.0/16
neighbor 192.168.8.140 filter-list 6 in
neighbor 192.168.8.140 filter-list 5 out
ip as-path access-list 5 permit ^100$
ip as-path access-list 6 permit ^200$
To apply the changes
B>show ip bgp
B>Show ip route bgp
B>show ip bgp neighbors <peerIPAddress> routes
72
Regular Expressions
AS path regular expression can be used for displaying BGP

routes and AS path access list.
. Matches any single character.
* Matches 0 or more occurrences of pattern.
+ Matches 1 or more occurrences of pattern.
? Match 0 or 1 occurrences of pattern.
^ Matches the beginning of the line.
$ Matches the end of the line.
_ Character _ has special meanings in AS path regular
expression. It matches to space and comma , and AS set
delimiter { and } and AS confederation delimiter ( and ). And
it also matches to the beginning of the line and the end of the
line. So _ can be used for AS value boundaries match.
show ip bgp regexp _7675_ matches to all of BGP routes which
as AS number include 7675.
73
Examples
.* match anything
.+ match at least one character
^$ match routes local to this AS
_100$ originated by AS100
^100_ received from AS100
_100_ via AS100
_200_100_ via AS100 and AS200
_(100_)+ multiple AS100 in sequence
(used to match AS-PATH prepends)
_$65530$_ via AS65530 (confederations)
74
AS Path Access List

AS
path access list is user defined AS

path.
ip as-path access-list word {permit|
deny} line
This command defines a new AS path
access list.
no
ip as-path access-list word

no ip as-path access-list word
{permit|deny} line
75
Example
ip
as-path access-list 1 permit _100$

ip as-path access-list 2 permit _200_
76
Route Maps
Route
map is a very useful function

in zebra. There is a match and set
statement permitted in a route map.
concepts
if match then do expression and exit
else
if match then do expression and exit
else etc
77
Example - Route Map & prefix-lists

router bgp 100
bgp router-id 172.16.1.1
network 10.1.0.0/16
neighbor 192.168.8.140 route-map filter-in in
route-map filter-in permit 10
match ip address prefix-list list-1
set local-preference 120
ip prefix-list list-1 permit 10.2.0.0/16
78
Example - Route Map & prefix-lists.

Before applying policies
RouterA# show ip bgp 10.2.0.0
BGP routing table entry for 10.2.0.0/16
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
200
192.168.8.140 from 192.168.8.140 (172.16.1.2)
Origin IGP, metric 0, localpref 100, valid, external, best
Last update: Mon Jan 30 12:40:11 2006
After applying policies

200
192.168.8.140 from 192.168.8.140 (172.16.1.2)
79
Example - Route Map & prefix-lists.

Before applying policies
200
192.168.8.140 from 192.168.8.140 (172.16.1.1)
After applying policies

RouterA# sh ip bgp 10.3.0.0
200
192.168.8.140 from 192.168.8.140 (172.16.1.1)
80
Example - Route Map & Filter lists

router bgp 100
network 10.1.0.0/16
neighbor 192.168.8.140 route-map filter-as-path in
route-map filter-as-path permit 10
match as-path 1
match as-path 2
ip as-path access-list 1 permit _200$
ip as-path access-list 2 permit _300_
81
Example - Route-map & AS-PATH

prepend
RouterA
router bgp 100
network 10.1.0.0/16
neighbor 192.168.8.140 route-map set-as-path out
!
route-map set-as-path permit 10
set as-path prepend 100 100
Use own AS number when prepending
82
Example - Route-map & AS-PATH

prepend ..
RouterB# show ip bgp 10.1.0.0
Paths: (1 available, best #1, table DefaultIP-Routing-Table)
100 100 100
192.168.8.139 from 192.168.8.139
(172.16.1.1)
Origin IGP, metric 0, localpref 100, valid,
external, best
83
Route Aggregation policies
aggregate-address A.B.C.D/M
This command specifies an aggregate address.
no aggregate-address A.B.C.D/M
aggregate-address A.B.C.D/M summaryonly
This command specifies an aggregate address.

Aggregated routes will not be announce.
84

Enable
BGP
Announced routes
Receiving routes
85
Example Network
AS400
AS300
AS200 C
192.168.1.2
B
192.168.2.2
10.2.0.0/16
10.2.0.0/16
192.168.1.1
192.168.2.1
AS100
10.1.0.0/16
86
AS400
AS200 C
192.168.1.2
10.2.0.0/16
10.2.0.0/16
192.168.1.1
RouterA
router bgp 100

network 10.1.0.0/16
neighbor 192.168.1.2
ip
ip
ip
192.168.2.1
AS100
10.1.0.0/16
remote-as 200
prefix-list PEERC-OUT out
remote-as 300
prefix-list PEERB-OUT out
route-map set-as-path out
prefix-list PEERB-OUT permit 10.1.0.0/16

prefix-list PEERC-OUT permit 10.1.0.0/16
prefix-list list-3 permit 10.1.0.0/16

set as-path prepend 100 100
AS300
B
192.168.2.2
RouterC
router bgp 200

network 10.2.0.0/16
neighbor 192.168.1.1 prefix-list PEERA-IN in
ip prefix-list PEERA-IN permit 10.1.0.0/16 le 32
ip as-path access-list 5 permit ^100
RouterB
router bgp 300

network 10.3.0.0/16
neighbor 192.168.2.1 prefix-list PEERA-IN in
ip prefix-list PEERA-IN permit 10.1.0.0/16 le 32
ip as-path access-list 5 permit ^100
87
BGP Scaling Techniques

Route
Refresh and Soft

Reconfiguration
Peer Groups
88
Route Refresh
BGP session to that neighbor has to be cleared so

that its reinitialized after every policy change
because the router does not store prefixes that
are rejected by policy
Hard BGP reset
Tear down BGP peering

Consume CPU
Disrupts connectivity for all network
clear ip bgp peer

clear ip bgp *
Peer IP address/ASN
89
Route Refresh Capability

No disrupts connectivity
No additional memory is used
No configuration is needed
Requires peering routers to support route
refresh capability RFC2918
clear ip bgp x.x.x.x in
ask the peer to resend full BGP announcement
clear ip bgp x.x.x.x out

to resend full BGP announcement to peer
90
Soft Reconfiguration
Copies of all routes received from that peer are

stored separately from the regular BGP table.
After configuring the policy change, It is possible
to apply the new policy to the stored copies of the
BGP information without having to reset the
session.
router bgp 100

network 10.1.0.0/16
neighbor 192.168.8.140 soft-reconfiguration inbound
clear ip bgp 192.168.8.140 soft [in | out]

91

Route
Refresh and Soft

Reconfiguration
Peer Groups
92
BGP Peer Groups
Some routers have long list of neighbors. Its is

then common to have several setting that are
same for each neighbors.
Makes configuration easier
Makes configuration less prone to error
Makes configuration more readable
neighbor word peer-group
This command defines a new peer group.
neighbor peer peer-group word
This command bind specific peer to peer group word.

93
(Without peer groups)
router bgp 100
ip
ip
ip
ip
ip
network 10.1.0.0/16
neighbor 192.168.8.140
neighbor 192.168.8.140
neighbor 192.168.8.140
neighbor 192.168.8.140
neighbor 192.168.8.140
remote-as 200
prefix-list PEER-IN in
prefix-list PEER-OUT out
filter-list 6 in
filter-list 5 out
neighbor
neighbor
neighbor
neighbor
neighbor
remote-as 150
prefix-list PEER-IN in
prefix-list PEER-OUT out
filter-list 6 in
filter-list 5 out
192.168.8.150
192.168.8.150
192.168.8.150
192.168.8.150
192.168.8.150
prefix-list PEER-IN deny 172.16.2.0/24

prefix-list PEER-IN permit 0.0.0.0/0 le 32
prefix-list PEER-OUT permit 10.1.0.0/16
as-path access-list 5 permit ^100$
as-path access-list 6 permit ^200$
94
(With peer groups)
router bgp 100

network 10.1.0.0/16
neighbor ebgp peer-group
neighbor ebgp filter-list 6 in
neighbor ebgp filter-list 5 out
neighbor ebgp prefix-list PEER-IN in
neighbor ebgp prefix-list PEER-OUT out
neighbor 192.168.8.140 peer-group ebgp
neighbor 192.168.8.150 peer-group ebgp
95

Route
Refresh and Soft

Reconfiguration
Peer Groups
96
Display BGP Routes
show ip bgp regexp line

This commands display BGP routes that matches AS path
regular expression line.
show ip bgp regexp _100_
show ip
show ip
show ip
show ip
show ip
routes
show ip
bgp summary
bgp
bgp A.B.C.D
route bgp
bgp neighbors <peerIPAddr> advertisedbgp neighbors <peerIPAddr> routes
97
Route Server
At an Internet Exchange point, many ISPs
are connected to each other by external
BGP peering. Normally these external BGP
connection are done by full mesh method.
As with internal BGP full mesh formation,
this method has a scaling problem.
Route Server is a method to resolve the
problem.
Each ISPs BGP router only peers to Route
Server.
Route Server serves as BGP information
exchange to other BGP routers.
98
several
routing tables for managing

different routing policies for each
BGP speaker (Different views)
bgpd can work as normal BGP router
or Route Server or both at the same
time.
99
Multiple instance
To enable multiple view function of bgpd, you must turn on

multiple instance feature beforehand.
bgp multiple-instance
no bgp multiple-instance
bgp config-type zebra
Zebra style BGP configuration. This is default.
bgp config-type cisco
Cisco compatible BGP configuration output.

When bgp config-type cisco is specified,
no synchronization is displayed. no auto-summary is
desplayed.
network and aggregate-address argument is displayed as
A.B.C.D M.M.M.M
Zebra: network 10.0.0.0/8 Cisco: network 10.0.0.0
Zebra: aggregate-address 192.168.0.0/24 Cisco: aggregateaddress 192.168.0.0 255.255.255.0
100
In case of bgp config-type cisco is

specified, community attribute is not
sent to the neighbor by default. To send
community attribute user has to specify
neighbor A.B.C.D send-community
command.
router bgp 1
neighbor
10.0.0.1 remote-as 1
neighbor 10.0.0.1 send-community
101
Example
RouterA(config)# bgp multiple-instance
RouterA(config)# bgp config-type cisco
RouterA(config)# Ctrl Z
RouterA#
102
BGP Views
BGP view is almost same as normal BGP process.

The result of route selection does not go to the
kernel routing table. BGP view is only for
exchanging BGP routing information.
router bgp as-number view name
!
router bgp 1 view 1
neighbor 10.0.0.1 remote-as
!
router bgp 2 view 2
2
3
4
5
103
BGP instance and view
You can setup different AS at the same time when BGP multiple
instance feature is enabled.
router bgp as-number
Make a new BGP instance. You can use arbitrary word for the name.
!
router bgp 1
!
router bgp 2
The result of route selection goes to the kernel routing table.
104
Routing policy
You can set different routing policy for a peer. For example, you can set
different filter for a peer.
!
router bgp 1 view 1
neighbor 10.0.0.1 distribute-list 1 in
!
router bgp 1 view 2
neighbor 10.0.0.1 distribute-list 2 in
access-list 1 permit 192.168.1.0 0.0.0.255
This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and
view 2. When the update is inserted into view 1, distribute-list 1 is applied.
On the other hand, when the update is inserted into view 2, distribute-list 2
is applied.
105
Viewing the views

show
ip bgp view name
Display routing table of BGP view name.
106
Filtering
Tools
IP
Access List
IP Prefix List
Route Map
108
IP Access List
access-list name permit ipv4-network
access-list name deny ipv4-network
Basic filtering is done by access-list as
shown in the following example.
access-list filter deny 10.0.0.0/9

access-list filter permit 10.0.0.0/8
access-list 100 permit ip any 192.168.1.0
0.0.0.255
Example vty access restrict, route-map

match statement, distribute-list
109

Thank you

Anura Abayaratne
MTT Network - Sri Lanka
anuraa@iee.org
APRICOT 2006
22nd Feb 3rd Mar 2006
Perth Western Australia

Zebra/ Quagga Routing Suite

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Zebra/ Quagga Routing Suite

Caricato da

Copyright:

Formati disponibili

Zebra/Quagga Routing Suite

APRICOT 2006 - Perth Western A

What is a routing daemon?

Daemons vs. commercial Routers

APRICOT 2006 - Perth Western A

Distributed under the GNU General Public License

APRICOT 2006 - Perth Western A

Act as a dedicated server

System Architecture Diagram

Unix Kernel Routing Table

How Zebra/Quagga works

Collection of several daemons that work together

APRICOT 2006 - Perth Western A

2.2.x and higher

APRICOT 2006 - Perth Western A

How to get Zebra/Quagga

APRICOT 2006 - Perth Western A

are three steps for installing

unzip/extract the software

Configure the software

can detect the most host

Build the Software

configuring the software, you

APRICOT 2006 - Perth Western A

Install the Software

the compiled programs and

Install the Software Contd

Zebra daemons have their own terminal interface

Additionally for Quagga

Access the Router

Telnet to the port

telnet <ipaddress> 2601

Additionally quagga support:

Use VTY shell

To use vtysh, specify enable-vtysh to configure script.

username testuser nopassword

APRICOT 2006 - Perth Western A

Command common to all routing protocol

Config command are generally found in

The daemon name + `.conf` is the default config

Config file can be specified using f or config_file

APRICOT 2006 - Perth Western A

Basic Config Commands

APRICOT 2006 - Perth Western A

Basic Config Commands.

file filename - If you want to log

APRICOT 2006 - Perth Western A

Basic Config Commands

terminal - Displays the current

Basic Config Commands

APRICOT 2006 - Perth Western A

Basic Config Commands

APRICOT 2006 - Perth Western A

Basic Config Commands

access-class access-list - Restrict vty

APRICOT 2006 - Perth Western A

Sample Config File

for the zebra daemon.

APRICOT 2006 - Perth Western A

Sample Config File

! and # are comment characters. If the first

APRICOT 2006 - Perth Western A

Common Invocation Options