Quagga and BGP

I recently got reminded of Quagga which is an OpenSource router solution supporting RIP/OSPF/BGP/ISIS and can connect quite nicely with Cisco/Juniper routers. Having done a bit of work with BGP on bare metal Cisco/Juniper, I thought it could be fun to try out Quagga.

BIG FAT WARNING: This proof of concept does not include any proper router security, I suggest you read more about this before deploying this on a live setup.

The setup described here is done by using 2 Debian Squeeze VMs with all latest patches and quagga installed from apt. The topology is fairly simple, I am using 2 network interfaces, eth0 on both boxes is in bridged mode and the second is attached to the host only. My topology is:

  • VM #1: isis – eth0 – 192.168.0.50/255.255.255.0 – eth1 – 10.10.0.1/255.255.0.0
  • VM #2: osiris – eth0 – 192.168.0.52/255.255.255.0 – eth1 – 10.20.0.1/255.255.0.0

The first thing you got to do is enable IP forwarding: sysctl -w net.ipv4.ip_forward=1. Save this into /etc/sysctl.conf. Next, you need to create configuration files for quagga. Edit the first VM and add the following into /etc/quagga/Quagga.conf:

log stdout
!
password awesome_pass
enable password awesome_pass
!
router bgp 7675
 bgp router-id 192.168.0.50
 network 10.10.0.0/16 route-map v4-bgp
 neighbor 192.168.0.52 remote-as 7676
!
route-map v4-bgp permit 10
 set originator-id 192.168.0.50
 set community 7675:1 additive
 set extcommunity rt 7675:1
 set aggregator as 7676 192.168.0.52
 set as-path prepend 192.168.0.52
 set atomic-aggregate
 set metric 20
!
line vty
!

Edit /etc/quagga/zebra.conf and add the following:

hostname isis
password awesome_password
enable password awesome_password
interface eth1

Then edit /etc/quagga/daemons.conf and enable zebra and bgpd to YES. And restart the service: service quagga restart.

You can now edit your second router and add this in /etc/quagga/Quagga.conf:

log stdout
!
password awesome_pass
enable password awesome_pass
!
router bgp 7676
 bgp router-id 192.168.0.52
 network 10.20.0.0/16 route-map v4-bgp
 neighbor 192.168.0.50 remote-as 7675
!
route-map v4-bgp permit 10
 set aggregator as 7675 192.168.0.50
 set atomic-aggregate 
 set community 7676:1 additive
 set extcommunity rt 7676:1
 set metric 20
 set originator-id 192.168.0.52
!
line vty

Also edit /etc/quagga/zebra.conf and add the following:

hostname osiris
password awesome_password
enable password awesome_password
interface eth1

Then restart the router. You are now ready to test this and see what happens, from isis, I am going to take a look at osiris, for this, type vtysh to go to the router CLI.

First we check how BGP is looking, notice the second line with a next-hop of 192.168.0.52? This means we are getting routes information from the other router.

isis# sh ip bgp
BGP table version is 0, local router ID is 192.168.0.50
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.10.0.0/16     0.0.0.0                 20         32768 i
*> 10.20.0.0/16     192.168.0.52            20             0 7676 i
Total number of prefixes 2

Second, we check the neighbours, you see a foreign host, this means they talk to each other.

isis# sh ip bgp neigh
BGP neighbor is 192.168.0.52, remote AS 7676, local AS 7675, external link
  BGP version 4, remote router ID 192.168.0.52
  BGP state = Established, up for 01:35:05
  Last read 09:31:26, hold time is 180, keepalive interval is 60 seconds
  Neighbor capabilities:
    4 Byte AS: advertised and received
    Route refresh: advertised and received(old & new)
    Address family IPv4 Unicast: advertised and received
  Message statistics:
    Inq depth is 0
    Outq depth is 0
                         Sent       Rcvd
    Opens:                  2          0
    Notifications:          0          0
    Updates:                1          1
    Keepalives:            97         96
    Route Refresh:          0          0
    Capability:             0          0
    Total:                100         97
  Minimum time between advertisement runs is 30 seconds
 For address family: IPv4 Unicast
  Community attribute sent to this neighbor(both)
  1 accepted prefixes
  Connections established 1; dropped 0
  Last reset never
Local host: 192.168.0.50, Local port: 179
Foreign host: 192.168.0.52, Foreign port: 36249
Nexthop: 192.168.0.50
BGP connection: non shared network
Read thread: on  Write thread: off

Last you can check the connection, this tells you how long they have been connected to each other. If you see Active instead of Established, this is not working properly.

# check the connection
isis# sh ip bgp sum
BGP router identifier 192.168.0.50, local AS number 7675
RIB entries 3, using 288 bytes of memory
Peers 1, using 4560 bytes of memory
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.0.52    4  7676      98     101        0    0    0 01:36:52        1
Total number of neighbors 1

And a ping from the first router to confirm we are getting the routes.

isis# ping 10.20.0.1
PING 10.20.0.1 (10.20.0.1) 56(84) bytes of data.
64 bytes from 10.20.0.1: icmp_req=1 ttl=64 time=0.255 ms
64 bytes from 10.20.0.1: icmp_req=2 ttl=64 time=0.241 ms
64 bytes from 10.20.0.1: icmp_req=3 ttl=64 time=0.217 ms
64 bytes from 10.20.0.1: icmp_req=4 ttl=64 time=0.301 ms
^C
--- 10.20.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2998ms
rtt min/avg/max/mdev = 0.217/0.253/0.301/0.034 ms

This is all for now, I will add some IPv6 configuration soon.