I recently got reminded of Quagga which is an OpenSource router solution supporting RIP/OSPF/BGP/ISIS and can connect quite nicely with Cisco/Juniper routers. Having done a bit of work with BGP on bare metal Cisco/Juniper, I thought it could be fun to try out Quagga.
BIG FAT WARNING: This proof of concept does not include any proper router security, I suggest you read more about this before deploying this on a live setup.
The setup described here is done by using 2 Debian Squeeze VMs with all latest patches and quagga installed from apt. The topology is fairly simple, I am using 2 network interfaces, eth0 on both boxes is in bridged mode and the second is attached to the host only. My topology is:
- VM #1: isis – eth0 – 192.168.0.50/255.255.255.0 – eth1 – 10.10.0.1/255.255.0.0
- VM #2: osiris – eth0 – 192.168.0.52/255.255.255.0 – eth1 – 10.20.0.1/255.255.0.0
The first thing you got to do is enable IP forwarding: sysctl -w net.ipv4.ip_forward=1. Save this into /etc/sysctl.conf. Next, you need to create configuration files for quagga. Edit the first VM and add the following into /etc/quagga/Quagga.conf:
log stdout ! password awesome_pass enable password awesome_pass ! router bgp 7675 bgp router-id 192.168.0.50 network 10.10.0.0/16 route-map v4-bgp neighbor 192.168.0.52 remote-as 7676 ! route-map v4-bgp permit 10 set originator-id 192.168.0.50 set community 7675:1 additive set extcommunity rt 7675:1 set aggregator as 7676 192.168.0.52 set as-path prepend 192.168.0.52 set atomic-aggregate set metric 20 ! line vty !
Edit /etc/quagga/zebra.conf and add the following:
hostname isis password awesome_password enable password awesome_password interface eth1
Then edit /etc/quagga/daemons.conf and enable zebra and bgpd to YES. And restart the service: service quagga restart.
You can now edit your second router and add this in /etc/quagga/Quagga.conf:
log stdout ! password awesome_pass enable password awesome_pass ! router bgp 7676 bgp router-id 192.168.0.52 network 10.20.0.0/16 route-map v4-bgp neighbor 192.168.0.50 remote-as 7675 ! route-map v4-bgp permit 10 set aggregator as 7675 192.168.0.50 set atomic-aggregate set community 7676:1 additive set extcommunity rt 7676:1 set metric 20 set originator-id 192.168.0.52 ! line vty
Also edit /etc/quagga/zebra.conf and add the following:
hostname osiris password awesome_password enable password awesome_password interface eth1
Then restart the router. You are now ready to test this and see what happens, from isis, I am going to take a look at osiris, for this, type vtysh to go to the router CLI.
First we check how BGP is looking, notice the second line with a next-hop of 192.168.0.52? This means we are getting routes information from the other router.
isis# sh ip bgp BGP table version is 0, local router ID is 192.168.0.50 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, R Removed Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.10.0.0/16 0.0.0.0 20 32768 i *> 10.20.0.0/16 192.168.0.52 20 0 7676 i Total number of prefixes 2
Second, we check the neighbours, you see a foreign host, this means they talk to each other.
isis# sh ip bgp neigh BGP neighbor is 192.168.0.52, remote AS 7676, local AS 7675, external link BGP version 4, remote router ID 192.168.0.52 BGP state = Established, up for 01:35:05 Last read 09:31:26, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: 4 Byte AS: advertised and received Route refresh: advertised and received(old & new) Address family IPv4 Unicast: advertised and received Message statistics: Inq depth is 0 Outq depth is 0 Sent Rcvd Opens: 2 0 Notifications: 0 0 Updates: 1 1 Keepalives: 97 96 Route Refresh: 0 0 Capability: 0 0 Total: 100 97 Minimum time between advertisement runs is 30 seconds For address family: IPv4 Unicast Community attribute sent to this neighbor(both) 1 accepted prefixes Connections established 1; dropped 0 Last reset never Local host: 192.168.0.50, Local port: 179 Foreign host: 192.168.0.52, Foreign port: 36249 Nexthop: 192.168.0.50 BGP connection: non shared network Read thread: on Write thread: off
Last you can check the connection, this tells you how long they have been connected to each other. If you see Active instead of Established, this is not working properly.
# check the connection isis# sh ip bgp sum BGP router identifier 192.168.0.50, local AS number 7675 RIB entries 3, using 288 bytes of memory Peers 1, using 4560 bytes of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.0.52 4 7676 98 101 0 0 0 01:36:52 1 Total number of neighbors 1
And a ping from the first router to confirm we are getting the routes.
isis# ping 10.20.0.1 PING 10.20.0.1 (10.20.0.1) 56(84) bytes of data. 64 bytes from 10.20.0.1: icmp_req=1 ttl=64 time=0.255 ms 64 bytes from 10.20.0.1: icmp_req=2 ttl=64 time=0.241 ms 64 bytes from 10.20.0.1: icmp_req=3 ttl=64 time=0.217 ms 64 bytes from 10.20.0.1: icmp_req=4 ttl=64 time=0.301 ms ^C --- 10.20.0.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2998ms rtt min/avg/max/mdev = 0.217/0.253/0.301/0.034 ms
This is all for now, I will add some IPv6 configuration soon.