Zebra/Quagga Routing Suite

Download Report

Transcript Zebra/Quagga Routing Suite

Zebra/Quagga Routing Suite
Anura Abayaratne
MTT Network - Sri Lanka
[email protected]
APRICOT 2006
22nd Feb – 3rd Mar 2006
Perth Western Australia
Agenda
 Overview
 Installation
 Basic
commands
 Setting up BGP
 Filtering
APRICOT 2006 - Perth Western Australia
2
What is a routing daemon?
Software running on server
 It maintains Routing Information

+ Daemon
Server
Router
APRICOT 2006 - Perth Western Australia
3
Daemons vs. commercial Routers

Routing daemons
– Low-cost solution
– Expertise required for set-up
– Lack of support

Commercial routers
– Pricy
– Better performance
– Fully supported
APRICOT 2006 - Perth Western Australia
4
Routing Daemons
• Zebra
http://www.zebra.org
 First daemon
 Wide support: RIP,OSPF,BGP
 Certain Vulnerabilities
• Quagga
http://www.quagga.net
 Based on Zebra
 Wide support:
RIP,OSPF,BGP,ISIS
 Development libraries
APRICOT 2006 - Perth Western Australia
5
Overview
Overview





Distributed under the GNU General Public License
Zebra is a routing software package that provides
TCP/IP based routing services with routing
protocols support such as RIPv1, RIPv2, RIPng,
OSPFv2, OSPFv3, BGP-4, and BGP-4+
Support BGP Route Reflectors and Route server
behavior
IPv6 Routing protocols
Zebra has interactive user interface for each
routing protocol and supports common client
commands.
APRICOT 2006 - Perth Western Australia
7
About Zebra









Act as a dedicated server
Exchange routing information with other routers using routing
protocols
Uses these information to update kernel routing table so that right
data goes to the right place.
Can dynamically change the configuration and you may view
routing table from Zebra terminal interface
If the network is small, Configuring Zebra is very easy : setup
interfaces, Add static routes and/or default routes
If the network is rather large or structure change frequently, you
may need to setup Zebra dynamic routing protocol : RIP,OSPF or
BGP.
Support unicast routing protocols.
Zebra has different system administration mode : Normal mode
and Enable mode
Unix account independent feature will be great help to the router
administrator.
APRICOT 2006 - Perth Western Australia
8
System Architecture Diagram
ospfd
ripd
bgpd
zebra
Unix Kernel Routing Table
APRICOT 2006 - Perth Western Australia
9
How Zebra/Quagga works



Collection of several daemons that work together
to build the routing table. (protocol specific
routing daemons: ripd,ospfd,bgpd + kernel
routing manager: zebrad)
Zebra daemon is an IP routing manager. It
provides kernel routing table updates, interface
lookups, and redistribution of routes between
different routing protocols.
Each daemon has its own configuration file
– For example, Static route – in zebrad configuration file
– BGP – in bgpd configuration file
APRICOT 2006 - Perth Western Australia
10
Supported Platform
 Linux
2.2.x and higher
 FreeBSD 4.x and higher
 NetBSD 1.6 and higher
 OpenBSD 2.5 and higher
 Solaris 2.6 and higher
APRICOT 2006 - Perth Western Australia
11
How to get Zebra/Quagga
 http://www.zebra.org/
 http://www.quagga.net/
APRICOT 2006 - Perth Western Australia
12
Installation
Steps
 There
are three steps for installing
the software :Configuration,
Compilation, Installation
 First
unzip/extract the software
gzip –d zebra-0.95a.tar.gz
tar –xvf zebra-0.95a.tar
cd zebra-0.95a
APRICOT 2006 - Perth Western Australia
14
Configure the software
 Zebra
can detect the most host
configuration automatically. There
are additional configuration options
 %./configure --help
– eg.
 %./configure
 %./configure
–-prefix=/home/zebra
 %./configure –disable-ripd
APRICOT 2006 - Perth Western Australia
15
Build the Software
 After
configuring the software, you
will need to compile it for your
system
 Issue the command make in the
root of the source directory.
 %make
APRICOT 2006 - Perth Western Australia
16
Install the Software
 copying
the compiled programs and
supporting files to a standard
location.
 issue the following command at your
shell prompt: make install.
 %make install
 default working directory:
/usr/local/bin and /usr/local/etc
APRICOT 2006 - Perth Western Australia
17
Install the Software Contd…

Zebra daemons have their own terminal interface
or VTY. After installation, you have to setup each
beast’s port number to connect to them. Please
add the following entries to‘/etc/services’.
zebrasrv 2600/tcp # zebra service
zebra 2601/tcp # zebra vty
ripd 2602/tcp # RIPd vty
ripngd 2603/tcp # RIPngd vty
ospfd 2604/tcp # OSPFd vty
bgpd 2605/tcp # BGPd vty
ospf6d 2606/tcp # OSPF6d vty
Additionally for Quagga
ospfapi 2607/tcp # ospfapi
isisd 2608/tcp # ISISd vty
APRICOT 2006 - Perth Western Australia
18
Access the Router

Telnet to the port
– telnet <ipaddress> 2601
ports on zebra
2601
2602p
2603
2604
2605
2606
# zebra vty
# RIPd vty
# RIPngd vty
# OSPFd vty
# BGPd vty
# OSPF6d vty
Additionally quagga support:
2607 # ospfapi
2608 # ISISd vty

Use VTY shell
– To use vtysh, specify —enable-vtysh to configure script.
– Username stored in vtysh.conf file.

username testuser nopassword
APRICOT 2006 - Perth Western Australia
19
Basic Commands
Config Commands




Command common to all routing protocol
Config command are generally found in
/usr/local/etc/*.conf or path specified in
-–prefix option (eg. /home/zebra/etc/*.conf)
The daemon name + `.conf` is the default config
file name (eg. /home/zebra/etc/zebra.conf)
Config file can be specified using –f or –
config_file options when stating the daemon
(eg.
/home/zebra/sbin/zebra –d –f /home/zebra/etc/zebratest.conf)
APRICOT 2006 - Perth Western Australia
21
Basic Config Commands
hostname hostname - Set hostname of
the router.
 password password - Set password for vty
interface. If there is no password, a vty
won’t accept connections.
 enable password password -Set enable
password.
 log stdout - Set logging output to stdout.
 no log stdout 
APRICOT 2006 - Perth Western Australia
22
Basic Config Commands….
 log
file filename - If you want to log
into a file please specify filename as
follows.
(eg. log file /usr/local/etc/bgpd.log
 log syslog - Set logging output to
syslog.
 no log syslog
APRICOT 2006 - Perth Western Australia
23
Basic Config Commands…
 write
terminal - Displays the current
configuration to the vty interface.
 show running-config
 write file - Write current
configuration to configuration file.
 copy running-config startup-config
 configure terminal -Change to
configuration mode. This command is
the first step to configuration.
APRICOT 2006 - Perth Western Australia
24
Basic Config Commands…
who, list – List command
 service password-encryption – Encrypt
password
 show version - Show the current version
of the Zebra and its build host
information.
 line vty - Enter vty configuration mode.
 banner motd default - Set default motd
string.
 no banner motd - No motd banner string
will be printed.

APRICOT 2006 - Perth Western Australia
25
Basic Config Commands…
exec-timeout minute
 exec-timeout minute second
Set VTY connection timeout value. When
only one argument is specified it is used
for timeout value in minutes. Optional
second argument is used for timeout value
in seconds. Default timeout value is 10
minutes. When timeout value is zero, it
means no timeout.
 no exec-timeout - Do not perform timeout
at all. This command is as same as exectimeout 0 0.

APRICOT 2006 - Perth Western Australia
26
Basic Config Commands…

access-class access-list - Restrict vty
connections with an access list.
Example:
access-list log-in permit 192.168.1.0/24
line vty
access-class log-in
APRICOT 2006 - Perth Western Australia
27
Sample Config File

for the zebra daemon.
hostname Router
password zebra
enable password zebra
!
interface lo
!
interface eth0
ip address 172.16.1.2/24
!
line vty
APRICOT 2006 - Perth Western Australia
28
Sample Config File



’ !’ and ’#’ are comment characters. If the first
character of the word is one of thecomment
characters then from the rest of the line forward
will be ignored as a comment.
password zebra!password
If a comment character is not the first character
of the word, it’s a normal character. So in the
above example ’ !’ will not be regarded as a
comment and the password is set to
’zebra!password’.
APRICOT 2006 - Perth Western Australia
29
Common Invocation Options

Usage : zebra [OPTION...]

Daemon which manages kernel routing table management and
redistribution between different routing protocols.

-b, --batch
Runs in batch mode
-d, --daemon
Runs in daemon mode
-f, --config_file Set configuration file name
-i, --pid_file
Set process identifier file name
-k, --keep_kernel Don't delete old routes which installed by zebra.
-l, --log_mode
Set verbose log mode flag
-A, --vty_addr
Set vty's bind address
-P, --vty_port
Set vty's port number
-r, --retain
When program terminates, retain added route by zebra.
-v, --version
Print program version
-h, --help
Display this help and exit

Example: /home/zebra/sbin/zebra -d










APRICOT 2006 - Perth Western Australia
30
Virtual Terminal Interfaces
 VTY
– Virtual Terminal Interface is a
command line interface (CLI) for
user interaction with the routing
daemon.
 To enable a VTY interface, you have
to setup a VTY password. If there is
no VTY password, one cannot
connect to the VTY interface at all.
APRICOT 2006 - Perth Western Australia
31
VTY Overview

% telnet 192.168.8.9 2601
Hello, this is zebra (version 0.95a).
Copyright 1996-2004 Kunihiro Ishiguro.
User Access Verification
Password:
Router> enable
Password: XXXXX
Router# configure terminal
Router(config)#password zzzzzzz
Router(config)# enable password yyyyyyy
Router(config)# interface eth0
Router(config-if)# ip address 10.1.0.1/24
Router(config-if)# exit
Router(config)#access-list log-in permit 192.168.1.0/24
Router(config)#line vty
Router(config-line)# access-class log-in
Router(config-line)# end
Router#disable
APRICOT 2006 - Perth Western Australia
Router>
32
VTY Modes
Three VTY modes
 VTY View Mode : Read-Only access
to the CLI
 VTY Enable mode : Read-write
access to the CLI
 VTY Other modes
APRICOT 2006 - Perth Western Australia
33
Zebra Daemon
Interface Commands
interface ifname
 shutdown , no shutdown – up or down the
current interface
 ip address address (e.g. 10.0.0.1/8)
 description description ……
 multicast , no multicast - Enable or
disable multicast flag for the interface
 bandwidth <1-10000000> Bandwidth in kilobits
 no bandwidth <1-10000000>

APRICOT 2006 - Perth Western Australia
35
Example
Router> enable
Password: XXXXX
Router# configure terminal
Router(config)# interface eth0
Router(config-if)# ip address 10.0.1.2/24
Router(config-if)# no ip address 10.0.2.2/24
Router(config-if)#end
Router#exit
APRICOT 2006 - Perth Western Australia
36
Static Route Commands
It defines static prefix and gateway.
 ip route network gateway
 ip route network netmask gateway
ip route 10.0.0.0/8 10.0.0.2
ip route 10.0.0.0/8 ppp0
ip route 10.0.0.0 255.255.255.0 10.0.0.2
 ip route network gateway distance
ip route 10.0.0.0 255.255.255.0 10.0.0.3 50

APRICOT 2006 - Perth Western Australia
37
Static Route C……











Router# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF,
B - BGP, > - selected route, * - FIB route
K>* 0.0.0.0/0 via 192.168.8.1, eth0
S 10.0.0.0/24 [1/0] via 10.0.0.3 inactive
S>* 10.1.0.0/24 [100/0] via 192.168.8.3, eth0
S>* 10.2.3.0/24 [10/0] via 192.168.8.1, eth0
K * 127.0.0.0/8 is directly connected, lo
C>* 127.0.0.0/8 is directly connected, lo
K * 192.168.8.0/24 is directly connected, eth0
C>* 192.168.8.0/24 is directly connected, eth0
APRICOT 2006 - Perth Western Australia
38
Zebra Terminal Mode Commands
show interface
 show ip forward - Display whether the
host’s IP forwarding function is enabled or
not. Almost any UNIX kernel can be
configured with IP forwarding disabled. If
so, the box can’t work as a router.
 cat /proc/sys/net/ipv4/ip_forward
 To enable ip forward on Linux box
sysctl -w net.ipv4.ip_forward=1

APRICOT 2006 - Perth Western Australia
39
BGP
Border Gateway Protocol
Introduction to BGP
 Routing
Protocol used to exchange
routing information between
networks - Exterior gateway protocol
Path Vector Protocol
 Incremental Updates
 Many options for policy enforcement
 Classless Inter Domain Routing (CIDR)
 Widely used for Internet backbone
 BGP used internally (iBGP) and externally
(eBGP)

APRICOT 2006 - Perth Western Australia
41
Autonomous System
AS100
A
It is used to uniquely identify networks
with common routing policy
 Usually under single ownership, trust and
administrative control

APRICOT 2006 - Perth Western Australia
42
Autonomous System Number
AS number is an identification of
autonomous system.
 BGP protocol uses the AS number for
detecting whether the BGP connection is
internal one or external one.
 An ASN is a 16 bit number
 Public AS numbers 1 - 64511
 Private AS numbers 64512 – 65535
 0 and 65535 are reserved
 ASNs are distributed by the Regional
Internet Registries

APRICOT 2006 - Perth Western Australia
43
Starting BGP
 Default
configuration file of bgpd is
‘bgpd.conf’. (eg.
/home/zebra/etc/bgpd.conf)
 /home/zebra/sbin/bgpd -d
APRICOT 2006 - Perth Western Australia
44
Configuring the router
 Enable
BGP
 Add the address to be announced
 Add the address and AS numbers of
neighboring routers (peers)
 Apply policy with BGP
– Allow only the routes that originate here
to be announced to the neighboring AS
– Announced routes
– Receiving routes
APRICOT 2006 - Perth Western Australia
45
BGP Router



Configure BGP router with router bgp command.
To configure BGP router, you need AS number.
router bgp asn
Enable a BGP protocol process with the specified
asn. After this statement you can input any BGP
Commands. You can not create different BGP
process under different asn without specifying
multiple-instance
no router bgp asn
Destroy a BGP protocol process with the specified
asn.
APRICOT 2006 - Perth Western Australia
46
Configuration example
bgpd
AS100
A
bgpd
B
% telnet 192.168.8.139 2605
Connected to 192.168.1.139
Escape character is ’^]’.
Hello, this is zebra (version 0.95a)
User Access Verification
Password: XXXXX
RouterA>
RouterA> enable
RouterA#configure terminal
RouterA(config)#router bgp 100
RouterA(config-router)#
RouterA(config-router)#exit
RouterA#exit
APRICOT 2006 - Perth Western Australia
AS200
47
bgp router-id A.B.C.D
This command specifies the router-ID. If bgpd
connects to zebra it gets interface and address
information. In that case default router ID value
is selected as the largest IP Address of the
interfaces. When router zebra is not enabled
bgpd can’t get interface information so router-id
is set to 0.0.0.0. So set router-id by hand.

RouterA#configure terminal
RouterA(config)#router bgp 100
RouterA(config-router)#bgp router-id 172.16.1.1
APRICOT 2006 - Perth Western Australia
48
Configuring the router
 Enable
BGP
 Add the address to be announced
 Add the address and AS numbers of
neighboring routers (peers)
 Apply policy with BGP
– Allow only the routes that originate here
to be announced to the neighboring AS
– Announced routes
– Receiving routes
APRICOT 2006 - Perth Western Australia
49
Inserting prefixes into BGP
To add address prefix to be announced
 Two ways :

– redistributing internal routing protocol
– network command

network A.B.C.D/M
router bgp 100
network 10.1.0.0/16
no network 172.16.0.0/16
APRICOT 2006 - Perth Western Australia
50
Configuration example
bgpd
AS100
A
bgpd
B
AS200
RouterA#configure terminal
RouterA(config)#router bgp 100
RouterA(config-router)# network 10.1.0.0/16
RouterA(config-router)#end
RouterA#exit
APRICOT 2006 - Perth Western Australia
51
Redistribute to BGP

redistribute kernel
– Redistribute kernel route to BGP process.

redistribute static
– Redistribute static route to BGP process.

redistribute connected
– Redistribute connected route to BGP process.

redistribute rip
– Redistribute RIP route to BGP process.

redistribute ospf
– Redistribute OSPF route to BGP process.
APRICOT 2006 - Perth Western Australia
52
Configuration example
router bgp 100
network 10.1.0.0/16
redistribute static
redistribute connected
neighbor 192.168.8.140 remote-as 200
APRICOT 2006 - Perth Western Australia
53
Configuring the router
 Enable
BGP
 Add the address to be announced
 Add the address and AS numbers of
neighboring routers (peers)
 Apply policy with BGP
– Allow only the routes that originate here
to be announced to the neighboring AS
– Announced routes
– Receiving routes
APRICOT 2006 - Perth Western Australia
54
BGP Peers
 neighbor
peer remote-as asn
– Creates a new neighbor whose remoteas is asn. peer can be an IP address
router bgp 1
neighbor 10.0.0.1 remote-as 2
APRICOT 2006 - Perth Western Australia
55
Configuration example
bgpd
AS100
A
bgpd
B
AS200
RouterA#configure terminal
RouterA(config)#router bgp 100
RouterA(config-router)#neighbor 192.168.8.140
remote-as 200
RouterA(config-router)# network 10.1.0.0/16
RouterA(config-router)#end
Display commands-
A>show ip bgp summary
B>show ip bgp
B>Show ip route bgp
A>show ip bgp neighbors <peerIPAddress> advertisedroutes
B>show ip bgp neighbors
<peerIPAddress> routes
APRICOT 2006 - Perth Western Australia
56
Configuration example ……
RouterA#show ip bgp summary
Neighbor
V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.8.140 4 200
99
113
0
0
0
00:03:30
1
Total number of neighbors 1
RouterB# show ip bgp neighbors 192.168.8.139 routes
BGP table version is 0, local router ID is 172.16.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i internal,r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
*> 10.1.0.0/16
192.168.8.139
0
0 100 i
Total number of prefixes 1
APRICOT 2006 - Perth Western Australia
57
BGP Peer commands
neighbor peer shutdown
 no neighbor peer shutdown
Shutdown the peer. We can delete the
neighbor’s configuration by no neighbor
peer remote-as as-number but all
configuration of the neighbor will be
deleted. When you want to preserve the
configuration, but want to drop the BGP
peer, use this syntax.

APRICOT 2006 - Perth Western Australia
58
BGP Peer commands….
neighbor peer ebgp-multihop num
 no neighbor peer ebgp-multihop num

– Peer not directly connected
neighbor peer description ...
 no neighbor peer description ...

– Set description of the peer.

neighbor peer version version
– Set up the neighbor’s BGP version. version can
be 4, 4+ or 4-. BGP version 4 is the default
value used for BGP peering.
APRICOT 2006 - Perth Western Australia
59
Configuration example
bgpd
AS100
A
bgpd
B
AS200
RouterA#configure terminal
RouterA(config)#router bgp 100
RouterA(config-router)#neighbor 192.168.8.140 remote-as
200
RouterA(config-router)#neighbor 192.168.8.140
description eBGP to RouterB
RouterA(config-router)#neighbor 192.168.8.140 version
4
RouterA(config-router)#neighbor 192.168.8.140
shutdown
RouterA(config-router)# network 10.1.0.0/16
APRICOT 2006 - Perth Western Australia
60
BGP Peer commands….

neighbor peer next-hop-self
– This command specifies an announced route’s
nexthop as being equivalent to the address of
the bgp router. In eBGP, changing the next-hop
is handled automatically. But not in iBGP
no neighbor peer next-hop-self
 neighbor peer update-source interface
 no neighbor peer update-source
 neighbor peer default-originate

– announce default routes to the peer

no neighbor peer default-originate
APRICOT 2006 - Perth Western Australia
61
BGP Peer commands….
 neighbor
peer send-community
 neighbor peer weight weight
– specifies a default weight value for the
neighbor’s routes. Local to the router
– Higher weight wins
APRICOT 2006 - Perth Western Australia
62
Configuration example
bgpd
AS100
A
bgpd
B
AS200
RouterA#
router bgp 100
network 10.1.0.0/16
neighbor 192.168.8.140 remote-as 200
neighbor 192.168.8.140 update-source ehternet0
neighbor 192.168.8.140 default-originate
neighbor 192.168.8.140 send-community
neighbor 192.168.8.140 weight 50
To apply changes :
clear ip bgp 192.168.8.140 out
RouterB#show ip route bgp
RouterB#show ipAPRICOT
route 2006 - Perth Western Australia
RouterB#show ip bgp
63
Configuration example ……
 RouterB#
Network
*> 0.0.0.0
*> 10.1.0.0/16
show ip bgp
Next Hop
192.168.8.139
192.168.8.139
Metric LocPrf Weight Path
0
0
APRICOT 2006 - Perth Western Australia
0 100 i
0 100 i
64
Configuring the router
 Enable
BGP
 Add the address to be announced
 Add the address and AS numbers of
neighboring routers (peers)
 Apply policy with BGP
– Allow only the routes that originate here
to be announced to the neighboring AS
– Announced routes
– Receiving routes
APRICOT 2006 - Perth Western Australia
65
Policy Control
Policy based on AS path, community and
prefixes
 Rejecting, accepting selected routes
 Set attribute to influence path selection


Zebra provides many very flexible filtering
features. Filtering is used for both input
and output of the routing information.
Once filtering is defined, it can be applied
in any direction.
APRICOT 2006 - Perth Western Australia
66
Tools for policy control
Prefix-list (Filter prefixes)
 Filter-list (Filter ASes)
 Route-map and communities


neighbor peer distribute-list name [in|out]
– This command specifies a distribute-list for the
peer. direct is ‘in’ or ‘out’.
neighbor peer prefix-list name [in|out]
 neighbor peer filter-list name [in|out]
 neighbor peer route-map name [in|out]

APRICOT 2006 - Perth Western Australia
67
Prefix List
ip prefix-list provides the most powerful
prefix based filtering mechanism.
 add or delete prefix based filters to
arbitrary points of prefix-list using
sequential number specification.
 If no ip prefix-list is specified, it acts as
permit. If ip prefix-list is defined, and no
match is found, default deny is applied.

APRICOT 2006 - Perth Western Australia
68
Prefix List command

ip prefix-list name (permit|deny) prefix [le len]
[ge len]
ip prefix-list name seq-number (permit|deny)
prefix [le len] [ge len]
ip prefix-list name description desc
no ip prefix-list name
no ip prefix-list name description [desc]

show ip prefix-list




– Display all IP prefix lists.

show ip prefix-list name
– Show IP prefix list can be used with a prefix list name.

show ip prefix-list name seq num
APRICOT 2006 - Perth Western Australia
69
Configuration example
RouterA
router bgp 100
network 10.1.0.0/16
neighbor 192.168.8.140 remote-as 200
neighbor 192.168.8.140 prefix-list PEER-IN in
neighbor 192.168.8.140 prefix-list PEER-OUT out
ip prefix-list PEER-IN deny 172.16.2.0/24
ip prefix-list PEER-IN permit 0.0.0.0/0 le 32
ip prefix-list PEER-OUT permit 10.1.0.0/16
To apply changes :
clear ip bgp 192.168.8.140 in
clear ip bgp 192.168.8.140 out
A>show ip bgp summary
B>show ip bgp
B>Show ip route bgp
A>show ip bgp neighbors <peerIPAddress> advertisedroutes
APRICOT 2006 - Perth Western Australia
B>show ip bgp neighbors <peerIPAddress> routes
70
Filter List
 Filter
routes based on AS path
 Both direction – in/out
APRICOT 2006 - Perth Western Australia
71
Configuration example
router bgp 100
network 10.1.0.0/16
neighbor 192.168.8.140 remote-as 200
neighbor 192.168.8.140 filter-list 6 in
neighbor 192.168.8.140 filter-list 5 out
ip as-path access-list 5 permit ^100$
ip as-path access-list 6 permit ^200$
To apply the changes
clear ip bgp 192.168.8.140 in
clear ip bgp 192.168.8.140 out
A>show ip bgp summary
B>show ip bgp
B>Show ip route bgp
A>show ip bgp neighbors <peerIPAddress> advertisedroutes
APRICOT 2006 - Perth Western Australia
B>show ip bgp neighbors <peerIPAddress> routes
72
Regular Expressions

AS path regular expression can be used for displaying BGP
routes and AS path access list.
. Matches any single character.
* Matches 0 or more occurrences of pattern.
+ Matches 1 or more occurrences of pattern.
? Match 0 or 1 occurrences of pattern.
^ Matches the beginning of the line.
$ Matches the end of the line.
_ Character _ has special meanings in AS path regular
expression. It matches to space and comma , and AS set
delimiter { and } and AS confederation delimiter ( and ). And
it also matches to the beginning of the line and the end of the
line. So _ can be used for AS value boundaries match.
show ip bgp regexp _7675_ matches to all of BGP routes which
as AS number include 7675.
APRICOT 2006 - Perth Western Australia
73
Examples
.* match anything
.+ match at least one character
^$ match routes local to this AS
_100$ originated by AS100
^100_ received from AS100
_100_ via AS100
_200_100_ via AS100 and AS200
_(100_)+ multiple AS100 in sequence
(used to match AS-PATH prepends)
_\(65530\)_ via AS65530 (confederations)
APRICOT 2006 - Perth Western Australia
74
AS Path Access List
 AS
path access list is user defined AS
path.
 ip as-path access-list word
{permit|deny} line
– This command defines a new AS path
access list.
 no
ip as-path access-list word
 no ip as-path access-list word
{permit|deny} line
APRICOT 2006 - Perth Western Australia
75
Example
 ip
as-path access-list 1 permit _100$
 ip as-path access-list 2 permit _200_
APRICOT 2006 - Perth Western Australia
76
Route Maps
 Route
map is a very useful function
in zebra. There is a match and set
statement permitted in a route map.
 concepts
if match then do expression and exit
else
if match then do expression and exit
else etc
APRICOT 2006 - Perth Western Australia
77
Example - Route Map & prefix-lists
router bgp 100
bgp router-id 172.16.1.1
network 10.1.0.0/16
neighbor 192.168.8.140 remote-as 200
neighbor 192.168.8.140 route-map filter-in in
route-map filter-in permit 10
match ip address prefix-list list-1
set local-preference 120
route-map filter-in permit 20
match ip address prefix-list list-2
set local-preference 80
route-map filter-in permit 30
ip prefix-list list-1 permit 10.2.0.0/16
ip prefix-list list-2 permit 10.3.0.0/16
To apply the changes
clear ip bgp 192.168.8.140 in
APRICOT 2006 - Perth Western Australia
78
Example - Route Map & prefix-lists.
Before applying policies
RouterA# show ip bgp 10.2.0.0
BGP routing table entry for 10.2.0.0/16
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
200
192.168.8.140 from 192.168.8.140 (172.16.1.2)
Origin IGP, metric 0, localpref 100, valid, external, best
Last update: Mon Jan 30 12:40:11 2006

After applying policies
RouterA# show ip bgp 10.2.0.0
BGP routing table entry for 10.2.0.0/16
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
200
192.168.8.140 from 192.168.8.140 (172.16.1.2)
Origin IGP, metric 0, localpref 120, valid, external, best
Last update: Mon Jan 30 12:48:11 2006

APRICOT 2006 - Perth Western Australia
79
Example - Route Map & prefix-lists.
Before applying policies
RouterA# show ip bgp 10.3.0.0
BGP routing table entry for 10.3.0.0/16
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
200
192.168.8.140 from 192.168.8.140 (172.16.1.1)
Origin IGP, metric 0, localpref 100, valid, external, best
Last update: Mon Jan 30 12:41:41 2006

After applying policies
RouterA# sh ip bgp 10.3.0.0
BGP routing table entry for 10.3.0.0/16
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
200
192.168.8.140 from 192.168.8.140 (172.16.1.1)
Origin IGP, metric 0, localpref 80, valid, external, best
Last update: Mon Jan 30 12:52:11 2006

APRICOT 2006 - Perth Western Australia
80
Example - Route Map & Filter lists
router bgp 100
network 10.1.0.0/16
neighbor 192.168.8.140 remote-as 200
neighbor 192.168.8.140 route-map filter-as-path in
route-map filter-as-path permit 10
match as-path 1
set local-preference 90
route-map filter-as-path permit 20
match as-path 2
set local-preference 150
route-map filter-as-path permit 30
ip as-path access-list 1 permit _200$
ip as-path access-list 2 permit _300_
To apply the changes
clear ip bgp 192.168.8.140 in
APRICOT 2006 - Perth Western Australia
81
Example - Route-map & AS-PATH
prepend
RouterA
router bgp 100
network 10.1.0.0/16
neighbor 192.168.8.140 remote-as 200
neighbor 192.168.8.140 route-map set-as-path out
!
route-map set-as-path permit 10
match ip address prefix-list list-3
set as-path prepend 100 100
route-map set-as-path permit 20
ip prefix-list list-3 permit 10.1.0.0/16
Use own AS number when prepending
To apply the changes
clear ip bgp 192.168.8.140 out

APRICOT 2006 - Perth Western Australia
82
Example - Route-map & AS-PATH
prepend …..
RouterB# show ip bgp 10.1.0.0
BGP routing table entry for 10.1.0.0/16
Paths: (1 available, best #1, table DefaultIP-Routing-Table)
Not advertised to any peer
100 100 100
192.168.8.139 from 192.168.8.139
(172.16.1.1)
Origin IGP, metric 0, localpref 100,
valid, external, best
Last update: Mon Jan 30 14:17:01 2006
APRICOT 2006 - Perth Western Australia
83
Route Aggregation policies

aggregate-address A.B.C.D/M
– This command specifies an aggregate address.
no aggregate-address A.B.C.D/M
 aggregate-address A.B.C.D/M summaryonly

– This command specifies an aggregate address.
Aggregated routes will not be announce.
APRICOT 2006 - Perth Western Australia
84
Configuring the router
 Enable
BGP
 Add the address to be announced
 Add the address and AS numbers of
neighboring routers (peers)
 Apply policy with BGP
– Allow only the routes that originate here
to be announced to the neighboring AS
– Announced routes
– Receiving routes
APRICOT 2006 - Perth Western Australia
85
Example Network
AS400
AS300
AS200 C
192.168.1.2
B
192.168.2.2
10.2.0.0/16
10.2.0.0/16
192.168.1.1
A
192.168.2.1
AS100
10.1.0.0/16
APRICOT 2006 - Perth Western Australia
86
AS400
AS200 C
192.168.1.2
10.2.0.0/16
10.2.0.0/16
192.168.1.1

RouterA
router bgp 100
network 10.1.0.0/16
neighbor 192.168.1.2
neighbor 192.168.1.2
neighbor 192.168.2.2
neighbor 192.168.2.2
neighbor 192.168.2.2
A
192.168.2.1
AS100
10.1.0.0/16
remote-as 200
prefix-list PEERC-OUT out
remote-as 300
prefix-list PEERB-OUT out
route-map set-as-path out
ip prefix-list PEERB-OUT permit 10.1.0.0/16
ip prefix-list PEERC-OUT permit 10.1.0.0/16
ip prefix-list list-3 permit 10.1.0.0/16
route-map set-as-path permit 10
match ip address prefix-list list-3
set as-path prepend 100 100
route-map set-as-path permit 20
AS300
B
192.168.2.2

RouterC
router bgp 200
network 10.2.0.0/16
neighbor 192.168.1.1 remote-as 100
neighbor 192.168.1.1 prefix-list PEERA-IN in
neighbor 192.168.1.1 filter-list 5 in
ip prefix-list PEERA-IN permit 10.1.0.0/16 le 32
ip as-path access-list 5 permit ^100

RouterB
router bgp 300
network 10.3.0.0/16
neighbor 192.168.2.1 remote-as 100
neighbor 192.168.2.1 prefix-list PEERA-IN in
neighbor 192.168.1.1 filter-list 5 in
ip prefix-list PEERA-IN permit 10.1.0.0/16 le 32
ip as-path access-list 5 permit ^100
APRICOT 2006 - Perth Western Australia
87
BGP Scaling Techniques
 Route
Refresh and Soft
Reconfiguration
 Peer Groups
APRICOT 2006 - Perth Western Australia
88
Route Refresh


BGP session to that neighbor has to be cleared so
that it’s reinitialized after every policy change
because the router does not store prefixes that
are rejected by policy
Hard BGP reset
– Tear down BGP peering
– Consume CPU
– Disrupts connectivity for all network


clear ip bgp peer
clear ip bgp *
Peer IP address/ASN
APRICOT 2006 - Perth Western Australia
89
Route Refresh Capability
No disrupts connectivity
 No additional memory is used
 No configuration is needed
 Requires peering routers to support “route
refresh capability” – RFC2918
 clear ip bgp x.x.x.x in

– ask the peer to resend full BGP announcement

clear ip bgp x.x.x.x out
– to resend full BGP announcement to peer
APRICOT 2006 - Perth Western Australia
90
Soft Reconfiguration


Copies of all routes received from that peer are
stored separately from the regular BGP table.
After configuring the policy change, It is possible
to apply the new policy to the stored copies of
the BGP information without having to reset the
session.
router bgp 100
network 10.1.0.0/16
neighbor 192.168.8.140 remote-as 200
neighbor 192.168.8.140 soft-reconfiguration inbound

clear ip bgp 192.168.8.140 soft [in | out]
APRICOT 2006 - Perth Western Australia
91
BGP Scaling Techniques
 Route
Refresh and Soft
Reconfiguration
 Peer Groups
APRICOT 2006 - Perth Western Australia
92
BGP Peer Groups

Some routers have long list of neighbors. It’s is
then common to have several setting that are
same for each neighbors.
Makes configuration easier
Makes configuration less prone to error
Makes configuration more readable

neighbor word peer-group



– This command defines a new peer group.

neighbor peer peer-group word
– This command bind specific peer to peer group word.
APRICOT 2006 - Perth Western Australia
93
Configuration example
(Without peer groups)
router bgp 100
ip
ip
ip
ip
ip
network 10.1.0.0/16
neighbor 192.168.8.140
neighbor 192.168.8.140
neighbor 192.168.8.140
neighbor 192.168.8.140
neighbor 192.168.8.140
remote-as 200
prefix-list PEER-IN in
prefix-list PEER-OUT out
filter-list 6 in
filter-list 5 out
neighbor
neighbor
neighbor
neighbor
neighbor
remote-as 150
prefix-list PEER-IN in
prefix-list PEER-OUT out
filter-list 6 in
filter-list 5 out
192.168.8.150
192.168.8.150
192.168.8.150
192.168.8.150
192.168.8.150
prefix-list PEER-IN deny 172.16.2.0/24
prefix-list PEER-IN permit 0.0.0.0/0 le 32
prefix-list PEER-OUT permit 10.1.0.0/16
as-path access-list 5 permit ^100$
as-path access-list 6 permit ^200$
APRICOT 2006 - Perth Western Australia
94
Configuration example
(With peer groups)
router bgp 100
network 10.1.0.0/16
neighbor ebgp peer-group
neighbor ebgp filter-list 6 in
neighbor ebgp filter-list 5 out
neighbor ebgp prefix-list PEER-IN in
neighbor ebgp prefix-list PEER-OUT out
neighbor 192.168.8.140 remote-as 200
neighbor 192.168.8.140 peer-group ebgp
neighbor 192.168.8.150 remote-as 150
neighbor 192.168.8.150 peer-group ebgp
APRICOT 2006 - Perth Western Australia
95
BGP Scaling Techniques
 Route
Refresh and Soft
Reconfiguration
 Peer Groups
APRICOT 2006 - Perth Western Australia
96
Display BGP Routes

show ip bgp regexp line
– This commands display BGP routes that matches AS
path regular expression line.
– show ip bgp regexp _100_






show ip
show ip
show ip
show ip
show ip
routes
show ip
bgp summary
bgp
bgp A.B.C.D
route bgp
bgp neighbors <peerIPAddr> advertisedbgp neighbors <peerIPAddr> routes
APRICOT 2006 - Perth Western Australia
97
Route Server
At an Internet Exchange point, many ISPs
are connected to each other by external
BGP peering. Normally these external BGP
connection are done by full mesh method.
As with internal BGP full mesh formation,
this method has a scaling problem.
 Route Server is a method to resolve the
problem.
 Each ISP’s BGP router only peers to Route
Server.
 Route Server serves as BGP information
exchange to other BGP routers.

APRICOT 2006 - Perth Western Australia
98
 several
routing tables for managing
different routing policies for each
BGP speaker (Different views)
 bgpd can work as normal BGP router
or Route Server or both at the same
time.
APRICOT 2006 - Perth Western Australia
99
Multiple instance




To enable multiple view function of bgpd, you must turn on
multiple instance feature beforehand.
bgp multiple-instance
no bgp multiple-instance
bgp config-type zebra
– Zebra style BGP configuration. This is default.

bgp config-type cisco
– Cisco compatible BGP configuration output.
– When bgp config-type cisco is specified,
“no synchronization” is displayed. “no auto-summary” is
desplayed.
“network” and “aggregate-address” argument is displayed as
“A.B.C.D M.M.M.M”
Zebra: network 10.0.0.0/8 Cisco: network 10.0.0.0
Zebra: aggregate-address 192.168.0.0/24 Cisco: aggregateaddress 192.168.0.0 255.255.255.0
APRICOT 2006 - Perth Western Australia
100
– In case of “bgp config-type cisco” is
specified, community attribute is not
sent to the neighbor by default. To send
community attribute user has to specify
“neighbor A.B.C.D send-community”
command.
– router bgp 1
 neighbor
10.0.0.1 remote-as 1
 neighbor 10.0.0.1 send-community
APRICOT 2006 - Perth Western Australia
101
Example
RouterA#configure terminal
RouterA(config)# bgp multiple-instance
RouterA(config)# bgp config-type cisco
RouterA(config)# Ctrl Z
RouterA#
APRICOT 2006 - Perth Western Australia
102
BGP Views


BGP view is almost same as normal BGP process.
The result of route selection does not go to the
kernel routing table. BGP view is only for
exchanging BGP routing information.
router bgp as-number view name
bgp multiple-instance
!
router bgp 1 view 1
neighbor 10.0.0.1 remote-as
neighbor 10.0.0.2 remote-as
!
router bgp 2 view 2
neighbor 10.0.0.3 remote-as
neighbor 10.0.0.4 remote-as
2
3
4
5
APRICOT 2006 - Perth Western Australia
103
BGP instance and view


You can setup different AS at the same time when BGP multiple
instance feature is enabled.
router bgp as-number
– Make a new BGP instance. You can use arbitrary word for the name.
bgp multiple-instance
!
router bgp 1
neighbor 10.0.0.1 remote-as 2
neighbor 10.0.0.2 remote-as 3
!
router bgp 2
neighbor 10.0.0.3 remote-as 4
neighbor 10.0.0.4 remote-as 5

The result of route selection goes to the kernel routing table.
APRICOT 2006 - Perth Western Australia
104
Routing policy

You can set different routing policy for a peer. For example, you can set
different filter for a peer.
bgp multiple-instance
!
router bgp 1 view 1
neighbor 10.0.0.1 remote-as 2
neighbor 10.0.0.1 distribute-list 1 in
!
router bgp 1 view 2
neighbor 10.0.0.1 remote-as 2
neighbor 10.0.0.1 distribute-list 2 in
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.2.0 0.0.0.255

This means BGP update from a peer 10.0.0.1 goes to both BGP view 1 and
view 2. When the update is inserted into view 1, distribute-list 1 is
applied. On the other hand, when the update is inserted into view 2,
distribute-list 2 is applied.
APRICOT 2006 - Perth Western Australia
105
Viewing the views
 show
ip bgp view name
– Display routing table of BGP view name.
APRICOT 2006 - Perth Western Australia
106
Filtering
Tools
 IP
Access List
 IP Prefix List
 Route Map
APRICOT 2006 - Perth Western Australia
108
IP Access List
access-list name permit ipv4-network
 access-list name deny ipv4-network
 Basic filtering is done by access-list as
shown in the following example.

access-list filter deny 10.0.0.0/9
access-list filter permit 10.0.0.0/8
access-list 100 permit ip any 192.168.1.0
0.0.0.255
access-list 90 permit 192.168.1.0 0.0.0.255

Example vty access restrict, route-map
match statement, distribute-list
APRICOT 2006 - Perth Western Australia
109
Zebra/Quagga Routing Suite
Thank you
Zebra/Quagga Routing Suite
Anura Abayaratne
MTT Network - Sri Lanka
[email protected]
APRICOT 2006
22nd Feb – 3rd Mar 2006
Perth Western Australia