Introduction to dynamic routing on Linux with Quagga

FVLUG – July 23, 2007

Wim Kerkhoff – wim@nyetwork.org

Overview Short introduction to dynamic routing Introduce Quagga Installing Quagga on Debian Example Quagga configurations Demo Using Quagga in production

Static Routing Simplist and most common method Manually configured by humans Can’t handle network changes such

as outages Doesn’t scale with many network

devices Requires least amount of expertise Generally used on hosts (PCs,

printers, etc) and simple NAT routers

Dynamic Routing Protocols Applications that automatically discover

network destinations First they learn what network routes are

directly connected Then chat with neighbouring routers to

learn what they know The entire network learns about changes

within minutes or even seconds Generally used on Internet backbone

routers and in organizations with many routers

Common routing protocols RIP – old one, based on hop count. Timer

system can result in slow convergence OSPF – also uses multicast. Calculates

shortest path using costs assigned to each link. Easy to setup but less knobs then BGP. Used inside organization

BGP – uses TCP session. Can do filtering, route-maps, mangling, etc. Normally used for communicating with other organizations and based on policy

Remember: Routing != Forwarding Routing directs forwarding Routing is the process of selecting paths in

a network Forwarding is the relaying of packets

through one network segment to another by nodes

So a network device can perform routing, forwarding, or both

So you’ll have a broken router if /proc/sys/net/ipv4/ip_forward is set to 0 even with a beautiful quagga config

What is Quagga? Open source routing software Forked 4 years ago from Zebra to

form a much better and healthier de-centralized community

Similar syntax and look to Cisco IOS No control over OS, unlike IOS

Quagga features RIPv1 and v2 (IPv4) RIPng (IPv6) OSPFv2 OSPFv3 BGPv4 with multiprotocol extension VTY shell – Cisco like SNMP IPv6

Supported Platforms GNU/Linux 2.2.x and higher FreeBSD 4.x and higher NetBSD 1.6 and higher OpenBSD 2.5 and higher

System Architecture

bgpd ripd ospfd

Zebra routing table manager

Linux Kernel routing table

Routing protocol daemons

Vtysh shell

Install / configuration overview Install Debian apt-get install quagga tcpdump iproute Add set VTYSH_PAGER=cat to ~/.bashrc Update /etc/quagga/daemons

(zebra,ospfd,bgpd) echo username root nopassword > vtysh.conf touch zebra.conf ospfd.conf bgpd.conf /etc/init.d/quagga start

Vtysh to start configuring Don’t forget to copy run start like on IOS Reboot and ensure convergence

Demo

Internet - 0.0.0.0/0

R1R2

Eth0 – 192.168.21.8

Eth1 – 10.3.2.1/30 Eth0 – 10.3.2.2/30

Lo – 10.3.3.2/32

ISP - 192.168.21.254/24

OSPF area 0

Lo – 10.3.3.1/32

NAT boundary

Router 1 Configuration

interface eth0 ip address 192.168.21.8/24!interface eth1 ip address 10.3.2.1/30!interface lo ip address 10.3.3.1/32!router ospf ospf router-id 10.3.3.1 redistribute connected network 10.3.2.0/30 area 0.0.0.0 default-information originate always!ip route 0.0.0.0/0 192.168.21.254!ip forwarding

Router 2 Configuration

interface eth0 ip address 10.3.2.2/30!interface lo ip address 10.3.3.2/32!router ospf ospf router-id 10.3.3.2 redistribute connected network 10.3.2.0/30 area 0.0.0.0!ip forwarding

Routing table on Router 2

quagga2:~# vtysh

Hello, this is Quagga (version 0.99.5).Copyright 1996-2005 Kunihiro Ishiguro, et al.

quagga2# show ip routeCodes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - ISIS, B - BGP, > - selected route, * - FIB route

O>* 0.0.0.0/0 [110/1] via 10.3.2.1, eth0, 1d20h22mO 10.3.2.0/30 [110/10] is directly connected, eth0, 1d20h33mC>* 10.3.2.0/30 is directly connected, eth0O>* 10.3.3.1/32 [110/20] via 10.3.2.1, eth0, 1d20h22mC>* 10.3.3.2/32 is directly connected, loC>* 127.0.0.0/8 is directly connected, loO>* 192.168.21.0/24 [110/20] via 10.3.2.1, eth0, 1d20h22m

OSPF neighbour details

quagga2# show ip ospf neighbor detail Neighbor 10.3.3.1, interface address 10.3.2.1 In the area 0.0.0.0 via interface eth0 Neighbor priority is 1, State is Full, 11 state changes Most recent state change statistics: Progressive change 1d20h25m ago Regressive change 1d20h25m ago, due to 1-WayReceived DR is 10.3.2.2, BDR is 10.3.2.1 Options 2 *|-|-|-|-|-|E|* Dead timer due in 38.944s Database Summary List 0 Link State Request List 0 Link State Retransmission List 0 Thread Inactivity Timer on Thread Database Description Retransmision off Thread Link State Request Retransmission on Thread Link State Update Retransmission on

Production tips? Make sure you have backups of /etc/quagga,

/etc/network/interfaces, and iptables rules Keep templates Monitor the router as if it was a server: disk

space, memory, load, etc Have redundant routers so that you can

perform OS updates safely with 0 downtime Be consistent – stick to your templates Run lean & mean – K.I.S.S. Be secure But make sure you can somehow access the

box even if routing is broken Stick to a single protocol if possible

Interior uses of OSPF and BGP Managing multiple ISP links (failover /

load balancing) Multisites using VPNs and/or private

links Failover between servers

Want to experiment? Setting up 30 machines to simulate a

30 router network is tough Virtualize using Xen, VMWare,

OpenVZ etc Linksys WRT54G with

DD-WRT/OpenWRT

Worthy competitor to $60k Cisco? Yes! 2 x 1U servers with onboard dual GigE Servers can be under $1500 each and

perform just fine for 99% of situations Need more ports? VLAN trunking to

managed Layer2 switch Commodity memory and processors are dirt

cheap and as fast as expensive ASICs Each full BGP table needs approx 128 MB

physical RAM

Documentation Documentation exists for quagga Wiki.quagga.net has more useful examples But it’s geared towards quagga itself and

not dynamic routing Understanding routing protocols is critical Having experience with configuring

RIP/OSPF/BGP on Cisco via CLI helps a lot CLI has built-in usage info using the ? mark

like in Cisco IOS Zebra/Quagga mailing list archives Any Cisco OSPF/BGP syntax guides and

examples Google

Questions/Discussion