Tags Archives: bgp

How To Connect To The DN42 BGP Global Test Network

What is DN42?

 

 

Decentralized Network 42, or DN42, is a volunteer “overlay” global network made up of thousands of routers nodes interconnected with each other via VPN tunnels. DN42 operates using Internetrouting protocols such as BGP and OSPF, enabling users to run services such as websites and DNS servers in a similar way to the real internet.

 

The aim of DN42 is to provide a safe and realistic BGP “sandbox” environment for system administrators to practice using routing and other network technologies. Running a BGP system on the real internet requires paying costly registration fees, whereas DN42 is free to use.

 

The DN42 wiki homepage is located at https://wiki.dn42.us

 

This article contains my practical notes on the registering process and setting up the environment in order to connect to DN42.

 

To join DN42 you first have to download a copy of the current DN42 registry database. This is a text-file directory system which is stored as a Git repository on a Git server at DN42.

 

The Git repository is maintained by a group of moderators who review and approve all registration requests for using DN42. DN42 assigns the Autonomous Systems Numbers (ASNs) for the BGP routers the users operate as well as the IP address ranges to be used.

 

This is the DN42 equivalent of a Regional Internet Registry (RIR), such as the ARIN in North America, RIPE for Europe, or the APNIC for Asia Pacific.

 

The DN42 registry is located at at https://git.dn42.us/dn42/registry

 

To join DN42 you download a copy of the registry, then add your data to your copy, and then submit a Git change request back to the DN42 main Git registry

 

First of all you need to sign up to the DN42 Git registry using an email address. Then navigate to the main DN42 Git repository and create a fork of the registry by clicking the ‘Fork’ button. This downloads a copy of the repository to your own Git registry account.

 

You then add an SSH public key to your registry account so you can then authenticate to it using by Git over SSH from the command-line. You can either use an existing SSH public key that you already have, or else create a new SSH key pair in the usual way, specially for this account as follows:

 

ssh-keygen -t rsa -b 4096

 

Then upload this public key to your registry account via your account settings.

 

You should make sure you sign all your change requests using either a GPG key or an SSH key to prevent other users from submitting false change requests to the registry on your behalf.

 

The SSH key you used when creating your registry objects has to be deployed to sign all your change requests to validate your identity so they can be accepted by the DN42 registry moderators.

To be sure that you will be using the correct private key for the DN42 Git connection, add the following to your ~/.ssh/config file:

 

host git.dn42.us
IdentityFile ~/.ssh/your-ssh-private-key

 

You should now be able to test connecting to the registry, thus:

 

ssh -T git@git.dn42.us

 

This initial SSH session should automatically close immediately after connection as it is just a test.

 

Now you can clone the DN42 Git registry repository:

 

git clone git@git.dn42.us:your-registry-username-here/registry.git

 

This downloads a full local copy of the current DN42 registry. You can browse the directory tree and view all of the files, and add your own local changes, before submitting them back to the main DN42 repository.

 

How To Create DN42 Registry Objects

 

 

The structure of the DN42 registry follows closely the structure of an Internet Routing Registry (IRR) which manages the real internet, such as ARIN or RIPE.

 

All the data submitted to the DN42 registry is shared publicly among the DN42 participants. This allows networks to correctly route traffic correctly around the world in the same way as is done on the real Internet.

 

To register your network to participate on DN42, you create a series of data files – known as registry objects within your downloaded local copy of the registry. You can use any plain-text editor for this, but it must save in plain (ASCII) text, without any special formatting information. Nano or vi/vim are both suitable for this.

 

My ASN number is AS4242422352.  I selected this from the DN42 registry from the list of freely available ASNs.

 

Initial DN42 User Registration

 

 

I created a Git account on the DN42 Git repository at https://git.dn42.dev/

 

username: BeeGeePee

pwd: *** (hidden)

email: k*@gmail.com (hidden)

I then uploaded my ssh public key for kevin on intel ie from my linux intel nuc computer to the DN42 Git account at git.dn42.dev.

 

I could then clone the dn42 repo ok:

 

kevin@intel:~/dn42$ git clone git@git.dn42.dev:dn42/registry.git
Cloning into 'registry'...
remote: Enumerating objects: 76982, done.
remote: Counting objects: 100% (76982/76982), done.
remote: Compressing objects: 100% (24231/24231), done.
remote: Total 76982 (delta 55310), reused 73413 (delta 52679)
Receiving objects: 100% (76982/76982), 10.19 MiB | 8.68 MiB/s, done.
Resolving deltas: 100% (55310/55310), done.
kevin@intel:~/dn42$

Next, create a branch for your changes:

 

The name of the branch. This has to be in the format: <username>-YYYYMMDD/<name>

 

whereby

 

<username> is your gitea username.

 

YYYYMMDD is current date.

 

<name> is a descriptive name you give for your change.

 

The branch must be created in the registry on the date described as in the branch name. Create the branch and the push it to the registry straight away:

 

git checkout BeeGeePee-20210528/mychange

 

kevin@intel:~/dn42/registry$ git checkout -b BeeGeePee-20210528/mychange
Switched to a new branch 'BeeGeePee-20210528/mychange'
kevin@intel:~/dn42/registry$

 

git push –set-upstream origin BeeGeePee-20210528/mychange

 

kevin@intel:~/dn42/registry$ git push --set-upstream origin BeeGeePee-20210528/mychange
Total 0 (delta 0), reused 0 (delta 0)
remote: 
remote: Create a new pull request for 'BeeGeePee-20210528/mychange':
remote: https://git.dn42.dev/dn42/registry/compare/master...BeeGeePee-20210528/mychange
remote: 
remote: . Processing 1 references
remote: Processed 1 references in total
To git.dn42.dev:dn42/registry.git
* [new branch] BeeGeePee-20210528/mychange -> BeeGeePee-20210528/mychange
Branch 'BeeGeePee-20210528/mychange' set up to track remote branch 'BeeGeePee-20210528/mychange' from 'origin'.
kevin@intel:~/dn42/registry$

 

 

Next, make the changes on your new branch. See the getting started guide in the Wiki for more information.

 

Run the schema checking tools to validate your changes before adding and committing to the git repository:

 

./fmt-my-stuff MNTNER-MNT
./check-my-stuff MNTNER-MNT
./check-pol origin/master MNTNER-MNT
$EDITOR <change some stuff>

 

git add .     
git commit

 

Note the dot . after git add – this is important!

 

Remember to add authentication to your mntner object, and also to sign your commit!

 

 

The registry includes a number of scripts to help check your request:

 

fmt-my-stuff <FOO>-MNT: this automatically fixes minor formatting errors
check-my-stuff <FOO>-MNT: this validates your objects with registry requirements
check-pol origin/master <FOO>-MNT: this checks for any policy violations
squash-my-commits: run this to automatically update and squash your local commits
sign-my-commit: this signs your commit using either your pgp key or else by using standard SSH signing

 

You can browse the registry and have a look at the pull request queue for examples and to see how the process works and the types of questions asked by the registry maintainers.

 

We will create several types of objects as part of our application to join the DB42 registry:

 

maintainer objects: which are authenticated so that only you can edit your own objects

 

person objects: which describe people or organisations and provide contact information, and

 

resource objects: (AS number, IP subnet, DNS zone, etc).

 

All objects are simple text files in the specific subfolders, but note that the files must have a specific format.

 

The files should use spaces and not tabs between the definitions and the values and the attribute values must always start on the 20th space. Do NOT use any TABs!

 

If you are registering with DN42 as an individual and not as an organisation then “organization” is not required.

 

 

Create a file called [NICKNAME]-MNT under data/mntner directory.

 

 

My file (file name: dn42/registry/data/mntner/BEEGEEPEE-MNT) looks like this:

kevin@intel:~/cat dn42/registry/data/mntner/BEEGEEPEE-MNT

mntner: BEEGEEPEE-MNT
admin-c: BEEGEEPEE-DN42
tech-c: BEEGEEPEE-DN42
mnt-by: BEEGEEPEE-MNT
source: DN42
auth: ssh-rsa ***** **** (public key hidden) 
remarks: created 28.5.2021

 

mntner: maintainer, this is the name of your account.

 

admin-c: admin contact, this points to a person file, ie [NICKNAME]-DN42.

 

tech-c: tech contact, this points to a person file, ie [NICKNAME]-DN42.

 

mnt-by: maintain by, this points to the account itself, ie [NICKNAME]-DN42.

 

source: this is “DN42”.

 

auth: this is your authentication info. It can be a GPG public key or an SSH public key.

 

IMPORTANT! The space between the name and the values for each entry MUST be exactly 20 characters long and must not be altered else the file will be rejected. Do NOT use TABs!

 

 

Then create the [NICKNAME]-DN42 under data/person. This holds your personal info eg name and email address:

 

data/person/BEEGEEPEE-DN42):

 

person: Kevin
contact: @gmail.com
nic-hdl: BEEGEEPEE-DN42
mnt-by: BEEGEEPEE-MNT
source: DN42

 

 

Select an Autonomous System Number

 

 

Next you need to select an Autonomous System Number, or ASN for your BGP router.

 

On the real Internet, ASN range 4200000000 – 4294967294 is reserved for private users, while DN42 uses one small section of it: 4242420000 – 4242423999.

 

So you need to choose an ASN within this range which is not currently already in use and then create a file under data/aut-num.

 

To check if a desired AS number is available, use the explorer site at (add your desired AS number):

 

https://explorer.burble.com/?#/aut-num/AS4242422352

 

The file items are:

 

aut-num: Your own ASN.

 

as-name: The name of the AS. You can set this to [NICKNAME]-AS.

 

descr: A description of the AS which can be freely chosen.

 

admin-c: Your network admin contact person, which points to your DN42 person file, ie [NICKNAME]-DN42.

 

tech-c: Your tech contact person, which points to your DN42 person file, ie [NICKNAME]-DN42.

 

mnt-by: This points to your DN42 mntner file, ie [NICKNAME]-MNT.

 

source: This is “DN42”.

 

So, my aut-num file looks like this:

 

file data/aut-num/AS4242422352:

 

aut-num: AS4242422352
as-name: BEEGEEPEE-AS
descr: Peer with me at @gmail.com
admin-c: BEEGEEPEE-DN42
tech-c: BEEGEEPEE-DN42
mnt-by: BEEGEEPEE-MNT
source: DN42

 

 

 

Select an IP Range on DN42

 

 

Next you can select your IP range.

 

Browse the data/inetnum folder and look for a free IP range which you can use.

 

DN42’s IPv4 addresses have the range 172.20.0.0/14, = ie 172.20.0.0 – 172.23.255.255.

 

The smallest address block which you can register with DN42 is a /29 range, or 8 IPs.

 

Of these 8 IPs, only 6 will be usable for servers and other devices, since the first IP is reserved for marking the address range, and the last IP is reserved as the broadcast IP within the block.

 

Generally though, a /29 range will be adequate if you are a complete beginner who is not running a business or organization.

 

However, DN42 recommends registering for a /27 range. Remember though that DN42’s IPv4 addresses are a scarce resource. DN42 only has a limited number available, so do not waste them!

 

You can check for free IPs using:

 

https://explorer.burble.com/free#/4

 

http://172.20.45.80/28

 

16 IPs

 

Or use http://jodies.de/ipcalc?host=172.20.45.80&mask1=28&mask2=

 

or

 

https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=28&cip=172.20.45.80&ctype=ipv4&printit=0&x=103&y=19

 

 

to calculate the ip address range for this subnet /28:

 

These are the results from both websites:

 

 

Address: 172.20.45.80 10101100.00010100.00101101.0101 0000
Netmask: 255.255.255.240 = 28 11111111.11111111.11111111.1111 0000
Wildcard: 0.0.0.15 00000000.00000000.00000000.0000 1111
=>
Network: 172.20.45.80/28 10101100.00010100.00101101.0101 0000 (Class B)
Broadcast: 172.20.45.95 10101100.00010100.00101101.0101 1111
HostMin: 172.20.45.81 10101100.00010100.00101101.0101 0001
HostMax: 172.20.45.94 10101100.00010100.00101101.0101 1110
Hosts/Net: 14 (Private Internet)

IP Address: 172.20.45.80
Network Address: 172.20.45.80
Usable Host IP Range: 172.20.45.81 – 172.20.45.94
Broadcast Address: 172.20.45.95
Total Number of Hosts: 16
Number of Usable Hosts: 14
Subnet Mask: 255.255.255.240

 

IP Class: C
CIDR Notation: /28
IP Type: Private

 

 

So, you would be using 172.20.45.81 for your first machine, and for the others, up to and inculding 172.20.25.94

 

and the broadcast address for this subnet will be 172.20.25.95

 

and the network subnet IP is 172.20.45.80

 

 

When you have chosen your IP range, create the file under data/inetnum.

 

 

The items in the file are:

 

inetnum: the range of your IP block. Use one of the calculators above for this.

 

netname: the name of your IP block, ie [NICKNAME]-IPV4).

remarks: & descr: This can be whatever you like.

 

country: your Internet country-code eg US for United States

 

admin-c: your admin contact, ie your person file, [NICKNAME]-DN42.

 

tech-c: your tech contact, ie your person file, [NICKNAME]-DN42.

 

mnt-by: your mntner file, [NICKNAME]-MNT.

 

nserver: your dns name servers for reverse resolution of your IP block. If you don’t know this or don’t require this, then you can remove the line.

 

status: this has a fixed value of ASSIGNED.

 

cidr: this is the CIDR-format range of your IP block, as for inetnum but expressed in CIDR-format.

 

source: this is “DN42”.

 

 

so, in my case I am using:

 

http://172.20.45.80/28

 

= 16 IPs

 

 

data/inetnum/172.20.45.80_28

 

inetnum: 172.20.45.81 – 172.20.45.94
netname: BEEGEEPEE-IPV4
remarks: Peer with me at @gmail.com
descr: Peer with me at @gmail.com
country: DE
admin-c: BEEGEEPEE-DN42
tech-c: BEEGEEPEE-DN42
mnt-by: BEEGEEPEE-MNT
nserver: ns1.beegeepee.dn42
status: ASSIGNED
cidr: 172.20.45.80/28
source: DN42

 

 

the country code you can find at https://www.apnic.net/get-ip/get-ip-addresses-asn/check-your-eligibility/iso-3166-codes/

 

eg
UNITED KINGDOM GB

 

GERMANY is DE

 

cat data/inetnum/172.20.45.80_28

 

kevin@intel:~/dn42/registry/data/inetnum$ cat 172.20.45.80_28 
inetnum: 172.20.45.80 - 172.20.45.95
netname: BEEGEEPEE-IPV4
remarks: Peer with me at @gmail.com
descr: Peer with me at @gmail.com
country: DE
admin-c: BEEGEEPEE-DN42
tech-c: BEEGEEPEE-DN42
mnt-by: BEEGEEPEE-MNT
nserver: ns1.beegeepee.dn42
status: ASSIGNED
cidr: 172.20.45.80/28
source: DN42

 

 

Create the Route Objects

 

 

The route object authorizes your AS to use the address. If you are going to announce your prefixes in dn42 as is usual, then you need to create a route6 object for ipv6 prefixes as well as a route object for ipv4 prefixes because this information is needed for Route Origin Authorization (ROA) checks.

 

This will also prevent accidental hijacking of other user’s prefixes. If you don’t do this, then your network is likely to get filtered out by most major BGP peers on DN42!

 

Create a file under data/route containing:

 

route: the range of your IP block.

 

descr: a description (can be anything)

 

origin: this is the AS you are authorizing to use this IP block. Enter your own ASN!

 

mnt-by: this is your mntner file, ie [NICKNAME]-MNT.

 

source: “DN42”.

 

So, for my ASN number AS4242422352, we create a file: data/route/172.20.45.80_28

 

and enter:

 

route: 172.20.45.80/28
descr: Peer with me at @gmail.com
origin: AS4242422352
mnt-by: BEEGEEPEE-MNT
source: DN42

 

 

Create an Ipv6 Block

 

Best choice is a random IPv6 block. You may use some random prefix generator.

 

 

eg using the dn42 explorer:

 

 

https://explorer.burble.com/free#/6

 

This generated an ipv6 subnet block of:

 

 

fd4c:6516:94e0::/48

 

The recommended IPv6 prefix size in DN42 is a /48. This provides plenty of address space. (IPv6 has plenty of space available in contrast to IPv4).

 

Then, at eg https://www.internex.at/de/toolbox/ipv6

 

calculate the range this gives you:

 

URL: https://www.internex.at/de/toolbox/ipv6/ip6=fd4c:6516:94e0::/prefix=48

 

RESULT

 

Entered Value fd4c:6516:94e0::/48
Address Type Unique-Local address
Expanded IPv6 fd4c:6516:94e0:0000:0000:0000:0000:0000/48
Minimized IPv6 fd4c:6516:94e0::/48
Network fd4c:6516:94e0::/48
First Address fd4c:6516:94e0:0000:0000:0000:0000:0000
Last Address fd4c:6516:94e0:ffff:ffff:ffff:ffff:ffff
Total /64 Networks 65 536

 

 

Network fd4c:6516:94e0::/48

So my range for IPv6 for this network is:

 

fd4c:6516:94e0:0000:0000:0000:0000:0000 – fd4c:6516:94e0:ffff:ffff:ffff:ffff:ffff

 

 

After generating your IPv6 block, create a file in data/inet6num similar to IPv4.

 

The items in the file are:

 

inet6num: the range of your IP block.
netname: the name of your IP block, ie [NICKNAME]-IPV6).
remarks & descr: can be anything.
country: your country code, ie DE, GB, US etc
admin-c: your admin contact, ie [NICKNAME]-DN42.
tech-c: your tech contact, ie [NICKNAME]-DN42.
mnt-by: your mntner file, ie [NICKNAME]-MNT.
nserver: your dns name servers for reverse resolution of the IP block. If not used, then remove the line.
status: this is “ASSIGNED”.
cidr: the range of your IP block, but expressed in CIDR-format.
source: this is “DN42”.

 

 

kevin@intel:~/dn42/registry$ cat data/inet6num/fd4c:6516:94e0::_48




inet6num: fd4c:6516:94e0:0000:0000:0000:0000:0000 - fd4c:6516:94e0:ffff:ffff:ffff:ffff:ffff
netname: BEEGEEPEE-IPV6
descr: Peer with me at @gmail.com
country: DE
admin-c: BEEGEEPEE-DN42
tech-c: BEEGEEPEE-DN42
mnt-by: BEEGEEPEE-MNT
nserver: ns1.beegeepee.dn42
status: ASSIGNED
cidr: fd4c:6516:94e0::/48
source: DN42
kevin@intel:~/dn42/registry$

 

 

 

Then create a route6 object under data/route6, to authorize your AS to use your selected IP range.

 

The items in the file are:

 

route6: the range of your IP block.
descr: a description, whatever you like.
origin: the AS router you are authorizing to use this IP block, ie your ASN.
mnt-by: your mntner file, ie [NICKNAME]-MNT.
source: “DN42”.

 

 

kevin@intel:~/DATA/DN42/registry$ cat data/route6/fd4c:6516:94e0::_48




route6: fd4c:6516:94e0::/48
descr: Peer with me at @gmail.com
origin: AS4242422352
mnt-by: BEEGEEPEE-MNT
source: DN42
kevin@intel:~/DATA/DN42/registry$

 

 

I’m adding a dns server, this will be the first free ip in the subnet block, ie just one dns server, the intel nuc, this also has to be configured later.

 

There should ideally be two, but we will define just one for now.

 

 

DNS and Domain Registration

 

(This is optional)

 

To register a domain name, create a dns object in the data/dns directory, with domain names and nserver attributes in lowercase.

 

nano data/dns/beegeepee.dn42





domain: beegeepee.dn42
admin-c: BEEGEEPEE-DN42
tech-c: BEEGEEPEE-DN42
mnt-by: BEEGEEPEE-MNT
nserver: ns1.beegeepee.dn42 172.20.45.81 
nserver: ns1.beegeepee.dn42 fd4c:6516:94e0:0000:0000:0000:0000:0000
source: DN42

 

 

then carry out some checks:

 

kevin@intel:~/dn42/registry$ ./fmt-my-stuff BEEGEEPEE-MNT
kevin@intel:~/dn42/registry$ ./check-my-stuff BEEGEEPEE-MNT
[NOTE] ## Scan Started at 2021-05-28 20:47:01
CHECK data/mntner/BEEGEEPEE-MNT PASS MNTNERS: BEEGEEPEE-MNT
[NOTE] ## Scan Completed at 2021-05-28 20:47:01
[NOTE] ## Scan Started at 2021-05-28 20:47:01
CHECK data/person/BEEGEEPEE-DN42 PASS MNTNERS: BEEGEEPEE-MNT
CHECK data/aut-num/AS4242426834 PASS MNTNERS: BEEGEEPEE-MNT
CHECK data/mntner/BEEGEEPEE-MNT PASS MNTNERS: BEEGEEPEE-MNT
[INFO] fd4c:6516:94e0::/48
CHECK data/inet6num/fd4c:6516:94e0::_48 PASS MNTNERS: BEEGEEPEE-MNT
CHECK data/route6/fd4c:6516:94e0::_48 PASS MNTNERS: BEEGEEPEE-MNT
CHECK data/inetnum/172.20.45.80_28 PASS MNTNERS: BEEGEEPEE-MNT
CHECK data/dns/beegeepee.dn42 PASS MNTNERS: BEEGEEPEE-MNT
CHECK data/route/172.20.45.80_28 PASS MNTNERS: BEEGEEPEE-MNT
[NOTE] ## Scan Completed at 2021-05-28 20:47:02
kevin@intel:~/dn42/registry$ 
kevin@intel:~/dn42/registry$ ./check-pol origin/master BEEGEEPEE-MNT
kevin@intel:~/dn42/registry$ ./squash-my-commits
Adding dn42registry remote: git@git.dn42.dev:dn42/registry.git
Rebasing local changes against the registry master
remote: Enumerating objects: 27, done.
remote: Counting objects: 100% (27/27), done.
remote: Compressing objects: 100% (18/18), done.
remote: Total 18 (delta 9), reused 0 (delta 0)
Unpacking objects: 100% (18/18), 2.39 KiB | 98.00 KiB/s, done.
From git.dn42.dev:dn42/registry
* branch master -> FETCH_HEAD
* [new branch] master -> dn42registry/master
First, rewinding head to replay your work on top of it...
Fast-forwarded BeeGeePee-20210528/mychange to dn42registry/master.
0 local commits found, no squash is required
kevin@intel:~/dn42/registry$






With that you have created all the object files you need for your DN42 application. Next you need to check the files and then commit the the registry.

 

 

Check the Object Files and Commit to the DN42 Registry

 

 

Next cd to the root folder of the git repository, and run:

 

git add .

git commit  

 

 

The following is a copy-paste of the commands I entered to complete the process. Some edits and corrections were required by the DN42 registry moderators. These were carried out and the results added and committed using git.

kevin@intel:~/dn42/registry$ git add .
kevin@intel:~/dn42/registry$

kevin@intel:~/dn42/registry$ git commit 
[BeeGeePee-20210528/mychange 355a0c222] adding new files
Committer: kevin <kevin@intel.fritz.box>
Your name and email address were configured automatically based
on your username and hostname. Please check that they are accurate.
You can suppress this message by setting them explicitly. Run the
following command and follow the instructions in your editor to edit
your configuration file:




git config --global --edit




After doing this, you may fix the identity used for this commit with:




git commit --amend --reset-author




8 files changed, 61 insertions(+)
create mode 100644 data/aut-num/AS4242426834
create mode 100644 data/dns/beegeepee.dn42
create mode 100644 data/inet6num/fd4c:6516:94e0::_48
create mode 100644 data/inetnum/172.20.45.80_28
create mode 100644 data/mntner/BEEGEEPEE-MNT
create mode 100644 data/person/BEEGEEPEE-DN42
create mode 100644 data/route/172.20.45.80_28
create mode 100644 data/route6/fd4c:6516:94e0::_48
kevin@intel:~/dn42/registry$ 
kevin@intel:~/dn42/registry$





I then did:

 

git config –global –edit

 

to change the email address of committer to

 

k*@gmail.com

 

followed by: 

 

kevin@intel:~/dn42/registry$ git commit 
On branch BeeGeePee-20210528/mychange
Your branch is ahead of 'origin/BeeGeePee-20210528/mychange' by 3 commits.
(use "git push" to publish your local commits)
nothing to commit, working tree clean
kevin@intel:~/dn42/registry$ git push
Enumerating objects: 29, done.
Counting objects: 100% (29/29), done.
Delta compression using up to 4 threads
Compressing objects: 100% (19/19), done.
Writing objects: 100% (19/19), 2.41 KiB | 2.41 MiB/s, done.
Total 19 (delta 14), reused 0 (delta 0)
remote: 
remote: Create a new pull request for 'BeeGeePee-20210528/mychange':
remote: https://git.dn42.dev/dn42/registry/compare/master...BeeGeePee-20210528/mychange
remote: 
remote: . Processing 1 references
remote: Processed 1 references in total
To git.dn42.dev:dn42/registry.git
979904ffd..a1ee32c10 BeeGeePee-20210528/mychange -> BeeGeePee-20210528/mychange
kevin@intel:~/dn42/registry$





and then did:

kevin@intel:~/dn42/registry$ ./squash-my-commits
Rebasing local changes against the registry master




From git.dn42.dev:dn42/registry
* branch master -> FETCH_HEAD
Current branch BeeGeePee-20210528/mychange is up to date.
1 local commits found, no squash is required
kevin@intel:~/dn42/registry$

 

 

Since others may have changed the registry while you’re adding your files, you need to update your repository:

 

kevin@intel:~/dn42/registry$ git fetch origin master
From git.dn42.dev:dn42/registry
* branch master -> FETCH_HEAD
979904ffd..e145545c9 master -> origin/master
kevin@intel:~/dn42/registry$

 

then

 

# Switch to your own branch

NOTE! important: use correct upper and lower case for this name (BeeGeePee) – else does not work!

 

git checkout BeeGeePee-20210528/mychange

 

kevin@intel:~/dn42/registry$ git checkout BeeGeePee-20210528/mychange
Already on 'BeeGeePee-20210528/mychange'
Your branch is up to date with 'origin/BeeGeePee-20210528/mychange'.
kevin@intel:~/dn42/registry$

 

 

then do:

 

# If you don’t have a GPG key, remove -S from command
git rebase -i -S origin/master

 

ie

 

git rebase -i origin/master

 

kevin@intel:~/dn42/registry$ git rebase -i origin/master
Successfully rebased and updated detached HEAD.
kevin@intel:~/dn42/registry$

 

 

then to upload your changes to the Git server:

 

kevin@intel:~/dn42/registry$ git push -f 
Everything up-to-date
kevin@intel:~/dn42/registry$


 

ok, so far so good…

 

next, check the git log:

 

git log

 

I can see some entries for me in there…

commit a1ee32c10e553b34c4543c5996c4c368b14c25c1 (HEAD -> BeeGeePee-20210528/mychange, origin/BeeGeePee-20210528/mychange)
Author: kevin <kevin@intel.fritz.box>
Date: Fri May 28 22:55:33 2021 +0200

 

adding new files
changed committer email to @gmail.com

commit e145545c91c50a7fb2b3c7dc12812d1b84ece276 (origin/master, origin/HEAD, dn42registry/master)
Merge: 979904ffd 60f78449d
Author: <p0tat05@noreply.dn42.us>
Date: Fri May 28 14:12:57 2021 +0000

Merge pull request ‘Register LACERTAE-MNT’ (#833) from lacertae-20210528/register into master

Reviewed-on: https://git.dn42.dev/dn42/registry/pulls/833
Reviewed-by: schema-checker <schema-checker@noreply.dn42.us>
Reviewed-by:  <p0tat05@noreply.dn42.us>

commit 60f78449dd53a1099d7cd167f78cb2be97c476cf
Author: LACERTAE <lacertae40@gmail.com>


this is the commit hash:

 

kevin@intel:~/dn42/registry$ git log
commit a1ee32c10e553b34c4543c5996c4c368b14c25c1 (HEAD -> BeeGeePee-20210528/mychange, origin/BeeGeePee-20210528/mychange)
Author: kevin <kevin@intel.fritz.box>
Date: Fri May 28 22:55:33 2021 +0200




adding new files
changed committer email to @gmail.com

 

 

then I have to do following:

 

Back to dn42/registry, start a Pull Request and wait for your information to be merged.

 

If you’re authenticating with SSH pubkey, first run git log to see the hash of your commit, then run this command, and post the result along with your Pull Request:

 

echo [commit hash] | ssh-keygen -Y sign -f ~/.ssh/id_ed25519 -n dn42

 

Remember to replace with your commit hash and private key location:

 

for me:

 

echo a1ee32c10e553b34c4543c5996c4c368b14c25c1 | ssh-keygen -Y sign -f ~/.ssh/id_rsa.pub -n dn42





kevin@intel:~/dn42/registry$ echo a1ee32c10e553b34c4543c5996c4c368b14c25c1 | ssh-keygen -Y sign -f ~/.ssh/id_rsa.pub -n dn42
Signing data on standard input
-----BEGIN SSH SIGNATURE-----
U1NIU0l(hidden) xTA3jwX8=
-----END SSH SIGNATURE-----
kevin@intel:~/dn42/registry$

 

 

Next, wait a while, then, after merging your information, you’ve officially obtained your address block.

 

I then made a correction, in response to an email received:

Re: [dn42/registry] adding new files (#835)
Inbox





schema-checker <git@dn42.us>
11:44 PM (14 minutes ago)
to me

@schema-checker requested changes on this pull request.

Automatic validation of your request found some errors. Please update your request to fix the errors detailed below:
ERROR: fd4c:6516:94e0::_48 (route6): 'Value "fd4c:6516:94e0::_48" does not match regex "(([0-9a-f]{1,4}:){7,7}[0-9a-f]{1,4}|([0-9a-f]{1,4}:){1,7}:|([0-9a-f]{1,4}:){1,6}(:[0-9a-f]{1,4}){1,1}|([0-9a-f]{1,4}:){1,5}(:[0-9a-f]{1,4}){1,2}|([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,3}|([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,4}|([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,5}|([0-9a-f]{1,4}:){1,1}(:[0-9a-f]{1,4}){1,6}|:(:[0-9a-f]{1,4}){1,7}|::|([0-9a-f]{1,4}:){6,6}((1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])|([0-9a-f]{1,4}:){1,5}:((1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])|([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,1}:((1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])|([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,2}:((1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])|([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,3}:((1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])|([0-9a-f]{1,4}:){1,1}(:[0-9a-f]{1,4}){1,4}:((1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])|:(:[0-9a-f]{1,4}){1,5}:((1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])|::((1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5]))/([1-9]?[0-9]|1[0-1][0-9]|12[0-8])".'
---
kevin@intel:~/dn42/registry/data/route6$


 

Problem was the _48 for the roue6 definition, have to use /48 …see below:

 

nano data/route6/fd4c:6516:94e0::_48





route6: fd4c:6516:94e0::/48 
descr: Peer with me at @gmail.com
origin: AS4242422352 
mnt-by: BEEGEEPEE-MNT
source: DN42

 

 

now corrected. Then did:

 

 

kevin@intel:~/dn42/registry$ git commit
[BeeGeePee-20210528/mychange 22d72dc61] corrected data/route6 (netmask format was incorrect)
Committer: kevin <kevin@intel.fritz.box>
Your name and email address were configured automatically based
on your username and hostname. Please check that they are accurate.
You can suppress this message by setting them explicitly:

 

git config --global user.name "Your Name"
git config --global user.email you@example.com

 

After doing this, you may fix the identity used for this commit with:

git commit --amend --reset-author

1 file changed, 2 insertions(+), 1 deletion(-)
kevin@intel:~/dn42/registry$ 
kevin@intel:~/dn42/registry$ 
kevin@intel:~/dn42/registry$ 
kevin@intel:~/dn42/registry$ git push -f 
Enumerating objects: 9, done.
Counting objects: 100% (9/9), done.
Delta compression using up to 4 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 447 bytes | 447.00 KiB/s, done.
Total 5 (delta 4), reused 0 (delta 0)
remote: 
remote: Visit the existing pull request:
remote: https://git.dn42.dev/dn42/registry/pulls/835
remote: 
remote: . Processing 1 references
remote: Processed 1 references in total
To git.dn42.dev:dn42/registry.git
a1ee32c10..22d72dc61 BeeGeePee-20210528/mychange -> BeeGeePee-20210528/mychange
kevin@intel:~/dn42/registry$

 

Re: [dn42/registry] adding new files (#835)
Inbox

Drone CI Pipeline Account <git@dn42.us>
Fri, May 28, 11:59 PM (1 minute ago)

to me

@pipeline requested changes on this pull request.

 

This pull requests contains 2 commits, please squash them to a single commit.

 

The registry contains a helper script for doing this automatically:

$ ./squash-my-commits -S --push
Use --help for options.

---
View it on DN42 GIT.

 

 

kevin@intel:~/dn42/registry$ ./fmt-my-stuff BEEGEEPEE-MNT
kevin@intel:~/dn42/registry$ ./check-my-stuff BEEGEEPEE-MNT
[NOTE] ## Scan Started at 2021-05-29 08:26:06
CHECK data/mntner/BEEGEEPEE-MNT PASS MNTNERS: BEEGEEPEE-MNT
[NOTE] ## Scan Completed at 2021-05-29 08:26:09
[NOTE] ## Scan Started at 2021-05-29 08:26:09
CHECK data/person/BEEGEEPEE-DN42 PASS MNTNERS: BEEGEEPEE-MNT
CHECK data/aut-num/AS4242426834 PASS MNTNERS: BEEGEEPEE-MNT
CHECK data/mntner/BEEGEEPEE-MNT PASS MNTNERS: BEEGEEPEE-MNT
[INFO] fd4c:6516:94e0::/48
CHECK data/inet6num/fd4c:6516:94e0::_48 PASS MNTNERS: BEEGEEPEE-MNT
CHECK data/route6/fd4c:6516:94e0::_48 PASS MNTNERS: BEEGEEPEE-MNT
CHECK data/inetnum/172.20.45.80_28 PASS MNTNERS: BEEGEEPEE-MNT
CHECK data/dns/beegeepee.dn42 PASS MNTNERS: BEEGEEPEE-MNT
CHECK data/route/172.20.45.80_28 PASS MNTNERS: BEEGEEPEE-MNT
[NOTE] ## Scan Completed at 2021-05-29 08:26:10
kevin@intel:~/dn42/registry$

 

 

 

Had to make some modifications to the objects on request from DN42 administrator, then did:

kevin@intel:~/DATA/DN42/registry$ git add .
kevin@intel:~/DATA/DN42/registry$ git commit 
[BeeGeePee-20210529/mychange ede7100b9] corrections as requested.
5 files changed, 3 insertions(+), 5 deletions(-)
rename data/aut-num/{AS4242426834 => AS4242422352} (86%)
kevin@intel:~/DATA/DN42/registry$ 
kevin@intel:~/DATA/DN42/registry$ 
kevin@intel:~/DATA/DN42/registry$ 
kevin@intel:~/DATA/DN42/registry$ ./squash-my-commits
Rebasing local changes against the registry master
From git.dn42.dev:dn42/registry
* branch master -> FETCH_HEAD
Current branch BeeGeePee-20210529/mychange is up to date.
Squashing $count commits ...
[BeeGeePee-20210529/mychange cfa0d62e1] squashed commit:
8 files changed, 59 insertions(+)
create mode 100644 data/aut-num/AS4242422352
create mode 100644 data/dns/beegeepee.dn42
create mode 100644 data/inet6num/fd4c:6516:94e0::_48
create mode 100644 data/inetnum/172.20.45.80_28
create mode 100644 data/mntner/BEEGEEPEE-MNT
create mode 100644 data/person/BEEGEEPEE-DN42
create mode 100644 data/route/172.20.45.80_28
create mode 100644 data/route6/fd4c:6516:94e0::_48
---
commit cfa0d62e16f970e9d89597afe41b576e37b305ae (HEAD -> BeeGeePee-20210529/mychange)
Author: kevin < @gmail.com>
Date: Sat May 29 16:00:33 2021 +0200

 

squashed commit:


ede7100b9 corrections as requested.
ccb67194a branch recloned and pushed
---
Remember to sign your commit: ./sign-my-commit FOO-MNT
and then push your changes using: git push --force


so I did:

 

kevin@intel:~/DATA/DN42/registry$ ./sign-my-commit BEEGEEPEE-MNT
1 local commits found, no squash is required
Attempting to guess auth method from the mntner object
Signing using SSH key
ERROR: You must specify your SSH private key using --key




kevin@intel:~/DATA/DN42/registry$ ./sign-my-commit BEEGEEPEE-MNT --key /home/kevin/.ssh/id_rsa
id_rsa id_rsa.pub

kevin@intel:~/DATA/DN42/registry$ ./sign-my-commit BEEGEEPEE-MNT --key /home/kevin/.ssh/id_rsa
1 local commits found, no squash is required
Attempting to guess auth method from the mntner object
Signing using SSH key
Signing data on standard input
[BeeGeePee-20210529/mychange 5698239cc] squashed commit:
Date: Sat May 29 16:00:33 2021 +0200
8 files changed, 59 insertions(+)
create mode 100644 data/aut-num/AS4242422352
create mode 100644 data/dns/beegeepee.dn42
create mode 100644 data/inet6num/fd4c:6516:94e0::_48
create mode 100644 data/inetnum/172.20.45.80_28
create mode 100644 data/mntner/BEEGEEPEE-MNT
create mode 100644 data/person/BEEGEEPEE-DN42
create mode 100644 data/route/172.20.45.80_28
create mode 100644 data/route6/fd4c:6516:94e0::_48
Verifying SSH signature
Good "dn42" signature for BEEGEEPEE-MNT with RSA key SHA256:XfgZUCZQ0QRgmrYZ60k4WNbfzwfvqfS4WjjHJvv4ri4
Successfully verified SSH sigature
Remember to push your changes using: git push --force
kevin@intel:~/DATA/DN42/registry$ git push --force
Enumerating objects: 29, done.
Counting objects: 100% (29/29), done.
Delta compression using up to 4 threads
Compressing objects: 100% (19/19), done.
Writing objects: 100% (19/19), 3.42 KiB | 3.42 MiB/s, done.
Total 19 (delta 14), reused 0 (delta 0)
remote: 
remote: Visit the existing pull request:
remote: https://git.dn42.dev/dn42/registry/pulls/836
remote: 
remote: . Processing 1 references
remote: Processed 1 references in total
To git.dn42.dev:dn42/registry.git
+ ccb67194a...5698239cc BeeGeePee-20210529/mychange -> BeeGeePee-20210529/mychange (forced update)

 

kevin@intel:~/DATA/DN42/registry$

 

I made a correction to route6,  then did:


kevin@intel:~/DATA/DN42/registry$ git commit 
[BeeGeePee-20210529/mychange b3760c0b8] corrections to route6
1 file changed, 1 insertion(+), 1 deletion(-)
kevin@intel:~/DATA/DN42/registry$ 
kevin@intel:~/DATA/DN42/registry$ ./sign-my-commit BEEGEEPEE-MNT --key /home/kevin/.ssh/id_rsa
2 local commits found
ERROR: Ensure your commits are squashed before signing
Run the included script: ./squash-my-commits
kevin@intel:~/DATA/DN42/registry$ ./squash-my-commits
Rebasing local changes against the registry master
From git.dn42.dev:dn42/registry
* branch master -> FETCH_HEAD
Current branch BeeGeePee-20210529/mychange is up to date.
Squashing $count commits ...
[BeeGeePee-20210529/mychange 983562dc3] squashed commit:
8 files changed, 59 insertions(+)
create mode 100644 data/aut-num/AS4242422352
create mode 100644 data/dns/beegeepee.dn42
create mode 100644 data/inet6num/fd4c:6516:94e0::_48
create mode 100644 data/inetnum/172.20.45.80_28
create mode 100644 data/mntner/BEEGEEPEE-MNT
create mode 100644 data/person/BEEGEEPEE-DN42
create mode 100644 data/route/172.20.45.80_28
create mode 100644 data/route6/fd4c:6516:94e0::_48
---
commit 983562dc3f5d6c66ee35f609477ab7eab36c6fb2 (HEAD -> BeeGeePee-20210529/mychange)
Author: kevin < @gmail.com>
Date: Sat May 29 16:16:31 2021 +0200

 

squashed commit:

b3760c0b8 corrections to route6
5698239cc squashed commit:
---
Remember to sign your commit: ./sign-my-commit FOO-MNT
and then push your changes using: git push --force
kevin@intel:~/DATA/DN42/registry$ ./sign-my-commit BEEGEEPEE-MNT --key /home/kevin/.ssh/id_rsa
1 local commits found, no squash is required
Attempting to guess auth method from the mntner object
Signing using SSH key
Signing data on standard input
[BeeGeePee-20210529/mychange 4fd652322] squashed commit:
Date: Sat May 29 16:16:31 2021 +0200
8 files changed, 59 insertions(+)
create mode 100644 data/aut-num/AS4242422352
create mode 100644 data/dns/beegeepee.dn42
create mode 100644 data/inet6num/fd4c:6516:94e0::_48
create mode 100644 data/inetnum/172.20.45.80_28
create mode 100644 data/mntner/BEEGEEPEE-MNT
create mode 100644 data/person/BEEGEEPEE-DN42
create mode 100644 data/route/172.20.45.80_28
create mode 100644 data/route6/fd4c:6516:94e0::_48
Verifying SSH signature
Good "dn42" signature for BEEGEEPEE-MNT with RSA key SHA256:XfgZUCZQ0QRgmrYZ60k4WNbfzwfvqfS4WjjHJvv4ri4
Successfully verified SSH sigature
Remember to push your changes using: git push --force

 

kevin@intel:~/DATA/DN42/registry$ 
kevin@intel:~/DATA/DN42/registry$ git push --force
Enumerating objects: 29, done.
Counting objects: 100% (29/29), done.
Delta compression using up to 4 threads
Compressing objects: 100% (19/19), done.
Writing objects: 100% (19/19), 3.40 KiB | 3.40 MiB/s, done.
Total 19 (delta 14), reused 0 (delta 0)
remote: 
remote: Visit the existing pull request:
remote: https://git.dn42.dev/dn42/registry/pulls/836
remote: 
remote: . Processing 1 references
remote: Processed 1 references in total
To git.dn42.dev:dn42/registry.git
+ 5698239cc...4fd652322 BeeGeePee-20210529/mychange -> BeeGeePee-20210529/mychange (forced update)
kevin@intel:~/DATA/DN42/registry$ 
kevin@intel:~/DATA/DN42/registry$

 

Then made another correction, this time for dns ipv6 server address, added back to object.

then did:

 

git add .
git commit

 

and added ssh public key for kevin@intel to my git dn42 web dashboard (ie copy pasted the public key)

 

then did:

 

kevin@intel:~/DATA/DN42/registry$ ./sign-my-commit BEEGEEPEE-MNT --key /home/kevin/.ssh/id_rsa
1 local commits found, no squash is required
ERROR: The last commit appears to already be signed
---
commit e190e2c92b0e3affdda223ecce4a67db25c4c0c4 (HEAD -> BeeGeePee-20210529/mychange, origin/BeeGeePee-20210529/mychange)
Author: kevin < @gmail.com>
Date: Sat May 29 16:52:05 2021 +0200

 

squashed commit:

20a17d8c4 added ipv6 dns
b7e5c9501 squashed commit:

### DN42 Signature
### method: ssh
### mntner: BEEGEEPEE-MNT
### text: ae55bb0d1f49e06741046ad23d5c0e0ed064534c
-----BEGIN SSH SIGNATURE-----
U1NY4****** (hidden)
iQfZGYJbD/sek/o=
-----END SSH SIGNATURE-----
kevin@intel:~/DATA/DN42/registry$ git push --force
Everything up-to-date
kevin@intel:~/DATA/DN42/registry$

 

 

 

DN42 Application Approved

 

Final result from DN42 on Git, comment from moderator:

 

 

Good "dn42" signature for BEEGEEPEE-MNT with RSA key SHA256:XfgZUCZQ0QRgmrYZ60k4WNbfzwfvqfS4WjjHJvv4ri4

[NOTE] ## Scan Started at 2021-05-29 16:55:00
CHECKdata/mntner/BEEGEEPEE-MNT PASSMNTNERS: BEEGEEPEE-MNT
[NOTE] ## Scan Completed at 2021-05-29 16:55:02
[NOTE] ## Scan Started at 2021-05-29 16:55:02
CHECKdata/inetnum/172.20.45.80_28 PASSMNTNERS: BEEGEEPEE-MNT
[INFO] fd4c:6516:94e0::/48
CHECKdata/inet6num/fd4c:6516:94e0::_48 PASSMNTNERS: BEEGEEPEE-MNT
CHECKdata/route/172.20.45.80_28 PASSMNTNERS: BEEGEEPEE-MNT
CHECKdata/aut-num/AS4242422352 PASSMNTNERS: BEEGEEPEE-MNT
CHECKdata/person/BEEGEEPEE-DN42 PASSMNTNERS: BEEGEEPEE-MNT
CHECKdata/dns/beegeepee.dn42 PASSMNTNERS: BEEGEEPEE-MNT
CHECKdata/route6/fd4c:6516:94e0::_48 PASSMNTNERS: BEEGEEPEE-MNT
CHECKdata/mntner/BEEGEEPEE-MNT PASSMNTNERS: BEEGEEPEE-MNT
[NOTE] ## Scan Completed at 2021-05-29 16:55:03
[INFO] [[['@as-min', 'AS0000000001'], ['@as-max', 'AS4294967294'], ['as-block', 'AS1-AS4294967294'], ['mnt-by', 'DN42-MNT'], ['policy', 'closed']], [['@as-min', 'AS4242420000'], ['@as-max', 'AS4242423999'], ['as-block', 'AS4242420000-AS4242423999'], ['mnt-by', 'DN42-MNT'], ['policy', 'open']]]
[NOTE] Policy is open for parent object
POLICY BEEGEEPEE-MNTaut-num AS4242422352PASS
[NOTE] beegeepee.dn42 does not currently exist
POLICY BEEGEEPEE-MNTdns beegeepee.dn42PASS
[INFO] Checking inetnum type
[INFO] ['fd4c651694e000000000000000000000', 'fd4c651694e0ffffffffffffffffffff', '048']
[NOTE] Policy is open for parent object
POLICY BEEGEEPEE-MNTinet6num fd4c:6516:94e0::/48PASS
[INFO] Checking inetnum type
[INFO] ['00000000000000000000ffffac142d50', '00000000000000000000ffffac142d5f', '124']
[NOTE] Policy is open for parent object
POLICY BEEGEEPEE-MNTinetnum 172.20.45.80/28PASS
[NOTE] BEEGEEPEE-MNT does not currently exist
POLICY BEEGEEPEE-MNTmntner BEEGEEPEE-MNTPASS
[NOTE] BEEGEEPEE-DN42 does not currently exist
POLICY BEEGEEPEE-MNTperson BEEGEEPEE-DN42PASS
[INFO] Checking route type
[INFO] ['00000000000000000000ffffac142d50', '00000000000000000000ffffac142d5f', '124']
[NOTE] Policy is open for parent object
POLICY BEEGEEPEE-MNTroute 172.20.45.80/28PASS
[INFO] Checking route type
[INFO] ['fd4c651694e000000000000000000000', 'fd4c651694e0ffffffffffffffffffff', '048']
[NOTE] Policy is open for parent object
POLICY BEEGEEPEE-MNTroute6 fd4c:6516:94e0::/48PASS
p0tat05 approved these changes 1 week ago

branch recloned and pushed #836
Merged p0tat05 merged 1 commits from BeeGeePee-20210529/mychange into master 1 week ago


p0tat05 approved these changes 1 week ago
p0tat05 merged commit 2e3e0e9e01 into master 1 week ago
p0tat05 referenced this issue from a commit 1 week ago
Merge pull request 'branch recloned and pushed' (#836) from BeeGeePee-20210529/mychange into master

p0tat05 deleted branch BeeGeePee-20210529/mychange 1 week ago
p0tat05 removed the authentication pending label 1 week ago


 

With that the application is completed and we are now approved by DN42. Finito!

 

 

 

Continue Reading

How To Install Quagga

To quote from Wikipedia:

 

Quagga is a network routing software suite providing implementations of Open Shortest Path First (OSPF), Routing Information Protocol (RIP), Border Gateway Protocol (BGP) and IS-IS for Unix-like platforms, particularly Linux, Solaris, FreeBSD and NetBSD.

 

The Quagga architecture consists of a core daemon (zebra) which is an abstraction layer to the underlying Unix kernel and presents the Zserv API over a Unix-domain socket or TCP socket to Quagga clients.

 

The Zserv clients typically implement a routing protocol and communicate routing updates to the zebra daemon. Existing Zserv clients are:

 

ospfd, implementing Open Shortest Path First (OSPFv2)
isisd, implementing Intermediate System to Intermediate System (IS-IS)
ripd, implementing Routing Information Protocol (RIP) version 1 and 2;
ospf6d, implementing Open Shortest Path First (OSPFv3) for IPv6
ripngd, implementing Routing Information Protocol (RIPng) for IPv6
bgpd, implementing Border Gateway Protocol (BGPv4+), including address family support for IP multicast and IPv6
pimd, implementing Protocol Independent Multicast (PIM-SSM) for Source-specific multicast

 

Additionally, the Quagga architecture has a rich development library to facilitate the implementation of protocol and client software with consistent configuration and administrative behavior.

 

Google has contributed to improvements to the IS-IS protocol and added BGP multipath support.

 

 

The Quagga routing package is comprised of 2 modules:

 

the Zebra daemon, and the Routing Processes (RIP,OSPF,BGP,IS-IS,Babel,OLSR,LDP,BFD)

 

Zebra daemon

 

The zebra daemon is an abstraction layer that sits between system kernel and the running routing processes. Each routing protocol operates its own routing daemon.

 

Quagga is responsible for updating the kernel routing table, setting static routes and managing dynamic routing.  Quagga can also be used to modify the physical host interface and routing table.

 

Routing Processes

 

All the Quagga routing daemons (ripd, ripngd, ospfd, ospfv6d, bgpd, isisd, babeld, olsrd, ldpd & bfdd)
communicate with the zebra daemon rather than directly with the kernel.

 

The Quagga daemons can be configured individually via a network-usable CLI called a “vty”.

 

After installing Quagga, you have to configure each daemon’s port number to connect to them.

 

Add the following entries to /etc/services:

 

zebrasrv 2600/tcp # zebra service
zebra 2601/tcp # zebra vty
ripd 2602/tcp # RIPd vty
ripngd 2603/tcp # RIPngd vty
ospfd 2604/tcp # OSPFd vty
bgpd 2605/tcp # BGPd vty
ospf6d 2606/tcp # OSPF6d vty
ospfapi 2607/tcp # ospfapi
isisd 2608/tcp # ISISd vty
pimd 2611/tcp # PIMd vty
nhrpd 2612/tcp # nhrpd vty

 

 

The vty CLI provides a similar though not identical interface to that of other routing software.

 

Quagga also includes a tool called “vtysh”‘ which is a single CLI interface to all Quagga daemons. vtysh accepts commands which are compatible or similar to those supported by router vendors such as Cisco and Juniper.

 

 

For detailed information about using Quagga see the official documentation at: https://www.quagga.net/docs/quagga.html

 

The Installation Process for Quagga

 

root@intel:~# apt install quagga
Reading package lists… Done
Building dependency tree
Reading state information… Done
quagga is already the newest version (1.2.4-4build1).
The following packages were automatically installed and are no longer required:
libphonenumber7 libprotobuf17
Use ‘sudo apt autoremove’ to remove them.
0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
root@intel:~#

 

 

root@intel:~# apt install quagga-doc
Reading package lists… Done
Building dependency tree

………
done

 

 

 

root@intel:~# cp /usr/share/doc/quagga-core/examples/vtysh.conf.sample /etc/quagga/vtysh.conf
root@intel:~# cp /usr/share/doc/quagga-core/examples/zebra.conf.sample /etc/quagga/zebra.conf
root@intel:~# cp /usr/share/doc/quagga-core/examples/bgpd.conf.sample /etc/quagga/bgpd.conf
root@intel:~# sudo chown quagga:quagga /etc/quagga/*.conf
root@intel:~# sudo chown quagga:quaggavty /etc/quagga/vtysh.conf
root@intel:~# sudo chmod 640 /etc/quagga/*.conf
root@intel:~#

 

 

Enable packet forwarding and disable rp_filter, by uncommenting /etc/sysctl.conf:

 

nano /etc/sysctl.conf

 

net.ipv4.ip_forward=1

 

 

 

then to reload the values from the sysctl.conf

 

run:

 

root@intel:~# sysctl -p
net.ipv4.ip_forward = 1
root@intel:~#

 

 

Then set up the logging:

 

root@intel:~# mkdir /var/log/quagga/
root@intel:~# chown quagga:quagga /var/log/quagga/
root@intel:~# touch /var/log/zebra.log
root@intel:~# chown quagga:quagga /var/log/zebra.log
root@intel:~#

 

 

start the services and verify:

 

systemctl start zebra
systemctl start bgpd
systemctl status zebra
systemctl status bgpd

 

 

The bgbd service will automatically start the zebra service as this bdpd is dependent on it.

 

However, note that if you want to fully stop Quagga, you have to manually stop the zebra service too.

 

root@intel:~# systemctl start zebra
root@intel:~# systemctl start bgpd
root@intel:~# systemctl status zebra
● zebra.service – GNU Zebra routing manager
Loaded: loaded (/lib/systemd/system/zebra.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-06-01 14:25:05 CEST; 40ms ago
Docs: man:zebra
Process: 50339 ExecStartPre=/sbin/ip route flush proto zebra (code=exited, status=0/SUCCESS)
Process: 50354 ExecStartPre=/bin/chmod -f 640 /etc/quagga/vtysh.conf /etc/quagga/zebra.conf (code=exited, status=0/SUCCESS)
Process: 50355 ExecStartPre=/bin/chown -f quagga:quagga /etc/quagga/zebra.conf (code=exited, status=0/SUCCESS)
Process: 50356 ExecStartPre=/bin/chown -f quagga:quaggavty /etc/quagga/vtysh.conf (code=exited, status=0/SUCCESS)
Process: 50357 ExecStart=/usr/sbin/zebra -d -A 127.0.0.1 -f /etc/quagga/zebra.conf (code=exited, status=0/SUCCESS)
Main PID: 50358 (zebra)
Tasks: 1 (limit: 9344)
Memory: 3.3M
CGroup: /system.slice/zebra.service
└─50358 /usr/sbin/zebra -d -A 127.0.0.1 -f /etc/quagga/zebra.conf

Jun 01 14:25:05 intel systemd[1]: Starting GNU Zebra routing manager…
Jun 01 14:25:05 intel systemd[1]: Started GNU Zebra routing manager.
root@intel:~# systemctl status bgpd
● bgpd.service – BGP routing daemon
Loaded: loaded (/lib/systemd/system/bgpd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-06-01 14:25:05 CEST; 3s ago
Docs: man:bgpd
Process: 50361 ExecStartPre=/bin/chmod -f 640 /etc/quagga/bgpd.conf (code=exited, status=0/SUCCESS)
Process: 50362 ExecStartPre=/bin/chown -f quagga:quagga /etc/quagga/bgpd.conf (code=exited, status=0/SUCCESS)
Process: 50363 ExecStart=/usr/sbin/bgpd -d -A 127.0.0.1 -f /etc/quagga/bgpd.conf (code=exited, status=0/SUCCESS)
Main PID: 50364 (bgpd)
Tasks: 1 (limit: 9344)
Memory: 4.0M
CGroup: /system.slice/bgpd.service
└─50364 /usr/sbin/bgpd -d -A 127.0.0.1 -f /etc/quagga/bgpd.conf

Jun 01 14:25:05 intel systemd[1]: Starting BGP routing daemon…
Jun 01 14:25:05 intel systemd[1]: Started BGP routing daemon.
root@intel:~#

 

 

Check that the services will start on reboot:

 

Check whether the services start at system startup:

 

systemctl is-enabled zebra.service
systemctl is-enabled bgpd.service

 

root@intel:~# systemctl is-enabled zebra.service
enabled
root@intel:~# systemctl is-enabled bgpd.service
enabled
root@intel:~#

 

 

Disable unnecessary services:

systemctl status ospfd

systemctl is-enabled ospfd
systemctl is-enabled ospf6d
systemctl is-enabled ripd
systemctl is-enabled ripngd
systemctl is-enabled isisd

systemctl disable ospfd
systemctl disable ospf6d
systemctl disable ripd
systemctl disable ripngd
systemctl disable isisd

 

then run again:

 

systemctl is-enabled ospfd
systemctl is-enabled ospf6d
systemctl is-enabled ripd
systemctl is-enabled ripngd
systemctl is-enabled isisd

 

 

root@intel:~# systemctl status ospfd
● ospfd.service – OSPF routing daemon
Loaded: loaded (/lib/systemd/system/ospfd.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Condition: start condition failed at Sun 2021-05-30 14:43:26 CEST; 1 day 23h ago
Docs: man:ospfd

 

Mai 30 14:43:26 intel systemd[1]: Condition check resulted in OSPF routing daemon being skipped.
root@intel:~#
root@intel:~# systemctl is-enabled ospfd
enabled
root@intel:~# systemctl is-enabled ospf6d
enabled
root@intel:~# systemctl is-enabled ripd
enabled
root@intel:~# systemctl is-enabled ripngd
enabled
root@intel:~# systemctl is-enabled isisd
enabled
root@intel:~# systemctl disable ospfd
Synchronizing state of ospfd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable ospfd

 

Removed /etc/systemd/system/multi-user.target.wants/ospfd.service.
root@intel:~# systemctl disable ospf6d
Synchronizing state of ospf6d.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable ospf6d
Removed /etc/systemd/system/multi-user.target.wants/ospf6d.service.
root@intel:~# systemctl disable ripd
Synchronizing state of ripd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable ripd
Removed /etc/systemd/system/multi-user.target.wants/ripd.service.
root@intel:~# systemctl disable ripngd
Synchronizing state of ripngd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable ripngd
Removed /etc/systemd/system/multi-user.target.wants/ripngd.service.
root@intel:~# systemctl disable isisd
Synchronizing state of isisd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable isisd
Removed /etc/systemd/system/multi-user.target.wants/isisd.service.
root@intel:~# systemctl is-enabled ospfd
disabled
root@intel:~# systemctl is-enabled ospf6d
disabled
root@intel:~# systemctl is-enabled ripd
disabled
root@intel:~# systemctl is-enabled ripngd
disabled
root@intel:~# systemctl is-enabled isisd
disabled
root@intel:~#

 

 

Test connections to the vtysh, bgpd and zebra terminals:

 

vtysh
telnet localhost 2605
telnet localhost 2601

 

 

root@intel:~# vtysh

 

Hello, this is Quagga (version 1.2.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

intel#
intel#
intel#
intel# exit
root@intel:~# telnet localhost 2605
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.

 

Hello, this is Quagga (version 1.2.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

User Access Verification

 

Password:
Password:
Password:
% Bad passwords, too many failures!
Connection closed by foreign host.
root@intel:~# telnet localhost 2601
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.

 

Hello, this is Quagga (version 1.2.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

User Access Verification

 

Password:
Password:
Password:
% Bad passwords, too many failures!
Connection closed by foreign host.
root@intel:~#

 

 

This completes the basic installation of Quagga.

 

 

Next steps are to configure the logins for the above admin systems and then configure the router for BGP.

 

 

Configure Quagga VTY

 

 

Add your Linux user account to the quaggavty group. This lets you to access the Quagga VTY command-line interface:

 

adduser <user> quaggavty

 

root@intel:~# adduser kevin quaggavty
Adding user `kevin’ to group `quaggavty’ …
Adding user kevin to group quaggavty
Done.
root@intel:~#

 

 

vty uses “more” for pagination. However this can be switched to “less”, by adding the following environment variable to your ~/.profile or ~/.bash_profile configuration file:

 

export VTYSH_PAGER=”less -FX”

 

The -F argument is used to prevent less from activating if the output is smaller than one screen in size, and -X is used to prevent the screen being unnecessarily cleared.

 

kevin@intel:~$ cat ~/.profile
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.

# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022

 

# if running bash
if [ -n “$BASH_VERSION” ]; then
# include .bashrc if it exists
if [ -f “$HOME/.bashrc” ]; then
. “$HOME/.bashrc”
fi
fi

# set PATH so it includes user’s private bin directories
PATH=”$HOME/bin:$HOME/.local/bin:$PATH”

export VTYSH_PAGER=”less -FX”

 

kevin@intel:~$

 

 

Finally, run the vtysh command in order to connect.

 

 

Quagga uses commands which are generally the same or similar to Cisco IOS

 

 

kevin@intel:~$ vtysh

 

Hello, this is Quagga (version 1.2.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

intel#

 

 

use ? to list basic level help:

 

intel# ?
clear Reset functions
configure Configuration from vty interface
copy Copy from one file to another
debug Debugging functions (see also ‘undebug’)
disable Turn off privileged mode command
enable Turn on privileged mode command
end End current mode and change to enable mode
exit Exit current mode and down to previous mode
list Print command list
no Negate a command or set its defaults
ping Send echo messages
quit Exit current mode and down to previous mode
show Show running system information
ssh Open an ssh connection
start-shell Start UNIX shell
telnet Open a telnet connection
terminal Set terminal line parameters
test Test
traceroute Trace route to destination
undebug Disable debugging functions (see also ‘debug’)
write Write running configuration to memory, network, or terminal
intel#

 

To enter configuration mode in vtysh use either

 

configure terminal

 

or

 

conf t

 

 

intel# configure terminal
intel(config)#
intel(config)# exit
intel#
intel# conf t
intel(config)#

 

 

You can then enter ? again and list the configuration level help:

 

 

intel(config)# ?
access-list Add an access list entry
bgp BGP information
debug Debugging functions
default Configure defaults of settings
dump Dump packet
enable Modify enable password parameters
end End current mode and change to enable mode
exit Exit current mode and down to previous mode
fpm fpm connection remote ip and port
hostname Set system’s network name
interface Select an interface to configure
ip IP information
ipv6 IP information
key Authentication key management
line Configure a terminal line
list Print command list
log Logging control
nhrp Next Hop Resolution Protocol functions
no Negate a command or set its defaults
password Assign the terminal connection password
route-map Create route-map or enter route-map command mode
router Enable a routing process
router-id Manually set the router-id
service Set up miscellaneous service
show Negate a command or set its defaults
table Configure target kernel routing table
undebug Disable debugging functions (see also ‘debug’)
username
vrf Enable a VRF
intel(config)#

 

To Configure Quagga Using vtysh

 

NOTE: This is included here for reference. Carry out the further configuration steps described further below before attempting this step!

 

Example of a basic BGP configuration:

 

vtysh> configure terminal
vtysh(config)> router bgp <your-asn>
vtysh(config-router)> neighbor <neighbor-ip> remote-as <neighbor-asn>
vtysh(config-router)> neighbor <neighbor-ip> interface <interface>
vtysh(config-router)> exit
vtysh(config)> exit

 

To display current BGP status:

 

intel# show ip bgp summary
No IPv4 neighbor is configured
intel#

 

 

 

 

 

How To Configure BGP on Quagga

 

 

First, check that Zebra is running. Zebra is the routing daemon for Quagga.

 

root@intel:~# netstat -tulpen | grep zebra
tcp 0 0 127.0.0.1:2601 0.0.0.0:* LISTEN 127 1232049 50358/zebra
root@intel:~#

 

 

 

Enable packet forwarding (ip_forwarding):

 

root@intel:/home/kevin# sysctl -a | grep net.ipv6.conf.default.forwarding
net.ipv6.conf.default.forwarding = 0
root@intel:/home/kevin# sysctl -a | grep net.ipv4.ip_forward
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
root@intel:/home/kevin# sysctl -a | grep net.ipv6.conf.all.forwarding
net.ipv6.conf.all.forwarding = 0

 

root@intel:/home/kevin#
root@intel:/home/kevin# echo “net.ipv4.ip_forward=1” >> /etc/sysctl.conf
root@intel:/home/kevin# echo “net.ipv6.conf.default.forwarding=1” >> /etc/sysctl.conf
root@intel:/home/kevin# echo “net.ipv6.conf.all.forwarding=1” >> /etc/sysctl.conf

 

root@intel:/home/kevin# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
root@intel:/home/kevin#

 

NOTE: if you are running a firewall such as iptables, also check that the firewall configuration is not blocking packet forwarding!

 

 

Disable the Linux rp_filter strict mode:

 

 

rp_filter is a network security mechanism in the Linux kernel. It checks packet source addresses and the source network interface.

 

Possible settings for rp_filter:

 

0 (disabled): allow all packets.

 

Packets that do not have entries in routing table and so cannot be handled correctly will instead be processed by userspace applications, so setting to 0 should be no problem here.

 

1 (strict): if the packets do not come in on the “best” network interface (or in other words, your server replies to the packet on a different network interface), then the packet will be dropped.

 

2 (relaxed): Linux will only drop packets which have a source address not in the routing table or else does not know how to respond properly to.

 

NOTE: Using different network interfaces for source and reply is common with DN42, so you should ensure you DON’T set rp_filter to 1!

 

ALSO NOTE: Firewalls such as ufw may be configured for Conntrack. Conntrack filters incoming packets from addresses it hasn’t seen before, which is effectively applying a strict rp_filter. So you may need to disable this setting.

 

 

echo “net.ipv4.conf.default.rp_filter=2” >> /etc/sysctl.conf
echo “net.ipv4.conf.all.rp_filter=2” >> /etc/sysctl.conf
sysctl -p

 

root@intel:/home/kevin# echo “net.ipv4.conf.default.rp_filter=2” >> /etc/sysctl.conf
root@intel:/home/kevin# echo “net.ipv4.conf.all.rp_filter=2” >> /etc/sysctl.conf
root@intel:/home/kevin# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.all.rp_filter = 2
root@intel:/home/kevin#

 

 

Install and  Configure a VPN Tunnel Software Package for DN42

 

For peering in DN42 VPN tunneling software is required. This is because DN42 nodes are spread across the world, and tunneling provides encryption and protection against interception and hacking. Also, DN42 uses private addresses that will be automatically dropped by firewalls on the Internet.

 

Furthermore, if you do not use a VPN your ISP may assume you are operating IP Spoofing, which is a clear violation of ISP ToS and can have catastrophic technical consequences.

 

Continue Reading

LPIC3-306 COURSE NOTES: BGP Border Gateway Protocol

LAB on BGP 

 

These are my notes made during my lab practical as part of my LPIC3 Diploma course in Linux Clustering. They are in “rough format”, presented as they were written.

 

 

LPIC3 Syllabus for BGP

 

364.4 Network High Availability
Weight: 5
Description: Candidates should be able to configure redundant networking connections and manage VLANs.

Furthermore, candidates should have a basic understanding of BGP.

 

Key Knowledge Areas:
• Understand and configure bonding network interface
• Network bond modes and algorithms (active-backup, blance-tlb, balance-alb,
802.3ad, balance-rr, balance-xor, broadcast)
• Configure switch configuration for high availability, including RSTP
• Configure VLANs on regular and bonded network interfaces
• Persist bonding and VLAN configuration
Understand the principle of autonomous systems and BGP to manage external
redundant uplinks
• Awareness of traffic shaping and control capabilities of Linux
 

Partial list of the used files, terms and utilities:
• bonding.ko (including relevant module options)
• /etc/network/interfaces
• /etc/sysconfig/networking-scripts/ifcfg-*
• /etc/systemd/network/*.network
• /etc/systemd/network/*.netdev
• nmcli
• /sys/class/net/bonding_masters
• /sys/class/net/bond*/bonding/miimon
• /sys/class/net/bond*/bonding/slaves
• ifenslave
• ip

 

Border Gateway Protocol BGP

 

BGP Overview

 

The current version of BGP is BGP version 4.

 

BGP or Border Gateway Protocol provides routing information for autonomous systems on the Internet via its AS-Path method.

 

BGP is a Layer 4 protocol on top of TCP. It is much simpler than OSPF, since it relies on TCP functionality.

 

Peer routers which are configured to exchange routing information will form a TCP connection and begin exchanging network information using BGP.

There is no discovery in BGP.

 

The AS-Path method is an anti-loop mechanism and thus BGP routers do not import any routes that contain their own router ASN or AS number in the AS-Path.

 

It is essential for a BGP router to be configured correctly as misconfigured BGP routers can cause serious internet network traffic problems.

 

Unlike RIP or Routing Information Protocol, which is a distance-vector routing protocol using hop count as a routing metric, BGP does not broadcast its routing table. At boot up, your peer will hand over its entire table. After that, it will only receive updates.

 

Route updates are stored in the RIB or Routing Information Base. Whereas a routing table will only store one route per destination, the RIB may contain multiple paths to a destination. The router decides which routes will be entered into the routing table, and with that which paths will be used. If a route is withdrawn, then another route to the same destination will be identified in the RIB.

 

The RIB is only used to maintain a record of possible routes. It does not send any updates to peers. If a route withdrawal is received and it only existed in the RIB, it is deleted from the RIB.

 

Often there will be multiple routes to the same destination and BGP therefore uses path attributes to determine how to route traffic.

 

The simplest of these attributes is Shortest AS_Path, which simply means the path which traverses the least number of AS “wins.”

 

Another attribute is Multi_Exit_Disc (MED or Multi-exit discriminator). This enables a remote router to be informed of a specific exit point from your network should multiple exits exist.

 

Note: BGP uses port 179. BGP is an application-layer protocol and not a network-layer protocol, unlike what some network administrators assume.

 

 

Main Characteristics of BGP Border Gateway Protocol Summarized:

 

  • Inter-Autonomous System Configuration: The main function of BGP is to provide a link between two autonomous systems.
  • BGP supports “Next-Hop” Paradigm.
  • Provides co-oordination among multiple BGP peers or “speakers” in the AS or Autonomous System.
  • Path Information: BGP advertisements include path information, reachable destination and next destination pair.
  • Policy Support: BGP can implement system-administrator configurable policies
  • BGP runs over TCP.
  • BGP conserves network bandwidth.
  • BGP supports CIDR addressing.
  • BGP also supports Security.

 

Functionalities of BGP Border Gateway Protocol:

 

BGP peers have 3 main functions:

 

1. Initial peer acquisition and authentication. This means both peer machines establish a TCP connection and then perform a message exchange which guarantees that both sides have agreed to communicate with each other.
2. The sending of negative or positive reachability data.
3. Confirming that peers and the network connection between them are functioning correctly.

 

BGP Route Information Management Functions:

 

  • Route Storage: Information is stored about how to reach other networks.
  • Route Update: Route information is updated over time.
  • Route Selection: Route database info is used to determine the best routes to other networks.
  • Route advertisement: Each BGP peer or speaker regularly informs its peer about what it knows about other networks and how best to reach them.

 

 

Problems with Internet traffic growth:

 

1. Network routing tables are also growing. This puts means more overhead and pressure on routers.

 

2. The danger of someone who “advertises the Internet” on their router either deliberately or by mistake. If routers accept the newly advertised route, then the entire Internet’s traffic can end up being sent to that one router. This can be avoided through “route filtering” but it has to be configured on each router.

 

3. The problem of “flapping”. This refers to routes which come and go, ie which for whatever reason are not 24×7 reliable. This can cause problems for routing table updates. To avoid this problem, “dampening” is used. This prevents BGP peers from listening to all routing updates from peers which are defined as flapping.

 

This can however mean it can take longer for a new router to be accepted by its peers the first time it comes online.

 

 

 

 

An Overview of the AS or Autonomous System Number System Used by BGP

 

An autonomous system number (ASN) is a group of IP prefixes with a defined external routing policy. So that autonomous systems can talk to each other, each must have a unique identifier. ASNs can be public or private.

 

Public ASNs are necessary for systems to exchange information over the Internet.

 

A private ASN can be deployed if a system is communicating solely with a single provider using Border Gateway Protocol (BGP).

 

 

ASes connect with each other and exchange network traffic (data packets) through a process called peering. One way ASes peer with each other is by connecting at physical locations called Internet Exchange Points (IXPs). An IXP is a large local area network (LAN) with lots of routers, switches, and cable connections.

 

The Internet Assigned Numbers Authority (IANA) globally coordinates DNS Root, IP addressing, and other Internet resources, including ASNs. The IANA assigns ASNs to Regional Internet Registries or RIRs, which in turn are responsible for allocating the ASNs within their region of responsibility.

 

 

The five Regional Internet Registries or RIRs are:

 

  • African Network Information Center (AFRINIC)
  • American Registry for Internet Numbers (ARIN)
  • Asia-Pacific Network Information Centre (APNIC)
  • Latin American and Caribbean Network Information Centre (LACNIC)
  • Réseaux IP Européens Network Coordination Centre (RIPE NCC)

 

As with IP addresses, ASNs (Autonomous System Numbers) must be unique. This is because BGP uses the AS number as part of its loop prevention mechanism.

 

When you apply for an ASN you will be required to justify why you need a public AS number and you also have to meet a number of pre-conditions. See below.

 

 

You submit an ASN request through ARIN Online. Following approval, you sign a Registration Services Agreement and pay a fee for your ASN.

 

For some organizations, using a private AS number can be a solution. For example, ASNs 64512 – 65534 are reserved for private use.

 

Autonomous system numbers are directly tied to Internet exchange points. Each network that uses peering at an IXP counts as an autonomous system with an ASN.

 

 

Requirements for Applying for a Public ASM

 

RIRs are very selective about whom they grant an ASN to.

 

The pre-conditions include:

 

  • You have a network connection to more than one ISP, known as ‘multi-homed’.
  • Your exterior network router operates using BGP
  • You must provide the AS numbers (ASN) of all your ISP’s routers.
  • You may be required to provide the IP addresses of your ISP’s routers to which you establish your connections. You will most likely already possess this information provided by your ISP, but otherwise you can establish the addresses by using the traceroute tool.
  • You and your ISP must already be registered in the RIR’s database.
  • You must have blocks of IP addresses that require routing. IP addresses can also be obtained from RIR’s.
  • You must show that you need to either utilize BGP with an organizationally unique routing policy OR else be running a multi-homed network.

 

There exist four categories of autonomous systems that require an ASN:

 

  • Multihomed – connected to more than one autonomous system.
  • Stub – this is only connected to one other autonomous system.
  • Transit – this provides connections through itself. Eg network A can connect to network C directly or alternatively via network B.
  • Internet Exchange Point – this is an AS or autonomous system created by the physical infrastructure located at Internet exchange points.

 

 

Autonomous System Number Formats

 

 

Before 2007, all autonomous system numbers used 2-byte, or 16-bit, numbers. This yielded IANA 65,536 possible ASNs to distribute. This quantity had soon run out, and so 32-bit ASNs were created to solve the problem. The current system provides 4,294,967,296 ASNs.

 

However, this made the ASN numbers potentially unwieldly to handle. So two alternative ways to represent ASNs were devised.

 

The standard format used for displaying the number is known as asplain, which is a simple decimal representation (“as plain”).

 

The asdot+ method separates the number into low and high-order 16-bit values separated by a dot (“as dot plus”). Eg 65525 would be shown as 0.65525, 65537 would be displayed as 1.0, 65680 would be displayed as 1.144, and so on.

 

The asdot method is a mixture of asplain and asdot+. Any ASN in the 2-byte range is quoted in asplain format, eg 65525 is 65525; and any number outside of that range is quoted using the asdot+ format, eg 65680 would be 1.144.

 

 

The ASN Address Space

 

AS NUMBER (ASN) BITS

DESCRIPTION

RFC 
0 16 Reserved Space [RFC1930]
1 – 23455 16 Public ASNs  
23456 16 Reserved for AS Pool Transition [RFC6793]
23457 – 64534 16 Public ASNs  
64000 – 64495 16 Reserved by IANA  
64496 – 64511 16 Reserved for documentation or sample coding [RFC5398]
64512 – 65534 16 Reserved for Private Usage  
65535 16 Reserved Space  
65536 – 65551 32 Reserved for documentation or sample coding [RFC4893][RFC5398]
65552 – 131071 32 Reserved Space  
131072 – 4199999999 32 Public 32-bit ASNs  
4200000000 – 4294967294 32 Reserved for Private Usage [RFC6996]
4294967295 32 Reserved Space
Continue Reading

LPIC3 DIPLOMA Linux Clustering – LAB NOTES: Lesson BGP

LAB on BGP 

 

These are my notes made during my lab practical as part of my LPIC3 Diploma course in Linux Clustering. They are in “rough format”, presented as they were written.

 

 

LPIC3 Syllabus for BGP

 

364.4 Network High Availability
Weight: 5
Description: Candidates should be able to configure redundant networking connections and manage VLANs.

Furthermore, candidates should have a basic understanding of BGP.

Key Knowledge Areas:
• Understand and configure bonding network interface
• Network bond modes and algorithms (active-backup, blance-tlb, balance-alb,
802.3ad, balance-rr, balance-xor, broadcast)
• Configure switch configuration for high availability, including RSTP
• Configure VLANs on regular and bonded network interfaces
• Persist bonding and VLAN configuration
• Understand the principle of autonomous systems and BGP to manage external
redundant uplinks
• Awareness of traffic shaping and control capabilities of Linux
 

Partial list of the used files, terms and utilities:
• bonding.ko (including relevant module options)
• /etc/network/interfaces
• /etc/sysconfig/networking-scripts/ifcfg-*
• /etc/systemd/network/*.network
• /etc/systemd/network/*.netdev
• nmcli
• /sys/class/net/bonding_masters
• /sys/class/net/bond*/bonding/miimon
• /sys/class/net/bond*/bonding/slaves
• ifenslave
• ip

 

Network Overview

 

The network for this BGP LAB comprises two virtual KVM machines, installed with CentOS 7 and housed on a KVM virtual machine system on a Linux Ubuntu host:

 

router1 10.0.8.100 and
router2 10.0.9.100

 

Our Internet will effectively be the laptop, with an IP of 192.168.122.1

 

This interface is defined on the laptop as a KVM bridge.

 

 

Border Gateway Protocol BGP

 

 

Installation of BGP and Dependencies

 

 

 

Make sure SELinux is disabled. Check with:

 

 

root@asus:/home/kevin# sestatus
SELinux status: disabled
root@asus:/home/kevin#

 

 

 

If you are using CentOS 7, you need to apply the following policy change for SELinux. Otherwise, SELinux will prevent Zebra daemon from writing to its configuration directory.

[root@router1 ~]# setsebool -P zebra_write_config 1
setsebool: SELinux is disabled.
[root@router1 ~]#

 

If not disabled, open /etc/selinux/config

 

and change

 

SELINUX=enforcing

 

to

 

SELINUX=disabled

 

 

Then reboot.

 

 

 

yum install readline-devel

 

[root@router1 ~]# yum install readline-devel
Failed to set locale, defaulting to C.UTF-8

 

Installing:
readline-devel x86_64 7.0-10.el8 baseos 204 k
Installing dependencies:
ncurses-c++-libs x86_64 6.1-7.20180224.el8 baseos 58 k
ncurses-devel x86_64 6.1-7.20180224.el8 baseos 527 k

Transaction Summary
=======================================================================================================================================
Install 3 Packages

Installed:
ncurses-c++-libs-6.1-7.20180224.el8.x86_64 ncurses-devel-6.1-7.20180224.el8.x86_64 readline-devel-7.0-10.el8.x86_64

Complete!
[root@router1 ~]#

 

[root@router2 ~]# yum install quagga
Loaded plugins: fastestmirror, langpacks
Installing:
quagga x86_64 0.99.22.4-5.el7_4 base 1.2 M
Installing for dependencies:
net-snmp x86_64 1:5.7.2-49.el7_9.1 updates 325 k
net-snmp-agent-libs x86_64 1:5.7.2-49.el7_9.1 updates 707 k
perl-Data-Dumper x86_64 2.145-3.el7 base 47 k

 

Transaction Summary

 

Running transaction
Installing : 1:net-snmp-agent-libs-5.7.2-49.el7_9.1.x86_64 1/4
Installing : perl-Data-Dumper-2.145-3.el7.x86_64 2/4
Installing : 1:net-snmp-5.7.2-49.el7_9.1.x86_64 3/4
Installing : quagga-0.99.22.4-5.el7_4.x86_64 4/4
Verifying : perl-Data-Dumper-2.145-3.el7.x86_64 1/4
Verifying : quagga-0.99.22.4-5.el7_4.x86_64 2/4
Verifying : 1:net-snmp-agent-libs-5.7.2-49.el7_9.1.x86_64 3/4
Verifying : 1:net-snmp-5.7.2-49.el7_9.1.x86_64 4/4

 

Installed:
quagga.x86_64 0:0.99.22.4-5.el7_4

 

Dependency Installed:
net-snmp.x86_64 1:5.7.2-49.el7_9.1 net-snmp-agent-libs.x86_64 1:5.7.2-49.el7_9.1 perl-Data-Dumper.x86_64 0:2.145-3.el7

Complete!
[root@router2 ~]#

 

[root@router2 ~]# systemctl enable zebra
Created symlink from /etc/systemd/system/multi-user.target.wants/zebra.service to /usr/lib/systemd/system/zebra.service.
[root@router2 ~]#
[root@router2 ~]# systemctl start zebra
[root@router2 ~]# systemctl status zebra
● zebra.service – GNU Zebra routing manager
Loaded: loaded (/usr/lib/systemd/system/zebra.service; enabled; vendor preset: disabled)
Active: active (running) since Fr 2021-05-14 15:13:55 CEST; 4s ago
Process: 20902 ExecStart=/usr/sbin/zebra -d $ZEBRA_OPTS -f /etc/quagga/zebra.conf (code=exited, status=0/SUCCESS)
Process: 20901 ExecStartPre=/sbin/ip route flush proto zebra (code=exited, status=0/SUCCESS)
Main PID: 20904 (zebra)
CGroup: /system.slice/zebra.service
└─20904 /usr/sbin/zebra -d -A 127.0.0.1 -f /etc/quagga/zebra.conf

 

Mai 14 15:13:55 router2 systemd[1]: Starting GNU Zebra routing manager…
Mai 14 15:13:55 router2 systemd[1]: Can’t open PID file /run/quagga/zebra.pid (yet?) after start: No such file or directory
Mai 14 15:13:55 router2 systemd[1]: Started GNU Zebra routing manager.
[root@router2 ~]#

 

[root@router2 ~]# systemctl enable bgpd
Created symlink from /etc/systemd/system/multi-user.target.wants/bgpd.service to /usr/lib/systemd/system/bgpd.service.
[root@router2 ~]# systemctl status bgpd
● bgpd.service – BGP routing daemon
Loaded: loaded (/usr/lib/systemd/system/bgpd.service; enabled; vendor preset: disabled)
Active: inactive (dead)
[root@router2 ~]# systemctl start bgpd
[root@router2 ~]# systemctl status bgpd
● bgpd.service – BGP routing daemon
Loaded: loaded (/usr/lib/systemd/system/bgpd.service; enabled; vendor preset: disabled)
Active: inactive (dead)
Condition: start condition failed at Fr 2021-05-14 15:14:41 CEST; 1s ago
ConditionPathExists=/etc/quagga/bgpd.conf was not met
[root@router2 ~]#

 

Next we do the same on router1

 

BGP Router Configuration with Quagga 

 

In order to configure the BGP routing, we use the vtysh shell.

 

First copy the sample BGP configuration file:

 

cp /usr/share/doc/quagga-*/bgpd.conf.sample /etc/quagga/bgpd.conf

 

Quagga offers a dedicated command-line shell called vtysh, where you can type commands which are compatible with those supported by router vendors such as Cisco and Juniper.

 

Do the following on both routers:

 

After the file has been copied, enter the shell: vtysh

 

the prompt will appear, in this case:

 

[root@router1 ~]# vtysh

 

Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

router1# show running-config
Building configuration…

 

Current configuration:

!
hostname router2
!
interface eth0
ipv6 nd suppress-ra
!
interface eth1
ipv6 nd suppress-ra
!
interface lo
!
line vty
!
end
router1#

 

Now we specify the log file for Zebra by using the following commands (still in the vtysh shell):

 

router1# configure terminal
router1(config)# log file /var/log/quagga/quagga.log
router1(config)# exit
router1# write
Building Configuration…
Configuration saved to /etc/quagga/zebra.conf
[OK]
router1# exit
[root@router1 ~]#

 

If you are using CentOS 7, you need to apply the following policy change for SELinux. Otherwise, SELinux will prevent Zebra daemon from writing to its configuration directory.

[root@router1 ~]# setsebool -P zebra_write_config 1
setsebool: SELinux is disabled.
[root@router1 ~]#

 

do the same on both routers.

[root@router1 ~]# cp /usr/share/doc/quagga-*/bgpd.conf.sample /etc/quagga/bgpd.conf
[root@router1 ~]# cd /etc
[root@router1 etc]# cd quagga/
[root@router1 quagga]# ls
bgpd.conf vtysh.conf zebra.conf zebra.conf.sav
[root@router1 quagga]#
[root@router1 quagga]#
[root@router1 quagga]# cat zebra.conf
!
! Zebra configuration saved from vty
! 2021/05/14 15:35:50
!
hostname router2
log file /var/log/quagga/quagga.log
!
interface eth0
ipv6 nd suppress-ra
!
interface eth1
ipv6 nd suppress-ra
!
interface lo
!
!
!
line vty
!
[root@router1 quagga]# cat bgpd.conf
! -*- bgp -*-
!
! BGPd sample configuratin file
!
! $Id: bgpd.conf.sample,v 1.1 2002/12/13 20:15:29 paul Exp $
!
hostname bgpd
password zebra
!enable password please-set-at-here
!
!bgp mulitple-instance
!
router bgp 7675
! bgp router-id 10.0.0.1
! network 10.0.0.0/8
! neighbor 10.0.0.2 remote-as 7675
! neighbor 10.0.0.2 route-map set-nexthop out
! neighbor 10.0.0.2 ebgp-multihop
! neighbor 10.0.0.2 next-hop-self
!
! access-list all permit any
!
!route-map set-nexthop permit 10
! match ip address all
! set ip next-hop 10.0.0.1
!
!log file bgpd.log
!
log stdout
[root@router1 quagga]#

 

 

Configuring BGP Peering

 

 

installing on ubuntu laptop

root@asus:~# apt-get install quagga
Reading package lists… Done

 

echo “net.ipv4.conf.all.forwarding=1” | sudo tee -a /etc/sysctl.conf

root@asus:~# echo “net.ipv4.conf.all.forwarding=1” | sudo tee -a /etc/sysctl.conf
net.ipv4.conf.all.forwarding=1
root@asus:~#

check with

sysctl -p

root@asus:~# sysctl -p
net.ipv4.conf.all.forwarding = 1
root@asus:~#

apt install quagga-doc

 

copy the required files for configuring this routing suite.

babeld.conf
bgpd.conf
bgpd.conf
isisd.conf
ospf6d.conf
ospfd.conf
ripd.conf
ripngd.conf
vtysh.conf
zebra.conf

 

 

These configuration files are not placed initially in /etc/quagga/ so you need to copy these files from /usr/share/doc/quagga-core/examples to /etc/quagga:

 

 

root@asus:/usr/share/doc/quagga-core/examples# cp /usr/share/doc/quagga-core/examples/vtysh.conf.sample /etc/quagga/vtysh.conf
root@asus:/usr/share/doc/quagga-core/examples# cp /usr/share/doc/quagga-core/examples/zebra.conf.sample /etc/quagga/zebra.conf
root@asus:/usr/share/doc/quagga-core/examples# cp /usr/share/doc/quagga-core/examples/bgpd.conf.sample /etc/quagga/bgpd.conf
root@asus:/usr/share/doc/quagga-core/examples# sudo chown quagga:quagga /etc/quagga/*.conf
root@asus:/usr/share/doc/quagga-core/examples# sudo chown quagga:quaggavty /etc/quagga/vtysh.conf
root@asus:/usr/share/doc/quagga-core/examples# sudo chmod 640 /etc/quagga/*.conf
root@asus:/usr/share/doc/quagga-core/examples#

 

to write logs:

root@asus:~# mkdir /var/log/quagga/
root@asus:~# chown quagga:quagga /var/log/quagga/
root@asus:~# touch /var/log/zebra.log
root@asus:~# chown quagga:quagga /var/log/zebra.log
root@asus:~#

 

 

Next, we configure peering IP addresses on the external interface to be used.

 

[root@router1 ~]# vtysh

 

Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

router1# show interface
Interface eth0 is up, line protocol detection is disabled
index 2 metric 1 mtu 1500
flags: <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 52:54:00:9f:8b:c0
inet 192.168.122.8/24 broadcast 192.168.122.255
inet6 fe80::127d:ea0d:65b7:30e5/64
Interface eth1 is up, line protocol detection is disabled
index 3 metric 1 mtu 1500
flags: <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 52:54:00:19:4f:66
inet 10.0.8.100/8 broadcast 10.255.255.255
inet6 fe80::c466:3844:d978:b3d8/64
Interface lo is up, line protocol detection is disabled
index 1 metric 1 mtu 65536
flags: <UP,LOOPBACK,RUNNING>
inet 127.0.0.1/8
inet6 ::1/128
router1#

 

For BGP peering, we first copy the sample configuration file from “/usr/share/doc” to “/etc”. Then, we will start and enable the bgp service. After all this is done, we configure the BGP session.

 

1) Let’s prepare the BGP daemon (BGPd)’s configuration file.

 

cp /usr/share/doc/quagga-XXXXXXX/bgpd.conf.sample /etc/quagga/bgpd.conf

 

 

root@asus:~# cat /etc/quagga/bgpd.conf
!
! Zebra configuration saved from vty
! 2021/05/14 17:40:00
!
hostname bgpd
password zebra
log file /var/log/quagga/quagga.log
log stdout
!
router bgp 7675
bgp router-id 192.168.178.22
!
address-family ipv6
exit-address-family
exit
!
line vty

 

 

 

 

 

[root@router2 quagga]# vtysh

 

 

Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

 

router2# configure terminal
router2(config)# router bgp 65102
router2(config-router)#
router2(config-router)# network 10.0.9.0/24
router2(config-router)# exit
router2(config)# exit
router2# wr
Building Configuration…
Configuration saved to /etc/quagga/zebra.conf
Configuration saved to /etc/quagga/bgpd.conf
[OK]
router2#

 

to test your configuration, you can manually bind the address to your loopback interface:

 

 

[root@router1 ~]# ip addr add 10.0.8.201 dev lo

 

Note I have set the following additional loopback IPs for the 3 BGP routers: 

 

 

asus: 192.168.122.200

 

router1: 10.0.8.201

 

router2: 10.0.9.202

 

These will need to be permanently configured to survive reboot.

 

You can then manually check the route to ensure that it’s a local one:

 

ip route get 10.0.8.201

 

[root@router1 ~]# ip route get 10.0.8.201
local 10.0.8.201 dev lo src 10.0.8.201
cache <local>
[root@router1 ~]#

 

 

As this address was manually added, the configuration will not persist after the networking services are restarted or the system is rebooted.

 

 

[root@router1 ~]# vtysh

 

Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

router1# conf t
router1(config)#
router1(config)#
router1(config)#
router1(config)#
router1(config)# route-map RM_SET_SRC permit 10
router1(config-route-map)#
router1(config-route-map)#
router1(config-route-map)#
router1(config-route-map)# set src 10.0.8.201
router1(config-route-map)# ip protocol bgp route-map RM_SET_SRC
router1(config)# exit
router1# write
Building Configuration…
Configuration saved to /etc/quagga/zebra.conf
Can’t backup old configuration file /etc/quagga/bgpd.conf.sav.
[OK]
router1#

 

router1# show route-map RM_SET_SRC
ZEBRA:
route-map RM_SET_SRC, permit, sequence 10
Match clauses:
Set clauses:
src 10.0.8.201
Call clause:
Action:
Exit routemap
BGP:
route-map RM_SET_SRC, permit, sequence 10
Match clauses:
Set clauses:
Call clause:
Action:
Exit routemap
router1#

 

 

 

 

 

Private AS Numbers

 

64512 – 65534 16 Reserved for Private Usage

 

we will use:

 

65100 asus
65101 router1
65102 router2

 

 

on router1:

 

nano /etc/quagga/bgpd.conf

 

! -*- bgp -*-
!
! BGPd sample configuratin file
!
! $Id: bgpd.conf.sample,v 1.1 2002/12/13 20:15:29 paul Exp $
!
hostname router1
password zebra
enable password zebra
!enable password please-set-at-here
!
bgp mulitple-instance
!
router bgp 65101
bgp router-id 10.0.8.100
network 10.0.8.0/24
bgp log-neighbor-changes

neighbor 192.168.122.1 remote-as 65100
! neighbor 10.0.0.2 route-map set-nexthop out
! neighbor 10.0.0.2 ebgp-multihop
! neighbor 10.0.0.2 next-hop-self
!
access-list all permit any
!
!route-map set-nexthop permit 10
! match ip address all
! set ip next-hop 10.0.0.1
!
log file /var/log/quagga/bgpd.log
!
log stdout

 

nano /etc/quagga/zebra.conf

GNU nano 2.3.1 File: /etc/quagga/zebra.conf

!
! Zebra configuration saved from vty
! 2021/05/14 15:35:50
!
hostname router1
log file /var/log/quagga/quagga.log
!
!interface eth0
! ipv6 nd suppress-ra
!
interface eth1
ipv6 nd suppress-ra
!
interface lo
!
!
!
line vty
!

 

on router2:

 

nano /etc/quagga/bgpd.conf

 

! -*- bgp -*-
!
! BGPd sample configuratin file
!
! $Id: bgpd.conf.sample,v 1.1 2002/12/13 20:15:29 paul Exp $
!
hostname router2
password zebra
enable password zebra
!enable password please-set-at-here
!
bgp mulitple-instance
!
router bgp 65102
bgp router-id 10.0.9.100
network 10.0.9.0/24
bgp log-neighbor-changes

neighbor 192.168.122.1 remote-as 65100
! neighbor 10.0.0.2 route-map set-nexthop out
! neighbor 10.0.0.2 ebgp-multihop
! neighbor 10.0.0.2 next-hop-self
!
access-list all permit any
!
!route-map set-nexthop permit 10
! match ip address all
! set ip next-hop 10.0.0.1
!
log file /var/log/quagga/bgpd.log
!
log stdout

 

nano /etc/quagga/zebra.conf

 

GNU nano 2.3.1 File: /etc/quagga/zebra.conf

!
! Zebra configuration saved from vty
! 2021/05/14 15:35:50
!
hostname router2
log file /var/log/quagga/quagga.log
!
!interface eth0
! ipv6 nd suppress-ra
!
interface eth1
ipv6 nd suppress-ra
!
interface lo
!
!
!
line vty
!

 

on asus laptop:

 

GNU nano 5.2 /etc/quagga/bgpd.conf
!
! Zebra configuration saved from vty
! 2021/05/14 17:40:00
!
hostname bgpd
password zebra
log file /var/log/quagga/quagga.log
log stdout
!
router bgp 65100
bgp router-id 192.168.122.1
!
address-family ipv6
exit-address-family
exit
!
line vty
!

 

also on asus:

 

nano /etc/quagga/bgpd.conf

 

! -*- bgp -*-
!
! BGPd sample configuratin file
!
! $Id: bgpd.conf.sample,v 1.1 2002/12/13 20:15:29 paul Exp $
!
hostname bgpd
password zebra
enable password zebra
!enable password please-set-at-here
!
bgp mulitple-instance
!
router bgp 65100
bgp router-id 192.168.122.1
network 192.168.122.0/24
bgp log-neighbor-changes

neighbor 10.0.8.100 remote-as 65101
! neighbor 10.0.0.2 route-map set-nexthop out
! neighbor 10.0.0.2 ebgp-multihop
! neighbor 10.0.0.2 next-hop-self
!

neighbor 10.0.9.100 remote-as 65102
! neighbor 10.0.0.2 route-map set-nexthop out
! neighbor 10.0.0.2 ebgp-multihop
! neighbor 10.0.0.2 next-hop-self
!

access-list all permit any
!
!route-map set-nexthop permit 10
! match ip address all
! set ip next-hop 10.0.0.1
!
log file /var/log/quagga/bgpd.log
!
log stdout

 

Start BGP Services

 

Next we start the quagga services: bgpd and zebra on all the routers in this LAB ie asus, router1 and router2:

 

start the services bgpd and zebra:

 

root@asus:~#
root@asus:~# systemctl start bgpd
root@asus:~# systemctl start zebra
root@asus:~# systemctl status bgpd
● bgpd.service – BGP routing daemon
Loaded: loaded (/lib/systemd/system/bgpd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2021-05-14 16:39:41 CEST; 8s ago
Docs: man:bgpd
Process: 244632 ExecStartPre=/bin/chmod -f 640 /etc/quagga/bgpd.conf (code=exited, status=0/SUCCESS)
Process: 244633 ExecStartPre=/bin/chown -f quagga:quagga /etc/quagga/bgpd.conf (code=exited, status=0/SUCCESS)
Process: 244634 ExecStart=/usr/sbin/bgpd -d -A 127.0.0.1 -f /etc/quagga/bgpd.conf (code=exited, status=0/SUCCESS)
Main PID: 244635 (bgpd)
Tasks: 1 (limit: 21460)
Memory: 3.0M
CGroup: /system.slice/bgpd.service
└─244635 /usr/sbin/bgpd -d -A 127.0.0.1 -f /etc/quagga/bgpd.conf

Mai 14 16:39:41 asus systemd[1]: Starting BGP routing daemon…
Mai 14 16:39:41 asus systemd[1]: Started BGP routing daemon.
root@asus:~# systemctl status zebra
● zebra.service – GNU Zebra routing manager
Loaded: loaded (/lib/systemd/system/zebra.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2021-05-14 16:39:41 CEST; 12s ago
Docs: man:zebra
Process: 244626 ExecStartPre=/sbin/ip route flush proto zebra (code=exited, status=0/SUCCESS)
Process: 244627 ExecStartPre=/bin/chmod -f 640 /etc/quagga/vtysh.conf /etc/quagga/zebra.conf (code=exited, status=0/SUCCESS)
Process: 244628 ExecStartPre=/bin/chown -f quagga:quagga /etc/quagga/zebra.conf (code=exited, status=0/SUCCESS)
Process: 244629 ExecStartPre=/bin/chown -f quagga:quaggavty /etc/quagga/vtysh.conf (code=exited, status=0/SUCCESS)
Process: 244630 ExecStart=/usr/sbin/zebra -d -A 127.0.0.1 -f /etc/quagga/zebra.conf (code=exited, status=0/SUCCESS)
Main PID: 244631 (zebra)
Tasks: 1 (limit: 21460)
Memory: 2.2M
CGroup: /system.slice/zebra.service
└─244631 /usr/sbin/zebra -d -A 127.0.0.1 -f /etc/quagga/zebra.conf

 

Mai 14 16:39:41 asus systemd[1]: Starting GNU Zebra routing manager…
Mai 14 16:39:41 asus systemd[1]: Started GNU Zebra routing manager.
root@asus:~#

 

normally on a router they would also be enabled to start on boot:

 

sudo systemctl is-enabled zebra.service
sudo systemctl is-enabled bgpd.service
sudo systemctl enable zebra.service
sudo systemctl enable bgpd.service

 

Disable unnecessary services:

systemctl status ospfd

systemctl is-enabled ospfd
systemctl is-enabled ospf6d
systemctl is-enabled ripd
systemctl is-enabled ripngd
systemctl is-enabled isisd

systemctl disable ospfd
systemctl disable ospf6d
systemctl disable ripd
systemctl disable ripngd
systemctl disable isisd

 

 

Do this on all the BGP routers for all AS systems in this LAB.

 

Connect to the vtysh, bgpd and zebra terminal as follows:

 

vtysh
sudo telnet localhost 2605
sudo telnet localhost 2601

 

 

 

 

 

[root@router2 quagga]# systemctl start bgpd
[root@router2 quagga]# systemctl status bgpd
● bgpd.service – BGP routing daemon
Loaded: loaded (/usr/lib/systemd/system/bgpd.service; enabled; vendor preset: disabled)
Active: active (running) since So 2021-05-16 00:36:13 CEST; 4s ago
Process: 4404 ExecStart=/usr/sbin/bgpd -d $BGPD_OPTS -f /etc/quagga/bgpd.conf (code=exited, status=0/SUCCESS)
Main PID: 4405 (bgpd)
CGroup: /system.slice/bgpd.service
└─4405 /usr/sbin/bgpd -d -A 127.0.0.1 -f /etc/quagga/bgpd.conf

Mai 16 00:36:13 router2 systemd[1]: Starting BGP routing daemon…
Mai 16 00:36:13 router2 systemd[1]: Can’t open PID file /run/quagga/bgpd.pid (yet?) after start: No such file or directory
Mai 16 00:36:13 router2 systemd[1]: Started BGP routing daemon.
[root@router2 quagga]#
[root@router2 quagga]#

 

 

[root@router2 quagga]# systemctl start zebra
[root@router2 quagga]# systemctl status zebra
● zebra.service – GNU Zebra routing manager
Loaded: loaded (/usr/lib/systemd/system/zebra.service; enabled; vendor preset: disabled)
Active: active (running) since Fr 2021-05-14 15:31:57 CEST; 1 day 9h ago
Process: 710 ExecStart=/usr/sbin/zebra -d $ZEBRA_OPTS -f /etc/quagga/zebra.conf (code=exited, status=0/SUCCESS)
Process: 673 ExecStartPre=/sbin/ip route flush proto zebra (code=exited, status=0/SUCCESS)
Main PID: 726 (zebra)
CGroup: /system.slice/zebra.service
└─726 /usr/sbin/zebra -d -A 127.0.0.1 -f /etc/quagga/zebra.conf

 

 

Mai 14 15:31:56 router2 systemd[1]: Starting GNU Zebra routing manager…
Mai 14 15:31:57 router2 systemd[1]: Can’t open PID file /run/quagga/zebra.pid (yet?) after start: No such file or directory
Mai 14 15:31:57 router2 systemd[1]: Started GNU Zebra routing manager.
[root@router2 quagga]#

 

 

How to Verify if BGP is Working

 

[root@router1 quagga]# vtysh -c “show bgp neighbors”
BGP neighbor is 192.168.122.1, remote AS 65100, local AS 65101, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Active
Last read 00:26:14, hold time is 180, keepalive interval is 60 seconds
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 12 0
Notifications: 0 0
Updates: 0 0
Keepalives: 0 0
Route Refresh: 0 0
Capability: 0 0
Total: 12 0
Minimum time between advertisement runs is 30 seconds

 

For address family: IPv4 Unicast
Community attribute sent to this neighbor(both)
0 accepted prefixes

 

Connections established 0; dropped 0
Last reset never
Local host: 192.168.122.8, Local port: 46514
Foreign host: 192.168.122.1, Foreign port: 179
Nexthop: 192.168.122.8
Nexthop global: fe80::127d:ea0d:65b7:30e5
Nexthop local: ::
BGP connection: non shared network
Next connect timer due in 22 seconds
Read thread: off Write thread: off

 

[root@router1 quagga]#

 

 

 

[root@router2 quagga]# vtysh -c “show bgp neighbors”
BGP neighbor is 192.168.122.1, remote AS 65100, local AS 65102, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Connect
Last read 00:19:52, hold time is 180, keepalive interval is 60 seconds
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 8 0
Notifications: 0 0
Updates: 0 0
Keepalives: 0 0
Route Refresh: 0 0
Capability: 0 0
Total: 8 0
Minimum time between advertisement runs is 30 seconds

 

For address family: IPv4 Unicast
Community attribute sent to this neighbor(both)
0 accepted prefixes

 

Connections established 0; dropped 0
Last reset never
Next connect timer due in 50 seconds
Read thread: on Write thread: on

 

[root@router2 quagga]#

 

 

root@asus:/etc/quagga# vtysh -c “show bgp neighbors”
BGP neighbor is 10.0.8.100, remote AS 65101, local AS 65100, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Active
Last read 00:27:14, hold time is 180, keepalive interval is 60 seconds
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 327 0
Notifications: 0 0
Updates: 0 0
Keepalives: 0 0
Route Refresh: 0 0
Capability: 0 0
Total: 327 0
Minimum time between advertisement runs is 3 seconds

 

For address family: IPv4 Unicast
Community attribute sent to this neighbor(all)
0 accepted prefixes

 

Connections established 0; dropped 0
Last reset never
External BGP neighbor may be up to 1 hops away.
Local host: 10.0.8.1, Local port: 43840
Foreign host: 10.0.8.100, Foreign port: 179
Nexthop: 10.0.8.1
Nexthop global: ::
Nexthop local: ::
BGP connection: non shared network
Next connect timer due in 4 seconds
Read thread: off Write thread: off

 

BGP neighbor is 10.0.9.100, remote AS 65102, local AS 65100, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Active
Last read 00:27:14, hold time is 180, keepalive interval is 60 seconds
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 244 0
Notifications: 0 0
Updates: 0 0
Keepalives: 0 0
Route Refresh: 0 0
Capability: 0 0
Total: 244 0
Minimum time between advertisement runs is 3 seconds

 

For address family: IPv4 Unicast
Community attribute sent to this neighbor(all)
0 accepted prefixes

 

Connections established 0; dropped 0
Last reset never
External BGP neighbor may be up to 1 hops away.
Local host: 10.0.9.1, Local port: 33062
Foreign host: 10.0.9.100, Foreign port: 179
Nexthop: 10.0.9.1
Nexthop global: ::
Nexthop local: ::
BGP connection: non shared network
Next connect timer due in 4 seconds
Read thread: off Write thread: off

 

root@asus:/etc/quagga#

 

 

next check the ip routing tables

 

vtysh -c “show ip bgp”

 

[root@router1 quagga]# vtysh -c “show ip bgp”
BGP table version is 0, local router ID is 10.0.8.100
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale, R Removed
Origin codes: i – IGP, e – EGP, ? – incomplete

 

Network Next Hop Metric LocPrf Weight Path
*> 10.0.8.0/24 0.0.0.0 0 32768 i

 

Total number of prefixes 1
[root@router1 quagga]#

 

 

 

[root@router2 quagga]# vtysh -c “show ip bgp”
BGP table version is 0, local router ID is 10.0.9.100
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale, R Removed
Origin codes: i – IGP, e – EGP, ? – incomplete

 

Network Next Hop Metric LocPrf Weight Path
*> 10.0.9.0/24 0.0.0.0 0 32768 i

 

Total number of prefixes 1
[root@router2 quagga]#

 

 

root@asus:/etc/quagga# vtysh -c “show ip bgp”
BGP table version is 0, local router ID is 192.168.122.1
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path

*> 192.168.122.0 0.0.0.0 0 32768 i

 

Displayed 1 out of 1 total prefixes
root@asus:/etc/quagga#

 

 

 

 

Some Basic Quagga Router Commands

 

Login to router:

 

either

 

vtysh

 

[root@router2 quagga]# vtysh

 

Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

router2#

 

 

or

 

telnet localhost 2601

 

(latter requires the password)

 

 

[root@router2 quagga]# telnet localhost 2601
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.

 

Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

User Access Verification

 

Password:
router2>

 

 

show basic help:

 

router2#?
router2#
clear Reset functions
configure Configuration from vty interface
copy Copy from one file to another
debug Enable debug messages for specific or all part.
disable Turn off privileged mode command
end End current mode and change to enable mode
exit Exit current mode and down to previous mode
list Print command list
no Negate a command or set its defaults
ping Send echo messages
quit Exit current mode and down to previous mode
show Show running system information
ssh Open an ssh connection
start-shell Start UNIX shell
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
undebug Disable debugging functions (see also ‘debug’)
write Write running configuration to memory, network, or terminal
router2#

 

 

display advanced help

 

note this is different to the basic help, with just “?” – here you enter “show ?”

 

 

router2# show ?
debugging Zebra configuration
history Display the session command history
interface Interface status and configuration
ip IP information
ipv6 IPv6 information
logging Show current logging configuration
memory Memory statistics
route-map route-map information
running-config running configuration
startup-config Contentes of startup configuration
table default routing table to use for all clients
thread Thread information
version Displays zebra version
work-queues Work Queue information
zebra Zebra informationClient information
router2#

 

 

display advanced help for a specific command:

 

eg

 

show ip ?

 

router2# show ip ?
access-list List IP access lists
forwarding IP forwarding status
mroute IP Multicast routing table
prefix-list Build a prefix list
protocol IP protocol filtering status
route IP routing table
router2#

 

 

display ip routing info:

 

router2# show ip route
Codes: K – kernel route, C – connected, S – static, R – RIP,
O – OSPF, I – IS-IS, B – BGP, A – Babel,
> – selected route, * – FIB route

 

K>* 0.0.0.0/0 via 192.168.122.1, eth0
C>* 10.0.0.0/8 is directly connected, eth1
C>* 127.0.0.0/8 is directly connected, lo
C>* 192.168.122.0/24 is directly connected, eth0
router2#
router2#

 

 

enter privileged command mode:

 

(note the different prompt when logging in via telnet localhost 2601 compared to vtysh)

 

use enable or ena:

 

[root@router2 quagga]# telnet localhost 2601
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.

 

Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

User Access Verification

 

Password:
router2>
router2> enable
Password:
router2#

 

 

display current interface config:

 

show int eth0

router2# show int eth0
Interface eth0 is up, line protocol detection is disabled
index 2 metric 1 mtu 1500
flags: <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 52:54:00:f8:98:3d
inet 192.168.122.12/24 broadcast 192.168.122.255
inet6 fe80::127d:ea0d:65b7:30e5/64
inet6 fe80::6e18:9a8a:652c:1700/64
router2#

 

 

save current config:

 

wr

 

router2# wr
Configuration saved to /etc/quagga/zebra.conf
router2#

 

 

 

enter edit mode:

 

Router#conf t

 

router2# conf t
router2(config)#

 

 

To exit configure mode

 

end

 

router2# conf t
router2(config)#
router2(config)#
router2(config)#
router2(config)# end
router2#

 

 

To display current configuration use the show running-config command:

 

sh run

 

router2# sh run

 

Current configuration:
!
hostname router2
password zebra
enable password zebra
log file /var/log/quagga/quagga.log
!
interface eth0
ipv6 nd suppress-ra
!
interface eth1
ipv6 nd suppress-ra
!
interface lo
!
ip forwarding
!
!
line vty
!
end
router2#

 

 

 

router1# show ip bgp neighbors
BGP neighbor is 192.168.122.1, remote AS 65100, local AS 65101, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Active
Last read 01:06:19, hold time is 180, keepalive interval is 60 seconds
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 34 0
Notifications: 0 0
Updates: 0 0
Keepalives: 0 0
Route Refresh: 0 0
Capability: 0 0
Total: 34 0
Minimum time between advertisement runs is 30 seconds

 

For address family: IPv4 Unicast
Community attribute sent to this neighbor(both)
0 accepted prefixes

 

Connections established 0; dropped 0
Last reset never
Local host: 192.168.122.11, Local port: 58120
Foreign host: 192.168.122.1, Foreign port: 179
Nexthop: 192.168.122.11
Nexthop global: fe80::127d:ea0d:65b7:30e5
Nexthop local: ::
BGP connection: non shared network
Next connect timer due in 109 seconds
Read thread: off Write thread: off

 

router1#

 

 

to exit router:

 

exit

 

router2# exit
Connection closed by foreign host.
[root@router2 quagga]#

 

Continue Reading