Tags Archives: networking

LPIC3 DIPLOMA Linux Clustering – LAB NOTES: Lesson BGP

LAB on BGP 

 

These are my notes made during my lab practical as part of my LPIC3 Diploma course in Linux Clustering. They are in “rough format”, presented as they were written.

 

 

LPIC3 Syllabus for BGP

 

364.4 Network High Availability
Weight: 5
Description: Candidates should be able to configure redundant networking connections and manage VLANs.

Furthermore, candidates should have a basic understanding of BGP.

Key Knowledge Areas:
• Understand and configure bonding network interface
• Network bond modes and algorithms (active-backup, blance-tlb, balance-alb,
802.3ad, balance-rr, balance-xor, broadcast)
• Configure switch configuration for high availability, including RSTP
• Configure VLANs on regular and bonded network interfaces
• Persist bonding and VLAN configuration
• Understand the principle of autonomous systems and BGP to manage external
redundant uplinks
• Awareness of traffic shaping and control capabilities of Linux
 

Partial list of the used files, terms and utilities:
• bonding.ko (including relevant module options)
• /etc/network/interfaces
• /etc/sysconfig/networking-scripts/ifcfg-*
• /etc/systemd/network/*.network
• /etc/systemd/network/*.netdev
• nmcli
• /sys/class/net/bonding_masters
• /sys/class/net/bond*/bonding/miimon
• /sys/class/net/bond*/bonding/slaves
• ifenslave
• ip

 

Network Overview

 

The network for this BGP LAB comprises two virtual KVM machines, installed with CentOS 7 and housed on a KVM virtual machine system on a Linux Ubuntu host:

 

router1 10.0.8.100 and
router2 10.0.9.100

 

Our Internet will effectively be the laptop, with an IP of 192.168.122.1

 

This interface is defined on the laptop as a KVM bridge.

 

 

Border Gateway Protocol BGP

 

 

Installation of BGP and Dependencies

 

 

 

Make sure SELinux is disabled. Check with:

 

 

root@asus:/home/kevin# sestatus
SELinux status: disabled
root@asus:/home/kevin#

 

 

 

If you are using CentOS 7, you need to apply the following policy change for SELinux. Otherwise, SELinux will prevent Zebra daemon from writing to its configuration directory.

[root@router1 ~]# setsebool -P zebra_write_config 1
setsebool: SELinux is disabled.
[root@router1 ~]#

 

If not disabled, open /etc/selinux/config

 

and change

 

SELINUX=enforcing

 

to

 

SELINUX=disabled

 

 

Then reboot.

 

 

 

yum install readline-devel

 

[root@router1 ~]# yum install readline-devel
Failed to set locale, defaulting to C.UTF-8

 

Installing:
readline-devel x86_64 7.0-10.el8 baseos 204 k
Installing dependencies:
ncurses-c++-libs x86_64 6.1-7.20180224.el8 baseos 58 k
ncurses-devel x86_64 6.1-7.20180224.el8 baseos 527 k

Transaction Summary
=======================================================================================================================================
Install 3 Packages

Installed:
ncurses-c++-libs-6.1-7.20180224.el8.x86_64 ncurses-devel-6.1-7.20180224.el8.x86_64 readline-devel-7.0-10.el8.x86_64

Complete!
[root@router1 ~]#

 

[root@router2 ~]# yum install quagga
Loaded plugins: fastestmirror, langpacks
Installing:
quagga x86_64 0.99.22.4-5.el7_4 base 1.2 M
Installing for dependencies:
net-snmp x86_64 1:5.7.2-49.el7_9.1 updates 325 k
net-snmp-agent-libs x86_64 1:5.7.2-49.el7_9.1 updates 707 k
perl-Data-Dumper x86_64 2.145-3.el7 base 47 k

 

Transaction Summary

 

Running transaction
Installing : 1:net-snmp-agent-libs-5.7.2-49.el7_9.1.x86_64 1/4
Installing : perl-Data-Dumper-2.145-3.el7.x86_64 2/4
Installing : 1:net-snmp-5.7.2-49.el7_9.1.x86_64 3/4
Installing : quagga-0.99.22.4-5.el7_4.x86_64 4/4
Verifying : perl-Data-Dumper-2.145-3.el7.x86_64 1/4
Verifying : quagga-0.99.22.4-5.el7_4.x86_64 2/4
Verifying : 1:net-snmp-agent-libs-5.7.2-49.el7_9.1.x86_64 3/4
Verifying : 1:net-snmp-5.7.2-49.el7_9.1.x86_64 4/4

 

Installed:
quagga.x86_64 0:0.99.22.4-5.el7_4

 

Dependency Installed:
net-snmp.x86_64 1:5.7.2-49.el7_9.1 net-snmp-agent-libs.x86_64 1:5.7.2-49.el7_9.1 perl-Data-Dumper.x86_64 0:2.145-3.el7

Complete!
[root@router2 ~]#

 

[root@router2 ~]# systemctl enable zebra
Created symlink from /etc/systemd/system/multi-user.target.wants/zebra.service to /usr/lib/systemd/system/zebra.service.
[root@router2 ~]#
[root@router2 ~]# systemctl start zebra
[root@router2 ~]# systemctl status zebra
● zebra.service – GNU Zebra routing manager
Loaded: loaded (/usr/lib/systemd/system/zebra.service; enabled; vendor preset: disabled)
Active: active (running) since Fr 2021-05-14 15:13:55 CEST; 4s ago
Process: 20902 ExecStart=/usr/sbin/zebra -d $ZEBRA_OPTS -f /etc/quagga/zebra.conf (code=exited, status=0/SUCCESS)
Process: 20901 ExecStartPre=/sbin/ip route flush proto zebra (code=exited, status=0/SUCCESS)
Main PID: 20904 (zebra)
CGroup: /system.slice/zebra.service
└─20904 /usr/sbin/zebra -d -A 127.0.0.1 -f /etc/quagga/zebra.conf

 

Mai 14 15:13:55 router2 systemd[1]: Starting GNU Zebra routing manager…
Mai 14 15:13:55 router2 systemd[1]: Can’t open PID file /run/quagga/zebra.pid (yet?) after start: No such file or directory
Mai 14 15:13:55 router2 systemd[1]: Started GNU Zebra routing manager.
[root@router2 ~]#

 

[root@router2 ~]# systemctl enable bgpd
Created symlink from /etc/systemd/system/multi-user.target.wants/bgpd.service to /usr/lib/systemd/system/bgpd.service.
[root@router2 ~]# systemctl status bgpd
● bgpd.service – BGP routing daemon
Loaded: loaded (/usr/lib/systemd/system/bgpd.service; enabled; vendor preset: disabled)
Active: inactive (dead)
[root@router2 ~]# systemctl start bgpd
[root@router2 ~]# systemctl status bgpd
● bgpd.service – BGP routing daemon
Loaded: loaded (/usr/lib/systemd/system/bgpd.service; enabled; vendor preset: disabled)
Active: inactive (dead)
Condition: start condition failed at Fr 2021-05-14 15:14:41 CEST; 1s ago
ConditionPathExists=/etc/quagga/bgpd.conf was not met
[root@router2 ~]#

 

Next we do the same on router1

 

BGP Router Configuration with Quagga 

 

In order to configure the BGP routing, we use the vtysh shell.

 

First copy the sample BGP configuration file:

 

cp /usr/share/doc/quagga-*/bgpd.conf.sample /etc/quagga/bgpd.conf

 

Quagga offers a dedicated command-line shell called vtysh, where you can type commands which are compatible with those supported by router vendors such as Cisco and Juniper.

 

Do the following on both routers:

 

After the file has been copied, enter the shell: vtysh

 

the prompt will appear, in this case:

 

[root@router1 ~]# vtysh

 

Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

router1# show running-config
Building configuration…

 

Current configuration:

!
hostname router2
!
interface eth0
ipv6 nd suppress-ra
!
interface eth1
ipv6 nd suppress-ra
!
interface lo
!
line vty
!
end
router1#

 

Now we specify the log file for Zebra by using the following commands (still in the vtysh shell):

 

router1# configure terminal
router1(config)# log file /var/log/quagga/quagga.log
router1(config)# exit
router1# write
Building Configuration…
Configuration saved to /etc/quagga/zebra.conf
[OK]
router1# exit
[root@router1 ~]#

 

If you are using CentOS 7, you need to apply the following policy change for SELinux. Otherwise, SELinux will prevent Zebra daemon from writing to its configuration directory.

[root@router1 ~]# setsebool -P zebra_write_config 1
setsebool: SELinux is disabled.
[root@router1 ~]#

 

do the same on both routers.

[root@router1 ~]# cp /usr/share/doc/quagga-*/bgpd.conf.sample /etc/quagga/bgpd.conf
[root@router1 ~]# cd /etc
[root@router1 etc]# cd quagga/
[root@router1 quagga]# ls
bgpd.conf vtysh.conf zebra.conf zebra.conf.sav
[root@router1 quagga]#
[root@router1 quagga]#
[root@router1 quagga]# cat zebra.conf
!
! Zebra configuration saved from vty
! 2021/05/14 15:35:50
!
hostname router2
log file /var/log/quagga/quagga.log
!
interface eth0
ipv6 nd suppress-ra
!
interface eth1
ipv6 nd suppress-ra
!
interface lo
!
!
!
line vty
!
[root@router1 quagga]# cat bgpd.conf
! -*- bgp -*-
!
! BGPd sample configuratin file
!
! $Id: bgpd.conf.sample,v 1.1 2002/12/13 20:15:29 paul Exp $
!
hostname bgpd
password zebra
!enable password please-set-at-here
!
!bgp mulitple-instance
!
router bgp 7675
! bgp router-id 10.0.0.1
! network 10.0.0.0/8
! neighbor 10.0.0.2 remote-as 7675
! neighbor 10.0.0.2 route-map set-nexthop out
! neighbor 10.0.0.2 ebgp-multihop
! neighbor 10.0.0.2 next-hop-self
!
! access-list all permit any
!
!route-map set-nexthop permit 10
! match ip address all
! set ip next-hop 10.0.0.1
!
!log file bgpd.log
!
log stdout
[root@router1 quagga]#

 

 

Configuring BGP Peering

 

 

installing on ubuntu laptop

root@asus:~# apt-get install quagga
Reading package lists… Done

 

echo “net.ipv4.conf.all.forwarding=1” | sudo tee -a /etc/sysctl.conf

root@asus:~# echo “net.ipv4.conf.all.forwarding=1” | sudo tee -a /etc/sysctl.conf
net.ipv4.conf.all.forwarding=1
root@asus:~#

check with

sysctl -p

root@asus:~# sysctl -p
net.ipv4.conf.all.forwarding = 1
root@asus:~#

apt install quagga-doc

 

copy the required files for configuring this routing suite.

babeld.conf
bgpd.conf
bgpd.conf
isisd.conf
ospf6d.conf
ospfd.conf
ripd.conf
ripngd.conf
vtysh.conf
zebra.conf

 

 

These configuration files are not placed initially in /etc/quagga/ so you need to copy these files from /usr/share/doc/quagga-core/examples to /etc/quagga:

 

 

root@asus:/usr/share/doc/quagga-core/examples# cp /usr/share/doc/quagga-core/examples/vtysh.conf.sample /etc/quagga/vtysh.conf
root@asus:/usr/share/doc/quagga-core/examples# cp /usr/share/doc/quagga-core/examples/zebra.conf.sample /etc/quagga/zebra.conf
root@asus:/usr/share/doc/quagga-core/examples# cp /usr/share/doc/quagga-core/examples/bgpd.conf.sample /etc/quagga/bgpd.conf
root@asus:/usr/share/doc/quagga-core/examples# sudo chown quagga:quagga /etc/quagga/*.conf
root@asus:/usr/share/doc/quagga-core/examples# sudo chown quagga:quaggavty /etc/quagga/vtysh.conf
root@asus:/usr/share/doc/quagga-core/examples# sudo chmod 640 /etc/quagga/*.conf
root@asus:/usr/share/doc/quagga-core/examples#

 

to write logs:

root@asus:~# mkdir /var/log/quagga/
root@asus:~# chown quagga:quagga /var/log/quagga/
root@asus:~# touch /var/log/zebra.log
root@asus:~# chown quagga:quagga /var/log/zebra.log
root@asus:~#

 

 

Next, we configure peering IP addresses on the external interface to be used.

 

[root@router1 ~]# vtysh

 

Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

router1# show interface
Interface eth0 is up, line protocol detection is disabled
index 2 metric 1 mtu 1500
flags: <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 52:54:00:9f:8b:c0
inet 192.168.122.8/24 broadcast 192.168.122.255
inet6 fe80::127d:ea0d:65b7:30e5/64
Interface eth1 is up, line protocol detection is disabled
index 3 metric 1 mtu 1500
flags: <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 52:54:00:19:4f:66
inet 10.0.8.100/8 broadcast 10.255.255.255
inet6 fe80::c466:3844:d978:b3d8/64
Interface lo is up, line protocol detection is disabled
index 1 metric 1 mtu 65536
flags: <UP,LOOPBACK,RUNNING>
inet 127.0.0.1/8
inet6 ::1/128
router1#

 

For BGP peering, we first copy the sample configuration file from “/usr/share/doc” to “/etc”. Then, we will start and enable the bgp service. After all this is done, we configure the BGP session.

 

1) Let’s prepare the BGP daemon (BGPd)’s configuration file.

 

cp /usr/share/doc/quagga-XXXXXXX/bgpd.conf.sample /etc/quagga/bgpd.conf

 

 

root@asus:~# cat /etc/quagga/bgpd.conf
!
! Zebra configuration saved from vty
! 2021/05/14 17:40:00
!
hostname bgpd
password zebra
log file /var/log/quagga/quagga.log
log stdout
!
router bgp 7675
bgp router-id 192.168.178.22
!
address-family ipv6
exit-address-family
exit
!
line vty

 

 

 

 

 

[root@router2 quagga]# vtysh

 

 

Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

 

router2# configure terminal
router2(config)# router bgp 65102
router2(config-router)#
router2(config-router)# network 10.0.9.0/24
router2(config-router)# exit
router2(config)# exit
router2# wr
Building Configuration…
Configuration saved to /etc/quagga/zebra.conf
Configuration saved to /etc/quagga/bgpd.conf
[OK]
router2#

 

to test your configuration, you can manually bind the address to your loopback interface:

 

 

[root@router1 ~]# ip addr add 10.0.8.201 dev lo

 

Note I have set the following additional loopback IPs for the 3 BGP routers: 

 

 

asus: 192.168.122.200

 

router1: 10.0.8.201

 

router2: 10.0.9.202

 

These will need to be permanently configured to survive reboot.

 

You can then manually check the route to ensure that it’s a local one:

 

ip route get 10.0.8.201

 

[root@router1 ~]# ip route get 10.0.8.201
local 10.0.8.201 dev lo src 10.0.8.201
cache <local>
[root@router1 ~]#

 

 

As this address was manually added, the configuration will not persist after the networking services are restarted or the system is rebooted.

 

 

[root@router1 ~]# vtysh

 

Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

router1# conf t
router1(config)#
router1(config)#
router1(config)#
router1(config)#
router1(config)# route-map RM_SET_SRC permit 10
router1(config-route-map)#
router1(config-route-map)#
router1(config-route-map)#
router1(config-route-map)# set src 10.0.8.201
router1(config-route-map)# ip protocol bgp route-map RM_SET_SRC
router1(config)# exit
router1# write
Building Configuration…
Configuration saved to /etc/quagga/zebra.conf
Can’t backup old configuration file /etc/quagga/bgpd.conf.sav.
[OK]
router1#

 

router1# show route-map RM_SET_SRC
ZEBRA:
route-map RM_SET_SRC, permit, sequence 10
Match clauses:
Set clauses:
src 10.0.8.201
Call clause:
Action:
Exit routemap
BGP:
route-map RM_SET_SRC, permit, sequence 10
Match clauses:
Set clauses:
Call clause:
Action:
Exit routemap
router1#

 

 

 

 

 

Private AS Numbers

 

64512 – 65534 16 Reserved for Private Usage

 

we will use:

 

65100 asus
65101 router1
65102 router2

 

 

on router1:

 

nano /etc/quagga/bgpd.conf

 

! -*- bgp -*-
!
! BGPd sample configuratin file
!
! $Id: bgpd.conf.sample,v 1.1 2002/12/13 20:15:29 paul Exp $
!
hostname router1
password zebra
enable password zebra
!enable password please-set-at-here
!
bgp mulitple-instance
!
router bgp 65101
bgp router-id 10.0.8.100
network 10.0.8.0/24
bgp log-neighbor-changes

neighbor 192.168.122.1 remote-as 65100
! neighbor 10.0.0.2 route-map set-nexthop out
! neighbor 10.0.0.2 ebgp-multihop
! neighbor 10.0.0.2 next-hop-self
!
access-list all permit any
!
!route-map set-nexthop permit 10
! match ip address all
! set ip next-hop 10.0.0.1
!
log file /var/log/quagga/bgpd.log
!
log stdout

 

nano /etc/quagga/zebra.conf

GNU nano 2.3.1 File: /etc/quagga/zebra.conf

!
! Zebra configuration saved from vty
! 2021/05/14 15:35:50
!
hostname router1
log file /var/log/quagga/quagga.log
!
!interface eth0
! ipv6 nd suppress-ra
!
interface eth1
ipv6 nd suppress-ra
!
interface lo
!
!
!
line vty
!

 

on router2:

 

nano /etc/quagga/bgpd.conf

 

! -*- bgp -*-
!
! BGPd sample configuratin file
!
! $Id: bgpd.conf.sample,v 1.1 2002/12/13 20:15:29 paul Exp $
!
hostname router2
password zebra
enable password zebra
!enable password please-set-at-here
!
bgp mulitple-instance
!
router bgp 65102
bgp router-id 10.0.9.100
network 10.0.9.0/24
bgp log-neighbor-changes

neighbor 192.168.122.1 remote-as 65100
! neighbor 10.0.0.2 route-map set-nexthop out
! neighbor 10.0.0.2 ebgp-multihop
! neighbor 10.0.0.2 next-hop-self
!
access-list all permit any
!
!route-map set-nexthop permit 10
! match ip address all
! set ip next-hop 10.0.0.1
!
log file /var/log/quagga/bgpd.log
!
log stdout

 

nano /etc/quagga/zebra.conf

 

GNU nano 2.3.1 File: /etc/quagga/zebra.conf

!
! Zebra configuration saved from vty
! 2021/05/14 15:35:50
!
hostname router2
log file /var/log/quagga/quagga.log
!
!interface eth0
! ipv6 nd suppress-ra
!
interface eth1
ipv6 nd suppress-ra
!
interface lo
!
!
!
line vty
!

 

on asus laptop:

 

GNU nano 5.2 /etc/quagga/bgpd.conf
!
! Zebra configuration saved from vty
! 2021/05/14 17:40:00
!
hostname bgpd
password zebra
log file /var/log/quagga/quagga.log
log stdout
!
router bgp 65100
bgp router-id 192.168.122.1
!
address-family ipv6
exit-address-family
exit
!
line vty
!

 

also on asus:

 

nano /etc/quagga/bgpd.conf

 

! -*- bgp -*-
!
! BGPd sample configuratin file
!
! $Id: bgpd.conf.sample,v 1.1 2002/12/13 20:15:29 paul Exp $
!
hostname bgpd
password zebra
enable password zebra
!enable password please-set-at-here
!
bgp mulitple-instance
!
router bgp 65100
bgp router-id 192.168.122.1
network 192.168.122.0/24
bgp log-neighbor-changes

neighbor 10.0.8.100 remote-as 65101
! neighbor 10.0.0.2 route-map set-nexthop out
! neighbor 10.0.0.2 ebgp-multihop
! neighbor 10.0.0.2 next-hop-self
!

neighbor 10.0.9.100 remote-as 65102
! neighbor 10.0.0.2 route-map set-nexthop out
! neighbor 10.0.0.2 ebgp-multihop
! neighbor 10.0.0.2 next-hop-self
!

access-list all permit any
!
!route-map set-nexthop permit 10
! match ip address all
! set ip next-hop 10.0.0.1
!
log file /var/log/quagga/bgpd.log
!
log stdout

 

Start BGP Services

 

Next we start the quagga services: bgpd and zebra on all the routers in this LAB ie asus, router1 and router2:

 

start the services bgpd and zebra:

 

root@asus:~#
root@asus:~# systemctl start bgpd
root@asus:~# systemctl start zebra
root@asus:~# systemctl status bgpd
● bgpd.service – BGP routing daemon
Loaded: loaded (/lib/systemd/system/bgpd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2021-05-14 16:39:41 CEST; 8s ago
Docs: man:bgpd
Process: 244632 ExecStartPre=/bin/chmod -f 640 /etc/quagga/bgpd.conf (code=exited, status=0/SUCCESS)
Process: 244633 ExecStartPre=/bin/chown -f quagga:quagga /etc/quagga/bgpd.conf (code=exited, status=0/SUCCESS)
Process: 244634 ExecStart=/usr/sbin/bgpd -d -A 127.0.0.1 -f /etc/quagga/bgpd.conf (code=exited, status=0/SUCCESS)
Main PID: 244635 (bgpd)
Tasks: 1 (limit: 21460)
Memory: 3.0M
CGroup: /system.slice/bgpd.service
└─244635 /usr/sbin/bgpd -d -A 127.0.0.1 -f /etc/quagga/bgpd.conf

Mai 14 16:39:41 asus systemd[1]: Starting BGP routing daemon…
Mai 14 16:39:41 asus systemd[1]: Started BGP routing daemon.
root@asus:~# systemctl status zebra
● zebra.service – GNU Zebra routing manager
Loaded: loaded (/lib/systemd/system/zebra.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2021-05-14 16:39:41 CEST; 12s ago
Docs: man:zebra
Process: 244626 ExecStartPre=/sbin/ip route flush proto zebra (code=exited, status=0/SUCCESS)
Process: 244627 ExecStartPre=/bin/chmod -f 640 /etc/quagga/vtysh.conf /etc/quagga/zebra.conf (code=exited, status=0/SUCCESS)
Process: 244628 ExecStartPre=/bin/chown -f quagga:quagga /etc/quagga/zebra.conf (code=exited, status=0/SUCCESS)
Process: 244629 ExecStartPre=/bin/chown -f quagga:quaggavty /etc/quagga/vtysh.conf (code=exited, status=0/SUCCESS)
Process: 244630 ExecStart=/usr/sbin/zebra -d -A 127.0.0.1 -f /etc/quagga/zebra.conf (code=exited, status=0/SUCCESS)
Main PID: 244631 (zebra)
Tasks: 1 (limit: 21460)
Memory: 2.2M
CGroup: /system.slice/zebra.service
└─244631 /usr/sbin/zebra -d -A 127.0.0.1 -f /etc/quagga/zebra.conf

 

Mai 14 16:39:41 asus systemd[1]: Starting GNU Zebra routing manager…
Mai 14 16:39:41 asus systemd[1]: Started GNU Zebra routing manager.
root@asus:~#

 

normally on a router they would also be enabled to start on boot:

 

sudo systemctl is-enabled zebra.service
sudo systemctl is-enabled bgpd.service
sudo systemctl enable zebra.service
sudo systemctl enable bgpd.service

 

Disable unnecessary services:

systemctl status ospfd

systemctl is-enabled ospfd
systemctl is-enabled ospf6d
systemctl is-enabled ripd
systemctl is-enabled ripngd
systemctl is-enabled isisd

systemctl disable ospfd
systemctl disable ospf6d
systemctl disable ripd
systemctl disable ripngd
systemctl disable isisd

 

 

Do this on all the BGP routers for all AS systems in this LAB.

 

Connect to the vtysh, bgpd and zebra terminal as follows:

 

vtysh
sudo telnet localhost 2605
sudo telnet localhost 2601

 

 

 

 

 

[root@router2 quagga]# systemctl start bgpd
[root@router2 quagga]# systemctl status bgpd
● bgpd.service – BGP routing daemon
Loaded: loaded (/usr/lib/systemd/system/bgpd.service; enabled; vendor preset: disabled)
Active: active (running) since So 2021-05-16 00:36:13 CEST; 4s ago
Process: 4404 ExecStart=/usr/sbin/bgpd -d $BGPD_OPTS -f /etc/quagga/bgpd.conf (code=exited, status=0/SUCCESS)
Main PID: 4405 (bgpd)
CGroup: /system.slice/bgpd.service
└─4405 /usr/sbin/bgpd -d -A 127.0.0.1 -f /etc/quagga/bgpd.conf

Mai 16 00:36:13 router2 systemd[1]: Starting BGP routing daemon…
Mai 16 00:36:13 router2 systemd[1]: Can’t open PID file /run/quagga/bgpd.pid (yet?) after start: No such file or directory
Mai 16 00:36:13 router2 systemd[1]: Started BGP routing daemon.
[root@router2 quagga]#
[root@router2 quagga]#

 

 

[root@router2 quagga]# systemctl start zebra
[root@router2 quagga]# systemctl status zebra
● zebra.service – GNU Zebra routing manager
Loaded: loaded (/usr/lib/systemd/system/zebra.service; enabled; vendor preset: disabled)
Active: active (running) since Fr 2021-05-14 15:31:57 CEST; 1 day 9h ago
Process: 710 ExecStart=/usr/sbin/zebra -d $ZEBRA_OPTS -f /etc/quagga/zebra.conf (code=exited, status=0/SUCCESS)
Process: 673 ExecStartPre=/sbin/ip route flush proto zebra (code=exited, status=0/SUCCESS)
Main PID: 726 (zebra)
CGroup: /system.slice/zebra.service
└─726 /usr/sbin/zebra -d -A 127.0.0.1 -f /etc/quagga/zebra.conf

 

 

Mai 14 15:31:56 router2 systemd[1]: Starting GNU Zebra routing manager…
Mai 14 15:31:57 router2 systemd[1]: Can’t open PID file /run/quagga/zebra.pid (yet?) after start: No such file or directory
Mai 14 15:31:57 router2 systemd[1]: Started GNU Zebra routing manager.
[root@router2 quagga]#

 

 

How to Verify if BGP is Working

 

[root@router1 quagga]# vtysh -c “show bgp neighbors”
BGP neighbor is 192.168.122.1, remote AS 65100, local AS 65101, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Active
Last read 00:26:14, hold time is 180, keepalive interval is 60 seconds
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 12 0
Notifications: 0 0
Updates: 0 0
Keepalives: 0 0
Route Refresh: 0 0
Capability: 0 0
Total: 12 0
Minimum time between advertisement runs is 30 seconds

 

For address family: IPv4 Unicast
Community attribute sent to this neighbor(both)
0 accepted prefixes

 

Connections established 0; dropped 0
Last reset never
Local host: 192.168.122.8, Local port: 46514
Foreign host: 192.168.122.1, Foreign port: 179
Nexthop: 192.168.122.8
Nexthop global: fe80::127d:ea0d:65b7:30e5
Nexthop local: ::
BGP connection: non shared network
Next connect timer due in 22 seconds
Read thread: off Write thread: off

 

[root@router1 quagga]#

 

 

 

[root@router2 quagga]# vtysh -c “show bgp neighbors”
BGP neighbor is 192.168.122.1, remote AS 65100, local AS 65102, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Connect
Last read 00:19:52, hold time is 180, keepalive interval is 60 seconds
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 8 0
Notifications: 0 0
Updates: 0 0
Keepalives: 0 0
Route Refresh: 0 0
Capability: 0 0
Total: 8 0
Minimum time between advertisement runs is 30 seconds

 

For address family: IPv4 Unicast
Community attribute sent to this neighbor(both)
0 accepted prefixes

 

Connections established 0; dropped 0
Last reset never
Next connect timer due in 50 seconds
Read thread: on Write thread: on

 

[root@router2 quagga]#

 

 

root@asus:/etc/quagga# vtysh -c “show bgp neighbors”
BGP neighbor is 10.0.8.100, remote AS 65101, local AS 65100, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Active
Last read 00:27:14, hold time is 180, keepalive interval is 60 seconds
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 327 0
Notifications: 0 0
Updates: 0 0
Keepalives: 0 0
Route Refresh: 0 0
Capability: 0 0
Total: 327 0
Minimum time between advertisement runs is 3 seconds

 

For address family: IPv4 Unicast
Community attribute sent to this neighbor(all)
0 accepted prefixes

 

Connections established 0; dropped 0
Last reset never
External BGP neighbor may be up to 1 hops away.
Local host: 10.0.8.1, Local port: 43840
Foreign host: 10.0.8.100, Foreign port: 179
Nexthop: 10.0.8.1
Nexthop global: ::
Nexthop local: ::
BGP connection: non shared network
Next connect timer due in 4 seconds
Read thread: off Write thread: off

 

BGP neighbor is 10.0.9.100, remote AS 65102, local AS 65100, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Active
Last read 00:27:14, hold time is 180, keepalive interval is 60 seconds
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 244 0
Notifications: 0 0
Updates: 0 0
Keepalives: 0 0
Route Refresh: 0 0
Capability: 0 0
Total: 244 0
Minimum time between advertisement runs is 3 seconds

 

For address family: IPv4 Unicast
Community attribute sent to this neighbor(all)
0 accepted prefixes

 

Connections established 0; dropped 0
Last reset never
External BGP neighbor may be up to 1 hops away.
Local host: 10.0.9.1, Local port: 33062
Foreign host: 10.0.9.100, Foreign port: 179
Nexthop: 10.0.9.1
Nexthop global: ::
Nexthop local: ::
BGP connection: non shared network
Next connect timer due in 4 seconds
Read thread: off Write thread: off

 

root@asus:/etc/quagga#

 

 

next check the ip routing tables

 

vtysh -c “show ip bgp”

 

[root@router1 quagga]# vtysh -c “show ip bgp”
BGP table version is 0, local router ID is 10.0.8.100
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale, R Removed
Origin codes: i – IGP, e – EGP, ? – incomplete

 

Network Next Hop Metric LocPrf Weight Path
*> 10.0.8.0/24 0.0.0.0 0 32768 i

 

Total number of prefixes 1
[root@router1 quagga]#

 

 

 

[root@router2 quagga]# vtysh -c “show ip bgp”
BGP table version is 0, local router ID is 10.0.9.100
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale, R Removed
Origin codes: i – IGP, e – EGP, ? – incomplete

 

Network Next Hop Metric LocPrf Weight Path
*> 10.0.9.0/24 0.0.0.0 0 32768 i

 

Total number of prefixes 1
[root@router2 quagga]#

 

 

root@asus:/etc/quagga# vtysh -c “show ip bgp”
BGP table version is 0, local router ID is 192.168.122.1
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed

Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path

*> 192.168.122.0 0.0.0.0 0 32768 i

 

Displayed 1 out of 1 total prefixes
root@asus:/etc/quagga#

 

 

 

 

Some Basic Quagga Router Commands

 

Login to router:

 

either

 

vtysh

 

[root@router2 quagga]# vtysh

 

Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

router2#

 

 

or

 

telnet localhost 2601

 

(latter requires the password)

 

 

[root@router2 quagga]# telnet localhost 2601
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.

 

Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

User Access Verification

 

Password:
router2>

 

 

show basic help:

 

router2#?
router2#
clear Reset functions
configure Configuration from vty interface
copy Copy from one file to another
debug Enable debug messages for specific or all part.
disable Turn off privileged mode command
end End current mode and change to enable mode
exit Exit current mode and down to previous mode
list Print command list
no Negate a command or set its defaults
ping Send echo messages
quit Exit current mode and down to previous mode
show Show running system information
ssh Open an ssh connection
start-shell Start UNIX shell
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
undebug Disable debugging functions (see also ‘debug’)
write Write running configuration to memory, network, or terminal
router2#

 

 

display advanced help

 

note this is different to the basic help, with just “?” – here you enter “show ?”

 

 

router2# show ?
debugging Zebra configuration
history Display the session command history
interface Interface status and configuration
ip IP information
ipv6 IPv6 information
logging Show current logging configuration
memory Memory statistics
route-map route-map information
running-config running configuration
startup-config Contentes of startup configuration
table default routing table to use for all clients
thread Thread information
version Displays zebra version
work-queues Work Queue information
zebra Zebra informationClient information
router2#

 

 

display advanced help for a specific command:

 

eg

 

show ip ?

 

router2# show ip ?
access-list List IP access lists
forwarding IP forwarding status
mroute IP Multicast routing table
prefix-list Build a prefix list
protocol IP protocol filtering status
route IP routing table
router2#

 

 

display ip routing info:

 

router2# show ip route
Codes: K – kernel route, C – connected, S – static, R – RIP,
O – OSPF, I – IS-IS, B – BGP, A – Babel,
> – selected route, * – FIB route

 

K>* 0.0.0.0/0 via 192.168.122.1, eth0
C>* 10.0.0.0/8 is directly connected, eth1
C>* 127.0.0.0/8 is directly connected, lo
C>* 192.168.122.0/24 is directly connected, eth0
router2#
router2#

 

 

enter privileged command mode:

 

(note the different prompt when logging in via telnet localhost 2601 compared to vtysh)

 

use enable or ena:

 

[root@router2 quagga]# telnet localhost 2601
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.

 

Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

User Access Verification

 

Password:
router2>
router2> enable
Password:
router2#

 

 

display current interface config:

 

show int eth0

router2# show int eth0
Interface eth0 is up, line protocol detection is disabled
index 2 metric 1 mtu 1500
flags: <UP,BROADCAST,RUNNING,MULTICAST>
HWaddr: 52:54:00:f8:98:3d
inet 192.168.122.12/24 broadcast 192.168.122.255
inet6 fe80::127d:ea0d:65b7:30e5/64
inet6 fe80::6e18:9a8a:652c:1700/64
router2#

 

 

save current config:

 

wr

 

router2# wr
Configuration saved to /etc/quagga/zebra.conf
router2#

 

 

 

enter edit mode:

 

Router#conf t

 

router2# conf t
router2(config)#

 

 

To exit configure mode

 

end

 

router2# conf t
router2(config)#
router2(config)#
router2(config)#
router2(config)# end
router2#

 

 

To display current configuration use the show running-config command:

 

sh run

 

router2# sh run

 

Current configuration:
!
hostname router2
password zebra
enable password zebra
log file /var/log/quagga/quagga.log
!
interface eth0
ipv6 nd suppress-ra
!
interface eth1
ipv6 nd suppress-ra
!
interface lo
!
ip forwarding
!
!
line vty
!
end
router2#

 

 

 

router1# show ip bgp neighbors
BGP neighbor is 192.168.122.1, remote AS 65100, local AS 65101, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Active
Last read 01:06:19, hold time is 180, keepalive interval is 60 seconds
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 34 0
Notifications: 0 0
Updates: 0 0
Keepalives: 0 0
Route Refresh: 0 0
Capability: 0 0
Total: 34 0
Minimum time between advertisement runs is 30 seconds

 

For address family: IPv4 Unicast
Community attribute sent to this neighbor(both)
0 accepted prefixes

 

Connections established 0; dropped 0
Last reset never
Local host: 192.168.122.11, Local port: 58120
Foreign host: 192.168.122.1, Foreign port: 179
Nexthop: 192.168.122.11
Nexthop global: fe80::127d:ea0d:65b7:30e5
Nexthop local: ::
BGP connection: non shared network
Next connect timer due in 109 seconds
Read thread: off Write thread: off

 

router1#

 

 

to exit router:

 

exit

 

router2# exit
Connection closed by foreign host.
[root@router2 quagga]#

 

Continue Reading

Setting up NAT Networking on Oracle Virtualbox on CentOS

First define a nat network under tools — preferences – network and give it a name, I called it NatNetwork.

 

Then right click on properties, and define the ip of the subnet – a new one just for NatNetwork, I chose 10.0.5.0

 

Next go to each VM and add a network adapter connected to NatNetwork

 

and select the network you created.

 

To enable IP packet forwarding please edit /etc/sysctl.conf with your editor of choice and set:
# Controls IP packet forwarding
net.ipv4.ip_forward = 1

You can then verify your settings with:
/sbin/sysctl -p

 

on each machine

 

sysctl -w net.ipv4.ip_forward=1

 

you also have to put it in the /etc/sysctl.d/sysctl.conf file! otherwise it does not take effect -and do:

 

root@router:/etc/netplan# sysctl –system

 

I did it with:

 

 

[root@clusterserver sysctl.d]# sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
[root@clusterserver sysctl.d]#

 

[root@clusterserver sysctl.d]# /sbin/sysctl -p
net.ipv4.ip_forward = 1
[root@clusterserver sysctl.d]#
root@router:/etc/netplan# sysctl –system

 

 

NOTE with centos and nmcli you have to first add a new connection:

 

[root@clusterserver network-scripts]# nmcli dev status
DEVICE TYPE STATE CONNECTION
enp0s3 ethernet connected enp0s3
enp0s8 ethernet connected enp0s8
virbr0 bridge connected (externally) virbr0
enp0s10 ethernet disconnected —
lo loopback unmanaged —
virbr0-nic tun unmanaged —

 

[root@clusterserver network-scripts]#
[root@clusterserver network-scripts]#
[root@clusterserver network-scripts]# nmcli con add type ethernet con-name enp0s10 ifname enp0s10 ip4 10.0.5.10
Connection ‘enp0s10’ (392ee518-be1b-4498-885c-cacef2e295d9) successfully added.
[root@clusterserver network-scripts]#

 

Unter CentOS a “connection” is not the same as a network interface, I have used the same name for the connection here, but it can be labeled differently.

 

then it looks like this:

 

[root@clusterserver network-scripts]#
[root@clusterserver network-scripts]# nmcli dev status
DEVICE TYPE STATE CONNECTION
enp0s3 ethernet connected enp0s3
enp0s10 ethernet connected enp0s10
enp0s8 ethernet connected enp0s8
virbr0 bridge connected (externally) virbr0
lo loopback unmanaged —
virbr0-nic tun unmanaged

 

Note that manual changes to the ifcfg file will not be noticed by NetworkManager until the interface is next brought up.

 

So, you have to do a

 

nmcli con down enp0s10 && nmcli con up enp0s10

 

[root@clusterserver network-scripts]# nmcli con down enp0s10 && nmcli con up enp0s10
Connection ‘enp0s10’ successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
[root@clusterserver network-scripts]#

 

To configure a static route for an existing Ethernet connection using the command line, enter a command as follows:
~]# nmcli connection modify eth0 +ipv4.routes “192.168.122.0/24 10.10.10.1”

 

This will direct traffic for the 192.168.122.0/24 subnet to the gateway at 10.10.10.1.

 

so, we need to do:

 

[root@clusterserver network-scripts]# nmcli connection modify enp0s10 +ipv4.routes “10.0.2.0/24 10.0.2.10”
[root@clusterserver network-scripts]#

 

Next, IMPORTANT!! do a reload of the specific connection:

 

[root@clusterserver network-scripts]# nmcli con reload enp0s10
[root@clusterserver network-scripts]#

 

otherwise the changes will not be active!

 

OR do interactively:

 

[root@clusterserver network-scripts]# nmcli con edit type ethernet con-name enp0s10

 

===| nmcli interactive connection editor |===

 

Adding a new ‘802-3-ethernet’ connection

 

Type ‘help’ or ‘?’ for available commands.
Type ‘print’ to show all the connection properties.
Type ‘describe [<setting>.<prop>]’ for detailed property description.

 

You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, dcb, sriov, ethtool, match, ipv4, ipv6, tc, proxy
nmcli> set ipv4.routes 10.0.5.0/24 10.0.5.10
nmcli>
nmcli>
nmcli> save persistent
Saving the connection with ‘autoconnect=yes’. That might result in an immediate activation of the connection.
Do you still want to save? (yes/no) [yes] yes
Connection ‘enp0s10’ (cbaf5c33-de4a-43a1-83af-7f51103706bd) successfully saved.
nmcli>

 

Setting up NAT NETWORK on Oracle VB on CentOS

 

first define a nat network under tools — preferences – network and give it a name, I called it NatNetwork

 

and then right click on properties, and define the ip of the subnet – a new one just for the nat network, I chose 10.0.5.0

 

next go to each VM and add a network adapter connected to NAT Network

 

and select the network you created.

 

To enable IP packet forwarding please edit /etc/sysctl.conf with your editor of choice and set:

 

# Controls IP packet forwarding
net.ipv4.ip_forward = 1
You can then verify your settings with:
/sbin/sysctl -p

 

on each machine

 

sysctl -w net.ipv4.ip_forward=1

 

you also have to put it in the /etc/sysctl.d/sysctl.conf file! otherwise it does not take effect -and do:

 

root@router:/etc/netplan# sysctl –system

 

I did it with:

 

 

[root@clusterserver sysctl.d]# sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1

[root@clusterserver sysctl.d]#

 

[root@clusterserver sysctl.d]# /sbin/sysctl -p
net.ipv4.ip_forward = 1

[root@clusterserver sysctl.d]#
root@router:/etc/netplan# sysctl –system

 

 

NOTE with centos and nmcli you have to first add a new connection:

 

[root@clusterserver network-scripts]# nmcli dev status
DEVICE TYPE STATE CONNECTION
enp0s3 ethernet connected enp0s3
enp0s8 ethernet connected enp0s8
virbr0 bridge connected (externally) virbr0
enp0s10 ethernet disconnected —
lo loopback unmanaged —
virbr0-nic tun unmanaged —
[root@clusterserver network-scripts]#
[root@clusterserver network-scripts]#
[root@clusterserver network-scripts]# nmcli con add type ethernet con-name enp0s10 ifname enp0s10 ip4 10.0.5.10
Connection ‘enp0s10’ (392ee518-be1b-4498-885c-cacef2e295d9) successfully added.
[root@clusterserver network-scripts]#

 

Unter CentOS a “connection” is not the same as a network interface, I have used the same name for the connection here, but it can be labeled differently.

 

then it looks like this:

 

[root@clusterserver network-scripts]#
[root@clusterserver network-scripts]# nmcli dev status
DEVICE TYPE STATE CONNECTION
enp0s3 ethernet connected enp0s3
enp0s10 ethernet connected enp0s10
enp0s8 ethernet connected enp0s8
virbr0 bridge connected (externally) virbr0
lo loopback unmanaged —
virbr0-nic tun unmanaged

 

Note that manual changes to the ifcfg file will not be noticed by NetworkManager until the interface is next brought up.

 

So, you have to do a

 

nmcli con down enp0s10 && nmcli con up enp0s10

 

[root@clusterserver network-scripts]# nmcli con down enp0s10 && nmcli con up enp0s10
Connection ‘enp0s10’ successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
[root@clusterserver network-scripts]#

 

 

To configure a static route for an existing Ethernet connection using the command line, enter a command as follows:
~]# nmcli connection modify eth0 +ipv4.routes “192.168.122.0/24 10.10.10.1”
This will direct traffic for the 192.168.122.0/24 subnet to the gateway at 10.10.10.1.

 

so, we need to do:

 

[root@clusterserver network-scripts]# nmcli connection modify enp0s10 +ipv4.routes “10.0.2.0/24 10.0.2.10”
[root@clusterserver network-scripts]#

 

Next, IMPORTANT!! do a reload of the specific connection:

 

[root@clusterserver network-scripts]# nmcli con reload enp0s10
[root@clusterserver network-scripts]#

 

otherwise the changes will not be active!

 

OR do interactively:

 

[root@clusterserver network-scripts]# nmcli con edit type ethernet con-name enp0s10

 

===| nmcli interactive connection editor |===

 

Adding a new ‘802-3-ethernet’ connection

Type ‘help’ or ‘?’ for available commands.
Type ‘print’ to show all the connection properties.
Type ‘describe [<setting>.<prop>]’ for detailed property description.

 

You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, dcb, sriov, ethtool, match, ipv4, ipv6, tc, proxy
nmcli> set ipv4.routes 10.0.5.0/24 10.0.5.10
nmcli>
nmcli>
nmcli> save persistent
Saving the connection with ‘autoconnect=yes’. That might result in an immediate activation of the connection.
Do you still want to save? (yes/no) [yes] yes
Connection ‘enp0s10’ (cbaf5c33-de4a-43a1-83af-7f51103706bd) successfully saved.
nmcli>

 

 

 

 

Continue Reading