Even though it hasn't hit a 1.0 release yet, it sounds as though Quagga, the open source "advanced routing software package that provides a suite of TCP/IP based routing protocols", has become a mature package for use in various parts of a network design. I am looking to use it in several different scenarios:
- with it configured on two different servers, use it as a BGP Route Reflector pair in a small ISP
- use it in a hosted virtualization environment where it can speak BGP with the hosting facility, and break out smaller subnets to various local virtualized guests
- communicate black-hole prefixes to an up-stream provider for assistance with remediation of Denial Of Service (DoS) attacks (some do it this way rather than using BGP community strings
With Debian Wheezy, it starts with a simple package install:
apt-get install quagga
There are then a number of manual steps to be performed. I am interested in the following routing daemons:
- zebra: which looks after local interface and routing table maintenance. If Quagga is configured
only as a BGP Route Reflector, I don't think Zebra is required. When BGP or OSPF are used locally, then Zebra is required
- ospf: local network routing
- bgp: route reflecting, and inter Autonomous System (AS) routing
Sample configuration files have to be copied over:
root@quagga01:/etc/quagga# history
cp /usr/share/doc/quagga/examples/bgpd.conf.sample bgpd.conf
cp /usr/share/doc/quagga/examples/ospfd.conf.sample ospfd.conf
cp /usr/share/doc/quagga/examples/vtysh.conf.sample vtysh.conf
cp /usr/share/doc/quagga/examples/zebra.conf.sample zebra.conf
In /etc/quagga/daemons, the appropriate daemons need to be turned on with a 'yes'.
Some privilege and ownership changes are required:
chown quagga.quagga zebra.conf
chmod 640 zebra.conf
chown quagga.quagga bgpd.conf
chmod 640 bgpd.conf
chown quagga.quagga ospfd.conf
chmod 640 ospfd.conf
chown quagga.quaggavty vtysh.conf
chmod 660 vtysh.conf
The other file for content modification is debian.conf. This is a file of command
line parameters for each daemon. Addresses from which management telnet is accepted would be
placed in to this file as well.
The built in 'shell', vtysh, uses an external program to provide listings. It seems to be a
bit intrusive, but everyone seems to deal with it. It requires a 'more' or 'less' external program.
Create a permanent shell variable with:
echo VTYSH_PAGER=less >> /etc/environement
Create a current shell variable with or better yet, for permanency, put it in your ~/.bashrc file:
export VTYSH_PAGER=less
vtysh appears to bypass any username or password requirements. On the otherhand, vtysh does
facilitate local scripting with the -e execute command line parameter.
vtysh documentation indicates that an integrated configuration file is not on by default. However,
it looks as though the Debian package configuration turns it on. Therefore the initial configuration is
loaded from the individual daemon files, consolidated, and saved in the Quagga.conf file. In
the vtysh.conf file, the paramter 'service integrated-vtysh-config' appears to control this.
With this included in the file, configuration changes can only be made through vtysh. The telnet
modes are only read access and for routing evaluation.
Otherwise, once services have been started, local telnet can be used to
connect to the daemons. Usernames, passwords, and enable are enforced for telnet.
Port numbers are identified in the /etc/services file with:
grep 260 /etc/services
For example:
- telnet localhost 2601 # for zebra
- telnet localhost 2605 # for bgpd
Or better yet, rather than remembering port numbers, can use service names:
- telnet localhost ospfd # for ospf
- telnet localhost bgpd # for bgp
- vtysh # for zebra
The daemons can be started with:
/etc/init.d/quagga start
Useful tricks and tips for Quagga can be found at
Sourceforge Quagga Tips and Tricks.