Quagga: A software router for RHI

Introduction

Laymen explanation

If you are a network admin and you are running server, then you want to ensure that server IP is accessible from client environment. If your server IP is known to adjacent router, then it is well. Otherwise you will need these IPs to be routable. Will you modify existing router box configuration? Will you purchase a new router box? Instead, you can run a software router which will make these IPs routable. This document tries to help in this regard.

Technical explanation

Today, TCP/IP networks are covering all of the world. The Internet has been deployed in many countries, companies, and to the home. When you connect to the Internet your packet will pass many routers which have TCP/IP routing functionality.

A system with Quagga installed acts as a dedicated router. With Quagga, your machine exchanges routing information with other routers using routing protocols. Quagga uses this information to update the kernel routing table so that the right data goes to the right place.

Quagga commands are CISCO like commands.

Quagga Architecture

The Quagga architecture consists of a core daemon, zebra, which acts as an abstraction layer to the underlying Unix kernel and presents the Zserv API over a Unix or TCP stream to Quagga clients.

Traditionally, UNIX based router configuration is done by ifconfig and route commands. Status of routing table is displayed by netstat utility. Almost of these commands work only if the user has root privileges. Quagga has a different system administration method. There are two user modes in Quagga. One is normal mode, the other is enable mode. Normal mode user can only view system status, enable mode user can change system configuration. This UNIX account independent feature will be great help to the router administrator.

Each daemon has it’s own configuration file and terminal interface. When you configure a static route, it must be done inzebra configuration file. When you configure BGP network it must be done in bgpd configuration file. Also, Quagga provides integrated user interface shell called vtysh.

Steps to install quagga in ubuntu

Load package

apt-get install quagga quagga-doc

Check if quagga is running

service quagga status

service quagga restart

Configuration data

Configuration sample

root@ubuntu:~# cat /etc/quagga/bgpd.conf

! -*- bgp -*-

!

! BGPd sample configuratin file

!

! $Id: bgpd.conf.sample,v 1.1 2002/12/13 20:15:29 paul Exp $

!

hostname bgpd

password zebra

!enable password please-set-at-here

!

!bgp mulitple-instance

!

router bgp 7675

! bgp router-id 10.0.0.1

! network 10.0.0.0/8

! neighbor 10.0.0.2 remote-as 7675

! neighbor 10.0.0.2 route-map set-nexthop out

! neighbor 10.0.0.2 ebgp-multihop

! neighbor 10.0.0.2 next-hop-self

!

! access-list all permit any

!

!route-map set-nexthop permit 10

! match ip address all

! set ip next-hop 10.0.0.1

!

!log file /var/log/quagga/bgpd.log

!

log stdout

[root@ubuntu:~# cat /etc/quagga/zebra.conf

! -*- zebra -*-

!

! zebra sample configuration file

!

! $Id: zebra.conf.sample,v 1.1 2002/12/13 20:15:30 paul Exp $

!

hostname Router

password zebra

enable password zebra

!

! Interface's description.

!

!interface lo

! description test of desc.

!

!interface sit0

! multicast

!

! Static default route sample.

!

!ip route 0.0.0.0/0 203.181.89.241

!

!log file /var/log/quagga/zebra.log

root@ubuntu:~#

Method to connect with Zebra

Connecting to Zebra

root@ubuntu:~# nmap localhost

Starting Nmap 7.01 ( https://nmap.org ) at 2017-11-28 23:45 IST

Nmap scan report for localhost (127.0.0.1)

Host is up (0.000011s latency).

Other addresses for localhost (not scanned): ::1

Not shown: 997 closed ports

PORT STATE SERVICE

22/tcp open ssh

2601/tcp open zebra

2602/tcp open ripd

Nmap done: 1 IP address (1 host up) scanned in 1.63 seconds

root@ubuntu:~# telnet localhost 2601

Trying ::1...

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

Hello, this is Quagga (version 0.99.24.1).

Copyright 1996-2005 Kunihiro Ishiguro, et al.

User Access Verification

Password:

Router>

Configuration example

Refer https://www.youtube.com/watch?v=mVaOtaL6WMY for step-2-step guide for configuration using RIP

Example config

Ubuntu Router 1:

root@ubuntu:~# ifconfig

docker0 Link encap:Ethernet HWaddr 02:42:84:ed:e5:8f

inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0

UP BROADCAST MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

eth0 Link encap:Ethernet HWaddr 06:57:74:35:46:42

inet addr:10.102.53.241 Bcast:10.102.53.255 Mask:255.255.255.0

inet6 addr: fe80::457:74ff:fe35:4642/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:1636932 errors:0 dropped:0 overruns:0 frame:0

TX packets:8912 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:166894790 (166.8 MB) TX bytes:986933 (986.9 KB)

eth1 Link encap:Ethernet HWaddr 3a:50:61:74:31:7b

inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0

inet6 addr: fe80::3850:61ff:fe74:317b/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:8 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:0 (0.0 B) TX bytes:648 (648.0 B)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:65536 Metric:1

RX packets:19761 errors:0 dropped:0 overruns:0 frame:0

TX packets:19761 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1

RX bytes:907670 (907.6 KB) TX bytes:907670 (907.6 KB)

root@ubuntu:~# ping 10.102.53.242

PING 10.102.53.242 (10.102.53.242) 56(84) bytes of data.

64 bytes from 10.102.53.242: icmp_seq=1 ttl=64 time=0.429 ms

^C

--- 10.102.53.242 ping statistics ---

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 0.429/0.429/0.429/0.000 ms

root@ubuntu:~# ping 10.102.53.241

PING 10.102.53.241 (10.102.53.241) 56(84) bytes of data.

64 bytes from 10.102.53.241: icmp_seq=1 ttl=64 time=0.045 ms

^C

root@ubuntu:~# ping 192.168.1.100

PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.

64 bytes from 192.168.1.100: icmp_seq=1 ttl=64 time=0.051 ms

64 bytes from 192.168.1.100: icmp_seq=2 ttl=64 time=0.048 ms

^C

--- 192.168.1.100 ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 999ms

rtt min/avg/max/mdev = 0.048/0.049/0.051/0.007 m

root@ubuntu:~#

root@ubuntu:~# nmap localhost

Starting Nmap 7.01 ( https://nmap.org ) at 2017-11-29 13:18 IST

Nmap scan report for localhost (127.0.0.1)

Host is up (0.000011s latency).

Other addresses for localhost (not scanned): ::1

Not shown: 997 closed ports

PORT STATE SERVICE

22/tcp open ssh

2601/tcp open zebra

2602/tcp open ripd

Nmap done: 1 IP address (1 host up) scanned in 1.63 seconds

root@ubuntu:~# telnet localhost 2601

Trying ::1...

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

Hello, this is Quagga (version 0.99.24.1).

Copyright 1996-2005 Kunihiro Ishiguro, et al.

User Access Verification

Password:

Router> enable

Password:

Router# sh ip route

Codes: K - kernel route, C - connected, S - static, R - RIP,

O - OSPF, I - IS-IS, B - BGP, P - PIM, A - Babel,

> - selected route, * - FIB route

K>* 0.0.0.0/0 via 10.102.53.1, eth0

C>* 10.102.53.0/24 is directly connected, eth0

C>* 127.0.0.0/8 is directly connected, lo

C>* 172.17.0.0/16 is directly connected, docker0

C>* 192.168.1.0/24 is directly connected, eth1

Router#

root@ubuntu:~# telnet localhost 2602

Trying ::1...

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

Hello, this is Quagga (version 0.99.24.1).

Copyright 1996-2005 Kunihiro Ishiguro, et al.

User Access Verification

Password:

ripd> enable

ripd# conf t

ripd(config)# router rip

ripd(config-router)# network 10.102.53.0/24

ripd(config-router)# show run

ripd(config-router)# show running-config

Current configuration:

!

hostname ripd

password zebra

log stdout

!

router rip

version 2

network 10.102.53.0/24

network 192.168.1.0/24

!

line vty

!

end

ripd(config-router)# exit

ripd(config)# exit

ripd#

Ubuntu Router 2:

root@ubuntu:~# telnet localhost 2602

Trying ::1...

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

Hello, this is Quagga (version 0.99.24.1).

Copyright 1996-2005 Kunihiro Ishiguro, et al.

User Access Verification

Password:

ripd> sho

ripd> show run

ripd> enable

ripd# sho

ripd# show run

ripd# show running-config

Current configuration:

!

hostname ripd

password zebra

log stdout

!

router rip

version 2

network 10.102.53.0/24

!

line vty

!

end

ripd(config)# exit

ripd# exit

Connection closed by foreign host.

root@ubuntu:~# telnet localhost 2601

Trying ::1...

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

Hello, this is Quagga (version 0.99.24.1).

Copyright 1996-2005 Kunihiro Ishiguro, et al.

User Access Verification

Password:

Router> enable

Password:

Password:

Router# sh ip route

Codes: K - kernel route, C - connected, S - static, R - RIP,

O - OSPF, I - IS-IS, B - BGP, P - PIM, A - Babel,

> - selected route, * - FIB route

K>* 0.0.0.0/0 via 10.102.53.1, eth0

C>* 10.102.53.0/24 is directly connected, eth0

C>* 127.0.0.0/8 is directly connected, lo

R>* 192.168.1.0/24 [120/2] via 10.102.53.241, eth0, 00:13:13

C>* 192.168.2.0/24 is directly connected, eth1

Router#

Router# exit

Connection closed by foreign host.

root@ubuntu:~# ping 192.168.1.100

PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.

64 bytes from 192.168.1.100: icmp_seq=1 ttl=64 time=0.208 ms

64 bytes from 192.168.1.100: icmp_seq=2 ttl=64 time=0.267 ms

64 bytes from 192.168.1.100: icmp_seq=3 ttl=64 time=0.217 ms

^C

--- 192.168.1.100 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 1998ms

rtt min/avg/max/mdev = 0.208/0.230/0.267/0.031 ms

Method to publish static route

Static route onfiguration via zebra and rip

Ubuntu box1:

root@ubuntu:~# telnet localhost 2602

Trying ::1...

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

Hello, this is Quagga (version 0.99.24.1).

Copyright 1996-2005 Kunihiro Ishiguro, et al.

User Access Verification

Password:

ripd> sh run

ripd> enable

ripd# sh runn

ripd# sh running-config

Current configuration:

!

hostname ripd

password zebra

log stdout

!

router rip

redistribute static

network 10.102.53.0/24 --> network for publishing route info

route 172.17.0.3/32 -> route to be published in docker0 network

!

line vty

!

end

ripd#

root@ubuntu:~# telnet localhost 2601

Trying ::1...

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

Hello, this is Quagga (version 0.99.24.1).

Copyright 1996-2005 Kunihiro Ishiguro, et al.

User Access Verification

Password:

Router> sh run

Router> enable

Router# sh running-config

Current configuration:

!

hostname Router

password zebra

!

interface docker0

link-detect

ipv6 nd suppress-ra

!

interface eth0

link-detect

ipv6 nd suppress-ra

!

interface eth1

link-detect

ipv6 nd suppress-ra

!

interface lo

link-detect

!

interface veth0f7178e

no link-detect

ipv6 nd suppress-ra

!

interface veth3afd038

no link-detect

ipv6 nd suppress-ra

!

!

interface veth3afd038

no link-detect

ipv6 nd suppress-ra

!

interface veth9cf4c56

no link-detect

ipv6 nd suppress-ra

!

interface veth95bed9f

no link-detect

ipv6 nd suppress-ra

!

interface vethb5736f8

no link-detect

ipv6 nd suppress-ra

!

ip route 172.17.0.2/32 docker0

!

ip forwarding

!

!

line vty

!

end

Router# sh interface docker0

Interface docker0 is up, line protocol is up

index 4 metric 0 mtu 1500

flags: <UP,BROADCAST,RUNNING,MULTICAST>

HWaddr: 02:42:84:ed:e5:8f

inet 172.17.0.1/16

inet6 fe80::42:84ff:feed:e58f/64

Router# sh ip route

Codes: K - kernel route, C - connected, S - static, R - RIP,

O - OSPF, I - IS-IS, B - BGP, P - PIM, A - Babel,

> - selected route, * - FIB route

K>* 0.0.0.0/0 via 10.102.53.1, eth0

C>* 10.102.53.0/24 is directly connected, eth0

C>* 127.0.0.0/8 is directly connected, lo

C>* 172.17.0.0/16 is directly connected, docker0

S>* 172.17.0.2/32 [1/0] is directly connected, docker0

C>* 192.168.1.0/24 is directly connected, eth1

Ubuntu Box2:

root@ubuntu:~# telnet localhost 2602

Trying ::1...

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

Hello, this is Quagga (version 0.99.24.1).

Copyright 1996-2005 Kunihiro Ishiguro, et al.

User Access Verification

Password:

ripd> enable

ripd# show runn

ripd# show running-config

Current configuration:

!

hostname ripd

password zebra

log stdout

!

router rip

version 2

network 10.102.53.0/24 --> network for publishing route info

!

line vty

!

end

root@ubuntu:~# telnet localhost 2601

Trying ::1...

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

Hello, this is Quagga (version 0.99.24.1).

Copyright 1996-2005 Kunihiro Ishiguro, et al.

User Access Verification

Password:

Router> sh runn

Router> enable

Password:

Router# sh ip route

Codes: K - kernel route, C - connected, S - static, R - RIP,

O - OSPF, I - IS-IS, B - BGP, P - PIM, A - Babel,

> - selected route, * - FIB route

K>* 0.0.0.0/0 via 10.102.53.1, eth0

C>* 10.102.53.0/24 is directly connected, eth0

C>* 127.0.0.0/8 is directly connected, lo

R>* 172.17.0.2/32 [120/2] via 10.102.53.241, eth0, 00:11:01

R>* 172.17.0.3/32 [120/2] via 10.102.53.241, eth0, 00:49:34

C>* 192.168.2.0/24 is directly connected, eth1

Router# show running-config

Current configuration:

!

hostname Router

password zebra

enable password zebra

!

interface eth0

no link-detect

ipv6 nd suppress-ra

!

interface eth1

no link-detect

ipv6 nd suppress-ra

!

interface lo

no link-detect

!

!

!

line vey

!

end

Router# exit

root@ubuntu:~# ping 172.17.0.1

PING 172.17.0.1 (172.17.0.1) 56(84) bytes of data.

^C

--- 172.17.0.1 ping statistics ---

2 packets transmitted, 0 received, 100% packet loss, time 1008ms

∫root@ubuntu:~# ping 172.17.0.2

PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.

64 bytes from 172.17.0.2: icmp_seq=1 ttl=254 time=0.455 ms

^C

--- 172.17.0.2 ping statistics ---

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 0.455/0.455/0.455/0.000 ms

root@ubuntu:~# ping 172.17.0.3

PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data.

64 bytes from 172.17.0.3: icmp_seq=4 ttl=254 time=0.489 ms

64 bytes from 172.17.0.3: icmp_seq=5 ttl=254 time=0.360 ms

^C

--- 172.17.0.3 ping statistics ---

5 packets transmitted, 2 received, 60% packet loss, time 4023ms

rtt min/avg/max/mdev = 0.360/0.424/0.489/0.067 ms

Above approach depicts two approaches to configure static route.

172.17.0.3 is configured in RIP and so, it will publish always. 172.17.0.2 is configured via Zebra and docker0 is mentioned as next-hop. So, it will be published only if docker0 interface is up.

Both approaches have advantages and disadvantages.

/etc/quagga/zebra.conf

root@ubuntu:~# cat /etc/quagga/zebra.conf

!

! Zebra configuration saved from vty

! 2017/11/30 21:00:49

!

hostname Router

password zebra

!

interface docker0

link-detect

ipv6 nd suppress-ra

!

interface eth0

link-detect

ipv6 nd suppress-ra

!

interface eth1

link-detect

ipv6 nd suppress-ra

!

interface lo

link-detect

!

interface veth0f7178e

no link-detect

ipv6 nd suppress-ra

!

interface veth3afd038

no link-detect

ipv6 nd suppress-ra

!

interface veth95bed9f

no link-detect

ipv6 nd suppress-ra

!

interface vethb5736f8

no link-detect

ipv6 nd suppress-ra

!

ip route 172.17.0.2/32 docker0

!

ip forwarding

!

!

line vty

!

/etc/quagga/ripd.conf

root@ubuntu:~# cat /etc/quagga/ripd.conf

!

! Zebra configuration saved from vty

! 2017/11/30 20:44:01

!

hostname ripd

password zebra

log stdout

!

router rip

redistribute static

network 10.102.53.0/24

route 172.17.0.3/32

!

line vty

!

root@ubuntu:~#

Troubleshooting

Static rout publish issue

Static route is not published due to interface is down

Ubuntu Box1:

root@ubuntu:~# ip addr show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000

link/ether 06:57:74:35:46:42 brd ff:ff:ff:ff:ff:ff

inet 10.102.53.241/24 brd 10.102.53.255 scope global eth0

valid_lft forever preferred_lft forever

inet6 fe80::457:74ff:fe35:4642/64 scope link

valid_lft forever preferred_lft forever

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000

link/ether 3a:50:61:74:31:7b brd ff:ff:ff:ff:ff:ff

inet 192.168.1.100/24 brd 192.168.1.255 scope global eth1

valid_lft forever preferred_lft forever

inet6 fe80::3850:61ff:fe74:317b/64 scope link

valid_lft forever preferred_lft forever

4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default

link/ether 02:42:84:ed:e5:8f brd ff:ff:ff:ff:ff:ff

inet 172.17.0.1/16 scope global docker0

valid_lft forever preferred_lft forever

inet6 fe80::42:84ff:feed:e58f/64 scope link

valid_lft forever preferred_lft forever

root@ubuntu:~# telnet localhost 2601

Trying ::1...

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

Hello, this is Quagga (version 0.99.24.1).

Copyright 1996-2005 Kunihiro Ishiguro, et al.

User Access Verification

Password:

Router> sh interface docker0

Interface docker0 is up, line protocol is down

index 4 metric 0 mtu 1500

flags: <UP,BROADCAST,MULTICAST>

HWaddr: 02:42:84:ed:e5:8f

inet 172.17.0.1/16

inet6 fe80::42:84ff:feed:e58f/64

Router> conf t

% [ZEBRA] Unknown command: conf t

Router> enable

Router# show running-config

Current configuration:

!

hostname Router

password zebra

!

interface docker0

link-detect

ipv6 nd suppress-ra

!

interface eth0

link-detect

ipv6 nd suppress-ra

!

interface eth1

link-detect

ipv6 nd suppress-ra

!

interface lo

link-detect

!

interface veth0f7178e

no link-detect

ipv6 nd suppress-ra

!

interface veth3afd038

no link-detect

ipv6 nd suppress-ra

!

interface veth95bed9f

no link-detect

ipv6 nd suppress-ra

!

interface vethb5736f8

no link-detect

ipv6 nd suppress-ra

!

ip route 172.17.0.1/32 docker0

ip route 172.17.0.2/32 docker0

!

ip forwarding

!

!

line vty

!

end

Ubuntu box2:

root@ubuntu:~# telnet localhost 2601

Trying ::1...

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

Hello, this is Quagga (version 0.99.24.1).

Copyright 1996-2005 Kunihiro Ishiguro, et al.

User Access Verification

Password:

Router> sh ip route

Codes: K - kernel route, C - connected, S - static, R - RIP,

O - OSPF, I - IS-IS, B - BGP, P - PIM, A - Babel,

> - selected route, * - FIB route

K>* 0.0.0.0/0 via 10.102.53.1, eth0

C>* 10.102.53.0/24 is directly connected, eth0

C>* 127.0.0.0/8 is directly connected, lo

R>* 172.17.0.3/32 [120/2] via 10.102.53.241, eth0, 00:34:04

C>* 192.168.2.0/24 is directly connected, eth1

As show above, docker0 is down and so, its IP is not published.

Solution: Ensure that atleast one container is running. In this case, docker0 will be up.

Reference

https://www.youtube.com/watch?v=mVaOtaL6WMY

http://www.nongnu.org/quagga/docs/docs-info.html#About-Quagga

https://openmaniak.com/quagga_tutorial.php

https://keepingitclassless.net/2015/05/open-source-routing-comparison/