Bering-uClibc 7.x - User Guide - Advanced Topics - Setting Up a Routing Daemon
Advanced Topics - Setting Up a Routing Daemon | ||
---|---|---|
Prev | Bering-uClibc 7.x - User Guide | Next |
Contents
Introduction
Simple installations of Bering-uClibc generally operate with simple routing tables - they automatically know how to route traffic between all locally-connected networks and everything else gets sent via a single default
route - typically to an Internet Service Provider (ISP).
Slightly more complexity can be managed using manually-maintained 'static routes' or other mechanisms - for example choosing between multiple Internet connections - but where there are lots of routes to administer (and especially where these routes change as network links go up and down) a more automated solution is required.
Large-scale network installations typically rely on Routing Protocols such as Border Gateway Protocol (BGP) or Open Shortest Path First (OSPF) as a means to automatically communicate routing information between routers.
In order to send or receive routing information using one or more of these standard routing protocols, some sort of Routing Daemon is required. Note the actual routing is still done by the Linux kernel; the role of the Routing Daemon is to populate the kernel's routing table with information about non-local networks.
Bering-uClibc 7.x offers two Routing Daemon options: Zebra (actually the Quagga codebase) and BIRD, which are described further below.
Zebra
This material copied directly from http://leaf.sourceforge.net/doc/bucu-zebra.html - needs to be checked/updated for Bering-uClibc 7.x!
Overview
Zebra is a routing daemon. That means, it will send routing requests and receive similar requests from neighbor routers, and eventually update your routing tables accordingly. Zebra provides TCP/IP based routing services with routing protocols support such as RIPv1, RIPv2, RIPng, OSPFv2, OSPFv3, BGP-4, and BGP-4+.
In Bering-uClibc 7.x [and some earlier versions too - do we know which?] the Zebra packages actually implements the Quagga software codebase, which replaced the earlier GNU Zebra codebase.
RIP and OSPF are "internal" routing protocols, whereas BGP is an "external" routing protocol. Internal protocols are designed for use in LANs, within a global administrative scope. External protocols are designed for use in WAN, and BGP is specifically designed for Internet use. Zebra also supports special BGP Route Reflector and Route Server behavior. In addition to traditional IPv4 routing protocols, Zebra also supports IPv6 routing protocols.
There are five routing daemons in use, and there is one manager daemon. These daemons may be located on separate machines from the manager daemon.
The routing daemons are:
- ripd, ripngd, ospfd, ospf6d, bgpd
The manager daemon is:
- zebra
Configuring Zebra
Zebra's architecture includes an O/S dependant application, whose role is to deal with network interface configuration, routing table updates, and other kernel stuff ; and O/S independant routing processes, communicating thru sockets with the Zebra core. You will have to choose which daemons you want to run by loading and configuring the appropiate Packages.
If you want to activate the processes zebra and bgpd, edit bgpd.conf
(note that lines beginning with ! are comments). No configuration is necessary in zebra.conf, but you should edit bgpd.conf
to include the following lines :
router bgp ASN bgp router-id ROUTERID network 192.168.A.B/M network 192.168.C.D/N neighbor 192.168.P.Q remote-as REMOTEASN
Where ASN is your Autonomous System Number (it will look like a number above 65000, and will be given when you ask for it to the tunnel's maintener), ROUTERID is a dummy IP address (it can be 5.4.3.2 if you like, it's just an identifier). You should specify your network entries with respect to your allocated IP addresses ranges. For instance, if you told the maintener that you would use 192.168.93.1 thru 192.168.93.127, specify 192.168.93.0/25 . You can specify multiple network routes. If you are part of the backbone (you will be told if that is the case), you should export a host route (192.168.0.X/32). The neighbor IP address and ASN will be given to you by your maintener.
After editing configuration files, do a backup and start zebra and bgpd (svi zebra start and svi bgpd start or reboot the router). The routes should appear within your kernel routing table (ip route).
You need to open the appropiate ports in shorewall (fw <-> loc for internal and fw <-> net for external routing protocols) to make the routing exchange possible.
Configuring Zebra with telnet
The individual daemons also provide a vty interface for Cisco like configuration. There are two ways of doing this: by telnetting to localhost (this method is not further described, because Bering-uClibc doesn't provide a telnet client due to securrity reasons) and by telnetting to the router with telnet from a client machine. Opening ports on the firewall is always a securitty risk, so only do this is you trust your localnet.
Open the zebra port and one of more of the daemon ports in shorewall (loc to net):
zebra | 2601/tcp | # zebra vty |
ripd | 2602/tcp | # RIPd vty |
ripngd | 2603/tcp | # RIPngd vty |
ospfd | 2604/tcp | # OSPFd vty |
bgpd | 2605/tcp | # BGPd vty |
ospf6d | 2606/tcp | # OSPF6d vty |
First configure the routing daemons as described in the previous section, additional you can set a password and a Hostname as described below:
Password: The password is like a standard user password, and think about the "enable password" like the "root password" of an UNIX box. If you don't put an "enable password", it won't be necessary (id est, empty password).
Hostname: You can also configure hostnames : If you use foo-zebra as hostname the router's name is "foo" for zebra process, and foo-bgpd for the bgpd process. The hostname only influences the command prompt when you connect to a router (with telnet firewall bgpd for instance).
After backup and starting of the different daemons, you can connect to them with: telnet <firewall> <port or name>
Check the BGP configuration: Connect to your BGP routing process : telnet firewall bgpd ; you will be prompted for a password. At the prompt, issue enable and give your enable password. Then, show ip bgp will show BGP routes ; show ip bgp summary will show neighbors state. The latter should look like this:
firewall-bgpd# sh ip bg su Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pref 192.168.168.168 4 65168 14062 13971 0 0 0 1d23h59m 6 192.168.192.1 4 65301 6110 6250 0 0 0 2d00h01m 1 firewall-bgpd#
Notice that you can abbreviate commands. If you see big variations between MsgRcvd and MsgSent, that may be a hint of network failures.
You have to backup the configuration with both "write" in the vty and a backup of the package on the Bering-uClibc firewall itself.
Links
https://www.nongnu.org/quagga/
http://skaya.enix.org/vpn/zebra.html
BIRD
Introduction
BIRD Internet Routing Daemon (BIRD) does broadly the same thing as Zebra but it has a different software architecture from Zebra; there is a single daemon bird
which can implement multiple routing protocols, based on the entries in a single configuration file /etc/bird/bird.conf
This is installed using the bird.lrp
Package.
Note that the configuration syntax changed significantly between BIRD 1.x and BIRD 2.x; it's the latter which is implemented in Bering-uClibc 7.x so be careful when using configuration examples from other websites that might use the older v1.x syntax. The official User's guide 2.0 is the best source for reliable 2.x configuration information.
The BIRD daemon is monitored and managed using the BIRD client. There are two variants of this available for Bering-uClibc 7.x:
-
birdc.lrp
which provides thebirdc
(bird client) command- This is rather easier for new users and is recommended
-
birdcl.lrp
which provides thebirdcl
(bird client - lightweight) command- This does not rely on the curses or readline libraries and so lacks command-line completion features but is otherwise fully functional; use if disk space or RAM is limited
Concepts
BIRD implements its own concept of Routing Tables, with the ability to control how Routes get copied between these 'BIRD' Routing Tables, the Kernel's Routing Tables and various Routing Protocols.
As standard, it uses a BIRD Routing Table called master4
for IPv4 routes and a corresponding one called master6
for IPv6 routes.
Then it understands several 'real' Routing Protocols such as BGP, OSPF and RIP.
Also, there are several 'pseudo' Routing Protocols such as Kernel, Direct and Static.
Most of the configuration required is to specify which sort of Routes should get Imported from each Protocol to the BIRD Routing Tables, and which should get Exported in the opposite direction.
References
Prev | Up | Next |