Bering-uClibc 5.x - User Guide - Advanced Topics - Setting Up a Routing Daemon

From bering-uClibc
Jump to: navigation, search
Advanced Topics - Setting Up a Routing Daemon
Prev Bering-uClibc 5.x - User Guide Next


Zebra

This material copied directly from http://leaf.sourceforge.net/doc/bucu-zebra.html - needs to be checked/updated for Bering-uClibc 5.x!

Overview

Zebra is a routing daemon. That means, it will send routing requests and receive similar requests from neighbor routers, and eventually update your routing tables accordingly. Zebra provides TCP/IP based routing services with routing protocols support such as RIPv1, RIPv2, RIPng, OSPFv2, OSPFv3, BGP-4, and BGP-4+.

RIP and OSPF are "internal" routing protocols, whereas BGP is an "external" routing protocol. Internal protocols are designed for use in LANs, within a global administrative scope. External protocols are designed for use in WAN, and BGP is specifically designed for Internet use. Zebra also supports special BGP Route Reflector and Route Server behavior. In addition to traditional IPv4 routing protocols, Zebra also supports IPv6 routing protocols.

There are five routing daemons in use, and there is one manager daemon. These daemons may be located on separate machines from the manager daemon.

The routing daemons are:

  • ripd, ripngd, ospfd, ospf6d, bgpd

The manager daemon is:

  • zebra

Configuring Zebra

Zebra's architecture includes an O/S dependant application, whose role is to deal with network interface configuration, routing table updates, and other kernel stuff ; and O/S independant routing processes, communicating thru sockets with the Zebra core. You will have to choose which daemons you want to run by loading and configuring the appropiate Packages.

If you want to activate the processes zebra and bgpd, edit bgpd.conf (note that lines beginning with ! are comments). No configuration is necessary in zebra.conf, but you should edit bgpd.conf to include the following lines :

router bgp ASN
 bgp router-id ROUTERID
 network 192.168.A.B/M
 network 192.168.C.D/N
 neighbor 192.168.P.Q
 remote-as REMOTEASN

Where ASN is your Autonomous System Number (it will look like a number above 65000, and will be given when you ask for it to the tunnel's maintener), ROUTERID is a dummy IP address (it can be 5.4.3.2 if you like, it's just an identifier). You should specify your network entries with respect to your allocated IP addresses ranges. For instance, if you told the maintener that you would use 192.168.93.1 thru 192.168.93.127, specify 192.168.93.0/25 . You can specify multiple network routes. If you are part of the backbone (you will be told if that is the case), you should export a host route (192.168.0.X/32). The neighbor IP address and ASN will be given to you by your maintener.

After editing configuration files, do a backup and start zebra and bgpd (svi zebra start and svi bgpd start or reboot the router). The routes should appear within your kernel routing table (ip route).

You need to open the appropiate ports in shorewall (fw <-> loc for internal and fw <-> net for external routing protocols) to make the routing exchange possible.

Configuring Zebra with telnet

The individual daemons also provide a vty interface for Cisco like configuration. There are two ways of doing this: by telnetting to localhost (this method is not further described, because Bering-uClibc doesn't provide a telnet client due to securrity reasons) and by telnetting to the router with telnet from a client machine. Opening ports on the firewall is always a securitty risk, so only do this is you trust your localnet.

Open the zebra port and one of more of the daemon ports in shorewall (loc to net):

zebra 2601/tcp # zebra vty
ripd 2602/tcp # RIPd vty
ripngd 2603/tcp # RIPngd vty
ospfd 2604/tcp # OSPFd vty
bgpd 2605/tcp # BGPd vty
ospf6d 2606/tcp # OSPF6d vty

First configure the routing daemons as described in the previous section, additional you can set a password and a Hostname as described below:

Password: The password is like a standard user password, and think about the "enable password" like the "root password" of an UNIX box. If you don't put an "enable password", it won't be necessary (id est, empty password).

Hostname: You can also configure hostnames : If you use foo-zebra as hostname the router's name is "foo" for zebra process, and foo-bgpd for the bgpd process. The hostname only influences the command prompt when you connect to a router (with telnet firewall bgpd for instance).

After backup and starting of the different daemons, you can connect to them with: telnet <firewall> <port or name>

Check the BGP configuration: Connect to your BGP routing process : telnet firewall bgpd ; you will be prompted for a password. At the prompt, issue enable and give your enable password. Then, show ip bgp will show BGP routes ; show ip bgp summary will show neighbors state. The latter should look like this: firewall-bgpd# sh ip bg su Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pref 192.168.168.168 4 65168 14062 13971 0 0 0 1d23h59m 6 192.168.192.1 4 65301 6110 6250 0 0 0 2d00h01m 1 firewall-bgpd#

Notice that you can abbreviate commands. If you see big variations between MsgRcvd and MsgSent, that may be a hint of network failures.

You have to backup the configuration with both "write" in the vty and a backup of the package on the Bering-uClibc firewall itself.

Links

http://www.zebra.org/

http://skaya.enix.org/vpn/zebra.html



Prev Up Next