Internet routing with Quagga/Linux on Free Internet eXchange Oslo (FIXO)

I run a small internet routing AS (autonomous system), mostly to keep my routing skills up to date (somewhat).

AS56809 get transit from Blix Solutions AS, and it is also present on Free Internet eXchange Oslo (FIXO for short). FIXO can be compared to the somewhat bigger NIX peering point also in Oslo.

If you want to run BGP with Quagga on FIXO, here are a few hints on how to do it. This is made with quagga 0.99.14 from debs on debian wheezy. Let me add that I’m fairly inexperienced at this stuff, so there might be bad advise in this post :)

Make some access lists your networks in it, handy for filtering what routes you will be sending to peers:

conf t
access-list as64496-networks permit 192.0.2.0/24
access-list as64496-networks deny deny

ipv6 prefix-list ipv6-as64496-networks seq 2 permit 2001:db8::/32
ipv6 prefix-list ipv6-as64496-networks seq 10 deny any

Basic quagga/BGP setup:

conf t
password <pw>
ip forwarding
ipv6 forwarding

router bgp 64496
bgp router-id x.x.x.x
network 192.0.2.0/24
address-family ipv6
network 2001:db8::/32

Make some peer groups that contain most of the boilerplate stuff:

router bgp 64496
neigh fixo-peers maximum-prefix 100
neigh fixo-peers soft-reconfiguration inbound
neigh fixo-peers distribute-list as64496-networks out

address-family ipv6
neighbor fixo-peers activate
neighbor fixo-peers soft-reconfiguration inbound
neighbor fixo-peers maximum-prefix 100
neighbor fixo-peers prefix-list ipv6-as64496-networks out

Adding a new IPv4 peering:

conf t
router bgp 64496
neigh 91.198.176.x remote-as yyyy
neigh 91.198.176.x peer-group fixo-peers
neigh 91.198.176.x desc foo@bar.com, +47 1234

Adding a new IPv6 peering:

conf t
router bgp 64496
neigh 2001:7f8:41:0:xxxx:1 remote-as yyyy
neigh 2001:7f8:41:0:xxxx:1 desc foo@bar.com, +47 1234

address-family ipv4 unicast
no neigh 2001:7f8:41:0:xxxx:1 activate
address-family ipv6
neigh 2001:7f8:41:0:xxxx:1 peer-group fixo-peers

Making sure it works

After you’ve set things up, you need to verify that the peering comes up (Established state), and that you’re sending (and receiving) the routes you intend. A common mistake is to send the peer your whole routing table, which is why the distribute-list/prefix-list is in there.

Some handy commands are:

# show how this peering is doing. you want Established.
show ip bgp neigh 91.198.176.xx
# show what routes you are sending to this peer, should be the 1-5 routes you have in the as64496-networks access list.
show ip bgp nei 91.198.176.xx advertised-routes
# what you are getting from the peer. Tab-completion in vtysh is a pain on this command.
show ip bgp neigh 91.198.176.xx received-routes

# reset the peering.
clear ip bgp neigh 91.198.176.xx

If you are running IPv6 peerings, you’ll soon notice that the CLI commands are quite incoherent.

# general overview is under the ordinary ip bgp listing:
show ip bgp nei 2001:7f8:41:0:xxxx:1

# but, if you want to see advertised (and received) routes, these are here:
show ipv6 bgp nei 2001:7f8:41:0:xxxx:1 advertised-routes

Route server

Fixo operates a set of route servers. This is in essence BGP routers that only contains routes, and passes leaves the next-server in announcements as they were. In essence it means that you peer with the route server and get all the routes of all the others that also peer with it. Saves you a lot of emails.

Setting up the peering is identical to any ipv4/ipv6 peering, except that you need to tag/mark the routes you want redistributed by it with a community.

route-map fixo-routeserver-out permit 10 
 set community 61300:61300

Quagga doesn’t allow you to set a route-map on a single member of a peer-group, so you will have to duplicate some config for these two peers.

neighbor 91.198.176.253 remote-as 61300
neighbor 91.198.176.253 description fixo-routeserver-1
neighbor 91.198.176.253 soft-reconfiguration inbound
neighbor 91.198.176.253 maximum-prefix 300
neighbor 91.198.176.253 distribute-list as64496-networks out
neighbor 91.198.176.253 route-map fixo-routeserver-out out

All done!

This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s