More Quagga Notes
Following on from yesterday’s blog about Quagga setups here are some more thoughts that might be of interest.
User accounts
I hinted at it in yesterday’s report, but you do not need to be root to make configuration changes to Quagga. In fact, all you need to do is to be a user who is in the quaggavty group. If you have a non user account there are a couple of ways to add a user to the group. One way is to directly edit the /etc/group file, but as we already setup a Ubuntu environment it’s safer to add the user to the group as follows:
sudo usermod -G quaggavty <username>
Alternatively, you might want to set up a user account that can only access the Quagga environment when logged (making the experience even more Cisco like!). As an example, I’ve set up the account “neteng” below to do this:
sudo useradd -G quaggavty neteng
sudo passwd neteng
sudo chsh -s /usr/bin/vtysh neteng
One issue with this is that in the Ubuntu environment the effect is to use “less” as the pager of choice, requiring regular hits of the q key when interacting with Quagga (which given the purpose of this excercise is partly to make things more Cisco like seems sub optimal). The fix here is to add the line
VTYSH_PAGER=more
to the /etc/environment file. Then when user “neteng” logs in, they’ll be taken direct to the vtysh environment and not the bash shell. You can still escape out to a shell using the command
start-shell
(which while I’ve not seen this in the Cisco world, is very similar to the behaviour of the Citrix Netscalar where although you’re logged into their management shell, it’s easy to escape into a proper UNIX like environment).
Configuration files
The full running configuration from the lab is here:
!
interface enp0s8
description ethernet1
ip address 192.168.3.130/30
ipv6 nd suppress-ra
no link-detect
!
interface enp0s9
description ethernet2
ip address 192.168.3.134/30
ipv6 nd suppress-ra
no link-detect
!
interface enp0s10
description ethernet3 - BGP Peering
ip address 172.16.1.1/24
ipv6 nd suppress-ra
no link-detect
!
interface lo
no link-detect
!
router bgp 65001
bgp router-id 192.168.3.134
network 192.168.0.0/22
neighbor 172.16.1.3 remote-as 65002
!
router ospf
redistribute bgp
network 192.168.0.0/22 area 0.0.0.0
!
ip route 192.168.0.0/22 Null0
!
ip forwarding
!
line vty
!
end
This is actually split over three files:
/etc/quagga/bgpd.conf
/etc/quagga/zebra.conf
/etc/quagga/ospfd.conf
Zebra Configuration
The contents of zebra.conf are:
!
interface enp0s8
description ethernet1
no link-detect
ip address 192.168.3.130/30
ipv6 nd suppress-ra
!
interface enp0s9
description ethernet2
no link-detect
ip address 192.168.3.134/30
ipv6 nd suppress-ra
!
interface enp0s10
description ethernet3 - BGP Peering
no link-detect
ip address 172.16.1.1/24
ipv6 nd suppress-ra
!
interface lo
no link-detect
!
ip route 192.168.0.0/22 Null0
!
ip forwarding
!
!
line vty
!
This shows that the zebra daemon is the one that sets the IP addresses on the interfaces and is also where static routes are configured (incidentally, enp0s3 was also used in this lab environment to allow me to ssh into the Quagga VM as cut and paste doesn’t work from the VirtualBox console - that was configured directly in Ubuntu’s /etc/networks/interfaces file. This IP configuration therefore does not show in the zebra.conf file. We can check that the IPs configured also are configured directly on the interfaces:
thomas@ubuntu:~$ ifconfig enp0s8
enp0s8 Link encap:Ethernet HWaddr 08:00:27:16:35:31
inet addr:192.168.3.130 Bcast:192.168.3.131 Mask:255.255.255.252
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
There are server scenarios in which it would can be useful to define static routes other than the default gateway. The above would suggest just running Quagga’s zebra daemon and adding interface and static routes via vtysh might be one way to manage this.
Also in the configuration above is line vty - this is obviously something worth looking into in due course (so watch this space!). It is not inherently obvious why Quagga has line vty configuration in the same style as Cisco - the vtys in Cisco are what terminate remote ssh sessions (or even telnet on really, really old Cisco routers). Typically for Quagga that is handled by the underlying Linux OS, so it raises the question of what you would do within the Quagga configuration to manage vty access.
OSPF Configuration
The contents of ospfd.conf is:
!
interface enp0s8
description ethernet1
!
interface enp0s9
description ethernet2
!
interface enp0s10
description ethernet3 - BGP Peering
!
interface lo
!
router ospf
redistribute bgp
network 192.168.0.0/22 area 0.0.0.0
!
line vty
!
Clearly the OSPF configuration is contained within the file. Interestingly though we see the interfaces and their descriptions effectively repeated from the zebra.conf file. There is no obvious logic for this - enp0s10 isn’t running OSPF. We can also see the line vty section is repeated.
The main thing to note about the OSPF configuration is that here we use the network <CIDR> area <area> - whereas in a Cisco environment we would use network <ip> <wildcard> area <area>
BGP Configuration
The contents of bgpd.conf are:
!
router bgp 65001
bgp router-id 192.168.3.134
network 192.168.0.0/22
neighbor 172.16.1.3 remote-as 65002
!
line vty
!
A couple of things to note here:
- Quagga has clearly grabbed an interface IP to act as the router ID - so in a production environment one might want to excercise more control over the configuration.
- The network statement works in CIDR form rather than Cisco’s network <network> mask <netmask> style. (But this isn’t that surprising when looking at the OSPF configuration).