Saturday, 5 April 2014

Setup a Linux router server using GNU Zebra

Setup a Linux router server using GNU Zebra

This artical will let you know how to install, set up, and use Zebra to build a Linux system that can serve as an OSPF and BGP router.

You’ve no doubt heard of routers from giants such as Cisco and Nortel, but what about Linux? While Linux has become an increasingly viable option as a server, few realize its potential as a full-featured router. With GNU Zebra, your Linux box can act as a router supporting TCP/IP protocols such as RIPv1, RIPv2, RIPng, OSPFv2, OSPFv3, BGP-4, and BGP-4+. I'm going to show you how to install, configure, and use Zebra to turn a Linux box into an OSPF and BGP router.

Building an advanced router
If you have set up a Linux box as a firewall, you have already built a simple Linux router. However, we're going to look at using Linux to build an advanced router that can communicate using dynamic routing protocols. These protocols allow routers to speak to each other and share information of paths through a network. This is incredibly important in large networks (such as the Internet), where static routing is impractical.

For example, even with route summarization (where only the largest possible block is advertised), a single Border Gateway Protocol (BGP) routing table still contains over 100,000 entries. The sheer number of entries, combined with the rate of change, makes static route assignment impossible. The need for dynamic routing protocols is obvious, even with networks smaller than the Internet, such as large corporate networks.

While BGP, an External Gateway Protocol (EGP), is the workhorse of the Internet, others are better suited for use on smaller internetworks. The Open Shortest Path First (OSPF) protocol is an Internal Gateway Protocol (IGP) and is one of the most widely used. GNU Zebra is an open source software package that allows you to run BGP and/or OSPF on Linux.

Installing Zebra
You can download the latest source version of Zebra from Zebra.org. Distribution-specific packages are also available from a number of sources, including Redhat and Debian. If you're installing from source, you will find that the standard installation procedure is applicable. Simply extract the package and run:
(root)# ./configure
(root)# make
(root)# make install


The configuration script will detect what IP stacks are installed on your system and automatically configure support for them. In today’s environment, this will most likely mean just IPv4, but IPv6 users will be pleased to know that Zebra will detect and support it as well.

Once you have installed the program, it may be necessary to add some lines to /etc/services. Zebra’s daemons operate on their own virtual terminal lines (VTYs), so your system needs to know what they are. Here are the lines you should add:
zebrasrv 2600/tcp # zebra service
zebra 2601/tcp # zebra vty
ripd 2602/tcp # RIPd vty
ripngd 2603/tcp # RIPngd vty
ospfd 2604/tcp # OSPFd vty
bgpd 2605/tcp # BGPd vty
ospf6d 2606/tcp # OSPF6d vty

Configuring Zebra
If you’re familiar with the Cisco IOS, you shouldn't have any problems getting Zebra up and running in a short amount of time. Each of Zebra’s daemons uses a separate VTY to allow dynamic configuration through a Telnet session. So, if you need to configure OSPF, simply Telnet to port 2604 on the Linux box. To modify the kernel’s routing table or to configure redistribution between routing protocols, you should Telnet to port 2601. This is the Zebra daemon, which acts as a kernel manager handling communication between the other daemons and the system itself.

Let’s take a look at how we would get OSPF and BGP up and running on a test server. Zebra’s daemons use plain text files to store their configurations. For our OSPF/BGP router there will be three files used: zebra.conf, ospfd.conf, and bgpd.conf. The zebra.conf file, for instance, will look something like this:


! Zebra configuration saved from vty
! 2002/02/28 01:46:12
!
hostname LinuxRouter
password zebra
enable password z3bRa
log file /var/log/zebra/zebra.log
!
interface eth0
description Interface to External Network
ip address 10.0.0.1/24
!
interface eth1
description Interface to Internal Network
ip address 192.168.66.1/24

The exclamation points serve as comment markers or spacers. The rest of the configuration should be more or less self-explanatory. There are a number of different types of network interfaces (Ethernet, ISDN, etc.), and Zebra can use any that are recognized by the Linux kernel.

Subnet masking is done with network bits (e.g., /24) as opposed to the full mask, which in this case would be 255.255.255.0. Also note that there are two passwords, one for user mode and one for privileged mode. This is useful for providing access to nonadministrators, and it's critical if you are creating a route server or looking glass. Any BGP admin will tell you that looking glasses are a key to troubleshooting routing issues, as they allow you to view routes as seen from an outside AS’s point of view. (AS stands for Autonomous System—basically, a group of devices under the same policy or administration.) BGP routing is done by AS numbers, which are registered numbers controlled by the American Registry for Internet Numbers (ARIN).

The next step is to start the necessary programs. You can do this with the following commands:


(root)# /usr/sbin/zebra –dk
(root)# /usr/sbin/ospfd –d
(root)# /usr/sbin/bgpd –d

In the first command, we start zebra, the daemon that will actually update the kernel’s routing table. The –dk tells the program to run as a daemon (the d), basically keeping it in the background. The k is an additional option that tells Zebra to keep any routes that are already configured on the box. This is useful if you are testing Zebra and do not want to wipe out your routing table accidentally. Normally, routes and interfaces are configured with a combination of the ifconfig and route commands. Zebra is a complete replacement for this form of route management.

Setting up OSPF
Now that the necessary services are running, Telnet to port 2604 on the local machine to begin the OSPF configuration. Enter privileged mode by typing enable (just as you would in the Cisco IOS) and then enter the privileged mode password. Next, configuration mode is accessed with the configuration terminal command. Zebra will also accept abbreviations in keeping with its similarity to Cisco. Also accepted are the list and ? entries, which provide a menu of possible commands and a short explanation.

You will also be pleased to see that tab completion is supported. This is a nice feature, especially if you are accustomed to using it. Next, we will need to tell the daemon what networks are going to be advertised via OSPF, along with the associated area. OSPF supports multiple areas to provide scalability. Enter the OSPF configuration by typing router ospf and then network 192.168.66.0/24 area 0. This tells the router that we are going to use OSPF to advertise the 192.168.66.0 network with a subnet mask of 255.255.255.0.

In this example, we are also going to make interface eth0 a passive interface so that routing updates will not be sent out of it. This is important for testing purposes when other routers in that direction may be listening. You can do this with the command passive-interface eth0. Once you have made your changes, exit out of configuration mode by typing end and then save it with the write file command. Here is a snapshot of what this will look like:


labrat:~# telnet 0 2604
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.

Hello, this is zebra (version 0.84b)
Copyright 1996-2000 Kunihiro Ishiguro

User Access Verification

Password:
ospfd> enable
Password:
ospfd# configure terminal
ospfd(config)# router ospf
ospfd(config-router)# network 192.168.66.0/24 area 0
ospfd(config-router)# passive-interface eth0
ospfd(config-router)# end
ospfd# write file
Configuration saved to /etc/zebra/ospfd.conf

Remember that for OSPF or BGP to operate over an interface, that interface needs to be up. To manually bring up an interface, log in to port 2601 and execute a no shut command on the appropriate interface.

Setting up BGP
BGP is configured in much the same way as OSPF. To begin, open a Telnet session to port 2605. After executing configure terminal, enter BGP configuration mode by typing router bgp <AS #>. As mentioned previously, BGP uses AS numbers to establish neighbor relationships and route traffic. In our test environment, we will be using a private AS number, which can range from 64512 to 65534. The networks to be advertised by BGP are then installed with the network command. There are no trailing area options in BGP, so our command would be network 192.168.66.0/24. Unlike OSPF, BGP neighbors need to be statically assigned. You do this as follows: neighbor <neighbor IP> remote-as <remote AS #>. Here is an example of what this will look like:


labrat:~# telnet 0 2605
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.

Hello, this is zebra (version 0.84b)
Copyright 1996-2000 Kunihiro Ishiguro

User Access Verification

Password:
bgpd> enable
Password:
bgpd# configure terminal
bgpd(config)# router bgp 65530
bgpd(config-router)# network 192.168.66.0/24
bgpd(config-router)# neighbor 10.0.0.5 remote-as 65531
bgpd(config-router)# end
bgpd# write file
Configuration saved to /etc/zebra/bgpd.conf

With both OSPF and BGP, there are a great number of options—enough to be outside the scope of this article. I recommend doing a little studying about each protocol prior to working with it in a production environment. The GNU Zebra documentation can also help in this regard.

Summary
Networking includes a variety of options for routing traffic. When it comes to routers, many hardware options are available, but they can be expensive—reason enough to look at turning a Linux system into a fully functional router. The Zebra suite of routing daemons makes this a possibility. With support for IPv4, IPv6, and a wide variety of protocols, Zebra can address all your routing needs. It also takes advantage of the experience and knowledge that many admins have already gained in working with Cisco IOS-based routers.

No comments :

Post a Comment