Quagga

From SOWNWiki
Jump to: navigation, search

logo-yellow.png

Update Needed
This page needs to be updated

The configuration for Quagga described he is seriously out of date and needs updating. However, the list of servers it is installed on is correct.

Quagga
Quagga
Installed on sown-gw, sown-auth2, sown-monitor, sown-radius2, sown-vpn2
Was installed on sown-vpn, sown-auth
Website http://www.quagga.net/

Quagga is routing software for IPv4 and IPv6 for use under GPL license. For more details see http://www.quagga.net/.

Quagga has a configuration system very similar to Cisco routers, that you can telnet into and enter interactive commands.

However we will just use a very simple static set-up using configuration files.

Configuring RIP on Quagga

This HOWTO assumes that you are using Debian Linux (or Voyage or Pebble). First you will need to download and install the Quagga package. This can be done using apt-get ( apt-get install quagga ) or download it and install it manually ( dpkg -i ) from:

http://packages.debian.org/quagga

Once it is installed you will need to enable to RIP daemon by editing /etc/quagga/daemons:

zebra=yes
bgpd=no
ospfd=no
ospf6d=no
ripd=yes
ripngd=no
isisd=no

A very basic /etc/quagga/ripd.conf looks like this:

hostname mynode.sown.org.uk
password zebra
enable password zebra
log stdout
!
router rip
 redistribute static
 network ath0
!
access-list vtylist permit 127.0.0.1/32
access-list vtylist deny any
!
line vty
 access-class vtylist
!


And a very basic /etc/quagga/zebra.conf looks like this:

hostname mynode.sown.org.uk
password zebra
enable password zebra
log file /var/log/quagga/zebra.log
!
interface eth0
!
interface ath0
!
interface lo
!
access-list vtylist permit 127.0.0.1/32
access-list vtylist deny any
!
ip forwarding
!
line vty
 access-class vtylist
!

Note: anyone on the local machine will be able to telnet in and reconfigure routing so please set a secure password and enable password if you don't trust the local users. Also make sure that local users can't read the configuration files.

chown quagga:quagga /etc/quagga/*.conf
chmod 640 /etc/quagga/*.conf

Telnet to port 2601 for zebra using the password in the configuration file (see above), and for ripd use port 2602 (Start with the command 'en' to enable).

The "ip forwarding" statement, should enable IP forwarding. However I have had problems with Qugga being unable to enable it. An alternative method is to enable it using /etc/sysctl.conf which will configure the kernel at startup. Uncomment the line:

net.ipv4.conf.default.forwarding=1

And then run /etc/init.d/procps.sh restart .

Or echo "1" > proc/sys/net/ipv4/conf/default/forwarding

You are now ready to start your new Quagga daemons, but first lets look at the routing table:

voyage:~# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.13.8.0       0.0.0.0         255.255.255.0   U         0 0          0 eth0
10.13.4.0       0.0.0.0         255.255.255.0   U         0 0          0 ath0
0.0.0.0         10.13.8.1       0.0.0.0         UG        0 0          0 eth0

To start the new daemons, restart Quagga: /etc/init.d/quagga restart and then after a few seconds have another look at your routing table:

voyage:~# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
152.78.189.83   10.13.4.65      255.255.255.255 UGH       0 0          0 ath0
152.78.68.176   10.13.4.65      255.255.255.255 UGH       0 0          0 ath0
152.78.68.175   10.13.4.65      255.255.255.255 UGH       0 0          0 ath0
10.13.4.0       10.13.4.65      255.255.255.248 UG        0 0          0 ath0
10.13.4.128     10.13.4.65      255.255.255.224 UG        0 0          0 ath0
10.13.8.0       0.0.0.0         255.255.255.0   U         0 0          0 eth0
10.13.4.0       0.0.0.0         255.255.255.0   U         0 0          0 ath0
0.0.0.0         10.13.8.1       0.0.0.0         UG        0 0          0 eth0


Hopefully there will be a few more routes in your routing table, including some routes to the VPN servers.

Alternatively to check the routes in ripd itself, try telnetting in:

voyage:~# telnet localhost 2602
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

Hello, this is Quagga (version 0.99.5).
Copyright 1996-2005 Kunihiro Ishiguro, et al.


User Access Verification

Password: 
voyage.aelus.co.uk> show ip rip 
Codes: R - RIP, C - connected, S - Static, O - OSPF, B - BGP
Sub-codes:
      (n) - normal, (s) - static, (d) - default, (r) - redistribute,
      (i) - interface

     Network            Next Hop         Metric From            Tag Time
C(i) 10.13.4.0/24       0.0.0.0               1 self              0
R(n) 10.13.4.0/29       10.13.4.65            2 10.13.4.65        0 16:46
R(n) 10.13.4.128/27     10.13.4.65            2 10.13.4.65        0 16:46
C(i) 10.13.8.0/24       0.0.0.0               1 self              0
R(n) 10.13.11.0/24      10.13.4.74            2 10.13.4.74        0 16:50
R(n) 152.78.68.175/32   10.13.4.65            3 10.13.4.65        0 16:46
R(n) 152.78.68.176/32   10.13.4.65            3 10.13.4.65        0 16:46
R(n) 152.78.189.83/32   10.13.4.65            3 10.13.4.65        0 16:46
voyage.aelus.co.uk> 

Just a note: If you have IPv6 running on your router Quagga appears to bind to the IPv6 interface so you need to telnet to it like so:

telnet ::1 2601

To learn more about configuring and querying Quagga, take a look at the Quagga documentation, which is available on-line as HTML:

http://www.quagga.net/docs/docs-info.php

Facts about "Quagga"
Has reasonThe configuration for Quagga described he is seriously out of date and needs updating. However, the list of servers it is installed on is correct. +
Has urlhttp://www.quagga.net/ +
Installed onSown-gw +, Sown-auth2 +, Sown-monitor +, Sown-radius2 + and Sown-vpn2 +
Was installed onSown-vpn + and Sown-auth +