51b7828876091809f3ee2f19f1fd71de9e6d50e9
howto/.md
| ... | ... | @@ -1,176 +0,0 @@ |
| 1 | -To quote from <https://frrouting.org/>: |
|
| 2 | - |
|
| 3 | -"FRRouting (FRR) is a free and open source Internet routing protocol suite for Linux and Unix platforms. It implements BGP, OSPF, RIP, IS-IS, PIM, LDP, BFD, Babel, PBR, OpenFabric and VRRP, with alpha support for EIGRP and NHRP." |
|
| 4 | - |
|
| 5 | -It features a similar configuration style to Cisco IOS. |
|
| 6 | - |
|
| 7 | -### Installation |
|
| 8 | -Install the `frr` and `frr-pythontools` package on your favourite Linux/BSD distribution. For BGP RPKI support, also install `frr-rpki`. _Make sure you are using frr version 8.5 or greater for IPv6 link local peerings._ |
|
| 9 | - |
|
| 10 | -- More installation options: <https://docs.frrouting.org/en/latest/installation.html> |
|
| 11 | -- Releases: <https://frrouting.org/release/> |
|
| 12 | - |
|
| 13 | -## Configuration |
|
| 14 | - |
|
| 15 | -Important cofiguration files: |
|
| 16 | -- `/etc/frr/daemons`: daemons that will be started |
|
| 17 | -- `/etc/frr/vtysh.conf`: configuration for the VTY shell |
|
| 18 | -- `/etc/frr/frr.conf`: configuration for the daemons |
|
| 19 | -- `/etc/frr/${DAEMON}.conf`: configuration for a single daemon (deprecated) |
|
| 20 | - |
|
| 21 | -It this guide, only BGP will be set up using the shared `/etc/frr/frr.conf`. |
|
| 22 | - |
|
| 23 | -### Daemons |
|
| 24 | - |
|
| 25 | -First, setup `/etc/frr/daemons`. As stated previously. this file specifies which daemons will be started. |
|
| 26 | - |
|
| 27 | -```diff |
|
| 28 | ---- /etc/frr/daemons |
|
| 29 | -+++ /etc/frr/daemons |
|
| 30 | -@@ -14,7 +14,7 @@ |
|
| 31 | - # |
|
| 32 | - # The watchfrr, zebra and staticd daemons are always started. |
|
| 33 | - # |
|
| 34 | --bgpd=no |
|
| 35 | -+bgpd=yes |
|
| 36 | - ospfd=no |
|
| 37 | - ospf6d=no |
|
| 38 | - ripd=no |
|
| 39 | -``` |
|
| 40 | - |
|
| 41 | -### VTY shell |
|
| 42 | - |
|
| 43 | -To use the VTY shell, `/etc/frr/vtysh.conf` needs to be set up. _The `hostname` and `banner motd` also need to be entered there manually to be persistant._ |
|
| 44 | - |
|
| 45 | -``` |
|
| 46 | -service integrated-vtysh-config |
|
| 47 | -``` |
|
| 48 | - |
|
| 49 | -Unprivileged users need to be in the `frrvty` group to use `vtysh`. |
|
| 50 | - |
|
| 51 | -The VTY shell can be used to interact with running daemons and configure them. Changes made in the VTY shell can be written to `/etc/frr/frr.conf` using the `write` command. To enter configuration mode use the `configure` command. To get information about the available commands, press `?`. |
|
| 52 | - |
|
| 53 | -### Zebra |
|
| 54 | - |
|
| 55 | -Before configuring BGP, a few other things need to be set up. First, create a [prefix-list](https://docs.frrouting.org/en/latest/filter.html#ip-prefix-list) for the dn42 prefixes. That will be used to filter out non-dn42 routes to be announced to BGP. For that, open `/etc/frr/frr.conf` or `vtysh` in configuration mode and add: |
|
| 56 | - |
|
| 57 | -``` |
|
| 58 | -ip prefix-list dn42 seq 1 deny 172.22.166.0/24 le 32 |
|
| 59 | -ip prefix-list dn42 seq 1001 permit 172.20.0.0/24 ge 28 le 32 |
|
| 60 | -ip prefix-list dn42 seq 1002 permit 172.21.0.0/24 ge 28 le 32 |
|
| 61 | -ip prefix-list dn42 seq 1003 permit 172.22.0.0/24 ge 28 le 32 |
|
| 62 | -ip prefix-list dn42 seq 1004 permit 172.23.0.0/24 ge 28 le 32 |
|
| 63 | -ip prefix-list dn42 seq 1100 permit 172.20.0.0/14 ge 21 le 29 |
|
| 64 | -ip prefix-list dn42 seq 2001 permit 10.100.0.0/14 le 32 |
|
| 65 | -ip prefix-list dn42 seq 2002 permit 10.127.0.0/16 le 32 |
|
| 66 | -ip prefix-list dn42 seq 2003 permit 10.0.0.0/8 ge 15 le 24 |
|
| 67 | -ip prefix-list dn42 seq 3001 permit 172.31.0.0/16 le 32 |
|
| 68 | -ip prefix-list dn42 seq 9999 deny 0.0.0.0/0 le 32 |
|
| 69 | -! |
|
| 70 | -ipv6 prefix-list dn42v6 seq 1001 permit fd00::/8 ge 44 le 64 |
|
| 71 | -ipv6 prefix-list dn42v6 seq 9999 deny ::/0 le 128 |
|
| 72 | -``` |
|
| 73 | - |
|
| 74 | -This prefix list can be created yourself by following the instructions for Quagga in the `data/filter.txt` and `data/filter6.txt` files from the registry. |
|
| 75 | - |
|
| 76 | -Next create a [route-map](https://docs.frrouting.org/en/latest/routemap.html), which will be used for doing the actual filtering later. |
|
| 77 | - |
|
| 78 | -``` |
|
| 79 | -route-map dn42 permit 5 |
|
| 80 | - match ip address prefix-list dn42 |
|
| 81 | - set src <IPv4 address of the node> |
|
| 82 | -exit |
|
| 83 | -! |
|
| 84 | -route-map dn42v6 permit 5 |
|
| 85 | - match ipv6 address prefix-list dn42v6 |
|
| 86 | - set src <IPv6 address of the node> |
|
| 87 | -exit |
|
| 88 | -``` |
|
| 89 | - |
|
| 90 | -### BGP |
|
| 91 | - |
|
| 92 | -With the configuration of the daemons file and Zebra done, BGP can now be configured. |
|
| 93 | - |
|
| 94 | -``` |
|
| 95 | -router bgp <AS of the network> |
|
| 96 | - neighbor <IPv4 peer address> remote-as <Peer AS> |
|
| 97 | - neighbor <IPv6 peer address> remote-as <Peer AS> |
|
| 98 | - ! In case an IPv6 link local address is used to peer |
|
| 99 | - neighbor <IPv6 peer address> interface <Peer interface> |
|
| 100 | - ! |
|
| 101 | - address-family ipv4 unicast |
|
| 102 | - neighbor <IPv4 peer address> activate |
|
| 103 | - neighbor <IPv4 peer address> route-map dn42 in |
|
| 104 | - neighbor <IPv4 peer address> route-map dn42 out |
|
| 105 | - exit |
|
| 106 | - ! |
|
| 107 | - address-family ipv6 unicast |
|
| 108 | - neighbor <IPv6 peer address> activate |
|
| 109 | - neighbor <IPv6 peer address> route-map dn42v6 in |
|
| 110 | - neighbor <IPv6 peer address> route-map dn42v6 out |
|
| 111 | - exit |
|
| 112 | -exit |
|
| 113 | -``` |
|
| 114 | - |
|
| 115 | -With everything configured, the BGP session should come up. In the normal VTY shell mode the status of BGP peerings can be checked using the `show bgp summary` command. |
|
| 116 | - |
|
| 117 | -### Complete configuration example |
|
| 118 | - |
|
| 119 | -``` |
|
| 120 | -router bgp <Your AS here> |
|
| 121 | - neighbor <Peer IPv4> remote-as <Peer AS> |
|
| 122 | - neighbor <Peer IPv6> remote-as <Peer AS> |
|
| 123 | - ! In case an IPv6 link local address is used to peer |
|
| 124 | - neighbor <Peer IPv6> interface <Peer interface> |
|
| 125 | - ! |
|
| 126 | - address-family ipv4 unicast |
|
| 127 | - neighbor <IPv4 peer address> activate |
|
| 128 | - neighbor <IPv4 peer address> route-map dn42 in |
|
| 129 | - neighbor <IPv4 peer address> route-map dn42 out |
|
| 130 | - exit |
|
| 131 | - ! |
|
| 132 | - address-family ipv6 unicast |
|
| 133 | - neighbor <IPv6 peer address> activate |
|
| 134 | - neighbor <IPv6 peer address> route-map dn42v6 in |
|
| 135 | - neighbor <IPv6 peer address> route-map dn42v6 out |
|
| 136 | - exit |
|
| 137 | -exit |
|
| 138 | -! |
|
| 139 | -ip prefix-list dn42 seq 1 deny 172.22.166.0/24 le 32 |
|
| 140 | -ip prefix-list dn42 seq 1001 permit 172.20.0.0/24 ge 28 le 32 |
|
| 141 | -ip prefix-list dn42 seq 1002 permit 172.21.0.0/24 ge 28 le 32 |
|
| 142 | -ip prefix-list dn42 seq 1003 permit 172.22.0.0/24 ge 28 le 32 |
|
| 143 | -ip prefix-list dn42 seq 1004 permit 172.23.0.0/24 ge 28 le 32 |
|
| 144 | -ip prefix-list dn42 seq 1100 permit 172.20.0.0/14 ge 21 le 29 |
|
| 145 | -ip prefix-list dn42 seq 2001 permit 10.100.0.0/14 le 32 |
|
| 146 | -ip prefix-list dn42 seq 2002 permit 10.127.0.0/16 le 32 |
|
| 147 | -ip prefix-list dn42 seq 2003 permit 10.0.0.0/8 ge 15 le 24 |
|
| 148 | -ip prefix-list dn42 seq 3001 permit 172.31.0.0/16 le 32 |
|
| 149 | -ip prefix-list dn42 seq 9999 deny 0.0.0.0/0 le 32 |
|
| 150 | -! |
|
| 151 | -ipv6 prefix-list dn42v6 seq 1001 permit fd00::/8 ge 44 le 64 |
|
| 152 | -ipv6 prefix-list dn42v6 seq 9999 deny ::/0 le 128 |
|
| 153 | -! |
|
| 154 | -route-map dn42 permit 5 |
|
| 155 | - match ip address prefix-list dn42 |
|
| 156 | - set src <IPv4 address of the node> |
|
| 157 | -exit |
|
| 158 | -! |
|
| 159 | -route-map dn42v6 permit 5 |
|
| 160 | - match ipv6 address prefix-list dn42v6 |
|
| 161 | - set src <IPv6 address of the node> |
|
| 162 | -exit |
|
| 163 | -``` |
|
| 164 | - |
|
| 165 | -## Further reading |
|
| 166 | - |
|
| 167 | -### General things |
|
| 168 | - |
|
| 169 | -- FRR documentation: <https://docs.frrouting.org/en/latest> |
|
| 170 | -- FRR source code: <https://github.com/frrouting/frr> |
|
| 171 | - |
|
| 172 | -### Configuration tipps |
|
| 173 | - |
|
| 174 | -- Use [peer groups](https://docs.frrouting.org/en/latest/bgp.html#peer-groups) (_Strongly reccomended to limit the work neede to add new peers or change general configuration for may peers._) |
|
| 175 | -- `tab` and `?` are your best friends in the VTY shell |
|
| 176 | -- Use `find REGEX` in the VTY shell to find certain commands |