howto/frr.md
... ...
@@ -0,0 +1,176 @@
1
+To quote from <https://frrouting.org/>:
2
+
3
+"FRRouting (FRR) is a free and open source Internet routing protocol suite for Linux and Unix platforms. It implements BGP, OSPF, RIP, IS-IS, PIM, LDP, BFD, Babel, PBR, OpenFabric and VRRP, with alpha support for EIGRP and NHRP."
4
+
5
+It features a similar configuration style to Cisco IOS.
6
+
7
+### Installation
8
+Install the `frr` and `frr-pythontools` package on your favourite Linux/BSD distribution. For BGP RPKI support, also install `frr-rpki`. _Make sure you are using frr version 8.5 or greater for IPv6 link local peerings._
9
+
10
+- More installation options: <https://docs.frrouting.org/en/latest/installation.html>
11
+- Releases: <https://frrouting.org/release/>
12
+
13
+## Configuration
14
+
15
+Important cofiguration files:
16
+- `/etc/frr/daemons`: daemons that will be started
17
+- `/etc/frr/vtysh.conf`: configuration for the VTY shell
18
+- `/etc/frr/frr.conf`: configuration for the daemons
19
+- `/etc/frr/${DAEMON}.conf`: configuration for a single daemon (deprecated)
20
+
21
+It this guide, only BGP will be set up using the shared `/etc/frr/frr.conf`.
22
+
23
+### Daemons
24
+
25
+First, setup `/etc/frr/daemons`. As stated previously. this file specifies which daemons will be started.
26
+
27
+```diff
28
+--- /etc/frr/daemons
29
++++ /etc/frr/daemons
30
+@@ -14,7 +14,7 @@
31
+ #
32
+ # The watchfrr, zebra and staticd daemons are always started.
33
+ #
34
+-bgpd=no
35
++bgpd=yes
36
+ ospfd=no
37
+ ospf6d=no
38
+ ripd=no
39
+```
40
+
41
+### VTY shell
42
+
43
+To use the VTY shell, `/etc/frr/vtysh.conf` needs to be set up. _The `hostname` and `banner motd` also need to be entered there manually to be persistant._
44
+
45
+```
46
+service integrated-vtysh-config
47
+```
48
+
49
+Unprivileged users need to be in the `frrvty` group to use `vtysh`.
50
+
51
+The VTY shell can be used to interact with running daemons and configure them. Changes made in the VTY shell can be written to `/etc/frr/frr.conf` using the `write` command. To enter configuration mode use the `configure` command. To get information about the available commands, press `?`.
52
+
53
+### Zebra
54
+
55
+Before configuring BGP, a few other things need to be set up. First, create a [prefix-list](https://docs.frrouting.org/en/latest/filter.html#ip-prefix-list) for the dn42 prefixes. That will be used to filter out non-dn42 routes to be announced to BGP. For that, open `/etc/frr/frr.conf` or `vtysh` in configuration mode and add:
56
+
57
+```
58
+ip prefix-list dn42 seq 1 deny 172.22.166.0/24 le 32
59
+ip prefix-list dn42 seq 1001 permit 172.20.0.0/24 ge 28 le 32
60
+ip prefix-list dn42 seq 1002 permit 172.21.0.0/24 ge 28 le 32
61
+ip prefix-list dn42 seq 1003 permit 172.22.0.0/24 ge 28 le 32
62
+ip prefix-list dn42 seq 1004 permit 172.23.0.0/24 ge 28 le 32
63
+ip prefix-list dn42 seq 1100 permit 172.20.0.0/14 ge 21 le 29
64
+ip prefix-list dn42 seq 2001 permit 10.100.0.0/14 le 32
65
+ip prefix-list dn42 seq 2002 permit 10.127.0.0/16 le 32
66
+ip prefix-list dn42 seq 2003 permit 10.0.0.0/8 ge 15 le 24
67
+ip prefix-list dn42 seq 3001 permit 172.31.0.0/16 le 32
68
+ip prefix-list dn42 seq 9999 deny 0.0.0.0/0 le 32
69
+!
70
+ipv6 prefix-list dn42v6 seq 1001 permit fd00::/8 ge 44 le 64
71
+ipv6 prefix-list dn42v6 seq 9999 deny ::/0 le 128
72
+```
73
+
74
+This prefix list can be created yourself by following the instructions for Quagga in the `data/filter.txt` and `data/filter6.txt` files from the registry.
75
+
76
+Next create a [route-map](https://docs.frrouting.org/en/latest/routemap.html), which will be used for doing the actual filtering later.
77
+
78
+```
79
+route-map dn42 permit 5
80
+ match ip address prefix-list dn42
81
+ set src <IPv4 address of the node>
82
+exit
83
+!
84
+route-map dn42v6 permit 5
85
+ match ipv6 address prefix-list dn42v6
86
+ set src <IPv6 address of the node>
87
+exit
88
+```
89
+
90
+### BGP
91
+
92
+With the configuration of the daemons file and Zebra done, BGP can now be configured.
93
+
94
+```
95
+router bgp <AS of the network>
96
+ neighbor <IPv4 peer address> remote-as <Peer AS>
97
+ neighbor <IPv6 peer address> remote-as <Peer AS>
98
+ ! In case an IPv6 link local address is used to peer
99
+ neighbor <IPv6 peer address> interface <Peer interface>
100
+ !
101
+ address-family ipv4 unicast
102
+ neighbor <IPv4 peer address> activate
103
+ neighbor <IPv4 peer address> route-map dn42 in
104
+ neighbor <IPv4 peer address> route-map dn42 out
105
+ exit
106
+ !
107
+ address-family ipv6 unicast
108
+ neighbor <IPv6 peer address> activate
109
+ neighbor <IPv6 peer address> route-map dn42v6 in
110
+ neighbor <IPv6 peer address> route-map dn42v6 out
111
+ exit
112
+exit
113
+```
114
+
115
+With everything configured, the BGP session should come up. In the normal VTY shell mode the status of BGP peerings can be checked using the `show bgp summary` command.
116
+
117
+### Complete configuration example
118
+
119
+```
120
+router bgp <Your AS here>
121
+ neighbor <Peer IPv4> remote-as <Peer AS>
122
+ neighbor <Peer IPv6> remote-as <Peer AS>
123
+ ! In case an IPv6 link local address is used to peer
124
+ neighbor <Peer IPv6> interface <Peer interface>
125
+ !
126
+ address-family ipv4 unicast
127
+ neighbor <IPv4 peer address> activate
128
+ neighbor <IPv4 peer address> route-map dn42 in
129
+ neighbor <IPv4 peer address> route-map dn42 out
130
+ exit
131
+ !
132
+ address-family ipv6 unicast
133
+ neighbor <IPv6 peer address> activate
134
+ neighbor <IPv6 peer address> route-map dn42v6 in
135
+ neighbor <IPv6 peer address> route-map dn42v6 out
136
+ exit
137
+exit
138
+!
139
+ip prefix-list dn42 seq 1 deny 172.22.166.0/24 le 32
140
+ip prefix-list dn42 seq 1001 permit 172.20.0.0/24 ge 28 le 32
141
+ip prefix-list dn42 seq 1002 permit 172.21.0.0/24 ge 28 le 32
142
+ip prefix-list dn42 seq 1003 permit 172.22.0.0/24 ge 28 le 32
143
+ip prefix-list dn42 seq 1004 permit 172.23.0.0/24 ge 28 le 32
144
+ip prefix-list dn42 seq 1100 permit 172.20.0.0/14 ge 21 le 29
145
+ip prefix-list dn42 seq 2001 permit 10.100.0.0/14 le 32
146
+ip prefix-list dn42 seq 2002 permit 10.127.0.0/16 le 32
147
+ip prefix-list dn42 seq 2003 permit 10.0.0.0/8 ge 15 le 24
148
+ip prefix-list dn42 seq 3001 permit 172.31.0.0/16 le 32
149
+ip prefix-list dn42 seq 9999 deny 0.0.0.0/0 le 32
150
+!
151
+ipv6 prefix-list dn42v6 seq 1001 permit fd00::/8 ge 44 le 64
152
+ipv6 prefix-list dn42v6 seq 9999 deny ::/0 le 128
153
+!
154
+route-map dn42 permit 5
155
+ match ip address prefix-list dn42
156
+ set src <IPv4 address of the node>
157
+exit
158
+!
159
+route-map dn42v6 permit 5
160
+ match ipv6 address prefix-list dn42v6
161
+ set src <IPv6 address of the node>
162
+exit
163
+```
164
+
165
+## Further reading
166
+
167
+### General things
168
+
169
+- FRR documentation: <https://docs.frrouting.org/en/latest>
170
+- FRR source code: <https://github.com/frrouting/frr>
171
+
172
+### Configuration tipps
173
+
174
+- Use [peer groups](https://docs.frrouting.org/en/latest/bgp.html#peer-groups) (_Strongly reccomended to limit the work neede to add new peers or change general configuration for may peers._)
175
+- `tab` and `?` are your best friends in the VTY shell
176
+- Use `find REGEX` in the VTY shell to find certain commands