This is how to setup bgp routing on Solaris 10 with quagga. For more information see http://www.quagga.net/ BGP is necessary when an organization wants to achieve some kind of redundancy or performance via multiple ISP connections. BGP requires AS.
1. Create configuration files /etc/quagga/zebra.conf and /etc/quagga/bgpd.conf and enable zebra and bgp daemons.
# vi /etc/quagga/zebra.conf hostname gw.example.com password ***** enable password ******* ! ! Interface's description. ! interface lo description loopback no shutdown interface bge0 description network1 no multicast no shutdown interface bge1 description network1 no multicast no shutdown interface bge2 description network3 no multicast no shutdown ! ! ! Static routes ! ip route 0.0.0.0/0 1.2.3.4 # vi /etc/quagga/bgpd.conf hostname gw.example.com password ***** enable password ******* router bgp <AS-NUMBER> bgp router-id <ROUTER-IP-ADDRESS> network <NETWORK-TO-ANNOUNCE/XX> !!! BGP peer 1 neighbor x.x.x.x remote-as <as-number-1> neighbor x.x.x.x description our-peer-1 neighbor x.x.x.x weight 10 ! neighbor x.x.x.x next-hop-self !!! BGP peer 2 neighbor y.y.y.y remote-as <as-number-2> neighbor y.y.y.y description our-peer-2 neighbor y.y.y.y weight 20 ! neighbor y.y.y.y next-hop-self ! log file /var/log/bgpd.log # routeadm -e ipv4-routing -s ipv4-routing-daemon=/usr/sfw/sbin/bgpdstart # routeadm -s ipv4-routing-stop-cmd=/usr/sfw/sbin/bgpdstop # routeadm -u # svcadm enable zebra # svcadm enable bgp # routeadm # vi /etc/services zebrasrv 2600/tcp # zebra service zebra 2601/tcp # zebra vty ripd 2602/tcp # RIPd vty ripngd 2603/tcp # RIPngd vty ospfd 2604/tcp # OSPFd vty bgpd 2605/tcp # BGPd vty ospf6d 2606/tcp # OSPF6d vty ospfapi 2607/tcp # ospfapi isisd 2608/tcp # ISISd vty # quaggaadm bgpd
2. To manipulate traffic across multiple ISP connections, the following techniques can be implemented
2.1. Reducing the traffic from the Internet to an organization via given ISP represented by the BGP neighbor x.x.x.x by lengthening the AS path (pre-pending our own AS number to the BGP path as many times as necessary)
!!! access-list <name> [permit|deny] <ipv4-network> <- optional access list - traffic will be selectively minimized only to this announced network z.z.z.z/yy access-list network1 permit z.z.z.z/yy !!! route-map <route-map-name> permit <priority> route-map peer1-out permit 10 match ip address network1 set as-path prepend <as-number> [<as-number>] ... !!! neighbor <peer> route-map <name> [in|out] - Apply a route-map per the neighbor. Direction must be "in" or "out". "in" means that we receive the routes from the neighbor. "out" means that we announce our own routes. neighbor x.x.x.x route-map peer1-out out
2.2. Controlling the traffic flow from the organization to the Internet via given ISP represented by the BGP neighbor x.x.x.x by setting the local preferences depending on the destination AS path using a regular expression
ip as-path access-list destination1 permit ^<AS1>_<AS2> ip as-path access-list destination2 permit ^<AS1>_<AS3> route-map peer1-in permit 10 match as-path destination1 set local-preference 120 route-map peer1-in permit 10 match as-path destination2 set local-preference 80 neighbor x.x.x.x route-map peer1-in in
2.3. Using BGP communities (see http://www.ripe.net/perl/whois?query=AS6731 as an example of BGP communities) An ISP provides various communities to their customers who may use them as an attribute for announced routes. Depending on the community value, these routes AS-path length can be increased by pre-pending ISP’s AS number or they can be excluded/included from certain announcements by the ISP to their peers, customers or upstream providers.
access-list network1 permit y.y.y.y/yy access-list network2 permit z.z.z.z/yy route-map peer1-out permit 10 match ip network1 set community AS6731:1000 route-map peer1-out permit 10 match ip network2 set community AS6731:1011 neighbor x.x.x.x send-community neighbor x.x.x.x route-map peer1-out out