Quagga BGP routing

This is how to setup bgp routing on Solaris 10 with quagga. For more information see http://www.quagga.net/ BGP is necessary when an organization wants to achieve some kind of redundancy or performance via multiple ISP connections. BGP requires AS.

1. Create configuration files /etc/quagga/zebra.conf and /etc/quagga/bgpd.conf and enable zebra and bgp daemons.

# vi /etc/quagga/zebra.conf
hostname gw.example.com
password *****
enable password *******
!
! Interface's description.
!
interface lo
 description loopback
 no shutdown
interface bge0
 description network1
 no multicast
 no shutdown
interface bge1
 description network1
 no multicast
 no shutdown
interface bge2
 description network3
 no multicast
 no shutdown
!
!
! Static routes
!
ip route 0.0.0.0/0 1.2.3.4


# vi /etc/quagga/bgpd.conf
hostname gw.example.com
password *****
enable password *******
router bgp <AS-NUMBER>
 bgp router-id <ROUTER-IP-ADDRESS>
 network <NETWORK-TO-ANNOUNCE/XX>
!!! BGP peer 1
 neighbor x.x.x.x remote-as <as-number-1>
 neighbor x.x.x.x description our-peer-1
 neighbor x.x.x.x weight 10
! neighbor x.x.x.x next-hop-self
!!! BGP peer 2
 neighbor y.y.y.y remote-as <as-number-2>
 neighbor y.y.y.y description our-peer-2
 neighbor y.y.y.y weight 20
! neighbor y.y.y.y next-hop-self
!
log file /var/log/bgpd.log

# routeadm -e ipv4-routing -s ipv4-routing-daemon=/usr/sfw/sbin/bgpdstart
# routeadm -s ipv4-routing-stop-cmd=/usr/sfw/sbin/bgpdstop
# routeadm -u
# svcadm enable zebra
# svcadm enable bgp
# routeadm

# vi /etc/services
zebrasrv        2600/tcp                  # zebra service
zebra           2601/tcp                  # zebra vty
ripd            2602/tcp                  # RIPd vty
ripngd          2603/tcp                  # RIPngd vty
ospfd           2604/tcp                  # OSPFd vty
bgpd            2605/tcp                  # BGPd vty
ospf6d          2606/tcp                  # OSPF6d vty
ospfapi         2607/tcp                  # ospfapi
isisd           2608/tcp                  # ISISd vty

# quaggaadm bgpd

2. To manipulate traffic across multiple ISP connections, the following techniques can be implemented

2.1. Reducing the traffic from the Internet to an organization via given ISP represented by the BGP neighbor x.x.x.x by lengthening the AS path (pre-pending our own AS number to the BGP path as many times as necessary)

!!! access-list <name> [permit|deny] <ipv4-network> <- optional access list - traffic will be selectively minimized only to this announced network z.z.z.z/yy
 access-list network1 permit z.z.z.z/yy
!!! route-map <route-map-name> permit <priority>
 route-map peer1-out permit 10
 match ip address network1
 set as-path prepend <as-number> [<as-number>] ...
!!! neighbor <peer> route-map <name> [in|out] - Apply a route-map per the neighbor. Direction must be "in" or "out". "in" means that we receive the routes from the neighbor. "out" means that we announce our own routes.
 neighbor x.x.x.x route-map peer1-out out

2.2. Controlling the traffic flow from the organization to the Internet via given ISP represented by the BGP neighbor x.x.x.x by setting the local preferences depending on the destination AS path using a regular expression

 ip as-path access-list destination1 permit ^<AS1>_<AS2>
 ip as-path access-list destination2 permit ^<AS1>_<AS3>
 route-map peer1-in permit 10
  match as-path destination1 
  set local-preference 120
 route-map peer1-in permit 10
  match as-path destination2 
  set local-preference 80
 neighbor x.x.x.x route-map peer1-in in

2.3. Using BGP communities (see http://www.ripe.net/perl/whois?query=AS6731 as an example of BGP communities) An ISP provides various communities to their customers who may use them as an attribute for announced routes. Depending on the community value, these routes AS-path length can be increased by pre-pending ISP’s AS number or they can be excluded/included from certain announcements by the ISP to their peers, customers or upstream providers.

 access-list network1 permit y.y.y.y/yy
 access-list network2 permit z.z.z.z/yy
 route-map peer1-out permit 10
  match ip network1
  set community AS6731:1000
 route-map peer1-out permit 10
  match ip network2 
  set community AS6731:1011
 neighbor x.x.x.x send-community
 neighbor x.x.x.x route-map peer1-out out