You’ve no doubt heard of routers from giants such as
Cisco and Nortel, but what about Linux? While Linux
has become an increasingly viable option as a server,
few realize its potential as a full-featured router.
With GNU Zebra, your Linux box can act as a router
supporting TCP/IP protocols such as RIPv1, RIPv2,
RIPng, OSPFv2, OSPFv3, BGP-4, and BGP-4+. I’m going to
show you how to install, configure, and use Zebra to
turn a Linux box into an OSPF and BGP router.
Building an advanced router
If you have set up a Linux box as a firewall, you have
already built a simple Linux router. However, we’re
going to look at using Linux to build an advanced
router that can communicate using dynamic routing
protocols. These protocols allow routers to speak to
each other and share information of paths through a
network. This is incredibly important in large
networks (such as the Internet), where static routing
is impractical.
For example, even with route summarization (where only
the largest possible block is advertised), a single
Border Gateway Protocol (BGP) routing table still
contains over 100,000 entries. The sheer number of
entries, combined with the rate of change, makes
static route assignment impossible. The need for
dynamic routing protocols is obvious, even with
networks smaller than the Internet, such as large
corporate networks.
While BGP, an External Gateway Protocol (EGP), is the
workhorse of the Internet, others are better suited
for use on smaller internetworks. The Open Shortest
Path First (OSPF) protocol is an Internal Gateway
Protocol (IGP) and is one of the most widely used. GNU
Zebra is an open source software package that allows
you to run BGP and/or OSPF on Linux.
Installing Zebra
You can download the latest source version of Zebra
from Zebra.org. Distribution-specific packages are
also available from a number of sources, including
Redhat and Debian. If you’re installing from source,
you will find that the standard installation procedure
is applicable. Simply extract the package and run:
./configure
make
make install
The configuration script will detect what IP stacks
are installed on your system and automatically
configure support for them. In today’s environment,
this will most likely mean just IPv4, but IPv6 users
will be pleased to know that Zebra will detect and
support it as well.
Once you have installed the program, it may be
necessary to add some lines to /etc/services. Zebra’s
daemons operate on their own virtual terminal lines
(VTYs), so your system needs to know what they are.
Here are the lines you should add:
zebrasrv 2600/tcp # zebra service
zebra 2601/tcp # zebra vty
ripd 2602/tcp # RIPd vty
ripngd 2603/tcp # RIPngd vty
ospfd 2604/tcp # OSPFd vty
bgpd 2605/tcp # BGPd vty
ospf6d 2606/tcp # OSPF6d vty
Configuring Zebra
If you’re familiar with the Cisco IOS, you shouldn’t
have any problems getting Zebra up and running in a
short amount of time. Each of Zebra’s daemons uses a
separate VTY to allow dynamic configuration through a
Telnet session. So, if you need to configure OSPF,
simply Telnet to port 2604 on the Linux box. To modify
the kernel’s routing table or to configure
redistribution between routing protocols, you should
Telnet to port 2601. This is the Zebra daemon, which
acts as a kernel manager handling communication
between the other daemons and the system itself.
Let’s take a look at how we would get OSPF and BGP up
and running on a test server. Zebra’s daemons use
plain text files to store their configurations. For
our OSPF/BGP router there will be three files used:
zebra.conf, ospfd.conf, and bgpd.conf. The zebra.conf
file, for instance, will look something like this:
! Zebra configuration saved from vty
! 2002/02/28 01:46:12
!
hostname LinuxRouter
password zebra
enable password z3bRa
log file /var/log/zebra/zebra.log
!
interface eth0
description Interface to External Network
ip address 10.0.0.1/24
!
interface eth1
description Interface to Internal Network
ip address 192.168.66.1/24
The exclamation points serve as comment markers or
spacers. The rest of the configuration should be more
or less self-explanatory. There are a number of
different types of network interfaces (Ethernet, ISDN,
etc.), and Zebra can use any that are recognized by
the Linux kernel.
Subnet masking is done with network bits (e.g., /24)
as opposed to the full mask, which in this case would
be 255.255.255.0. Also note that there are two
passwords, one for user mode and one for privileged
mode. This is useful for providing access to
nonadministrators, and it’s critical if you are
creating a route server or looking glass. Any BGP
admin will tell you that looking glasses are a key to
troubleshooting routing issues, as they allow you to
view routes as seen from an outside AS’s point of
view. (AS stands for Autonomous System—basically, a
group of devices under the same policy or
administration.) BGP routing is done by AS numbers,
which are registered numbers controlled by the
American Registry for Internet Numbers (ARIN). For
more on BGP, read “How to use BGP to achieve Internet
redundancy.”
The next step is to start the necessary programs. You
can do this with the following commands:
/usr/sbin/zebra –dk
/usr/sbin/ospfd –d
/usr/sbin/bgpd –d
In the first command, we start zebra, the daemon that
will actually update the kernel’s routing table. The
–dk tells the program to run as a daemon (the d),
basically keeping it in the background. The k is an
additional option that tells Zebra to keep any routes
that are already configured on the box. This is useful
if you are testing Zebra and do not want to wipe out
your routing table accidentally. Normally, routes and
interfaces are configured with a combination of the
ifconfig and route commands. Zebra is a complete
replacement for this form of route management.
Setting up OSPF
Now that the necessary services are running, Telnet to
port 2604 on the local machine to begin the OSPF
configuration. Enter privileged mode by typing enable
(just as you would in the Cisco IOS) and then enter
the privileged mode password. Next, configuration mode
is accessed with the configuration terminal command.
Zebra will also accept abbreviations in keeping with
its similarity to Cisco. Also accepted are the list
and ? entries, which provide a menu of possible
commands and a short explanation.
You will also be pleased to see that tab completion is
supported. This is a nice feature, especially if you
are accustomed to using it. Next, we will need to tell
the daemon what networks are going to be advertised
via OSPF, along with the associated area. OSPF
supports multiple areas to provide scalability. Enter
the OSPF configuration by typing router ospf and then
network 192.168.66.0/24 area 0. This tells the router
that we are going to use OSPF to advertise the
192.168.66.0 network with a subnet mask of
255.255.255.0.
In this example, we are also going to make interface
eth0 a passive interface so that routing updates will
not be sent out of it. This is important for testing
purposes when other routers in that direction may be
listening. You can do this with the command
passive-interface eth0. Once you have made your
changes, exit out of configuration mode by typing end
and then save it with the write file command. Here is
a snapshot of what this will look like:labrat:~# telnet 0 2604
Trying 0.0.0.0…
Connected to 0.
Escape character is ‘^]’.
Hello, this is zebra (version 0.84b)
Copyright 1996-2000 Kunihiro Ishiguro
User Access Verification
Password:
ospfd> enable
Password:
ospfd# configure terminal
ospfd(config)# router ospf
ospfd(config-router)# network 192.168.66.0/24 area 0
ospfd(config-router)# passive-interface eth0
ospfd(config-router)# end
ospfd# write file
Configuration saved to /etc/zebra/ospfd.conf
Remember that for OSPF or BGP to operate over an
interface, that interface needs to be up. To manually
bring up an interface, log in to port 2601 and execute
a no shut command on the appropriate interface.
Setting up BGP
BGP is configured in much the same way as OSPF. To
begin, open a Telnet session to port 2605. After
executing configure terminal, enter BGP configuration
mode by typing router bgp <AS #>. As mentioned
previously, BGP uses AS numbers to establish neighbor
relationships and route traffic. In our test
environment, we will be using a private AS number,
which can range from 64512 to 65534. The networks to
be advertised by BGP are then installed with the
network command. There are no trailing area options in
BGP, so our command would be network 192.168.66.0/24.
Unlike OSPF, BGP neighbors need to be statically
assigned. You do this as follows: neighbor <neighbor
IP> remote-as <remote AS #>. Here is an example of
what this will look like:
labrat:~# telnet 0 2605
Trying 0.0.0.0…
Connected to 0.
Escape character is ‘^]’.
Hello, this is zebra (version 0.84b)
Copyright 1996-2000 Kunihiro Ishiguro
User Access Verification
Password:
bgpd> enable
Password:
bgpd# configure terminal
bgpd(config)# router bgp 65530
bgpd(config-router)# network 192.168.66.0/24
bgpd(config-router)# neighbor 10.0.0.5 remote-as 65531
bgpd(config-router)# end
bgpd# write file
Configuration saved to /etc/zebra/bgpd.conf
'IT/보안 관련 정보 > 우분투 서버' 카테고리의 다른 글
.vimrc (0) | 2010.01.23 |
---|---|
데비안 설정 (0) | 2009.08.28 |
리눅스 명령어 (0) | 2009.08.13 |
우분투 name server 설치, 환경설정 (0) | 2009.08.11 |
리눅스 기본명령어 (0) | 2009.08.10 |