Multiple BGP daemons on a Linux host

From CT3

Jump to: navigation, search

By Ivan Pepelnjak

A large number of BGP routers are needed to simulate some peering, policy routing or route propagation scenarios. With a careful setup, you can run multiple Quagga BGP daemons on a single Linux host, significantly reducing the amount of equipment needed to perform the tests.

Contents

Configuration guidelines

To run multiple Quagga BGP daemons on a single host you have to:

  • Create a configuration file for each BGP daemon;
  • Create an IP address for each daemon if you want all of them to connect to the same router.
You might reuse the IP addresses if the BGP daemons connect to different routers
  • If needed, fix the IP routing on the Linux host.
The easiest solution is to assign IP addresses from the IP subnet of the LAN interface to multiple tap interfaces.
  • Allocate two unique TCP port numbers for each daemon; one is needed for the BGP protocol, the other for the VTY connections to the BGP daemon.

Since the daemons run BGP protocol on non-standard TCP port number, the router shall not try to establish active connections. Use the neighbor transport connection-mode passive router configuration command.

Sample lab setup

In this lab, we’ll emulate three external BGP peers on a single Linux box. The physical of the lab is shown in Figure 1 and the logical lab setup in Figure 2.

Figure 1: Physical lab setup
Figure 2: Logical lab setup

Create the BGP configurations

Create multiple configuration files in the Quagga system configuration directory (/usr/local/quagga if you’ve followed the installation instructions in this wiki). The following files are used in the sample lab:

AS 65001 AS 65002 AS 65003
hostname AS65001
password test
!
router bgp 65001
 bgp router-id 10.17.0.2
 network 10.1.2.0/24
 neighbor 10.17.0.1 remote-as 65000
!
line vty
 no login
hostname AS65002
password test
!
router bgp 65002
 bgp router-id 10.17.0.3
 network 10.1.3.0/24
 neighbor 10.17.0.1 remote-as 65000
 neighbor 10.17.0.1 update-source 10.17.0.3
!
line vty
 no login
hostname AS65003
password test
!
router bgp 65003
 bgp router-id 10.17.0.4
 network 10.1.4.0/24
 neighbor 10.17.0.1 remote-as 65000
 neighbor 10.17.0.1 update-source 10.17.0.4
!
line vty
 no login

Create the IP addresses

The openvpn command is used to create persistent tap interfaces.

[root@fedora ~]# openvpn --mktun --dev tap1
[root@fedora ~]# openvpn --mktun --dev tap2
You have to install the openvpn package (with yum install openvpn on Fedora Linux) if the openvpn command does not work.

IP addresses with /32 subnet mask (host routes) are assigned to the tap interfaces. The addresses should be in the same IP subnet as the LAN interface:

[root@fedora ~]# ifconfig eth0 | egrep 'Link|Mask'
eth0      Link encap:Ethernet  HWaddr 00:0F:FE:83:BC:A9
          inet addr:10.17.0.2  Bcast: 10.17.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20f:feff:fe83:bca9/64 Scope:Link
[root@fedora ~]# ifconfig tap1 up 10.17.0.3 netmask 255.255.255.255
[root@fedora ~]# ifconfig tap2 up 10.17.0.4 netmask 255.255.255.255

Check the IP routing on the Linux box with the route command:

[root@fedora quagga]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.17.0.0       *               255.255.255.0   U     0      0        0 eth0
link-local      *               255.255.0.0     U     0      0        0 eth0
default         gw              0.0.0.0         UG    0      0        0 eth0

Start the BGP daemons

The Quagga BGP daemons are started with command-line parameters that specify:

  • The configuration file (-f)
  • The local state file where the PID is stored (-i)
  • The BGP non-standard TCP port number (-p)
  • The VTY TCP port number (-P)

In the sample lab, the following commands are used to start the three daemons:

cd /usr/local/quagga
#
bgpd -f AS65001.conf -i AS65001.pid -p 20001 -P 2001 &
bgpd -f AS65002.conf -i AS65002.pid -p 20002 -P 2002 &
bgpd -f AS65003.conf -i AS65003.pid -p 20003 -P 2003 &

Configure the router

You can use very basic BGP configuration on the Cisco IOS router. It’s advisable to specify the passive connection mode to prevent the router from trying to establish the TCP session to well-known BGP port on the Linux host:

hostname R1
!
interface FastEthernet0/0
 ip address 10.17.0.1 255.255.255.0
!
router bgp 65000
 no synchronization
 bgp log-neighbor-changes
 network 10.1.1.0 mask 255.255.255.0
 neighbor 10.17.0.2 remote-as 65001
 neighbor 10.17.0.2 transport connection-mode passive
 neighbor 10.17.0.3 remote-as 65002
 neighbor 10.17.0.3 transport connection-mode passive
 neighbor 10.17.0.4 remote-as 65003
 neighbor 10.17.0.4 transport connection-mode passive
 no auto-summary
!
ip route 10.1.1.0 255.255.255.0 Null0

After configuring the BGP routing process on R1, the BGP neighbors stay in Idle state (see below) and do not transition to Active due to the passive connection mode.

R1#show ip bgp summary | begin Neighbor
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.17.0.2       4 65001       0       0        0    0    0 never    Idle
10.17.0.3       4 65002       0       0        0    0    0 never    Idle
10.17.0.4       4 65003       0       0        0    0    0 never    Idle

However, once the Quagga BGP daemons initiate TCP sessions to the router, the BGP adjacencies are established and the BGP routes exchanged:

*Oct 18 23:14:47.359: %BGP-5-ADJCHANGE: neighbor 10.17.0.4 Up
*Oct 18 23:14:47.403: %BGP-5-ADJCHANGE: neighbor 10.17.0.3 Up
*Oct 18 23:14:48.359: %BGP-5-ADJCHANGE: neighbor 10.17.0.2 Up
R1#show ip bgp summary | begin Neighbor
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.17.0.2       4 65001       5       8        5    0    0 00:01:27        1
10.17.0.3       4 65002       5       8        5    0    0 00:01:28        1
10.17.0.4       4 65003       5       8        5    0    0 00:01:28        1
R1#show ip bgp
BGP table version is 5, local router ID is 10.17.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.1.1.0/24      0.0.0.0                  0         32768 i
*> 10.1.2.0/24      10.17.0.2                0             0 65001 i
*> 10.1.3.0/24      10.17.0.3                0             0 65002 i
*> 10.1.4.0/24      10.17.0.4                0             0 65003 i
Personal tools

CT3

Main menu