Saturday 25 April 2015

Quagga BGP and exabgp: work together for BGP blackhole implementation

In our test case we will deploy two machines: for exabgp (it announce /32 prefix for blackholing on core router side) and (it emulates core router). We will do this work on Debian 8 Jessie.

Install exabgp:
pip install exabgp

Create ExaBGP configuration:
vim /etc/exabgp_blackhole.conf
Here you can find example for exabgp configuration:
group Core_v4 {
    hold-time 180;
    local-as 65001;
    peer-as 1234;
    graceful-restart 1200;

    static {
        route next-hop community 65001:666;

    neighbor {
        description "Quagga";
We specify current machine IP as next hop because without it Quagga ignores it: rcvd UPDATE about -- DENIED due to: martian next-hop;

Start exabgp:
env exabgp.daemon.user=root exabgp.daemon.daemonize=true exabgp.log.destination=/var/log/exabgp.log exabgp /etc/exabgp_blackhole.conf
I recommend you to open log file and look at it:
tail -f /var/log/exabgp.log exabgp 
Now we will install Quagga.

Install package:
apt-get install -y quagga
Enable BGP daemon in Quagga:
vim /etc/quagga/daemons
And change following lines:
Then you should create config files and fix permissions for they:
touch /etc/quagga/zebra.conf
touch /etc/quagga/bgpd.conf
touch /etc/quagga/quagga.conf
chown quagga:quagga /etc/quagga/bgpd.conf
chown quagga:quagga /etc/quagga/zebra.conf
chown quagga:quagga /etc/quagga/quagga.conf
Create BGP configuration:
vi /etc/quagga/bgpd.conf
Example for configuration (please be aware! It's not suitable for production):
hostname SoftBGP
password zebra987
enable password zebra987
log file /var/log/quagga/bgpd.log

debug bgp events
debug bgp filters
debug bgp fsm
debug bgp keepalives
debug bgp updates

router bgp 1234
bgp router-id
bgp log-neighbor-changes

neighbor remote-as 65001
Apply configuration:
/etc/init.d/quagga restart
 Wow! We see this announce in Quagga:
/usr/bin/vtysh -d bgpd -c "show ip bgp summary"
BGP router identifier, local AS number 1234
RIB entries 1, using 112 bytes of memory
Peers 1, using 4568 bytes of memory

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd      4 65001      12      18        0    0    0 00:01:12        1

Total number of neighbors 1

Check announced subnets from exabgp:
/usr/bin/vtysh -d bgpd -c "show ip bgp"
BGP table version is 0, local router ID is
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
              i internal, r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*>                             0 65001 i

Total number of prefixes 1

This guide builded from more detailed and complex:

No comments :

Post a Comment

Note: only a member of this blog may post a comment.