Minimal quagga bgpd configuration to run and remote configure it

Author:

There are the three steps to configure your Quagga bgpd daemon to be able to run and configure remotely. The idea of this article is to show you how you can run the quagga bgpd with the minimal configuration and probably you might give the credential to a network administrator.
Summary – 3 files to change:

  1. /etc/quagga/daemons – enable BGPD daemon
  2. /etc/quagga/debian.conf – which IP to listen to
  3. /etc/quagga/bgpd.conf – BGP daemon configuration

Here are the steps:

STEP 1) Enable bgpd daemon.

By default all daemons are turn off. Edit the “/etc/quagga/daemons” as shown here the bgpd must have “yes”. By default all are set to “no”!

zebra=no
bgpd=yes
ospfd=no
ospf6d=no
ripd=no
ripngd=no
isisd=no
babeld=no

STEP 2) Enable remote management.

The file is “/etc/quagga/debian.conf” and replace 127.0.0.1 to 0.0.0.0 to listen to all IPs (and change it back to 127.0.0.1 when you configure the server!):

#
# If this option is set the /etc/init.d/quagga script automatically loads
# the config via "vtysh -b" when the servers are started. 
# Check /etc/pam.d/quagga if you intend to use "vtysh"!
#
vtysh_enable=yes
zebra_options="  --daemon -A 127.0.0.1"
bgpd_options="   --daemon -A 0.0.0.0"
ospfd_options="  --daemon -A 127.0.0.1"
ospf6d_options=" --daemon -A ::1"
ripd_options="   --daemon -A 127.0.0.1"
ripngd_options=" --daemon -A ::1"
isisd_options="  --daemon -A 127.0.0.1"
babeld_options=" --daemon -A 127.0.0.1"

STEP 3) Set password for the management login

The file “/etc/quagga/bgpd.conf” contains only one line setting a password for the login. The configuration file “/etc/quagga/bgpd.conf” should be writable for the bgpd daemon (to be able to write the configuration from the cli tool vtysh). The best option is to be the owned by the quagga’s user and group in the system (in our case the user and group names are “quagga” like the service name and the name of the routing suite). That’s why we change the owner to the “quagga:quagga” in the first line. You might want to set “777” file permissions, but this is a serious security thread because everyone could access the file.

chown quagga:quagga /etc/quagga/bgpd.conf

Set the content of the file “/etc/quagga/bgpd.conf” with only the password:

password 111111111111111

Run the bgpd daemon

Running, it should be “active (running)”!

myuser@srv # sudo systemctl start quagga
myuser@srv # sudo systemctl status quagga
* quagga.service - LSB: start and stop the Quagga routing suite
   Loaded: loaded (/etc/init.d/quagga; bad; vendor preset: enabled)
   Active: active (running) since Wed 2019-05-15 13:47:56 UTC; 4s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 28987 ExecStop=/etc/init.d/quagga stop (code=exited, status=0/SUCCESS)
  Process: 29009 ExecStart=/etc/init.d/quagga start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/quagga.service
           |-29030 /usr/lib/quagga/bgpd --daemon -A 0.0.0.0 -P 2605 -u quagga -g quagga --retain -p 179
           `-29035 /usr/lib/quagga/watchquagga --daemon bgpd

May 15 13:47:55 srv systemd[1]: Starting LSB: start and stop the Quagga routing suite...
May 15 13:47:55 srv quagga[29009]: Loading capability module if not yet done.
May 15 13:47:56 srv quagga[29009]: Starting Quagga daemons (prio:10): bgpd.
May 15 13:47:56 srv quagga[29009]: Starting Quagga monitor daemon: watchquagga.
May 15 13:47:56 srv systemd[1]: Started LSB: start and stop the Quagga routing suite.

Be careful if you see:

   Active: active (exited) since Wed 2019-05-15 13:44:24 UTC; 7s ago

You probably skipped the STEP 1) and no daemons are started. The service “active (exited)” is in an active state, but no daemons are started and the service stopped.

Bonus – remote management with telnet

This is the managment console accessed remotely using telnet. Of course, this is unencrypted connection use it only over VPN or ssh!!!

myuser@srv-local ~ $ telnet srv bgpd
Trying srv...
Connected to srv.
Escape character is '^]'.

Hello, this is Quagga (version 0.99.24.1).
Copyright 1996-2005 Kunihiro Ishiguro, et al.


User Access Verification

Password: 
srv> show
srv> show ip
ip         ipv6       
srv> show ip 
as-path-access-list bgp        community-list extcommunity-list prefix-list 
srv> show ip bgp
No BGP process is configured
srv>

Use tab to show you available commands.

Bonus – quick installation

The installation is simple in most Linux distributions Quagga Routing Suite the package name is “quagga”:

  • Ubuntu
    root@srv:~# apt install quagga
    Reading package lists... Done
    Building dependency tree        
    Reading state information... Done
    Suggested packages:
      snmpd
    The following NEW packages will be installed:
      quagga
    0 upgraded, 1 newly installed, 0 to remove and 154 not upgraded.
    Need to get 1,316 kB of archives.
    After this operation, 6,579 kB of additional disk space will be used.
    Get:1 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 quagga amd64 0.99.24.1-2ubuntu1.4 [1,316 kB]
    Fetched 1,316 kB in 1s (1,071 kB/s)
    Preconfiguring packages ...
    Selecting previously unselected package quagga.
    (Reading database ... 84513 files and directories currently installed.)
    Preparing to unpack .../quagga_0.99.24.1-2ubuntu1.4_amd64.deb ...
    Unpacking quagga (0.99.24.1-2ubuntu1.4) ...
    Processing triggers for libc-bin (2.23-0ubuntu10) ...
    Processing triggers for systemd (229-4ubuntu21.4) ...
    Processing triggers for ureadahead (0.100.0-19) ...
    Processing triggers for man-db (2.7.5-1) ...
    Setting up quagga (0.99.24.1-2ubuntu1.4) ...
    Processing triggers for libc-bin (2.23-0ubuntu10) ...
    
  • Centos 7
    [root@srv ~]# yum install quagga
    Resolving Dependencies
    --> Running transaction check
    ---> Package quagga.x86_64 0:0.99.22.4-5.el7_4 will be installed
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ============================================================================================================================================================================
     Package                                Arch                                   Version                                           Repository                            Size
    ============================================================================================================================================================================
    Installing:
     quagga                                 x86_64                                 0.99.22.4-5.el7_4                                 base                                 1.2 M
    
    Transaction Summary
    ============================================================================================================================================================================
    Install  1 Package
    
    Total download size: 1.2 M
    Installed size: 5.1 M
    Is this ok [y/d/N]:
    
  • Gentoo
    root@srv ~ # emerge -va net-misc/quagga
    
    These are the packages that would be merged, in order:
    
    Calculating dependencies... done!
    [ebuild  N     ] net-misc/quagga-1.2.4::gentoo  USE="fpm ipv6 pam readline snmp -bgpclassless -caps -doc -multipath -nhrpd -ospfapi -protobuf -tcp-zebra -test" 2858 KiB
    
    Total: 1 package (1 new), Size of downloads: 2858 KiB
    
    Would you like to merge these packages? [Yes/No]
    

Leave a Reply

Your email address will not be published. Required fields are marked *