There are the three steps to configure your Quagga bgpd daemon to be able to run and configure remotely. The idea of this article is to show you how you can run the quagga bgpd with the minimal configuration and probably you might give the credential to a network administrator.
Summary – 3 files to change:
- /etc/quagga/daemons – enable BGPD daemon
- /etc/quagga/debian.conf – which IP to listen to
- /etc/quagga/bgpd.conf – BGP daemon configuration
Here are the steps:
STEP 1) Enable bgpd daemon.
By default all daemons are turn off. Edit the “/etc/quagga/daemons” as shown here the bgpd must have “yes”. By default all are set to “no”!
zebra=no bgpd=yes ospfd=no ospf6d=no ripd=no ripngd=no isisd=no babeld=no
STEP 2) Enable remote management.
The file is “/etc/quagga/debian.conf” and replace 127.0.0.1 to 0.0.0.0 to listen to all IPs (and change it back to 127.0.0.1 when you configure the server!):
# # If this option is set the /etc/init.d/quagga script automatically loads # the config via "vtysh -b" when the servers are started. # Check /etc/pam.d/quagga if you intend to use "vtysh"! # vtysh_enable=yes zebra_options=" --daemon -A 127.0.0.1" bgpd_options=" --daemon -A 0.0.0.0" ospfd_options=" --daemon -A 127.0.0.1" ospf6d_options=" --daemon -A ::1" ripd_options=" --daemon -A 127.0.0.1" ripngd_options=" --daemon -A ::1" isisd_options=" --daemon -A 127.0.0.1" babeld_options=" --daemon -A 127.0.0.1"
STEP 3) Set password for the management login
The file “/etc/quagga/bgpd.conf” contains only one line setting a password for the login. The configuration file “/etc/quagga/bgpd.conf” should be writable for the bgpd daemon (to be able to write the configuration from the cli tool vtysh). The best option is to be the owned by the quagga’s user and group in the system (in our case the user and group names are “quagga” like the service name and the name of the routing suite). That’s why we change the owner to the “quagga:quagga” in the first line. You might want to set “777” file permissions, but this is a serious security thread because everyone could access the file.
chown quagga:quagga /etc/quagga/bgpd.conf
Set the content of the file “/etc/quagga/bgpd.conf” with only the password:
Run the bgpd daemon
Running, it should be “active (running)”!
myuser@srv # sudo systemctl start quagga myuser@srv # sudo systemctl status quagga * quagga.service - LSB: start and stop the Quagga routing suite Loaded: loaded (/etc/init.d/quagga; bad; vendor preset: enabled) Active: active (running) since Wed 2019-05-15 13:47:56 UTC; 4s ago Docs: man:systemd-sysv-generator(8) Process: 28987 ExecStop=/etc/init.d/quagga stop (code=exited, status=0/SUCCESS) Process: 29009 ExecStart=/etc/init.d/quagga start (code=exited, status=0/SUCCESS) CGroup: /system.slice/quagga.service |-29030 /usr/lib/quagga/bgpd --daemon -A 0.0.0.0 -P 2605 -u quagga -g quagga --retain -p 179 `-29035 /usr/lib/quagga/watchquagga --daemon bgpd May 15 13:47:55 srv systemd: Starting LSB: start and stop the Quagga routing suite... May 15 13:47:55 srv quagga: Loading capability module if not yet done. May 15 13:47:56 srv quagga: Starting Quagga daemons (prio:10): bgpd. May 15 13:47:56 srv quagga: Starting Quagga monitor daemon: watchquagga. May 15 13:47:56 srv systemd: Started LSB: start and stop the Quagga routing suite.
Be careful if you see:
Active: active (exited) since Wed 2019-05-15 13:44:24 UTC; 7s ago
You probably skipped the STEP 1) and no daemons are started. The service “active (exited)” is in an active state, but no daemons are started and the service stopped.
Bonus – remote management with telnet
This is the managment console accessed remotely using telnet. Of course, this is unencrypted connection use it only over VPN or ssh!!!
myuser@srv-local ~ $ telnet srv bgpd Trying srv... Connected to srv. Escape character is '^]'. Hello, this is Quagga (version 0.99.24.1). Copyright 1996-2005 Kunihiro Ishiguro, et al. User Access Verification Password: srv> show srv> show ip ip ipv6 srv> show ip as-path-access-list bgp community-list extcommunity-list prefix-list srv> show ip bgp No BGP process is configured srv>
Use tab to show you available commands.
Bonus – quick installation
The installation is simple in most Linux distributions Quagga Routing Suite the package name is “quagga”:
root@srv:~# apt install quagga Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: snmpd The following NEW packages will be installed: quagga 0 upgraded, 1 newly installed, 0 to remove and 154 not upgraded. Need to get 1,316 kB of archives. After this operation, 6,579 kB of additional disk space will be used. Get:1 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 quagga amd64 0.99.24.1-2ubuntu1.4 [1,316 kB] Fetched 1,316 kB in 1s (1,071 kB/s) Preconfiguring packages ... Selecting previously unselected package quagga. (Reading database ... 84513 files and directories currently installed.) Preparing to unpack .../quagga_0.99.24.1-2ubuntu1.4_amd64.deb ... Unpacking quagga (0.99.24.1-2ubuntu1.4) ... Processing triggers for libc-bin (2.23-0ubuntu10) ... Processing triggers for systemd (229-4ubuntu21.4) ... Processing triggers for ureadahead (0.100.0-19) ... Processing triggers for man-db (2.7.5-1) ... Setting up quagga (0.99.24.1-2ubuntu1.4) ... Processing triggers for libc-bin (2.23-0ubuntu10) ...
- Centos 7
[root@srv ~]# yum install quagga Resolving Dependencies --> Running transaction check ---> Package quagga.x86_64 0:0.99.22.4-5.el7_4 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================ Package Arch Version Repository Size ============================================================================================================================================================================ Installing: quagga x86_64 0.99.22.4-5.el7_4 base 1.2 M Transaction Summary ============================================================================================================================================================================ Install 1 Package Total download size: 1.2 M Installed size: 5.1 M Is this ok [y/d/N]:
root@srv ~ # emerge -va net-misc/quagga These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild N ] net-misc/quagga-1.2.4::gentoo USE="fpm ipv6 pam readline snmp -bgpclassless -caps -doc -multipath -nhrpd -ospfapi -protobuf -tcp-zebra -test" 2858 KiB Total: 1 package (1 new), Size of downloads: 2858 KiB Would you like to merge these packages? [Yes/No]