Patrick Topping | 28 Sep 07:26 2014
Picon

[quagga-users 13794] Quagga route server integration with MaxMind

Hoping someone in this list has accomplished what I am about to ask. :-)

Has anyone integrated quagga with MaxMind to do Geo-IP routing..?? My goal is to route traffic to our egress
point that is closest to our customer. 
I am hoping that someone can help me out or at least point me in the right direction to get started. 

Thanks in advance.

-Patrick

Sent from my iPhone
Denis Granato | 26 Sep 13:48 2014
Picon

[quagga-users 13792] freebsd 10 + quagga (problem with throughput


Good morning all.

I have this scenario:



notebook >  (mikrotik router)  ->  freebsd 10 server (quagga (zebra/bgp)  -> internet provider (bgp)

I have a 4Gbps link between server and provider (working great, expected speed), but
when I try to navigate through server, is too slow (32kbps).

There is some "special" configuration on freebsd (loarder.conf/rc.onf/ipfw/etc) that
I forgot?

Tks  in advanced




_______________________________________________
Quagga-users mailing list
Quagga-users@...
https://lists.quagga.net/mailman/listinfo/quagga-users
Edinilson - ATINET | 23 Sep 20:00 2014
Picon

[quagga-users 13789] More specific route not being advertised

Hi all,

I´m running Quagga 0.99.22 on FreeBSD 9 without problems.

But recently I needed to advertise some /24 blocks separately. Below, I copy 
relevant parts of my bgpd.conf (ps: 192.168. was used as example):

router bgp MY-ASN
 bgp log-neighbor-changes
 network 192.168.224.0/20
 network 192.168.224.0/24
 network 192.168.225.0/24
 network 192.168.231.0/24
!
....
!
ip prefix-list my_asn seq 10 permit 192.168.224.0/20
!
ip prefix-list my_asn_224 seq 10 permit 192.168.224.0/24
ip prefix-list my_asn_225 seq 10 permit 192.168.225.0/24
ip prefix-list my_asn_231 seq 10 permit 192.168.231.0/24
!
....
!
route-map rm_isp1_out permit 10
 match ip address prefix-list my_asn
!
route-map rm_isp1_out permit 24
 match ip address prefix-list my_asn_224
!
route-map rm_isp1_out permit 25
 match ip address prefix-list my_asn_225
!
route-map rm_isp1_out permit 31
 match ip address prefix-list my_asn_231
!
.....
!
route-map rm_isp2_out permit 10
 match ip address prefix-list my_asn
!
route-map rm_isp2_out deny 24
 match ip address prefix-list my_asn_224
!
route-map rm_isp2_out deny 25
 match ip address prefix-list my_asn_225
!
route-map rm_isp2_out deny 31
 match ip address prefix-list my_asn_231
!
.....

Networks 192.168.225.0/24 and 192.168.231.0/24 are correctly advertised only 
to ISP1 but (and I don´t know why), 192.168.224.0/24 isn´t advertised only 
to ISP1 (I´m testing using LGs arround the web).

Any help is appreciated.

Thanks

Edinilson
------------------------------------------
ATINET
Tel Voz: (0xx11) 4412-0876
http://www.atinet.com.br
Noel Burton-Krahn | 20 Sep 00:21 2014

[quagga-users 13785] multiple quagga instances with localstatedir?

I'd like to run multiple zebra/ospf instances on the same host, but they conflict overwriting each other's sockets in /var/run/quagga.  I'm considering making --localstatedir a run-time parameter instead of just a compile-time config parameter as it is now.

Now, before you tell me it's crazy to run two instances of zebra/osspf per host, I'm running my second instance in an isolated network namespace in Linux, and I need to treat that as a second host for routing.  The network namespace is isolated, but its filesystem is shared, hence the conflict in /var/run/quagga

Any pitfalls about making --localstatedir a run-time parameter?

--
Noel

_______________________________________________
Quagga-users mailing list
Quagga-users@...
https://lists.quagga.net/mailman/listinfo/quagga-users
Di Li | 17 Sep 00:40 2014

[quagga-users 13784] question for Quagga clear OSPF or OSPF6 process

Hi Guys,

Is there a way for quagga to clear the ospf / ospf6 process, the problem we have is we are running some OSPF6, and seems some LSA already reach the age for 3600, but still keep existing in the LSA DB,  any way to clear/refresh the LSA DB will be appreciate 

--
Thanks,
Di
_______________________________________________
Quagga-users mailing list
Quagga-users@...
https://lists.quagga.net/mailman/listinfo/quagga-users
Holger Marzen | 16 Sep 07:29 2014
Picon

[quagga-users 13781] OSPF: filter out routes (incoming or outgoing)

Hi all,

I run OSPF over an OpenVPN-tunnel (tap-devices, Linux) that connects two
sites (my two flats). There is only one area, 0.0.0.0. In one site I
distribute some host routes. One of them must not distributed or
received by the other end of the tunnel because it's the address where
OpenVPN connects to. OpenVPN then wants to keep up the tunnel through
the tunnel which can't work.

I tried filtering but it didn't work.
I tried to set a host route on the other site but then distribution of
the routes broke completely down, probably a route conflict.

I there a way within an area to suppress distribution or reception of a
given (host-) route?

Would it work when I'd use another area on my second site?

Regards
Holger
Patil, Kiran | 15 Sep 20:24 2014
Picon

[quagga-users 13780] Question: isis -> LSP storm in P2P mode when running in NET namespace environment when number of namespaces are more than 16

Hi Folks,

 

I am user/developer who is trying to use quagga-isisd protocol. I am running the protocol in NET namespace environment to simulate environment.

 

Isis is configured to used point-to-point. When I launch 17 NET namespace and full mesh (means, everyone is connected to everyone), I observe LSP storm which never finishes, and kind of goes in endless loop.

 

I was wondering if anyone had encountered such issue or any help is appreciated.

 

Please let me know if you need additional information such as config files, etc…

 

Thanks,

n  Kiran P.

_______________________________________________
Quagga-users mailing list
Quagga-users@...
https://lists.quagga.net/mailman/listinfo/quagga-users
Patrick Topping | 11 Sep 00:40 2014
Picon

[quagga-users 13777] Issues with getting a route server set up for the first time

I am new to using Quagga and could use some assistance in getting it set up and working.  I have the BGP peers set up and I am receiving full routes from 4 routers and I am trying to pass on the full table to a BGP flow collector for route analysis.  Below is my config:

hostname quagga-rs-001
log file /var/log/quagga/bgpd.log
log stdout
bgp multiple-instance
bgp config-type cisco
!
service integrated-vtysh-config
!
password zebra
!
router bgp XXXX view 57976
 no synchronization
 bgp router-id 10.44.31.252
 bgp log-neighbor-changes
 no bgp client-to-client reflection
 neighbor EQ_AM2 peer-group
 neighbor EQ_AM2 remote-as XXXX
 neighbor EQ_AM2 send-community both
 neighbor EQ_AM2 soft-reconfiguration inbound
 neighbor EQ_PA4 peer-group
 neighbor EQ_PA4 remote-as XXXX
 neighbor EQ_PA4 send-community both
 neighbor EQ_PA4 soft-reconfiguration inbound
 neighbor FLOW_COLLECTOR peer-group
 neighbor FLOW_COLLECTOR remote-as 57976
 neighbor FLOW_COLLECTOR route-server-client
 neighbor FLOW_COLLECTOR route-map test in
 neighbor FLOW_COLLECTOR route-map test out
 neighbor 10.44.31.251 peer-group FLOW_COLLECTOR
 neighbor 10.44.31.251 description flowman (inmon)
 neighbor 10.105.0.1 peer-group EQ_AM2
 neighbor 10.105.0.1 description EU-D3-ASR9K-01
 neighbor 10.105.0.2 peer-group EQ_AM2
 neighbor 10.105.0.2 description EU-D3-ASR9K-02
 neighbor 10.109.0.1 peer-group EQ_PA4
 neighbor 10.109.0.1 description CDG1-ASR9K-01
 neighbor 10.109.0.2 peer-group EQ_PA4
 neighbor 10.109.0.2 description CDG1-ASR9K-02
 no auto-summary
!
ip prefix-list ALLOW seq 5 permit any
ip prefix-list DENY_RFC6890_V4 seq 5 deny 0.0.0.0/8
ip prefix-list DENY_RFC6890_V4 seq 10 deny 10.0.0.0/8
ip prefix-list DENY_RFC6890_V4 seq 15 deny 100.64.0.0/10
ip prefix-list DENY_RFC6890_V4 seq 20 deny 127.0.0.1/8
ip prefix-list DENY_RFC6890_V4 seq 25 deny 169.254.0.0/16
ip prefix-list DENY_RFC6890_V4 seq 30 deny 172.16.0.0/12
ip prefix-list DENY_RFC6890_V4 seq 35 deny 192.0.0.0/24
ip prefix-list DENY_RFC6890_V4 seq 40 deny 192.0.2.0/24
ip prefix-list DENY_RFC6890_V4 seq 45 deny 192.88.99.0/24
ip prefix-list DENY_RFC6890_V4 seq 50 deny 192.168.0.0/16
ip prefix-list DENY_RFC6890_V4 seq 55 deny 198.18.0.0/15
ip prefix-list DENY_RFC6890_V4 seq 60 deny 198.51.100.0/24
ip prefix-list DENY_RFC6890_V4 seq 65 deny 203.0.113.0/24
ip prefix-list DENY_RFC6890_V4 seq 70 deny 240.0.0.0/4
ip prefix-list DENY_RFC6890_V4 seq 75 deny 255.255.255.255/32
!
route-map test permit 10
 match ip address prefix-list ALLOW
!
line vty
!
end

When I check to see what routes are being sent to 10.44.31.251 there are none:

quagga-rs-001# show ip bgp neighbors  10.44.31.251 advertised-routes
quagga-rs-001#


When I check the BGP route table I can see that none of the routes are being advertised off the route server:

quagga-rs-001# show ip bgp 4.2.2.1
BGP routing table entry for 4.0.0.0/9
Paths: (4 available, best #1, table Default-IP-Routing-Table)
  Not advertised to any peer
  1299 3356, (aggregated by 3356 4.69.130.80)
    10.109.0.1 from 10.109.0.1 (10.109.0.1)
      Origin IGP, localpref 100, valid, internal, atomic-aggregate, best
      Community: 1299:1000
      Last update: Wed Sep 10 22:21:14 2014

  1299 3356, (aggregated by 3356 4.69.130.80)
    10.109.0.2 from 10.109.0.2 (10.109.0.2)
      Origin IGP, localpref 100, valid, internal, atomic-aggregate
      Community: 1299:1000
      Last update: Wed Sep 10 22:21:04 2014

  1299 3356, (aggregated by 3356 4.69.130.82)
    62.115.46.197 from 10.105.0.2 (213.155.155.234)
      Origin IGP, localpref 100, valid, internal, atomic-aggregate
      Community: 1299:1000
      Last update: Wed Sep 10 22:20:39 2014

  1299 3356, (aggregated by 3356 4.69.130.82)
    62.115.46.185 from 10.105.0.1 (213.155.155.233)
      Origin IGP, localpref 100, valid, internal, atomic-aggregate
      Community: 1299:1000
      Last update: Wed Sep 10 22:20:37 2014

Any help to point me in the right direction with what I am missing or have misconfigured would be greatly appreciated....

Thank you in advance.

-Patrick

_______________________________________________
Quagga-users mailing list
Quagga-users@...
https://lists.quagga.net/mailman/listinfo/quagga-users
Bastien Durel | 6 Sep 18:23 2014

[quagga-users 13772] OSPF: interface down

Hello,

I'm trying to connect a VM to my OSPF network. It's a Xen PV guest 
running debian ().
Here is my ospfd.conf:

! -*- ospf -*-
!
hostname test-postfix2
!
interface eth0
  ip ospf cost 10
!
router ospf
  ospf router-id 10.120.1.34
  network 10.0.0.0/8 area 0
  network 94.23.110.210/28 area 0
  redistribute kernel
!
log file /var/log/quagga/ospfd.log

Quagga never sends any hello, saying the interface is down :
root <at> test-postfix2:/etc/quagga# vtysh -c "show ip ospf interface"
eth0 is down
   ifindex 0, MTU 0 bytes, BW 0 Kbit <>
   OSPF not enabled on this interface

But the interface is up and running :
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
     inet 127.0.0.1/8 scope host lo
     inet6 ::1/128 scope host
        valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
state UP qlen 1000
     link/ether 00:16:3e:cf:61:e3 brd ff:ff:ff:ff:ff:ff
     inet 10.120.1.34/24 scope global eth0
     inet6 2001:41d0:2:27d3::a78:122/128 scope global
        valid_lft forever preferred_lft forever
     inet6 fe80::216:3eff:fecf:61e3/64 scope link
        valid_lft forever preferred_lft forever

I must have forgotten something, but I can't find what. do you have an 
idea ?

Thanks,

--

-- 
Bastien
Noel Burton-Krahn | 5 Sep 23:43 2014

[quagga-users 13768] OSPF static route updates unreliable?

Hi,

I'm evaluating Quagga OSPF 0.99.22.4 on Gentoo for rerouting IPs on failover.  I'm new to Quagga, so please forgive (and correct!) any misconceptions.

We give each of our services a fixed IP and move the IP to a new host on failover.  We're looking at OSPF/BGP to dynamically adjust the routing when a floating IP moves.  In my test case, I want to change this route

ip route add $SERVICE_NET.99 via $HOST_NET.1

to this, to indicate service ip #99 has moved from host #1 to host #2

ip route add $SERVICE_NET.99 via $HOST_NET.2

I've got Quagga OSPF running on all hosts.  I use this command to change the static route

vtysh -c "configure terminal" -c "no ip route 10.27.2.99/32 10.27.0.1" -c "ip route 10.27.2.99/32 10.27.0.2"


FAIL: About 30% of the time, one of my hosts will miss the route update and end up with no routes at all!  Other hosts *will* get the update, but this has to be 100% reliable for all hosts

Here are some other issues I've found:

1. If I restart zebra/ospfd on a host, it does not pick up static routes I defined previously via OSPF on another host.  Shouldn't existing static routes be restored on restart?

2. Route updates take about 8-10 sec to complete.  If I add a new hop for an old route, the old route disappears for 10 sec then comes back.  Can this be sped up?

vtysh -c "configure terminal" -c "ip route 10.27.2.99/32 10.27.0.18"
vtysh -c "configure terminal" -c "ip route 10.27.2.99/32 10.27.0.22"  # the .18 route disappears for 10 sec on other hosts

Is there a better (more reliable) way to dynamically update static routes? 


Thanks for your help,
--
Noel



zebra.conf:
hostname node-10-27-0-16
password zebra
enable password zebra

log file /var/log/quagga/zebrad.log
log syslog

interface host
  multicast

ospfd.conf
hostname node-10-27-0-16
password zebra
enable password zebra
log file /var/log/quagga/ospfd.log
log syslog

router ospf
  ospf router-id 10.27.0.16
  redistribute kernel
  redistribute static
  redistribute bgp
  passive-interface services
  network 10.27.0.0/24 area 0.0.0.0
  network 10.27.2.0/24 area 0.0.0.0
  network 10.27.3.0/24 area 0.0.0.0
  area 0.0.0.0 authentication message-digest
  debug ospf packet all recv detail
  debug ospf packet all send detail

interface host
  ip ospf authentication message-digest
  ip ospf message-digest-key 1 md5 ABCDEFGHIJK

_______________________________________________
Quagga-users mailing list
Quagga-users@...
https://lists.quagga.net/mailman/listinfo/quagga-users
lhg803 | 26 Aug 07:14 2014

[quagga-users 13766] RIPv2 16-digit password MD5 authentication failure with cisco router!

Hi everyone,I have a question about the ripv2 md5 authentication. The detail information is below. ###########################################################################################################
1,network topology
  _________            ___________
 |         |          |          |
 |  cisco  |__________|  linux   |
 |         |          |          |
 |_________|          |__________|
   eth1/0:6.6.6.2    eth0:6.6.6.1
 
2,configuration for each box
(1)cisco
!
key chain test
 key 1
  key-string 1234567890123456
!
interface Loopback0
 ip address 10.10.10.1 255.255.255.0
!
interface Ethernet1/0
 ip address 6.6.6.2 255.255.255.0
 ip rip authentication mode md5
 ip rip authentication key-chain test
!
router rip
 version 2
 network 6.0.0.0
 network 10.0.0.0
 
(2)linux interface ip and quagga ripd
 
a,interface ip address
8.8.8.0/24 dev eth1  proto kernel  scope link  src 8.8.8.1
6.6.6.0/24 dev eth0  proto kernel  scope link  src 6.6.6.1
 
b,quagga ripd
 
Building configuration...
 
Current configuration:
!
hostname ripd
!
password quagga
!
!
interface x0ge1
 ip rip authentication mode md5 auth-length old-ripd
 ip rip authentication string 1234567890123456
!
router rip
 version 2
 network 6.6.6.0/24
 network 8.8.8.0/24
!
line vty
!
end
 
3,debug quagga ripd, information below show:
 
2014/08/18 17:52:36 RIP: RECV packet from 6.6.6.2 port 520 on eth0
2014/08/18 17:52:36 RIP: RECV RESPONSE version 2 packet size 64
2014/08/18 17:52:36 RIP:   family 0xFFFF type 3 (MD5 authentication)
2014/08/18 17:52:36 RIP:     RIP-2 packet len 44 Key ID 1 Auth Data len 20
2014/08/18 17:52:36 RIP:     Sequence Number 20
2014/08/18 17:52:36 RIP:   10.0.0.0/8 -> 0.0.0.0 family 2 tag 0 metric 1
2014/08/18 17:52:36 RIP:   family 0xFFFF type 1 (MD5 data)
2014/08/18 17:52:36 RIP:     MD5: 05E1BAEBF321F963C5E3A80F861EFF
2014/08/18 17:52:36 RIP: RIPv2 MD5 authentication from 6.6.6.2
2014/08/18 17:52:36 RIP:     Packet MD5: 05E1BAEBF321F9633EC5E3A80F861EFF
2014/08/18 17:52:36 RIP:     Compute MD5: 16C8F384C11E6548247FC529F41D810D
2014/08/18 17:52:36 RIP: RIPv2 MD5 authentication failure
 
4,debug cisco rip,terminal monitor "authentication success":
*Aug 20 17:25:37.795: RIP: received packet with MD5 authentication
*Aug 20 17:25:37.799: RIP: received v2 update from 6.6.6.1 on Ethernet1/0
*Aug 20 17:25:37.803:      8.8.8.0/24 via 0.0.0.0 in 1 hops
 
PS:
if auth-string is 123456789012345, ripd will auth success, but cisco will fail!
-------------------------------------------------------------------------------
1,linux box info:
 
2014/08/18 18:02:55 RIP: RECV packet from 6.6.6.2 port 520 on eth0
2014/08/18 18:02:55 RIP: RECV RESPONSE version 2 packet size 64
2014/08/18 18:02:55 RIP:   family 0xFFFF type 3 (MD5 authentication)
2014/08/18 18:02:55 RIP:     RIP-2 packet len 44 Key ID 1 Auth Data len 20
2014/08/18 18:02:55 RIP:     Sequence Number 42
2014/08/18 18:02:55 RIP:   10.0.0.0/8 -> 0.0.0.0 family 2 tag 0 metric 1
2014/08/18 18:02:55 RIP:   family 0xFFFF type 1 (MD5 data)
2014/08/18 18:02:55 RIP:     MD5: D37FA34DDF522460252B07B0833CE2
2014/08/18 18:02:55 RIP: RIPv2 MD5 authentication from 6.6.6.2
2014/08/18 18:02:55 RIP:     Packet MD5: D37FA34DDF522460AA252B07B0833CE2
2014/08/18 18:02:55 RIP:     Compute MD5: D37FA34DDF522460AA252B07B0833CE2
2014/08/18 18:02:55 RIP: RIPv2 MD5 authentication success
 
2,cisco router info:
 
*Aug 20 17:33:31.987: RIP: received packet with MD5 authentication
*Aug 20 17:33:31.991: RIP: ignored v2 packet from 6.6.6.1 (invalid authentication)
-------------------------------------------------------------------------------
###########################################################################################################
 
Thanks in advance for your response.
Regards,lihg2014-08-26
_______________________________________________
Quagga-users mailing list
Quagga-users@...
https://lists.quagga.net/mailman/listinfo/quagga-users

Gmane