Quagga routing suite users list

jb | 4 Feb 2010 21:13

[quagga-users 11329] Stop DDOS with blackhole on Linux

Hello,

I need to stop DDOS attacks on a quagga router.
I use Quagga on Linux.

The target IP for the DDOS is 2.3.4.5. My AS is 1234. My transit provider 
is 1000 and he blackhole community is tagged with 666.

On a cisco router I use the following to blackhole the traffic before the 
traffic enter my network.

router bgp 1234
   bgp router-id 1.2.3.4
   redistribute static route-map static-to-bgp
   ..
   ..
!
route-map static-to-bgp permit 5
  match tag 666
  set community 1000:666 additive
!
ip route 2.3.4.5 255.255.255.255 Null0 tag 666

Is this possible with Quagga and Linux?

/jb

headers

Rolf Hanßen | 4 Feb 2010 22:40

[quagga-users 11330] Re: Stop DDOS with blackhole on Linux

Hi,

yes, you can do that, afair that setup works fine:
Create a dummy interface in Linux with for example some private IP address
and a /30 netmask (not /32).
Drop packets to that interface with iptables (FORWARD chain).
Create a rule in the route-map in that sets the nexthop to an address
within the range of the dummy-interface-network (but not the address of
the interface itself).

kind regards
Rolf

> Hello,
>
> I need to stop DDOS attacks on a quagga router.
> I use Quagga on Linux.
>
> The target IP for the DDOS is 2.3.4.5. My AS is 1234. My transit provider
> is 1000 and he blackhole community is tagged with 666.
>
> On a cisco router I use the following to blackhole the traffic before the
> traffic enter my network.
>
> router bgp 1234
>    bgp router-id 1.2.3.4
>    redistribute static route-map static-to-bgp
>    ..
>    ..
> !

(Continue reading)

headers

Justin Alonzo | 5 Feb 2010 07:38

[quagga-users 11331] Quagga and Sangoma a301 T3 Card

I have 3 ISP connections and I am running quagga bgp with them. 2 of them are ethernet connections and are working great.

The third is a T3 connected to a Sangoma a301.

Linux xo 2.6.18-164.11.1.el5 #1 SMP Wed Jan 20 07:39:04 EST 2010 i686 athlon i386 GNU/Linux

quagga-devel-0.98.6-5.el5
quagga-0.98.6-5.el5
quagga-contrib-0.98.6-5.el5

[root <at> xo quagga]# cat zebra.conf
hostname ???

password ???
enable password ???
!
ip route 0.0.0.0/0 65.46.252.165
ip route 209.31.22.8/29 10.10.10.2
ip route 209.31.22.24/29 10.10.10.1
ip route 209.31.22.32/27 209.31.22.3
ip route 66.240.53.0/24 10.10.10.2
!
log file /var/log/quagga/zebra.log

[root <at> xo quagga]# cat bgpd.conf
! -*- bgp -*-
! $Id: bgpd.conf.sample,v 1.1.1.1 2002/12/13 20:15:29 paul Exp $
!
!
hostname???
password ???

enable password ????
!
!
router bgp ????
bgp router-id ????
no synchronization
bgp log-neighbor-changes
bgp dampening
network 66.240.53.0 mask 255.255.255.0
network 209.31.22.0 mask 255.255.254.0
neighbor XO peer-group
neighbor XO remote-as 2828
neighbor XO description ** XO **
neighbor XO send-community
neighbor XO soft-reconfiguration inbound
neighbor XO prefix-list frys-cidr out
neighbor XO route-map XO-out out
neighbor 65.46.252.165 peer-group XO
neighbor 10.10.10.1 remote-as 27291
neighbor 10.10.10.1 next-hop-self
neighbor 10.10.10.1 description CRUZ-IO ROUTER
neighbor 10.10.10.2 remote-as 27291
neighbor 10.10.10.2 next-hop-self
neighbor 10.10.10.2 description COMCAST ROUTER
!
!
ip as-path access-list 10 permit ^$
ip as-path access-list 11 permit _6451[2-9]_
ip as-path access-list 11 permit _645[2-9][0-9]_
ip as-path access-list 11 permit _64[6-9][0-9][0-9]_
ip as-path access-list 11 permit _65[0-9][0-9][0-9]_
!
!
ip prefix-list default-only seq 5 permit 0.0.0.0/0
!
ip prefix-list frys-cidr seq 15 permit 66.240.53.0/24
ip prefix-list frys-cidr seq 20 permit 209.31.22.0/23
ip prefix-list frys-cidr seq 25 permit 209.172.99.96/27
!
ip prefix-list martians seq 5 permit 0.0.0.0/0 ge 25
ip prefix-list martians seq 10 permit 10.0.0.0/8 le 32
ip prefix-list martians seq 15 permit 127.0.0.0/8 le 32
ip prefix-list martians seq 20 permit 128.0.0.0/16 le 32
ip prefix-list martians seq 25 permit 169.254.0.0/16 le 32
ip prefix-list martians seq 30 permit 172.16.0.0/12 le 32
ip prefix-list martians seq 35 permit 191.255.0.0/16 le 32
ip prefix-list martians seq 40 permit 192.0.0.0/24 le 32
ip prefix-list martians seq 45 permit 192.0.2.0/24 le 32
ip prefix-list martians seq 50 permit 192.168.0.0/16 le 32
ip prefix-list martians seq 55 permit 224.0.0.0/4 le 32
!
route-map XO-out permit 10
set community 1079181352
!
route-map transit-in deny 100
match as-path 11
!
route-map transit-in deny 200
match ip address prefix-list martians
!
route-map transit-in permit 300
!
route-map XO-in permit 10
set local-preference 90
!
!
log file /var/log/quagga/bgpd.log
!
log stdout

[root <at> xo quagga]# cat zebra.conf
hostname xo
password zebra
enable password zebra
!
ip route 0.0.0.0/0 65.46.252.165
ip route 209.31.22.8/29 10.10.10.2
ip route 209.31.22.24/29 10.10.10.1
ip route 209.31.22.32/27 209.31.22.3
ip route 66.240.53.0/24 10.10.10.2
!
log file /var/log/quagga/zebra.log

xo# show ip bgp summary
BGP router identifier 65.46.252.166, local AS number 27291
3 BGP AS-PATH entries
0 BGP community entries
Dampening enabled.

Neighbor        V    AS MsgRcvd MsgSent   TblVer InQ OutQ Up/Down State/PfxRcd
10.10.10.1      4 27291      30      48        0    0    0 00:26:43        4
10.10.10.2      4 27291      32      32        0    0    0 00:28:21        4
65.46.252.165   4 2828       0       0        0    0    0 never    Connect

Total number of neighbors 3

It never connects, the provider never sees the any requests but the communication and pinging between the 2 routers is fine.

Anyone have an Idea why it wont connect, why quagga bgp will not use the sangoma connection?

--
Thank You

Justin Alonzo

_______________________________________________
Quagga-users mailing list
Quagga-users@...
http://lists.quagga.net/mailman/listinfo/quagga-users

headers

Vincent Bernat | 5 Feb 2010 14:14

[quagga-users 11332] Quagga and network namespaces (VRF)

Hi!

Recent Linux kernels support network  namespaces. This means that we can
create on  a Linux virtual  routers with each  of them having  their own
interfaces,  IP and  routes.  This  allows implementation  of  Cisco VRF
feature.

This feature  can be used to  run multiple instances of  Quagga, one per
network  namespace. However,  what would  be great  is to  get  the same
feature as VRF  on Cisco routers: binding one OSPF or  BGP instance to a
VRF  without  having to  run  several  different  Quagga with  different
configuration files.

James Leu from Linux VRF projects has already stated that he was willing
to contribute on this:
 http://lists.quagga.net/pipermail/quagga-users/2009-July/010992.html

Is there any progress, patchs to test, code repository to contribute?

Thanks.

headers

Vincent JARDIN | 5 Feb 2010 14:40

[quagga-users 11333] Re: Quagga and network namespaces (VRF)

Hi,

We did it at 6WIND. However, we had to add some more extensions into the
Kernel to get a "real VRF".

You are right, 1 unique instance of Quagga (1 ospfd, 1 bgpd, etc.)
should be used to handle multiple VRF

Best regards,
  Vincent

Vincent Bernat wrote:
> Hi!
>
> Recent Linux kernels support network  namespaces. This means that we can
> create on  a Linux virtual  routers with each  of them having  their own
> interfaces,  IP and  routes.  This  allows implementation  of  Cisco VRF
> feature.
>
> This feature  can be used to  run multiple instances of  Quagga, one per
> network  namespace. However,  what would  be great  is to  get  the same
> feature as VRF  on Cisco routers: binding one OSPF or  BGP instance to a
> VRF  without  having to  run  several  different  Quagga with  different
> configuration files.
>
> James Leu from Linux VRF projects has already stated that he was willing
> to contribute on this:
>  http://lists.quagga.net/pipermail/quagga-users/2009-July/010992.html
>
> Is there any progress, patchs to test, code repository to contribute?
>
> Thanks.
> _______________________________________________
> Quagga-users mailing list
> Quagga-users@...
> http://lists.quagga.net/mailman/listinfo/quagga-users
>   

-- 
Vincent JARDIN
6WIND
C.T.O.
http://www.6wind.com

Join the Multicore Packet Processing Forum:
  http://multicorepacketprocessing.com

Ce courriel ainsi que toutes les pièces jointes, est uniquement destiné
à son ou ses destinataires. Il contient des informations confidentielles
qui sont la propriété de 6WIND. Toute révélation, distribution ou copie
des informations qu'il contient est strictement interdite. Si vous avez
reçu ce message par erreur, veuillez immédiatement le signaler à
l'émetteur et détruire toutes les données reçues

This e-mail message, including any attachments, is for the sole use of
the intended recipient(s) and contains information that is confidential
and proprietary to 6WIND. All unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient,
please contact the sender by reply e-mail and destroy all copies of the
original message.

headers

David Lamparter | 5 Feb 2010 15:35

[quagga-users 11334] Re: Quagga and network namespaces (VRF)

Am Freitag, den 05.02.2010, 14:40 +0100 schrieb Vincent JARDIN:
> We did it at 6WIND. However, we had to add some more extensions into the
> Kernel to get a "real VRF".

I'm curious, what extensions?

> You are right, 1 unique instance of Quagga (1 ospfd, 1 bgpd, etc.)
> should be used to handle multiple VRF

I'm not too sure about that. Where's the benefit? (Aside from unified
configuration/interface)

-David

headers

Vincent JARDIN | 5 Feb 2010 15:48

[quagga-users 11335] Re: Quagga and network namespaces (VRF)

David Lamparter wrote:
> Am Freitag, den 05.02.2010, 14:40 +0100 schrieb Vincent JARDIN:
>   
>> We did it at 6WIND. However, we had to add some more extensions into the
>> Kernel to get a "real VRF".
>>     
>
> I'm curious, what extensions?
>
>   
>> You are right, 1 unique instance of Quagga (1 ospfd, 1 bgpd, etc.)
>> should be used to handle multiple VRF
>>     
>
> I'm not too sure about that. Where's the benefit? (Aside from unified
> configuration/interface)
>   
Cross VR routing + think about 2K VRFs => 4K daemons if you only need
ospf + zebra.

>
> -David
>
>
>   

-- 
Vincent JARDIN
6WIND
C.T.O.
http://www.6wind.com

Join the Multicore Packet Processing Forum:
  http://multicorepacketprocessing.com

Ce courriel ainsi que toutes les pièces jointes, est uniquement destiné
à son ou ses destinataires. Il contient des informations confidentielles
qui sont la propriété de 6WIND. Toute révélation, distribution ou copie
des informations qu'il contient est strictement interdite. Si vous avez
reçu ce message par erreur, veuillez immédiatement le signaler à
l'émetteur et détruire toutes les données reçues

This e-mail message, including any attachments, is for the sole use of
the intended recipient(s) and contains information that is confidential
and proprietary to 6WIND. All unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient,
please contact the sender by reply e-mail and destroy all copies of the
original message.

_______________________________________________
Quagga-users mailing list
Quagga-users <at> lists.quagga.net
http://lists.quagga.net/mailman/listinfo/quagga-users

headers

Barry Friedman | 5 Feb 2010 15:58

[quagga-users 11336] Re: Quagga and Sangoma a301 T3 Card

The peer is in Connect state, so it's at least trying to set up the tcp session.

Have you collected any debug output? Eg.

telnet localhost bgpd
term mon
debug bgp event
debug bgp fsm
clear ip bgp 65.46.252.165

Also the output of:
show ip bgp neighbor 65.46.252.165
might give some clues?

Regards,
Barry

On Thu, Feb 4, 2010 at 10:38 PM, Justin Alonzo
<justin.alonzo@...> wrote:
> I have 3 ISP connections and I am running quagga bgp with them. 2 of them
> are ethernet connections and are working great.
>
> The third is a T3 connected to a Sangoma a301.
>
> Linux xo 2.6.18-164.11.1.el5 #1 SMP Wed Jan 20 07:39:04 EST 2010 i686 athlon
> i386 GNU/Linux
> quagga-devel-0.98.6-5.el5
> quagga-0.98.6-5.el5
> quagga-contrib-0.98.6-5.el5
> [root <at> xo quagga]# cat zebra.conf
> hostname ???
> password ???
> enable password ???
> !
> ip route 0.0.0.0/0 65.46.252.165
> ip route 209.31.22.8/29 10.10.10.2
> ip route 209.31.22.24/29 10.10.10.1
> ip route 209.31.22.32/27 209.31.22.3
> ip route 66.240.53.0/24 10.10.10.2
> !
> log file /var/log/quagga/zebra.log
> [root <at> xo quagga]# cat bgpd.conf
> ! -*- bgp -*-
> ! $Id: bgpd.conf.sample,v 1.1.1.1 2002/12/13 20:15:29 paul Exp $
> !
> !
> hostname???
> password ???
> enable password ????
> !
> !
> router bgp ????
> bgp router-id ????
> no synchronization
> bgp log-neighbor-changes
> bgp dampening
> network 66.240.53.0 mask 255.255.255.0
> network 209.31.22.0 mask 255.255.254.0
> neighbor XO peer-group
> neighbor XO remote-as 2828
> neighbor XO description ** XO **
> neighbor XO send-community
> neighbor XO soft-reconfiguration inbound
> neighbor XO prefix-list frys-cidr out
> neighbor XO route-map XO-out out
> neighbor 65.46.252.165 peer-group XO
> neighbor 10.10.10.1 remote-as 27291
> neighbor 10.10.10.1 next-hop-self
> neighbor 10.10.10.1 description CRUZ-IO ROUTER
> neighbor 10.10.10.2 remote-as 27291
> neighbor 10.10.10.2 next-hop-self
> neighbor 10.10.10.2 description COMCAST ROUTER
> !
> !
> ip as-path access-list 10 permit ^$
> ip as-path access-list 11 permit _6451[2-9]_
> ip as-path access-list 11 permit _645[2-9][0-9]_
> ip as-path access-list 11 permit _64[6-9][0-9][0-9]_
> ip as-path access-list 11 permit _65[0-9][0-9][0-9]_
> !
> !
> ip prefix-list default-only seq 5 permit 0.0.0.0/0
> !
> ip prefix-list frys-cidr seq 15 permit 66.240.53.0/24
> ip prefix-list frys-cidr seq 20 permit 209.31.22.0/23
> ip prefix-list frys-cidr seq 25 permit 209.172.99.96/27
> !
> ip prefix-list martians seq 5 permit 0.0.0.0/0 ge 25
> ip prefix-list martians seq 10 permit 10.0.0.0/8 le 32
> ip prefix-list martians seq 15 permit 127.0.0.0/8 le 32
> ip prefix-list martians seq 20 permit 128.0.0.0/16 le 32
> ip prefix-list martians seq 25 permit 169.254.0.0/16 le 32
> ip prefix-list martians seq 30 permit 172.16.0.0/12 le 32
> ip prefix-list martians seq 35 permit 191.255.0.0/16 le 32
> ip prefix-list martians seq 40 permit 192.0.0.0/24 le 32
> ip prefix-list martians seq 45 permit 192.0.2.0/24 le 32
> ip prefix-list martians seq 50 permit 192.168.0.0/16 le 32
> ip prefix-list martians seq 55 permit 224.0.0.0/4 le 32
> !
> route-map XO-out permit 10
>  set community 1079181352
> !
> route-map transit-in deny 100
>  match as-path 11
> !
> route-map transit-in deny 200
>  match ip address prefix-list martians
> !
> route-map transit-in permit 300
> !
> route-map XO-in permit 10
>  set local-preference 90
> !
> !
> log file /var/log/quagga/bgpd.log
> !
> log stdout
> [root <at> xo quagga]# cat zebra.conf
> hostname xo
> password zebra
> enable password zebra
> !
> ip route 0.0.0.0/0 65.46.252.165
> ip route 209.31.22.8/29 10.10.10.2
> ip route 209.31.22.24/29 10.10.10.1
> ip route 209.31.22.32/27 209.31.22.3
> ip route 66.240.53.0/24 10.10.10.2
> !
> log file /var/log/quagga/zebra.log
> xo# show ip bgp summary
> BGP router identifier 65.46.252.166, local AS number 27291
> 3 BGP AS-PATH entries
> 0 BGP community entries
> Dampening enabled.
> Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down
> State/PfxRcd
> 10.10.10.1      4 27291      30      48        0    0    0
00:26:43        4
> 10.10.10.2      4 27291      32      32        0    0    0
00:28:21        4
> 65.46.252.165   4  2828       0       0        0    0    0
never    Connect
> Total number of neighbors 3
> It never connects, the provider never sees the any requests but the
> communication and pinging between the 2 routers is fine.
>
> Anyone have an Idea why it wont connect, why quagga bgp will not use the
> sangoma connection?
>
> --
> Thank You
>
> Justin Alonzo
>
> _______________________________________________
> Quagga-users mailing list
> Quagga-users@...
> http://lists.quagga.net/mailman/listinfo/quagga-users
>
>

headers

Justin Alonzo | 5 Feb 2010 22:45

[quagga-users 11337] Re: Quagga and Sangoma a301 T3 Card

I am new to this so do you see anything? See below,

xo# term mon
xo# debug bgp event
BGP events debugging is on
xo# debug bgp fsm
BGP fsm debugging is on
xo# cBGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
lear BGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)
ip bgpBGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)
65.46.252BGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
.1BGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)
65BGP: 65.46.252.165 [FSM] BGP_Stop (Connect->Idle)

xo#
xo#
xo#
xo#
xo#
xo#
xo#
xo#
xo#
xo#
xo#
xo#
xo# BGP: 65.46.252.165 [FSM] Timer (start timer expire).
BGP: 65.46.252.165 [FSM] BGP_Start (Idle->Connect)
BGP: 65.46.252.165 [Event] Connect start to 65.46.252.165 fd 11
BGP: 65.46.252.165 [FSM] Non blocking connect waiting result
BGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.1 [FSM] Receive_KEEPALIVE_message (Established->Established)
BGP: 10.10.10.1 [FSM] Timer (keepalive timer expire)
BGP: 10.10.10.1 [FSM] KeepAlive_timer_expired (Established->Established)
BGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.2 [FSM] Timer (keepalive timer expire)
BGP: 10.10.10.2 [FSM] KeepAlive_timer_expired (Established->Established)
BGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.2 [FSM] Receive_KEEPALIVE_message (Established->Established)
BGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)
BGP: [Event] BGP connection from host 65.46.252.165
BGP: [Event] Make dummy peer structure until read Open packet
BGP: 65.46.252.165 [FSM] TCP_connection_open (Active->OpenSent)
BGP: 65.46.252.165 [Event] peer's status is OpenSent close connection
BGP: 65.46.252.165 [Event] Accepting BGP peer delete
BGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
sBGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)
ho wiBGP: [Event] BGP connection from host 65.46.252.165
BGP: [Event] Make dummy peer structure until read Open packet
BGP: 65.46.252.165 [FSM] TCP_connection_open (Active->OpenSent)
BGP: 65.46.252.165 [Event] peer's status is OpenSent close connection
BGP: 65.46.252.165 [Event] Accepting BGP peer delete
BGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.1 [FSM] Receive_KEEPALIVE_message (Established->Established)
BGP: 10.10.10.1 [FSM] Timer (keepalive timer expire)
BGP: 10.10.10.1 [FSM] KeepAlive_timer_expired (Established->Established)
unBGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)

xo# sho wunBGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)

xo#
xo#
xo# un
xo# undebug
all bgp
xo# undebug BGP: 10.10.10.2 [FSM] Timer (keepalive timer expire)
BGP: 10.10.10.2 [FSM] KeepAlive_timer_expired (Established->Established)
BGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
BGP: 10.10.10.2 [FSM] Receive_KEEPALIVE_message (Established->Established)
allBGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)

% Command incomplete.
xo# und
xo# undebug all
% Command incomplete.
xo# BGP: 10.10.10.1 [FSM] Timer (routeadv timer expire)
undebug all BGP: 10.10.10.2 [FSM] Timer (routeadv timer expire)
bgp
All possible debugging has been turned off
xo#

xo# show ip bgp neighbor 65.46.252.165
BGP neighbor is 65.46.252.165, remote AS 2828, local AS 27291, external link
Member of peer-group XO for session parameters
BGP version 4, remote router ID 0.0.0.0
BGP state = Connect
Last read 01:01:40, hold time is 180, keepalive interval is 60 seconds
Received 0 messages, 0 notifications, 0 in queue
Sent 0 messages, 0 notifications, 0 in queue
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 30 seconds

For address family: IPv4 Unicast
XO peer-group member
Inbound soft reconfiguration allowed
Community attribute sent to this neighbor(both)
Outbound path policy configured
Outgoing update prefix filter list is *frys-cidr
Route map for outgoing advertisements is *XO-out
0 accepted prefixes

Connections established 0; dropped 0
Last reset never
Next connect timer due in 91 seconds
Read thread: on Write thread: on

xo#

On Fri, Feb 5, 2010 at 6:58 AM, Barry Friedman <barryf-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org> wrote:

The peer is in Connect state, so it's at least trying to set up the tcp session.

Have you collected any debug output? Eg.

telnet localhost bgpd
term mon
debug bgp event
debug bgp fsm
clear ip bgp 65.46.252.165

Also the output of:
show ip bgp neighbor 65.46.252.165
might give some clues?

Regards,
Barry

On Thu, Feb 4, 2010 at 10:38 PM, Justin Alonzo <justin.alonzo-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> I have 3 ISP connections and I am running quagga bgp with them. 2 of them
> are ethernet connections and are working great.
>
> The third is a T3 connected to a Sangoma a301.
>
> Linux xo 2.6.18-164.11.1.el5 #1 SMP Wed Jan 20 07:39:04 EST 2010 i686 athlon
> i386 GNU/Linux
> quagga-devel-0.98.6-5.el5
> quagga-0.98.6-5.el5
> quagga-contrib-0.98.6-5.el5
> [root <at> xo quagga]# cat zebra.conf
> hostname ???
> password ???
> enable password ???
> !
> ip route 0.0.0.0/0 65.46.252.165
> ip route 209.31.22.8/29 10.10.10.2
> ip route 209.31.22.24/29 10.10.10.1
> ip route 209.31.22.32/27 209.31.22.3
> ip route 66.240.53.0/24 10.10.10.2
> !
> log file /var/log/quagga/zebra.log
> [root <at> xo quagga]# cat bgpd.conf
> ! -*- bgp -*-
> ! $Id: bgpd.conf.sample,v 1.1.1.1 2002/12/13 20:15:29 paul Exp $
> !
> !
> hostname???
> password ???
> enable password ????
> !
> !
> router bgp ????
> bgp router-id ????
> no synchronization
> bgp log-neighbor-changes
> bgp dampening
> network 66.240.53.0 mask 255.255.255.0
> network 209.31.22.0 mask 255.255.254.0
> neighbor XO peer-group
> neighbor XO remote-as 2828
> neighbor XO description ** XO **
> neighbor XO send-community
> neighbor XO soft-reconfiguration inbound
> neighbor XO prefix-list frys-cidr out
> neighbor XO route-map XO-out out
> neighbor 65.46.252.165 peer-group XO
> neighbor 10.10.10.1 remote-as 27291
> neighbor 10.10.10.1 next-hop-self
> neighbor 10.10.10.1 description CRUZ-IO ROUTER
> neighbor 10.10.10.2 remote-as 27291
> neighbor 10.10.10.2 next-hop-self
> neighbor 10.10.10.2 description COMCAST ROUTER
> !
> !
> ip as-path access-list 10 permit ^$
> ip as-path access-list 11 permit _6451[2-9]_
> ip as-path access-list 11 permit _645[2-9][0-9]_
> ip as-path access-list 11 permit _64[6-9][0-9][0-9]_
> ip as-path access-list 11 permit _65[0-9][0-9][0-9]_
> !
> !
> ip prefix-list default-only seq 5 permit 0.0.0.0/0
> !
> ip prefix-list frys-cidr seq 15 permit 66.240.53.0/24
> ip prefix-list frys-cidr seq 20 permit 209.31.22.0/23
> ip prefix-list frys-cidr seq 25 permit 209.172.99.96/27
> !
> ip prefix-list martians seq 5 permit 0.0.0.0/0 ge 25
> ip prefix-list martians seq 10 permit 10.0.0.0/8 le 32
> ip prefix-list martians seq 15 permit 127.0.0.0/8 le 32
> ip prefix-list martians seq 20 permit 128.0.0.0/16 le 32
> ip prefix-list martians seq 25 permit 169.254.0.0/16 le 32
> ip prefix-list martians seq 30 permit 172.16.0.0/12 le 32
> ip prefix-list martians seq 35 permit 191.255.0.0/16 le 32
> ip prefix-list martians seq 40 permit 192.0.0.0/24 le 32
> ip prefix-list martians seq 45 permit 192.0.2.0/24 le 32
> ip prefix-list martians seq 50 permit 192.168.0.0/16 le 32
> ip prefix-list martians seq 55 permit 224.0.0.0/4 le 32
> !
> route-map XO-out permit 10
> set community 1079181352
> !
> route-map transit-in deny 100
> match as-path 11
> !
> route-map transit-in deny 200
> match ip address prefix-list martians
> !
> route-map transit-in permit 300
> !
> route-map XO-in permit 10
> set local-preference 90
> !
> !
> log file /var/log/quagga/bgpd.log
> !
> log stdout
> [root <at> xo quagga]# cat zebra.conf
> hostname xo
> password zebra
> enable password zebra
> !
> ip route 0.0.0.0/0 65.46.252.165
> ip route 209.31.22.8/29 10.10.10.2
> ip route 209.31.22.24/29 10.10.10.1
> ip route 209.31.22.32/27 209.31.22.3
> ip route 66.240.53.0/24 10.10.10.2
> !
> log file /var/log/quagga/zebra.log
> xo# show ip bgp summary
> BGP router identifier 65.46.252.166, local AS number 27291
> 3 BGP AS-PATH entries
> 0 BGP community entries
> Dampening enabled.
> Neighbor        V    AS MsgRcvd MsgSent   TblVer InQ OutQ Up/Down
> State/PfxRcd
> 10.10.10.1      4 27291      30      48        0    0    0 00:26:43        4
> 10.10.10.2      4 27291      32      32        0    0    0 00:28:21        4
> 65.46.252.165   4 2828       0       0        0    0    0 never    Connect
> Total number of neighbors 3
> It never connects, the provider never sees the any requests but the
> communication and pinging between the 2 routers is fine.
>
> Anyone have an Idea why it wont connect, why quagga bgp will not use the
> sangoma connection?
>
> --
> Thank You
>
> Justin Alonzo
>

> _______________________________________________
> Quagga-users mailing list
> Quagga-users-UOy77sIEA+c@public.gmane.orgagga.net
> http://lists.quagga.net/mailman/listinfo/quagga-users
>
>

--
Thank You

Justin Alonzo

_______________________________________________
Quagga-users mailing list
Quagga-users@...
http://lists.quagga.net/mailman/listinfo/quagga-users

headers

Michael Lambert | 5 Feb 2010 23:01

[quagga-users 11338] Re: Quagga and Sangoma a301 T3 Card

Justin,

On 5 Feb 2010, at 01:38, Justin Alonzo wrote:

> It never connects, the provider never sees the any requests but the communication and pinging between the
2 routers is fine.
>  
> Anyone have an Idea why it wont connect, why quagga bgp will not use the sangoma connection?

Are the MTUs the same on both ends of the T3?

Michael

32	May 2013
37	April 2013
50	March 2013
23	February 2013
18	January 2013
34	December 2012
59	November 2012
49	October 2012
20	September 2012
12	August 2012
19	July 2012
15	June 2012
35	May 2012
30	April 2012
70	March 2012
58	February 2012
61	January 2012
55	December 2011
45	November 2011
43	October 2011
58	September 2011
49	August 2011
32	July 2011
44	June 2011
54	May 2011
42	April 2011
97	March 2011
44	February 2011
34	January 2011
70	December 2010
67	November 2010
49	October 2010
103	September 2010
71	August 2010
58	July 2010
37	June 2010
65	May 2010
63	April 2010
55	March 2010
56	February 2010
43	January 2010
55	December 2009
61	November 2009
75	October 2009
23	September 2009
80	August 2009
136	July 2009
113	June 2009
168	May 2009
58	April 2009
104	March 2009
91	February 2009
83	January 2009
72	December 2008
75	November 2008
140	October 2008
95	September 2008
124	August 2008
44	July 2008
85	June 2008
48	May 2008
95	April 2008
56	March 2008
86	February 2008
81	January 2008
87	December 2007
105	November 2007
99	October 2007
123	September 2007
69	August 2007
151	July 2007
122	June 2007
154	May 2007
123	April 2007
111	March 2007
97	February 2007
111	January 2007
88	December 2006
103	November 2006
93	October 2006
118	September 2006
140	August 2006
196	July 2006
152	June 2006
180	May 2006
129	April 2006
124	March 2006
164	February 2006
177	January 2006
171	December 2005
272	November 2005
258	October 2005
277	September 2005
258	August 2005
117	July 2005
161	June 2005
239	May 2005
175	April 2005
322	March 2005
134	February 2005
312	January 2005
222	December 2004
229	November 2004
266	October 2004
166	September 2004
185	August 2004
173	July 2004
184	June 2004
246	May 2004
226	April 2004
127	March 2004
120	February 2004
147	January 2004
245	December 2003
199	November 2003
298	October 2003
143	September 2003
23	August 2003
1	January 2001
1	December 1999

Mon	Tue	Wed	Thu	Fri	Sat	Sun

1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28