Running GNU Zebra requires both the zebra
and bgpd daemons to be running. The zebra
daemon provides a mechanism for communication between the kernel
and the daemons for different routing protocols. The
bgpd daemon provides the BGP
functionality.
Before starting zebra and bgpd, default configuration
files need to be created. Samples are provided with the GNU Zebra
distribution and the RPM installs these into
/usr/doc/<zebra_version>/, where
<zebra_version> is the version of GNU Zebra that is
installed as per the output of the command
rpm -q zebra. These sample configuration files can be
made the defaults by running:
As these files contain potentially sensitive configuration information,
including the password to access the daemons you should
make sure that these files are not publicly readable.
If zebra.conf or bgpd.conf files are present in
the home directory for user root then these may
be used instead of the files in /etc/. To avoid confusion
move any such files before starting the GNU Zebra
daemons.
zerba and bgpd may be started using
init scripts if GNU Zebra was installed using RPMS.
Otherwise zerba and bgpd may be started manually.
To ensure that zebra and bgpd are started on
system boot they should be started by init. If GNU Zebra
was installed using RPMS this is done using chkconfig.
To check this run:
If GNU Zebra was not installed from an RPM then adding the following
to /etc/rc.d/rc.local should ensure that the zebra and
bgpd daemons are started on reboot. The paths should
be altered to match the installation.
GNU Zebra is configured interactively using an interface similar to
that of Cisco IOS. Before using the interactive setup, entries for
the GNU Zebra daemons need to be added to /etc/services. If
GNU Zebra was installed using an RPM this should be done
automatically, otherwise they should be added manually. The full list of
service entries for GNU Zebra daemons follow. zebrasrv,
zebra and bgpd are required to use GNU Zebra with
Super Sparrow, the rest are provided for completeness.
To begin, log into the zebra daemon. When
presented with the password prompt enter the default
password, zebra.
The Router> prompt shows that you are now logged into
zebra as an unprivileged user . GNU Zebra daemons, like
Cisco IOS and Unix has a concept of privileged and non-privileged
users. The non-privileged users do not have access to commands that may
access sensitive information or reconfigure the daemon. To become the
privileged user so configuration can take place the enable
command is used. Again the default password is zebra.
The Router# prompt indicates that you are now logged in as the
privileged user. Notice that the enable command was abbreviated
to en. GNU Zebra daemons, like Cisco IOS allows
commands and their arguments to be abbreviated. Abbreviations are valid
unless they match more than one command. In this case an error message is
displayed.
At any point typing ? will display help as illustrated below:
As shown a ? at a prompt will show all the available commands.
To enter configuration mode the configure command is used.
The following invocation makes use of abbreviations and ? to
find valid arguments.
The Router(config)# prompt indicates that configuration commands
will be accepted from the terminal. To find all available commands at
this point ? is used.
For now just configure the hostname, password and enable password.
To show the configuration that is now running use the
show run command.
To save the running configuration so that it will be used the
next time the write command is used.
The configuration of the zebra daemon for this setup is
complete. Use the exit to end the interactive session.
To begin the configuration of the bgpd daemon the hostname,
password and enable password are set in the same way as for the zebra daemon. The default password
is zebra.
It is of note that the output of show run is the format in
which configurations are written to disk. This format may be cut and
pasted into a terminal in as shown:
GNU Zebra is being run to allow the best path to other hosts to be
found by Super Sparrow. It is not being run to actually route
traffic . Because of this it is best if the routes learnt are not used to
modify the kernel routing table. There are two good reasons for this.
To prevent routes learnt via BGP from being inserted in the kernel
routing table the following commands are used. Most of the commands
discussed in configuring GNU Zebra will work equally well with
Cisco IOS. This command will only work on the GNU Zebra
bgpd daemon.
Visually confirm the configuration and save it.
To configure the bgpd daemon to communicate with peers an AS
number needs to be assigned after removing the default configuration. In
configuration mode:
The jasmine(config-router)# prompt indicates that bgp specific
configuration can now be set. From this prompt peers can be added.
This adds two peers with AS numbers 64600 and 64702.
The later peer, the router in POP Y is, not directly
connected so ebgp-multihop is specified.
Visually confirm and then save the configuration.
The router for POP X should not advertise any routes
to the Network C router. To effect this filters are used.
To filter out advertisements to the Network C router an
access-list that denies
all routes should be defined.
This access-list is applied to outgoing advertisements to
neighbor 192.168.192.12.
Visually confirm the configuration and then save it.
This completes the configuration of the bgpd daemon
on the POP X router.
The status of the BGP sessions can be found using
show ip bgp summary. This may be done as a
privileged or non-privileged user.
This shows that the bgpd daemon has the AS number 64700 and is
configured with two peers. One session is to 192.168.192.12 whose
AS number is 64600 and another to 192.168.193.11 whose
AS number is 64702. The State/PfxRcd field shows the state
of the session if it is not established and the number of prefixes
received from the peer if the session is established. Thus the session to
neighbor 192.168.192.12 is established and five prefixes have been
received. The session to 192.168.193.11 is Active which
confusingly, means that the session is down.
The prefixes in the BGP routing table can be shown using
show ip bgp. This may be done as a privileged or
non-privileged user.
This shows all of the prefixes in the BGP routing table with their
AS paths. To show details of the prefix that covers a particular IP address
show ip bgp <ip_address> may be used.
This shows that there is one prefix covering 192.168.193.10
and that this prefix is preferred. The prefix has an
AS path 64600 64601 64602.
To enable debugging to the interactive terminal use the
terminal monitor command:
To stop debugging to the interactive terminal use
terminal no monitor:
By default not may debugging messages are generated. The
debug bgp command enables additional debug messages to be
generated. The following shows the different types of debugging messages
that may be enabled, and enables all of them:
To forcibly reset a BGP session and, hence, cause events that may be
logged, allowing a problem to be tracked down the clear ip
command may be used. The following example shows that this command may
clear all sessions or sessions matched by various criteria. The example
then clears all sessions. If term mon and
debug bgp were set this should cause a flood of debugging
messages to be displayed.
Sometimes it is useful to take down a BGP session, without losing
the configuration information. This can be done using
shutdown.
Observe that the BGP session is now administratively shutdown:
And the configuration for this peer is maintained:
To bring the session back up no is prepended to the command used
to take down the session:
For reference the resulting configuration files for
the bgpd and zebra daemons are available.
POP X Router:
/etc/bgpd.conf,
/etc/zebra.conf.
A complete set of configuration files for this network setup
can be found here.
Please see references.
Copyright © 2000 HormsStarting GNU Zebra
$ cp /usr/doc/<zebra_version>/zebra.conf.sample /etc/zebra.conf
$ cp /usr/doc/<zebra_version>/bgpd.conf.sample /etc/bgpd.conf
$ chmod 600 /etc/zebra.conf
$ chmod 600 /etc/bgpd.conf
$ /etc/rc.d/init.d/bgpd start
Starting bgpd: [ OK ]
$ /etc/rc.d/init.d/zebra start
Starting bgpd: [ OK ]
$ /usr/sbin/bgpd -d
$ /usr/sbin/zebra -d
Logs for zerba and bgpd are found in
/var/log/zebra/zebra.log and
/var/log/zebra/bgpd.log respectively.
$ /sbin/chkconfig --level 345 zebra on
$ chkconfig --level 0126 zebra off
$ /sbin/chkconfig --level 345 bgpd on
$ chkconfig --level 0126 bgpd off
$ /sbin/chkconfig --list zebra
zebra 0:off 1:off 2:off 3:on 4:on 5:on 6:off
$ /sbin/chkconfig --list bgpd
bgpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
if [ -x /usr/sbin/zebra -a -e /etc/zebra.conf ]; then
echo -n "Starting GNU Zebra: zebra "
/usr/sbin/zebra -d
if [ -x /usr/sbin/bgpd -a -e /etc/bgpd.conf ]; then
echo -n bgpd
/usr/sbin/bgpd -d
fi
echo
fi
Preparation for Interactive Configuration
zebrasrv 2600/tcp # zebra service
zebra 2601/tcp # zebra vty
ripd 2602/tcp # RIPd vty
ripngd 2603/tcp # RIPngd vty
ospfd 2604/tcp # OSPFd vty
bgpd 2605/tcp # BGPd vty
ospf6d 2606/tcp # OSPF6d vty
Interactive Configuration: zebra Daemon
$ telnet localhost zebra
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
Hello, this is zebra (version 0.89.horms.pre.2)
Copyright 1996-2000 Kunihiro Ishiguro
User Access Verification
Password:
Router>
Router> en
Password:
Router#
Router> e
% Ambiguous command.
To find out the available completions of a command use the tab key:
Routers> e<tab>
enable exit
Routers> e
The prompt returns with e and you can keep typing the command from
there.
Router;> e?
enable Turn on privileged mode command
exit Exit current mode and down to previous mode
Router;> en
Password:
Router# ?
configure Configuration from vty interface
copy Copy configuration
debug Debugging functions
disable Turn off privileged mode command
end End current mode and change to enable mode.
exit Exit current mode and down to previous mode
help Description of the interactive help system
list Print command list
no Negate a command or set its defaults
quit Exit current mode and down to previous
mode
show Show running system information
terminal Set terminal line parameters
who Display who is on vty
write Write running configuration to memory, network, or terminal
Router# conf ?
terminal Configuration terminal
Router# conf t
Router(config)#
Router(config)# ?
access-list Add an access list entry
banner Set banner string
debug Debugging functions
enable Modify enable password parameters
end End current mode and change to enable mode.
exit Exit current mode and down to previous mode
help Description of the interactive help system
hostname Set system's network name
interface Select an interface to configure
ip IP information
line Configure vty
list Print command list
log Logging control
no Negate a command or set its defaults
password Assign the terminal connection password
quit Exit current mode and down to previous mode
service Set up miscellaneous service
show Show running system information
table Configure target kernel routing table
write Write running configuration to memory, network, or terminal
Router(config)# hostname jasmine
jasmine(config)# password frub
jasmine(config)# enable password frub
jasmine(config)# end
jasmine#
jasmine# sho ru
Current Configuration:
!
hostname jasmine
password frub
enable password frub
!
interface lo
!
interface eth0
!
jasmine# wr m
Configuration saved to /etc/zebra.conf
jasmine# exit
Connection closed by foreign host.
Interactive Configuration: bgpd Daemon
$ telnet localhost bgpd
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
Hello, this is zebra (version 0.89.horms.pre.2)
Copyright 1996-2000 Kunihiro Ishiguro
User Access Verification
Password:
bgpd> en
bgpd# conf t
bgpd(config)# hostname jasmine
jasmine(config)# password frub
jasmine(config)# enable password frub
jasmine(config)# end
jasmine# sho ru
Current Configuration:
!
hostname jasmine
password frub
enable password frub
log stdout
!
router bgp 7675
!
jasmine# wr m
Configuration saved to /etc/bgpd.conf
jasmine# exit
Connection closed by foreign host.
bgpd# conf t
bgpd(config)# !
bgpd(config)# hostname jasmine
jasmine(config)# password frub
jasmine(config)# enable password frub
jasmine(config)# log stdout
jasmine(config)# !
jasmine(config)# router bgp 7675
jasmine(config-router)# !
jasmine(config-router)# end
Not Changing the Kernel Routing Table
jasmine# conf t
jasmine(config)# router zebra
jasmine(config-router)# no redistribute bgp
jasmine(config-router)# end
jasmine# sh ru
Current Configuration:
!
hostname jasmine
password frub
enable password frub
log stdout
!
router zebra
no redistribute bgp
!
jasmine# wr m
Configuration saved to /etc/bgpd.conf
Configuring BGP
jasmine# conf t
jasmine(config)# no router bgp 7675
jasmine(config)# router bgp 64700
jasmine(config-router)#
jasmine(config-router)# neighbor 192.168.192.12 remote-as 64600
jasmine(config-router)# neighbor 192.168.193.11 remote-as 64702
jasmine(config-router)# neighbor 192.168.193.11 ebgp-multihop
jasmine(config-router)# end
jasmine# sh run
Current Configuration:
!
hostname jasmine
password frub
enable password frub
log stdout
!
router zebra
no redistribute bgp
!
router bgp 64700
neighbor 192.168.192.12 remote-as 64600
neighbor 192.168.193.11 remote-as 64702
neighbor 192.168.193.11 ebgp-multihop 255
!
jasmine# wr m
Configuration saved to /etc/bgpd.conf
Filters
jasmine# conf t
jasmine(config)# ip as-path access-list 2 deny .*
jasmine# conf t
jasmine(config)# router bgp 64700
neighbor 192.168.192.12 filter-list 1 out
jasmine(config-router)# end
jasmine# sh ru
Current Configuration:
!
hostname jasmine
password frub
enable password frub
log stdout
!
router zebra
no redistribute bgp
!
router bgp 64700
neighbor 192.168.192.12 remote-as 64600
neighbor 192.168.192.12 filter-list 1 out
neighbor 192.168.193.11 remote-as 64702
neighbor 192.168.193.11 ebgp-multihop 255
!
ip as-path access-list 2 deny .*
!
jasmine# wr m
Configuration saved to /etc/bgpd.conf
Status
jasmine> sho ip bgp sum
BGP router identifier 192.168.192.13, local AS number 64700
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.192.12 4 64600 1181 1177 0 0 0 00:16:21 5
192.168.193.11 4 64702 1155 1157 0 0 0 00:00:30 Active
Total number of neighbors 2
jasmine> sho ip bgp
BGP table version is 0, local router ID is 192.168.192.13
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0/0 192.168.192.10 1 0 64600 i
*> 192.168.192.0/24 192.168.192.12 1 0 64600 i
*> 192.168.193.0/24 192.168.192.12 1 0 64600 64601 64602 i
*> 192.168.194.0/24 192.168.192.12 1 0 64600 i
*> 192.168.195.0/24 192.168.192.12 1 0 64600 64601 i
Total number of prefixes 5
jasmine> sho ip bgp 192.168.193.10
BGP routing table entry for 192.168.193.0/24
Paths: (1 available, best #1, table Default-IP-Routing-Table)
64600 64601 64602
192.168.192.12 from 192.168.192.12 (192.168.192.12)
Origin IGP, metric 1, localpref 100, valid, external, best
Last update: Sun Oct 8 13:21:30 2000
Debugging
jasmine# term mon
jasmine# term no mon
jasmine# debug bgp ?
events BGP events
filter BGP filters
fsm BGP Finite State Machine
jasmine# debug bgp events
jasmine# debug bgp filter
jasmine# debug bgp fsm
jasmine# clear ip bgp
A.B.C.D BGP neighbor IP address to clear
X:X::X:X BGP neighbor IPv6 address to clear
* Clear all peers
<1-65535> Clear peers with the AS number
jasmine# clear ip bgp *
All bgp neighbors cleared
Administrative Shutdown
jasmine# conf t
jasmine(config)# router bgp 64700
jasmine(config-router)# neighbor 192.168.193.11 shutdown
jasmine(config-router)# end
jasmine# conf t
jasmine# sh ip bgp sum
BGP router identifier 192.168.192.13, local AS number 64700
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.192.12 4 64600 1262 1252 0 0 0 00:08:00 5
192.168.193.11 4 64702 1155 1157 0 0 0 00:01:14 Idle (Admin)
jasmine# sh ru
Current Configuration:
!
hostname jasmine
password frub
enable password frub
log stdout
!
router zebra
no redistribute bgp
!
router bgp 64700
neighbor 192.168.192.12 remote-as 64600
neighbor 192.168.192.12 filter-list 1 out
neighbor 192.168.193.11 remote-as 64702
neighbor 192.168.193.11 shutdown
neighbor 192.168.193.11 ebgp-multihop 255
!
ip as-path access-list 2 deny .*
!
jasmine# conf t
jasmine(config)# router bgp 64700
jasmine(config-router)# no neighbor 192.168.193.11 shutdown
jasmine(config-router)# end
Configuration Files
References
Notes on Commands
Commands shown in paragraphs of preformated text are prefixed by the shell
prompt $ to avoid confusion between commands and their output. An
instruction to run the command echo flim is formated as:
$ echo flim
flim
Last Updated: Tue May 17 17:37:17 2005