bgp

How to compile Quagga with SNMP support

Posted on by Jan

Since the default Quagga package in Ubuntu doesn’t have SNMP support enabled, the Quagga package has to be compiled locally. The following instructions may work for Debian as well but I only tested it in Ubuntu Server 14.04 LTS.

Now, edit /etc/quagga/daemons and enable at least zebra and bgpd and let’s create some empty config files for Quagga:
touch /etc/quagga/bgpd.conf ; touch /etc/quagga/zebra.conf

To enable SNMP support in Quagga, the line agentx has to be inserted into bgpd.conf and zebra.conf:

drfalken@wopr:/etc/quagga# head bgpd.conf
hostname AS65535
log file /var/log/quagga/bgpd.log

agentx
debug bgp events
debug bgp filters
debug bgp updates

router bgp 65535
bgp router-id 1.2.3.4

I wont dwelve into how to setup the SNMP daemon but don’t forget to add the following lines to the snmpd.conf configuration file and restart the SNMP daemon afterwards:
master agentx
agentxsocket /var/agentx/master
agentxperms 777 777

Make sure to set proper permissions for the agentx directory with a
chmod 755 /var/agentx/
or you will get error messages like snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL])

Once Quagga is able to connect to the local SNMP daemon, a message like this will show up in Quagga’s log file:
snmp[info]: NET-SNMP version 5.7.2 AgentX subagent connected

Monitoring Quagga BGP sessions using SNMP

Monitoring BGP sessions works fantastically using LibreNMS. You can chose to receive push notifications and/or emails if a BGP session goes down/up or is flapping. However, there’s some tinkering involved to display 32-bit ASNs properly in LibreNMS (let me know in the comments if you’re interested) because the MIB only handles 16-bit integers. Unfortunately, there’s no IPv6 support in Quagga’s current SNMP implementation as well.

quagga-librenms-bgp-graphs

quagga-librenms-bgp

How to receive Cymru’s IPv6 Bogon list using Quagga

Posted on by Jan

The provided BGP sample configuration for Quagga on Cymru’s web site didn’t work for me. Since my AS is IPv6-only, I’m only interested in the IPv6 Bogon feed. Here’s an excerpt from my Quagga bgpd.conf:

router bgp aut-num
bgp router-id id
bgp log-neighbor-changes
no bgp default ipv4-unicast

neighbor cymru-bogon peer-group
neighbor cymru-bogon remote-as 65332
neighbor cymru-bogon timers 3600 10800
neighbor cymru-bogon description AS65332 Cymru FullBogon Feed
neighbor cymru-bogon ebgp-multihop 255
neighbor cymru-bogon password changeme
neighbor cymru-bogon activate
neighbor cymru-bogon prefix-list pl-cymru-ipv4-in in
neighbor cymru-bogon prefix-list pl-cymru-out out
neighbor 38.xx.xx.xx peer-group cymru-bogon
neighbor 193.xx.xx.xx peer-group cymru-bogon

address-family ipv6
  neighbor cymru-bogon activate
  neighbor cymru-bogon soft-reconfiguration inbound
  neighbor cymru-bogon route-map rm-cymru-ipv6-in in
  neighbor cymru-bogon prefix-list pl-cymru-ipv6-out out
  neighbor 38.xx.xx.xx peer-group cymru-bogon
  neighbor 193.xx.xx.xx peer-group cymru-bogon
exit-address-family

ip prefix-list pl-cymru-ipv4-in seq 5 deny any
ip prefix-list pl-cymru-out seq 5 deny any
ipv6 prefix-list pl-cymru-ipv6-out seq 5 deny any
ip community-list 10 permit 65332:888

route-map rm-cymru-ipv6-in permit 10
  match community 10
  set ip next-hop 192.0.2.1
  set ipv6 next-hop global 100::dead:beef:1

Since Zebra won’t install routes learned over BGP that are not routable, I also needed to make sure that 100::dead:beef:1 is (null-)routed. My solution was to install a Cisco-style Null0 interface in /etc/network/interfaces:

# blackhole
iface Null0 inet manual
  pre-up ip link add dev Null0 type dummy
  pre-up ip link set Null0 up
  up ip -6 route add 100::/64 dev Null0 proto static metric 255
  up ip -4 route add 192.0.2.1/32 dev Null0 proto static metric 255
  down ip link del dev Null0

By the way, that 100::/64 I’m using to null-route is a designated (RFC6666) IPv6 discard-only address block.

Once the BGP session is up, only IPv6 routes will be learned from Cymru’s bogon feed. I’m using IPv4 transport for the BGP session but it should work using IPv6 transport as well.

BGP neighbor is 38.xx.xx.xx, remote AS 65332, local AS xxxxx, external link
 Member of peer-group cymru-bogon for session parameters
  BGP version 4, remote router ID 38.xx.xx.xx
  BGP state = Established, up for 18:52:18
  Last read 00:11:49, hold time is 10800, keepalive interval is 3600 seconds
  Configured hold time is 10800, keepalive interval is 3600 seconds
  Neighbor capabilities:
    4 Byte AS: advertised and received
    Route refresh: advertised and received(old & new)
    Address family IPv4 Unicast: advertised and received
    Address family IPv6 Unicast: advertised and received
  Message statistics:
    Inq depth is 0
    Outq depth is 0
                         Sent       Rcvd
    Opens:                  1          1
    Notifications:          0          0
    Updates:                0        118
    Keepalives:            20         19
    Route Refresh:          0          0
    Capability:             0          0
    Total:                 21        138
  Minimum time between advertisement runs is 30 seconds

 For address family: IPv4 Unicast
  cymru-bogon peer-group member
  AF-dependant capabilities:
    Outbound Route Filter (ORF) type (128) Prefix-list:
      Send-mode: received
  Community attribute sent to this neighbor(both)
  Inbound path policy configured
  Outbound path policy configured
  Incoming update prefix filter list is *pl-cymru-ipv4-in
  Outgoing update prefix filter list is *pl-cymru-out
  0 accepted prefixes

 For address family: IPv6 Unicast
  cymru-bogon peer-group member
  Inbound soft reconfiguration allowed
  Community attribute sent to this neighbor(both)
  Inbound path policy configured
  Outbound path policy configured
  Outgoing update prefix filter list is *pl-cymru-ipv6-out
  Route map for incoming advertisements is *rm-cymru-ipv6-in
  60088 accepted prefixes

  Connections established 1; dropped 0
  Last reset never
  External BGP neighbor may be up to 255 hops away.
Local host: 185.xx.xx.xx, Local port: 59623
Foreign host: 38.xx.xx.xx, Foreign port: 179
Nexthop: 185.xx.xx.xx
Nexthop global: 2001:xxxx:xxxx::
Nexthop local: fe80::225:xxxx:xxxx:xxxx
BGP connection: non shared network
Read thread: on  Write thread: off