Use Linux to create a vro

Source: Internet
Author: User

Linux, as a new operating system, is gradually accepted by users due to its stable performance, open source code, and price advantages. At present, Linux is mainly used in the server field. However, after proper configuration, it can also serve as the physical cornerstone of the Internet-vro.

A vro is a communication node in the Communication Subnet. Each vro calculates and maintains a route table and guides the datagram to the next stop in the optimal path. This is a so-called route. In this way, through the cooperation of all the routers on the Internet, the datagram can arrive at the destination along a "best" path. With the help of the GNU software Zebra, we can build Linux machines into a fully functional router, it supports multiple TCP/IP protocols, including r12001, r00002, RIPng, OSPFv2, OSPFv3, BGP-4, and BGP-4 +. Now we will first understand the operating modes and basic principles of OSPF and BGP, and then introduce the installation and configuration methods of Zebra to make your Linux machine a router that supports OSPF and BGP.

BGP/OSPF Overview
Today, many companies have multiple networks. If these networks are of different types, they need to use routers for interconnection. A router is a computer connected to two or more networks. It generates and maintains a route table based on the routing protocol and forwards packets according to the information in the route table. These routers are familiar with the company's internal network structure and all the details about the delivery of groups to the destination, but do not understand the network structure of other companies. Like this, "a series of routers and networks managed under the same organization" is called autonomous systems (). Different routing algorithms can be used for autonomous systems managed by different organizations. However, all routers in the same autonomous system use the same routing protocol, in order to facilitate the exchange of routing information between vrouters in the autonomous system to maintain mutual connectivity. Each autonomous system has a 16-bit "Autonomous System (AS) number" AS a symbol. Like an IP address, it is allocated by a specialized agency.

Vrouters in autonomous systems are called "Internal gateways" and the protocols used are called "Internal gateways ". There are two types of internal gateway protocols: distance vector protocol (RIP) and network protocol (OSPF. The difference between the link status routing protocol and the distance vector protocol is that the router that uses the link status routing protocol maintains a network topology instead of switching the distance to the destination. Then, we use the database to represent the graph. The table items in the graph correspond to a link of the network. The router calculates the "Optimal Route" based on the database information to guide packet forwarding. When the network topology changes, you only need to notify other nodes of the corresponding records instead of the entire database. After each vro makes the corresponding modification and recalculates the route, it can continue to work normally.

Because the document of "Open Shortest Path Priority Protocol" must be publicly published, it is "Open", and because it uses "Shortest Path priority" SPF) algorithm to calculate the shortest path between one node and all other nodes, so it is named OSPF. OSPF supports multiple measurement standards, multiple paths, and many other advantages. Therefore, it has become an internal gateway protocol recommended on the Internet, but RIP has been beaten in the cold due to its own limitations. At present, the only internal gateway protocol that can rival OSPF in terms of performance is a proprietary protocol of Cisco, but OSPF's "Openness" itself is a loud sign, because no one wants to be constrained by a supplier.

As mentioned above, vrouters in autonomous systems do not need to know the internal structure details of other Autonomous Systems, which effectively saves the router's memory and CPU time and improves the network bandwidth utilization. But what if I want to communicate with other autonomous systems? You can specify a vro connected to other autonomous systems as an "external Gateway" in the autonomous system to access other autonomous systems. The router uses an external gateway protocol, such as Border Gateway Protocol BGP ). The two adjacent gateways must first swap the "neighbor detection" packets and negotiate whether they are willing to become "neighbors ". As a neighboring host, the two autonomous systems agree to transfer the communication flow between the two parties. After consent, the two adjacent hosts exchange "accessible packets of the adjacent hosts" to monitor the work of the links between them. The next step is the most important work. We use "Network accessibility packets" to exchange network information that can be reached through neighboring machines, so as to achieve the connectivity between autonomous systems. In the eyes of the external gateway, only the external gateway and the link connecting them. Therefore, the communication in the autonomous system is handled by the Internal Gateway, communication between autonomous systems is handled by external gateways-a hierarchical routing scene has been presented to us. In fact, the Internet is composed of a large number of autonomous systems.

Create an advanced Router
Many people are unfamiliar with vrouters. In fact, the Linux System Used as a firewall is already a vro, but it is just a bit "simple. However, our goal is to use Linux to create an "advanced" router, which must be able to use dynamic routing protocols as mentioned above. These protocols enable routers to swap related information and share the routes used during network traversal. This is an "exception" for large networks (such as the Internet), because Static Routing, or manual routing, is impossible.

For example, a Border Gateway Protocol (BGP) route table contains at least 100,000 entries even if it is ideal-that is, no route changes are taken into account. In this case, it is intolerable to manually create such a static route. Obviously, even if our network is smaller than the Internet-for example, a large company network, we prefer dynamic routing protocols.

External Gateway Protocol BGP is usually used as the backbone of the Internet, while other protocols such as OSPF are suitable for small interconnected networks. The Open Shortest Path First (OSPF) protocol is the most widely used Internal Gateway Protocol (IGP ). Zebra is an open-source package that allows you to run BGP and/or OSPF on Linux.

Install Zebra
You can download the latest Zebra source program from Zebra.org or from Redhat and Debian, but not necessarily the latest version. Install software from the source code, and you will find that some common installation processes are used. Introduction:

./Configure
Make
Make install

The configuration script searches for IP stacks installed on the system and automatically sets them to support them. Currently, the IP stack may only refer to IPv4, but IPv6 users do not need to worry, because Zebra will also find and support it.

After the program is installed, you may have to add some command lines in/etc/services. The Zebra daemon runs under their own virtual terminal connection (VTY), so your system must be aware of these virtual terminal connections. Here are some of the connections you should add:

Zebrasrv 2600/tcp # zebra service
Zebrab 2601/tcp # zebra vty
Ripd 2602/tcp # RIPd vty
Ripngd 2603/tcp # RIPngd vty
Ospfd 2604/tcp # OSPFd vty
Bgpd 2605/tcp # BGPd vty
Ospf6d 2606/tcp # OSPF6d vty

Configure Zebra
If you are familiar with Cisco IOS, you can master Zebra in a short time, because you will find that the two are extremely similar. Each daemon of Zebra uses a separate VTY, which can be dynamically configured through a remote logon session. Therefore, if you need to set OSPF, simply remotely log on to port 2604 on the Linux server. to modify the route table of the kernel or set the redistribution between routing protocols, you can remotely log on to port 2601. The Zebra daemon acts as the kernel manager to manage the communication between other daemon and the system itself.

This section describes how to create and run OSPF and BGP on a server. The Zebra daemon uses plain text files to store their configurations. For OSPF/BGP routers, three files are used: zebra. conf, ospfd. conf, and bgpd. conf. For example, the zebra. conf file may be like this:

! Zebra configuration saved from vty
! 2002/02/28 01:46:12
!
Hostname LinuxRouter/* Host Name Is LinuxRouter */
Password zebra/* password is zebra */
Enable password z3bRa/* enter the password z3bRa */
Log file/var/log/zebra. log/* address of the log file */
!
Interface eth0/* Ethernet interface eth0 */
Description Interface to External Network/* description of the Interface */
Ip address 10.0.0.1/24/* IP address of this interface */
!
Interface eth1/* Ethernet interface eth0 */
Description Interface to Internal Network/* description of the Interface */
Ip address 192.168.66.1/24/* IP address of this interface */

The exclamation point serves as the annotation identifier or separator. Despite the existence of a large number of different network interface types (Ethernet, ISDN, etc.), Zebra can be used as long as it is a network interface type that can be identified by the Linux kernel.

The subnet mask has the number of BITs (for example,/24). The default mask is not 255.255.255.0 ). Note that there are two passwords, one for user mode and the other for privileged mode. This is not only conducive to providing access permissions to non-Administrators, but also very important for creating routing servers or routing probes. All BGP administrators know that these probes are critical to route debugging because they allow you to view routes just like an external AS (AS represents an autonomous system. The AS number is used for BGP routing. The AS number is a registered number controlled by ARIN.

The next step will start some necessary programs. Run the following command:

/Usr/sbin/zebra-dk
/Usr/sbin/ospfd-d
/Usr/sbin/bgpd-d

Run the first command to start zebra. The daemon is actually used to update the kernel route table. -Dk tells the program to run as a daemon (d) and it runs most of the time in the background. K is another option that tells Zebra to maintain all configured routes. It is used to ensure that the route table is not accidentally deleted when you test Zebra. Generally, you need to use the ifconfig and route commands to set routes and interfaces. Zebra can completely replace this routing management method, making it simpler to use.

Set OSPF
Now, the basic service is ready. Now let's Telnet to port 2604 on the local machine and configure OSPF. To enter privileged mode, type enable (as in Cisco IOS), and then enter a privileged mode password. Next, use the configuration terminal command to switch to the configuration mode. It is worth mentioning that Zebra can also accept the abbreviated form of command, which is very similar to Cisco. For example, configuration terminal can be abbreviated as config t, which greatly shortens the input time and makes it easier to use. In addition, if you enter list and ?, It displays a list of currently available commands with some brief explanations. In addition, you can also enter a tab to automatically complete the command. That is to say, if you want to type the command clock, just type the first two letters cl and press the tab key, the machine will automatically "complete" the command, provided that the characters you typed are sufficient to uniquely identify the command. This is a good feature, especially when you are used to this usage.

Next, we also need to tell the daemon which networks and related domain areas will be broadcast through OSPF ). OSPF scalability allows it to support multiple domains. Type router ospf to start configuring OSPF, and then type network 192.168.66.0/24 area 0. This tells the router that we will use OSPF to broadcast a network with a subnet mask of 255.255.255.0 192.168.66.0.

In this example, the eth0 interface is changed to a passive interface so that it cannot send route updates. This is very important for the experiment, because other routers in that direction may listen to the sent route update and change the interface to a passive interface, this effectively prevents network interruptions. To do this, type passive-interface eth0. This is unnecessary if you plan to use this router as a working router. Once you complete the modification, use the end command to exit from the configuration mode, and then use the write file command to save the modification. Here is a snapshot:

Labrat :~ # Telnet 0 2604/* Telnet to port 2604 of the Local Machine */
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'./* use '^]' to exit the session */

Hello, this is zebra (version 0.84b)
Copyright 1996-2000 Kunihiro Ishiguro

User Access Verification

Password:/* enter a Password here, such as zebra */
Ospfd> enable/* enter privileged mode */
Password:/* enter the Password in privileged mode, such as z3bRa */
Ospfd # configure terminal/* configure the router from the terminal */
Ospfd (config) # router ospf/* configure OSPF */
Ospfd (config-router) # network 192.168.66.0/24 area 0/* through OSPF Broadcast network 192.168.66.0,/24 indicates that the subnet mask is 24 bits, area 0 indicates the domain of the Network */
Ospfd (config-router) # passive-interface eth0/* set the eth0 interface to a passive interface */
Ospfd (config-router) # end/* exit configuration mode */
Ospfd # write file/* Save changes */
Configuration saved to/etc/zebra/ospfd. conf

Remember that in order for OSPF or BGP to work on an interface, the interface must be in the "running" status. To manually run an interface, log on to port 2601 and run the no shut command on the interface.

Establish BGP
The BGP and OSPF configurations are roughly the same. Start, open a remote login session to port 2605. Then execute configure terminal and enter router bgp to enter the BGP configuration mode. AS described above, BGP uses the AS number to establish a relationship between neighboring machines and route communication streams. In our test, we will use a private AS number ranging from 64512 to 65534. In other words, this number is intended to be valid within the Organization but not on the Internet ). Use the network command to set networks broadcast by BGP, such as network 192.168.66.0/24 .. Unlike OSPF, BGP peers must be specified statically. As follows: neighbor remote-. Here is an example:

Labrat :~ # Telnet 0 2605
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.

Hello, this is zebra (version 0.84b)
Copyright 1996-2000 Kunihiro Ishiguro

User Access Verification

Password:
Bgpd> enable
Password:
Bgpd # configure terminal
Bgpd (config) # router bgp 65530/* configure BGP. 65530 is the autonomous system number. That is, the system is configured as an external gateway on the autonomous system 65530 */
Bgpd (config-router) # network 192.168.66.0/24/* networks broadcast by BGP */
Bgpd (config-router) # neighbor 10.0.0.5 remote-as 65531/* specify the vro with the IP address 10.0.0.5 on the autonomous system 65531 as the adjacent host */
Bgpd (config-router) # end
Bgpd # write file
Configuration saved to/etc/zebra/bgpd. conf

A large number of options are available for OSPF and BGP, which cannot be described here. For each protocol, I suggest you study it before using it. For this reason, you can refer to the GNU Zebra documentation, which will provide you with a lot of help.

Conclusion
There are several methods for routing communication streams in the network. As far as vrouters are concerned, although a variety of hardware is available, the cost is high-people will naturally think of running a vro with rich functions built by Linux. The Zebra routing daemon has made all this a reality. Because it supports IPv4, IPv6, and various other protocols, Zebra can meet all our routing requirements. Another benefit is that Cisco IOS and Zabra are extremely similar. If you have previously worked in a Cisco IOS environment, you can easily transition to the Zebra system. At the same time, using Zebra also gives you a wealth of experience and knowledge similar to using Cisco IOS Routers.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.