Quagga OSPF On Ubuntu

Enabling Quagga/OSPF on Ubuntu isn’t actually too hard. The devil is in the detail. From my own googling, there are few complete examples of how to do both IPv4 & IPv6.

I assume you already have your Ubuntu box up and running with IPv4 & IPv6

In this example, I’m using OSPF to advertise a /32 address (or a /128 in the IPv6 example) that’s bound to the loopback interface.

IPv4

To bind an address to the loopback interface, you can place the following file in /etc/network/interfaces.d

# /32 Address
auto lo:1
iface lo:1 inet static
 address 192.168.254.1
 netmask 255.255.255.255

You can then use “ifdown lo && ifup lo” to get this to take effect. You can use the command “ip addr show lo” to check that the address has bound.

Next, install the quagga package. That’s easily done via the “apt-get install quagga” command.

Now we have to configure quagga. In the file /etc/quagga/daemons we have to enable zebra (the core module of quagga) and ospfd. My file looks like:

 

zebra=yes
bgpd=no
ospfd=yes
ospf6d=no
ripd=no
ripngd=no
isisd=no
babeld=no

In zebra.conf, we have to specify the IP addresses of all the interfaces.

hostname ubuntu
!
interface lo:1
description /32 Address
ip address 192.168.254.1/32
!
interface eth1
ip address 192.168.100.1/24
!
log file /var/log/quagga/zebra.log

Then in ospfd.conf we configure the OSPF routing protocol.

router ospf
 ospf router-id 1192.168.100.1
 network 192.168.254.1/32 area 0.0.0.0
 network 192.168.100.0/24 area 0.0.0.0
 log-adjacency-changes
 redistribute connected
!
log file /var/log/quagga/ospfd.log

(Re)start quagga (service quagga restart) and…

If you’re using UFW, nothing. The problem is that UFW, by default, will be blocking the multicast traffic that OSPF uses to establish adjacencies. So add a rule to UFW to allow those packets in:

ufw allow from 224.0.0.0/24

If you check your external OSPF routing device, you should now see an adjacency being formed with your Ubuntu/Quagga host and if you check the OSPF routing tables, you should see a route to the IP address on the loopback address. Job done, right? Er, not quite. Try pinging the loopback IP address, and it’ll probably fail. As the final step, you need to enable IP forwarding:

# sysctl net.ipv4.ip_forward=1

will enable the forwarding. Edit /etc/sysctl.conf to make this permanent.

IPv6

IPv6 is very similar. First, add IPv6 to our Ubuntu box’s interfaces. For the ethernet interface, create a file similar to:

iface eth1 inet6 static
 address 2001:DB8::1:1
 netmask 64

And for the loopback interface:

iface lo inet6 static
 address 2001:DB8::2:1 # /128 Address
 netmask 128

Perform the “ifdown && ifup” procedure to activate these addresses (do this from the console for eth1, otherwise you risk sawing off the branch you’re sitting on)

Update the zebra.conf file with our IPv6 addresses:

hostname ubuntu
!
interface lo
description IPv6 /128 Address
ipv6 address 2001:DB8::2:1/128
!
interface lo:1
description /32 Address
ip address 192.168.254.1/32
!
interface eth1
ip address 192.168.100.1/24
ipv6 address 2001:DB8::1:1/64
!
log file /var/log/quagga/zebra.log

Enable ospf6d in /etc/quagga/daemones and create a configuration file (ospf6d.conf) for it:

interface eth1
ipv6 ospf6 instance-id 0

interface lo
ipv6 ospf6 instance-id 0

router ospf6
 !Despite this being an IPv6 routing daemon, it still
 !uses an IPv4 address for its ID.
 router-id 192.168.100.1
 interface eth1 area 0.0.0.0
 interface lo area 0.0.0.0
 redistribute connected

log file /var/log/quagga/ospf6d.log

Restart quagga, and…. Yes nothing again. We have to allow IPv6 multicast through. So let’s just do the obvious command:

# ufw allow in from ff02::/16

And…That doesn’t work. Checking our ufw logs, we see that packets are still being blocked. What gives? It seems that UFW is only allowing TCP & UDP, but in the IPv6 world, OSPF runs over a different protocol, strangely called “ospf”. UFW allows us to specify the protocol, so we can just do:

# ufw allow in proto ospf from ff02::/16

and we get the message:

# ERROR: Unsupported protocol 'ospf'

I tried various tricks, but I couldn’t get UFW to allow the IPv6 OSPF packets through using its syntax. Instead, I had to edit the /etc/ufw/before6.rules file and add the lines:

# allow Link local multicast
-A ufw6-before-input -p ospf -d ff02::/16 -j ACCEPT

This *MUST* be placed before the final “COMMIT” line in the file!

A simple “ufw disable && ufw enable” gets this change loaded and it’s all good.

Note that IPv6 forwarding is enabled by default on Linux.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s