Enabling Quagga/OSPF on Ubuntu isn’t actually too hard. The devil is in the detail. From my own googling, there are few complete examples of how to do both IPv4 & IPv6.
I assume you already have your Ubuntu box up and running with IPv4 & IPv6
In this example, I’m using OSPF to advertise a /32 address (or a /128 in the IPv6 example) that’s bound to the loopback interface.
To bind an address to the loopback interface, you can place the following file in /etc/network/interfaces.d
# /32 Address auto lo:1 iface lo:1 inet static address 192.168.254.1 netmask 255.255.255.255
You can then use “
ifdown lo && ifup lo” to get this to take effect. You can use the command “
ip addr show lo” to check that the address has bound.
Next, install the quagga package. That’s easily done via the “
apt-get install quagga” command.
Now we have to configure quagga. In the file /etc/quagga/daemons we have to enable zebra (the core module of quagga) and ospfd. My file looks like:
zebra=yes bgpd=no ospfd=yes ospf6d=no ripd=no ripngd=no isisd=no babeld=no
In zebra.conf, we have to specify the IP addresses of all the interfaces.
hostname ubuntu ! interface lo:1 description /32 Address ip address 192.168.254.1/32 ! interface eth1 ip address 192.168.100.1/24 ! log file /var/log/quagga/zebra.log
Then in ospfd.conf we configure the OSPF routing protocol.
router ospf ospf router-id 1192.168.100.1 network 192.168.254.1/32 area 0.0.0.0 network 192.168.100.0/24 area 0.0.0.0 log-adjacency-changes redistribute connected ! log file /var/log/quagga/ospfd.log
(Re)start quagga (service quagga restart) and…
If you’re using UFW, nothing. The problem is that UFW, by default, will be blocking the multicast traffic that OSPF uses to establish adjacencies. So add a rule to UFW to allow those packets in:
ufw allow from 184.108.40.206/24
If you check your external OSPF routing device, you should now see an adjacency being formed with your Ubuntu/Quagga host and if you check the OSPF routing tables, you should see a route to the IP address on the loopback address. Job done, right? Er, not quite. Try pinging the loopback IP address, and it’ll probably fail. As the final step, you need to enable IP forwarding:
# sysctl net.ipv4.ip_forward=1
will enable the forwarding. Edit /etc/sysctl.conf to make this permanent.
IPv6 is very similar. First, add IPv6 to our Ubuntu box’s interfaces. For the ethernet interface, create a file similar to:
iface eth1 inet6 static address 2001:DB8::1:1 netmask 64
And for the loopback interface:
iface lo inet6 static address 2001:DB8::2:1 # /128 Address netmask 128
Perform the “ifdown && ifup” procedure to activate these addresses (do this from the console for eth1, otherwise you risk sawing off the branch you’re sitting on)
Update the zebra.conf file with our IPv6 addresses:
hostname ubuntu ! interface lo description IPv6 /128 Address ipv6 address 2001:DB8::2:1/128 ! interface lo:1 description /32 Address ip address 192.168.254.1/32 ! interface eth1 ip address 192.168.100.1/24 ipv6 address 2001:DB8::1:1/64 ! log file /var/log/quagga/zebra.log
Enable ospf6d in /etc/quagga/daemones and create a configuration file (ospf6d.conf) for it:
interface eth1 ipv6 ospf6 instance-id 0 interface lo ipv6 ospf6 instance-id 0 router ospf6 !Despite this being an IPv6 routing daemon, it still !uses an IPv4 address for its ID. router-id 192.168.100.1 interface eth1 area 0.0.0.0 interface lo area 0.0.0.0 redistribute connected log file /var/log/quagga/ospf6d.log
Restart quagga, and…. Yes nothing again. We have to allow IPv6 multicast through. So let’s just do the obvious command:
# ufw allow in from ff02::/16
And…That doesn’t work. Checking our ufw logs, we see that packets are still being blocked. What gives? It seems that UFW is only allowing TCP & UDP, but in the IPv6 world, OSPF runs over a different protocol, strangely called “ospf”. UFW allows us to specify the protocol, so we can just do:
# ufw allow in proto ospf from ff02::/16
and we get the message:
# ERROR: Unsupported protocol 'ospf'
I tried various tricks, but I couldn’t get UFW to allow the IPv6 OSPF packets through using its syntax. Instead, I had to edit the /etc/ufw/before6.rules file and add the lines:
# allow Link local multicast -A ufw6-before-input -p ospf -d ff02::/16 -j ACCEPT
This *MUST* be placed before the final “COMMIT” line in the file!
A simple “
ufw disable && ufw enable” gets this change loaded and it’s all good.
Note that IPv6 forwarding is enabled by default on Linux.