OpenWRT
BGP Routing on OpenWrt with Quagga
This page contains an overview on how to configure the Quagga BGP daemon router that is running OpenWrt.
Introductory Information
I was always touching and rewriting rules on my home network to route each packet (mostly VPN traffic) to their right next hop. Because I have all the VPNs decoupled from the main router. So I decided to set up a more reliable solution, basically something that doesn’t rely on me :)
The Quagga Routing Suite is an opensource software suite, and provides a stable implementation of BGPv4 for Unix platforms. It consists of a core zebra daemon, and daemons for supporting various routing protocols, including RIP, OSPF and BGP.
Any BGP node only needs to be configured with details of its immediate neighbouring nodes, and will then start exchanging routes. This means adding a new node to a network only requires BGP configuration on the new node, and its immediate neighbours, and routes to the new node will then propagate through then entire network.
Note that Quagga requires reciprocal configuration on a neighbouring node, so you’ll need to add neighbour configuration details to the nearest Quagga node before it’ll start exchanging routes with your WRT.
Install IPK Packages
$ opkg update
$ opkg install quagga-bgpd quagga-zebra
Note that this assumes your WRT has internet access, and is able to download the package list to determine where it needs to download the specified packages. If your WRT doesn’t have internet access, you’ll need to use a browser to view the package list list, manually download the specified packages, and transfer them to your WRT and install them.
Create Configuration Files
/etc/quagga/zebra.conf
hostname openwrt
!
password zebra
!
access-list vty permit 127.0.0.0/8
access-list vty permit 192.168.3.0/24
access-list vty deny any
!
!
line vty
access-class vty
This is just a basic configuration that restricts connection to the administration port (2601/tcp) to local networks only. And sets the password to zebra.
/etc/quagga/bgpd.conf
hostname openwrt
! define password for bgpd daemon (for connecting to daemon via telnet)
password zebra
! define enable password for bgpd daemon (for connecting to daemon via telnet)
enable password zebra
!
! define router's BGP AS
router bgp 64513
redistribute kernel
! define ID of router - we use IP of the router
bgp router-id 192.168.3.103
!
! mikrotik neighbour
neighbor 192.168.3.1 remote-as 64512
neighbor 192.168.3.1 soft-reconfiguration inbound
neighbor 192.168.3.1 distribute-list localnet in
neighbor 192.168.3.1 distribute-list all out
!
! ACLs to stop people from propagating routes to their own private networks
access-list localnet permit 192.168.3.0/24
access-list localnet permit 192.168.6.0/24
access-list localnet permit 192.168.9.0/24
access-list localnet deny any
! ACLs to all
access-list all permit any
!
line vty
exec-timeout 20160 0
Private AS numbers are 64512-65535.
Here we configure the openwrt’s own BGP AS number as 64513 and a neighbor mikrotik with the AS number 64512. Define two access-lists; all one to export routes and the localnet to accept updates.
Each of the neighbours must also have reciprocal configuration in their bgpd configuration file for the router you’re configuring (ie, the WRT).
Start and Enable the Service
$ /etc/init.d/quagga start
$ /etc/init.d/quagga enable