1. 理论部分
1.1 软件简介
Quagga中文翻译斑驴,是一种先进的路由软件包,提供一套基于TCP/IP的路由协议。
1.2 斑驴的应用场景
– 使得操作系统变成专业的路由
– 使得操作系统具有与传统路由通过路由协议直接对接
1.3 斑驴支持的路由协议
– BGP
– OSPF
– RIP
– IS-IS
– MPLS
– LDP
– BFD
– PIM-SSM
1.4 斑驴与传统路由的区别
– 传统路由以提供所有路由协议的过程程序的方式运行
– 斑驴由多个守护进程共同构建路由表的方式运行
1.5 斑驴的架构
+----+ +----+ +-----+ +-----+ |bgpd| |ripd| |ospfd| |zebra| +----+ +----+ +-----+ +-----+ | +---------------------------|--+ | v | | UNIX Kernel routing table | | | +------------------------------+ Quagga System Architecture
如上图所示:
– ripd,负责处理RIP协议
– ospfd,负责处理ospf v2协议
– bgpd,负责处理BGP v4协议
– zebra,作为内核路由表管理器
其他守护进程:
– ripngd
– ospf6d
1.6 斑驴支持的系统平台
– GNU/Linux
– FreeBSD
– NetBSD
– OpenBSD
另外,以下平台将来也可能支持
– Solaris
– Mac OSX
1.7 斑驴对C库的依赖
– GNU’s CCC
– LLVM’s clang
– Intel’s ICC
注:以上C库经过充分的测试
2 最佳实践
2.1 环境信息
2.1.1 系统信息
IP Address = 10.168.0.60
OS = RHEL 8.0 x86_64
2.1.2 编译环境配置
yum -y install gcc gcc-c++ make expat-devel
2.1.3 下载安装包
cd ~ wget https://gogs.quagga.net/attachments/a6f5eb64-639a-49cf-964e-7aa196b9ac50 -O quagga-1.2.4.tar.gz
注:如果你需要下载其他版本,或以上链接无效,请参阅如下链接,
https://github.com/Quagga/quagga/releases
2.1.4 解压安装包
tar -xf quagga-1.2.4.tar.gz
2.2 编译安装
2.2.1 预编译软件包
cd ~/quagga-1.2.4/ ./configure --bindir=/usr/bin \ --sbindir=/usr/sbin \ --libexecdir=/usr/libexec \ --sysconfdir=/etc/quagga \ --localstatedir=/var/run/quagga \ --libdir=/usr/lib64 \ --includedir=/usr/include \ --datarootdir=/usr/share \ --infodir=/usr/share/info \ --localedir=/usr/share/locale \ --mandir=/usr/share/man \ --docdir=/usr/share/doc/quagga \ --enable-user=quagga \ --enable-group=quagga \ --enable-vty-group=quaggavt
参数“localstatedir”是必须设置为“/var/run/quagga”,否则配置ospf时会出现以下错误提示,
OSPF not enabled on this interface
如果看到如下错误提示,
configure: error: vtysh needs libreadline but was not found and usable on your system.
你可能需要安装如下依赖包,
yum install -y readline-devel
如果看到如下错误提示,
configure: error: Package requirements (libcares) were not met: Package 'libcares', required by 'virtual:world', not found
你可能需要安装如下依赖包,
yum install -y c-ares-devel
2.2.2 编译并安装软件包
make make install
2.3 配置Quagga主服务zebra
2.3.1 创建运行用户
groupadd -g 85 quaggavt groupadd -g 92 quagga useradd -u 92 -g 92 -d /var/run/quagga/ -s /sbin/nologin quagga usermod -G quaggavt quagga
2.3.2 部署配置文件
cp /etc/quagga/vtysh.conf.sample /etc/quagga/vtysh.conf cp /etc/quagga/zebra.conf.sample /etc/quagga/zebra.conf chown quagga:quagga /etc/quagga/ chown quagga:quagga /etc/quagga/*.conf chown quagga:quaggavt /etc/quagga/vtysh.conf chmod 640 /etc/quagga/*.conf
2.3.3 测试运行环境
zebra -d -f /etc/quagga/zebra.conf -C
参数简介,
-d 参数声明zebra以damon的模式运行
-f 参数声明zebra配置文件的位置
-C 参数声明zebra以测试模式运行并退出(适合调试)
2.3.4 手动测试运行
zebra -d -f /etc/quagga/zebra.conf -i /run/quagga/zebra.pid
参数简介,
-i 参数声明pid文件的位置
命令执行后,我们建议你使用如下命令确认运行正常,
pgrep -a zebra
如果你看到如下输出,则守护进程正常运行,
47962 zebra -d -f /etc/quagga/zebra.conf -i /run/quagga/zebra.pid
如果你需要手动退出进程,请使用如下命令,
kill 2 `pgrep zebra`
2.3.5 部署服务脚本
cp ~/quagga-1.2.4/redhat/*.service /usr/lib/systemd/system/ cp ~/quagga-1.2.4/redhat/quagga.sysconfig /etc/sysconfig/quagga
如果你需要外部主机可以管理zebra,我建议你修改如下配置
vim /etc/sysconfig/quagga
内容修改如下,
# # Default: Bind all daemon vtys to the loopback(s) only # BABELD_OPTS="-A 127.0.0.1" BGPD_OPTS="-A 127.0.0.1" ISISD_OPTS="-A ::1" OSPF6D_OPTS="-A ::1" OSPFD_OPTS="-A 127.0.0.1" RIPD_OPTS="-A 127.0.0.1" RIPNGD_OPTS="-A ::1" # ZEBRA_OPTS="-A 127.0.0.1" ZEBRA_OPTS="-A 0.0.0.0" PIMD_OPTS="-A 127.0.0.1" # Watchquagga configuration for LSB initscripts # # (Not needed with systemd: the service files are configured to automatically # restart any daemon on failure. If zebra fails, all running daemons will be # stopped; zebra will be started again; and then the previously running daemons # will be started again.) # # Uncomment and edit this line to reflect the daemons you are actually using: #WATCH_DAEMONS="zebra bgpd ospfd ospf6d ripd ripngd" # # Timer values can be adjusting by editing this line: WATCH_OPTS="-Az -b_ -r/sbin/service_%s_restart -s/sbin/service_%s_start -k/sbin/service_%s_stop"
由于官方提供的启动脚本执行会报错,我们建议你使用如下命令修改,
vim /usr/lib/systemd/system/zebra.service
脚本修改如下,
[Unit] Description=GNU Zebra routing manager Wants=network.target Before=network.target After=network-pre.target ConditionPathExists=/etc/quagga/zebra.conf Documentation=man:zebra [Service] Type=forking EnvironmentFile=-/etc/sysconfig/quagga ExecStartPre=/sbin/ip route flush proto zebra ExecStartPre=-/usr/bin/mkdir -p /run/quagga ExecStartPre=-/bin/chown -f quagga:quagga /run/quagga /etc/quagga/zebra.conf ExecStartPre=-/bin/chown -f quagga:quaggavt /etc/quagga/vtysh.conf ExecStartPre=-/bin/chmod -f 640 /etc/quagga/zebra.conf /etc/quagga/vtysh.conf ExecStart=/usr/sbin/zebra -d $ZEBRA_OPTS -f /etc/quagga/zebra.conf -i /run/quagga/zebra.pid Restart=on-abort [Install] WantedBy=multi-user.target
修改完毕后,你需要重新载入脚本,
systemctl daemon-reload
2.3.6 测试启动脚本
systemctl start zebra.service systemctl stop zebra.service systemctl restart zebra.service systemctl status zebra.service
2.4.7 配置服务自启动
systemctl enable zebra.service
2.4 配置Quagga ospfd服务
2.4.1 部署配置文件
cp /etc/quagga/ospfd.conf.sample /etc/quagga/ospfd.conf chown quagga:quagga /etc/quagga/ chown quagga:quagga /etc/quagga/*.conf chown quagga:quaggavt /etc/quagga/vtysh.conf chmod 640 /etc/quagga/*.conf
2.4.2 测试运行环境
ospfd -d -f /etc/quagga/zebra.conf -C
参数简介,
-d 参数声明zebra以damon的模式运行
-f 参数声明zebra配置文件的位置
-C 参数声明zebra以测试模式运行并退出(适合调试)
2.4.3 手动测试运行
ospfd -d -f /etc/quagga/ospfd.conf -i /run/quagga/ospfd.pid
参数简介,
-i 参数声明pid文件的位置
命令执行后,我们建议你使用如下命令确认运行正常,
pgrep -a ospfd
如果你看到如下输出,则守护进程正常运行,
51600 ospfd -d -f /etc/quagga/ospfd.conf -i /run/quagga/ospfd.pid
如果你需要手动退出进程,请使用如下命令,
kill 2 `pgrep ospfd`
2.4.4 部署服务脚本
vim /etc/sysconfig/quagga
内容修改如下,
# # Default: Bind all daemon vtys to the loopback(s) only # BABELD_OPTS="-A 127.0.0.1" BGPD_OPTS="-A 127.0.0.1" ISISD_OPTS="-A ::1" OSPF6D_OPTS="-A ::1" # OSPFD_OPTS="-A 127.0.0.1" OSPFD_OPTS="-A 0.0.0.0" RIPD_OPTS="-A 127.0.0.1" RIPNGD_OPTS="-A ::1" # ZEBRA_OPTS="-A 127.0.0.1" ZEBRA_OPTS="-A 0.0.0.0" PIMD_OPTS="-A 127.0.0.1" # Watchquagga configuration for LSB initscripts # # (Not needed with systemd: the service files are configured to automatically # restart any daemon on failure. If zebra fails, all running daemons will be # stopped; zebra will be started again; and then the previously running daemons # will be started again.) # # Uncomment and edit this line to reflect the daemons you are actually using: #WATCH_DAEMONS="zebra bgpd ospfd ospf6d ripd ripngd" # # Timer values can be adjusting by editing this line: WATCH_OPTS="-Az -b_ -r/sbin/service_%s_restart -s/sbin/service_%s_start -k/sbin/service_%s_stop"
由于官方提供的启动脚本执行会报错,我们建议你使用如下命令修改,
vim /usr/lib/systemd/system/ospfd.service
脚本修改如下,
[Unit] Description=OSPF routing daemon BindsTo=zebra.service Wants=network.target After=zebra.service network-pre.target Before=network.target ConditionPathExists=/etc/quagga/ospfd.conf Documentation=man:ospfd [Service] Type=forking EnvironmentFile=/etc/sysconfig/quagga ExecStartPre=-/bin/chown -f quagga:quagga /etc/quagga/ospfd.conf ExecStartPre=-/bin/chmod -f 640 /etc/quagga/ospfd.conf ExecStart=/usr/sbin/ospfd -d $OSPFD_OPTS -f /etc/quagga/ospfd.conf -i /run/quagga/ospfd.pid Restart=on-abort [Install] WantedBy=multi-user.target
修改完毕后,你需要重新载入脚本,
systemctl daemon-reload
2.4.5 测试启动脚本
systemctl start ospfd.service systemctl stop ospfd.service systemctl restart ospfd.service systemctl status ospfd.service
2.4.6 配置服务自启动
systemctl enable ospfd.service
2.5 配置防火墙
2.5.1 确定路由服务的通讯端口
netstat -anp | egrep "ospfd|zebra"
可见如下输出,
tcp 0 0 0.0.0.0:2601 0.0.0.0:* LISTEN 2746/zebra tcp 0 0 0.0.0.0:2604 0.0.0.0:* LISTEN 2753/ospfd raw 0 0 0.0.0.0:89 0.0.0.0:* LISTEN 2753/ospfd raw6 0 0 :::58 :::* 7 2746/zebra
注:ospfd进程的89端口可能要等路由发布才能看到
2.5.2 允许路由的协议或端口通讯
egrep "89|58" /etc/protocols
可见如下信息,
ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6 ospf 89 OSPFIGP # Open Shortest Path First IGP
由于89与58端口不是IP协议是一种socket的类型,所以使用允许协议的方式配置,
firewall-cmd --permanent --add-protocol=ospf firewall-cmd --permanent --add-protocol=ipv6-icmp firewall-cmd --reload firewall-cmd --list-all
另外两个管理端口使用如下命令配置,
firewall-cmd --permanent --add-port 2601/tcp firewall-cmd --permanent --add-port 2604/tcp firewall-cmd --reload firewall-cmd --list-all
2.6 熟悉路由
如果你不熟悉路由的基本配置,请参阅以下链接的2.3章节,
https://www.cmdschool.org/archives/1220
参阅文档
===============
Quagga github
—————-
https://github.com/Quagga/quagga
Quagga的下载,
https://github.com/Quagga/quagga/releases
https://gogs.quagga.net/Quagga/quagga/releases
rpm包的构建
—————–
https://github.com/Quagga/quagga/blob/master/redhat/README.rpm_build.md
错误“OSPF not enabled on this interface”的解决方法,
———————–
https://lists.quagga.net/pipermail/quagga-users/2006-April/006715.html
https://lists.quagga.net/pipermail/quagga-users/2006-April/006709.html
https://lists.gt.net/quagga/users/918
没有评论