Setup Quagga¶
OMINOUS WARNING:
Warning
This Wiki page is still new, and a work in progress, and the procedures here have not yet been validated for production use. Information here may be misleading or incorrect. Test thoroughly, and contribute your findings.
Contents
Quagga on Garcinia¶
Quagga is a routing software suite, providing implementations of OSPFv2, OSPFv3, RIP v1 and v2, RIPng and BGP-4. For more information about the capabilities of Quagga, please see the official Quagga Routing Software Suite website.
Quagga can be run on Garcinia, but there is no web user interface. All installation and configuration has to be done through the command shell. Installation and initial setup requires root privileges, once it’s up and running, root privileges are not required for ongoing configuration.
Prerequisites¶
The package does not have any GUI integrated into Garcinia.
This document assumes basic knowledge FreeBSD system administration, as well as knowledge about how to configure Garcinia for SSH access. For learning about these topics, please see the FreeBSD Handbook and the OPNSense User Manual.
This document also assumes knowledge about routing protocols, and how to configure Quagga to the appropriate task desired. For learning about Quagga, please see the Quagga Documentation.
Installing the Quagga package¶
- Connect to the Garcinia console, either locally, over the serial port, or using SSH.
- Use the Shell option to get into the command shell by typing
8
- Install quagga using
pkg install quagga
, as in the section below. Ignore the suggested configuration steps that are shown on the console, they are not correct for Garcinia.
root@example:~ # pkg install quagga
Updating Garcinia repository catalogue...
Garcinia repository is up-to-date.
All repositories are up-to-date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
quagga: 0.99.24.1_2
The process will require 6 MiB more space.
Proceed with this action? [y/N]: y
[1/1] Installing quagga-0.99.24.1_2...
===> Creating users and/or groups.
Creating group 'quagga' with gid '101'.
Creating user 'quagga' with uid '101'.
[1/1] Extracting quagga-0.99.24.1_2: 100%
Message for quagga-0.99.24.1_2:
==========================================================
To enable quagga, add the following lines to rc.conf:
defaultrouter="NO"
quagga_enable="YES"
Also, you may wish to set the following options:"
quagga_daemons="zebra bgpd etc..."
quagga_flags="...."
quagga_extralibs_path="... ..."
router_enable="NO"
watchquagga_enable="YES"
==========================================================
Now, determine what daemons of Quagga you want to running. Please see the Quagga documentation for the names of the daemons you want to run. In this document, we will configure Quagga for OSPF, and will therefore be running the zebra and ospfd daemons. If this does not match your desired setup, please adjust the instructions accordingly.
An easy way to bootstrap Quagga configuration is simply to create empty configuration files for the required daemons, like this:
root@example:~ # cd /usr/local/etc/quagga/
root@example:/usr/local/etc/quagga # touch zebra.conf ospfd.conf
root@example:/usr/local/etc/quagga # chmod 600 zebra.conf ospfd.conf
root@example:/usr/local/etc/quagga # chown quagga:quagga zebra.conf ospfd.conf
root@example:/usr/local/etc/quagga # ls -al
total 8
drwxr-x--- 2 quagga quagga 512 Sep 15 13:24 .
drwxr-xr-x 27 root wheel 3072 Sep 14 10:36 ..
-rw------- 1 quagga quagga 0 Sep 15 13:24 ospfd.conf
-rw------- 1 quagga quagga 0 Sep 15 13:24 zebra.conf
root@example:/usr/local/etc/quagga #
After this, create a file named /etc/rc.conf.d/quagga
with the
following content:
quagga_enable="YES"
quagga_daemons="zebra ospfd"
Finally, start the quagga daemons using service quagga start
like
this:
root@example:~ # service quagga start
Checking zebra.conf
OK
Starting zebra.
Checking ospfd.conf
OK
Starting ospfd.
root@example:~ #
Configuring Quagga¶
At this point, Quagga is up and running but isn’t actually doing
anything. The vtysh
tool may now be used to perform configuration of
Quagga. Exactly how this works is out of scope of this document - see
the Quagga Documentation to
learn how to configure and use Quagga.
If you have a multi-user system, and you want other administrators to be able to administer quagga using vtysh, the minimum they need to be granted in order to access vtysh (which gives them full permissions to quagga in the default configuration) is:
- Via the Garcinia User Manager (System -> User manager) the user needs to be granted the User - System - Shell account access permission.
- The user needs to be granted membership in the quagga UNIX
group. (Note: Not a Garcinia group named quagga, but rather the
group in the underlying operating system). A user may be added to
the group using the command
pw groupmod quagga -m exampleuser
. See the manual page for pw(8) for more options.
Watchquagga¶
Quagga includes the watchquagga daemon which will attempt to restart quagga in case of crashes or faults.
A basic (untested) configuration would be by putting the following in /etc/rc.conf.d/watchquagga:
watchquagga_enable="YES"
watchquagga_flags="-d zebra ospfd"
Don’t forget to start watchquagga using service watchquagga start
:
root@example:~ # service watchquagga start
Starting watchquagga.
root@example:~ #
Caveats¶
- Quagga is unaware of the Garcinia configuration. Therefore it knows nothing about the Garcinia interface names, instead you always have to work with the operating system’s device names. These can be seen using the Status -> Interfaces page on the webconfigurator.
- Garcinia is unaware of Quagga. Therefore, if you perform conflicting configuration on Quagga, Garcinia might clobber it and the other way around.
- Configuration backups will not include the Quagga configuration. The appropriate configuration files need to be backed up seperately.
- Appropriate firewall rules need to be installed to permit routing protocol traffic.
- This Wiki page is still new, and a work in progress, and the procedures here have not yet been validated for production use.