HOWTO:Routing

From TIER

Routing

We want to run dynamic IP routing.

Software Installation

We use the GNU Zebra implementation. It is easy to configure and it is Free. Zebra provides implementations of several routing protocols - OSPF, RIP, BGP.

Zebra Configuration

Different configuration files are in /etc/zebra: zebra.conf (common), ripd.conf (RIP), ospfd.conf (OSPFv2)

• /etc/zebra/daemons: enable the required daemons.

zebra=yes
ripd=yes

• /etc/zebra/zebra.conf: So usefule entries are
  • hostname <name>
  • interface <name> - begins a config block for an interface
  • static routes

Sample zebra.conf

hostname Router
! password zebra
! enable password zebra
ip route 0.0.0.0/0 169.229.255.128
! 
log file /var/log/zebra/zebra.log

Dynamic Routing Configuration

RIP

Network options

• Enables a RIP router

router ripd

• Enables RIP for an interface or network

network <a.b.c.d/mask> 
! OR
network eth0

• Designate a "neighbor" router to send updates directly (if multicast is not supported on the interface)

neighbor <a.b.c.d>

Route distribution

• Connected routers: These are the routes that are directly connected to your router via ethernet or wireless. Computers on the connected network are directly accessible and traffic to them does not pass through a gateway. Connected routes are typically added automatically when you enable an interface.

redistribute connected

• Static routes:

redistribute static

• Kernel routes: These are the routing entries from your kernel. They can be seen with the command "route -n" on Linux systems or "netstat -r" on BSD systems. We do not want to redistribute kernel routes. One reason is you don't want to share your default Internet gateway with others.

redistribute kernel

Route Filtering

RIP supports route filtering when we want to restrict the dynamic routing to certain networks. For example, we do not want to forward routes that go to our default network connection.

• Create a distribution list: Here we create a list 'private' that permits routes only for 10.0.0.0/8 networks.

 access-list private permit 10.0.0.0/8
 access-list private deny any

• Apply the distribution list to inbound or outbound interface:

 distribute-list private in ath0
 distribute-list private out ath0

Sample ripd.conf

hostname ripd
! password zebra
!
! debug rip events
! debug rip packet
!
router rip
 network 10.0.101.0/24
 network 10.0.105.0/24
 network 10.0.201.0/24
 redistribute connected
 redistribute static
 distribute-list private in ath0
 distribute-list private out ath0
 distribute-list private in ath1
 distribute-list private out ath1
 distribute-list private in tun0
 distribute-list private out tun0
 access-list private permit 10.0.0.0/8
 access-list private deny any
!
log file /var/log/zebra/ripd.log

OSPF

TODO

Special Issues

• IP Tunnels: GRE tunnels support multicast. However the peer address of the pointopoint link has to be set correctly, otherwise Zebra rejects RIP updates coming from the tunnel interface as it cannot match the packet with any connected interface name. However it is able to match the interface name when the peer IP is set.

ifconfig tun0 <local-IP/netmask> pointopoint <peer-IP>

References

• SeattleWireless RIP routing guide]
• GNU Zebra Manual