dn42-wiki/howto/frr.html

<!DOCTYPE html>
<html lang="en">
    <head>
<meta charset="UTF-8">



<title>Frr | dn42 wiki</title>

<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="robots" content="index, follow">
<meta name="keywords" content="dn42,wiki,routing,bgp">

<link rel="canonical" href="https://dn42.obl.ong/howto/frr.html">
<link rel="icon" type="image/x-icon" href="/favicon.ico">
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">

<link rel="author" type="text/html" href="/docs/people">

<link rel="stylesheet" href="/css/normalize.css">
<link rel="stylesheet" href="/css/simple.min.css">
<link rel="stylesheet" href="/css/style.css">
<link rel="stylesheet" href="/css/menu.css">


</head>
    
    <body>

        <header>


<b>dn42 wiki / Frr</b>

<div id="dn42_header">
    
    <p><a href="/"><img src="/dn42.png" alt="dn42" /></a></p>

</div>
</header>

        <main>
            <p>To quote from <a href="https://frrouting.org/">https://frrouting.org/</a>:</p>

<blockquote>
  <p>FRRouting (FRR) is a free and open source Internet routing protocol suite for Linux and Unix platforms. It implements BGP, OSPF, RIP, IS-IS, PIM, LDP, BFD, Babel, PBR, OpenFabric and VRRP, with alpha support for EIGRP and NHRP.</p>
</blockquote>

<p>It features a similar configuration style to Cisco IOS.</p>

<h3 id="installation">Installation</h3>
<p>Install the <code class="language-plaintext highlighter-rouge">frr</code> and <code class="language-plaintext highlighter-rouge">frr-pythontools</code> package on your favourite Linux/BSD distribution. For BGP RPKI support, also install <code class="language-plaintext highlighter-rouge">frr-rpki</code>. <em>Make sure you are using FRR version 8.5 or greater for IPv6 link local peerings.</em></p>

<ul>
  <li>More installation options: <a href="https://docs.frrouting.org/en/latest/installation.html">https://docs.frrouting.org/en/latest/installation.html</a></li>
  <li>releases: <a href="https://frrouting.org/release/">https://frrouting.org/release/</a></li>
</ul>

<p>If your distribution doesn’t have the latest FRR version, check the releases page. FRR supplies Debian packages, RPM packages and Snaps.</p>

<h2 id="configuration">Configuration</h2>

<p>Important cofiguration files:</p>
<ul>
  <li><code class="language-plaintext highlighter-rouge">/etc/frr/daemons</code>: daemons that will be started</li>
  <li><code class="language-plaintext highlighter-rouge">/etc/frr/vtysh.conf</code>: configuration for the VTY shell</li>
  <li><code class="language-plaintext highlighter-rouge">/etc/frr/frr.conf</code>: configuration for the daemons</li>
  <li><code class="language-plaintext highlighter-rouge">/etc/frr/${DAEMON}.conf</code>: configuration for a single daemon (deprecated)</li>
</ul>

<p>It this guide, only BGP will be set up using the shared <code class="language-plaintext highlighter-rouge">/etc/frr/frr.conf</code>.</p>

<h3 id="daemons">Daemons</h3>

<p>First, setup <code class="language-plaintext highlighter-rouge">/etc/frr/daemons</code>. As stated previously. this file specifies which daemons will be started.</p>

<div class="language-diff highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="gd">--- /etc/frr/daemons
</span><span class="gi">+++ /etc/frr/daemons
</span><span class="p">@@ -14,7 +14,7 @@</span>
 #
 # The watchfrr, zebra and staticd daemons are always started.
 #
<span class="gd">-bgpd=no
</span><span class="gi">+bgpd=yes
</span> ospfd=no
 ospf6d=no
 ripd=no
</code></pre></div></div>

<h3 id="vty-shell">VTY shell</h3>

<p>To use the VTY shell, <code class="language-plaintext highlighter-rouge">/etc/frr/vtysh.conf</code> needs to be set up. <em>The <code class="language-plaintext highlighter-rouge">hostname</code> and <code class="language-plaintext highlighter-rouge">banner motd</code> also need to be entered there manually to be persistant.</em></p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>service integrated-vtysh-config
</code></pre></div></div>

<p>Unprivileged users need to be in the <code class="language-plaintext highlighter-rouge">frrvty</code> group to use <code class="language-plaintext highlighter-rouge">vtysh</code>.</p>

<p>The VTY shell can be used to interact with running daemons and configure them. Changes made in the VTY shell can be written to <code class="language-plaintext highlighter-rouge">/etc/frr/frr.conf</code> using the <code class="language-plaintext highlighter-rouge">write</code> command. To enter configuration mode use the <code class="language-plaintext highlighter-rouge">configure</code> command. To get information about the available commands, press <code class="language-plaintext highlighter-rouge">?</code>.</p>

<h3 id="zebra">Zebra</h3>

<p>Before configuring BGP, a few other things need to be set up. First, create a <a href="https://docs.frrouting.org/en/latest/filter.html#ip-prefix-list">prefix-list</a> for the dn42 prefixes. That will be used to filter out non-dn42 routes to be announced to BGP. For that, open <code class="language-plaintext highlighter-rouge">/etc/frr/frr.conf</code> or <code class="language-plaintext highlighter-rouge">vtysh</code> in configuration mode and add:</p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ip prefix-list dn42 seq 1 deny 172.22.166.0/24 le 32
ip prefix-list dn42 seq 1001 permit 172.20.0.0/24 ge 28 le 32
ip prefix-list dn42 seq 1002 permit 172.21.0.0/24 ge 28 le 32
ip prefix-list dn42 seq 1003 permit 172.22.0.0/24 ge 28 le 32
ip prefix-list dn42 seq 1004 permit 172.23.0.0/24 ge 28 le 32
ip prefix-list dn42 seq 1100 permit 172.20.0.0/14 ge 21 le 29
ip prefix-list dn42 seq 2001 permit 10.100.0.0/14 le 32
ip prefix-list dn42 seq 2002 permit 10.127.0.0/16 le 32
ip prefix-list dn42 seq 2003 permit 10.0.0.0/8 ge 15 le 24
ip prefix-list dn42 seq 3001 permit 172.31.0.0/16 le 32
ip prefix-list dn42 seq 9999 deny 0.0.0.0/0 le 32
!
ipv6 prefix-list dn42v6 seq 1001 permit fd00::/8 ge 44 le 64
ipv6 prefix-list dn42v6 seq 9999 deny ::/0 le 128
</code></pre></div></div>

<p>This prefix list can be created yourself by following the instructions for Quagga in the <code class="language-plaintext highlighter-rouge">data/filter.txt</code> and <code class="language-plaintext highlighter-rouge">data/filter6.txt</code> files from the registry.</p>

<p>Next create a <a href="https://docs.frrouting.org/en/latest/routemap.html">route-map</a>, which will be used for doing the actual filtering later.</p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>route-map dn42 permit 5
 match ip address prefix-list dn42
 set src &lt;IPv4 address of the node&gt;
exit
!
route-map dn42v6 permit 5
 match ipv6 address prefix-list dn42v6
 set src &lt;IPv6 address of the node&gt;
exit
</code></pre></div></div>

<h3 id="bgp">BGP</h3>

<p>With the configuration of the daemons file and Zebra done, BGP can now be configured.</p>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>router bgp &lt;AS of the network&gt;
 neighbor &lt;IPv4 peer address&gt; remote-as &lt;Peer AS&gt;
 neighbor &lt;IPv6 peer address&gt; remote-as &lt;Peer AS&gt;
 ! In case an IPv6 link local address is used to peer
 neighbor &lt;IPv6 peer address&gt; interface &lt;Peer interface&gt;
 !
 address-family ipv4 unicast
  network &lt;Your IPv4 subnet&gt;
  neighbor &lt;IPv4 peer address&gt; activate
  neighbor &lt;IPv4 peer address&gt; route-map dn42 in
  neighbor &lt;IPv4 peer address&gt; route-map dn42 out
 exit
 !
 address-family ipv6 unicast
  network &lt;Your IPv6 subnet&gt;
  neighbor &lt;IPv6 peer address&gt; activate
  neighbor &lt;IPv6 peer address&gt; route-map dn42v6 in
  neighbor &lt;IPv6 peer address&gt; route-map dn42v6 out
 exit
exit
</code></pre></div></div>

<p><strong>Note</strong>: to advertise your prefixes, you will also have to have the full prefix assigned to an interface on the system.</p>

<p>With everything configured, the BGP session should come up. In the normal VTY shell mode the status of BGP peerings can be checked using the <code class="language-plaintext highlighter-rouge">show bgp summary</code> command.</p>

<h3 id="complete-configuration-example">Complete configuration example</h3>

<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>router bgp &lt;Your AS here&gt;
 neighbor &lt;Peer IPv4&gt; remote-as &lt;Peer AS&gt;
 neighbor &lt;Peer IPv6&gt; remote-as &lt;Peer AS&gt;
 ! In case an IPv6 link local address is used to peer
 neighbor &lt;Peer IPv6&gt; interface &lt;Peer interface&gt;
 !
 address-family ipv4 unicast
  network &lt;Your IPv4 subnet&gt;
  neighbor &lt;IPv4 peer address&gt; activate
  neighbor &lt;IPv4 peer address&gt; route-map dn42 in
  neighbor &lt;IPv4 peer address&gt; route-map dn42 out
 exit
 !
 address-family ipv6 unicast
  network &lt;Your IPv6 subnet&gt;
  neighbor &lt;IPv6 peer address&gt; activate
  neighbor &lt;IPv6 peer address&gt; route-map dn42v6 in
  neighbor &lt;IPv6 peer address&gt; route-map dn42v6 out
 exit
exit
!
ip prefix-list dn42 seq 1 deny 172.22.166.0/24 le 32
ip prefix-list dn42 seq 1001 permit 172.20.0.0/24 ge 28 le 32
ip prefix-list dn42 seq 1002 permit 172.21.0.0/24 ge 28 le 32
ip prefix-list dn42 seq 1003 permit 172.22.0.0/24 ge 28 le 32
ip prefix-list dn42 seq 1004 permit 172.23.0.0/24 ge 28 le 32
ip prefix-list dn42 seq 1100 permit 172.20.0.0/14 ge 21 le 29
ip prefix-list dn42 seq 2001 permit 10.100.0.0/14 le 32
ip prefix-list dn42 seq 2002 permit 10.127.0.0/16 le 32
ip prefix-list dn42 seq 2003 permit 10.0.0.0/8 ge 15 le 24
ip prefix-list dn42 seq 3001 permit 172.31.0.0/16 le 32
ip prefix-list dn42 seq 9999 deny 0.0.0.0/0 le 32
!
ipv6 prefix-list dn42v6 seq 1001 permit fd00::/8 ge 44 le 64
ipv6 prefix-list dn42v6 seq 9999 deny ::/0 le 128
!
route-map dn42 permit 5
 match ip address prefix-list dn42
 set src &lt;IPv4 address of the node&gt;
exit
!
route-map dn42v6 permit 5
 match ipv6 address prefix-list dn42v6
 set src &lt;IPv6 address of the node&gt;
exit
</code></pre></div></div>

<h2 id="further-reading">Further reading</h2>

<h3 id="general-things">General things</h3>

<ul>
  <li>FRR documentation: <a href="https://docs.frrouting.org/en/latest">https://docs.frrouting.org/en/latest</a></li>
  <li>FRR source code: <a href="https://github.com/frrouting/frr">https://github.com/frrouting/frr</a></li>
</ul>

<h3 id="configuration-tipps">Configuration tipps</h3>

<ul>
  <li>Use <a href="https://docs.frrouting.org/en/latest/bgp.html#peer-groups">peer groups</a> (<em>Strongly recommended to limit the work neede to add new peers or change general configuration for may peers.</em>)</li>
  <li><code class="language-plaintext highlighter-rouge">tab</code> and <code class="language-plaintext highlighter-rouge">?</code> are your best friends in the VTY shell</li>
  <li>Use <code class="language-plaintext highlighter-rouge">find REGEX</code> in the VTY shell to find certain commands</li>
</ul>



            <div id="menu-container" class="menu-container">
                <hr>
                <div id="menu" class="menu">
                    
                    <ul>
  <li><a href="/Home">Home</a>
    <ul>
      <li><a href="/howto/Getting-Started">Getting Started</a></li>
      <li><a href="/howto/Registry-Authentication">Registry Authentication</a></li>
      <li><a href="/howto/Address-Space">Address Space</a></li>
      <li><a href="/howto/BGP-communities">BGP communities</a></li>
      <li><a href="/FAQ">FAQ</a></li>
    </ul>
  </li>
  <li>How-To
    <ul>
      <li><a href="/howto/wireguard">Wireguard</a></li>
      <li><a href="/howto/openvpn">Openvpn</a></li>
      <li><a href="/howto/IPsec-with-PublicKeys">IPsec With Public Keys</a></li>
      <li><a href="/howto/tinc">Tinc</a></li>
      <li><a href="/howto/GRE-on-FreeBSD">GRE on FreeBSD</a></li>
      <li><a href="/howto/GRE-on-OpenBSD">GRE on OpenBSD</a></li>
      <li><a href="/howto/IPv6-Multicast">IPv6 Multicast (PIM-SM)</a></li>
      <li><a href="/howto/multicast">SSM Multicast</a></li>
      <li><a href="/howto/mpls">MPLS</a></li>
      <li><a href="/howto/Bird2">Bird2</a></li>
      <li><a href="/howto/frr">FRRouting</a></li>
      <li><a href="/howto/OpenBGPD">OpenBGPD</a></li>
      <li><a href="/howto/mikrotik">Mikrotik RouterOS</a></li>
      <li><a href="/howto/EdgeOS-Config">EdgeRouter</a></li>
      <li><a href="/howto/Static-routes-on-Windows">Static routes on Windows</a></li>
      <li><a href="/howto/networksettings">Universal Network Requirements</a></li>
      <li><a href="/howto/vyos1.4.x">VyOS</a></li>
      <li><a href="/howto/nixos">NixOS</a></li>
    </ul>
  </li>
  <li>Services
    <ul>
      <li><a href="/services/IRC">IRC</a></li>
      <li><a href="/services/Whois">Whois registry</a></li>
      <li><a href="/services/DNS">DNS</a></li>
      <li><a href="/services/IX-Collection">IX Collection</a></li>
      <li><a href="/services/Clearnet-Domains">Public DNS</a></li>
      <li><a href="/services/Looking-Glasses">Looking Glasses</a></li>
      <li><a href="/services/Automatic-Peering">Automatic Peering</a></li>
      <li><a href="/services/Repository-Mirrors">Repository Mirrors</a></li>
      <li><a href="/services/Distributed-Wiki">Distributed Wiki</a></li>
      <li><a href="/services/Certificate-Authority">Certificate Authority</a></li>
      <li><a href="/services/Route-Collector">Route Collector</a></li>
    </ul>
  </li>
  <li>Internal
    <ul>
      <li><a href="/internal/Internal-Services">Internal services</a></li>
      <li><a href="/internal/Interconnections">Interconnections</a></li>
      <li><a href="/internal/APIs">APIs</a></li>
      <li><a href="/internal/ShowAndTell">Show and Tell</a></li>
      <li><a href="/internal/Historical-Services">Historical services</a></li>
    </ul>
  </li>
  <li>Historical
    <ul>
      <li><a href="/historical/Bird">Bird 1</a></li>
      <li><a href="/historical/Quagga">Quagga</a></li>
    </ul>
  </li>
  <li>External Tools
    <ul>
      <li><a href="https://paste.dn42.us">Paste Board</a></li>
      <li><a href="https://git.dn42.dev">Git Repositories</a></li>
    </ul>
  </li>
</ul>

<hr />


                </div>
            </div>
        </main>
        
        <footer><div class="center">
    <div id="dn42_footer">
        
        <table>
  <tbody>
    <tr>
      <td>Hosted by: <a href="mailto:dn42@burble.com">BURBLE-MNT</a>, <a href="mailto:nurtic-vibe@grmml.net">GRMML-MNT</a>, <a href="mailto:xuu@dn42.us">XUU-MNT</a>, <a href="mailto:janeric@ortgies.it">JAN-MNT</a>, <a href="mailto:lare@lare.cc">LARE-MNT</a>, <a href="mailto:danny@saru.moe">SARU-MNT</a>, <a href="mailto:androw95220@gmail.com">ANDROW-MNT</a>, <a href="mailto:dn42@mk16.de">MARK22K-MNT</a></td>
      <td>Accessible via: <a href="https://wiki.dn42">dn42</a>, <a href="https://dn42.dev/">dn42.dev</a>, <a href="https://dn42.eu/">dn42.eu</a>, <a href="https://wiki.dn42.us/">wiki.dn42.us</a>, <a href="https://dn42.de/">dn42.de</a> (IPv6-only), <a href="https://dn42.cc/">dn42.cc</a> (wiki-ng), <a href="https://dn42.wiki/">dn42.wiki</a>, <a href="https://dn42.pp.ua/">dn42.pp.ua</a>, <a href="https://dn42.obl.ong/">dn42.obl.ong</a></td>
    </tr>
  </tbody>
</table>

    </div>
</div>
</footer>

        

    </body>

</html>