bgp tweaks quagga debian linux hamnet

peter_jenp

New Member
Joined
Feb 23, 2021
Messages
23
Reaction score
5
Credits
248
Hello all. first let me briefly explain what hamnet is for those who don't know it. hamnet is a network of radio amateurs for and by radio amateurs.
radio amateurs can get free access to this network and have their own ip adderes or even a narrow ip range.
hamnet's ip addresses can be accessed from the internet on request.
now I also got my own ip range and a number of ip addresses of my range have been made accessible from the internet at my request.
However, for this I also have to make some adjustments to my own debian linux server (homemade router).
I run into problems there.
because I can't get it to date for each other that one ip addresses also respond to traffic from the internet.
it works through hamnet itself.
So the question is, does anyone know what I'm doing wrong.
I will post the necessary config fils below and the necessary commands with their output.

for the sake of convenience let's say that we first get an ip address that works well.
later we can look for the other ip addresses

the ip address that I want to have working first from the internet is: 44.137.83.65
the ip address of the router is: 44.137.83.78
one ip range is: 44.137.83.64/28
the internet ip address of the router/server is: 172.81.61.156
the ip address of the gre tun for hamnet access is: 44.137.61.34

according to one of the hamnet administrators the commands ip rule should give the following output for it to work.

Code:
0: from all lookup local
44: from 44.137.83.64/28 lookup 44
44: from all to 44.0.0.0/9 lookup 44
44: from all to 44.128.0.0/10 lookup 44
32766: from all lookup main
32767: from all lookup default

however I get the following at the command
Code:
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

and now the necessary config files
/etc/network/interfaces
Code:
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    address   172.81.61.156
    netmask   255.255.255.192
    gateway   172.81.61.129
    dns-nameservers 2001:4860:4860::8888 208.67.222.222 8.8.8.8 2620:119:35::35
iface eth0 inet6 static
    address   2600:c05:3010:50:1fa::1
    netmask   64
    gateway   2600:0c05:3010:0050:0000:0000:0000:0001
    dns-nameservers 2001:4860:4860::8888 208.67.222.222 8.8.8.8 2620:119:35::35

#auto eth1
#iface eth1 inet dhcp

###    hamnet   ###
auto gre1
iface gre1 inet static
  address 44.137.61.34
  netmask 255.255.255.252
  pre-up /sbin/ip tunnel add gre1 mode gre remote 145.220.78.4 local 172.81.61.156 ttl 20
pre-up /sbin/ip link add eth10 type dummy
pre-up /sbin/ip link add eth11 type dummy
pre-up /sbin/ip link show eth10
pre-up /sbin/ip link show eth11
pre-up /sbin/ip addr add 44.137.83.78/28 dev eth10
pre-up /sbin/ip addr add 44.137.83.65/28 dev eth11
pre-up /sbin/ip link set dev eth10 up
pre-up /sbin/ip link set dev eth11 up
post-down /sbin/ip tunnel del gre1

/etc/sysctl.conf
Code:
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

# Uncomment the next line to enable packet forwarding for IPv6
#  Enabling this option disables Stateless Address Autoconfiguration
#  based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
I have mostly omitted the commented lines for the overview

/etc/quagga/bgpd.conf
Code:
! -*- bgp -*-
!
! BGPd configuration file
!
hostname test
password zebra
enable password zebrazebra
!
! logging
!
!log stdout
log file /var/log/quagga/bgpd.log
!
! debugging: be verbose (can be removed afterwards)
debug bgp events
!debug bgp filters
!debug bgp fsm
!debug bgp keepalives
debug bgp updates
!
router bgp 4220408304
   bgp router-id 44.137.83.78
   redistribute connected
   redistribute kernel
   no synchronization
   no auto-summary
!
! interlinks
!
! router lopik
!
   neighbor 44.137.61.33 remote-as 4220406100
   neighbor 44.137.61.33 prefix-list OUTprefix out
   neighbor 44.137.61.33 prefix-list INprefix in
   neighbor 44.137.61.33 next-hop-self
   neighbor 44.137.61.33 activate
!
!(end of router bgp 4220406100)
!
! prefix lists for route filtering
!
! output filter:        only local subnets
!
ip prefix-list OUTprefix description Filter for OUTPUT
ip prefix-list OUTprefix permit 44.137.83.64/28
ip prefix-list OUTprefix deny 0.0.0.0/0 le 32
!
! input filter:         only AMPRnet subnets
!
ip prefix-list INprefix description Filter for INPUT
ip prefix-list INprefix permit 44.0.0.0/8 le 32
ip prefix-list INprefix deny 0.0.0.0/0 le 32

/erc/quagga/deamons
Code:
zebra=yes
bgpd=yes

/etc/quagga/zebra.conf
Code:
! -*- zebra -*-
!
! Zebra configuration file
!
hostname test
password zebra
enable password zebrazebra
!
! logging
!
!log stdout
log file /var/log/quagga/zebra.log
!
interface eth11
  description HAMNET interface
!
interface gre1
  description HAMNET tunnel
!
line vty

and now the output of the necessary commands
ifconfig
Code:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.81.61.156  netmask 255.255.255.192  broadcast 172.81.61.191
        inet6 2600:c05:3010:50:1fa::1  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::5054:ff:fe86:8ce7  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:86:8c:e7  txqueuelen 1000  (Ethernet)
        RX packets 2189341  bytes 240211159 (229.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 58183  bytes 8231265 (7.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth10: flags=195<UP,BROADCAST,RUNNING,NOARP>  mtu 1500
        inet 44.137.83.78  netmask 255.255.255.240  broadcast 0.0.0.0
        inet6 fe80::8046:f4ff:febb:ed2a  prefixlen 64  scopeid 0x20<link>
        ether 82:46:f4:bb:ed:2a  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 223  bytes 15648 (15.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth11: flags=195<UP,BROADCAST,RUNNING,NOARP>  mtu 1500
        inet 44.137.83.65  netmask 255.255.255.240  broadcast 0.0.0.0
        inet6 fe80::185b:d8ff:feff:d0aa  prefixlen 64  scopeid 0x20<link>
        ether 1a:5b:d8:ff:d0:aa  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

gre1: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1476
        inet 44.137.61.34  netmask 255.255.255.252  destination 44.137.61.34
        inet6 fe80::200:5efe:ac51:3d9c  prefixlen 64  scopeid 0x20<link>
        unspec AC-51-3D-9C-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1  (UNSPEC)
        RX packets 4510  bytes 426000 (416.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2581  bytes 163301 (159.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 524  bytes 47689 (46.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 524  bytes 47689 (46.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

route
Code:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         172.81.61.129   0.0.0.0         UG    0      0        0 eth0
44.0.0.0        pd9enp.pi9noz.a 255.128.0.0     UG    20     0        0 gre1
44.128.0.0      pd9enp.pi9noz.a 255.192.0.0     UG    20     0        0 gre1
44.137.0.0      pd9enp.pi9noz.a 255.255.0.0     UG    20     0        0 gre1
44.137.61.32    0.0.0.0         255.255.255.252 U     0      0        0 gre1
44.137.83.64    0.0.0.0         255.255.255.240 U     0      0        0 eth10
44.137.83.64    0.0.0.0         255.255.255.240 U     0      0        0 eth11
172.81.61.128   0.0.0.0         255.255.255.192 U     0      0        0 eth0

ip rule we already had

show ip bgp summary
Code:
dynu.jenp.net# show ip bgp summary
BGP router identifier 44.137.83.78, local AS number 4220408304
RIB entries 9, using 1008 bytes of memory
Peers 1, using 9088 bytes of memory

Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
44.137.61.33    4 4220406100    1080     951        0    0    0 02:20:51        3

Total number of neighbors 1

and now as last 2 config files

bgpd.conf (this is going to be a long output)
Code:
2022/02/11 18:57:12 BGP: BGPd 1.1.1 starting: vty@2605, bgp@<all>:179 pid 611
2022/02/11 18:57:14 BGP: 44.137.61.33 [Event] Connect start to 44.137.61.33 fd 13
2022/02/11 18:57:14 BGP: 44.137.61.33 [Event] Connect start to 44.137.61.33 fd 13
2022/02/11 18:57:15 BGP: %ADJCHANGE: neighbor 44.137.61.33 Up
2022/02/11 18:57:15 BGP: 44.137.61.33 rcvd UPDATE w/ attr: nexthop 44.137.61.33, origin ?, metric 0, community 44137:10050, path 4220406100
2022/02/11 18:57:15 BGP: 44.137.61.33 rcvd UPDATE about 0.0.0.0/0 -- DENIED due to: filter;
2022/02/11 18:57:15 BGP: 44.137.61.33 rcvd 44.0.0.0/9
2022/02/11 18:57:15 BGP: 44.137.61.33 rcvd 44.128.0.0/10
2022/02/11 18:57:15 BGP: 44.137.61.33 rcvd 44.137.0.0/16
2022/02/11 18:57:16 BGP: 44.137.61.33 send UPDATE 44.137.83.64/28
2022/02/12 02:49:32 BGP: [Event] BGP connection from host 106.75.223.50
2022/02/12 02:49:32 BGP: [Event] BGP connection IP address 106.75.223.50 is not configured
2022/02/12 02:49:33 BGP: [Event] BGP connection from host 106.75.223.50
2022/02/12 02:49:33 BGP: [Event] BGP connection IP address 106.75.223.50 is not configured
2022/02/12 02:49:33 BGP: [Event] BGP connection from host 106.75.223.50
2022/02/12 02:49:33 BGP: [Event] BGP connection IP address 106.75.223.50 is not configured
2022/02/12 02:49:33 BGP: [Event] BGP connection from host 106.75.223.50
2022/02/12 02:49:33 BGP: [Event] BGP connection IP address 106.75.223.50 is not configured
2022/02/12 02:49:34 BGP: [Event] BGP connection from host 106.75.223.50
2022/02/12 02:49:34 BGP: [Event] BGP connection IP address 106.75.223.50 is not configured
2022/02/12 08:20:28 BGP: %NOTIFICATION: received from neighbor 44.137.61.33 4/0 (Hold Timer Expired) 0 bytes
2022/02/12 08:20:28 BGP: %ADJCHANGE: neighbor 44.137.61.33 Down BGP Notification received

a lot of times
2022/02/12 08:20:30 BGP: 44.137.61.33 [Event] Connect start to 44.137.61.33 fd 13
2022/02/12 08:20:31 BGP: 44.137.61.33 [Event] Connect failed (Operation now in progress)
2022/02/12 08:20:41 BGP: 44.137.61.33 [Event] Connect start to 44.137.61.33 fd 13
2022/02/12 08:20:42 BGP: 44.137.61.33 [Event] Connect failed (Operation now in progress)
2022/02/12 08:20:52 BGP: 44.137.61.33 [Event] Connect start to 44.137.61.33 fd 13
2022/02/12 08:20:53 BGP: 44.137.61.33 [Event] Connect failed (Operation now in progress)
2022/02/12 08:21:03 BGP: 44.137.61.33 [Event] Connect start to 44.137.61.33 fd 13
2022/02/12 08:21:04 BGP: 44.137.61.33 [Event] Connect failed (Operation now in progress)
2022/02/12 08:21:14 BGP: 44.137.61.33 [Event] Connect start to 44.137.61.33 fd 13

and at the end it says:
2022/02/12 08:36:08 BGP: 44.137.61.33 [Event] Connect start to 44.137.61.33 fd 13
2022/02/12 08:36:09 BGP: 44.137.61.33 [Event] Connect failed (Operation now in progress)
2022/02/12 08:36:19 BGP: 44.137.61.33 [Event] Connect start to 44.137.61.33 fd 13
2022/02/12 08:36:20 BGP: 44.137.61.33 [Event] Connect failed (Operation now in progress)
2022/02/12 08:36:30 BGP: 44.137.61.33 [Event] Connect start to 44.137.61.33 fd 13
2022/02/12 08:36:31 BGP: %ADJCHANGE: neighbor 44.137.61.33 Up
2022/02/12 08:36:31 BGP: 44.137.61.33 rcvd UPDATE w/ attr: nexthop 44.137.61.33, origin ?, metric 0, community 44137:10050, path 4220406100
2022/02/12 08:36:31 BGP: 44.137.61.33 rcvd UPDATE about 0.0.0.0/0 -- DENIED due to: filter;
2022/02/12 08:36:31 BGP: 44.137.61.33 rcvd 44.0.0.0/9
2022/02/12 08:36:31 BGP: 44.137.61.33 rcvd 44.128.0.0/10
2022/02/12 08:36:31 BGP: 44.137.61.33 rcvd 44.137.0.0/16
2022/02/12 08:36:32 BGP: 44.137.61.33 send UPDATE 44.137.83.64/28

zebra.log
Code:
2022/02/11 18:57:12 ZEBRA: Zebra 1.1.1 starting: vty@2601
2022/02/11 18:57:12 ZEBRA: client 14 says hello and bids fair to announce only bgp routes
2022/02/11 18:57:12 ZEBRA: Try to set TE Link Param
2022/02/11 18:57:12 ZEBRA: Try to set TE Link Param
2022/02/11 18:57:12 ZEBRA: Try to set TE Link Param
2022/02/11 18:57:12 ZEBRA: Try to set TE Link Param
2022/02/11 18:57:12 ZEBRA: Try to set TE Link Param
2022/02/11 18:57:12 ZEBRA: Try to set TE Link Param
2022/02/11 18:57:12 ZEBRA: Try to set TE Link Param
2022/02/11 18:57:12 ZEBRA: Try to set TE Link Param
2022/02/11 18:57:12 ZEBRA: Try to set TE Link Param

I hope someone can help me get the book working
 


just a little extra information. I received the email below from one of the hamnet administrators about the ip rule piece.
Code:
Yes, I just want to warn you that you won't get there with 1 route table.
So if you type "ip route" and you see the routes to hamnet, there is still homework to do!
If you type in "ip rule" you should get something like this:

ip rule
0: from all lookup local
44: from 44.137.83.64/28 lookup 44
44: from all to 44.0.0.0/9 lookup 44
44: from all to 44.128.0.0/10 lookup 44
32766: from all lookup main
32767: from all lookup default

And if you do "ip route list table 44" you should see your hamnet routes with a default route pointing to your tunnel.
If you do "ip route" then you only need to see your own IP space of your provider and a default route that points to your provider router.

To arrange this you have to indicate in your BGP configuration that your routes should be placed in a different table (in this example 44).
If you have not set it up that way, it will not work and if you find this too difficult, it is better to revert that internet access.
 
I wish I could help you, as the subject is fascinating to me. I understand it at a conceptual level, but haven't even bothered to get my Technician.

Alas, I think we have maybe two hams here and so far none of them have mentioned this. You may have to get help elsewhere. I want to say that @kc1di is a ham and one other person whose name escapes me at the moment.
 

Members online


Latest posts

Top