Differences

This shows you the differences between two versions of the page.

--- network_stuff:frr [2022/06/09 15:39] – jotasandoku
+++ network_stuff:frr [2023/11/02 14:38] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
+**INSTALLATION**
+\\
+  * Install any of the supported base linux. eg: Debian/Ubuntu
+  * Follow this steps: [[https://deb.frrouting.org/]]
+  * Uncomment ''net.ipv4.ip_forward=1'' in ''/etc/sysctl.conf'' and then apply with: ''sysctl -p''
+  * If possible to access via console, remove all the network configuration from the linux level.
+  * restart linux
+  * enable daemons in ''/etc/frr/daemons''
+**INSTALL https://docs.frrouting.org/en/latest/snmp.html**
+  * start frr
+  * apply first config (management)
+  * configure terminal -> log file /var/log/frr/frr.log -> end -> write memory
+  * Restart FRR as below:
-Most of the vantage points are now ipv4 default, so:\\
-  show bgp ipv4 unicast 203.190.181.0    ! to pull a route
-  sh ip bgp regexp _200981$   ! regexp anything from our ASN
-  sh ip bgp regexp _200981$   ! regexp anything from our ASN
-  show bgp ipv4 unicast regexp 174_([0-9]+)_200981$ ! regexp anything from our ASN traversing Cogent
-----
-**FRR routing FREE RANGE ROUTING**\\
-[[http://docs.frrouting.org/en/latest/bgp.html]]
-\\
-Zebra IS THE RIB
-\\
-To restart frr:
   /usr/lib/frr/frr-reload.py /etc/frr/frr.conf --reload
   /usr/lib/frr/frrinit.sh restart
-Also here: [[https://github.com/FRRouting/frr/blob/master/tools/frr-reload.py]]
-\\
-Binding files: [[https://github.com/srl-labs/containerlab/blob/master/lab-examples/cvx01/topo.clab.yml|External Link]],
-\\
+  * Configure snmp agent: https://panda314159.net/doku.php?id=linux SNMP AGENT IN LINUX
-Route Servers IXP:\\
-  * [[https://docs.ixpmanager.org/features/route-servers/]]
-  * [[https://www.ixpmanager.org/media/2018/20180417-euroix-ixpmanager.pdf]]
-  *
 ----
-__**FLOWSPEC NOTES RFC 5575**__
+  * Zebra IS THE RIB
-To filter (apply actions) on flows instead of penalising whole prefix ranges.\\
+Relevant files:
-Actions to be done are transmitted via a BGP session from the controller (tells the router what to filter).SAFI 133.\\
+  /etc/frr/daemons
-More specifically, actions are ''encoded in EXT-COMMUNITIES''
+  /etc/frr/frr.conf
-  * We use [[https://github.com/Exa-Networks/exabgp|exabgp]] to send and receive flowspec messages over the bgp connection
+To restart frr:
-  * In this [[https://blog.sflow.com/2017/07/bgp-flowspec-on-white-box-switch.html|article]]we can see how we do : flowspec-bgp-msg > acl > iptable rules
+  /usr/lib/frr/frr-reload.py /etc/frr/frr.conf --reload
-    * however it gives for granted that we know how to generate and send flowspec messages.
+  /usr/lib/frr/frrinit.sh restart
-      * the message was sent by sFlow-RT/exabgp. More info [[https://blog.sflow.com/2017/07/real-time-ddos-mitigation-using-sflow.html|here]]
+  Or
-  * flowspec and containerlab: [[https://github.com/sflow-rt/containerlab|External Link]]
+  sudo systemctl start frr.service
+Also here: [[https://github.com/FRRouting/frr/blob/master/tools/frr-reload.py]]
-Flowspec in **junos**:
+\\
-  > show route table inetflow.0 extensive
-  inetflow.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) 4.4.4.4,*,proto=17,srcport=53,len>=450&<=600/term:1 (1 entry, 1 announced) TSI:
+Most of the vantage points are now ipv4 default, so:\\
-  KRT in dfwd;
+  show bgp ipv4 unicast 203.190.181.0    ! to pull a route
-  Action(s): discard,count
+  sh ip bgp regexp _200981$   ! regexp anything from our ASN
-  Page 0 idx 0, (group ArborSP type Internal) Type 1 val a3be258 (adv_entry)
+  sh ip bgp regexp _200981$   ! regexp anything from our ASN
-  Advertised metrics:
+  show bgp ipv4 unicast regexp 174_([0-9]+)_200981$ ! regexp anything from our ASN traversing Cogent
-  Nexthop: Self
-  Localpref: 100
-  AS path: [65530] ?
-  Communities: 65530:100 65530:134 no-export traffic-rate:0:0 Cluster ID: 192.168.252.12
-  Originator ID: 10.2.25.68 Advertise: 000006f7
-  Path 4.4.4.4,*,proto=17,srcport=53,len>=450&
 ----
-__EXABGP NOTES__:
-exabgp api accepts these [[https://github.com/Exa-Networks/exabgp/wiki/Controlling-ExaBGP-:-interacting-from-the-API|commands]] which can be entered either via python swriting stdio (exabgp listents it) or directly via ''exabgpcli''.
+Binding files: [[https://github.com/srl-labs/containerlab/blob/master/lab-examples/cvx01/topo.clab.yml|External Link]],
-\\
-Ways to start exabgp:
-  sudo env exabgp.daemon.user=root exabgp-4.0.0/sbin/exabgp exabgp.conf
-  sudo env exabgp.debug.configuration=1 exabgp.debug.pdb=1 exabgp.daemon.user=root exabgp-4.0.0/sbin/exabgp exabgp.conf
-  exabgp ./exabgp.conf
-Links:\\
-  * [[https://thepacketgeek.com/exabgp/getting-started/]]
-  * [[https://brezular.com/2020/10/01/bgp-flowspec-on-arista-veos/]]
-  * [[https://github.com/Exa-Networks/exabgp/tree/master]]
-  * [[https://vincent.bernat.ch/en/blog/2013-exabgp-highavailability]]
-  * [[https://blog.sflow.com/2017/07/real-time-ddos-mitigation-using-sflow.html]]
-  * [[https://blog.sflow.com/2017/07/bgp-flowspec-on-white-box-switch.html]]
-  * [[https://devangnp.github.io/blog/bgp-flowspec-exabgp/]]
-  * [[https://github.com/ancker010/exabgp-flowspec-generator/blob/master/flowspec-generator.py]]
-Examples of flowspec messages. They follow Juniper style
+----
+Route Servers IXP:\\
+  * [[https://docs.ixpmanager.org/features/route-servers/]]
+  * [[https://www.ixpmanager.org/media/2018/20180417-euroix-ixpmanager.pdf]]
+  *
-  'announce route 100.10.0.0/24 next-hop self',
-  'announce route 200.20.0.0/24 next-hop self',
-  'announce flow route { match { destination 172.16.0.0/24; } then { discard; } }',
-\\
-DDOS protection with RTBH and flowspec:
-[[https://drive.google.com/file/d/1jcIYvboHmFWF5FlcNQK5HXKIH1Ij91xn/view?usp=sharing|External_Link]]
-\\
-{{:network_stuff:rtbh-and-flowspec.jpg?600|}}
-\\
-Anycast can also be used to prevent inter-regios ddos (Cloudflare):
-\\
-{{:network_stuff:anycast-for-ddos.jpg?300|}}

dokucama

User Tools

Site Tools

Differences

Page Tools