Vyatta is a Linux based distro that ease the set up of VPN, Routers, antivirus.... It has a really small footprint on your system as it only requires something like 800M to be installed and is based on Debian. On the top of that, it offers configuration wrappers to facilitate service settings.
This tutorial will explain how to set up 2 Border Gateway Protocol (BGP) boxes to route the traffic from one Autonomous System (AS) to the other using Vyatta.
Vyatta Community Edition 4.1.4 was used during this set up.
This tutorial will assume that you know how to install vyatta, but really, it is just a matter of inserting the CD in the drive an typing:
# install-system
I recommend that you check on Vyatta website for more information on this part.
This tutorial will be using 2 Vyatta VMs that will have 3 interfaces:
The Vyatta VMs will be called vyatta-bgp1 and vyatta-bgp2.
vyatta-bgp1 will have its interfaces set up as follow:
It will advertise AS 1 with network 1.1.1.0/24 to its neighbor AS 2 at IP 172.16.163.2 with password "BGPtutorial".
vyatta-bgp2 will have its interfaces set up as follow:
It will advertise AS 2 with network 2.2.2.0/24 to its neighbor AS 1 at IP 172.16.163.1 with password "BGPtutorial".
During this part, we are going to set up the 2 Border Gateway routers'network interfaces. In vyatta world, you need to enter the interactive configuration shell by typing:
vyatta@vyatta-bgp1:~$ configure
[edit]
vyatta@vyatta-bgp1#
Once you are in edition mode, type the following to set up eth0, eth1 and eth2:
[edit]
vyatta@vyatta-bgp1# set interfaces ethernet eth0 address 192.168.2.10/24
[edit]
vyatta@vyatta-bgp1# set interfaces ethernet eth1 address 172.16.163.1/24
[edit]
vyatta@vyatta-bgp1# set interfaces ethernet eth2 address 1.1.1.1/24
Then, set up the default route to be 192.168.2.1:
[edit]
vyatta@vyatta-bgp1# set system gateway-address 192.168.2.1
and optionally you can set the DNS server to query:
[edit]
vyatta@vyatta-bgp1# set system name-server 192.168.2
and finally commit and save so the setting stays upon reboot:
[edit]
vyatta@vyatta-bgp1# commit
[edit]
vyatta@vyatta-bgp1# save
Saving configuration to '/opt/vyatta/etc/config/config.boot'...
Done
On vyatta-bgp2, the settings are similar except that we have to change some addressing. Here is the resulting command line serie:
[edit]
vyatta@vyatta-bgp2# set interfaces ethernet eth0 address 192.168.2.20/24
[edit]
vyatta@vyatta-bgp2# set interfaces ethernet eth1 address 172.16.163.2/24
[edit]
vyatta@vyatta-bgp2# set interfaces ethernet eth2 address 2.2.2.2/24
[edit]
vyatta@vyatta-bgp2# set system gateway-address 192.168.2.1
[edit]
vyatta@vyatta-bgp2# set system name-server 192.168.2.1
[edit]
vyatta@vyatta-bgp2# commit
[edit]
vyatta@vyatta-bgp2# save
Saving configuration to '/opt/vyatta/etc/config/config.boot'...
Done
At this stage, the route table on vyatta-bgp1 looks like:
vyatta-bgp1:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0 1.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 172.16.163.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
and on vyatta-bgp2:
vyatta414-tpl:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0 2.2.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 172.16.163.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
And thus, the default gateway of vyatta-bgp1 and vyatta-bgp2 will be used when attempting to contact respectively 2.2.2.0/24 and 1.1.1.0/24.
We now need to set up BGP on those 2 servers to advertise new routes to each others.
As told earlier on, vyatta-bgp1 will advertise AS 1 with network 1.1.1.0/24 to its neighbor vyatta-bgp2 handling AS 2
and
vyatta-bgp2 will advertise AS 2 with network 2.2.2.0/24 to its neighbor vyatta-bgp1 handling AS 1
They will use a common password for this communication, which is BGPtutorial.
The syntax used in configuration mode is the following:
# set protocols bgp <my AS> neighbor <peer IP address> remote-as <peer AS>
# set protocols bgp <my AS> network <advertise network1>
# set protocols bgp <my AS> network <advertise network2>
....
# set protocols bgp <my AS> neighbor <peer IP address> password <bgp password>
Which on each host will give:
[edit]
vyatta@vyatta-bgp1# set protocols bgp 1 neighbor 172.16.163.2 remote-as 2
[edit]
vyatta@vyatta-bgp1# set protocols bgp 1 network 1.1.1.0/24
[edit]
vyatta@vyatta-bgp1# set protocols bgp 1 neighbor 172.16.163.2 password BGPtutorial
[edit]
vyatta@vyatta-bgp1# commit
[edit]
vyatta@vyatta-bgp1# save
Saving configuration to '/opt/vyatta/etc/config/config.boot'...
Done
At this stage, within a root shell on vyatta-bgp1, you should get the following result:
vyatta-bgp1:~# show ip bgp
BGP table version is 0, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 0.0.0.0 1 32768 i
Total number of prefixes 1
While vyatta-bgp2, which is not yet configured will display:
vyatta-bgp2:~# show ip bgp No BGP process is configured
and the route tables will not yet be modified.
Similarly on vyatta-bgp2
[edit]
vyatta@vyatta-bgp2# set protocols bgp 2 neighbor 172.16.163.1 remote-as 1
[edit]
vyatta@vyatta-bgp2# set protocols bgp 2 network 2.2.2.0/24
[edit]
vyatta@vyatta-bgp2# set protocols bgp 2 neighbor 172.16.163.1 password BGPtutorial
[edit]
vyatta@vyatta-bgp2# commit
[edit]
vyatta@vyatta-bgp2# save
Saving configuration to '/opt/vyatta/etc/config/config.boot'...
Done
From there, everything should be configured, vyatta-bgp1 will show:
vyatta@vyatta-bgp1:~$ show ip bgp
BGP table version is 0, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 0.0.0.0 1 32768 i
*> 2.2.2.0/24 172.16.163.2 1 0 2 i
Total number of prefixes 2
vyatta@vyatta-bgp1:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
S>* 0.0.0.0/0 [1/0] via 192.168.2.1, eth0
C>* 1.1.1.0/24 is directly connected, eth2
B>* 2.2.2.0/24 [20/1] via 172.16.163.2, eth1, 00:03:15
C>* 127.0.0.0/8 is directly connected, lo
C>* 172.16.163.0/24 is directly connected, eth1
C>* 192.168.2.0/24 is directly connected, eth0
vyatta@vyatta-bgp1:~$ /sbin/route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
1.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
2.2.2.0 172.16.163.2 255.255.255.0 UG 1 0 0 eth1
172.16.163.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
vyatta@vyatta-bgp1:~$
and on the other side vyatta-bgp2 will show:
vyatta@vyatta-bgp2:~$ show ip bgp
BGP table version is 0, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 172.16.163.1 1 0 1 i
*> 2.2.2.0/24 0.0.0.0 1 32768 i
Total number of prefixes 2
vyatta@vyatta-bgp2:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
S>* 0.0.0.0/0 [1/0] via 192.168.2.1, eth0
B>* 1.1.1.0/24 [20/1] via 172.16.163.1, eth1, 00:04:02
C>* 2.2.2.0/24 is directly connected, eth2
C>* 127.0.0.0/8 is directly connected, lo
C>* 172.16.163.0/24 is directly connected, eth1
C>* 192.168.2.0/24 is directly connected, eth0
vyatta@vyatta-bgp2:~$ /sbin/route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
1.1.1.0 172.16.163.1 255.255.255.0 UG 1 0 0 eth1
2.2.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
172.16.163.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
vyatta@vyatta-bgp2:~$
Mind the more verbose output given by show ip route compare to route. There you can see that there is one static route (the one we created with set system gateway-address 192.168.2.1), one BGP route and 4 connected routes (the ones for each interfaces: eth{0,1,2} and lo).