====== BGP/OSPF/RIP/ISIS/BABEL lab with FRRouting======

This Labs is done with BSDRP under qemu and it explains how to use BSDRP using FRRouting (Quagga fork).

===== Presentation =====

==== Network diagram ====

Here is the logical and physical view:

{{:documentation:examples:simple_bgp-rip-ospf_lab.png|}}
===== Setting-up the lab =====

==== Downloading BSD Router Project images ====

Download BSDRP serial image (prevent to have to use an X display) on Sourceforge.

==== Download Lab scripts =====

More information on these BSDRP lab scripts available on [[documentation:examples:How to build a BSDRP router lab]].



===== Routers configuration =====
=== VM mode: 7 VMs ===

All these routers can be configured with labconfig tool (use it only on a lab, because it will replace your current running configuration):

Start the lab with 7 routers, here is an example with VirtualBox:

<code>./BSDRP-lab-vbox.sh -i BSDRP-1.97-full-amd64-serial.img.xz -n 7</code>

Then on each:
<code>
labconfig frr_vm[VM-NUMBER]
</code>

=== Jail mode: 1 VM running 7 jails ===


Or just using one router:
<code>./BSDRP-lab-vbox.sh -i BSDRP-1.97-full-amd64-serial.img.xz -n 1</code>


Then you can use the jail/vnet version with command:
<code>
labconfig frr_jails
</code>
==== Router 1 ====

<code>
sysrc hostname=router1 \
  cloned_interfaces=lo1 \
  ipsec_enable=YES \
  ipsec_file="/etc/ipsec.conf" \
  frr_vtysh_boot=YES \
  frr_enable=yes
cat <<EOF > /etc/ipsec.conf
flush ;
add 192.168.12.1 192.168.12.2 tcp 0x1000 -A tcp-md5 "abigpassword" ;
add 192.168.12.2 192.168.12.1 tcp 0x1001 -A tcp-md5 "abigpassword" ;
add -6 2001:db8:12::1 2001:db8:12::2 tcp 0x1002 -A tcp-md5 "abigpassword" ;
add -6 2001:db8:12::2 2001:db8:12::1 tcp 0x1003 -A tcp-md5 "abigpassword" ;
EOF

cat > /usr/local/etc/frr/frr.conf <<EOF
log syslog
!
interface lo1
 ip address 192.168.10.1/24
 ipv6 address 2001:db8:10::1/64
!
interface vtnet0
 ip address 192.168.12.1/24
 ipv6 address 2001:db8:12::1/64
!
router bgp 12
 bgp router-id 192.168.10.1
 neighbor 192.168.12.2 remote-as 12
 neighbor 192.168.12.2 bfd
 neighbor 192.168.12.2 password abigpassword
 neighbor 2001:db8:12::2 remote-as 12
 neighbor 2001:db8:12::2 bfd
 neighbor 2001:db8:12::2 password abigpassword
 !
 address-family ipv4 unicast
  network 192.168.10.0/24
  neighbor 192.168.12.2 soft-reconfiguration inbound
  no neighbor 2001:db8:12::2 activate
 exit-address-family
 !
 address-family ipv6 unicast
  network 2001:db8:10::/64
  neighbor 2001:db8:12::2 activate
  neighbor 2001:db8:12::2 soft-reconfiguration inbound
 exit-address-family
!
bfd
 peer 2001:db8:12::2 local-address 2001:db8:12::1
  no shutdown
 !
 peer 192.168.12.2
  no shutdown
 !
!
EOF
hostname router1
service netif restart
service ipsec start
service frr start
config save
</code>
==== Router 2 ====

<code>
sysrc hostname=router2
sysrc ipsec_enable=YES
sysrc ipsec_file="/etc/ipsec.conf"
sysrc frr_enable=YES
cat <<EOF > /etc/ipsec.conf
flush ;
add 192.168.12.1 192.168.12.2 tcp 0x1000 -A tcp-md5 "abigpassword" ;
add 192.168.12.2 192.168.12.1 tcp 0x1001 -A tcp-md5 "abigpassword" ;
add -6 2001:db8:12::1 2001:db8:12::2 tcp 0x1002 -A tcp-md5 "abigpassword" ;
add -6 2001:db8:12::2 2001:db8:12::1 tcp 0x1003 -A tcp-md5 "abigpassword" ;
EOF
cat > /usr/local/etc/frr/frr.conf <<EOF
log syslog
!
key chain rippass
 key 1
  key-string rippassword
 key 1
  key-string rippassword
!
interface vtnet0
 ip address 192.168.12.2/24
 ipv6 address 2001:db8:12::2/64
!
interface vtnet1
 ip address 192.168.23.2/24
 ip rip authentication key-chain rippass
 ip rip authentication mode md5
 ipv6 address 2001:db8:23::2/64
!
router rip
 network vtnet1
 redistribute bgp
 redistribute connected
 version 2
!
router ripng
 network vtnet1
 redistribute bgp
 redistribute connected
!
router bgp 12
 bgp router-id 192.168.10.2
 neighbor 192.168.12.1 remote-as 12
 neighbor 192.168.12.1 bfd
 neighbor 192.168.12.1 password abigpassword
 neighbor 2001:db8:12::1 remote-as 12
 neighbor 2001:db8:12::1 bfd
 neighbor 2001:db8:12::1 password abigpassword
 !
 address-family ipv4 unicast
  network 192.168.12.0/24
  redistribute rip
  neighbor 192.168.12.1 next-hop-self
  neighbor 192.168.12.1 soft-reconfiguration inbound
  no neighbor 2001:db8:12::1 activate
 exit-address-family
 !
 address-family ipv6 unicast
  network 2001:db8:12::/64
  redistribute ripng
  neighbor 2001:db8:12::1 activate
  neighbor 2001:db8:12::1 soft-reconfiguration inbound
 exit-address-family
!
bfd
 peer 192.168.12.1
  no shutdown
 !
 peer 2001:db8:12::1 local-address 2001:db8:12::2
  no shutdown
 !
!
EOF

hostname router2
service ipsec start
service frr start
config save
</code>
==== Router 3 ====

<code>
sysrc hostname=router3
sysrc frr_enable=YES
cat > /usr/local/etc/frr/frr.conf <<EOF
log syslog
!
key chain rippass
 key 1
  key-string rippassword
 key 1
  key-string rippassword
!
interface vtnet1
 ip address 192.168.23.3/24
 ip rip authentication key-chain rippass
 ip rip authentication mode md5
 ipv6 address 2001:db8:23::3/64
!
interface vtnet2
 ip address 192.168.34.3/24
 ip ospf bfd
 ip ospf message-digest-key 1 md5 superpass
 ipv6 address 2001:db8:34::3/64
 ipv6 ospf6 bfd
!
router rip
 network vtnet1
 redistribute connected
 redistribute ospf
 version 2
!
router ripng
 network vtnet1
 redistribute connected
 redistribute ospf6
!
router ospf
 ospf router-id 3.3.3.3
 redistribute connected
 redistribute rip
 network 192.168.34.0/24 area 0.0.0.0
 area 0.0.0.0 authentication message-digest
!
router ospf6
 redistribute connected
 redistribute ripng
 interface vtnet2 area 0.0.0.0
!
bfd
 peer 2001:db8:34::4 local-address 2001:db8:34::3
  no shutdown
 !
 peer 192.168.34.4
  no shutdown
 !
!
EOF

hostname router3
service frr start
config save
</code>
==== Router 4 ====

<code>
sysrc hostname=router4
sysrc frr_enable=YES
cat > /usr/local/etc/frr/frr.conf <<EOF
log syslog
!
interface vtnet2
 ip address 192.168.34.4/24
 ip ospf bfd
 ip ospf message-digest-key 1 md5 superpass
 ipv6 address 2001:db8:34::4/64
 ipv6 ospf6 bfd
!
interface vtnet3
 ip address 192.168.45.4/24
 ip router isis BSDRP
 ipv6 address 2001:db8:45::4/64
 ipv6 router isis BSDRP
 isis circuit-type level-2-only
!
router ospf
 ospf router-id 4.4.4.4
 redistribute connected
 redistribute isis
 network 192.168.34.0/24 area 0.0.0.0
 area 0.0.0.0 authentication message-digest
!
router ospf6
 redistribute connected
 redistribute isis
 interface vtnet2 area 0.0.0.0
!
router isis BSDRP
 is-type level-1-2
 net 49.0000.0000.0004.00
 redistribute ipv4 ospf level-2
 redistribute ipv4 connected level-2
 redistribute ipv6 ospf6 level-2
 redistribute ipv6 connected level-2
!
bfd
 peer 2001:db8:34::3 local-address 2001:db8:34::4
  no shutdown
 !
 peer 192.168.34.3
  no shutdown
 !
!
EOF

hostname router4
service frr start
config save
</code>

==== Router 5 ====

<code>
sysrc hostname=router5
sysrc frr_enable=YES
cat > /usr/local/etc/frr/frr.conf <<EOF
log syslog
!
interface vtnet3
 ip address 192.168.45.5/24
 ip router isis BSDRP
 ipv6 address 2001:db8:45::5/64
 ipv6 router isis BSDRP
 isis circuit-type level-2-only
!
interface vtnet4
 ip address 192.168.56.5/24
 ip router isis BSDRP
 ipv6 address 2001:db8:56::5/64
 ipv6 router isis BSDRP
 isis circuit-type level-2-only
 isis passive
!
router babel
 network vtnet3
 network vtnet4
 redistribute ipv4 isis
 redistribute ipv6 isis
!
router isis BSDRP
 is-type level-1-2
 net 49.0000.0000.0005.00
 redistribute ipv4 babel level-2
 redistribute ipv6 babel level-2
!
EOF
hostname router5
service netif restart
service frr start
config save
</code>

==== Router 6 ====

<code>
sysrc hostname=router6
sysrc frr_enable=YES
cat > /usr/local/etc/frr/frr.conf <<EOF
log syslog
!
ip route 192.168.70.0/24 192.168.67.7
ipv6 route 2001:db8:70::/64 2001:db8:67::7
!
interface vtnet4
 ip address 192.168.56.6/24
 ipv6 address 2001:db8:56::6/64
!
interface vtnet5
 ip address 192.168.67.6/24
 ipv6 address 2001:db8:67::6/64
!
router babel
 network vtnet4
 redistribute ipv4 connected
 redistribute ipv4 static
 redistribute ipv6 connected
 redistribute ipv6 static
!
EOF
hostname router6
service netif restart
service frr start
config save
</code>

==== Router 7 ====

<code>
sysrc hostname=router7
sysrc cloned_interfaces=lo1
sysrc frr_enable=YES
cat > /usr/local/etc/frr/frr.conf <<EOF
log syslog
!
ip route 0.0.0.0/0 192.168.67.6
ipv6 route ::/0 2001:db8:67::6
!
interface lo1
 ip address 192.168.70.7/24
 ipv6 address 2001:db8:70::7/64
!
interface vtnet5
 ip address 192.168.67.7/24
 ipv6 address 2001:db8:67::7/64
!
EOF
hostname router7
service netif restart
service frr start
config save
</code>
===== Final testing =====

Ping router7 loopback from router1 loopback:

<code>
[root@router1]~# ping -c 4 -S 192.168.10.1 192.168.70.7
PING 192.168.70.7 (192.168.70.7) from 192.168.10.1: 56 data bytes
64 bytes from 192.168.70.7: icmp_seq=0 ttl=59 time=0.580 ms
64 bytes from 192.168.70.7: icmp_seq=1 ttl=59 time=0.559 ms
64 bytes from 192.168.70.7: icmp_seq=2 ttl=59 time=0.542 ms
64 bytes from 192.168.70.7: icmp_seq=3 ttl=59 time=0.541 ms

--- 192.168.70.7 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.541/0.555/0.580/0.016 ms

[root@router1]~# ping -c 4 -S 2001:db8:10::1 2001:db8:70::7
PING6(56=40+8+8 bytes) 2001:db8:10::1 --> 2001:db8:70::7
16 bytes from 2001:db8:70::7, icmp_seq=0 hlim=59 time=0.607 ms
16 bytes from 2001:db8:70::7, icmp_seq=1 hlim=59 time=0.570 ms
16 bytes from 2001:db8:70::7, icmp_seq=2 hlim=59 time=0.526 ms
16 bytes from 2001:db8:70::7, icmp_seq=3 hlim=59 time=0.555 ms

--- 2001:db8:70::7 ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.526/0.565/0.607/0.029 ms
</code>

Don't forget to "force" the source IP address to use the loopback, otherwise router1 will use the output NIC IP address as source.