Use FreeBSDs quagga package for use of OSPF and BGP
-
I was out on vacation last week. I don't see anything holding that one up, probably just that there wasn't someone with free time to do a final review+merge.
OK, I'll keep an eye on github if any changes are necessary.
-
I was out on vacation last week. I don't see anything holding that one up, probably just that there wasn't someone with free time to do a final review+merge.
Any idea what's holding this up? I've made a number of changes since the last submission and didn't want to start another pull request until the previous one was merged.
Thanks!
-
Mostly waiting on anyone else to test it and make sure it's OK before it gets committed.
-
I'm going to install PFSense on a box with a bunch of SFP+ ports and really want to use it for BGP. I found this thread and it was like a dream come true with BGP and OSPF!!!!
@admins can we push this through :)
Thanks guys!!
-
It was merged two weeks ago. It's already in there now.
-
Fantastic. I'm going to attempt to use this instead of VyOS or RouterOS. I love PFSense to be honest but i never tried to use it as a Core Edge Router before so this is new!
Thanks everyone!!
-
tdale sent me a message directly asking how to use the new BGP functionality in Quagga. I'm pasting the message I sent him here for everyone's future reference.
–-----------
The latest version of the package (0.6.20) has my changes rolled in! The BGP config is entirely manual. We have the customized package running on close to 30 pfSenae FWs in our environment and so far it's working pretty well. I'm going to submit the latest version pretty soon that more gracefully handles high availability situations by keeping both units in the pair active but re standby unit is automatically set to a really high OSPF cost or in the case of BGP, it inserts a pretending route map to make the path longer. I have the OSPF side working in production for the last month now and it's awesome.
As for how to use the plugin, what I do is setup a super basic OSPF config - setup an interface, on the interfaces page, then on the main page set a router id (I create alias on my loopback address and use that as you would with a traditional router - you can do this in the virtual IP section under the firewall dropdown) and enable logging.
Once you've done that, the quagga daemon starts up at which point I switch over to the CLI via SSH. The command to run from the CLI is "vtysh". The first thing I do is set the terminal length to 0 using the "terminal length 0" command due to some hinkyness with the app. At this point, you're dealing with a front end similar to a Cisco IOS 12.x and you can do whatever you want in there.
Do note that due to how md5 encryption is handled for BGP, you must set your source (your firewall) and destination (BGP peer) addresses and password in the quagga -> raw config page. Note that due to a glitch in the pfsense package editor, if you have more than one password, you will have to enter it and save it twice. It's a glitch beyond this pagkage but I hope to fix it soon. .
The important part to know is that running the "write mem" command does NOT save your config to the pfSense /conf/config.xml file however I made a very easy method to save your config permanently - you go to the Quagga OSPF plugin in the GUI and go to the raw config page. There you see 2 text boxes for each daemon. The "saved" config is what is loaded when quagga is started - this is pulled from /conf/config.xml - and a "running"config that is config you saved when you ran "write mem" from within the vtysh app. If a pair of boxes is orange, your saved and running configs do not match. If they are green, they are the same. You can click the "copy" button below the "running" config for each daemon and then go down to the bottom did the page and hit "saved. This reloads quagga and its daemons with your newly saved config!
Due to the way that quagga puts configs in different files I prefer to work from vtysh so that the configs are normalized, but I do occasionally make manual changes.
Hope this helps and I'd love to hear ideas to make this work better!
-
So right after i submitted this last update, i realized that "frr" (in many ways Quagga's successor) was just released by the pfSense team and it incorporates everything that the quagga package has including IS-IS and a GUI front end for all protocols. I'll be running this in my lab by the end of the day and applying my yet-unsubmitted quagga mods to this package now :D
In short, i highly suggest checking out the frr package, i suspect i'll be adopting it widely soon.
quad
-
frr is still in testing but I've been working on it for a few weeks now. It has numerous improvements over the Quagga package. It doesn't do IS-IS (yet?) but it does do BGP, OSPF, and OSPF6 in the GUI without the need for manual configuration. Though you can still manually configure it if you like.
I've still got a few things left to do like input validation
-
frr is still in testing but I've been working on it for a few weeks now. It has numerous improvements over the Quagga package. It doesn't do IS-IS (yet?) but it does do BGP, OSPF, and OSPF6 in the GUI without the need for manual configuration. Though you can still manually configure it if you like.
I've still got a few things left to do like input validation
Good to know. Does FRR support multiple ospf instances/processes? I know Cumulus had made it work with quagga. This would be pretty beneficial in my environment.
-
No, it only supports one instance of OSPF or BGP, FRR may be capable of multiple but setting that up would be a lot more work for very little benefit considering how much it would be used.
-
No, it only supports one instance of OSPF or BGP, FRR may be capable of multiple but setting that up would be a lot more work for very little benefit considering how much it would be used.
Good to know. Sounds like I may have a new challenge for myself ;)