Thursday, 24 May 2012

Quagga Basic Configuration

A very basic guide to getting quagga up and running (I did this in a virtualbox environment using a Ubuntu  Mini ISO - if you do a minimal install with no xserver and 128MB RAM it runs just fine).

First install quagga:
#sudo apt-get install quagga

Quagga configuration files are contained in /etc/quagga. Before doing anything you will find two files in there called daemons and debian.conf. Open daemons:

#sudo nano /etc/quagga/daemons

Here you can configure which routing protocol daemons you want to use. Scroll down to the bottom of the file and change any entries to YES for daemons you wish to use - Zebra should be enabled as a minimum. For example to use RIP and BGP you would configure as follows:

zebra=yes
bgpd=yes
ripd=yes

Everything else can be left as NO. Save the file and exit (CTRL X and "yes" to save)

Before starting quagga you need to create a configuration file for each of the daemons specified above. The files need to be writable or you can't save your config:

#cd /etc/quagga
#sudo touch zebra.conf bgpd.conf ripd.conf
#sudo chmod 777 /etc/quagga/*.conf

Edit the zebra.conf file:

#sudo nano /etc/quagga/zebra.conf

Add the line:

password password

This sets your password to "password" - feel free to choose a more cryptic password if you are feeling adventurous. Save the file and exit (CTRL X and "yes" to save).

We can now start quagga:

#sudo /etc/init.d/quagga start

You can access quagga by going to:

#telnet localhost zebra

This is a bare minimum configuration to get things started - there is still lots more to do from here but this will at least get the services running and allow you to login.

Friday, 11 May 2012

Automate Config Backups - Cisco and Ubuntu

This post shows you how to automate backing up your Cisco config to a remote TFTP server. For this recipe you will need:

  • Cisco router /switch running IOS with support for "kron" and "archive" commands
  • Ubuntu PC 
  • IP Connectivity between the Cisco and the Ubuntu PC
First install atftpd on your Ubuntu PC:

sudo apt-get install atftpd

Edit the atftpd config file:

sudo nano /etc/default/atftpd

Change:

USE_INETD=true
to
USE_INETD=false

Note the location that atftpd stores files written to the server is defined as the last entry in the OPTIONS line in this file. Default is /srv/tftp. You don't need to change this unless you really want to do so.

Start the service:

sudo service atftpd start

The service is now running, you can verify this with the command:

sudo ps -A | grep atftpd
 1519 ?        00:00:00 atftpd

The bit in red shows that the atftpd process is running and the number 1519 refers to PID.

Logon to your Cisco device - first we will verify that we can write our config to our new TFTP server. Issue the command:

MyRouter#cop run tftp:
Address or name of remote host []? 192.168.0.1
Destination filename [MyRouter-confg]?
!!
4165 bytes copied in 5.228 secs (797 bytes/sec)

What just happened here? You issue the command "copy run tftp" which means copy the running config to a tftp server. The cli asked you for the address of the remote server (192.168.0.1). The cli then asks you for the filename you wish to write to on the server - by default it will use your router hostname and append "confg" hence MyRouter-confg in this case. The two !s show that the file is being copied over and the cli tells you how long it took.

If you now go back to your server and do a directory listing of our tftp folder you should see your file there:

bob@fossil.org:~$  ls -la   /srv/tftp/ | grep MyRouter
-rw-r--r-- 1 nobody nogroup 4165 2012-05-11 16:06 MyRouter-confg

So we know tftp server and client bits work. Now to automate it.

We use the archive command:

MyRouter#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
MyRouter(config)#archive
MyRouter(config-archive)#path tftp://192.168.0.1/MyRouter.cfg

The archive command will now write the config to the tftp server when you issue the archive config command. Try it:

MyRouter#archive config
!!

You can then use the command show archive to see the history of archived configs. 

The second part of this is to schedule the archiving to take place using the kron command:

MyRouter(config)#kron policy-list MyKronPolicy
MyRouter(config-kron-policy)#cli archive config
MyRouter(config-kron-policy)#exit
MyRouter(config)#kron occurrence MyKron at 20:00 recurring

So what does this mean? Here we have created a kron policy list which issues the command archive config, We have then created a kron entry to run this policy at 20:00 every day. There are other options for when you can run the command - either as a one off or in a given amount of time from now. You can check your kron table with the command:

MyRouter#show kron schedule
Kron Occurrence Schedule
MyKron inactive, will run again in 0 days 04:23:43 at 20:00 on

This shows the next time that the kron entry will be run. If your Cisco device is not using NTP and your clock is set incorrectly you may get a warning about the clock being wrong.

And that is it. You should now have your config backed up automatically every day at 20:00. The archive command is clever enough to increment the filename so you don't overwrite your previous entry each time.