Traffic classification using BGP (a quagga+realms approach)

Realms patch – Quagga 0.98.6

Stable: quagga-0.98.6-realms.diff
Development: quagga-0.99.5-realms.diff
Updated versions (>0.99.5) http://linux.mantech.ro/quagga+realm_en.html

This patch enables Linux route realms support in quagga 0.98.6
I started with Arcady Stepanov’s patch for zebra 0.93b http://win.mol.ru/penguin/zebra-hacks/, adapted it to quagga 0.98.4 interface and added some useful features.
The following commands are supported:

  • Route-map
    • bgpd(config-route-map)# set realm
        <1-255>    Realm id for Linux FIB routes
        WORD       Realm name for Linux FIB routes
        origin-as  Use route origin AS as realm id
        peer-as    Use route peer AS as realm id

    • bgpd(config-route-map)# no set realm
        <0-255>    Realm value
        WORD       Realm name
        origin-as  Origin AS - realm
        peer-as    Peer AS - realm
        <cr>

  • Neighbor
    • bgpd(config-router)# neighbor x.x.x.x realm
        <0-255>    default realm id
        WORD       default realm name
        origin-as  Set default realm to received route origin AS
        peer-as    Set default realm to peer AS

    • bgpd(config-router)# no neighbor x.x.x.x realm
        <0-255>    default realm id
        WORD       default realm name
        origin-as  Set default realm to received route origin AS
        peer-as    Set default realm to peer AS
        <cr>

Note:

’set realm origin-as’ was added with inter-AS traffic accounting in mind. For now, this is possible only with the iptables realm match which can match on the full 16bit realm value. The current realm accounting code in the kernel (rtacct – /proc/net/rt_acct) supports only 256 values for realms, and displays incorrect statistics.

Bugs/suggestions should go to: vcalinusATgemenii.ro

Brief usage guide…

0. kernel support (if you want to classify traffic into htb classes using tc)

CONFIG_NET_CLS_ROUTE=y

1. /eetc/iproute2/rt_realms

Assign meaningful names to realm numbers...

user@router:/# cat /eetc/iproute2/rt_realms

10 localnet
20 metro-isp
22 metro-other
30 international

2. compile/install quagga

Stable Quagga 0.98.6
quagga 0.98.6 - official release
+
quagga 0.98.6 realms patch
Big thanks to Alin Nastac for updating the patch to 0.98.6!

Patch for development Quagga 0.99.5
quagga-0.99.5-realms.diff
Older patches
quagga-0.98.5-realms.diff quagga-0.98.4-realms.diff quagga-0.98.3-realms.diff Remember to use ./configure --enable-realms 3. BGP CONFIGURATION a possible bgp setup: (if you hold the full routing table - replace defgw with a match on the desired community) AS-regexp match is also possible neighbor xxx.xxx.xxx.xxx remote-as XXXXX neighbor xxx.xxx.xxx.xxx soft-reconfiguration inbound neighbor xxx.xxx.xxx.xxx route-map isp_in in ip prefix-list defgw seq 5 permit 0.0.0.0/0 ip community-list standard metro-isp permit XXXXX:comm1 ip community-list standard metro-other permit XXXXX:comm2 route-map isp_in permit 10 match ip address prefix-list defgw set realm 30 ! route-map isp_in permit 20 match community metro-isp set realm 20 ! route-map isp_in permit 30 match community metro-other set realm 22 ! route-map isp_in permit 40 3.1 'ip route sh' will show kernel routes - they should have the realms specified in the route-map something like.... 62.217.192.0/18 via 193.19.192.65 dev eth1 proto zebra equalize realm 20 82.137.0.0/18 via 172.16.100.1 dev eth2 proto zebra equalize realm 22 84.243.64.0/18 via 172.16.100.1 dev eth2 proto zebra equalize realm 20 82.208.128.0/18 via 193.19.192.65 dev eth1 proto zebra equalize realm 22 4. iptables Can be used in FORWARD or POSTROUTING (remember that realms are valid only after the forwarding decision) Download: match default route, community 1, and community 2 sets -A FORWARD -i eth3 -m realm --realm 0x1e0000/0xffff0000 -j sometarget... -A FORWARD -i eth3 -m realm --realm 0x140000/0xffff0000 -j sometarget... -A FORWARD -i eth3 -m realm --realm 0x160000/0xffff0000 -j sometarget... Upload: match default route, community 1, and community 2 sets -A FORWARD -o eth3 -m realm --realm 0x1e/0xffff -j sometarget... -A FORWARD -o eth3 -m realm --realm 0x14/0xffff -j sometarget... -A FORWARD -o eth3 -m realm --realm 0x16/0xffff -j sometarget... (realms 30,20 and 22 are specified in hexadecimal) 5. tc Excerpt from LARTC # ip route add 192.168.2.0/24 dev eth2 realm 2 # tc filter add dev eth1 parent 1:0 protocol ip prio 100 route from 2 classid 1:2 Here the filter specifies that packets from the subnetwork 192.168.2.0 (realm 2) will match class id 1:2. You can also find useful QoS stuff at: http://kernel.umbrella.ro/net/ 6. what are realms after all? Realms are 16bit integer values used to group routes into sets, according to some defined policy. Each route in the set will have the same realm. Each packet routed will have a 32bit integer value specifying a source and a destination realm. (they may be 0 - or unknown) On the leftmost 16bits you will find the source realm, on the rightmost 16bits the destination realm. More info: http://www.policyrouting.org/iproute2.doc.html#ss9.9

6 comments to Traffic classification using BGP (a quagga+realms approach)

  • Geek

    I have a question.. Can you limit the upload/download on the same interface?

  • Usually only one direction is shaped on the same interface. You can use IMQ (http://www.linuximq.net/) as a target to the iptables rules to perform shaping.

  • Geek

    Hi. It’s me again. I have another question, that keeps bugging me. Let’s say that I want to limit the upload/download using the marks (that are working). But, I can only limit upload because eth3 from the example is the interface that connects to the Internet. Now, the question: how can I use the download marks from eth3 in order to limit download on another interface (without using IMQ), that points to the network (let’s say eth2)? I thought about modifying the TOS, DSCP, but I am thinking that there must be an easier way to do this (I must be missing something). Thank you for your previous quick answer.

  • Without using IMQ you could try to use the route classifier in the tc rules on eth2. Go to http://lartc.org/howto/lartc.adv-filter.route.html and see if it works for your setup.

  • Ionut

    Hi. I have a question.. and it also might be a bit unrelated to this page but i am out of options so… i know this blog is 2009 but i have a huge issue and i don’t know what to do. I am trying HARD to compile quagga with realms on an ubuntu 11.10 however i keep having a lot of issues. the make fails for some builds and for others the configure.ac with max recursive 1024 error. Anyway if u ever did this on an ubuntu and have any advice at all for me i would appreciate it A LOT! Thank you in advance!

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>