Zebra - a compotent substitute for dedicated Cisco routers

Contributed by jose on 2003-10-13 from the routing dept.

Bruno Henriques writes: "Hi,
I got across this:
Zebra offers a competent substitute for dedicated Cisco routers
developerworks article
http://www.zebra.org/
As said on the Zebra site:
"GNU Zebra is free software that manages TCP/IP based routing protocols. It is released as part of the GNU Project, and it is distributed under the GNU General Public License. It supports BGP-4 protocol as described in RFC1771 (A Border Gateway Protocol 4) as well as RIPv1, RIPv2 and OSPFv2. Unlike traditional, monolithic architectures and even the so-called "new modular architectures" that remove the burden of processing routing functions from the cpu and utilize special ASIC chips instead, Zebra software offers true modularity."
Currently we are developing zebra under:

GNU/Linux 2.2.X and 2.4.X
FreeBSD 4.X
FreeBSD 5.X
NetBSD 1.6.X
OpenBSD 3.X

We will support

Solaris

IPv6 support is for.

FreeBSD
NetBSD
OpenBSD
GNU/Linux

I would like to have an opinion from you guys, security and reliability-wise.

Bruno"

I've worked with Zebra a bit before but it didn't meet some of my needs. Anyone here using it in a production environment for their OpenBSD based router?

(Comments are closed)

Comments

By Brian () on 2003-10-14 01:24

I recently setup zebra on two openbsd routers to allow them to talk rip2 to a pool of five lucent ror1000 wireless routers. I installed it via ports, made a five line or so config and its worked seemlessly since.

I had originally tried to use routed (in the default install), but was unable to get it to send rip2 (it would get tables just fine tho). In debug mode, it said something like of 'host is down' when it was trying to broadcast, and nothing would be put on the wire. When I googled for this error, I found matches that pointed to a bug that had been fixed in netbsd/freebsd but that no one had experienced in openbsd. I really should look into this more and submit a bug report.
By Anonymous Coward () on 2003-10-14 01:28

I found a rogue copy of it running awhile back. I found it because I modified some routes on the cisco's and suddenly nobody could get to some internet sites (netscape.com, cnn.com, msn.com etc...). The problem was that I was using CIDR routing on the cisco's and those updates were getting pushed out over RIP to the firewall, which was running a copy of zebra that was undocumented, and really really old. It didn't understand CIDR routing and would try to route the entire class A. I ended up troubleshooting the bejezus out of it until I finally found the RIP daemon. It was frustrating. That firewall has been around so long though that I'm sure that was fixed long ago.
By Anonymous Coward () on 2003-10-13 14:32

Not too sure, but I believe that Zebra may be abandoned ... there is a fork called Quagga

http://www.quagga.net/about.php

that may be more to people's liking...
Comments
1. By Brian () on 2003-10-13 14:58
  
  Quagga seems to be two and a half months old.
  
  http://www.quagga.net/news.php
  Comments
  1. By Anonymous Coward () on 2003-10-13 19:09
    
    So?
  2. By Anonymous Coward () on 2003-10-14 02:09
    
    and Zebra has been dead for over a year.
  3. By Michal () michal@logix.cz on 2003-10-14 03:33 http://www.logix.cz/~mic/
    
    The name is new, but the codebase comes from the mature Zebra.org. Because the development of Zebra was sleeping for more than a year and patches sent to the mailing list were never applied to the CVS, some folks decided to fork. They took the last, GPLed Zebra, added many fixes and some new features, and released the result as Quagga on http://www.quagga.net - as you can see, it's not a new software. Just a new name for the good, old, but unfortunaely dead Zebra.
  4. By MotleyFool () motely@dogstar.org on 2003-10-15 09:11 mailto:motely@dogstar.org
    
    Uh, from their webpage looks like there was a release on "2003-10-08". <br> <br> From this post there appears to be a problem with compiling it on OpenBSD. <br> <br> http://lists.quagga.net/pipermail/quagga-users/2003-October/000543.html
By Anonymous Coward () on 2003-10-13 20:37

Check this out: You can run a full BGP internetwork on a single PC running Zebra on several User-Mode-Linux instances:
http://www.netkit.org
Comments
1. By bruno henriques () on 2003-10-14 10:39
  
  It looks really cool, I'll take a look.
  Thanks.
  
  Bruno
By Anonymous Coward () on 2003-10-13 23:42

We've been using it extensively for a year and a half now on some 50 odd OpenBSD machines. We've had problems with netmasks mysteriously changing on occasion, and also sometimes it just doesn't add routes you tell it to add. It shows in the zebra config, but the actual OpenBSD routing table is never told about it. Zebra's bgpd seems to work fine so far though.
By anonymoug grammar nazi () on 2003-10-14 02:05

compotent?
Comments
1. By Spelling Samurai () caffeinatedchemist@hotmail.com on 2003-10-14 08:46 mailto:caffeinatedchemist@hotmail.com
  
  That's what I was going to hop on, too.
2. By Anonymous Coward () on 2003-10-14 12:01
  
  anonymoug?
  
  And I think it's -spelling- nazi; but at least you didn't spell it grammEr. :-P
By sickness () on 2003-10-14 05:04 http://www.sickness.it

I tried zebra under openbsd and I found it good... but useless to me :(
I needed to do source routing, a thing which I achieved with iproute2 under linux.
I had a machine with 1 eth, 2 ip, 2 different gateways (one for each ip), and I needed them to reply to the tcp requests incoming by a gateway via that same gateway, not only on ONE gateway. Here are the 2 simple lines of iproute to achieve this:
/sbin/ip rule add from $LOCALIP2 table 1
/sbin/ip route add default via $GATEWAY2 table 1
no need to put the first ip and gateway here, since they are already covered by the default route :)
Comments
1. By Anonymous Coward () on 2003-10-14 12:38
  
  This is not a feature of the routing daemon, but of the systems kernel routing table.
  
  The same can be accomplished with pf(4), altho it is a little less elegant than the linux solution.
By Anonymous Coward () on 2003-10-15 03:03

Does someone here uses mrtd in production ?
It's a bgp/rip/ospf routing soft under BSD licence !
http://www.mrtd.net/

ps: there's also bird (http://bird.network.cz/), that I didn'tried but it's gpl.
By Russell Sutherland () russ@quist.ca on 2003-10-17 07:15 http://www.quist.ca

I've had very little success getting zebra/quagga
to work with OpenBSD. In particular the ospf daemon does not work. I've not tested bgpd. My experience running the same code using FreeBSD has been satisfying.

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (9)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (2)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]