Ubuntu FRR installation

From netShelter
Jump to navigation Jump to search

This is a basic guide to get a working FRR router

Requirements

- install Ubuntu 20.04, no networking or custom configuration

Networking

- after install, login, manually config non-persistant network:

ip link set xxxxx up

ip addr add x.x.x.x/24 dev xxxxx

ip ro add default via x.x.x.1/24

Kill systemd-resolved

Don't you just hate systemd-resolved? lets take back control:

cd /etc/

rm resolv.conf

ln -s ../run/systemd/resolve/resolv.conf

systemctl stop systemd-resolved

systemctl disable systemd-resolved

echo "nameserver 8.8.8.8" >> /etc/resolv.conf

Update your server

apt-get update && apt-get dist-upgrade -y

Check & Install Prerequisites

apt-get install curl gnupg2

Install FRR

FRRVER="frr-stable"

echo deb https://deb.frrouting.org/frr $(lsb_release -s -c) $FRRVER | sudo tee -a /etc/apt/sources.list.d/frr.list

curl -s https://deb.frrouting.org/frr/keys.asc | apt-key add -

apt-get update

apt-get install frr frr-snmp screen ntp iotop iftop net-tools sudo frr-rpki-rtrlib -y

Install ifupdown2 and remove netplan

apt-get install ifupdown

systemctl stop systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online

systemctl disable systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online

apt -y purge netplan.io

cd /root

mkdir ifupdown2-install

cd ifupdown2-install

apt-get install build-essential devscripts dh-systemd fakeroot python3-all python3-docutils iproute2 python3-ipaddr python3-setuptools dh-python

git clone git://github.com/CumulusNetworks/ifupdown2

cd ifupdown2 && git checkout master && make deb

cd ..

dpkg -i ifupdown2_3.0.0-1_all.deb && reboot


You can configure networking in /etc/network/interfaces after the reboot for network persistance, use ifreload -a to commit your changes. Don't forget MOSS-IX runs at a 8000 MTU network.

Update kernel settings

replace /etc/sysctl.conf with the following content.

# Routing

net.ipv6.route.max_size=13107200

net.ipv4.conf.all.ignore_routes_with_linkdown=1

net.ipv6.conf.all.ignore_routes_with_linkdown=1

net.ipv4.conf.all.rp_filter = 0

net.ipv4.conf.default.rp_filter = 0

  1. Best Settings for Peering w/ BGP Unnumbered and OSPF Neighbors

net.ipv4.conf.all.forwarding = 1

net.ipv4.conf.default.forwarding = 1

net.ipv6.conf.all.forwarding = 1

net.ipv6.conf.default.forwarding = 1

net.ipv4.icmp_errors_use_inbound_ifaddr=1

  1. Garbage Collection Settings for ARP and Neighbors

net.ipv4.neigh.default.gc_thresh2=8192

net.ipv4.neigh.default.gc_thresh3=16384

net.ipv4.neigh.default.base_reachable_time_ms=14400000

net.ipv6.neigh.default.gc_thresh2=8192

net.ipv6.neigh.default.gc_thresh3=16384

net.ipv6.neigh.default.base_reachable_time_ms=14400000

  1. Use neigh information on selection of nexthop for multipath hops

net.ipv4.fib_multipath_use_neigh=1

  1. Allows Apps to Work with VRF

net.ipv4.tcp_l3mdev_accept=1

  1. ARP REPLYS only from the local address assigned on the incomming interface

net.ipv4.conf.all.arp_ignore=1

net.ipv4.conf.default.arp_ignore=1

  1. Always choose best source if this host trys to reach a target

net.ipv4.conf.all.arp_announce=1

net.ipv4.conf.default.arp_announce=1

  1. Buffer tweaks

net.core.rmem_default=8388608

net.core.rmem_max=8388608

net.core.netdev_max_backlog=5000

  1. Security tweaks

net.ipv4.icmp_echo_ignore_broadcasts=1

net.ipv4.icmp_ignore_bogus_error_responses=1

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_max_syn_backlog = 2048

net.ipv4.tcp_synack_retries = 3

net.ipv4.conf.all.accept_source_route = 0

net.ipv4.conf.default.accept_source_route  = 0

net.ipv4.tcp_rmem = 4096 87380 8388608

net.ipv4.tcp_wmem = 4096 87380 8388608

net.ipv4.tcp_window_scaling = 1

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.default.accept_redirects = 0

net.ipv4.conf.all.secure_redirects = 0

net.ipv4.conf.default.secure_redirects = 0

net.ipv6.conf.default.accept_ra_rtr_pref = 0

net.ipv6.conf.all.accept_ra_rtr_pref = 0

net.ipv6.conf.default.accept_ra_pinfo = 0

net.ipv6.conf.all.accept_ra_pinfo = 0

net.ipv6.conf.default.accept_ra_defrtr = 0

net.ipv6.conf.all.accept_ra_defrtr = 0

net.ipv6.conf.default.autoconf = 0

net.ipv6.conf.all.autoconf = 0

net.ipv6.conf.default.dad_transmits = 0

net.ipv6.conf.all.dad_transmits = 0

    1. ICMP LIMITS

net.ipv4.icmp_msgs_per_sec = 2500

net.ipv4.icmp_ratelimit = 0

net.ipv6.icmp.ratelimit = 0

Retrieved from "https://wiki.services.netshelter.org/index.php?title=Ubuntu_FRR_installation&oldid=12"