Dynamic Routing with Linux
Overview
Note: The NetFoundry zLAN firewall does not manage dynamic routing. Customers must configure and manage their own dynamic routing using standard Linux tools and protocols. This guide provides step-by-step instructions for enabling and managing dynamic routing with common Linux routing daemons.
What is Dynamic Routing?
Dynamic routing uses protocols to automatically discover network paths and adjust routes in response to network changes. Unlike static routes, dynamic routes are updated by routing daemons and protocols such as OSPF, BGP, or RIP. Dynamic routing is commonly used when:
- Networks are large or frequently change
- Redundancy and failover are required
- Automatic route discovery is needed
Common Linux Dynamic Routing Tools
- FRRouting (FRR): Modern, full-featured routing suite supporting OSPF, BGP, RIP, and more.
- Quagga: Older routing suite, replaced by FRR but still used in some environments.
- Bird: Lightweight, flexible routing daemon supporting BGP, OSPF, and more.
Installing FRRouting (FRR)
- Ubuntu/Debian
- RedHat/CentOS/Rocky/AlmaLinux
sudo apt update
sudo apt install frr frr-pythontools
sudo dnf install frr frr-pythontools
Enabling a Routing Protocol (Example: OSPF)
-
Edit the FRR configuration file (usually
/etc/frr/frr.conf):router ospf
network 192.168.1.0/24 area 0.0.0.0 -
Enable and start FRR:
sudo systemctl enable frr
sudo systemctl start frr -
Verify OSPF routes:
vtysh -c 'show ip route ospf'
Enabling BGP (Example)
-
Edit
/etc/frr/frr.conf:router bgp 65001
bgp router-id 192.168.1.100
neighbor 192.168.1.200 remote-as 65002
network 10.0.2.0/24 -
Restart FRR:
sudo systemctl restart frr -
Verify BGP routes:
vtysh -c 'show ip bgp'
Making Dynamic Routing Persistent
-
FRR configuration files are persistent across reboots.
-
Ensure FRR is enabled to start on boot:
sudo systemctl enable frr
Summary of Commands
| Action | Command Example |
|---|---|
| Install FRR | sudo apt install frr / sudo dnf install frr |
| Edit config | sudo nano /etc/frr/frr.conf |
| Enable FRR | sudo systemctl enable frr |
| Start FRR | sudo systemctl start frr |
| Show OSPF routes | vtysh -c 'show ip route ospf' |
| Show BGP routes | vtysh -c 'show ip bgp' |
Opening Dynamic Routing Ports in the Firewall UI
Important: The NetFoundry zLAN firewall manages all firewall functions. Do not use
ufworfirewall-cmdto open ports. Use the Add/Remove Rule UI in the Console to allow traffic.
To allow traffic for common dynamic routing protocols, add rules using the UI as described in the Adding & Removing Rules guide:
-
BGP (TCP port 179):
- Type: Custom
- Protocol: TCP
- Direction: INBOUND
- Action: Allow
- Port Range: 179-179
- Source/Destination: as needed
-
RIP (UDP port 520):
- Type: Custom
- Protocol: UDP
- Direction: INBOUND
- Action: Allow
- Port Range: 520-520
- Source/Destination: as needed
For OSPF, you must enable the OSPF feature per interface in the global configuration page (see the Firewall Configuration guide).
Troubleshooting Tips
- Check FRR service status:
sudo systemctl status frr - View FRR logs:
sudo journalctl -u frr - Test protocol connectivity:
- OSPF:
vtysh -c 'show ip ospf neighbor' - BGP:
vtysh -c 'show ip bgp summary'
- OSPF:
- Confirm network interfaces:
ip link show