Zum Inhalt springen
1337skills 1337skills - Referenzen

FRR Cheat Sheet

Overview

Free Range Routing (FRR) is an open-source Internet routing protocol suite for Linux and Unix platforms. It implements BGP, OSPF (v2 and v3), RIP, IS-IS, PIM, LDP, BFD, Babel, PBR, OpenFabric, VRRP, EIGRP, and NHRP through individual daemons coordinated by the zebra routing manager. FRR uses a Cisco IOS-like CLI (vtysh) familiar to network engineers, making it accessible to those transitioning from traditional network hardware. It evolved from the Quagga project and is actively maintained by a consortium including NVIDIA/Cumulus, VMware, and major network operators.

FRR is the default routing stack for Cumulus Linux, SONiC, DENT, and other network operating systems. It is widely used in data center networking for BGP EVPN/VXLAN fabrics, segment routing, and MPLS. The zebra daemon manages the kernel routing table and provides a common API for all protocol daemons to install and redistribute routes. FRR supports VRF (Virtual Routing and Forwarding), route maps, prefix lists, community lists, and extensive policy controls. It integrates with the Linux kernel’s networking stack for ECMP, VRF devices, VXLAN, and SR-MPLS.

Installation

Package Installation

# Ubuntu/Debian
sudo apt install frr frr-pythontools

# RHEL/CentOS/Rocky
sudo dnf install frr frr-selinux

# From official repo (latest stable)
curl -s https://deb.frrouting.org/frr/keys.gpg | sudo tee /usr/share/keyrings/frrouting.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/frrouting.gpg] https://deb.frrouting.org/frr $(lsb_release -s -c) frr-stable" | sudo tee /etc/apt/sources.list.d/frr.list
sudo apt update && sudo apt install frr frr-pythontools

Enable Daemons

# /etc/frr/daemons
bgpd=yes
ospfd=yes
ospf6d=yes
isisd=no
ripd=no
babeld=no
bfdd=yes
fabricd=no
ldpd=no
pathd=no
pbrd=no
pimd=no
vrrpd=no
zebra=yes

# Restart FRR
sudo systemctl restart frr
sudo systemctl enable frr

Core Commands (vtysh)

CommandDescription
vtyshEnter the FRR CLI shell
show running-configDisplay full running config
show ip routeShow IPv4 routing table
show ipv6 routeShow IPv6 routing table
show ip bgp summaryBGP neighbor summary
show ip bgpFull BGP table
show ip ospf neighborOSPF neighbor table
show ip ospf databaseOSPF LSDB
show interfaceInterface status
show bfd peersBFD session status
write memorySave configuration
configure terminalEnter config mode

CLI Navigation

# Enter vtysh
sudo vtysh

# Show routes
show ip route
show ip route 10.0.0.0/8 longer-prefixes
show ip route vrf CUSTOMER1

# Show BGP details
show ip bgp 203.0.113.0/24
show ip bgp neighbors 10.0.0.2 advertised-routes
show ip bgp neighbors 10.0.0.2 received-routes
show ip bgp community 64500:100

# Debug (use with caution)
debug bgp updates
debug ospf packet all
no debug all

BGP Configuration

sudo vtysh
configure terminal

# BGP basic setup
router bgp 64500
 bgp router-id 10.0.0.1
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 bgp bestpath as-path multipath-relax

 # eBGP neighbor
 neighbor 203.0.113.1 remote-as 64501
 neighbor 203.0.113.1 description "ISP Transit"
 neighbor 203.0.113.1 password bgpsecret
 neighbor 203.0.113.1 timers 10 30
 neighbor 203.0.113.1 update-source lo

 # iBGP neighbor with route reflector
 neighbor 10.0.0.2 remote-as 64500
 neighbor 10.0.0.2 update-source lo
 neighbor 10.0.0.2 next-hop-self

 # Peer group
 neighbor PEERS peer-group
 neighbor PEERS remote-as external
 neighbor PEERS send-community both
 neighbor 198.51.100.1 peer-group PEERS
 neighbor 198.51.100.2 peer-group PEERS

 # Address family
 address-family ipv4 unicast
  neighbor 203.0.113.1 activate
  neighbor 203.0.113.1 route-map IMPORT-ISP in
  neighbor 203.0.113.1 route-map EXPORT-ISP out
  neighbor 203.0.113.1 prefix-list BOGONS in
  neighbor 203.0.113.1 maximum-prefix 500000 warning-only
  network 10.10.0.0/24
  redistribute static route-map STATIC-TO-BGP
 exit-address-family

 address-family ipv6 unicast
  neighbor 2001:db8::1 activate
 exit-address-family
exit

write memory

OSPF Configuration

configure terminal

# Interface costs
interface eth0
 ip ospf cost 10
 ip ospf hello-interval 10
 ip ospf dead-interval 40
 ip ospf network point-to-point
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 ospfpass
exit

interface eth1
 ip ospf passive
exit

# OSPF process
router ospf
 ospf router-id 10.0.0.1
 redistribute bgp route-map BGP-TO-OSPF
 passive-interface default
 no passive-interface eth0
 network 10.0.0.0/30 area 0
 network 10.10.0.0/24 area 0
 area 1 nssa
 area 1 range 10.20.0.0/16
exit

write memory

Route Maps and Prefix Lists

configure terminal

# Prefix lists
ip prefix-list BOGONS seq 5 permit 0.0.0.0/8 le 32
ip prefix-list BOGONS seq 10 permit 10.0.0.0/8 le 32
ip prefix-list BOGONS seq 15 permit 127.0.0.0/8 le 32
ip prefix-list BOGONS seq 20 permit 169.254.0.0/16 le 32
ip prefix-list BOGONS seq 25 permit 172.16.0.0/12 le 32
ip prefix-list BOGONS seq 30 permit 192.168.0.0/16 le 32
ip prefix-list BOGONS seq 35 permit 224.0.0.0/4 le 32

ip prefix-list MY-NETS seq 10 permit 10.10.0.0/24
ip prefix-list MY-NETS seq 20 permit 10.20.0.0/24

# Community lists
bgp community-list standard NO-EXPORT permit 64500:999
bgp community-list standard CUSTOMER permit 64500:100
bgp community-list standard PEER permit 64500:200

# Route maps
route-map IMPORT-ISP permit 10
 match ip address prefix-list BOGONS
 set local-preference 50
route-map IMPORT-ISP permit 20
 set local-preference 100
 set community 64500:300 additive

route-map EXPORT-ISP permit 10
 match ip address prefix-list MY-NETS
 set metric 0

route-map EXPORT-ISP deny 20

write memory

BFD Configuration

configure terminal

bfd
 peer 10.0.0.2
  receive-interval 300
  transmit-interval 300
  detect-multiplier 3
 exit
exit

# Enable BFD on BGP neighbor
router bgp 64500
 neighbor 10.0.0.2 bfd
exit

# Enable BFD on OSPF interface
interface eth0
 ip ospf bfd
exit

write memory

Advanced Usage

BGP EVPN/VXLAN

configure terminal

router bgp 64500
 address-family l2vpn evpn
  neighbor SPINE activate
  advertise-all-vni
  advertise-svi-ip
 exit-address-family
exit

# VXLAN interface
interface vxlan10
 vxlan id 10010
 vxlan local-tunnelip 10.0.0.1
 vxlan learning off
exit

VRF Configuration

# Create VRF
vrf CUSTOMER1
 vni 10100
exit

interface eth2
 vrf CUSTOMER1
 ip address 192.168.100.1/24
exit

router bgp 64500 vrf CUSTOMER1
 address-family ipv4 unicast
  redistribute connected
  redistribute static
 exit-address-family

 address-family l2vpn evpn
  advertise ipv4 unicast
 exit-address-family
exit

Segment Routing (SR-MPLS)

configure terminal

router isis SR
 net 49.0001.0100.0000.0001.00
 is-type level-1
 segment-routing on
 segment-routing prefix 10.0.0.1/32 index 1
exit

interface eth0
 ip router isis SR
 isis circuit-type level-1
exit

FRR Reload (Hitless Config Update)

# Edit config file
sudo nano /etc/frr/frr.conf

# Reload without service restart
sudo /usr/lib/frr/frr-reload.py --reload /etc/frr/frr.conf

Troubleshooting

IssueSolution
vtysh: error connecting to daemonCheck daemons are enabled in /etc/frr/daemons; restart frr
BGP session not establishingVerify firewall allows TCP 179; check AS numbers and neighbor IPs
Routes not in kernelCheck zebra is running; verify show ip route vs ip route show
OSPF stuck in ExStartMTU mismatch between interfaces; set ip ospf mtu-ignore
Configuration not savedRun write memory or copy running-config startup-config
Route map not applyingVerify sequence numbers; ensure implicit deny at end is intended
High CPU from debuggingDisable debug: no debug all; debug output is very verbose