Wednesday, March 25, 2009

Making BGP use some other port than 179.

By default BGP uses port 179 for both incoming and outgoing connections. This can be a problem because port 179 is a privileged port which can only be opened for listening as root.

Quagga can easily be configured to use some other port than 179.

Do the following to make BGP listen on port 1790 instead of port 179.

Edit the file /etc/quagga/debian.conf as root:

sudo vi /etc/quagga/debian.conf

Set the bgpd_options to the following:

bgpd_options=" --daemon -A 127.0.0.1 --bgp_port 1790"

Restart quagga as follows:

sudo /etc/init.d/quagga restart

Verify that BGP is actually listening on port 1790:

$ netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:1790 0.0.0.0:* LISTEN
tcp6 0 0 :::1790 :::* LISTEN


Do the following to make BGP use port 1790 instead of port 179 for outgoing connections:

Go into the CLI for BGP:

telnet localhost 2605
[...]
Password: zebra

Go into configuration mode:

bgpd> ena
bgpd# configure terminal

Configure BGP as follows:

router bgp xxxx
neighbor x.x.x.x remote-as xxxx
neighbor x.x.x.x port 1790

Save the configuration using the "write" command:

write

Verify that BGP actually uses 1790 as the outgoing port as follows (you can do a "clear ip bgp *" to make BGP initiate an outgoing connection faster):

$ sudo tcpdump port 1790
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
00:05:17.791499 IP cayle-spandons-ubuntu.local.51002 > cayle-spandons-computer.local.1790: S 395668408:395668408(0) win 5840
00:05:17.792250 IP cayle-spandons-computer.local.1790 > cayle-spandons-ubuntu.local.51002: R 0:0(0) ack 395668409 win 0