What is Zebra, and why should I want to use it ?

Zebra is a routing daemon. That means, it will send routing requests and receive similar requests from neighbor routers, and eventually update your routing tables accordingly.

There are many routing protocols out there : RIP, OSPF, BGP, just to name a few. RIP and OSPF are "internal" routing protocols, whereas BGP is an "external" routing protocol. Internal protocols are designed for use in LANs, within a global administrative scope (id est, the same guy or the same team is in charge for all the routers in the network). External protocols are designed for use in WAN, and BGP is specifically designed for Internet use.

When joining the NX VPN, your routes should be "announced" by some router. This router will inform the others that you're here, and they will add a routing entry for your host, and eventually your whole network. You can either ask somebody to announce your routes, or do it yourself. In the latter case, you will need to install Zebra or another BGP-capable routing daemon, and ask for a global ASN (Autonomous System Number) which will identify uniquely your router. You will also need to declare one or more "neighbors", id est, routers to whom you will send routing updates. You should inform the neighbors mainteners, as they will have to instruct their routers to listen to yours.

How do I install Zebra ?

You should run Linux or a BSD variant. Check www.zebra.org for compatibility information. If you're the lucky maintener of a Debian box, apt-get install zebra should be enough. Else, check for adequate packages, or build it from the source (check Zebra site).

Please note that people have noticed problems with older versions of Zebra. In doubt, fetch latest release from Zebra Web site. Debian users will find an updated Debian package here (older versions may not update correctly kernel routing tables).

How do I configure Zebra ?

Zebra's architecture includes an O/S dependant application, whose role is to deal with network interface configuration, routing table updates, and other kernel stuff ; and O/S independant routing processes, communicating thru sockets with the Zebra core. You will have to choose which daemons you want to run. On a Debian system, each process has a configuration file in /etc/zebra/processname.conf, and /etc/zebra/daemons lists which processes should be launched at system bootup.

You will want to activate processes zebra and bgpd. Next, edit zebra.conf and bgpd.conf. Configure both passwords and "enable passwords" (note that lines beginning with ! are comments). The password is like a standard user password, and think about the "enable password" like the "root password" of an UNIX box. If you don't put an "enable password", it won't be necessary (id est, empty password).

You can also configure hostnames : I use foo-zebra as hostname if router's name is "foo" for zebra process, and foo-bgpd for the bgpd process. The hostname only influences the command prompt when you connect to a router (with telnet myrouter bgpd for instance).

No configuration is necessary in zebra.conf, but you should edit bgpd.conf to include the following lines :

router bgp ASN
 bgp router-id ROUTERID
 network 192.168.A.B/M
 network 192.168.C.D/N
 neighbor 192.168.P.Q remote-as REMOTEASN
Where ASN is your Autonomous System Number (it will look like a number above 65000, and will be given when you ask for it to the tunnel's maintener), ROUTERID is a dummy IP address (it can be if you like, it's just an identifier). You should specify your network entries with respect to your allocated IP addresses ranges. For instance, if you told the maintener that you would use thru, specify . You can specify multiple network routes. If you are part of the backbone (you will be told if that is the case), you should export a host route (192.168.0.X/32). The nieghbor IP address and ASN will be given to you by your maintener.

After editing configuration files, start zebra and bgpd (with a decent system, /etc/init.d/zebra start should suffice).

How do I check my BGP configuration ?

Connect to your BGP routing process : telnet localhost bgpd ; you will be prompted for a password. At the prompt, issue enable and give your enable password. Then, show ip bgp will show BGP routes ; show ip bgp summary will show neighbors state. The latter should look like this :
TheDoors-bgpd# sh ip bg su
 Neighbor        V     AS MsgRcvd MsgSent   TblVer InQ OutQ Up/Down  State/Pref  4  65168   14062   13971       0    0    0 1d23h59m         6    4  65301    6110    6250       0    0    0 2d00h01m         1
Notice that you can abbreviate commands. If you see big variations between MsgRcvd and MsgSent, that may be a hint of network failures.

When you will see BGP routes with sh ip b, these routes should appear within your kernel routing table (/sbin/route -n in your favourite shell). You can then reach the whole NX network.