How to set up BGP Looking Glass server on CentOS

This tutorial will describe how to set up a BGP Looking Glass server on CentOS. For those of you new to the concept of BGP and Looking Glass, let's start with introduction. If you are familiar with BGP, skip it over.

What is Border Gateway Protocol (BGP)?

BGP is literally the routing backbone of the Internet. As we all know it, the Internet consists of millions of interconnected networks. In the telecom industry, these millions of individual networks are referred to as Autonomous Systems (ASs). Each AS is managed under a single administrative domain (e.g., one organization or an ISP), with its own unique AS number and IP address pools aka IP prefixes. The AS number can be private (i.e., not visible publicly), and so can be the IP address pools. For example, when multiple branch offices of one company interconnect, they can use a private AS number and IP prefix for each branch office. Networks that want to use a public AS number and publicly routable IP addresses have to apply for them at a Regional Internet Registry (RIR) like ARIN, APNIC, RIPE. The RIR assigns a unique AS number and IP prefix(es) to that network.

BGP is the industry standard inter-domain routing protocol used to interconnect different ASs. All IP prefixes known to one AS are shared with neighboring ASs, thus populating the BGP routing tables of their border routers. The Internet is formed by such interconnections between millions of public ASs through BGP. So stating here again, BGP is essentially the routing backbone of the Internet.

What is Looking Glass?

Looking Glass (LG) is a web-based tool that helps network operators analyze how traffic is routed to and from a particular AS. The BGP routing table of an AS depends on what other ASs it is connected with. To be more specific, the IP prefixes learnt from neighboring ASs will populate the local BGP routing table, which will be used by the local AS to make its routing decisions.

Now assume that for troubleshooting routing or network latency related issues, we want to run ping or traceroute from a remote AS. Naturally, we do not have access to their equipment so running the test from remote locations is not feasible. However, the admins of a remote AS could set up a Looking Glass server with web-based interface, which will allow any user to run specific commands like ping, traceroute, or access the remote AS's BGP routing information, without logging in to their routers. These tests provide useful insight during network troubleshooting, as the ping or traceroute probing can be conducted from another AS's networks.

Setting Up BGP Looking Glass on CentOS

Before we start, please make sure that SELinux and firewall are tuned to permit necessary services and ports like 23, 2601, 2605, 80.

First of all, dependencies are installed. Using the Reporforge repository is recommended.

[root@lg ~]# yum install wget perl-Net-Telnet perl-Net-Telnet-Cisco perl-XML-Parser httpd

The Looking Glass will be set up using LG. Necessary software is downloaded and extracted. The directory where the site will be stored is also created.

[root@lg ~]# cd /root
[root@lg ~]# wget http://www.version6.net/lg/lg-1.9.tar.gz
[root@lg ~]# tar zxvf lg-1.9.tar.gz
[root@lg ~]# mkdir /var/www/html/lg

Now that all files have been extracted, they are copied into the web server directory. Necessary permissions are also set.

[root@lg ~]# cd /var/www/html/lg
[root@lg lg]# cp /root/lg-1.9/lg.cgi .
[root@lg lg]# cp /root/lg-1.9/favicon.ico .
[root@lg lg]# cp /root/lg-1.9/lg.conf .

All the files must be readable.

[root@lg lg]# chmod 644 *

The lg.cgi script must be executable.

[root@lg lg]# chmod 755 lg.cgi

Tuning the Web Server

The index.html file is created for LG with necessary redirection.

[root@lg ~]# vim /var/www/html/index.html

In case DNS is set up for the Looking Glass server:

<html>
<head>
<meta http-equiv="refresh" content="0;url=http://lg.example.tst/lg/lg.cgi">
</head>
</html>

Without DNS:

<html>
<head>
<meta http-equiv="refresh" content="0;url=http://IP/lg.cgi">
</head>
</html>

The following parameters are modified in the web server.

[root@lg ~]# vim /etc/httpd/conf/httpd.conf
## The favicon path and the cgi script paths are defined ##
Alias /lg/favicon.ico "/var/www/html/lg/favicon.ico"
ScriptAlias /lg "/var/www/html/lg/lg.cgi"

The httpd service is started and added to startup list.

[root@lg ~]# service httpd start
[root@lg ~]# chkconfig httpd on

Adding Routers to the Looking Glass

LG supports Cisco, Juniper and Linux Quagga routers. All routers are added to /var/www/html/lg/lg.conf. Please note that the router password required is the remote login password, and NOT the privileged EXEC password aka 'enable' password.

[root@lg ~]# vim /var/www/html/lg/lg.conf
<!-- Router Section  -->
<Separator>Sample Routers</Separator>

<Router Name="Router-A">
<Title>Router-A</Title>
<URL>telnet://login:routerPassword@routerIP</URL>
<!--EXAMPLE   <URL>telnet://login:123456@10.10.10.1</URL> -->
</Router>

<Router Name="Router-B">
<Title>Router-B</Title>
<URL>telnet://login:routerPassword@routerIP</URL>
</Router>

The Looking Glass is now ready with minimum configuration. It can be accessed by entering the http://IP, or http://lg.example.tst in a web browser.

Here's a screenshot of the fresh Looking Glass.

Provisioning for IPv6

Preparing the Looking Glass for IPv6 is simple as well. The following lines are modified.

[root@lg ~]# vim /var/www/html/lg/lg.cgi
## $ipv4enabled-- is replaced with $ipv4enabled++ around line 398 ##
### Commented out $ipv4enabled-- ####
$ipv4enabled++

Then the routers that support IPv6 are specified.

[root@lg ~]# vim /var/www/html/lg/lg.conf
<Router Name="Router-A" EnableIPv6="Yes">
<Title>Router-A</Title>
<URL>telnet://login:routerPassword@routerIP</URL>
<!--EXAMPLE   <URL>telnet://login:123456@10.10.10.1</URL> -->
</Router>

Any reachable IPv4 or IPv6 address that can be used for logging in to the router can be specified here as the IP address.

Optional Configurations

The following configuration is optional. However, they can help in giving the LG a professional look.

1. Logo

The logo image is stored in /var/www/html/images.

[root@lg ~]# mkdir /var/www/html/images
[root@lg ~]# cp logo.png /var/www/html/images/logo.png

[root@lg ~]# vim /var/www/html/lg/lg.conf
<LogoImage Align="center" Link="http://www.companyweb.com/">/images/logo.png</LogoImage>

2. Page Headers

The headers of the page can modified as needed.

[root@lg ~]# vim /var/www/html/lg/lg.conf
<HTMLTitle>ASXXXX IPv4 and IPv6 Looking Glass</HTMLTitle>
<ContactMail>lg@example.tst</ContactMail>
[root@lg ~]# vim /var/www/html/lg/lg.cgi
#### In the closing section of the HTML tag i.e. </HTML>, the following line can be added####
<I>
  Please email questions or comments to
 <A HREF="mailto:$email">$email</A>.
</I>
<P>
<P>
Powered By: <a href="http://wiki.version6.net/LG">Looking Glass 1.9</a></P>
</CENTER>
</BODY>
</HTML>

3. Logging

Needless to say, logging is important. The log file can be created this way.

[root@lg ~]# touch /var/log/lg.log
[root@lg ~]# chown apache:apache /var/log/lg.log

[root@lg ~]# vim /var/www/html/lg/lg.conf
<LogFile>/var/log/lg.log</LogFile>

Now the Looking Glass is up, and ready to be used.

Looking Glass Screenshots

The following are some screenshots from the Looking Glass of AS 132267.

  • Live Looking Glass Interface
  • "show ip bgp" output
  • traceroute output
  • "show bgp ipv6" output
  • traceroute ipv6 output
  • Hope this helps.

    Subscribe to Xmodulo

    Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.

    The following two tabs change content below.
    Sarmed Rahman is an IT professional in the Internet Industry in Bangladesh. He writes tutorial articles on technology every now and then from a belief that knowledge grows through sharing. During his free time, he loves gaming and spending time with his friends.
    Your name can also be listed here. Write for us as a freelancer.

    26 thoughts on “How to set up BGP Looking Glass server on CentOS

    1. Thanks for writing this quick and comprehensive installation.

      I have looking glass up and running on an windows 2008 / IIS box and I am able to get to the main page. I also installed perl & the xml parser.

      However, no matter which query (e.g ping) I select, I always get the error "405 - HTTP verb used to access this page is not allowed."

      Would you happen to know how to resolve this?

    2. To be honest, I have never worked with windows server and IIS. I've googled the error and it appears that it is related to the web server. Could you please check whether the .cgi script has necessary permission, and can be executed?

    3. Thanks for the reply. I confirmed IIS is good as I tested it with other perl scripts and cgi scripts. I wish I had a Linux box but unfortunately I have no choice but windows.

      What permissions (besides execute) does lg.cgi need? Do you know what's supposed to happen when I hit submit? what is the correct path for the log parameter? Is this correct?

      c:\inetpub\wwwroot\lg\lg.log

      can you recommend any perl logs that could give me a clue on what's happening? The IIS logs are pretty much useless.

      Thanks a lot!

      • Well, I don't have experience working with IIS. The file lg.log should contain information about the queries that remote users are executing. In my Linux box, I could check the errors in log file /var/log/httpd/error_log. Could you please check whether IIS has similar log files?

        Also, from the error "405 - HTTP verb used to access this page is not allowed.", I'm guessing that maybe changing some parameter in IIS could solve this.

        Again, I am just guessing. You know more about IIS than me.

    4. The IIS logs only show lg.cgi was accessed and doesn't show any errors.

      Just one last question; is there any Linux specific configuration within lg.cgi or lg.conf files? I am wondering if I have to change any part of the files to make it work on windows

      thanks again

    5. Sarmed, thanks a bunch for the detailed guide which really helped me at every step!

      For those folks who are installing LG on windows, do not use IIS. Instead use "Apache Haus", for windows, which is freeware and very easy to setup.

    6. Hi Sarmed, have you attempted to tweak lg.cgi to support Net::SSH2 module? If so, would you please give me an idea what needs to be modified?

      • Hello,

        I don't have the provisions to test Net::SSH2 at the moment, so was not able to test. All our routers have segregated management link and we usually telnet into the routers. If you have successfully tested SSH, please do share with us. :)

    7. Hi Sarmed Rahman,

      when i use special characters in my password, the webserver gives error.

      Example: (Pa$$worD!)

      What is the solution? I am using a cisco router.

      • hi sarmed vhai,
        Can you plz try this password (p&ssword). Try it. It will not work. Your http server will show 500 internal error. See the below error of my web server error log:
        =======================================================
        [Sat May 03 09:06:27 2014] [error] [client 10.218.218.8]
        [Sat May 03 09:06:27 2014] [error] [client 10.218.218.8] not well-formed (invalid token) at line 40, column 37, byte 1493 at /usr/lib/perl5vendor_perl5.8.8/i3 86-linux-thread-multi/XML/Parser.pm line 187
        [Sat May 03 09:06:27 2014] [error] [client 10.218.218.8] Premature end of script headers: lg.cgi
        =======================================================
        My observation is that : some special character is not working (@ $ ~)

        What is the solution?

          • Hi Sarmed vhai,

            telnet://login:sap@TauaRe@192.168.20.5

            Above is not working. It thinks that only "sap" is password, and host name or IP address is "TauaRe@192.168.20.5". But my password is "sap@TauaRe". It seems to me that it counts host name or IP address is after first @.

            What's the solution?

            • I have used '@' as a part of the password previously and did not face any issues. Using '@' as a part of the password is valid.

              If it's an authentication issue, you should get something like the following error-

              ERROR:pattern match timed-out
              Password:
              % Bad passwords

              Besides, could you please confirm that the following packages are installed?

              perl-Net-Telnet
              perl-Net-Telnet-Cisco
              perl-XML-Parser

              • I have tested using '@' again today. My previous results were errorneous. The script considers '@' as a separator between password and IP address. To use @ as a part of the passwrod, the handler script lg.cgi needs to be modified. The developers may be able to help, but it's something beyond my skillset.

                Sorry for the inconvenience.

    8. Router: R1
      Command: show ip bgp 123.30.182.86

      ERROR:problem connecting to "113.190.240.150", port 9623: connect timed-out
      ERROR:write error: filehandle isn't open
      ERROR:write error: filehandle isn't open
      ERROR:write error: filehandle isn't open
      ERROR:write error: filehandle isn't open
      why?

    9. hi Sarmed,
      I am a masters student .I am stuck while installing the LG. I am able see my router in the list of routers displayed ( i had added my router telnet remote login details in lg.conf ). If i try to ping 8.8.8.8 and hit submit button, it just shows me the router and the command. I am not able to see the output. Please help me out.

      Regards,
      Suriaa

    10. Hi,

      I have successfully installed the LG and have tested the username and passwords on my juniper working.

      for some reason, when I run a query, the webpage is not returning anything

    Leave a comment

    Your email address will not be published. Required fields are marked *

    Current ye@r *