Review my BGP configuration

Hans van Kranenburg hans.van.kranenburg at mendix.com
Fri Mar 8 21:25:15 CET 2013 

On 03/08/2013 07:28 PM, Andre Nathan wrote:
> On Fri, 08 Mar 2013, Hans van Kranenburg wrote:
> 
>> When converting the other router to bird, you can also configure it to
>> just use the /24 ranges in the context of talking to the ebgp peer, and
>> never let them come near the t_bgp or even master table, so you don't
>> need the additional filters to keep them out again.
> 
> Borrowing your routing table scheme from your first reply:

Whoops, the drawing does not entirely match the config, p_bgp_to_master
should be p_master_to_bgp and p_wzyx_to_bgp should be p_bgp_to_wxyz,
like in the diff I sent in the first post. This does not alter any of
the behaviour by the way.

So:

          kernel
            ^ :
            | :
            | v
         +--------+
         | master |
         +--------+
            ^ :
            | :  p_master_to_bgp
            | v
   ,---> +--------+
   | ,-- | t_bgp  |  ---------------------.
   | :   +--------+  <-----------------.  |
   | :       ^ :                       |  v
   | :       | : p_bgp_to_wxyz      iBGP peers
   | v       | v
+--------+ +--------+
| t_uiop | | t_wzyx |  - - - - - -.
+--------+ +--------+  <--------. |
   ^ |        ^ |               | v
   | |        | |          originate_to_wzyx
   | v        | v

     eBGP peers

Arrows pointing up then mean import (pointing closer to bird), and
pointing down mean export (further away from bird).

> In the eBGP session I have an input filter that rejects routes matching
> my /24.

That's a filter for sanity purposes I guess, an eBGP peer should never
send you your own routes?

> What happens here is that despite the filter, those routes
> still end up being added to t_bgp because they were added to t_wzyx via
> originate_to_wzyx. Is that correct?

No, because if you do import where proto = "eBGP" only the routes that
were learned in protocol bgp eBGP would match. the /24's would match
when you say where proto = "originate_to_wzyx"

Using the commands in the interactive console, birdc, you could try to
debug what's going on exactly, and where those routes come from...

show route all table t_wzyx

and...

show route protocol eBGP table t_wzyx  (imported routes)
show route export eBGP table t_wzyx    (exported routes)

etc...

> If so, the solution is see is to change p_wzyx_to_bgp so that instead of
> 'import where proto = "eBGP"' a more complex filter is used, something
> like
> 
>   if proto = "eBGP" && ! (net ~ [a.b.0.0/24, a.b.1.0/24]) then {
>     accept;
>   }
>   reject;
> 
> Looks good?

-- 
Hans van Kranenburg - System / Network Engineer
T +31 (0)10 2760434 | hans.van.kranenburg at mendix.com | www.mendix.com

More information about the Bird-users mailing list