how to do IPv6 address assignment (eBGP --> iBGP --> home/lan)
Nicolas Embriz
nbari at tequila.io
Wed Dec 1 21:58:33 CET 2021
Hi, traffic was arriving but there was never sending a response, to make it
work I had to add this static route to iBGP:
protocol static {
ipv6;
route 2000::/3 via "wg0";
}
Still, wondering why Bird/BGP did not send back the traffic via the eBGP,
any ideas?
On Tue, Nov 30, 2021 at 11:44 PM Nicolas Embriz <nbari at tequila.io> wrote:
> Hi Nico, many thanks. I will give it a try.
>
> Regarding my eBGP-iBGP problem I can't ping IP's declared in the iBGP,
> this is my setup:
>
> (internet)
> |
> |
> ( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP/64)
>
>
> In the eBGP I have [2a0e:87c0:620::/44] and in the iBGP I would like to
> handle only [2a0e:87c0:620:1::/64]
>
> I do can ping from the eBGP to the IP's in iBGP and vice versa, but not
> from the internet, for example If I add the address [2a0e:87c0:620::10/64]
> in eBGP I can ping it from everywhere but If then I configure any ip in
> iBGP something like [2a0e:87c0:620:1::10/64] I can only ping it within the
> eBGP and iBGP but is not reachable from internet:
>
>
> ping 2a0e:87c0:620:1::10 (not reachable)
> |
> |
> |
> ( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP [2a0e:87c0:620:1::10/64])
>
>
> this is my current setup for the eBGP:
>
>
> &<-----
> router id <ipv4>;
>
> define MYAS = 1234;
>
> protocol device {
> scan time 10;
> }
>
> protocol direct {
> ipv6 {
> import where net ~ [2a0e:87c0:620::/44{44,128}];
> export none;
> };
> }
>
> protocol kernel {
> scan time 20;
> ipv6 {
> import none;
> export all;
> };
> }
>
>
> # templates
> template bgp uplink {
> local as MYAS;
> ipv6 {
> import all;
> export filter {
> if net = 2a0e:87c0:620::/44 then accept;
> reject;
> };
> };
> graceful restart on;
> }
>
> protocol bgp SBv6 from uplink {
> neighbor 2a09:4c1:100:2d88::8bfa as 58057;
> source address 2a09:4c0:100:2d98::8934;
> }
>
> protocol bgp iBGP from uplink {
> debug all;
> neighbor fe80:cafe::10%wg0 as MYAS;
> direct;
> }
> &<-----
>
> And the config for iBGP:
>
> &<-----
> router id <ipv4>;
>
> define MYAS = 1234;
>
> protocol device {
> scan time 10;
> }
>
> protocol direct {
> ipv6 {
> import where net ~ [2a0e:87c0:620:1::/64{64,128}];
> export none;
> };
> }
>
> protocol kernel {
> scan time 20;
> ipv6 {
> import none;
> export all;
> };
> }
>
> protocol bgp iBGP {
> debug all;
> local as MYAS;
> neighbor fe80:cafe::11%wg0 as MYAS;
> direct;
> ipv6 {
> next hop self;
> import all;
> export all;
> };
> graceful restart on;
> }
> &<-----
>
>
> Any ideas? thanks in advance.
>
>
>
> On Mon, Nov 29, 2021 at 8:34 AM Nico Schottelius <
> nico.schottelius at ungleich.ch> wrote:
>
>>
>> Good morning Nicolas,
>>
>> IP assignment is handled differently to IP routing. You can use the
>> "radv" protocol
>> (https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.11) for
>> assignment.
>>
>> Best regards,
>>
>> Nico
>>
>> Nicolas Embriz <nbari at tequila.io> writes:
>>
>> > Hi, I manage to configure, establish a session and announce my prefix
>> with this configuration:
>> >
>> > ---
>> > log "/var/log/bird.log" all;
>> > router id <ipv4>;
>> > define MYAS = 1234;
>> >
>> > protocol device {
>> > scan time 10;
>> > }
>> >
>> > protocol direct {
>> > ipv6;
>> > interface "dummy*";
>> > }
>> >
>> > # templates
>> > template bgp uplink {
>> > local as MYAS;
>> > ipv6 {
>> > import all;
>> > export filter {
>> > if net = <ipv6::/44> then accept;
>> > reject;
>> > };
>> > };
>> > graceful restart on;
>> > }
>> >
>> > protocol bgp SBv6 from uplink {
>> > neighbor <ipv6> a as 12345;
>> > source address <myipvy>;
>> > }
>> > ---
>> >
>> > For testing I added to eth0 an IPv6 address alias belonging to my /44
>> segment, I was available to ping and so far all good, but now something
>> that I am struggling with (probably something very basic) is how to
>> > do IP address assignment to my network from the router?
>> >
>> > This router is a VM but I would like to know how I could use a /64
>> subnet and assign IP's to my home network.
>> >
>> > Probably I am following the wrong approach, but I wanted to give a try
>> creating an internal router (iBGP) and announce only the /64 subnet, I am
>> using wireguard to connect the VM's but can't find a way to ping
>> > any IP I assign in this VM, something like this
>> >
>> > (internet)
>> > |
>> > |
>> > ( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP/64) <----> HOME/LAN (/64)
>> >
>> > this is my config:
>> >
>> > log "/var/log/bird.log" all;
>> > router id <ipv4>;
>> > define MYAS = 1234;
>> >
>> > protocol device {
>> > scan time 10;
>> > }
>> >
>> > protocol direct {
>> > ipv6;
>> > interface "dummy*";
>> > }
>> >
>> > template bgp iAS {
>> > local as MYAS;
>> > ipv6 {
>> > import all;
>> > export filter {
>> > if net = <ipv6::/64> then accept;
>> > reject;
>> > };
>> > };
>> > graceful restart on;
>> > }
>> >
>> > protocol bgp iBGP from iAS {
>> > debug all;
>> > neighbor <peer wireguard ipv6>%wg0 as MYAS;
>> > direct;
>> > source address <wireguard ipv6>;
>> > }
>> >
>> > The session gets established but only from the eBGP I can ping the iBGP
>> but not the other way around or from other hosts.
>> >
>> > Probably I may be over-complicating things, and I could do everything
>> from the main router but is that the case, still wondering how can I then
>> start to assign IPv6's address to my home network? should I
>> > configure something like radvd so that my devices can claim an IPv6?
>> >
>> > I am doing this just for learning purposes, so if there is a better way
>> or practice to follow let me know.
>> >
>> > regards.
>>
>>
>> --
>> Sustainable and modern Infrastructures by ungleich.ch
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20211201/b97a368f/attachment.htm>
More information about the Bird-users
mailing list