Bird eBGP and iBGP

Jason Romo jason at romos.net
Thu Nov 2 18:09:50 CET 2023


Hello all, 
I am new to the group. I am having issues trying to get bird configured to do what I need. I have Bird running in a datacenter with eBGP public ASN that should announce /24 and /48 and /64. I then want to route that over OpenVPN to OPNsense where I have bird connected with iBGP over openvpn and sending /28 of the /24 and /64 of the /48 down to the OPNsense that is running FRR iBGP and setup on DMZ interface. 

I had eBGP working to the peers at the datacenter, but after a reboot it never worked again for ipv4, IPv6 still shows announcing, but doesn't seem to be working either. I am confused as to if I am required to have the /48 static routes to the eBGP router as well as the /24? Since I am not routing those I am sending smaller subnets to each location. My plan is to have two ASN eBGP routers in different locations that will handle routing and failover if a location goes down that connect to 4 different location using iBGP sending each /28 and /64 (maybe 2 /64). That way if needed I could route the public IPs for he DMZ to any cluster we have in different locations to allow them push as close to 100% uptime as I can. 

Design so far: 

eBGP-Vegas: 209.x.x.55 
iBGP-Dallas: 10.77.77.1 

eBGP ASN assigned has routes: 
route -n 
Kernel IP routing table 
Destination Gateway Genmask Flags Metric Ref Use Iface 
0.0.0.0 209.x.x.1 0.0.0.0 UG 100 0 0 eth0 
10.0.0.0 10.144.144.1 255.255.255.0 UG 5000 0 0 ztjlhw736o 
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0 
10.77.77.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 
10.144.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ztjlhw736o 
23.x.x.0 10.77.77.1 255.255.255.240 UG 0 0 0 tun0 
209.x.x.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 
209.x.x.1 0.0.0.0 255.255.255.255 UH 100 0 0 eth0 

The provider says I must announce the /48 before I announce the /64. I am not sure if I even need to announce the /64. I announce the /24 only not the /28 on public side eBGP. 
This is the part that I don't get. If I don't put routes to next-hop for 23.x.x.0/24 via 10.77.77.1 If I don't do a static route then eBGP ignores the prefix and doesn't announce it. I did try multi-protocol for eBGP and put it all under one session but seems they don't have it configure on the other end to allow one session. What is the correct way to announce for the /24 and /48 and route to other locations the /28 and /48 prefixes? 

I don't want to bind the /24 or /48 (or at least I don't think we need to) just as I need to break them up into smaller subnets. I can ping from my DMZ in the OPnsense firewall thru the VPN to 10.77.77.2 so iBGP is getting its routes and they work. But still can't figure out what I am doing wrong with eBGP to get it working. They told me I don't need multihop on the eBGP side and must announce the full prefix too, but if I don't put a route it never exports the prefixes. Maybe I am missing something. I am new to this. Yes I do have passwords on all the sessions, just didn't include them in the config. 

Any help or direct would be appreciated. If you need more information, let me know. 

Jason 
Here is my bird.conf: 

# Configure logging 
#log syslog all; 
log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug }; 

# Set router ID. It is a unique identification of your router. 
router id 209.x.x.55; 

# Restrict network interfaces BIRD works with 
protocol direct { 
interface "lo"; 
interface "eth0"; 
interface "tun0"; 
} 


# For IPv4 
protocol kernel kernel_ipv4 { 
ipv4; 
persist; 
scan time 60; 
} 

# For IPv6 
protocol kernel kernel_ipv6 { 
ipv6; 
persist; 
scan time 60; 
} 


# The Device protocol gets information about network interfaces. 
protocol device { 
scan time 60; 
} 

# Define static routes for IPv4 
protocol static { 
ipv4; 
route 23.x.x.0/24 via 10.77.77.1; 
route 23.x.x.0/28 via 10.77.77.1; 
} 

# Define static routes for IPv6 
protocol static { 
ipv6; 
route 2620:X:X::/48 via fd12:3456:X:1::2; 
route 2620:X:X:1::/64 via fd12:3456:X:1::2; 
} 

filter ipv4_filter_private { 
if net ~ 23.x.x.0/28 then { 
accept; 
} 
reject; 
} 

filter ipv4_filter_public { 
if net ~ 23.x.x.0/28 then { 
reject; 
} 
if net ~ 23.x.x.0/24 then { 
accept; 
} 
reject; 
} 


filter ipv6_filter { 
if net ~ [2620:x:x::/48, 2620:x:x:1::/64] then { 
accept; 
} 
reject; 
} 

filter dallas_ipv6_filter { 
if net = 2620:x:x:1::/64 then { 
accept; 
} 
reject; 
} 

# BGP configuration for peer_as53xxx_v4 
protocol bgp neighbor_53xxx_v4 { 
debug all; 
local as 16xxx; 
source address 209.x.x.55; 
local 209.x.x.55; 
passive no; 
keepalive time 20; 
hold time 60; 
multihop; 
neighbor 169.x.x.179 as 53xxx; 
ipv4 { 
import none; 
export filter ipv4_filter_public; 
}; 
} 

# BGP configuration for peer_as53xxx 
protocol bgp neighbor_53xxx_v6 { 
debug all; 
local as 16xxx; 
source address 2605:x:x:713::2; 
local 2605:x:x:713::2; 
passive no; 
keepalive time 20; 
hold time 60; 
multihop; 
neighbor 2605:x:x::2 as 53xxx; 
ipv6 { 
import none; 
export filter ipv6_filter; 
}; 
} 

protocol bgp OPNsense_iBGP_Dallas { 
debug all; 
local as 16xxx; 
source address 10.77.77.2; 
neighbor 10.77.77.1 as 64512; 
multihop; 

ipv4 { 
import none; 
export filter ipv4_filter_private; 
next hop self; 
}; 

ipv6 { 
import none; 
#import filter ipv6_filter; 

export filter dallas_ipv6_filter; 
#export none; 
next hop self; 
}; 
} 
Here are stats of bird: 

birdc show proto all 
BIRD 2.0.7 ready. 
Name Proto Table State Since Info 
direct1 Direct --- up 11:36:52.931 

kernel_ipv4 Kernel master4 up 11:36:52.931 
Channel ipv4 
State: UP 
Table: master4 
Preference: 10 
Input filter: ACCEPT 
Output filter: REJECT 
Routes: 0 imported, 0 exported, 0 preferred 
Route change stats: received rejected filtered ignored accepted 
Import updates: 0 0 0 0 0 
Import withdraws: 0 0 --- 0 0 
Export updates: 4 0 4 --- 0 
Export withdraws: 0 --- --- --- 0 

kernel_ipv6 Kernel master6 up 11:36:52.931 
Channel ipv6 
State: UP 
Table: master6 
Preference: 10 
Input filter: ACCEPT 
Output filter: REJECT 
Routes: 0 imported, 0 exported, 0 preferred 
Route change stats: received rejected filtered ignored accepted 
Import updates: 0 0 0 0 0 
Import withdraws: 0 0 --- 0 0 
Export updates: 4 0 4 --- 0 
Export withdraws: 0 --- --- --- 0 

device1 Device --- up 11:36:52.931 

static1 Static master4 up 11:36:52.931 
Channel ipv4 
State: UP 
Table: master4 
Preference: 200 
Input filter: ACCEPT 
Output filter: REJECT 
Routes: 2 imported, 0 exported, 2 preferred 
Route change stats: received rejected filtered ignored accepted 
Import updates: 2 0 0 0 2 
Import withdraws: 0 0 --- 0 0 
Export updates: 0 0 0 --- 0 
Export withdraws: 0 --- --- --- 0 

static2 Static master6 up 11:36:52.931 
Channel ipv6 
State: UP 
Table: master6 
Preference: 200 
Input filter: ACCEPT 
Output filter: REJECT 
Routes: 2 imported, 0 exported, 2 preferred 
Route change stats: received rejected filtered ignored accepted 
Import updates: 2 0 0 0 2 
Import withdraws: 0 0 --- 0 0 
Export updates: 0 0 0 --- 0 
Export withdraws: 0 --- --- --- 0 

neighbor_53xxx_v4 BGP --- up 11:36:57.076 Established 
BGP state: Established 
Neighbor address: 169.x.x.179 
Neighbor AS: 53xxx 
Local AS: 16xxx 
Neighbor ID: 169.x.x.179 
Local capabilities 
Multiprotocol 
AF announced: ipv4 
Route refresh 
Graceful restart 
4-octet AS numbers 
Enhanced refresh 
Long-lived graceful restart 
Neighbor capabilities 
Multiprotocol 
AF announced: ipv4 ipv6 
Route refresh 
Graceful restart 
Restart time: 120 
AF supported: ipv4 ipv6 
AF preserved: 
4-octet AS numbers 
Enhanced refresh 
Long-lived graceful restart 
Session: external multihop AS4 
Source address: 209.x.x.55 
Hold timer: 53.667/60 
Keepalive timer: 13.062/20 
Channel ipv4 
State: UP 
Table: master4 
Preference: 100 
Input filter: REJECT 
Output filter: ipv4_filter_public 
Routes: 0 imported, 1 exported, 0 preferred 
Route change stats: received rejected filtered ignored accepted 
Import updates: 0 0 0 0 0 
Import withdraws: 1726 0 --- 1726 0 
Export updates: 2 0 1 --- 1 
Export withdraws: 0 --- --- --- 0 
BGP Next hop: 209.x.x.55 
IGP IPv4 table: master4 

neighbor_53xxx_v6 BGP --- up 11:36:57.630 Established 
BGP state: Established 
Neighbor address: 2605:x:x::2 
Neighbor AS: 53xxx 
Local AS: 16xxx 
Neighbor ID: 169.x.x.179 
Local capabilities 
Multiprotocol 
AF announced: ipv6 
Route refresh 
Graceful restart 
4-octet AS numbers 
Enhanced refresh 
Long-lived graceful restart 
Neighbor capabilities 
Multiprotocol 
AF announced: ipv4 ipv6 
Route refresh 
Graceful restart 
Restart time: 120 
AF supported: ipv4 ipv6 
AF preserved: 
4-octet AS numbers 
Enhanced refresh 
Long-lived graceful restart 
Session: external multihop AS4 
Source address: 2605:x:x:713::2 
Hold timer: 55.462/60 
Keepalive timer: 11.057/20 
Channel ipv6 
State: UP 
Table: master6 
Preference: 100 
Input filter: REJECT 
Output filter: ipv6_filter 
Routes: 0 imported, 2 exported, 0 preferred 
Route change stats: received rejected filtered ignored accepted 
Import updates: 0 0 0 0 0 
Import withdraws: 12 0 --- 12 0 
Export updates: 2 0 0 --- 2 
Export withdraws: 0 --- --- --- 0 
BGP Next hop: 2605:x:x:713::2 
IGP IPv6 table: master6 

OPNsense_iBGP_Dallas BGP --- up 11:36:55.259 Established 
BGP state: Established 
Neighbor address: 10.77.77.1 
Neighbor AS: 64512 
Local AS: 16xxx 
Neighbor ID: 10.77.77.1 
Local capabilities 
Multiprotocol 
AF announced: ipv4 ipv6 
Route refresh 
Graceful restart 
4-octet AS numbers 
Enhanced refresh 
Long-lived graceful restart 
Neighbor capabilities 
Multiprotocol 
AF announced: ipv4 ipv6 
Route refresh 
Extended message 
Graceful restart 
4-octet AS numbers 
ADD-PATH 
RX: ipv4 ipv6 
TX: 
Enhanced refresh 
Long-lived graceful restart 
LL stale time: 0 
AF supported: 
AF preserved: ipv4 ipv6 
Session: external multihop AS4 
Source address: 10.77.77.2 
Hold timer: 8.540/9 
Keepalive timer: 1.429/3 
Channel ipv4 
State: UP 
Table: master4 
Preference: 100 
Input filter: REJECT 
Output filter: ipv4_filter_private 
Routes: 0 imported, 1 exported, 0 preferred 
Route change stats: received rejected filtered ignored accepted 
Import updates: 0 0 0 0 0 
Import withdraws: 1 0 --- 1 0 
Export updates: 2 0 1 --- 1 
Export withdraws: 0 --- --- --- 0 
BGP Next hop: 10.77.77.2 
IGP IPv4 table: master4 
Channel ipv6 
State: UP 
Table: master6 
Preference: 100 
Input filter: REJECT 
Output filter: dallas_ipv6_filter 
Routes: 0 imported, 1 exported, 0 preferred 
Route change stats: received rejected filtered ignored accepted 
Import updates: 0 0 0 0 0 
Import withdraws: 1 0 --- 1 0 
Export updates: 2 0 1 --- 1 
Export withdraws: 0 --- --- --- 0 
BGP Next hop: fd12:x:x:1::2 
IGP IPv6 table: master6 

root at localhost:/etc/bird# birdc show route all 
BIRD 2.0.7 ready. 
Table master4: 
23.x.x.0/28 unicast [static1 11:36:52.931] * (200) 
via 10.77.77.1 on eth0 
Type: static univ 
23.x.x.0/24 unicast [static1 11:36:52.931] * (200) 
via 10.77.77.1 on eth0 
Type: static univ 

Table master6: 
2620:x:x:1::/64 unicast [static2 11:36:52.931] * (200) 
via fd12:x:x:1::2 on tun0 
Type: static univ 
2620:x:x::/48 unicast [static2 11:36:52.931] * (200) 
via fd12:x:x:1::2 on tun0 
Type: static univ 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20231102/3f6a7011/attachment.htm>


More information about the Bird-users mailing list