How to advertise two virtual IPs using BGP?

Alexander Zubkov green at qrator.net
Wed Nov 20 10:40:16 CET 2024 

You can set krt_prefsrc in bird. If I remember the option name right.

On Wed, Nov 20, 2024, 10:11 hans.heng <hans.heng at zoom.us> wrote:

> > Hi Hans,
> >
> > What about just adding it to your LOCAL_NET list? If it works for the first
> > IP, why it shouldn't work for the other?
>
> Hi Alexander,
>
> You’re right, simply adding it to LOCAL_NET list does work, other hosts then can test tcp stream on this new virtual ip.
>
> But what confused me is that how can we add export a routing rule like this:
>
> $ ip route
> default proto bird src 38.145.72.193 metric 32
>         nexthop via 10.105.1.10 dev enp4s0f0 weight 1
>         nexthop via 10.105.1.12 dev enp4s0f1 weight 1
>
> Namely, how this server sends out the traffic using new virtual ip 38.145.72.198 as source addr?
>
> Thanks,
> Hans
>
> On Wed, November 20 2024 at 4:03 PM Alexander Zubkov <green at qrator.net>
> <green at qrator.net> wrote:
>
> Hi Hans,
>
> What about just adding it to your LOCAL_NET list? If it works for the
> first IP, why it shouldn't work for the other?
>
> On Wed, Nov 20, 2024 at 8:36 AM Hans Heng via Bird-users <
> bird-users at network.cz> wrote:
>
>> Hi all!
>>
>> I have a dual-home server, whose connection topology and configuration is described as below.
>>
>>
>> **** Connection Topology and Configuration ****
>>
>> The server has two physical NICs enp4s0f0 and enp4s0f1, which are connected to two separate ports TOR_A and TOR_B on a Top of Rack (TOR) router, each representing a separate BGP session through bgp_A and bgp_B protocol.
>>
>> The server also has a dummy interface named em5, which has a private ip 38.145.72.193/32 <https://urldefense.proofpoint.com/v2/url?u=http-3A__38.145.72.193_32&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=jKSN1FCc_6R4dNzWWkk4s9IEPghmnQKefyIIVtVmGsE&e=>.
>>
>> Bird kernel protocol exports an ECMP routing rule to kernel as a kernel default routing, and bgp_A/bgp_B protocol export the private ip to my internet, then 38.145.72.193/32 <https://urldefense.proofpoint.com/v2/url?u=http-3A__38.145.72.193_32&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=jKSN1FCc_6R4dNzWWkk4s9IEPghmnQKefyIIVtVmGsE&e=> on em5 acts as a public ip.
>>
>>
>> ****   My goal ****
>>
>> I want to add another virtual ip on em5, say 38.145.72.198/32 <https://urldefense.proofpoint.com/v2/url?u=http-3A__38.145.72.198_32&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=H85Ro8DXm3uWfnfQU4MX2w7eTYkSllixeGgTN4D3XF8&e=>, and let this new virtual ip act as a public ip too.
>> Can this requirement be met? If yes, how should I modify the configuration to make BGP advertise this ip over my internet?
>>
>>
>>
>> **** Additional Information on Server ****
>>
>>
>> ## bird setup an ECMP route on 2 phy nics as default route,
>> ## which set source ip to the public ip
>> $ ip route
>> default proto bird src 38.145.72.193 metric 32
>>         nexthop via 10.105.1.10 dev enp4s0f0 weight 1
>>         nexthop via 10.105.1.12 dev enp4s0f1 weight 110.105.1.10/31 <https://urldefense.proofpoint.com/v2/url?u=http-3A__10.105.1.10_31&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=-p9Ki6n5W1WV1sy_k1TvuK40E8Bwj5zNUKhIHqRBiws&e=> dev enp4s0f0 proto kernel scope link src 10.105.1.1110.105.1.12/31 <https://urldefense.proofpoint.com/v2/url?u=http-3A__10.105.1.12_31&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=PPYkekks3l9B0WozwhhmanpPyqt-7_BalYLNq0I3QJM&e=> dev enp4s0f1 proto kernel scope link src 10.105.1.13
>>
>>
>> bird> show route all
>> Table master4:0.0.0.0/0 <https://urldefense.proofpoint.com/v2/url?u=http-3A__0.0.0.0_0&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=Cvj89uXo924yxK47AGuHlg3g1BKfJdkW6sUvQso_2xE&e=>            unicast [bgp_A 2024-11-17] * (100) [AS4212010101i]
>>         via 10.105.1.10 on enp5s0f0
>>         Type: BGP univ
>>         BGP.origin: IGP
>>         BGP.as_path: 4259105001 4212010101
>>         BGP.next_hop: 10.105.1.10
>>         BGP.local_pref: 0
>>                      unicast [bgp_B 2024-11-18] (100) [AS4212010101i]
>>         via 10.105.1.12 on enp5s0f1
>>         Type: BGP univ
>>         BGP.origin: IGP
>>         BGP.as_path: 4259205001 4212010101
>>         BGP.next_hop: 10.105.1.12
>>         BGP.local_pref: 038.145.72.193/32 <https://urldefense.proofpoint.com/v2/url?u=http-3A__38.145.72.193_32&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=jKSN1FCc_6R4dNzWWkk4s9IEPghmnQKefyIIVtVmGsE&e=>     unicast [direct1 2024-11-06] * (240)
>>         dev em5
>>         Type: device univ
>>
>>
>>
>>
>> # bird.conf
>> router id 172.18.xxx.yyy;
>> ipv4 table master4;
>>
>> define LOCAL_NET = [ 38.145.72.193/32 <https://urldefense.proofpoint.com/v2/url?u=http-3A__38.145.72.193_32&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=jKSN1FCc_6R4dNzWWkk4s9IEPghmnQKefyIIVtVmGsE&e=> ];
>>
>> protocol direct {
>>     ipv4;
>>     interface "em5",-"*";
>> }
>>
>> protocol kernel {
>>     scan time 1;
>>     merge paths yes limit 4;
>>     ipv4 {
>>       import none;
>>       export filter {
>>         if proto = "direct1" then reject;
>>         krt_prefsrc = 38.145.72.193;
>>         accept;
>>       };
>>   };
>> }
>>
>> protocol device {
>>     scan time 1;
>> }
>>
>> protocol bgp bgp_A {
>>     description "TOR A";
>>     local 10.105.1.11 as 4290105101 ; # enp4s0f0
>>     neighbor 10.105.1.10 as 4259105001; # TOR_A
>>     path metric 1;
>>     ipv4 {
>>        import all;
>>        export filter {
>>            if net ~ LOCAL_NET then accept;
>>            else reject;
>>        };
>>        next hop self;
>>      };
>> }
>>
>> protocol bgp bgp_B {
>>     bfd;
>>     description "TOR B";
>>     local 10.105.1.13 as 4290105101 ; # enp4s0f1
>>     neighbor 10.105.1.12 as 4259205001; # TOR_B
>>     default bgp_med 0;
>>     default bgp_local_pref 0;
>>     path metric 1;
>>     ipv4 {
>>        import all;
>>        export filter {
>>            if net ~ LOCAL_NET then accept;
>>            else reject;
>>        };
>>        next hop self;
>>      };
>> }
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20241120/56efb764/attachment.htm>

More information about the Bird-users mailing list