iBGP config.

C. Jon Larsen jlarsen at richweb.com
Mon Dec 8 19:23:37 CET 2025 

I have run bird1 as an SP router (peering and transit, under 10G), bird2 
is prob what you want. I have not touched bird3 yet. Im using 
bird2+strongswan mostly as an ipsecvti router these days but works well.

Typically we like to do pci-pass thru on the host, to a vm, and pass thru 
a pair of 10G nics or 1 single 10G nic with 8021q and run rtr on a stick 
for workloads needing > 2Gbit/sec or 200K pps.

ubuntu would not be my 1st choice for a router. I guess as the host it 
would be fine but typically a stripped down debian or devuan vm would be 
my choice as your rtr vm.

for ipv6 esp. there are some kernel sysctls you will want to enable when 
putting full v6 tables into your fib.

for public peering (exchanges) there are l2 proto rules you need to follow 
(like disabling l2 control protos and lldp) and you might want to practice 
hardcoding your mac addr so if you ever change anything, you know how to 
keep your peering fabric MAC addr the same pre and post (otherwise an 
outage and ticket to update your mac with the peering fabric provider).

I have seen with debian 12/13 some ucd snmp package issues where the snmp 
daemon would hang and need a kill -9 and restart occasionally when taking 
a few full feeds.

bfd works pretty well with bird2 and you want that for indirect loss of 
lite detection on your bgp sessions. I have had good results with these 
setting over ipsec+vti tuns:

protocol bfd {
     multihop {
         interval 750 ms;
         multiplier 4;
     };
}

cpu-wise my software routers have 2 vpu. To keep jitter 
to a min, you can allocate dedicated cpus to your vm if you want.

The standard design of loopbacks and ip unnumbered for links that we use 
on h/w routers is a little tricky on debian vms.

I use this to make sure my loopback always comes up:

auto dummy0
iface dummy0 inet static
     address 100.120.0.110/32
     pre-up modprobe dummy
     pre-up [ ! -d /sys/class/net/dummy0 ] && ip link add dummy0 type dummy || true
     pre-up sysctl -p /etc/sysctl.d/zz_local_sysctl.conf
     up ip link set dummy0 up

And then run ospf to get that loopback into IBGP and term all ibgp 
sessions on the loopback.

ip unnumbered works but basically you just put the same address as dummy0 
on all your links. Looks odd but works.

If ip unn. is not your thing then allocating /31s for your p2p links 
should work fine.


+ Jon Larsen: CTO Richweb, Inc.
+ Richweb.com: Cloud/Route/Switch/MSP Experts since 1995
+ GnuPG Public Key: http://jlarsen.richweb.com/jlarsen.gpg
+ Business: (804) 368-0421 x 101; Mobile: (804) 747-8592

More information about the Bird-users mailing list