<div dir="ltr"><div>Hi, traffic was arriving but there was never sending a response, to make it work I had to add this static route to iBGP:</div><div><br></div><div>protocol static {<br> ipv6;<br> route 2000::/3 via "wg0";<br>}</div><div><br></div><div>Still, wondering why Bird/BGP did not send back the traffic via the eBGP, any ideas?</div><div><br></div><div><br><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Nov 30, 2021 at 11:44 PM Nicolas Embriz <<a href="mailto:nbari@tequila.io">nbari@tequila.io</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Nico, many thanks. I will give it a try.<div><br></div><div>Regarding my eBGP-iBGP problem I can't ping IP's declared in the iBGP, this is my setup:</div><div><div><font face="monospace"><br></font></div><div><font face="monospace">(internet)</font></div><div><font face="monospace"> |</font></div><div><font face="monospace"> |</font></div><div><font face="monospace">( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP/64)</font></div></div><div><font face="monospace"><br></font></div><div><br></div><div>In the eBGP I have [2a0e:87c0:620::/44] and in the iBGP I would like to handle only [2a0e:87c0:620:1::/64]</div><div><br></div><div>I do can ping from the eBGP to the IP's in iBGP and vice versa, but not from the internet, for example If I add the address [2a0e:87c0:620::10/64] in eBGP I can ping it from everywhere but If then I configure any ip in iBGP something like [2a0e:87c0:620:1::10/64] I can only ping it within the eBGP and iBGP but is not reachable from internet:</div><div><br></div><div><br></div><div><font face="monospace">ping 2a0e:87c0:620:1::10 (not reachable)</font></div><div><div> <font face="monospace"> |</font></div><div><font face="monospace"> |</font></div><div><font face="monospace"> |</font></div><div><font face="monospace">( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP [2a0e:87c0:620:1::10/64])</font></div></div><div><br></div><div><br></div><div>this is my current setup for the eBGP:</div><div><br></div><div><br></div><div>&<-----</div><div>router id <ipv4>;<br><br>define MYAS = 1234;<br><br>protocol device {<br> scan time 10;<br>}<br><br>protocol direct {<br> ipv6 {<br> import where net ~ [2a0e:87c0:620::/44{44,128}];<br> export none;<br> };<br>}<br><br>protocol kernel {<br> scan time 20;<br> ipv6 {<br> import none;<br> export all;<br> };<br>}<br><br><br># templates<br>template bgp uplink {<br> local as MYAS;<br> ipv6 {<br> import all;<br> export filter {<br> if net = 2a0e:87c0:620::/44 then accept;<br> reject;<br> };<br> };<br> graceful restart on;<br>}<br><br>protocol bgp SBv6 from uplink {<br> neighbor 2a09:4c1:100:2d88::8bfa as 58057;<br> source address 2a09:4c0:100:2d98::8934;<br>}<br><br>protocol bgp iBGP from uplink {<br> debug all;<br> neighbor fe80:cafe::10%wg0 as MYAS;<br> direct;<br>}<br></div><div>&<-----<br></div><div><br></div><div>And the config for iBGP:</div><div><br></div><div>&<-----<br></div><div>router id <ipv4>;<br><br>define MYAS = 1234;<br><br>protocol device {<br> scan time 10;<br>}<br><br>protocol direct {<br> ipv6 {<br> import where net ~ [2a0e:87c0:620:1::/64{64,128}];<br> export none;<br> };<br>}<br><br>protocol kernel {<br> scan time 20;<br> ipv6 {<br> import none;<br> export all;<br> };<br>}<br><br>protocol bgp iBGP {<br> debug all;<br> local as MYAS;<br> neighbor fe80:cafe::11%wg0 as MYAS;<br> direct;<br> ipv6 {<br> next hop self;<br> import all;<br> export all;<br> };<br> graceful restart on;<br>}<br></div><div>&<-----<br></div><div><br></div><div><br></div><div>Any ideas? thanks in advance.</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Nov 29, 2021 at 8:34 AM Nico Schottelius <<a href="mailto:nico.schottelius@ungleich.ch" target="_blank">nico.schottelius@ungleich.ch</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
Good morning Nicolas,<br>
<br>
IP assignment is handled differently to IP routing. You can use the<br>
"radv" protocol<br>
(<a href="https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.11" rel="noreferrer" target="_blank">https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.11</a>) for<br>
assignment.<br>
<br>
Best regards,<br>
<br>
Nico<br>
<br>
Nicolas Embriz <<a href="mailto:nbari@tequila.io" target="_blank">nbari@tequila.io</a>> writes:<br>
<br>
> Hi, I manage to configure, establish a session and announce my prefix with this configuration:<br>
><br>
> ---<br>
> log "/var/log/bird.log" all;<br>
> router id <ipv4>;<br>
> define MYAS = 1234;<br>
><br>
> protocol device {<br>
> scan time 10;<br>
> }<br>
><br>
> protocol direct {<br>
> ipv6;<br>
> interface "dummy*";<br>
> }<br>
><br>
> # templates<br>
> template bgp uplink {<br>
> local as MYAS;<br>
> ipv6 {<br>
> import all;<br>
> export filter {<br>
> if net = <ipv6::/44> then accept;<br>
> reject;<br>
> };<br>
> };<br>
> graceful restart on;<br>
> }<br>
><br>
> protocol bgp SBv6 from uplink {<br>
> neighbor <ipv6> a as 12345;<br>
> source address <myipvy>;<br>
> }<br>
> ---<br>
><br>
> For testing I added to eth0 an IPv6 address alias belonging to my /44 segment, I was available to ping and so far all good, but now something that I am struggling with (probably something very basic) is how to<br>
> do IP address assignment to my network from the router?<br>
><br>
> This router is a VM but I would like to know how I could use a /64 subnet and assign IP's to my home network.<br>
><br>
> Probably I am following the wrong approach, but I wanted to give a try creating an internal router (iBGP) and announce only the /64 subnet, I am using wireguard to connect the VM's but can't find a way to ping<br>
> any IP I assign in this VM, something like this<br>
><br>
> (internet)<br>
> |<br>
> |<br>
> ( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP/64) <----> HOME/LAN (/64)<br>
><br>
> this is my config:<br>
><br>
> log "/var/log/bird.log" all;<br>
> router id <ipv4>;<br>
> define MYAS = 1234;<br>
><br>
> protocol device {<br>
> scan time 10;<br>
> }<br>
><br>
> protocol direct {<br>
> ipv6;<br>
> interface "dummy*";<br>
> }<br>
><br>
> template bgp iAS {<br>
> local as MYAS;<br>
> ipv6 {<br>
> import all;<br>
> export filter {<br>
> if net = <ipv6::/64> then accept;<br>
> reject;<br>
> };<br>
> };<br>
> graceful restart on;<br>
> }<br>
><br>
> protocol bgp iBGP from iAS {<br>
> debug all;<br>
> neighbor <peer wireguard ipv6>%wg0 as MYAS;<br>
> direct;<br>
> source address <wireguard ipv6>;<br>
> }<br>
><br>
> The session gets established but only from the eBGP I can ping the iBGP but not the other way around or from other hosts.<br>
><br>
> Probably I may be over-complicating things, and I could do everything from the main router but is that the case, still wondering how can I then start to assign IPv6's address to my home network? should I<br>
> configure something like radvd so that my devices can claim an IPv6?<br>
><br>
> I am doing this just for learning purposes, so if there is a better way or practice to follow let me know.<br>
><br>
> regards.<br>
<br>
<br>
--<br>
Sustainable and modern Infrastructures by <a href="http://ungleich.ch" rel="noreferrer" target="_blank">ungleich.ch</a><br>
</blockquote></div>
</blockquote></div></div>