<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div>Hello all,</div><div>I am new to the group. I am having issues trying to get bird configured to do what I need. I have Bird running in a datacenter with eBGP public ASN that should announce /24 and /48 and /64. I then want to route that over OpenVPN to OPNsense where I have bird connected with iBGP over openvpn and sending /28 of the /24 and /64 of the /48 down to the OPNsense that is running FRR iBGP and setup on DMZ interface.</div><div><br data-mce-bogus="1"></div><div>I had eBGP working to the peers at the datacenter, but after a reboot it never worked again for ipv4, IPv6 still shows announcing, but doesn't seem to be working either. I am confused as to if I am required to have the /48 static routes to the eBGP router as well as the /24? Since I am not routing those I am sending smaller subnets to each location. My plan is to have two ASN eBGP routers in different locations that will handle routing and failover if a location goes down that connect to 4 different location using iBGP sending each /28 and /64 (maybe 2 /64). That way if needed I could route the public IPs for he DMZ to any cluster we have in different locations to allow them push as close to 100% uptime as I can.</div><div><br data-mce-bogus="1"></div><div>Design so far:</div><div><br data-mce-bogus="1"></div><div>eBGP-Vegas: 209.x.x.55</div><div>iBGP-Dallas: 10.77.77.1</div><div><br data-mce-bogus="1"></div><div>eBGP ASN assigned has routes: </div><div><div> route -n</div><div>Kernel IP routing table</div><div>Destination Gateway Genmask Flags Metric Ref Use Iface</div><div>0.0.0.0 209.x.x.1 0.0.0.0 UG 100 0 0 eth0</div><div>10.0.0.0 10.144.144.1 255.255.255.0 UG 5000 0 0 ztjlhw736o</div><div>10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0</div><div>10.77.77.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0</div><div>10.144.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ztjlhw736o</div><div>23.x.x.0 10.77.77.1 255.255.255.240 UG 0 0 0 tun0</div><div>209.x.x.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0</div><div>209.x.x.1 0.0.0.0 255.255.255.255 UH 100 0 0 eth0</div><div><br data-mce-bogus="1"></div><div>The provider says I must announce the /48 before I announce the /64. I am not sure if I even need to announce the /64. I announce the /24 only not the /28 on public side eBGP. </div><div>This is the part that I don't get. If I don't put routes to next-hop for 23.x.x.0/24 via 10.77.77.1 If I don't do a static route then eBGP ignores the prefix and doesn't announce it. I did try multi-protocol for eBGP and put it all under one session but seems they don't have it configure on the other end to allow one session. What is the correct way to announce for the /24 and /48 and route to other locations the /28 and /48 prefixes?</div><div><br data-mce-bogus="1"></div><div>I don't want to bind the /24 or /48 (or at least I don't think we need to) just as I need to break them up into smaller subnets. I can ping from my DMZ in the OPnsense firewall thru the VPN to 10.77.77.2 so iBGP is getting its routes and they work. But still can't figure out what I am doing wrong with eBGP to get it working. They told me I don't need multihop on the eBGP side and must announce the full prefix too, but if I don't put a route it never exports the prefixes. Maybe I am missing something. I am new to this. Yes I do have passwords on all the sessions, just didn't include them in the config.</div><div><br></div><div>Any help or direct would be appreciated. If you need more information, let me know.</div><div><br data-mce-bogus="1"></div><div>Jason</div><div>Here is my bird.conf:</div><div><br data-mce-bogus="1"></div><div><div># Configure logging</div><div>#log syslog all;</div><div>log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };</div><div><br></div><div># Set router ID. It is a unique identification of your router.</div><div>router id 209.x.x.55;</div><div><br></div><div># Restrict network interfaces BIRD works with</div><div>protocol direct {</div><div> interface "lo";</div><div> interface "eth0";</div><div> interface "tun0";</div><div>}</div><div><br></div><div><br></div><div># For IPv4</div><div>protocol kernel kernel_ipv4 {</div><div> ipv4;</div><div> persist;</div><div> scan time 60;</div><div>}</div><div><br></div><div># For IPv6</div><div>protocol kernel kernel_ipv6 {</div><div> ipv6;</div><div> persist;</div><div> scan time 60;</div><div>}</div><div><br></div><div><br></div><div># The Device protocol gets information about network interfaces.</div><div>protocol device {</div><div> scan time 60;</div><div>}</div><div><br></div><div># Define static routes for IPv4</div><div>protocol static {</div><div> ipv4;</div><div> route 23.x.x.0/24 via 10.77.77.1;</div><div> route 23.x.x.0/28 via 10.77.77.1;</div><div>}</div><div><br></div><div># Define static routes for IPv6</div><div>protocol static {</div><div> ipv6;</div><div> route 2620:X:X::/48 via fd12:3456:X:1::2;</div><div> route 2620:X:X:1::/64 via fd12:3456:X:1::2;</div><div>}</div><div><br></div><div>filter ipv4_filter_private {</div><div> if net ~ 23.x.x.0/28 then {</div><div> accept;</div><div> }</div><div> reject;</div><div>}</div><div><br></div><div>filter ipv4_filter_public {</div><div> if net ~ 23.x.x.0/28 then {</div><div> reject;</div><div> }</div><div> if net ~ 23.x.x.0/24 then {</div><div> accept;</div><div> }</div><div> reject;</div><div>}</div><div><br></div><div><br></div><div>filter ipv6_filter {</div><div> if net ~ [2620:x:x::/48, 2620:x:x:1::/64] then {</div><div> accept;</div><div> }</div><div> reject;</div><div>}</div><div><br></div><div>filter dallas_ipv6_filter {</div><div> if net = 2620:x:x:1::/64 then {</div><div> accept;</div><div> }</div><div> reject;</div><div>}</div><div><br></div><div># BGP configuration for peer_as53xxx_v4</div><div>protocol bgp neighbor_53xxx_v4 {</div><div> debug all;</div><div> local as 16xxx;</div><div> source address 209.x.x.55;</div><div> local 209.x.x.55;</div><div> passive no;</div><div> keepalive time 20;</div><div> hold time 60;</div><div> multihop;</div><div> neighbor 169.x.x.179 as 53xxx;</div><div> ipv4 {</div><div> import none;</div><div> export filter ipv4_filter_public;</div><div> };</div><div>}</div><div><br></div><div># BGP configuration for peer_as53xxx</div><div>protocol bgp neighbor_53xxx_v6 {</div><div> debug all;</div><div> local as 16xxx;</div><div> source address 2605:x:x:713::2;</div><div> local 2605:x:x:713::2;</div><div> passive no;</div><div> keepalive time 20;</div><div> hold time 60;</div><div> multihop;</div><div> neighbor 2605:x:x::2 as 53xxx;</div><div> ipv6 {</div><div> import none;</div><div> export filter ipv6_filter;</div><div> };</div><div>}</div><div><br></div><div>protocol bgp OPNsense_iBGP_Dallas {</div><div> debug all;</div><div> local as 16xxx;</div><div> source address 10.77.77.2;</div><div> neighbor 10.77.77.1 as 64512;</div><div> multihop;</div><div><br></div><div> ipv4 {</div><div> import none;</div><div> export filter ipv4_filter_private;</div><div> next hop self;</div><div> };</div><div><br></div><div> ipv6 {</div><div> import none;</div><div> #import filter ipv6_filter;</div><div><br></div><div> export filter dallas_ipv6_filter;</div><div> #export none;</div><div> next hop self;</div><div> };</div><div>}</div><div>Here are stats of bird:</div><div><br data-mce-bogus="1"></div><div><div>birdc show proto all</div><div>BIRD 2.0.7 ready.</div><div>Name Proto Table State Since Info</div><div>direct1 Direct --- up 11:36:52.931</div><div><br></div><div>kernel_ipv4 Kernel master4 up 11:36:52.931</div><div> Channel ipv4</div><div> State: UP</div><div> Table: master4</div><div> Preference: 10</div><div> Input filter: ACCEPT</div><div> Output filter: REJECT</div><div> Routes: 0 imported, 0 exported, 0 preferred</div><div> Route change stats: received rejected filtered ignored accepted</div><div> Import updates: 0 0 0 0 0</div><div> Import withdraws: 0 0 --- 0 0</div><div> Export updates: 4 0 4 --- 0</div><div> Export withdraws: 0 --- --- --- 0</div><div><br></div><div>kernel_ipv6 Kernel master6 up 11:36:52.931</div><div> Channel ipv6</div><div> State: UP</div><div> Table: master6</div><div> Preference: 10</div><div> Input filter: ACCEPT</div><div> Output filter: REJECT</div><div> Routes: 0 imported, 0 exported, 0 preferred</div><div> Route change stats: received rejected filtered ignored accepted</div><div> Import updates: 0 0 0 0 0</div><div> Import withdraws: 0 0 --- 0 0</div><div> Export updates: 4 0 4 --- 0</div><div> Export withdraws: 0 --- --- --- 0</div><div><br></div><div>device1 Device --- up 11:36:52.931</div><div><br></div><div>static1 Static master4 up 11:36:52.931</div><div> Channel ipv4</div><div> State: UP</div><div> Table: master4</div><div> Preference: 200</div><div> Input filter: ACCEPT</div><div> Output filter: REJECT</div><div> Routes: 2 imported, 0 exported, 2 preferred</div><div> Route change stats: received rejected filtered ignored accepted</div><div> Import updates: 2 0 0 0 2</div><div> Import withdraws: 0 0 --- 0 0</div><div> Export updates: 0 0 0 --- 0</div><div> Export withdraws: 0 --- --- --- 0</div><div><br></div><div>static2 Static master6 up 11:36:52.931</div><div> Channel ipv6</div><div> State: UP</div><div> Table: master6</div><div> Preference: 200</div><div> Input filter: ACCEPT</div><div> Output filter: REJECT</div><div> Routes: 2 imported, 0 exported, 2 preferred</div><div> Route change stats: received rejected filtered ignored accepted</div><div> Import updates: 2 0 0 0 2</div><div> Import withdraws: 0 0 --- 0 0</div><div> Export updates: 0 0 0 --- 0</div><div> Export withdraws: 0 --- --- --- 0</div><div><br></div><div>neighbor_53xxx_v4 BGP --- up 11:36:57.076 Established</div><div> BGP state: Established</div><div> Neighbor address: 169.x.x.179</div><div> Neighbor AS: 53xxx</div><div> Local AS: 16xxx</div><div> Neighbor ID: 169.x.x.179</div><div> Local capabilities</div><div> Multiprotocol</div><div> AF announced: ipv4</div><div> Route refresh</div><div> Graceful restart</div><div> 4-octet AS numbers</div><div> Enhanced refresh</div><div> Long-lived graceful restart</div><div> Neighbor capabilities</div><div> Multiprotocol</div><div> AF announced: ipv4 ipv6</div><div> Route refresh</div><div> Graceful restart</div><div> Restart time: 120</div><div> AF supported: ipv4 ipv6</div><div> AF preserved:</div><div> 4-octet AS numbers</div><div> Enhanced refresh</div><div> Long-lived graceful restart</div><div> Session: external multihop AS4</div><div> Source address: 209.x.x.55</div><div> Hold timer: 53.667/60</div><div> Keepalive timer: 13.062/20</div><div> Channel ipv4</div><div> State: UP</div><div> Table: master4</div><div> Preference: 100</div><div> Input filter: REJECT</div><div> Output filter: ipv4_filter_public</div><div> Routes: 0 imported, 1 exported, 0 preferred</div><div> Route change stats: received rejected filtered ignored accepted</div><div> Import updates: 0 0 0 0 0</div><div> Import withdraws: 1726 0 --- 1726 0</div><div> Export updates: 2 0 1 --- 1</div><div> Export withdraws: 0 --- --- --- 0</div><div> BGP Next hop: 209.x.x.55</div><div> IGP IPv4 table: master4</div><div><br></div><div>neighbor_53xxx_v6 BGP --- up 11:36:57.630 Established</div><div> BGP state: Established</div><div> Neighbor address: 2605:x:x::2</div><div> Neighbor AS: 53xxx</div><div> Local AS: 16xxx</div><div> Neighbor ID: 169.x.x.179</div><div> Local capabilities</div><div> Multiprotocol</div><div> AF announced: ipv6</div><div> Route refresh</div><div> Graceful restart</div><div> 4-octet AS numbers</div><div> Enhanced refresh</div><div> Long-lived graceful restart</div><div> Neighbor capabilities</div><div> Multiprotocol</div><div> AF announced: ipv4 ipv6</div><div> Route refresh</div><div> Graceful restart</div><div> Restart time: 120</div><div> AF supported: ipv4 ipv6</div><div> AF preserved:</div><div> 4-octet AS numbers</div><div> Enhanced refresh</div><div> Long-lived graceful restart</div><div> Session: external multihop AS4</div><div> Source address: 2605:x:x:713::2</div><div> Hold timer: 55.462/60</div><div> Keepalive timer: 11.057/20</div><div> Channel ipv6</div><div> State: UP</div><div> Table: master6</div><div> Preference: 100</div><div> Input filter: REJECT</div><div> Output filter: ipv6_filter</div><div> Routes: 0 imported, 2 exported, 0 preferred</div><div> Route change stats: received rejected filtered ignored accepted</div><div> Import updates: 0 0 0 0 0</div><div> Import withdraws: 12 0 --- 12 0</div><div> Export updates: 2 0 0 --- 2</div><div> Export withdraws: 0 --- --- --- 0</div><div> BGP Next hop: 2605:x:x:713::2</div><div> IGP IPv6 table: master6</div><div><br></div><div>OPNsense_iBGP_Dallas BGP --- up 11:36:55.259 Established</div><div> BGP state: Established</div><div> Neighbor address: 10.77.77.1</div><div> Neighbor AS: 64512</div><div> Local AS: 16xxx</div><div> Neighbor ID: 10.77.77.1</div><div> Local capabilities</div><div> Multiprotocol</div><div> AF announced: ipv4 ipv6</div><div> Route refresh</div><div> Graceful restart</div><div> 4-octet AS numbers</div><div> Enhanced refresh</div><div> Long-lived graceful restart</div><div> Neighbor capabilities</div><div> Multiprotocol</div><div> AF announced: ipv4 ipv6</div><div> Route refresh</div><div> Extended message</div><div> Graceful restart</div><div> 4-octet AS numbers</div><div> ADD-PATH</div><div> RX: ipv4 ipv6</div><div> TX:</div><div> Enhanced refresh</div><div> Long-lived graceful restart</div><div> LL stale time: 0</div><div> AF supported:</div><div> AF preserved: ipv4 ipv6</div><div> Session: external multihop AS4</div><div> Source address: 10.77.77.2</div><div> Hold timer: 8.540/9</div><div> Keepalive timer: 1.429/3</div><div> Channel ipv4</div><div> State: UP</div><div> Table: master4</div><div> Preference: 100</div><div> Input filter: REJECT</div><div> Output filter: ipv4_filter_private</div><div> Routes: 0 imported, 1 exported, 0 preferred</div><div> Route change stats: received rejected filtered ignored accepted</div><div> Import updates: 0 0 0 0 0</div><div> Import withdraws: 1 0 --- 1 0</div><div> Export updates: 2 0 1 --- 1</div><div> Export withdraws: 0 --- --- --- 0</div><div> BGP Next hop: 10.77.77.2</div><div> IGP IPv4 table: master4</div><div> Channel ipv6</div><div> State: UP</div><div> Table: master6</div><div> Preference: 100</div><div> Input filter: REJECT</div><div> Output filter: dallas_ipv6_filter</div><div> Routes: 0 imported, 1 exported, 0 preferred</div><div> Route change stats: received rejected filtered ignored accepted</div><div> Import updates: 0 0 0 0 0</div><div> Import withdraws: 1 0 --- 1 0</div><div> Export updates: 2 0 1 --- 1</div><div> Export withdraws: 0 --- --- --- 0</div><div> BGP Next hop: fd12:x:x:1::2</div><div> IGP IPv6 table: master6</div><div><br></div><div>root@localhost:/etc/bird# birdc show route all</div><div>BIRD 2.0.7 ready.</div><div>Table master4:</div><div>23.x.x.0/28 unicast [static1 11:36:52.931] * (200)</div><div> via 10.77.77.1 on eth0</div><div> Type: static univ</div><div>23.x.x.0/24 unicast [static1 11:36:52.931] * (200)</div><div> via 10.77.77.1 on eth0</div><div> Type: static univ</div><div><br></div><div>Table master6:</div><div>2620:x:x:1::/64 unicast [static2 11:36:52.931] * (200)</div><div> via fd12:x:x:1::2 on tun0</div><div> Type: static univ</div><div>2620:x:x::/48 unicast [static2 11:36:52.931] * (200)</div><div> via fd12:x:x:1::2 on tun0</div><div> Type: static univ</div></div></div></div></div></body></html>