Hi, traffic was arriving but there was never sending a response, to make it work I had to add this static route to iBGP:

protocol static {
    ipv6;
    route 2000::/3 via "wg0";
}

Still, wondering why Bird/BGP did not send back the traffic via the eBGP, any ideas?




On Tue, Nov 30, 2021 at 11:44 PM Nicolas Embriz <nbari@tequila.io> wrote:
Hi Nico, many thanks. I will give it a try.

Regarding my eBGP-iBGP problem I can't ping  IP's declared in the iBGP, this is my setup:

(internet)
    |
    |
( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP/64)


In the eBGP I have [2a0e:87c0:620::/44] and in the iBGP I would like to handle only [2a0e:87c0:620:1::/64]

I do can ping from the eBGP to the IP's in iBGP and vice versa, but not from the internet, for example If I add the address [2a0e:87c0:620::10/64] in eBGP I can ping it from everywhere but If then I configure any ip in iBGP something like [2a0e:87c0:620:1::10/64] I can only ping it within the eBGP and iBGP but is not reachable from internet:


ping 2a0e:87c0:620:1::10 (not reachable)
       |
    |
    |
( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP [2a0e:87c0:620:1::10/64])


this is my current setup for the eBGP:


&<-----
router id <ipv4>;

define MYAS = 1234;

protocol device {
    scan time 10;
}

protocol direct {
    ipv6 {
        import where net ~ [2a0e:87c0:620::/44{44,128}];
        export none;
    };
}

protocol kernel {
    scan time 20;
    ipv6 {
        import none;
        export all;
    };
}


# templates
template bgp uplink {
   local as MYAS;
   ipv6 {
      import all;
      export filter {
        if net = 2a0e:87c0:620::/44 then accept;
        reject;
      };
   };
   graceful restart on;
}

protocol bgp SBv6 from uplink {
   neighbor 2a09:4c1:100:2d88::8bfa as 58057;
   source address 2a09:4c0:100:2d98::8934;
}

protocol bgp iBGP from uplink {
    debug all;
    neighbor fe80:cafe::10%wg0 as MYAS;
    direct;
}
&<-----

And the config for iBGP:

&<-----
router id <ipv4>;

define MYAS = 1234;

protocol device {
        scan time 10;
}

protocol direct {
        ipv6 {
        import where net ~ [2a0e:87c0:620:1::/64{64,128}];
        export none;
    };
}

protocol kernel {
    scan time 20;
    ipv6 {
        import none;
        export all;
    };
}

protocol bgp iBGP {
    debug all;
    local as MYAS;
    neighbor fe80:cafe::11%wg0 as MYAS;
    direct;
        ipv6 {
        next hop self;
        import all;
        export all;
    };
    graceful restart on;
}
&<-----


Any ideas? thanks in advance.



On Mon, Nov 29, 2021 at 8:34 AM Nico Schottelius <nico.schottelius@ungleich.ch> wrote:

Good morning Nicolas,

IP assignment is handled differently to IP routing. You can use the
"radv" protocol
(https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.11) for
assignment.

Best regards,

Nico

Nicolas Embriz <nbari@tequila.io> writes:

> Hi, I manage to configure, establish a session and announce my prefix with this configuration:
>
> ---
> log "/var/log/bird.log" all;
> router id <ipv4>;
> define MYAS = 1234;
>
> protocol device {
>     scan time 10;
> }
>
> protocol direct {
>     ipv6;
>     interface "dummy*";
> }
>
> # templates
> template bgp uplink {
>    local as MYAS;
>    ipv6 {
>       import all;
>       export filter {
>         if net = <ipv6::/44> then accept;
>         reject;
>       };
>    };
>    graceful restart on;
> }
>
> protocol bgp SBv6 from uplink {
>    neighbor <ipv6> a as 12345;
>    source address <myipvy>;
> }
> ---
>
> For testing I added to eth0 an IPv6 address alias belonging to my  /44 segment, I was available to ping and so far all good, but now something that I am struggling with (probably something very basic) is how to
> do IP address assignment to my network from the router?
>
> This router is a VM but I would like to know how I could use a /64 subnet and  assign  IP's to my home network.
>
> Probably I am following the wrong approach, but I wanted to give a try creating an internal router (iBGP) and announce only the /64 subnet, I am using wireguard to connect the VM's but can't find a way to ping
> any IP I assign in this VM, something like this
>
> (internet)
>     |
>     |
> ( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP/64) <----> HOME/LAN (/64)
>
>  this is my config:
>
> log "/var/log/bird.log" all;
> router id <ipv4>;
> define MYAS = 1234;
>
> protocol device {
>         scan time 10;
> }
>
> protocol direct {
>         ipv6;
>         interface "dummy*";
> }
>
> template bgp iAS {
>         local as MYAS;
>         ipv6 {
>                 import all;
>                 export filter {
>                         if net = <ipv6::/64> then accept;
>                         reject;
>                 };
>         };
>         graceful restart on;
> }
>
> protocol bgp iBGP from iAS {
>         debug all;
>         neighbor <peer wireguard ipv6>%wg0 as MYAS;
>         direct;
>         source address <wireguard ipv6>;
> }
>
> The session gets established but only from the eBGP I can ping the iBGP but not the other way around or from other hosts.
>
> Probably I may be over-complicating things, and I could do everything from the main router but is that the case, still wondering how can I then start to assign IPv6's address to my home network? should I
> configure something like radvd so that my devices can claim an IPv6?
>
> I am doing this just for learning purposes, so if there is a better way or practice to follow let me know.
>
> regards.


--
Sustainable and modern Infrastructures by ungleich.ch