how to do IPv6 address assignment (eBGP --> iBGP --> home/lan)
Hi, I manage to configure, establish a session and announce my prefix with this configuration: --- log "/var/log/bird.log" all; router id <ipv4>; define MYAS = 1234; protocol device { scan time 10; } protocol direct { ipv6; interface "dummy*"; } # templates template bgp uplink { local as MYAS; ipv6 { import all; export filter { if net = <ipv6::/44> then accept; reject; }; }; graceful restart on; } protocol bgp SBv6 from uplink { neighbor <ipv6> a as 12345; source address <myipvy>; } --- For testing I added to eth0 an IPv6 address alias belonging to my /44 segment, I was available to ping and so far all good, but now something that I am struggling with (probably something very basic) is how to do IP address assignment to my network from the router? This router is a VM but I would like to know how I could use a /64 subnet and assign IP's to my home network. Probably I am following the wrong approach, but I wanted to give a try creating an internal router (iBGP) and announce only the /64 subnet, I am using wireguard to connect the VM's but can't find a way to ping any IP I assign in this VM, something like this (internet) | | ( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP/64) <----> HOME/LAN (/64) this is my config: log "/var/log/bird.log" all; router id <ipv4>; define MYAS = 1234; protocol device { scan time 10; } protocol direct { ipv6; interface "dummy*"; } template bgp iAS { local as MYAS; ipv6 { import all; export filter { if net = <ipv6::/64> then accept; reject; }; }; graceful restart on; } protocol bgp iBGP from iAS { debug all; neighbor <peer wireguard ipv6>%wg0 as MYAS; direct; source address <wireguard ipv6>; } The session gets established but only from the eBGP I can ping the iBGP but not the other way around or from other hosts. Probably I may be over-complicating things, and I could do everything from the main router but is that the case, still wondering how can I then start to assign IPv6's address to my home network? should I configure something like radvd so that my devices can claim an IPv6? I am doing this just for learning purposes, so if there is a better way or practice to follow let me know. regards.
Good morning Nicolas, IP assignment is handled differently to IP routing. You can use the "radv" protocol (https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.11) for assignment. Best regards, Nico Nicolas Embriz <nbari@tequila.io> writes:
Hi, I manage to configure, establish a session and announce my prefix with this configuration:
--- log "/var/log/bird.log" all; router id <ipv4>; define MYAS = 1234;
protocol device { scan time 10; }
protocol direct { ipv6; interface "dummy*"; }
# templates template bgp uplink { local as MYAS; ipv6 { import all; export filter { if net = <ipv6::/44> then accept; reject; }; }; graceful restart on; }
protocol bgp SBv6 from uplink { neighbor <ipv6> a as 12345; source address <myipvy>; } ---
For testing I added to eth0 an IPv6 address alias belonging to my /44 segment, I was available to ping and so far all good, but now something that I am struggling with (probably something very basic) is how to do IP address assignment to my network from the router?
This router is a VM but I would like to know how I could use a /64 subnet and assign IP's to my home network.
Probably I am following the wrong approach, but I wanted to give a try creating an internal router (iBGP) and announce only the /64 subnet, I am using wireguard to connect the VM's but can't find a way to ping any IP I assign in this VM, something like this
(internet) | | ( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP/64) <----> HOME/LAN (/64)
this is my config:
log "/var/log/bird.log" all; router id <ipv4>; define MYAS = 1234;
protocol device { scan time 10; }
protocol direct { ipv6; interface "dummy*"; }
template bgp iAS { local as MYAS; ipv6 { import all; export filter { if net = <ipv6::/64> then accept; reject; }; }; graceful restart on; }
protocol bgp iBGP from iAS { debug all; neighbor <peer wireguard ipv6>%wg0 as MYAS; direct; source address <wireguard ipv6>; }
The session gets established but only from the eBGP I can ping the iBGP but not the other way around or from other hosts.
Probably I may be over-complicating things, and I could do everything from the main router but is that the case, still wondering how can I then start to assign IPv6's address to my home network? should I configure something like radvd so that my devices can claim an IPv6?
I am doing this just for learning purposes, so if there is a better way or practice to follow let me know.
regards.
-- Sustainable and modern Infrastructures by ungleich.ch
Hi Nico, many thanks. I will give it a try. Regarding my eBGP-iBGP problem I can't ping IP's declared in the iBGP, this is my setup: (internet) | | ( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP/64) In the eBGP I have [2a0e:87c0:620::/44] and in the iBGP I would like to handle only [2a0e:87c0:620:1::/64] I do can ping from the eBGP to the IP's in iBGP and vice versa, but not from the internet, for example If I add the address [2a0e:87c0:620::10/64] in eBGP I can ping it from everywhere but If then I configure any ip in iBGP something like [2a0e:87c0:620:1::10/64] I can only ping it within the eBGP and iBGP but is not reachable from internet: ping 2a0e:87c0:620:1::10 (not reachable) | | | ( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP [2a0e:87c0:620:1::10/64]) this is my current setup for the eBGP: &<----- router id <ipv4>; define MYAS = 1234; protocol device { scan time 10; } protocol direct { ipv6 { import where net ~ [2a0e:87c0:620::/44{44,128}]; export none; }; } protocol kernel { scan time 20; ipv6 { import none; export all; }; } # templates template bgp uplink { local as MYAS; ipv6 { import all; export filter { if net = 2a0e:87c0:620::/44 then accept; reject; }; }; graceful restart on; } protocol bgp SBv6 from uplink { neighbor 2a09:4c1:100:2d88::8bfa as 58057; source address 2a09:4c0:100:2d98::8934; } protocol bgp iBGP from uplink { debug all; neighbor fe80:cafe::10%wg0 as MYAS; direct; } &<----- And the config for iBGP: &<----- router id <ipv4>; define MYAS = 1234; protocol device { scan time 10; } protocol direct { ipv6 { import where net ~ [2a0e:87c0:620:1::/64{64,128}]; export none; }; } protocol kernel { scan time 20; ipv6 { import none; export all; }; } protocol bgp iBGP { debug all; local as MYAS; neighbor fe80:cafe::11%wg0 as MYAS; direct; ipv6 { next hop self; import all; export all; }; graceful restart on; } &<----- Any ideas? thanks in advance. On Mon, Nov 29, 2021 at 8:34 AM Nico Schottelius < nico.schottelius@ungleich.ch> wrote:
Good morning Nicolas,
IP assignment is handled differently to IP routing. You can use the "radv" protocol (https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.11) for assignment.
Best regards,
Nico
Nicolas Embriz <nbari@tequila.io> writes:
Hi, I manage to configure, establish a session and announce my prefix with this configuration:
--- log "/var/log/bird.log" all; router id <ipv4>; define MYAS = 1234;
protocol device { scan time 10; }
protocol direct { ipv6; interface "dummy*"; }
# templates template bgp uplink { local as MYAS; ipv6 { import all; export filter { if net = <ipv6::/44> then accept; reject; }; }; graceful restart on; }
protocol bgp SBv6 from uplink { neighbor <ipv6> a as 12345; source address <myipvy>; } ---
For testing I added to eth0 an IPv6 address alias belonging to my /44 segment, I was available to ping and so far all good, but now something that I am struggling with (probably something very basic) is how to do IP address assignment to my network from the router?
This router is a VM but I would like to know how I could use a /64 subnet and assign IP's to my home network.
Probably I am following the wrong approach, but I wanted to give a try creating an internal router (iBGP) and announce only the /64 subnet, I am using wireguard to connect the VM's but can't find a way to ping any IP I assign in this VM, something like this
(internet) | | ( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP/64) <----> HOME/LAN (/64)
this is my config:
log "/var/log/bird.log" all; router id <ipv4>; define MYAS = 1234;
protocol device { scan time 10; }
protocol direct { ipv6; interface "dummy*"; }
template bgp iAS { local as MYAS; ipv6 { import all; export filter { if net = <ipv6::/64> then accept; reject; }; }; graceful restart on; }
protocol bgp iBGP from iAS { debug all; neighbor <peer wireguard ipv6>%wg0 as MYAS; direct; source address <wireguard ipv6>; }
The session gets established but only from the eBGP I can ping the iBGP but not the other way around or from other hosts.
Probably I may be over-complicating things, and I could do everything from the main router but is that the case, still wondering how can I then start to assign IPv6's address to my home network? should I configure something like radvd so that my devices can claim an IPv6?
I am doing this just for learning purposes, so if there is a better way or practice to follow let me know.
regards.
-- Sustainable and modern Infrastructures by ungleich.ch
Hi, traffic was arriving but there was never sending a response, to make it work I had to add this static route to iBGP: protocol static { ipv6; route 2000::/3 via "wg0"; } Still, wondering why Bird/BGP did not send back the traffic via the eBGP, any ideas? On Tue, Nov 30, 2021 at 11:44 PM Nicolas Embriz <nbari@tequila.io> wrote:
Hi Nico, many thanks. I will give it a try.
Regarding my eBGP-iBGP problem I can't ping IP's declared in the iBGP, this is my setup:
(internet) | | ( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP/64)
In the eBGP I have [2a0e:87c0:620::/44] and in the iBGP I would like to handle only [2a0e:87c0:620:1::/64]
I do can ping from the eBGP to the IP's in iBGP and vice versa, but not from the internet, for example If I add the address [2a0e:87c0:620::10/64] in eBGP I can ping it from everywhere but If then I configure any ip in iBGP something like [2a0e:87c0:620:1::10/64] I can only ping it within the eBGP and iBGP but is not reachable from internet:
ping 2a0e:87c0:620:1::10 (not reachable) | | | ( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP [2a0e:87c0:620:1::10/64])
this is my current setup for the eBGP:
&<----- router id <ipv4>;
define MYAS = 1234;
protocol device { scan time 10; }
protocol direct { ipv6 { import where net ~ [2a0e:87c0:620::/44{44,128}]; export none; }; }
protocol kernel { scan time 20; ipv6 { import none; export all; }; }
# templates template bgp uplink { local as MYAS; ipv6 { import all; export filter { if net = 2a0e:87c0:620::/44 then accept; reject; }; }; graceful restart on; }
protocol bgp SBv6 from uplink { neighbor 2a09:4c1:100:2d88::8bfa as 58057; source address 2a09:4c0:100:2d98::8934; }
protocol bgp iBGP from uplink { debug all; neighbor fe80:cafe::10%wg0 as MYAS; direct; } &<-----
And the config for iBGP:
&<----- router id <ipv4>;
define MYAS = 1234;
protocol device { scan time 10; }
protocol direct { ipv6 { import where net ~ [2a0e:87c0:620:1::/64{64,128}]; export none; }; }
protocol kernel { scan time 20; ipv6 { import none; export all; }; }
protocol bgp iBGP { debug all; local as MYAS; neighbor fe80:cafe::11%wg0 as MYAS; direct; ipv6 { next hop self; import all; export all; }; graceful restart on; } &<-----
Any ideas? thanks in advance.
On Mon, Nov 29, 2021 at 8:34 AM Nico Schottelius < nico.schottelius@ungleich.ch> wrote:
Good morning Nicolas,
IP assignment is handled differently to IP routing. You can use the "radv" protocol (https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.11) for assignment.
Best regards,
Nico
Nicolas Embriz <nbari@tequila.io> writes:
Hi, I manage to configure, establish a session and announce my prefix with this configuration:
--- log "/var/log/bird.log" all; router id <ipv4>; define MYAS = 1234;
protocol device { scan time 10; }
protocol direct { ipv6; interface "dummy*"; }
# templates template bgp uplink { local as MYAS; ipv6 { import all; export filter { if net = <ipv6::/44> then accept; reject; }; }; graceful restart on; }
protocol bgp SBv6 from uplink { neighbor <ipv6> a as 12345; source address <myipvy>; } ---
For testing I added to eth0 an IPv6 address alias belonging to my /44 segment, I was available to ping and so far all good, but now something that I am struggling with (probably something very basic) is how to do IP address assignment to my network from the router?
This router is a VM but I would like to know how I could use a /64 subnet and assign IP's to my home network.
Probably I am following the wrong approach, but I wanted to give a try creating an internal router (iBGP) and announce only the /64 subnet, I am using wireguard to connect the VM's but can't find a way to ping any IP I assign in this VM, something like this
(internet) | | ( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP/64) <----> HOME/LAN (/64)
this is my config:
log "/var/log/bird.log" all; router id <ipv4>; define MYAS = 1234;
protocol device { scan time 10; }
protocol direct { ipv6; interface "dummy*"; }
template bgp iAS { local as MYAS; ipv6 { import all; export filter { if net = <ipv6::/64> then accept; reject; }; }; graceful restart on; }
protocol bgp iBGP from iAS { debug all; neighbor <peer wireguard ipv6>%wg0 as MYAS; direct; source address <wireguard ipv6>; }
The session gets established but only from the eBGP I can ping the iBGP but not the other way around or from other hosts.
Probably I may be over-complicating things, and I could do everything from the main router but is that the case, still wondering how can I then start to assign IPv6's address to my home network? should I configure something like radvd so that my devices can claim an IPv6?
I am doing this just for learning purposes, so if there is a better way or practice to follow let me know.
regards.
-- Sustainable and modern Infrastructures by ungleich.ch
participants (2)
-
Nico Schottelius -
Nicolas Embriz