manipulating the best path, eBGP, MED?
Supp, I implemented bird in our Private cloud running proxmox to distribute our public address with eBGP to our serverhost. Through iBGP and a ucarp interface i have a HA gateway, the problem is that our host receives the routes but there are multiple entry points to our subnet ( the proxmox hosts). This makes that a diffrent in & out route doenst work. through following link: https://supportforums.cisco.com/document/126691/understanding-bgp-best-path-... I learned that my hosts selects its route based on age ( the bird with the first connection is chosen). Can i send a multi-exit discriminator with my eBGP connection to my host? I googled but could find 2 answers that did't change anything: # your default gateway IP below here protocol bgp eBGP { import none; export where proto = "static_packet"; local as 65000; neighbor 10.80.x.x as 65530; password "SECRET"; #med metric 10; #default bgp_med 10; } (offcourse i tried both without # and waited till export) Or is there an other way to make sure that our host routes always to the first server and so on. -- Thomas Valgaeren thomas@phasehosting.io +32477915307
Hello Thomas, I’m a tiny bit confused by your question, but here is my best attempt to answer it. In regards to multiple routers say you have .4 and .5 both with a HA address of .1 when using eBGP it will likely be the “old first” as you say that your host will pass the INBOUND data to. In regards to the outbound data, your host will accept the data from either .4 or .5 without issue, in fact it is a common configuration to have people the oldest BGP session be the inbound and then manipulate the HA and have .1 be on the newest. That way you have a bit of load distributed between the inbound and outbound host. Hope that helps, Mike -- Michael McConnell WINK Streaming; email: michael@winkstreaming.com <mailto:michael@winkstreaming.com> phone: +1 312 281-5433 x 7400 cell: +506 8706-2389 skype: wink-michael web: http://winkstreaming.com <http://winkstreaming.com/>
On Mar 6, 2017, at 6:27 PM, Thomas@PhaseHosting <thomas@phasehosting.io> wrote:
Supp,
I implemented bird in our Private cloud running proxmox to distribute our public address with eBGP to our serverhost.
Through iBGP and a ucarp interface i have a HA gateway, the problem is that our host receives the routes but there are multiple entry points to our subnet ( the proxmox hosts). This makes that a diffrent in & out route doenst work. through following link: https://supportforums.cisco.com/document/126691/understanding-bgp-best-path-... I learned that my hosts selects its route based on age ( the bird with the first connection is chosen).
Can i send a multi-exit discriminator with my eBGP connection to my host? I googled but could find 2 answers that did't change anything:
# your default gateway IP below here protocol bgp eBGP { import none; export where proto = "static_packet"; local as 65000; neighbor 10.80.x.x as 65530; password "SECRET"; #med metric 10; #default bgp_med 10; }
(offcourse i tried both without # and waited till export)
Or is there an other way to make sure that our host routes always to the first server and so on.
-- Thomas Valgaeren thomas@phasehosting.io +32477915307
Supp, thnqx for the reply, The BGP i have figured out and i have confirmation from my host they accept customer-set MEDs. Only i couldn't get these working and i found 2 posts on the internet with a different configuration and i don't know which one is the right one, "med metric 10;" or "default bgp_med 10;" Am i right that MED is the only option to influence the eBGP and manipulate the prefered path? ( Values like AS are the same and others are not accepted) I attached my eBGP in previous mail. Regards Thomas Op 3/7/2017 om 2:26 PM schreef Michael McConnell:
Hello Thomas,
I’m a tiny bit confused by your question, but here is my best attempt to answer it. In regards to multiple routers say you have .4 and .5 both with a HA address of .1 when using eBGP it will likely be the “old first” as you say that your host will pass the INBOUND data to. In regards to the outbound data, your host will accept the data from either .4 or .5 without issue, in fact it is a common configuration to have people the oldest BGP session be the inbound and then manipulate the HA and have .1 be on the newest. That way you have a bit of load distributed between the inbound and outbound host.
Hope that helps, Mike
*--* *Michael McConnell* *WINK Streaming;* *email:* michael@winkstreaming.com <mailto:michael@winkstreaming.com> *phone:* +1 312 281-5433 *x 7400* *cell:* +506 8706-2389 *skype:* wink-michael *web:* http://winkstreaming.com <http://winkstreaming.com/>
On Mar 6, 2017, at 6:27 PM, Thomas@PhaseHosting <thomas@phasehosting.io <mailto:thomas@phasehosting.io>> wrote:
Supp,
I implemented bird in our Private cloud running proxmox to distribute our public address with eBGP to our serverhost.
Through iBGP and a ucarp interface i have a HA gateway, the problem is that our host receives the routes but there are multiple entry points to our subnet ( the proxmox hosts). This makes that a diffrent in & out route doenst work. through following link: https://supportforums.cisco.com/document/126691/understanding-bgp-best-path-... I learned that my hosts selects its route based on age ( the bird with the first connection is chosen).
Can i send a multi-exit discriminator with my eBGP connection to my host? I googled but could find 2 answers that did't change anything:
# your default gateway IP below here protocol bgp eBGP { import none; export where proto = "static_packet"; local as 65000; neighbor 10.80.x.x as 65530; password "SECRET"; #med metric 10; #default bgp_med 10; }
(offcourse i tried both without # and waited till export)
Or is there an other way to make sure that our host routes always to the first server and so on.
-- Thomas Valgaeren thomas@phasehosting.io <mailto:thomas@phasehosting.io> +32477915307
-- Thomas Valgaeren thomas@phasehosting.io +32477915307
On Tue, Mar 07, 2017 at 03:43:13PM +0100, Thomas@PhaseHosting wrote:
Supp,
thnqx for the reply,
The BGP i have figured out and i have confirmation from my host they accept customer-set MEDs. Only i couldn't get these working and i found 2 posts on the internet with a different configuration and i don't know which one is the right one, "med metric 10;" or "default bgp_med 10;"
Am i right that MED is the only option to influence the eBGP and manipulate the prefered path? ( Values like AS are the same and others are not accepted)
Hi I do not understand if you are trying to manipulate your hosts/routers (i.e. outgoing direction) or neighbors routers (i.e. incoming direction). Both could be influenced by bgp_med attribute (e.g. 'bgp_med = 100;' in import or export filter) assuming your neighbors are from the same AS. Option 'default bgp_med' is probably not what you want, that is used only if a route with MED is compared to a route without MED. Option 'med metric' could be used if you want to compare bgp_med attributes on routes received from different AS numbers. But it is a true/false option, the MED still must be set in filters. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Supp, I want to send the med with eBGP to my hosts their routers so i can influence where the network traffic enters my virtual envirement. I have 3 hypervisors that run bird. I can only controll the traffic from my virtual envirement to the internet, because this runs on bird and ucarp. So through the hypervisor where the ucarp interface is placed does my traffic leave. this subnet is also distributed to the other hypervisors through iBGP. These hypervisors have all an eBGP connection to my hosts addressing the subnet. So hypervisor 1 isnt the single point of failure. But know the best route (at my hosts to my subnet) is chosen on router age. So in case the first hypervisor dies and the second takes over everything works. but if the first hypervisor comes back alive the eBGP connection from hypervisor 2 stays because of its age. I want to send a med value on all the eBGp connections from the hypervisors. So my hosts routes always first to hypervisor 1 and then to 2 and so on. so is this the right configuration to send a med value to my host with the subnet as static route: # your default gateway IP below here protocol bgp eBGP { import none; export filter { where proto = "static_packet"; bgp_med = 100; }; local as 65000; neighbor 10.80.x.x as 65530; password "SECRET"; } Op 3/7/2017 om 7:08 PM schreef Ondrej Zajicek:
On Tue, Mar 07, 2017 at 03:43:13PM +0100, Thomas@PhaseHosting wrote:
Supp,
thnqx for the reply,
The BGP i have figured out and i have confirmation from my host they accept customer-set MEDs. Only i couldn't get these working and i found 2 posts on the internet with a different configuration and i don't know which one is the right one, "med metric 10;" or "default bgp_med 10;"
Am i right that MED is the only option to influence the eBGP and manipulate the prefered path? ( Values like AS are the same and others are not accepted) Hi
I do not understand if you are trying to manipulate your hosts/routers (i.e. outgoing direction) or neighbors routers (i.e. incoming direction). Both could be influenced by bgp_med attribute (e.g. 'bgp_med = 100;' in import or export filter) assuming your neighbors are from the same AS.
Option 'default bgp_med' is probably not what you want, that is used only if a route with MED is compared to a route without MED.
Option 'med metric' could be used if you want to compare bgp_med attributes on routes received from different AS numbers. But it is a true/false option, the MED still must be set in filters.
-- Thomas Valgaeren thomas@phasehosting.io +32477915307
Hi Thomas, You could also consider to prepend your AS in the path. Just some random google result: https://www.juniper.net/documentation/en_US/junos/topics/usage-guidelines/po... In Bird: export filter { if source = RTS_STATIC then { bgp_path.prepend(65000); accept; } reject; }; Our an unchecked adoption of your example: # your default gateway IP below here protocol bgp eBGP { import none; export filter { where proto = "static_packet"; # 65000 -> put you AS here or define variable bgp_path.prepend(65000); # bgp_med = 100; }; local as 65000; neighbor 10.80.x.x as 65530; password "SECRET"; } Another option might be to ask for BGP ecmp on transit side. Hth, SJ
I always use aspath stuffing rather than MED for this kind of thing. After localpref, the next level of choice for a bgp route is the AS path length, with shorter winning. Say you want prefix 1 to always prefer hv1 and prefix2 to prefer hv2. On hv2, prepend your AS onto prefix 1 and on hv1, prepend your AS onto prefix2. When the other end receives the routes, it will see that the AS path length is longer to prefix1 from hv2, so it will always prefer hv1. If hv1 dies, then it will only have the hv2 route and that will be used. When hv1 starts advertising prefix 1 again, the traffic will flow back to hv1. It may seem a little gross, but it is simple and effective. MEDs are much trickier and were designed for the case when you have two different connections through an intervening AS between the source and destination AS. jerry On 3/7/17 11:16 AM, Thomas@PhaseHosting wrote:
Supp,
I want to send the med with eBGP to my hosts their routers so i can influence where the network traffic enters my virtual envirement. I have 3 hypervisors that run bird.
I can only controll the traffic from my virtual envirement to the internet, because this runs on bird and ucarp. So through the hypervisor where the ucarp interface is placed does my traffic leave. this subnet is also distributed to the other hypervisors through iBGP.
These hypervisors have all an eBGP connection to my hosts addressing the subnet. So hypervisor 1 isnt the single point of failure. But know the best route (at my hosts to my subnet) is chosen on router age. So in case the first hypervisor dies and the second takes over everything works. but if the first hypervisor comes back alive the eBGP connection from hypervisor 2 stays because of its age.
I want to send a med value on all the eBGp connections from the hypervisors. So my hosts routes always first to hypervisor 1 and then to 2 and so on.
so is this the right configuration to send a med value to my host with the subnet as static route:
# your default gateway IP below here protocol bgp eBGP { import none; export filter { where proto = "static_packet"; bgp_med = 100; }; local as 65000; neighbor 10.80.x.x as 65530; password "SECRET"; }
Op 3/7/2017 om 7:08 PM schreef Ondrej Zajicek:
On Tue, Mar 07, 2017 at 03:43:13PM +0100, Thomas@PhaseHosting wrote:
Supp,
thnqx for the reply,
The BGP i have figured out and i have confirmation from my host they accept customer-set MEDs. Only i couldn't get these working and i found 2 posts on the internet with a different configuration and i don't know which one is the right one, "med metric 10;" or "default bgp_med 10;"
Am i right that MED is the only option to influence the eBGP and manipulate the prefered path? ( Values like AS are the same and others are not accepted) Hi
I do not understand if you are trying to manipulate your hosts/routers (i.e. outgoing direction) or neighbors routers (i.e. incoming direction). Both could be influenced by bgp_med attribute (e.g. 'bgp_med = 100;' in import or export filter) assuming your neighbors are from the same AS.
Option 'default bgp_med' is probably not what you want, that is used only if a route with MED is compared to a route without MED.
Option 'med metric' could be used if you want to compare bgp_med attributes on routes received from different AS numbers. But it is a true/false option, the MED still must be set in filters.
-- Soundhound Devops "What could possibly go wrong?"
Hey Jerry, Sorry to bother you, as I was working on my BGP implementation I stumbled across a problem. This led me to the Bird mailing list on an article that described my problem exactly. But it was an item I created with your answer describing the solution. At the time I forgot to go further in to this and never got a working state. Prepending the AS path will probably solve the solution, as I am not good with programming I would like to ask for help. This is a part of my configuration: filter filter_public { if net = 147.75.102.216/32 then accept; if net = 147.75.102.217/32 then accept; if net = 147.75.102.218/32 then accept; if net = 147.75.102.219/32 then accept; if net = 147.75.102.220/32 then accept; if net = 147.75.102.221/32 then accept; if net = 147.75.102.222/32 then accept; if net = 147.75.102.223/32 then accept; } ### To hosting provider protocol bgp BGP_provider { export filter filter_public; local as 65000; neighbor IPADDRESS as 65530; password "USjdRHAbPxqj9WxvTRhe"; } ### To other hypervisor protocol bgp H2 { import filter filter_public; export filter filter_public; local as 65000; neighbor IPADDRESS as 65000; next hop self; } ### Source public ip from a VM protocol bgp BGP_IPVM { import filter filter_public; export none; local as 65000; source address internalIP; neighbor VMinternalIP as 65001; } So the VM delivers the public ip to the hypervisor. And the hypervisor to the provider and the other hypervisor. How can I prepend the AS path so the provider will know that when a VM is on Hypervisor1. The path prefix from Hypervisor2 to the provider is 2. And the provider sees that the prefix form hypervisor1 is 1, and choose this path? Thanks in advance. Regards Thomas -----Original Message----- From: Bird-users <bird-users-bounces@network.cz> On Behalf Of Jerry Scharf Sent: dinsdag 7 maart 2017 20:35 To: bird-users@network.cz Subject: Re: manipulating the best path, eBGP, MED? I always use aspath stuffing rather than MED for this kind of thing. After localpref, the next level of choice for a bgp route is the AS path length, with shorter winning. Say you want prefix 1 to always prefer hv1 and prefix2 to prefer hv2. On hv2, prepend your AS onto prefix 1 and on hv1, prepend your AS onto prefix2. When the other end receives the routes, it will see that the AS path length is longer to prefix1 from hv2, so it will always prefer hv1. If hv1 dies, then it will only have the hv2 route and that will be used. When hv1 starts advertising prefix 1 again, the traffic will flow back to hv1. It may seem a little gross, but it is simple and effective. MEDs are much trickier and were designed for the case when you have two different connections through an intervening AS between the source and destination AS. jerry On 3/7/17 11:16 AM, Thomas@PhaseHosting wrote:
Supp,
I want to send the med with eBGP to my hosts their routers so i can influence where the network traffic enters my virtual envirement. I have 3 hypervisors that run bird.
I can only controll the traffic from my virtual envirement to the internet, because this runs on bird and ucarp. So through the hypervisor where the ucarp interface is placed does my traffic leave. this subnet is also distributed to the other hypervisors through iBGP.
These hypervisors have all an eBGP connection to my hosts addressing the subnet. So hypervisor 1 isnt the single point of failure. But know the best route (at my hosts to my subnet) is chosen on router age. So in case the first hypervisor dies and the second takes over everything works. but if the first hypervisor comes back alive the eBGP connection from hypervisor 2 stays because of its age.
I want to send a med value on all the eBGp connections from the hypervisors. So my hosts routes always first to hypervisor 1 and then to 2 and so on.
so is this the right configuration to send a med value to my host with the subnet as static route:
# your default gateway IP below here protocol bgp eBGP { import none; export filter { where proto = "static_packet"; bgp_med = 100; }; local as 65000; neighbor 10.80.x.x as 65530; password "SECRET"; }
Op 3/7/2017 om 7:08 PM schreef Ondrej Zajicek:
On Tue, Mar 07, 2017 at 03:43:13PM +0100, Thomas@PhaseHosting wrote:
Supp,
thnqx for the reply,
The BGP i have figured out and i have confirmation from my host they accept customer-set MEDs. Only i couldn't get these working and i found 2 posts on the internet with a different configuration and i don't know which one is the right one, "med metric 10;" or "default bgp_med 10;"
Am i right that MED is the only option to influence the eBGP and manipulate the prefered path? ( Values like AS are the same and others are not accepted) Hi
I do not understand if you are trying to manipulate your hosts/routers (i.e. outgoing direction) or neighbors routers (i.e. incoming direction). Both could be influenced by bgp_med attribute (e.g. 'bgp_med = 100;' in import or export filter) assuming your neighbors are from the same AS.
Option 'default bgp_med' is probably not what you want, that is used only if a route with MED is compared to a route without MED.
Option 'med metric' could be used if you want to compare bgp_med attributes on routes received from different AS numbers. But it is a true/false option, the MED still must be set in filters.
-- Soundhound Devops "What could possibly go wrong?"
On Mar 7, 2017, at 1:16 PM, Thomas@PhaseHosting <thomas@phasehosting.io> wrote:
Supp,
I want to send the med with eBGP to my hosts their routers so i can influence where the network traffic enters my virtual envirement. I have 3 hypervisors that run bird.
I can only controll the traffic from my virtual envirement to the internet, because this runs on bird and ucarp. So through the hypervisor where the ucarp interface is placed does my traffic leave. this subnet is also distributed to the other hypervisors through iBGP.
These hypervisors have all an eBGP connection to my hosts addressing the subnet. So hypervisor 1 isnt the single point of failure. But know the best route (at my hosts to my subnet) is chosen on router age. So in case the first hypervisor dies and the second takes over everything works. but if the first hypervisor comes back alive the eBGP connection from hypervisor 2 stays because of its age.
I want to send a med value on all the eBGp connections from the hypervisors. So my hosts routes always first to hypervisor 1 and then to 2 and so on.
in your environment if the oldest BGP session is the inbound, if you want to make hyper1 the master again, just do a soft reset of the BGP session on hypervisor 2. you can configure this to be executed via a ucarp script when hypervisor 1 comes back online. outbound will always be via the ucarp floating address (the gateway)
so is this the right configuration to send a med value to my host with the subnet as static route:
# your default gateway IP below here protocol bgp eBGP { import none; export filter { where proto = "static_packet"; bgp_med = 100; }; local as 65000; neighbor 10.80.x.x as 65530; password "SECRET"; }
Op 3/7/2017 om 7:08 PM schreef Ondrej Zajicek:
On Tue, Mar 07, 2017 at 03:43:13PM +0100, Thomas@PhaseHosting wrote:
Supp,
thnqx for the reply,
The BGP i have figured out and i have confirmation from my host they accept customer-set MEDs. Only i couldn't get these working and i found 2 posts on the internet with a different configuration and i don't know which one is the right one, "med metric 10;" or "default bgp_med 10;"
Am i right that MED is the only option to influence the eBGP and manipulate the prefered path? ( Values like AS are the same and others are not accepted) Hi
I do not understand if you are trying to manipulate your hosts/routers (i.e. outgoing direction) or neighbors routers (i.e. incoming direction). Both could be influenced by bgp_med attribute (e.g. 'bgp_med = 100;' in import or export filter) assuming your neighbors are from the same AS.
Option 'default bgp_med' is probably not what you want, that is used only if a route with MED is compared to a route without MED.
Option 'med metric' could be used if you want to compare bgp_med attributes on routes received from different AS numbers. But it is a true/false option, the MED still must be set in filters.
-- Thomas Valgaeren thomas@phasehosting.io +32477915307
participants (6)
-
Jerry Scharf -
Michael McConnell -
Ondrej Zajicek -
Stefan Jakob -
Thomas Valgaeren -
Thomas@PhaseHosting