Simple two bird BGPs two Uplinks one Peering Provider config
Hi there, I am really new to the complete topic of BGP. So please have a bit mercy with me if I ask something very stupid. But I am trying to build that for the first time ever and I am feeling like a donkey in front of a big mountain. Last but not least it is currently running, but I guess its more luck than something else. Like I said I am completely new to the topic of BGP. What I don't get is how I configure them together so they work (as a HA-Cluster) and currently I can only route a.b.c.249/29 instead of a.b.c.0/22. Here is what I am trying to build (https://imgur.com/a/NtWE6MY). And here are my two configs: /* * My example bgp01 configuration */ log syslog all; log "/var/log/bird.log" all; # d.e.f.124/29 is my IP in the transfer network /29 to my peering uplink1 # d.e.f.125/29 is my 2nd bird bgp in the transfer network /29 to my peering uplink1 router id d.e.f.124; define myasn = XXXX; define myaddr = d.e.f.124; protocol device { scan time 10; # Scan interfaces every 10 seconds } ipv4 table master4; protocol direct { ipv4; # Tells bird to only do ipv4 interface "enp3s0f4"; # Restrict network interfaces BIRD works with } protocol kernel { ipv4{ table master4; import all; export all; }; persist; } #a.b.c.0 is my own /22 ip range protocol static static_bgp { ipv4; route a.b.c.0/22 via d.e.f.124; } protocol bgp link1 { local d.e.f.124 as XXXX; neighbor d.e.f.121 as YYYY; #d.e.f.121 is the first router of my peering uplink 1 ipv4 { import all;export where proto = "static_bgp"; }; } protocol bgp link2 { local d.e.f.124 as XXXX; neighbor d.e.f.122 as YYYY; #d.e.f.122 is the second router of my peering uplink 1 ipv4 { import all;export where proto = "static_bgp"; }; } /* * My example bgp02 configuration */ log syslog all; log "/var/log/bird.log" all; # d.e.f.124/29 is my IP in the transfer network /29 to my peering provider1 # d.e.f.125/29 is my 2nd bird bgp in the transfer network /29 to my peering provider1 router id d.e.f.125; define myasn = XXXX; define myaddr = d.e.f.125; protocol device { scan time 10; # Scan interfaces every 10 seconds } ipv4 table master4; protocol direct { ipv4; # Tells bird to only do ipv4 interface "enp3s0f4"; # Restrict network interfaces BIRD works with } protocol kernel { ipv4{ table master4; import all; export all; }; persist; } #a.b.c.0 is my own /22 ip range protocol static static_bgp { ipv4; route a.b.c.0/22 via d.e.f.125; } protocol bgp link1 { local d.e.f.125 as XXXX; neighbor d.e.f.121 as YYYY; #d.e.f.121 is the first router of my peering provider1 ipv4 { import all;export where proto = "static_bgp"; }; } protocol bgp link2 { local d.e.f.125 as XXXX; neighbor d.e.f.122 as YYYY; #d.e.f.122 is the second router of my peering provider1 ipv4 { import all;export where proto = "static_bgp"; }; } Thanks a lot for your help and inputs Best Regards, Yves
On Mon, May 20, 2019 at 05:17:08PM +0000, Yves Illi wrote:
Hi there,
I am really new to the complete topic of BGP. So please have a bit mercy with me if I ask something very stupid. But I am trying to build that for the first time ever and I am feeling like a donkey in front of a big mountain.
Last but not least it is currently running, but I guess its more luck than something else. Like I said I am completely new to the topic of BGP. What I don't get is how I configure them together so they work (as a HA-Cluster) and currently I can only route a.b.c.249/29 instead of a.b.c.0/22.
Hi
protocol static static_bgp { ipv4; route a.b.c.0/22 via d.e.f.124; }
I think this is the problem, as d.e.f.124 is your local address, then this route is probably not allowed locally (because you should not have route directing to a local address) and therefore likely not propagated to BGP. Simple solution is to have the static route defined as unreachable route: route a.b.c.0/22 unreachable; You would have more specific routes in the routing table anyways and when the unreachable route is propagated by BGP, the local address will be attached as next hop automatically. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Hi, Okay, I think there is a misunderstanding. Or maybe I am totally wrong. Please correct me if I am. a.b.c.0/22 is my range d.e.f.124 is my bgp01 public ip of the /29 transfer net between my bgp01 and the big router (d.e.f.121/29) of my peering uplink So if I want to advertise my own public ips (a.b.c.0/22) to my peering uplink (so called to the internet) shouldn't I make it like this: protocol static static_bgp { ipv4; route a.b.c.0/22 via d.e.f.124; } protocol bgp link1 { local d.e.f.124 as XXXX; neighbor d.e.f.121 as YYYY; #d.e.f.121 is the first router of my peering uplink 1 ipv4 { import all;export where proto = "static_bgp"; }; } I want to import all from them so I know the internet and how to route.... and I want to export stat-ic_bgp so the internet know's me? Thanks for your help Yves -----Ursprüngliche Nachricht----- Von: Ondrej Zajicek <santiago@crfreenet.org> Gesendet: Montag, 20. Mai 2019 20:43 An: Yves Illi <mail@yvesilli.com> Cc: bird-users@network.cz Betreff: Re: Simple two bird BGPs two Uplinks one Peering Provider config On Mon, May 20, 2019 at 05:17:08PM +0000, Yves Illi wrote:
Hi there,
I am really new to the complete topic of BGP. So please have a bit mercy with me if I ask something very stupid. But I am trying to build that for the first time ever and I am feeling like a donkey in front of a big mountain.
Last but not least it is currently running, but I guess its more luck than something else. Like I said I am completely new to the topic of BGP. What I don't get is how I configure them together so they work (as a HA-Cluster) and currently I can only route a.b.c.249/29 instead of a.b.c.0/22.
Hi
protocol static static_bgp { ipv4; route a.b.c.0/22 via d.e.f.124; }
I think this is the problem, as d.e.f.124 is your local address, then this route is probably not allowed locally (because you should not have route directing to a local address) and therefore likely not propagated to BGP. Simple solution is to have the static route defined as unreachable route: route a.b.c.0/22 unreachable; You would have more specific routes in the routing table anyways and when the unreachable route is propagated by BGP, the local address will be attached as next hop automatically. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Okay, it seams that I figured out something quiet important. So on my bond0 (which is the uplink to the firewall vlan) on the bird bgp box I have a.b.c.249/29 configured. My first fw has a.b.c.252/29 second fw .53/29 and CARP VIP is .54/29. Now I dont have to route a b.c.0/22 to my transfer net ip... I have to route it to my firewall ip or even better of course to my carp vip. Now I see all traffic coming to the fw cluster :) Now the only issue left is the sync between my two bgp boxes... Maybe someone could point me in the right direction :) I have two bird bgp pizzas a.b.c.249/29 and .250/29 so I think I just make a new bgp link between them? Thanks for your help Best Regards Yves From: mail@yvesilli.com Sent: 21 May 2019 13:08 To: santiago@crfreenet.org Cc: bird-users@network.cz Subject: AW: Simple two bird BGPs two Uplinks one Peering Provider config Hi, Okay, I think there is a misunderstanding. Or maybe I am totally wrong. Please correct me if I am. a.b.c.0/22 is my range d.e.f.124 is my bgp01 public ip of the /29 transfer net between my bgp01 and the big router (d.e.f.121/29) of my peering uplink So if I want to advertise my own public ips (a.b.c.0/22) to my peering uplink (so called to the internet) shouldn't I make it like this: protocol static static_bgp { ipv4; route a.b.c.0/22 via d.e.f.124; } protocol bgp link1 { local d.e.f.124 as XXXX; neighbor d.e.f.121 as YYYY; #d.e.f.121 is the first router of my peering uplink 1 ipv4 { import all;export where proto = "static_bgp"; }; } I want to import all from them so I know the internet and how to route.... and I want to export stat-ic_bgp so the internet know's me? Thanks for your help Yves -----Ursprüngliche Nachricht----- Von: Ondrej Zajicek <santiago@crfreenet.org> Gesendet: Montag, 20. Mai 2019 20:43 An: Yves Illi <mail@yvesilli.com> Cc: bird-users@network.cz Betreff: Re: Simple two bird BGPs two Uplinks one Peering Provider config On Mon, May 20, 2019 at 05:17:08PM +0000, Yves Illi wrote:
Hi there,
I am really new to the complete topic of BGP. So please have a bit mercy with me if I ask something very stupid. But I am trying to build that for the first time ever and I am feeling like a donkey in front of a big mountain.
Last but not least it is currently running, but I guess its more luck than something else. Like I said I am completely new to the topic of BGP. What I don't get is how I configure them together so they work (as a HA-Cluster) and currently I can only route a.b.c.249/29 instead of a.b.c.0/22.
Hi
protocol static static_bgp { ipv4; route a.b.c.0/22 via d.e.f.124; }
I think this is the problem, as d.e.f.124 is your local address, then this route is probably not allowed locally (because you should not have route directing to a local address) and therefore likely not propagated to BGP. Simple solution is to have the static route defined as unreachable route: route a.b.c.0/22 unreachable; You would have more specific routes in the routing table anyways and when the unreachable route is propagated by BGP, the local address will be attached as next hop automatically. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
hi Yves, you need indeed a bgp in netwerk or put an additional route reflector of you are planning additional connections in the future and want to scale. kurt Op za 25 mei 2019 10:06 schreef Yves Illi <mail@yvesilli.com>:
Okay, it seams that I figured out something quiet important.
So on my bond0 (which is the uplink to the firewall vlan) on the bird bgp box I have a.b.c.249/29 configured. My first fw has a.b.c.252/29 second fw .53/29 and CARP VIP is .54/29. Now I dont have to route a b.c.0/22 to my transfer net ip... I have to route it to my firewall ip or even better of course to my carp vip. Now I see all traffic coming to the fw cluster :)
Now the only issue left is the sync between my two bgp boxes...
Maybe someone could point me in the right direction :)
I have two bird bgp pizzas a.b.c.249/29 and .250/29 so I think I just make a new bgp link between them?
Thanks for your help
Best Regards Yves *From:* mail@yvesilli.com *Sent:* 21 May 2019 13:08 *To:* santiago@crfreenet.org *Cc:* bird-users@network.cz *Subject:* AW: Simple two bird BGPs two Uplinks one Peering Provider config
Hi,
Okay, I think there is a misunderstanding. Or maybe I am totally wrong. Please correct me if I am.
a.b.c.0/22 is my range
d.e.f.124 is my bgp01 public ip of the /29 transfer net between my bgp01 and the big router (d.e.f.121/29) of my peering uplink
So if I want to advertise my own public ips (a.b.c.0/22) to my peering uplink (so called to the internet) shouldn't I make it like this:
protocol static static_bgp { ipv4; route a.b.c.0/22 via d.e.f.124; } protocol bgp link1 { local d.e.f.124 as XXXX; neighbor d.e.f.121 as YYYY; #d.e.f.121 is the first router of my peering uplink 1 ipv4 { import all;export where proto = "static_bgp"; }; }
I want to import all from them so I know the internet and how to route.... and I want to export stat-ic_bgp so the internet know's me?
Thanks for your help Yves
-----Ursprüngliche Nachricht----- Von: Ondrej Zajicek <santiago@crfreenet.org> Gesendet: Montag, 20. Mai 2019 20:43 An: Yves Illi <mail@yvesilli.com> Cc: bird-users@network.cz Betreff: Re: Simple two bird BGPs two Uplinks one Peering Provider config
On Mon, May 20, 2019 at 05:17:08PM +0000, Yves Illi wrote:
Hi there,
I am really new to the complete topic of BGP. So please have a bit mercy with me if I ask something very stupid. But I am trying to build that for the first time ever and I am feeling like a donkey in front of a big mountain.
Last but not least it is currently running, but I guess its more luck than something else. Like I said I am completely new to the topic of BGP. What I don't get is how I configure them together so they work (as a HA-Cluster) and currently I can only route a.b.c.249/29 instead of a.b.c.0/22.
Hi
protocol static static_bgp { ipv4; route a.b.c.0/22 via d.e.f.124; }
I think this is the problem, as d.e.f.124 is your local address, then this route is probably not allowed locally (because you should not have route directing to a local address) and therefore likely not propagated to BGP.
Simple solution is to have the static route defined as unreachable route:
route a.b.c.0/22 unreachable;
You would have more specific routes in the routing table anyways and when the unreachable route is propagated by BGP, the local address will be attached as next hop automatically.
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
On 5/20/19 7:17 PM, Yves Illi wrote:
I am really new to the complete topic of BGP. So please have a bit mercy with me if I ask something very stupid. But I am trying to build that for the first time ever and I am feeling like a donkey in front of a big mountain.
:)
Last but not least it is currently running, but I guess its more luck than something else. Like I said I am completely new to the topic of BGP. [...] If you're new to BGP and bird, then the following tutorials might also be able to help you a bit:
https://github.com/knorrie/network-examples/blob/master/README.md See "An introduction to BGP" etc... Have fun, Hans
participants (4)
-
Hans van Kranenburg -
Kurt Wauters -
Ondrej Zajicek -
Yves Illi