Hello everyone, I'm writing you because i have a problem with the implementation of BGP on 4 peer in 4 different AS in line. I use bird 2.0.1, and the four peer is virtualized on my pc The 4 peer is in this form AS2 AS4 AS3 AS1 H0 ------------------------------- H1 -------------------------------- H2 ------------------------------ H3 eth1 eth1 eth2 eth2 eth1 eth1 The same configuration without H3 work perfectly, but with H3, H1 and H2 can't comunicate, they stay in the connect state, it's like they never bee reachable for the connection, but if i ping the 2 interface i get a replay. the address of my peer is: H0.eth1: 10.0.0.1/8 H1.eth1: 10.0.1.1/8 H1.eth2: 10.0.1.2/8 H2.eth1: 10.0.2.1/8 H2.eth2: 10.0.2.2/8 H3.eth1: 10.0.3.1/8 the 4 configuration of bird is: H0 log "fileLogh0_0.log" all; debug protocols all; router id 200.0.0.2; protocol kernel { metric 0; learn; ipv4 { import all; export all; }; } protocol direct { } protocol device { scan time 2; } function avoid_crappy_prefixes() { if net.len < 8 then return false; if net.len > 24 then return false; return true; } filter bgp_in { if avoid_crappy_prefixes() then accept; else reject; } protocol bgp h0_0_h1_1 { local as 2; neighbor 10.0.1.1 as 4; ipv4{ import filter bgp_in; export all; }; connect retry time 3; source address 10.0.0.1; } H1 log "fileLogh1_1.log" all; debug protocols all; router id 200.0.0.4; protocol kernel { metric 0; learn; ipv4 { import all; export all; }; } protocol direct { } protocol device { scan time 2; } function avoid_crappy_prefixes() { if net.len < 8 then return false; if net.len > 24 then return false; return true; } filter bgp_in { if avoid_crappy_prefixes() then accept; else reject; } protocol bgp h1_1_h0_0 { local as 4; neighbor 10.0.0.1 as 2; ipv4{ import filter bgp_in; export all; }; connect retry time 3; source address 10.0.1.1; } protocol bgp h1_1_h2_2 { local as 4; neighbor 10.0.2.2 as 3; ipv4{ import filter bgp_in; export all; }; connect retry time 3; source address 10.0.1.2; } H2: log "fileLogh2_2.log" all; debug protocols all; router id 200.0.0.3; protocol kernel { metric 0; learn; ipv4 { import all; export all; }; } protocol direct { } protocol device { scan time 2; } function avoid_crappy_prefixes() { if net.len < 8 then return false; if net.len > 24 then return false; return true; } filter bgp_in { if avoid_crappy_prefixes() then accept; else reject; } protocol bgp h2_2_h3_3 { local as 3; neighbor 10.0.3.1 as 1; ipv4{ import filter bgp_in; export all; }; connect retry time 3; source address 10.0.2.1; } protocol bgp h2_2_h1_1 { local as 3; neighbor 10.0.1.2 as 4; ipv4{ import filter bgp_in; export all; }; connect retry time 3; source address 10.0.2.2; } H3 log "fileLogh3_3.log" all; debug protocols all; router id 200.0.0.1; protocol kernel { metric 0; learn; ipv4 { import all; export all; }; } protocol direct { } protocol device { scan time 2; } function avoid_crappy_prefixes() { if net.len < 8 then return false; if net.len > 24 then return false; return true; } filter bgp_in { if avoid_crappy_prefixes() then accept; else reject; } protocol bgp h3_3_h2_2 { local as 1; neighbor 10.0.2.1 as 3; ipv4{ import filter bgp_in; export all; }; connect retry time 3; source address 10.0.3.1; } This are the file .conf, using the command "show protocols" for every peer i get this results: H0 BIRD 2.0.1 ready. Name Proto Table State Since Info kernel1 Kernel master4 up 17:18:55.370 direct1 Direct --- up 17:18:55.370 device1 Device --- up 17:18:55.370 h0_0_h1_1 BGP --- up 17:19:00.115 Established H1 BIRD 2.0.1 ready. Name Proto Table State Since Info kernel1 Kernel master4 up 17:18:55.370 direct1 Direct --- up 17:18:55.370 device1 Device --- up 17:18:55.370 h1_1_h0_0 BGP --- up 17:19:00.115 Established h1_1_h2_2 BGP --- start 17:18:55.370 Connect H2 BIRD 2.0.1 ready. Name Proto Table State Since Info kernel1 Kernel master4 up 17:18:55.370 direct1 Direct --- up 17:18:55.370 device1 Device --- up 17:18:55.370 h2_2_h3_3 BGP --- up 17:19:00.114 Established h2_2_h1_1 BGP --- start 17:18:55.370 Connect H3 BIRD 2.0.1 ready. Name Proto Table State Since Info kernel1 Kernel master4 up 17:18:55.353 direct1 Direct --- up 17:18:55.353 device1 Device --- up 17:18:55.353 h3_3_h2_2 BGP --- up 17:19:00.114 Established Using a ping from H1.eth2 to 10.0.2.2 i get the replay from peer 2 but in the log of H1 i founded that: 2018-03-06 17:11:57.854 <TRACE> h1_1_h2_2: Connecting to 10.0.2.2 from local address 10.0.1.2 2018-03-06 17:11:59.462 <TRACE> device1: Scanning interfaces 2018-03-06 17:12:00.128 <TRACE> h1_1_h2_2: Connecting to 10.0.2.2 from local address 10.0.1.2 2018-03-06 17:12:01.462 <TRACE> device1: Scanning interfaces 2018-03-06 17:12:02.960 <TRACE> h1_1_h2_2: Connecting to 10.0.2.2 from local address 10.0.1.2 2018-03-06 17:12:03.462 <TRACE> device1: Scanning interfaces peer H1 try to estabilish a connection with H2 without success the same for peer H2 using tcp dump i found that it consider 10.0.2.2 unreachable after some arpe request that didn't get answered. without H3 it works perfectly but i want to work with it, sorry if i'm annoying. Thanks if you will answer me with some idea/explanation Mattia
On Tue, Mar 06, 2018 at 05:49:02PM +0100, Mattia Milani wrote:
Hello everyone, I'm writing you because i have a problem with the implementation of BGP on 4 peer in 4 different AS in line. I use bird 2.0.1, and the four peer is virtualized on my pc The 4 peer is in this form
AS2 AS4 AS3 AS1 H0 ------------------------------- H1 -------------------------------- H2 ------------------------------ H3 eth1 eth1 eth2 eth2 eth1 eth1 The same configuration without H3 work perfectly, but with H3, H1 and H2 can't comunicate, they stay in the connect state, it's like they never bee reachable for the connection, but if i ping the 2 interface i get a replay.
the address of my peer is:
H0.eth1: 10.0.0.1/8 H1.eth1: 10.0.1.1/8 H1.eth2: 10.0.1.2/8 H2.eth1: 10.0.2.1/8 H2.eth2: 10.0.2.2/8 H3.eth1: 10.0.3.1/8
Hello Are these /8 or /24? If they are really /8, then BIRD does not know which interface to use, as they all have prefix 10.0.0.0/8. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
yeah they are a /8, so bird doesn't support /8? now i'll try to modify them. but sorry, why bird doesn't support /8? 2018-03-07 16:40 GMT+01:00 Ondrej Zajicek <santiago@crfreenet.org>:
On Tue, Mar 06, 2018 at 05:49:02PM +0100, Mattia Milani wrote:
Hello everyone, I'm writing you because i have a problem with the implementation of BGP on 4 peer in 4 different AS in line. I use bird 2.0.1, and the four peer is virtualized on my pc The 4 peer is in this form
AS2 AS4 AS3 AS1 H0 ------------------------------- H1 -------------------------------- H2 ------------------------------ H3 eth1 eth1 eth2 eth2 eth1 eth1 The same configuration without H3 work perfectly, but with H3, H1 and H2 can't comunicate, they stay in the connect state, it's like they never bee reachable for the connection, but if i ping the 2 interface i get a replay.
the address of my peer is:
H0.eth1: 10.0.0.1/8 H1.eth1: 10.0.1.1/8 H1.eth2: 10.0.1.2/8 H2.eth1: 10.0.2.1/8 H2.eth2: 10.0.2.2/8 H3.eth1: 10.0.3.1/8
Hello
Are these /8 or /24? If they are really /8, then BIRD does not know which interface to use, as they all have prefix 10.0.0.0/8.
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
and sorry there is a way to specify the interface? if I use "interface *****;" (replace star with the host interface to use for the BGP protocol conf) it give me the message that there is an error in the line of interface spec. 2018-03-07 16:45 GMT+01:00 Mattia Milani <mattia.milani@studenti.unitn.it>:
yeah they are a /8, so bird doesn't support /8? now i'll try to modify them.
but sorry, why bird doesn't support /8?
2018-03-07 16:40 GMT+01:00 Ondrej Zajicek <santiago@crfreenet.org>:
On Tue, Mar 06, 2018 at 05:49:02PM +0100, Mattia Milani wrote:
Hello everyone, I'm writing you because i have a problem with the implementation of BGP on 4 peer in 4 different AS in line. I use bird 2.0.1, and the four peer is virtualized on my pc The 4 peer is in this form
AS2 AS4 AS3 AS1 H0 ------------------------------- H1 -------------------------------- H2 ------------------------------ H3 eth1 eth1 eth2 eth2 eth1 eth1 The same configuration without H3 work perfectly, but with H3, H1 and H2 can't comunicate, they stay in the connect state, it's like they never bee reachable for the connection, but if i ping the 2 interface i get a replay.
the address of my peer is:
H0.eth1: 10.0.0.1/8 H1.eth1: 10.0.1.1/8 H1.eth2: 10.0.1.2/8 H2.eth1: 10.0.2.1/8 H2.eth2: 10.0.2.2/8 H3.eth1: 10.0.3.1/8
Hello
Are these /8 or /24? If they are really /8, then BIRD does not know which interface to use, as they all have prefix 10.0.0.0/8.
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
On Wed, Mar 07, 2018 at 04:45:55PM +0100, Mattia Milani wrote:
yeah they are a /8, so bird doesn't support /8? now i'll try to modify them.
but sorry, why bird doesn't support /8?
BIRD of course supports /8 (and any other prefix lengths), but your network setup have more networks with the same network prefix (10.0.0.0/8), if i understand your network picture correctly (it get mangled in mail). Such network setup is not generally correct. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
all external interface of the peer belong to the same network, and the address of the network is 10.0.0.0/8 that is unic. sorry for the network picture, i noted after had sended the email that it get mangled. now i try to explain it more clearly H0 belong to AS2 and have the interface eth1 with the address 10.0.0.1/8 and it is connected with H1 H1 belong to AS4 and have two interfaces: -eth1 with the address 10.0.1.1/8 that is connected with H0.eth1 -eth2 with the address 10.0.1.2/8 that is connected with H2.eth2 H2 belong to AS3 and have two interfaces: -eth1 with the address 10.0.2.1/8 that is connected with H3.eth1 -eth2 with the address 10.0.2.2/8 that is connected with H1.eth2 H3 belong to AS1 and have the interface eth1 with the address 10.0.3.1/8 and it is connected with H2 i hope that this way to explain the network is more clearly every interace is on the same network address so do you mean that every bgp session between two peer need to have different network address? 2018-03-07 17:01 GMT+01:00 Ondrej Zajicek <santiago@crfreenet.org>:
On Wed, Mar 07, 2018 at 04:45:55PM +0100, Mattia Milani wrote:
yeah they are a /8, so bird doesn't support /8? now i'll try to modify them.
but sorry, why bird doesn't support /8?
BIRD of course supports /8 (and any other prefix lengths), but your network setup have more networks with the same network prefix (10.0.0.0/8), if i understand your network picture correctly (it get mangled in mail). Such network setup is not generally correct.
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Hello, as Ondrej mentioned already, you have wrong basic network setup - you're using wrong network masks. H0 thinks, that all nodes (H1, H2, H3) ale in single directly-connected L2 network. To have BGP working, you need to have basic L3 connectivity working - that means, you must be able to ping each host (and this will not work in your setup). It's not a problem with Bird. With regards, Daniel On 03/07/2018 05:20 PM, Mattia Milani wrote:
all external interface of the peer belong to the same network, and the address of the network is 10.0.0.0/8 <http://10.0.0.0/8> that is unic.
sorry for the network picture, i noted after had sended the email that it get mangled. now i try to explain it more clearly
H0 belong to AS2 and have the interface eth1 with the address 10.0.0.1/8 <http://10.0.0.1/8> and it is connected with H1 H1 belong to AS4 and have two interfaces: -eth1 with the address 10.0.1.1/8 <http://10.0.1.1/8> that is connected with H0.eth1 -eth2 with the address 10.0.1.2/8 <http://10.0.1.2/8> that is connected with H2.eth2 H2 belong to AS3 and have two interfaces: -eth1 with the address 10.0.2.1/8 <http://10.0.2.1/8> that is connected with H3.eth1 -eth2 with the address 10.0.2.2/8 <http://10.0.2.2/8> that is connected with H1.eth2 H3 belong to AS1 and have the interface eth1 with the address 10.0.3.1/8 <http://10.0.3.1/8> and it is connected with H2
i hope that this way to explain the network is more clearly
every interace is on the same network address so do you mean that every bgp session between two peer need to have different network address?
2018-03-07 17:01 GMT+01:00 Ondrej Zajicek <santiago@crfreenet.org <mailto:santiago@crfreenet.org>>:
On Wed, Mar 07, 2018 at 04:45:55PM +0100, Mattia Milani wrote: > yeah they are a /8, so bird doesn't support /8? > now i'll try to modify them. > > but sorry, why bird doesn't support /8?
BIRD of course supports /8 (and any other prefix lengths), but your network setup have more networks with the same network prefix (10.0.0.0/8 <http://10.0.0.0/8>), if i understand your network picture correctly (it get mangled in mail). Such network setup is not generally correct.
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org <mailto:santiago@crfreenet.org>) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net <http://wwwkeys.pgp.net>) "To err is human -- to blame it on a computer is even more so."
yeah that's right i can't ping H2 from H0 but H0 know only H1 it didn't try to reach H2 indeed when i try to ping H1.eth1 from H0.eth1 it works. this nitht i will modify my program to have different networks an i will notify you if it works. Another question, when it will be implemented Aggregation on BGP? have you planed it? Thanks, Mattia 2018-03-07 17:59 GMT+01:00 Daniel Suchy <danny@danysek.cz>:
Hello, as Ondrej mentioned already, you have wrong basic network setup - you're using wrong network masks. H0 thinks, that all nodes (H1, H2, H3) ale in single directly-connected L2 network.
To have BGP working, you need to have basic L3 connectivity working - that means, you must be able to ping each host (and this will not work in your setup). It's not a problem with Bird.
With regards, Daniel
On 03/07/2018 05:20 PM, Mattia Milani wrote:
all external interface of the peer belong to the same network, and the address of the network is 10.0.0.0/8 <http://10.0.0.0/8> that is unic.
sorry for the network picture, i noted after had sended the email that it get mangled. now i try to explain it more clearly
H0 belong to AS2 and have the interface eth1 with the address 10.0.0.1/8 <http://10.0.0.1/8> and it is connected with H1 H1 belong to AS4 and have two interfaces: -eth1 with the address 10.0.1.1/8 <http://10.0.1.1/8> that is connected with H0.eth1 -eth2 with the address 10.0.1.2/8 <http://10.0.1.2/8> that is connected with H2.eth2 H2 belong to AS3 and have two interfaces: -eth1 with the address 10.0.2.1/8 <http://10.0.2.1/8> that is connected with H3.eth1 -eth2 with the address 10.0.2.2/8 <http://10.0.2.2/8> that is connected with H1.eth2 H3 belong to AS1 and have the interface eth1 with the address 10.0.3.1/8 <http://10.0.3.1/8> and it is connected with H2
i hope that this way to explain the network is more clearly
every interace is on the same network address so do you mean that every bgp session between two peer need to have different network address?
2018-03-07 17:01 GMT+01:00 Ondrej Zajicek <santiago@crfreenet.org <mailto:santiago@crfreenet.org>>:
On Wed, Mar 07, 2018 at 04:45:55PM +0100, Mattia Milani wrote: > yeah they are a /8, so bird doesn't support /8? > now i'll try to modify them. > > but sorry, why bird doesn't support /8?
BIRD of course supports /8 (and any other prefix lengths), but your network setup have more networks with the same network prefix (10.0.0.0/8 <http://10.0.0.0/8>), if i understand your network picture correctly (it get mangled in mail). Such network setup is not generally correct.
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org <mailto:santiago@crfreenet.org>) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net <http://wwwkeys.pgp.net>) "To err is human -- to blame it on a computer is even more so."
i had put every link on a /30 so the session between two peer have a different network address for every link. Thanks a lot for the help :) 2018-03-07 18:23 GMT+01:00 Mattia Milani <mattia.milani@studenti.unitn.it>:
yeah that's right i can't ping H2 from H0 but H0 know only H1 it didn't try to reach H2 indeed when i try to ping H1.eth1 from H0.eth1 it works. this nitht i will modify my program to have different networks an i will notify you if it works.
Another question, when it will be implemented Aggregation on BGP? have you planed it?
Thanks, Mattia
2018-03-07 17:59 GMT+01:00 Daniel Suchy <danny@danysek.cz>:
Hello, as Ondrej mentioned already, you have wrong basic network setup - you're using wrong network masks. H0 thinks, that all nodes (H1, H2, H3) ale in single directly-connected L2 network.
To have BGP working, you need to have basic L3 connectivity working - that means, you must be able to ping each host (and this will not work in your setup). It's not a problem with Bird.
With regards, Daniel
On 03/07/2018 05:20 PM, Mattia Milani wrote:
all external interface of the peer belong to the same network, and the address of the network is 10.0.0.0/8 <http://10.0.0.0/8> that is unic.
sorry for the network picture, i noted after had sended the email that it get mangled. now i try to explain it more clearly
H0 belong to AS2 and have the interface eth1 with the address 10.0.0.1/8 <http://10.0.0.1/8> and it is connected with H1 H1 belong to AS4 and have two interfaces: -eth1 with the address 10.0.1.1/8 <http://10.0.1.1/8> that is connected with H0.eth1 -eth2 with the address 10.0.1.2/8 <http://10.0.1.2/8> that is connected with H2.eth2 H2 belong to AS3 and have two interfaces: -eth1 with the address 10.0.2.1/8 <http://10.0.2.1/8> that is connected with H3.eth1 -eth2 with the address 10.0.2.2/8 <http://10.0.2.2/8> that is connected with H1.eth2 H3 belong to AS1 and have the interface eth1 with the address 10.0.3.1/8 <http://10.0.3.1/8> and it is connected with H2
i hope that this way to explain the network is more clearly
every interace is on the same network address so do you mean that every bgp session between two peer need to have different network address?
2018-03-07 17:01 GMT+01:00 Ondrej Zajicek <santiago@crfreenet.org <mailto:santiago@crfreenet.org>>:
On Wed, Mar 07, 2018 at 04:45:55PM +0100, Mattia Milani wrote: > yeah they are a /8, so bird doesn't support /8? > now i'll try to modify them. > > but sorry, why bird doesn't support /8?
BIRD of course supports /8 (and any other prefix lengths), but your network setup have more networks with the same network prefix (10.0.0.0/8 <http://10.0.0.0/8>), if i understand your network picture correctly (it get mangled in mail). Such network setup is not generally correct.
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org <mailto:santiago@crfreenet.org>) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net <http://wwwkeys.pgp.net>) "To err is human -- to blame it on a computer is even more so."
On 03/07/2018 09:20 AM, Mattia Milani wrote:
all external interface of the peer belong to the same network, and the address of the network is 10.0.0.0/8 <http://10.0.0.0/8> that is unic.
Okay. The addresses are in the same network. Are the routers connected to one common broadcast domain? Your diagram looks more like point to point links between the routers. These point to point (like) links will need to be in different networks. If you have two different networks (broadcast domains) connected to a router with addresses in the same (sub)network, the router will get confused and not work as expected. (You can do some crazy things at layer 2, but that's not traditional routing.)
H0 belong to AS2 and have the interface eth1 with the address 10.0.0.1/8 and it is connected with H1 H1 belong to AS4 and have two interfaces: -eth1 with the address 10.0.1.1/8 that is connected with H0.eth1 -eth2 with the address 10.0.1.2/8 that is connected with H2.eth2 H2 belong to AS3 and have two interfaces: -eth1 with the address 10.0.2.1/8 that is connected with H3.eth1 -eth2 with the address 10.0.2.2/8 that is connected with H1.eth2 H3 belong to AS1 and have the interface eth1 with the address 10.0.3.1/8 and it is connected with H2
To use addresses like that, you will need to have all of the following interfaces in the same network (broadcast domain). - H0.eth1 - H1.eth1 - H1.eth2 - H2.eth1 - H2.eth2 - H3.eth1 +----------+--------+---+--------+------------+ | | | | | | | +----+ | +----+ | | +----+ | +----+ | +-+ H0 | +-+ H1 +-+ +-+ H2 +-+ | H3 +-+ +----+ +----+ +----+ +----+ eth1 is on the left and eth2 is on the right All interfaces are in the SAME broadcast domain and (sub)network. Thus all IP addresses will be able to communicate directly with each other. If you want to do something like the following: +----+ +----+ +----+ +----+ | H0 AAAAA H1 BBBBB H2 CCCCC H3 | +----+ +----+ +----+ +----+ AAAAA and BBBBB and CCCCC are three completely separate networks, physically, and addresses. H0.eth2 = A0 H1.eth1 = A1 H1.eth2 = B1 H2.eth1 = B2 H2.eth2 = C2 H3.eth1 = C3 So, if you want to use 10/8 for A, you *MUST* use something different for B and C. You can re-use any IP addresses you want in your lab as long as they don't conflict with each other. Your original example has conflicting IP networks. I personally would use the reserved Test-Net-1 (192.0.2.0/24) for A, Test-Net-2 (198.51.100.0/24) for B, and Test-Net-3 (203.0.113.0/24) for C. I think a lot of people would use different sub-nets of 10.0.0.0/8 for each of the networks. I.e. 10.0.1.0/24 for A, 10.0.2.0/24 for B, and 10.0.3.0/24 for C. The key being that they are completely separate /24 networks.
every interace is on the same network address so do you mean that every bgp session between two peer need to have different network address?
Are the interfaces in the /same/ physical broadcast domain? Based on your diagram they are on *separate* physical broadcast domains. -- Grant. . . . unix || die P.S. Here's hoping my ASCII art is up to snuff /and/ that it survives email.
participants (4)
-
Daniel Suchy -
Grant Taylor -
Mattia Milani -
Ondrej Zajicek