Simple BGP with two operators, one advertisement and prepending
Hi, I have a pretty simple BGP configuration with two ISP and one static subnet to advertise. There is also one prepending configured but I'm not sure if it's working. The thing is that for some reason when I connect both ISP peers, traffic to the advertised ISP#2 networks (with shorter path) stops working after a couple of seconds. Tracert shows the last hop as ISP#2 border router. Similar configuration on Juniper router works without any problem, so I'm afraid that there is an error within my Bird config. Can you please help me out? PS. Without prepending situation is exactly the same. OS: Debian 8 Bird: 1.4.5-1+deb8u1 router id 90.90.90.1; protocol kernel { persist; scan time 15; import all; export all; } protocol device { scan time 10; } filter bgp_isp1_out { if net = 90.90.90.0/24 then { accept; } else reject; } filter bgp_isp2_out { if net = 90.90.90.0/24 then { bgp_path.prepend(12345); bgp_path.prepend(12345); accept; } else reject; } protocol bgp bgp_isp1 { import all; export filter bgp_isp1_out; local as 12345; neighbor 2.3.4.5 as 2345; } protocol bgp bgp_isp2 { import all; export filter bgp_isp2_out; local as 12345; neighbor 3.4.5.6 as 3456; } Thank you. Regards, Wojciech Bajorek
Hi, Have you check the bgp export result from birdc? birdc 'show route export peer_isp1' and birdc 'show route export peer_isp2' and see if as path already added. Best regards, David S. ------------------------------------------------ e. david@zeromail.us w. pnyet.web.id p. 087881216110 On Tue, Apr 25, 2017 at 2:36 PM, Wojciech Bajorek < wojciech.bajorek@gmail.com> wrote:
Hi,
I have a pretty simple BGP configuration with two ISP and one static subnet to advertise. There is also one prepending configured but I'm not sure if it's working.
The thing is that for some reason when I connect both ISP peers, traffic to the advertised ISP#2 networks (with shorter path) stops working after a couple of seconds. Tracert shows the last hop as ISP#2 border router.
Similar configuration on Juniper router works without any problem, so I'm afraid that there is an error within my Bird config. Can you please help me out?
PS. Without prepending situation is exactly the same.
OS: Debian 8 Bird: 1.4.5-1+deb8u1
router id 90.90.90.1;
protocol kernel { persist; scan time 15; import all; export all; }
protocol device { scan time 10; }
filter bgp_isp1_out { if net = 90.90.90.0/24 then { accept; } else reject; }
filter bgp_isp2_out { if net = 90.90.90.0/24 then { bgp_path.prepend(12345); bgp_path.prepend(12345); accept; } else reject; }
protocol bgp bgp_isp1 { import all; export filter bgp_isp1_out;
local as 12345; neighbor 2.3.4.5 as 2345; }
protocol bgp bgp_isp2 { import all; export filter bgp_isp2_out;
local as 12345; neighbor 3.4.5.6 as 3456; }
Thank you.
Regards, Wojciech Bajorek
Yes. It was approx one week ago but AFAIR both ISPs received subnet (however in the output there was an "inactive" or "unreachable" note). Additional info - this server has 3 IP addresses - two /30 networks for ISP1 and ISP2 and "internal" network - 90.90.90.1/24 Regards, Wojciech Bajorek 2017-04-25 9:46 GMT+02:00 David S. <david@zeromail.us>:
Hi,
Have you check the bgp export result from birdc? birdc 'show route export peer_isp1' and birdc 'show route export peer_isp2' and see if as path already added.
Best regards, David S. ------------------------------------------------ e. david@zeromail.us w. pnyet.web.id p. 087881216110
On Tue, Apr 25, 2017 at 2:36 PM, Wojciech Bajorek < wojciech.bajorek@gmail.com> wrote:
Hi,
I have a pretty simple BGP configuration with two ISP and one static subnet to advertise. There is also one prepending configured but I'm not sure if it's working.
The thing is that for some reason when I connect both ISP peers, traffic to the advertised ISP#2 networks (with shorter path) stops working after a couple of seconds. Tracert shows the last hop as ISP#2 border router.
Similar configuration on Juniper router works without any problem, so I'm afraid that there is an error within my Bird config. Can you please help me out?
PS. Without prepending situation is exactly the same.
OS: Debian 8 Bird: 1.4.5-1+deb8u1
router id 90.90.90.1;
protocol kernel { persist; scan time 15; import all; export all; }
protocol device { scan time 10; }
filter bgp_isp1_out { if net = 90.90.90.0/24 then { accept; } else reject; }
filter bgp_isp2_out { if net = 90.90.90.0/24 then { bgp_path.prepend(12345); bgp_path.prepend(12345); accept; } else reject; }
protocol bgp bgp_isp1 { import all; export filter bgp_isp1_out;
local as 12345; neighbor 2.3.4.5 as 2345; }
protocol bgp bgp_isp2 { import all; export filter bgp_isp2_out;
local as 12345; neighbor 3.4.5.6 as 3456; }
Thank you.
Regards, Wojciech Bajorek
Maybe you forgot to disable rp_filter on uplink ifaces? And prepend works for incoming traffic, for outgoing - there is localpref. So, if outgoing traffic goes via ISP2 and incoming passed via ISP1 - it's dropped if rp_filter is enabled. On 25.04.2017 10:36, Wojciech Bajorek wrote:
Hi,
I have a pretty simple BGP configuration with two ISP and one static subnet to advertise. There is also one prepending configured but I'm not sure if it's working.
The thing is that for some reason when I connect both ISP peers, traffic to the advertised ISP#2 networks (with shorter path) stops working after a couple of seconds. Tracert shows the last hop as ISP#2 border router.
Similar configuration on Juniper router works without any problem, so I'm afraid that there is an error within my Bird config. Can you please help me out?
PS. Without prepending situation is exactly the same.
OS: Debian 8 Bird: 1.4.5-1+deb8u1
router id 90.90.90.1;
protocol kernel { persist; scan time 15; import all; export all; }
protocol device { scan time 10; }
filter bgp_isp1_out { if net = 90.90.90.0/24 <http://90.90.90.0/24> then { accept; } else reject; }
filter bgp_isp2_out { if net = 90.90.90.0/24 <http://90.90.90.0/24> then { bgp_path.prepend(12345); bgp_path.prepend(12345); accept; } else reject; }
protocol bgp bgp_isp1 { import all; export filter bgp_isp1_out;
local as 12345; neighbor 2.3.4.5 as 2345; }
protocol bgp bgp_isp2 { import all; export filter bgp_isp2_out;
local as 12345; neighbor 3.4.5.6 as 3456; }
Thank you.
Regards, Wojciech Bajorek
Thanks, you might be right, indeed rp_filter was enabled. I will test it today and see if it helps. Does it mean that my config is just fine? Regards, Wojciech Bajorek 2017-04-25 12:36 GMT+02:00 Andrew <nitr0@seti.kr.ua>:
Maybe you forgot to disable rp_filter on uplink ifaces?
And prepend works for incoming traffic, for outgoing - there is localpref. So, if outgoing traffic goes via ISP2 and incoming passed via ISP1 - it's dropped if rp_filter is enabled.
On 25.04.2017 10:36, Wojciech Bajorek wrote:
Hi,
I have a pretty simple BGP configuration with two ISP and one static subnet to advertise. There is also one prepending configured but I'm not sure if it's working.
The thing is that for some reason when I connect both ISP peers, traffic to the advertised ISP#2 networks (with shorter path) stops working after a couple of seconds. Tracert shows the last hop as ISP#2 border router.
Similar configuration on Juniper router works without any problem, so I'm afraid that there is an error within my Bird config. Can you please help me out?
PS. Without prepending situation is exactly the same.
OS: Debian 8 Bird: 1.4.5-1+deb8u1
router id 90.90.90.1;
protocol kernel { persist; scan time 15; import all; export all; }
protocol device { scan time 10; }
filter bgp_isp1_out { if net = 90.90.90.0/24 then { accept; } else reject; }
filter bgp_isp2_out { if net = 90.90.90.0/24 then { bgp_path.prepend(12345); bgp_path.prepend(12345); accept; } else reject; }
protocol bgp bgp_isp1 { import all; export filter bgp_isp1_out;
local as 12345; neighbor 2.3.4.5 as 2345; }
protocol bgp bgp_isp2 { import all; export filter bgp_isp2_out;
local as 12345; neighbor 3.4.5.6 as 3456; }
Thank you.
Regards, Wojciech Bajorek
Hi, It seems that rp_filter was the key. Both BGP sessions are up, thanks for tip. Now, I have a different topic - can you suggest a solution to overcome situation, where one ISP sends two AS numbers and in most cases their path is longer for outgoing traffic? Regards, Wojciech Bajorek 2017-04-25 15:46 GMT+02:00 Wojciech Bajorek <wojciech.bajorek@gmail.com>:
Thanks, you might be right, indeed rp_filter was enabled.
I will test it today and see if it helps.
Does it mean that my config is just fine?
Regards, Wojciech Bajorek
2017-04-25 12:36 GMT+02:00 Andrew <nitr0@seti.kr.ua>:
Maybe you forgot to disable rp_filter on uplink ifaces?
And prepend works for incoming traffic, for outgoing - there is localpref. So, if outgoing traffic goes via ISP2 and incoming passed via ISP1 - it's dropped if rp_filter is enabled.
On 25.04.2017 10:36, Wojciech Bajorek wrote:
Hi,
I have a pretty simple BGP configuration with two ISP and one static subnet to advertise. There is also one prepending configured but I'm not sure if it's working.
The thing is that for some reason when I connect both ISP peers, traffic to the advertised ISP#2 networks (with shorter path) stops working after a couple of seconds. Tracert shows the last hop as ISP#2 border router.
Similar configuration on Juniper router works without any problem, so I'm afraid that there is an error within my Bird config. Can you please help me out?
PS. Without prepending situation is exactly the same.
OS: Debian 8 Bird: 1.4.5-1+deb8u1
router id 90.90.90.1;
protocol kernel { persist; scan time 15; import all; export all; }
protocol device { scan time 10; }
filter bgp_isp1_out { if net = 90.90.90.0/24 then { accept; } else reject; }
filter bgp_isp2_out { if net = 90.90.90.0/24 then { bgp_path.prepend(12345); bgp_path.prepend(12345); accept; } else reject; }
protocol bgp bgp_isp1 { import all; export filter bgp_isp1_out;
local as 12345; neighbor 2.3.4.5 as 2345; }
protocol bgp bgp_isp2 { import all; export filter bgp_isp2_out;
local as 12345; neighbor 3.4.5.6 as 3456; }
Thank you.
Regards, Wojciech Bajorek
participants (3)
-
Andrew -
David S. -
Wojciech Bajorek