Setting up anycast DNS using bird
Fellow birdwatchers, We're running a set of resolvers here using an anycast setup. We currently do this on FreeBSD using openbsd's bgpd. Bgpd is started with a bare config defining the local as, the neighbor and its as. After starting up our DNS servers on a local dummy0 interface, and we're confident that they work, we're using bgpctl (openbgp's CLI) to announce one or more prefixes. So far I have a working setup, but I'm not completely satisfied: log syslog {info, warning, error, fatal, debug, trace, remote, auth}; log "/var/log/bird.log" all; router id 192.168.1.1; listen bgp address 192.168.1.1 port 179; protocol kernel { persist; # Don't remove routes on BIRD shutdown scan time 20; # Scan kernel routing table every 20 seconds } protocol device { scan time 10; # Scan interfaces every 10 seconds } # only guesswork here: I'm presuming this scans all dummy interfaces, and looks what is up and configured? protocol direct { interface "dummy*"; } protocol bgp { debug all; local as 65516; neighbor 192.168.1.2 as 3265; source address 192.168.1.1; # again: guesswork, does this announce all 'protocol direct' stuff? export all; } My preference would be to explicitly list the prefixes that I want to announce, not having to rely on what I'm really configuring on my linux dummy interface. Is that coming, or did I misinterpret the docs? I'd love to setup a v4 and a v6 bgp session with 1 daemon, since my DNS software is fine with it. Do I understand it correctly that this currently isn't possible? Regards, Kai
On 15.1.2010 16:30, K Storbeck wrote:
Fellow birdwatchers,
We're running a set of resolvers here using an anycast setup. We currently do this on FreeBSD using openbsd's bgpd.
Bgpd is started with a bare config defining the local as, the neighbor and its as. After starting up our DNS servers on a local dummy0 interface, and we're confident that they work, we're using bgpctl (openbgp's CLI) to announce one or more prefixes.
So far I have a working setup, but I'm not completely satisfied:
log syslog {info, warning, error, fatal, debug, trace, remote, auth}; log "/var/log/bird.log" all;
router id 192.168.1.1; listen bgp address 192.168.1.1 port 179;
protocol kernel { persist; # Don't remove routes on BIRD shutdown scan time 20; # Scan kernel routing table every 20 seconds }
protocol device { scan time 10; # Scan interfaces every 10 seconds }
# only guesswork here: I'm presuming this scans all dummy interfaces, and looks what is up and configured? protocol direct { interface "dummy*"; }
protocol bgp { debug all; local as 65516; neighbor 192.168.1.2 as 3265; source address 192.168.1.1;
# again: guesswork, does this announce all 'protocol direct' stuff? export all; }
My preference would be to explicitly list the prefixes that I want to announce, not having to rely on what I'm really configuring on my linux dummy interface. Is that coming, or did I misinterpret the docs?
Hi, of course you can specify export filters: E.g. =========== filter bgp_out { if (net = 192.175.48.0/24 ) then accept; else reject; } protocol bgp { debug all; local as 65516; neighbor 192.168.1.2 as 3265; source address 192.168.1.1; export export filter bgp_out; } =========== But there is more way then just this one.
I'd love to setup a v4 and a v6 bgp session with 1 daemon, since my DNS software is fine with it. Do I understand it correctly that this currently isn't possible?
Unfortunately, that is not possible. You must run two daemons. Ondrej
Regards, Kai
On Tue, Jan 19, 2010 at 12:56:04AM +0100, Ondrej Filip wrote:
# only guesswork here: I'm presuming this scans all dummy interfaces, and looks what is up and configured?
Yes
protocol direct { interface "dummy*"; }
protocol bgp { debug all; local as 65516; neighbor 192.168.1.2 as 3265; source address 192.168.1.1;
# again: guesswork, does this announce all 'protocol direct' stuff? export all;
Yes, it announces all routes from BIRD routing table, which is filled by routes from protocol direct.
}
My preference would be to explicitly list the prefixes that I want to announce, not having to rely on what I'm really configuring on my linux dummy interface. Is that coming, or did I misinterpret the docs?
Hi, of course you can specify export filters:
E.g.
=========== filter bgp_out { if (net = 192.175.48.0/24 ) then accept; else reject; }
protocol bgp { debug all; local as 65516; neighbor 192.168.1.2 as 3265; source address 192.168.1.1; export export filter bgp_out; ^^^^^^^^^^^^^ there should be just one 'export'
} ===========
But there is more way then just this one.
The other way is to not import routes from direct protocol, but explicitly specify them using static protocol. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (3)
-
K Storbeck -
Ondrej Filip -
Ondrej Zajicek