next-hop announcement/withdrawal process

Sergey Popovich popovich_sergei at mail.ru
Mon Aug 4 15:09:05 CEST 2014 

Hello.

> > protocol direct {
> > 
> >   # Import directly connected routes from "lo" interface.
> >   interface "lo";
> >   
> >   # This may  be is needed to properly resolve nexthops from upstream
> > 
> > routes.
> > 
> >   interface "<interface_to_your_routers>";
> 
> what do you mean by this ?

You need this only if you import something from the your routers
(for example default from both routers) to let BIRD correctly
resolve nexthop.

According to your BGP_PEERS template 'import none' you do not import anything
from routers.

> 
> Since I only want to export routes for IPs in the loopback interface, I
> thought I can safely skip other interfaces for
> protocol direct. Well, with the filters in place, I don't worry for
> accidentally announcing routes that I shouldn't.
> Furthermore, as a safeguard I have set the upstream routers  to allow
> announcements only for the specific prefix(192.168.200.0/24). Oh yes I play
> very safe here:-)
> 
> >   # Do not import from other sources.
> >   interface "-*";
> >   
> >   # Import only allowed IPs from the "lo" and route from the upstream
> >   # interface.
> >   import where net ~ ACAST_PS_DIRECT1 || ifname
> > 
> > ="<interface_to_your_routers>";
> 
> I don't need to import anything. Bird is used only as an advertisement
> system.

Yes, if you use BIRD to avertise prefixes only this is unnecessary and
could be skipped.

> 
> I configured bird as you suggested[1] and after a restart I removed
> 192.168.200.1/32 from the prefix set[2]
> 
> See below the log
> 
> 13:29:18 <INFO> Reconfiguration requested by SIGHUP
> 13:29:18 <INFO> Reconfiguring
> 13:29:18 <TRACE> direct1: Reconfigured
> 13:29:18 <TRACE> bgp_peer1: Reconfigured
> 13:29:18 <INFO> Reloading protocol bgp_peer1
> 13:29:18 <TRACE> bgp_peer1: State changed to feed
> 13:29:18 <TRACE> bgp_peer2: Reconfigured
> 13:29:18 <INFO> Reloading protocol bgp_peer2
> 13:29:18 <TRACE> bgp_peer2: State changed to feed
> 13:29:18 <INFO> Reconfigured
> 13:29:18 <TRACE> bgp_peer1 < filtered out 192.168.200.1/32 dev lo
> 13:29:18 <TRACE> bgp_peer1 < removed 192.168.200.1/32 dev lo
> 13:29:18 <TRACE> bgp_peer1 < replaced 192.168.200.2/32 dev lo
> 13:29:18 <TRACE> bgp_peer1: State changed to up
> 13:29:18 <TRACE> bgp_peer2 < filtered out 192.168.200.1/32 dev lo
> 13:29:18 <TRACE> bgp_peer2 < removed 192.168.200.1/32 dev lo
> 13:29:18 <TRACE> bgp_peer2 < replaced 192.168.200.2/32 dev lo
> 13:29:18 <TRACE> bgp_peer2: State changed to up

Seems correct, now prefix withdrawn from both peers, without affecting
direct1 protocol.

> 
> 
> what the meaning of the 'replaced' here?
> 

Prefix is known before filter applied and filter changes
does not remove or add such prefix, but could modify one of
it's attributes (e.g. bgp_path, community, ...), so this
case named 'replce' in routing protocol debugs.

This is just trace message has no real impact and thus
does not trigger any updates, unless you modify one of prefix
attrinutes (bgp_path, community, etc).


> and the output of birdcl show protocols all \"bgp*\" in  a loop
> 
> ### Mon Aug 4 13:29:11 CEST 2014 ###
>   Routes:         0 imported, 2 exported, 0 preferred
>     Import updates:              0          0          0
> 0          0
>     Import withdraws:            0          0        ---
> 0          0
>     Export updates:              2          0          0
> ---          2
>     Export withdraws:            0        ---        ---
> ---          0
>   Routes:         0 imported, 2 exported, 0 preferred
>     Import updates:              0          0          0
> 0          0
>     Import withdraws:            0          0        ---
> 0          0
>     Export updates:              2          0          0
> ---          2
>     Export withdraws:            0        ---        ---
> ---          0
> ### Mon Aug 4 13:29:16 CEST 2014 ###
>   Routes:         0 imported, 1 exported, 0 preferred
>     Import updates:              0          0          0
> 0          0
>     Import withdraws:            0          0        ---
> 0          0
>     Export updates:              4          0          1
> ---          3
>     Export withdraws:            0        ---        ---
> ---          1
>   Routes:         0 imported, 1 exported, 0 preferred
>     Import updates:              0          0          0
> 0          0
>     Import withdraws:            0          0        ---
> 0          0
>     Export updates:              4          0          1
> ---          3
>     Export withdraws:            0        ---        ---
> ---          1
> ### Mon Aug 4 13:29:21 CEST 2014 ###
> 
> 
> Thank you very much for taking the time to provide a complete solution for
> me. It is very much appreciated.
> 
> Cheers,
> Pavlos
> 
> [1] bird.conf
> 
> include "/etc/bird.d/anycast_prefixes.conf";
> 
> define ACAST_PS_DIRECT1 = [ 192.168.200.0/24{32,32} ];
> 
> function anycast_advertise()
> {
>     return net ~ ACAST_PS_ADVERTISE;
> }
> 
> filter anycast_range {
>     if anycast_advertise() then
>         accept;
> 
>     reject;
> }
Actually having named filter (anycast_range) also not strictly
necessary: you could use 'export where anycast_advertise()'
in BGP_PEERS instead of 'export filter anycast_range'. See BGP_PEERS.

This is up to your choice :-).

> 
> router id 192.168.88.194;
> listen bgp address 192.168.88.194;
> 
> protocol direct {
>     interface "lo";
>         debug all;
>         import where net ~ ACAST_PS_DIRECT1;
>         export none;
> }
> 


> protocol kernel kernel1 {
>     disabled yes;
> }
This is not necessary if you do not plan to install routes into kernel
routing tables. May be removed safely.

> 
> protocol device {
>     scan time 10;
> }
>

> protocol static {
>     disabled yes;
> }
> 
> protocol bfd {
>     interface "eth0" {
>         min rx interval 500 ms;
>         min tx interval 500 ms;
>         idle tx interval 1000 ms;
>         multiplier 3;
>     };
> }
> 
> template bgp BGP_PEERS {
>     bfd on;
>     debug all;
>     import none;
>     export filter anycast_range;
Simpler version:
      export where anycast_advertise();

>     direct;
>     hold time 30;
>     startup hold time 240;
>     connect retry time 120;
>     keepalive time 10;
>     start delay time 5;
>     error wait time 60, 300;
>     error forget time 300;
>     disable after error off;
>     next hop self;
>     path metric 1;
>     default bgp_med 0;
>     default bgp_local_pref 0;
> }
> 
> protocol bgp bgp_peer1 from BGP_PEERS {
>     disabled no;
>     description "My-BGP-Peer1";
>     local as 46111;
Also could be moved in template (and as many other
parameters overwritten in actual protocol configuration).
>     neighbor 192.168.95.252 as 46111;
>     source address 192.168.88.194;
'source address' could be eliminated by using 'local'
extended syntax:
      local 192.168.88.194 as 46111;
> }
> 
> protocol bgp bgp_peer2 from BGP_PEERS {
>     disabled no;
>     description "My-BGP-Peer2";
>     local as 46111;
>     neighbor 192.168.95.253 as 46111;
>     source address 192.168.88.194;
> }
> 
> 
> [2] /etc/bird.d/anycast_prefixes.conf
> define ACAST_PS_ADVERTISE =
>     [
>         192.168.200.1/32,  # Frontend 1
>         192.168.200.2/32  # Frontend 2
>     ];

-- 
SP5474-RIPE
Sergey Popovich

More information about the Bird-users mailing list