BGP multi-homed peering issue..
Michael Vallaly
bird at nolatency.com
Fri Oct 7 01:05:12 CEST 2011
Fellow bird users,
I currently have a single router with two upstream eBGP sessions to two
separate ISPs. IE:
ISP1 <---> Router <---> ISP2
I am attempting to advertise a public netblock to both of these ISPs
simultaneously. I currently have a single kernel routing table
(exterior) configured for the public netblock (203.0.113.0/24), below
is a sample config.
I seem to have a problem in Bird 1.3.3 with this configuration where
the netblock only gets advertised out one of the two upstream peers.
<snip>
# Configure Additional Routing Tables
table exterior;
# BGP Linux Routing Table
protocol kernel table_bgp {
table exterior;
kernel table 100;
persist off; # Don't remove routes on bird shutdown
learn off; # Bird exclusively manages this routing
table import none; # Default is import all
export all; # Default is export none
}
# BGP ingress filters
filter ebgp_in {
if net ~ [
169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+,
10.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+,
0.0.0.0/32-, 0.0.0.0/0{31,32}, 0.0.0.0/0{0,7}
] then { reject; }
else accept;
}
# BGP egress filters
filter ebgp_out {
if net ~ [ 203.0.113.0/24 ] then { accept; }
else reject;
}
# eBGP Uplink to ISP1
protocol bgp uplink_isp1 {
table exterior;
debug {events, states};
description "ISP1 Uplink";
source address 192.168.1.2;
local as 65000;
neighbor 192.168.1.1 as 65001;
hold time 180;
startup hold time 180;
connect retry time 30;
keepalive time 60;
start delay time 5;
error wait time 60, 300;
error forget time 300;
import filter ebgp_in;
export where proto = "ext_isp1";
}
# eBGP Uplink to ISP2
protocol bgp uplink_isp2 {
table exterior;
debug {events, states};
description "ISP2 Uplink";
source address 192.168.2.2;
local as 65000;
neighbor 192.168.2.1 as 65002;
hold time 180;
startup hold time 180;
connect retry time 30;
keepalive time 60;
start delay time 5;
error wait time 60, 300;
error forget time 300;
import filter ebgp_in;
export where proto = "ext_isp2";
}
protocol static ext_isp1 {
description "Advertise netblock to ISP1";
disabled;
table exterior;
route 203.0.113.0/24 via "eth0";
};
protocol static ext_isp2 {
description "Advertise netblock to ISP2";
disabled;
table exterior;
route 203.0.113.0/24 via "eth0";
};
</snip>
When I enable both ext_isp1 and ext_isp2 protocols simultaneously it
seems the BGP advertisement only happens via one peer only, (not both as
I expect / want). Does it make sense that this doesn't work as I expect?
<snip>
bird> show protocols all "ext_*"
name proto table state since info
ext_isp1 Static exterior up 2011-10-06T05:04:18
Preference: 200
Input filter: ACCEPT
Output filter: REJECT
Routes: 1 imported, 0 exported, 1 preferred
Route change stats: received rejected filtered ignored
accepted Import updates: 1 0 0
0 1 Import withdraws: 0 0
--- 0 0 Export updates: 0
0 0 --- 0 Export withdraws:
0 --- --- --- 0
ext_isp2 Static exterior up 2011-10-06T05:04:43
Preference: 200
Input filter: ACCEPT
Output filter: REJECT
Routes: 1 imported, 0 exported, 0 preferred
Route change stats: received rejected filtered ignored
accepted Import updates: 1 0 0
0 1 Import withdraws: 0 0
--- 0 0 Export updates: 0
0 0 --- 0 Export withdraws:
0 --- --- --- 0
bird> show route table exterior for 203.0.113.0/24
203.0.113.0/24 dev eth0 [ext_isp1 2011-10-06T05:04:18] *
(200) dev eth0 [ext_isp2 2011-10-06T05:04:43] (200)
bird> show protocols all "uplink_*"
name proto table state since info
uplink_isp1 BGP exterior up 2011-10-06T05:03:53
--omitted--
Routes: 366176 imported, 0 exported, 239181 preferred
--omitted--
uplink_isp2 BGP exterior up 2011-10-06T05:03:56
--omitted--
Routes: 369569 imported, 1 exported, 131359 preferred
--omitted--
</snip>
Do I need to make two further routing tables (one for each ISP and use
pipes to sync up the existing "exterior table") to make this work?
If so could someone give an example of how to use pipes in this case?
I tried adding the following after adding two tables and altering the
BGP protocols to use them:
<snip>
protocol pipe {
table table_isp1;
mode transparent;
peer table exterior;
}
protocol pipe {
table table_isp2;
mode transparent;
peer table exterior;
}
</snip>
This addition doesn't seem to behave as I expect. Could anyone offer
an insight on what im doing wrong, its got to be something really silly.
Thanks
-Mike
--
Michael Vallaly <mvallaly at nolatency.com>
More information about the Bird-users
mailing list