BGP multi-homed peering issue..
Alexander V. Chernikov
melifaro at yandex-team.ru
Fri Oct 7 07:52:33 CEST 2011
On 07.10.2011 03:05, Michael Vallaly wrote:
>
> Fellow bird users,
>
> I currently have a single router with two upstream eBGP sessions to two
> separate ISPs. IE:
>
> ISP1 <---> Router <---> ISP2
>
> I am attempting to advertise a public netblock to both of these ISPs
> simultaneously. I currently have a single kernel routing table
> (exterior) configured for the public netblock (203.0.113.0/24), below
> is a sample config.
>
> I seem to have a problem in Bird 1.3.3 with this configuration where
> the netblock only gets advertised out one of the two upstream peers.
You don't need 2 static protocols advertising the same route to the same
bird routing table.
Use single static protocol instance and make appropriate export filter
which should be the same for both BGP uplinks.
>
> <snip>
>
> # Configure Additional Routing Tables
> table exterior;
>
> # BGP Linux Routing Table
> protocol kernel table_bgp {
> table exterior;
> kernel table 100;
> persist off; # Don't remove routes on bird shutdown
> learn off; # Bird exclusively manages this routing
> table import none; # Default is import all
> export all; # Default is export none
> }
>
> # BGP ingress filters
> filter ebgp_in {
> if net ~ [
> 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+,
> 10.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+,
> 0.0.0.0/32-, 0.0.0.0/0{31,32}, 0.0.0.0/0{0,7}
> ] then { reject; }
> else accept;
> }
>
> # BGP egress filters
> filter ebgp_out {
> if net ~ [ 203.0.113.0/24 ] then { accept; }
> else reject;
> }
>
> # eBGP Uplink to ISP1
> protocol bgp uplink_isp1 {
> table exterior;
> debug {events, states};
> description "ISP1 Uplink";
> source address 192.168.1.2;
> local as 65000;
> neighbor 192.168.1.1 as 65001;
> hold time 180;
> startup hold time 180;
> connect retry time 30;
> keepalive time 60;
> start delay time 5;
> error wait time 60, 300;
> error forget time 300;
> import filter ebgp_in;
> export where proto = "ext_isp1";
> }
>
> # eBGP Uplink to ISP2
> protocol bgp uplink_isp2 {
> table exterior;
> debug {events, states};
> description "ISP2 Uplink";
> source address 192.168.2.2;
> local as 65000;
> neighbor 192.168.2.1 as 65002;
> hold time 180;
> startup hold time 180;
> connect retry time 30;
> keepalive time 60;
> start delay time 5;
> error wait time 60, 300;
> error forget time 300;
> import filter ebgp_in;
> export where proto = "ext_isp2";
> }
>
> protocol static ext_isp1 {
> description "Advertise netblock to ISP1";
> disabled;
> table exterior;
> route 203.0.113.0/24 via "eth0";
> };
>
> protocol static ext_isp2 {
> description "Advertise netblock to ISP2";
> disabled;
> table exterior;
> route 203.0.113.0/24 via "eth0";
> };
>
> </snip>
>
> When I enable both ext_isp1 and ext_isp2 protocols simultaneously it
> seems the BGP advertisement only happens via one peer only, (not both as
> I expect / want). Does it make sense that this doesn't work as I expect?
>
> <snip>
> bird> show protocols all "ext_*"
> name proto table state since info
> ext_isp1 Static exterior up 2011-10-06T05:04:18
> Preference: 200
> Input filter: ACCEPT
> Output filter: REJECT
> Routes: 1 imported, 0 exported, 1 preferred
> Route change stats: received rejected filtered ignored
> accepted Import updates: 1 0 0
> 0 1 Import withdraws: 0 0
> --- 0 0 Export updates: 0
> 0 0 --- 0 Export withdraws:
> 0 --- --- --- 0
>
> ext_isp2 Static exterior up 2011-10-06T05:04:43
> Preference: 200
> Input filter: ACCEPT
> Output filter: REJECT
> Routes: 1 imported, 0 exported, 0 preferred
> Route change stats: received rejected filtered ignored
> accepted Import updates: 1 0 0
> 0 1 Import withdraws: 0 0
> --- 0 0 Export updates: 0
> 0 0 --- 0 Export withdraws:
> 0 --- --- --- 0
>
>
> bird> show route table exterior for 203.0.113.0/24
> 203.0.113.0/24 dev eth0 [ext_isp1 2011-10-06T05:04:18] *
> (200) dev eth0 [ext_isp2 2011-10-06T05:04:43] (200)
>
> bird> show protocols all "uplink_*"
> name proto table state since info
> uplink_isp1 BGP exterior up 2011-10-06T05:03:53
> --omitted--
> Routes: 366176 imported, 0 exported, 239181 preferred
> --omitted--
>
> uplink_isp2 BGP exterior up 2011-10-06T05:03:56
> --omitted--
> Routes: 369569 imported, 1 exported, 131359 preferred
> --omitted--
>
> </snip>
>
> Do I need to make two further routing tables (one for each ISP and use
> pipes to sync up the existing "exterior table") to make this work?
>
> If so could someone give an example of how to use pipes in this case?
>
> I tried adding the following after adding two tables and altering the
> BGP protocols to use them:
>
> <snip>
> protocol pipe {
> table table_isp1;
> mode transparent;
> peer table exterior;
> }
>
> protocol pipe {
> table table_isp2;
> mode transparent;
> peer table exterior;
> }
> </snip>
>
> This addition doesn't seem to behave as I expect. Could anyone offer
> an insight on what im doing wrong, its got to be something really silly.
>
> Thanks
>
> -Mike
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20111007/c1d8f134/attachment-0001.asc>
More information about the Bird-users
mailing list