BGP community not being set on outbound BGP updates
Lex van Roon
r3boot at r3blog.nl
Thu Apr 5 15:21:52 CEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi All,
I'm building a s/RTBH setup based on bird 1.3.7. I'm using a single
route injector which has iBGP peerings with my route-reflector cluster.
The setup looks like this (with the injector running on
OpenBSD-4.9/Alpha and router* running on Debian Squeeze amd64 if that
matters):
[injector]
/ \
/ \
/ \
[router 1] [router 2]
On the injector, I configure static routes, which I export over BGP. I
want to tag these prefixes with a BGP community, so I can nullroute the
IP's on my route-reflectors and all routers that are connected to this
cluster.
For this, I'm using the following configuration (only the relevant
portions included):
[injector]
protocol static blacklist {
route 1.2.3.4/32 via 192.0.2.1;
}
protocol bgp router_1 {
local 172.16.0.1 as 65000;
neighbor 172.16.0.2 as 65000;
export filter {
bgp_community = -empty-;
bgp_community.add((65000,666));
accept;
};
import none;
}
[router 1]
protocol bgp injector {
local 172.16.0.2 as 65000;
neighbor 172.16.0.1 as 65000;
export none;
import filter {
gw = 192.0.2.1;
bgp_community = -empty-;
bgp_community.add((65000,666));
accept;
};
}
The configuration for router 2 is identical apart from the IP's, so I
haven't included this configuration. This setup works, however, the BGP
community only gets set when the prefix enters BGP on router 1:
user at injector# birdc show route 1.2.3.4/32 all
BIRD 1.3.7 ready.
1.2.3.4/32 via 192.0.2.1 on lo1 [blacklist 12:01] * (200)
Type: static unicast univ
user at injector# birdc show route export router_1 all
BIRD 1.3.7 ready.
1.2.3.4/32 via 192.0.2.1 on lo1 [blacklist 12:01] * (200)
Type: static unicast univ
BGP.origin: IGP
BGP.as_path:
BGP.next_hop: 192.0.2.1
BGP.local_pref: 100
user at router_1# birdc show route 1.2.3.4/32
BIRD 1.3.7 ready.
1.2.3.4/32 unreachable [injector 12:01 from 172.16.0.1] * (100) [i]
user at router_1# birdc show route 1.2.3.4/32 all
BIRD 1.3.7 ready.
1.2.3.4/32 unreachable [injector 12:01 from 172.16.0.1] * (100) [i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path:
BGP.next_hop: 192.0.2.1
BGP.local_pref: 100
BGP.community: (65000,666)
My questions:
1) First, are these configuration snippets and command output enough to
assist in these questions?
2) Is it possible to set a BGP community on a static route which is
being exported over BGP? The example in the docs(*) says I should be
able to do this.
3) Am i doing something wrong in this setup that is causing the BGP
community not being set?
4) Is there a more intelligent way to get this to work? Imho, using a
BGP community is the most cleanest and generic way to implement this,
but I want this to be set on the injector, and not on my RR cluster.
Kind Regards,
Lex van Roon
*) http://bird.network.cz/?get_doc&f=bird-6.html#ss6.1
- --
LRO-RIPE | 11FCBF2A | 756E 845C 0A88 75FF C750 1E7E 9723 E0DF 11FC BF2A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPfZxqAAoJEJcj4N8R/L8q5o8H/2bM1FIfXYtfMsTCsgF5VaeH
/jWO1dvBDWpXd6bG/8LO786dboroOgF9u2nN8mMxJdkJ9eurlifs+VkPX53hoTiU
8nT4v1mjF7QzYu6pD3e4U6WDCuvmSSuKFt3F0DI0CBVEI3Gde9RFPT75rC2bfhu2
BOSx8dDmyOpS0WiMuQeqLmfZWwdK12lx7t2/AY1+F2IXCbhC1Q/4sEa8FOEKTLpT
ZEPdTBL0N44dqcVaGtfg+FrmsIQi8iIiUrRFhFicxzzEuBuT5jvbbcPWroVg4Hco
SSMD1ha9b4b4atWGY/kFa0ixO92aBMtEpJIsCoifd1TUPf3oNwawfjxJdEJkDiA=
=y7xa
-----END PGP SIGNATURE-----
More information about the Bird-users
mailing list