Review my BGP configuration

Andre Nathan andre at digirati.com.br
Sat Mar 2 22:40:05 CET 2013 

Hello

I have just put my first bird router up in production. Everything is
working fine, but I wonder if there are any modifications that I can do
to my configuration to optimize it and/or adhere best practicess.

My prefix is, in the configuration bellow, a.b.0.0/23, but I want to
export it as two separate /24 prefixes, a.b.0.0/24 and a.b.1.0/24.

Aditional information:

  Router ID: x.y.z.w
  Local AS: 1234
  Neighbor ID: w.z.y.x
  Neighbor AS: 4321

The neighbor router is not directly connected to my router, so I'm using
multihop.

The part that is bugging me about this configuration is the need for a
kernel protocol black list filter. Is there a cleaner way to do this?

Bellow is my bird.conf:

# Protocol kernel: the black list is so that the routes for
# the two /24 reject routes from the static protocol are not
# added to the kernel routing table. This kinda smells fishy.
# Is there a way around this?
filter kernel_filter
prefix set KERNEL_BLACKLIST;
{
  KERNEL_BLACKLIST = [
    a.b.0.0/24,
    a.b.1.0/24
  ];
  if net ~ KERNEL_BLACKLIST then {
    reject;
  }
  accept;
}

protocol kernel {
  scan time 20;
  export filter kernel_filter;
}

protocol device {
  scan time 10;
}

# Prefixes to be exported to BGP, plus a route to the BGP neighbor:
protocol static mynetwork {
  route a.b.0.0/24 reject;
  route a.b.1.0/24 reject;
  route w.z.y.x/32 via w.z.y.1;
}

# The file below contains a single definition: define BGP_MED=200.
# This is used when, due to failover, the iBGP peer becomes the
# preferred router. A script is executed changing the MED value to
# 100 and bird is reloaded. The iBGP peer (which has MED 100) will
# analogously be modified to 200, and thus become the preferred
# router from my provider's router's point of view.
include "/etc/bird-med.conf"

# BGP export filter: export my prefixes.
filter ebgp_out
prefix set EXPORT_WHITELIST;
{
  EXPORT_WHITELIST = [
    a.b.c.0/23,
    a.b.c.0/24,
    a.b.c.1/24
  ];
  if net ~ EXPORT_WHITELIST then {
    bgp_med = BGP_MED;
    accept;
  }
  reject;
}

# BGP import filters: reject RFC1918 stuff.
filter ebgp_in
prefix set IMPORT_BLACKLIST;
{
  IMPORT_BLACKLIST = [...];
    if net ~ IMPORT_BLACKLIST then {
    printn "Discarding received route to ";
    print net;
    reject;
  }
  accept;
}

#
# BGP sessions
#

protocol bgp eBGP {
  description "eBGP";
  local as 1234;
  source address x.y.z.w;
  neighbor w.z.y.x as 4321;
  multihop 2;
  default bgp_local_pref 200;
  export filter ebgp_out;
  import filter ebgp_in;
}
protocol bgp iBGP {
  description "iBGP";
  local as 1234;
  source address x.y.z.w;
  neighbor x.y.z.k as 262672;
  next hop self;
  gateway direct;
  default bgp_local_pref 100;
}

Thanks in advance,
Andre
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20130302/eeb24cd9/attachment.asc>

More information about the Bird-users mailing list