next-hop announcement/withdrawal process

Pavlos Parissis pavlos.parissis at gmail.com
Mon Aug 4 00:11:12 CEST 2014 

Hi,

I am building a solution where I have N HAProxy servers which have BGP
and BFD sessions with 2 upstream routers. Bird runs on all HAProxy
servers and announces the same prefixes via BGP. I am using ECMP on
upstream routes to balance incoming traffic to these HAProxy servers,
which balance traffic to N backend servers.

I need to advertise/withdraw several IP prefixes within the same range
(192.168.200.0/24) based on the health of a service, in this case the
frontend on HAProxy. These IPs are assigned only the loopback interface.

The problem I am facing is that when I adjust a filter in order to
withdraw the route, all routes are withdrawn and the remaining are
announced again. According to the doc if a reload on bird brings a new
configuration for a protocol, that protocol will be restarted. So, it is
expected behavior.

Below is the log[1] after I removed '192.168.200.1' from prefix set
anycast_prefixes in loopback_ACL filter and reloaded bird.
I was monitoring BGP protocols in a loop running
bird show protocols all "bgp8" and saw that
'export updates' counter was increased from 2 to 3 and 'export
withdraws' counter was increased from 0 to 2.

Is there a way to withdraw to a route from a list without effecting the
rest routes from the list?

The only way I have found so far, it was by removing the specific IP
from the loopback interface. But, this solution prevents a
reload/restart on HAProxy as it can't bind anymore to the socket


Cheers,
Pavlos

[1]
23:37:52 <INFO> Reconfiguration requested by SIGHUP
23:37:52 <INFO> Reconfiguring
23:37:52 <TRACE> direct1: Reconfigured
23:37:52 <INFO> Reloading protocol direct1
23:37:52 <INFO> Restarting protocol direct1
23:37:52 <TRACE> direct1: Shutting down
23:37:52 <TRACE> direct1: State changed to flush
23:37:52 <TRACE> bgp_peer1: Reconfigured
23:37:52 <TRACE> bgp_peer2: Reconfigured
23:37:52 <INFO> Reconfigured
23:37:52 <TRACE> direct1 > removed [sole] 192.168.200.1/32 dev lo
23:37:52 <TRACE> direct1 > removed [sole] 192.168.200.2/32 dev lo
23:37:52 <TRACE> direct1: State changed to down
23:37:52 <TRACE> direct1: Starting
23:37:52 <TRACE> direct1: Connected to table master
23:37:52 <TRACE> direct1: State changed to feed
23:37:52 <TRACE> direct1 < primary address 192.168.200.1/32 on interface
lo added
23:37:52 <TRACE> direct1 > filtered out 192.168.200.1/32 dev lo
23:37:52 <TRACE> direct1 < secondary address 127.0.0.0/8 on interface lo
added
23:37:52 <TRACE> direct1 < secondary address 192.168.200.2/32 on
interface lo added
23:37:52 <TRACE> direct1 > added [best] 192.168.200.2/32 dev lo
23:37:52 <TRACE> bgp_peer2 < filtered out 192.168.200.2/32 dev lo
23:37:52 <TRACE> bgp_peer1 < filtered out 192.168.200.2/32 dev lo
23:37:52 <TRACE> direct1 < primary address 192.168.80.0/20 on interface
eth0 added
23:37:52 <TRACE> direct1: State changed to up
23:37:54 <TRACE> bgp_peer2: Sending KEEPALIVE
23:37:54 <TRACE> bgp_peer1: Sending KEEPALIVE
23:37:54 <TRACE> bgp_peer2: Got KEEPALIVE
23:37:56 <TRACE> bgp_peer1: Got KEEPALIVE


bird.conf
# Override router ID
router id 192.168.88.194;

# Listens only on eth0's IP
listen bgp address 192.168.88.194;

filter loopback_ACL
prefix set anycast_prefixes;
{
  anycast_prefixes = [
    192.168.200.1/32,
    192.168.200.2/32
  ];
  if net ~ anycast_prefixes then accept;
  else reject;
}


filter anycast_range {
    if net ~ [ 192.168.200.0/24 ] then accept;
    else reject;
}

protocol direct {
    interface "lo";
        debug all;
        import filter loopback_ACL;
        export none;
}

protocol kernel kernel1 {
    disabled yes;
}

protocol device {
    scan time 10;
# TODO do I need this?
}

protocol static {
    disabled yes;
}

protocol bfd {
        interface "eth0" {
                min rx interval 500 ms;
                min tx interval 500 ms;
                idle tx interval 1000 ms;
                multiplier 3;
        };
}

template bgp BGP_PEERS {
    bfd on;
    debug all;
    import none;
    export filter anycast_range;
    direct;
    hold time 30;
    startup hold time 240;
    connect retry time 120;
    keepalive time 10;
    start delay time 5;
    error wait time 60, 300;
    error forget time 300;
    disable after error off;
    next hop self;
    path metric 1;
    default bgp_med 0;
    default bgp_local_pref 0;
}

protocol bgp bgp_peer1 from BGP_PEERS {
    disabled no;
    description "My-BGP-Peer1";
    local as 46111;
    neighbor 192.168.95.252 as 46111;
    source address 192.168.88.194;
}

protocol bgp bgp_peer2 from BGP_PEERS {
    disabled no;
    description "My-BGP-Peer2";
    local as 46111;
    neighbor 192.168.95.253 as 46111;
    source address 192.168.88.194;
}

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 880 bytes
Desc: OpenPGP digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20140804/335b3f57/attachment.asc>

More information about the Bird-users mailing list