next-hop announcement/withdrawal process
Pavlos Parissis
pavlos.parissis at gmail.com
Mon Aug 4 14:22:07 CEST 2014
On 4 August 2014 09:53, Sergey Popovich <popovich_sergei at mail.ru> wrote:
>
> > Hi,
>
> Hello.
>
> > The problem I am facing is that when I adjust a filter in order to
> > withdraw the route, all routes are withdrawn and the remaining are
> > announced again. According to the doc if a reload on bird brings a new
> > configuration for a protocol, that protocol will be restarted. So, it is
> > expected behavior.
> >
>
> You have changed import filter of direct1 protocol, thus direct1 gets
> reconfigured (on HUP or birdc configure). However this protocol does not
> perform "soft" reconfiguration on filter changes thus direct1 restarts
> unconditionally to apply your filter changes (IP removal/addition).
>
> All routes flushed out from the table (causing BGP withdrawal) and
> fetched from the protocol (direct) again to the table (causing BGP update).
>
> This seems normal behavior.
>
>
>
Sergey, thanks you very much for this very detailed explanation.
You could simply attach your loopback_ACL filter to the BGP_PEERS template
> export (which any needed adjustments, or just make loopback_ACL to work as
> function returning false/true and use it in anycast_range) to solve your
> case.
>
> Also I suggest you to use global prefix set definition, as local variable
> (in filter/function) is created/assigned each time function is called.
>
> For example:
> ------------
>
> # It is probably good idea to have such protocol configred in most cases.
> # It fetches list of the interfaces in system and provides them to the
> other
> # protocols (except OSPF, it has it's own mechanisms).
> #
> protocol device {
> scan time 10;
> }
>
> # This set should be modified only when new frontend subnet is added.
> # direct1 would restart on protocol filter change.
> #
> define ACAST_PS_DIRECT1 =
> [
> 192.168.200.0/24{32,32}
> ];
>
> protocol direct {
> # Import directly connected routes from "lo" interface.
> interface "lo";
>
> # This may be is needed to properly resolve nexthops from upstream
> routes.
> interface "<interface_to_your_routers>";
>
>
what do you mean by this ?
Since I only want to export routes for IPs in the loopback interface, I
thought I can safely skip other interfaces for
protocol direct. Well, with the filters in place, I don't worry for
accidentally announcing routes that I shouldn't.
Furthermore, as a safeguard I have set the upstream routers to allow
announcements only for the specific prefix(192.168.200.0/24). Oh yes I play
very safe here:-)
> # Do not import from other sources.
> interface "-*";
>
> # Import only allowed IPs from the "lo" and route from the upstream
> # interface.
> import where net ~ ACAST_PS_DIRECT1 || ifname
> ="<interface_to_your_routers>";
>
>
I don't need to import anything. Bird is used only as an advertisement
system.
> # No export to the protocol, not necessary
> export none;
> }
>
> # This is global constant for your prefix set (PS) 192.168.200.0/24.
> #
> # Place this definition into external file and source it with include
> # directive from the global configuration file if you wish to modify
> # this PS from the outside (e.g. by some HA script).
> #
> define ACAST_PS_ADVERTISE =
> [
> 192.168.200.1/32, # Frontend 1
> 192.168.200.2/32 # Frontend 2
> ];
>
> function acast_advertise()
> {
> return net ~ ACAST_PS_ADVERTISE;
> }
>
> filter anycast_range
> {
> if acase_advertise() then
> accept;
> reject;
> }
>
> Tested similar config with BIRD 1.3.11 and seems no unwanted
> withdrawals spot.
>
>
I configured bird as you suggested[1] and after a restart I removed
192.168.200.1/32 from the prefix set[2]
See below the log
13:29:18 <INFO> Reconfiguration requested by SIGHUP
13:29:18 <INFO> Reconfiguring
13:29:18 <TRACE> direct1: Reconfigured
13:29:18 <TRACE> bgp_peer1: Reconfigured
13:29:18 <INFO> Reloading protocol bgp_peer1
13:29:18 <TRACE> bgp_peer1: State changed to feed
13:29:18 <TRACE> bgp_peer2: Reconfigured
13:29:18 <INFO> Reloading protocol bgp_peer2
13:29:18 <TRACE> bgp_peer2: State changed to feed
13:29:18 <INFO> Reconfigured
13:29:18 <TRACE> bgp_peer1 < filtered out 192.168.200.1/32 dev lo
13:29:18 <TRACE> bgp_peer1 < removed 192.168.200.1/32 dev lo
13:29:18 <TRACE> bgp_peer1 < replaced 192.168.200.2/32 dev lo
13:29:18 <TRACE> bgp_peer1: State changed to up
13:29:18 <TRACE> bgp_peer2 < filtered out 192.168.200.1/32 dev lo
13:29:18 <TRACE> bgp_peer2 < removed 192.168.200.1/32 dev lo
13:29:18 <TRACE> bgp_peer2 < replaced 192.168.200.2/32 dev lo
13:29:18 <TRACE> bgp_peer2: State changed to up
what the meaning of the 'replaced' here?
and the output of birdcl show protocols all \"bgp*\" in a loop
### Mon Aug 4 13:29:11 CEST 2014 ###
Routes: 0 imported, 2 exported, 0 preferred
Import updates: 0 0 0
0 0
Import withdraws: 0 0 ---
0 0
Export updates: 2 0 0
--- 2
Export withdraws: 0 --- ---
--- 0
Routes: 0 imported, 2 exported, 0 preferred
Import updates: 0 0 0
0 0
Import withdraws: 0 0 ---
0 0
Export updates: 2 0 0
--- 2
Export withdraws: 0 --- ---
--- 0
### Mon Aug 4 13:29:16 CEST 2014 ###
Routes: 0 imported, 1 exported, 0 preferred
Import updates: 0 0 0
0 0
Import withdraws: 0 0 ---
0 0
Export updates: 4 0 1
--- 3
Export withdraws: 0 --- ---
--- 1
Routes: 0 imported, 1 exported, 0 preferred
Import updates: 0 0 0
0 0
Import withdraws: 0 0 ---
0 0
Export updates: 4 0 1
--- 3
Export withdraws: 0 --- ---
--- 1
### Mon Aug 4 13:29:21 CEST 2014 ###
Thank you very much for taking the time to provide a complete solution for
me. It is very much appreciated.
Cheers,
Pavlos
[1] bird.conf
include "/etc/bird.d/anycast_prefixes.conf";
define ACAST_PS_DIRECT1 = [ 192.168.200.0/24{32,32} ];
function anycast_advertise()
{
return net ~ ACAST_PS_ADVERTISE;
}
filter anycast_range {
if anycast_advertise() then
accept;
reject;
}
router id 192.168.88.194;
listen bgp address 192.168.88.194;
protocol direct {
interface "lo";
debug all;
import where net ~ ACAST_PS_DIRECT1;
export none;
}
protocol kernel kernel1 {
disabled yes;
}
protocol device {
scan time 10;
}
protocol static {
disabled yes;
}
protocol bfd {
interface "eth0" {
min rx interval 500 ms;
min tx interval 500 ms;
idle tx interval 1000 ms;
multiplier 3;
};
}
template bgp BGP_PEERS {
bfd on;
debug all;
import none;
export filter anycast_range;
direct;
hold time 30;
startup hold time 240;
connect retry time 120;
keepalive time 10;
start delay time 5;
error wait time 60, 300;
error forget time 300;
disable after error off;
next hop self;
path metric 1;
default bgp_med 0;
default bgp_local_pref 0;
}
protocol bgp bgp_peer1 from BGP_PEERS {
disabled no;
description "My-BGP-Peer1";
local as 46111;
neighbor 192.168.95.252 as 46111;
source address 192.168.88.194;
}
protocol bgp bgp_peer2 from BGP_PEERS {
disabled no;
description "My-BGP-Peer2";
local as 46111;
neighbor 192.168.95.253 as 46111;
source address 192.168.88.194;
}
[2] /etc/bird.d/anycast_prefixes.conf
define ACAST_PS_ADVERTISE =
[
192.168.200.1/32, # Frontend 1
192.168.200.2/32 # Frontend 2
];
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20140804/e1622d72/attachment-0001.html>
More information about the Bird-users
mailing list