AW: Simple two bird BGPs two Uplinks one Peering Provider config

Sat May 25 10:02:24 CEST 2019

Okay, it seams that I figured out something quiet important.

So on my bond0 (which is the uplink to the firewall vlan) on the bird bgp box I have a.b.c.249/29 configured. My first fw has a.b.c.252/29 second fw .53/29 and CARP VIP is .54/29. Now I dont have to route a b.c.0/22 to my transfer net ip... I have to route it to my firewall ip or even better of course to my carp vip. Now I see all traffic coming to the fw cluster :)

Now the only issue left is the sync between my two bgp boxes...

Maybe someone could point me in the right direction :)

I have two bird bgp pizzas a.b.c.249/29 and .250/29 so I think I just make a new bgp link between them?

Thanks for your help

Best Regards
Yves
From: mail at yvesilli.com
Sent: 21 May 2019 13:08
To: santiago at crfreenet.org
Cc: bird-users at network.cz
Subject: AW: Simple two bird BGPs two Uplinks one Peering Provider config

Hi,

Okay, I think there is a misunderstanding. Or maybe I am totally wrong. Please correct me if I am.

a.b.c.0/22 is my range

d.e.f.124 is my bgp01 public ip of the /29 transfer net between my bgp01 and the big router (d.e.f.121/29) of my peering uplink

So if I want to advertise my own public ips (a.b.c.0/22) to my peering uplink (so called to the internet) shouldn't I make it like this:

protocol static static_bgp {
  ipv4;
  route a.b.c.0/22 via d.e.f.124;
}
protocol bgp link1 {
  local d.e.f.124 as XXXX;
  neighbor d.e.f.121 as YYYY; #d.e.f.121 is the first router of my peering uplink 1
  ipv4 { import all;export where proto = "static_bgp"; };
}

I want to import all from them so I know the internet and how to route.... and I want to export stat-ic_bgp so the internet know's me?

Thanks for your help
Yves

-----Ursprüngliche Nachricht-----
Von: Ondrej Zajicek <santiago at crfreenet.org>
Gesendet: Montag, 20. Mai 2019 20:43
An: Yves Illi <mail at yvesilli.com>
Cc: bird-users at network.cz
Betreff: Re: Simple two bird BGPs two Uplinks one Peering Provider config

On Mon, May 20, 2019 at 05:17:08PM +0000, Yves Illi wrote:
> Hi there,
>
> I am really new to the complete topic of BGP. So please have a bit mercy with me if I ask something very stupid. But I am trying to build that for the first time ever and I am feeling like a donkey in front of a big mountain.
>
> Last but not least it is currently running, but I guess its more luck than something else. Like I said I am completely new to the topic of BGP. What I don't get is how I configure them together so they work (as a HA-Cluster) and currently I can only route a.b.c.249/29 instead of a.b.c.0/22.

Hi

> protocol static static_bgp {
>   ipv4;
>   route a.b.c.0/22 via d.e.f.124;
> }

I think this is the problem, as d.e.f.124 is your local address, then this route is probably not allowed locally (because you should not have route directing to a local address) and therefore likely not propagated to BGP.

Simple solution is to have the static route defined as unreachable route:

  route a.b.c.0/22 unreachable;

You would have more specific routes in the routing table anyways and when the unreachable route is propagated by BGP, the local address will be attached as next hop automatically.

--
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20190525/6c976c1c/attachment.htm>