how to do IPv6 address assignment (eBGP --> iBGP --> home/lan)

Nicolas Embriz nbari at tequila.io
Tue Nov 30 23:44:28 CET 2021 

Hi Nico, many thanks. I will give it a try.

Regarding my eBGP-iBGP problem I can't ping  IP's declared in the iBGP,
this is my setup:

(internet)
    |
    |
( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP/64)


In the eBGP I have [2a0e:87c0:620::/44] and in the iBGP I would like to
handle only [2a0e:87c0:620:1::/64]

I do can ping from the eBGP to the IP's in iBGP and vice versa, but not
from the internet, for example If I add the address [2a0e:87c0:620::10/64]
in eBGP I can ping it from everywhere but If then I configure any ip in
iBGP something like [2a0e:87c0:620:1::10/64] I can only ping it within the
eBGP and iBGP but is not reachable from internet:


ping 2a0e:87c0:620:1::10 (not reachable)
       |
    |
    |
( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP [2a0e:87c0:620:1::10/64])


this is my current setup for the eBGP:


&<-----
router id <ipv4>;

define MYAS = 1234;

protocol device {
    scan time 10;
}

protocol direct {
    ipv6 {
        import where net ~ [2a0e:87c0:620::/44{44,128}];
        export none;
    };
}

protocol kernel {
    scan time 20;
    ipv6 {
        import none;
        export all;
    };
}


# templates
template bgp uplink {
   local as MYAS;
   ipv6 {
      import all;
      export filter {
        if net = 2a0e:87c0:620::/44 then accept;
        reject;
      };
   };
   graceful restart on;
}

protocol bgp SBv6 from uplink {
   neighbor 2a09:4c1:100:2d88::8bfa as 58057;
   source address 2a09:4c0:100:2d98::8934;
}

protocol bgp iBGP from uplink {
    debug all;
    neighbor fe80:cafe::10%wg0 as MYAS;
    direct;
}
&<-----

And the config for iBGP:

&<-----
router id <ipv4>;

define MYAS = 1234;

protocol device {
        scan time 10;
}

protocol direct {
        ipv6 {
        import where net ~ [2a0e:87c0:620:1::/64{64,128}];
        export none;
    };
}

protocol kernel {
    scan time 20;
    ipv6 {
        import none;
        export all;
    };
}

protocol bgp iBGP {
    debug all;
    local as MYAS;
    neighbor fe80:cafe::11%wg0 as MYAS;
    direct;
        ipv6 {
        next hop self;
        import all;
        export all;
    };
    graceful restart on;
}
&<-----


Any ideas? thanks in advance.



On Mon, Nov 29, 2021 at 8:34 AM Nico Schottelius <
nico.schottelius at ungleich.ch> wrote:

>
> Good morning Nicolas,
>
> IP assignment is handled differently to IP routing. You can use the
> "radv" protocol
> (https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.11) for
> assignment.
>
> Best regards,
>
> Nico
>
> Nicolas Embriz <nbari at tequila.io> writes:
>
> > Hi, I manage to configure, establish a session and announce my prefix
> with this configuration:
> >
> > ---
> > log "/var/log/bird.log" all;
> > router id <ipv4>;
> > define MYAS = 1234;
> >
> > protocol device {
> >     scan time 10;
> > }
> >
> > protocol direct {
> >     ipv6;
> >     interface "dummy*";
> > }
> >
> > # templates
> > template bgp uplink {
> >    local as MYAS;
> >    ipv6 {
> >       import all;
> >       export filter {
> >         if net = <ipv6::/44> then accept;
> >         reject;
> >       };
> >    };
> >    graceful restart on;
> > }
> >
> > protocol bgp SBv6 from uplink {
> >    neighbor <ipv6> a as 12345;
> >    source address <myipvy>;
> > }
> > ---
> >
> > For testing I added to eth0 an IPv6 address alias belonging to my  /44
> segment, I was available to ping and so far all good, but now something
> that I am struggling with (probably something very basic) is how to
> > do IP address assignment to my network from the router?
> >
> > This router is a VM but I would like to know how I could use a /64
> subnet and  assign  IP's to my home network.
> >
> > Probably I am following the wrong approach, but I wanted to give a try
> creating an internal router (iBGP) and announce only the /64 subnet, I am
> using wireguard to connect the VM's but can't find a way to ping
> > any IP I assign in this VM, something like this
> >
> > (internet)
> >     |
> >     |
> > ( VM eBGP/44 ) <--- Wireguard ---> (VM iBGP/64) <----> HOME/LAN (/64)
> >
> >  this is my config:
> >
> > log "/var/log/bird.log" all;
> > router id <ipv4>;
> > define MYAS = 1234;
> >
> > protocol device {
> >         scan time 10;
> > }
> >
> > protocol direct {
> >         ipv6;
> >         interface "dummy*";
> > }
> >
> > template bgp iAS {
> >         local as MYAS;
> >         ipv6 {
> >                 import all;
> >                 export filter {
> >                         if net = <ipv6::/64> then accept;
> >                         reject;
> >                 };
> >         };
> >         graceful restart on;
> > }
> >
> > protocol bgp iBGP from iAS {
> >         debug all;
> >         neighbor <peer wireguard ipv6>%wg0 as MYAS;
> >         direct;
> >         source address <wireguard ipv6>;
> > }
> >
> > The session gets established but only from the eBGP I can ping the iBGP
> but not the other way around or from other hosts.
> >
> > Probably I may be over-complicating things, and I could do everything
> from the main router but is that the case, still wondering how can I then
> start to assign IPv6's address to my home network? should I
> > configure something like radvd so that my devices can claim an IPv6?
> >
> > I am doing this just for learning purposes, so if there is a better way
> or practice to follow let me know.
> >
> > regards.
>
>
> --
> Sustainable and modern Infrastructures by ungleich.ch
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20211130/976fc4ac/attachment.htm>

More information about the Bird-users mailing list