Bird eBGP and iBGP
Jason Romo
jason at romos.net
Thu Nov 2 18:09:50 CET 2023
Hello all,
I am new to the group. I am having issues trying to get bird configured to do what I need. I have Bird running in a datacenter with eBGP public ASN that should announce /24 and /48 and /64. I then want to route that over OpenVPN to OPNsense where I have bird connected with iBGP over openvpn and sending /28 of the /24 and /64 of the /48 down to the OPNsense that is running FRR iBGP and setup on DMZ interface.
I had eBGP working to the peers at the datacenter, but after a reboot it never worked again for ipv4, IPv6 still shows announcing, but doesn't seem to be working either. I am confused as to if I am required to have the /48 static routes to the eBGP router as well as the /24? Since I am not routing those I am sending smaller subnets to each location. My plan is to have two ASN eBGP routers in different locations that will handle routing and failover if a location goes down that connect to 4 different location using iBGP sending each /28 and /64 (maybe 2 /64). That way if needed I could route the public IPs for he DMZ to any cluster we have in different locations to allow them push as close to 100% uptime as I can.
Design so far:
eBGP-Vegas: 209.x.x.55
iBGP-Dallas: 10.77.77.1
eBGP ASN assigned has routes:
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 209.x.x.1 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 10.144.144.1 255.255.255.0 UG 5000 0 0 ztjlhw736o
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
10.77.77.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
10.144.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ztjlhw736o
23.x.x.0 10.77.77.1 255.255.255.240 UG 0 0 0 tun0
209.x.x.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
209.x.x.1 0.0.0.0 255.255.255.255 UH 100 0 0 eth0
The provider says I must announce the /48 before I announce the /64. I am not sure if I even need to announce the /64. I announce the /24 only not the /28 on public side eBGP.
This is the part that I don't get. If I don't put routes to next-hop for 23.x.x.0/24 via 10.77.77.1 If I don't do a static route then eBGP ignores the prefix and doesn't announce it. I did try multi-protocol for eBGP and put it all under one session but seems they don't have it configure on the other end to allow one session. What is the correct way to announce for the /24 and /48 and route to other locations the /28 and /48 prefixes?
I don't want to bind the /24 or /48 (or at least I don't think we need to) just as I need to break them up into smaller subnets. I can ping from my DMZ in the OPnsense firewall thru the VPN to 10.77.77.2 so iBGP is getting its routes and they work. But still can't figure out what I am doing wrong with eBGP to get it working. They told me I don't need multihop on the eBGP side and must announce the full prefix too, but if I don't put a route it never exports the prefixes. Maybe I am missing something. I am new to this. Yes I do have passwords on all the sessions, just didn't include them in the config.
Any help or direct would be appreciated. If you need more information, let me know.
Jason
Here is my bird.conf:
# Configure logging
#log syslog all;
log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
# Set router ID. It is a unique identification of your router.
router id 209.x.x.55;
# Restrict network interfaces BIRD works with
protocol direct {
interface "lo";
interface "eth0";
interface "tun0";
}
# For IPv4
protocol kernel kernel_ipv4 {
ipv4;
persist;
scan time 60;
}
# For IPv6
protocol kernel kernel_ipv6 {
ipv6;
persist;
scan time 60;
}
# The Device protocol gets information about network interfaces.
protocol device {
scan time 60;
}
# Define static routes for IPv4
protocol static {
ipv4;
route 23.x.x.0/24 via 10.77.77.1;
route 23.x.x.0/28 via 10.77.77.1;
}
# Define static routes for IPv6
protocol static {
ipv6;
route 2620:X:X::/48 via fd12:3456:X:1::2;
route 2620:X:X:1::/64 via fd12:3456:X:1::2;
}
filter ipv4_filter_private {
if net ~ 23.x.x.0/28 then {
accept;
}
reject;
}
filter ipv4_filter_public {
if net ~ 23.x.x.0/28 then {
reject;
}
if net ~ 23.x.x.0/24 then {
accept;
}
reject;
}
filter ipv6_filter {
if net ~ [2620:x:x::/48, 2620:x:x:1::/64] then {
accept;
}
reject;
}
filter dallas_ipv6_filter {
if net = 2620:x:x:1::/64 then {
accept;
}
reject;
}
# BGP configuration for peer_as53xxx_v4
protocol bgp neighbor_53xxx_v4 {
debug all;
local as 16xxx;
source address 209.x.x.55;
local 209.x.x.55;
passive no;
keepalive time 20;
hold time 60;
multihop;
neighbor 169.x.x.179 as 53xxx;
ipv4 {
import none;
export filter ipv4_filter_public;
};
}
# BGP configuration for peer_as53xxx
protocol bgp neighbor_53xxx_v6 {
debug all;
local as 16xxx;
source address 2605:x:x:713::2;
local 2605:x:x:713::2;
passive no;
keepalive time 20;
hold time 60;
multihop;
neighbor 2605:x:x::2 as 53xxx;
ipv6 {
import none;
export filter ipv6_filter;
};
}
protocol bgp OPNsense_iBGP_Dallas {
debug all;
local as 16xxx;
source address 10.77.77.2;
neighbor 10.77.77.1 as 64512;
multihop;
ipv4 {
import none;
export filter ipv4_filter_private;
next hop self;
};
ipv6 {
import none;
#import filter ipv6_filter;
export filter dallas_ipv6_filter;
#export none;
next hop self;
};
}
Here are stats of bird:
birdc show proto all
BIRD 2.0.7 ready.
Name Proto Table State Since Info
direct1 Direct --- up 11:36:52.931
kernel_ipv4 Kernel master4 up 11:36:52.931
Channel ipv4
State: UP
Table: master4
Preference: 10
Input filter: ACCEPT
Output filter: REJECT
Routes: 0 imported, 0 exported, 0 preferred
Route change stats: received rejected filtered ignored accepted
Import updates: 0 0 0 0 0
Import withdraws: 0 0 --- 0 0
Export updates: 4 0 4 --- 0
Export withdraws: 0 --- --- --- 0
kernel_ipv6 Kernel master6 up 11:36:52.931
Channel ipv6
State: UP
Table: master6
Preference: 10
Input filter: ACCEPT
Output filter: REJECT
Routes: 0 imported, 0 exported, 0 preferred
Route change stats: received rejected filtered ignored accepted
Import updates: 0 0 0 0 0
Import withdraws: 0 0 --- 0 0
Export updates: 4 0 4 --- 0
Export withdraws: 0 --- --- --- 0
device1 Device --- up 11:36:52.931
static1 Static master4 up 11:36:52.931
Channel ipv4
State: UP
Table: master4
Preference: 200
Input filter: ACCEPT
Output filter: REJECT
Routes: 2 imported, 0 exported, 2 preferred
Route change stats: received rejected filtered ignored accepted
Import updates: 2 0 0 0 2
Import withdraws: 0 0 --- 0 0
Export updates: 0 0 0 --- 0
Export withdraws: 0 --- --- --- 0
static2 Static master6 up 11:36:52.931
Channel ipv6
State: UP
Table: master6
Preference: 200
Input filter: ACCEPT
Output filter: REJECT
Routes: 2 imported, 0 exported, 2 preferred
Route change stats: received rejected filtered ignored accepted
Import updates: 2 0 0 0 2
Import withdraws: 0 0 --- 0 0
Export updates: 0 0 0 --- 0
Export withdraws: 0 --- --- --- 0
neighbor_53xxx_v4 BGP --- up 11:36:57.076 Established
BGP state: Established
Neighbor address: 169.x.x.179
Neighbor AS: 53xxx
Local AS: 16xxx
Neighbor ID: 169.x.x.179
Local capabilities
Multiprotocol
AF announced: ipv4
Route refresh
Graceful restart
4-octet AS numbers
Enhanced refresh
Long-lived graceful restart
Neighbor capabilities
Multiprotocol
AF announced: ipv4 ipv6
Route refresh
Graceful restart
Restart time: 120
AF supported: ipv4 ipv6
AF preserved:
4-octet AS numbers
Enhanced refresh
Long-lived graceful restart
Session: external multihop AS4
Source address: 209.x.x.55
Hold timer: 53.667/60
Keepalive timer: 13.062/20
Channel ipv4
State: UP
Table: master4
Preference: 100
Input filter: REJECT
Output filter: ipv4_filter_public
Routes: 0 imported, 1 exported, 0 preferred
Route change stats: received rejected filtered ignored accepted
Import updates: 0 0 0 0 0
Import withdraws: 1726 0 --- 1726 0
Export updates: 2 0 1 --- 1
Export withdraws: 0 --- --- --- 0
BGP Next hop: 209.x.x.55
IGP IPv4 table: master4
neighbor_53xxx_v6 BGP --- up 11:36:57.630 Established
BGP state: Established
Neighbor address: 2605:x:x::2
Neighbor AS: 53xxx
Local AS: 16xxx
Neighbor ID: 169.x.x.179
Local capabilities
Multiprotocol
AF announced: ipv6
Route refresh
Graceful restart
4-octet AS numbers
Enhanced refresh
Long-lived graceful restart
Neighbor capabilities
Multiprotocol
AF announced: ipv4 ipv6
Route refresh
Graceful restart
Restart time: 120
AF supported: ipv4 ipv6
AF preserved:
4-octet AS numbers
Enhanced refresh
Long-lived graceful restart
Session: external multihop AS4
Source address: 2605:x:x:713::2
Hold timer: 55.462/60
Keepalive timer: 11.057/20
Channel ipv6
State: UP
Table: master6
Preference: 100
Input filter: REJECT
Output filter: ipv6_filter
Routes: 0 imported, 2 exported, 0 preferred
Route change stats: received rejected filtered ignored accepted
Import updates: 0 0 0 0 0
Import withdraws: 12 0 --- 12 0
Export updates: 2 0 0 --- 2
Export withdraws: 0 --- --- --- 0
BGP Next hop: 2605:x:x:713::2
IGP IPv6 table: master6
OPNsense_iBGP_Dallas BGP --- up 11:36:55.259 Established
BGP state: Established
Neighbor address: 10.77.77.1
Neighbor AS: 64512
Local AS: 16xxx
Neighbor ID: 10.77.77.1
Local capabilities
Multiprotocol
AF announced: ipv4 ipv6
Route refresh
Graceful restart
4-octet AS numbers
Enhanced refresh
Long-lived graceful restart
Neighbor capabilities
Multiprotocol
AF announced: ipv4 ipv6
Route refresh
Extended message
Graceful restart
4-octet AS numbers
ADD-PATH
RX: ipv4 ipv6
TX:
Enhanced refresh
Long-lived graceful restart
LL stale time: 0
AF supported:
AF preserved: ipv4 ipv6
Session: external multihop AS4
Source address: 10.77.77.2
Hold timer: 8.540/9
Keepalive timer: 1.429/3
Channel ipv4
State: UP
Table: master4
Preference: 100
Input filter: REJECT
Output filter: ipv4_filter_private
Routes: 0 imported, 1 exported, 0 preferred
Route change stats: received rejected filtered ignored accepted
Import updates: 0 0 0 0 0
Import withdraws: 1 0 --- 1 0
Export updates: 2 0 1 --- 1
Export withdraws: 0 --- --- --- 0
BGP Next hop: 10.77.77.2
IGP IPv4 table: master4
Channel ipv6
State: UP
Table: master6
Preference: 100
Input filter: REJECT
Output filter: dallas_ipv6_filter
Routes: 0 imported, 1 exported, 0 preferred
Route change stats: received rejected filtered ignored accepted
Import updates: 0 0 0 0 0
Import withdraws: 1 0 --- 1 0
Export updates: 2 0 1 --- 1
Export withdraws: 0 --- --- --- 0
BGP Next hop: fd12:x:x:1::2
IGP IPv6 table: master6
root at localhost:/etc/bird# birdc show route all
BIRD 2.0.7 ready.
Table master4:
23.x.x.0/28 unicast [static1 11:36:52.931] * (200)
via 10.77.77.1 on eth0
Type: static univ
23.x.x.0/24 unicast [static1 11:36:52.931] * (200)
via 10.77.77.1 on eth0
Type: static univ
Table master6:
2620:x:x:1::/64 unicast [static2 11:36:52.931] * (200)
via fd12:x:x:1::2 on tun0
Type: static univ
2620:x:x::/48 unicast [static2 11:36:52.931] * (200)
via fd12:x:x:1::2 on tun0
Type: static univ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20231102/3f6a7011/attachment.htm>
More information about the Bird-users
mailing list