How to advertise two virtual IPs using BGP?
Alexander Zubkov
green at qrator.net
Wed Nov 20 17:39:45 CET 2024
It is still unclear what you want to achive. Do you want Linux to use both
IPs as src at once in ECMP-like manner? Or maybe you want to set the source
IP based on some external information (for example what provider you
received the default route from)? Something else?
On Wed, Nov 20, 2024 at 11:06 AM hans.heng <hans.heng at zoom.us> wrote:
> I just think now these two VIP are unequal, because default routing will
> use 38.145.72.193 instead of 38.145.72.198… No actual problem now, just a
> question and can we achieve this?
> On Wed, November 20 2024 at 6:00 PM Alexander Zubkov <green at qrator.net>
> <green at qrator.net> wrote:
>
> And what is you intention then? You want to use both sources at once in
> ecmp-like manner, when the server makes a connection? Or something else?
>
> On Wed, Nov 20, 2024, 10:44 hans.heng <hans.heng at zoom.us> wrote:
>
>> You can set krt_prefsrc in bird. If I remember the option name right.
>>
>>
>> But we have already this for the first virtual ip 38.145.72.193, I do not
>> know how to additionally add routing I mentioned in the previoius thread
>> for the second virtual ip 38.145.72.198.
>>
>> protocol kernel {
>> scan time 1;
>> merge paths yes limit 4;
>> ipv4 {
>> import none;
>> export filter {
>> if proto = direct1 then reject;
>> krt_prefsrc = 38.145.72.193;
>> accept;
>> };
>> };
>> }
>>
>> Thanks,
>> Hans
>>
>> On Wed, November 20 2024 at 5:40 PM Alexander Zubkov <green at qrator.net>
>> <green at qrator.net> wrote:
>>
>> You can set krt_prefsrc in bird. If I remember the option name right.
>>
>> On Wed, Nov 20, 2024, 10:11 hans.heng <hans.heng at zoom.us> wrote:
>>
>>> > Hi Hans,
>>> >
>>> > What about just adding it to your LOCAL_NET list? If it works for the first
>>> > IP, why it shouldn't work for the other?
>>>
>>> Hi Alexander,
>>>
>>> You’re right, simply adding it to LOCAL_NET list does work, other hosts then can test tcp stream on this new virtual ip.
>>>
>>> But what confused me is that how can we add export a routing rule like this:
>>>
>>> $ ip route
>>> default proto bird src 38.145.72.193 metric 32
>>> nexthop via 10.105.1.10 dev enp4s0f0 weight 1
>>> nexthop via 10.105.1.12 dev enp4s0f1 weight 1
>>>
>>> Namely, how this server sends out the traffic using new virtual ip 38.145.72.198 as source addr?
>>>
>>> Thanks,
>>> Hans
>>>
>>> On Wed, November 20 2024 at 4:03 PM Alexander Zubkov <green at qrator.net>
>>> <green at qrator.net> wrote:
>>>
>>> Hi Hans,
>>>
>>> What about just adding it to your LOCAL_NET list? If it works for the
>>> first IP, why it shouldn't work for the other?
>>>
>>> On Wed, Nov 20, 2024 at 8:36 AM Hans Heng via Bird-users <
>>> bird-users at network.cz> wrote:
>>>
>>>> Hi all!
>>>>
>>>> I have a dual-home server, whose connection topology and configuration is described as below.
>>>>
>>>>
>>>> **** Connection Topology and Configuration ****
>>>>
>>>> The server has two physical NICs enp4s0f0 and enp4s0f1, which are connected to two separate ports TOR_A and TOR_B on a Top of Rack (TOR) router, each representing a separate BGP session through bgp_A and bgp_B protocol.
>>>>
>>>> The server also has a dummy interface named em5, which has a private ip 38.145.72.193/32 <https://urldefense.proofpoint.com/v2/url?u=http-3A__38.145.72.193_32&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=jKSN1FCc_6R4dNzWWkk4s9IEPghmnQKefyIIVtVmGsE&e=>.
>>>>
>>>> Bird kernel protocol exports an ECMP routing rule to kernel as a kernel default routing, and bgp_A/bgp_B protocol export the private ip to my internet, then 38.145.72.193/32 <https://urldefense.proofpoint.com/v2/url?u=http-3A__38.145.72.193_32&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=jKSN1FCc_6R4dNzWWkk4s9IEPghmnQKefyIIVtVmGsE&e=> on em5 acts as a public ip.
>>>>
>>>>
>>>> **** My goal ****
>>>>
>>>> I want to add another virtual ip on em5, say 38.145.72.198/32 <https://urldefense.proofpoint.com/v2/url?u=http-3A__38.145.72.198_32&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=H85Ro8DXm3uWfnfQU4MX2w7eTYkSllixeGgTN4D3XF8&e=>, and let this new virtual ip act as a public ip too.
>>>> Can this requirement be met? If yes, how should I modify the configuration to make BGP advertise this ip over my internet?
>>>>
>>>>
>>>>
>>>> **** Additional Information on Server ****
>>>>
>>>>
>>>> ## bird setup an ECMP route on 2 phy nics as default route,
>>>> ## which set source ip to the public ip
>>>> $ ip route
>>>> default proto bird src 38.145.72.193 metric 32
>>>> nexthop via 10.105.1.10 dev enp4s0f0 weight 1
>>>> nexthop via 10.105.1.12 dev enp4s0f1 weight 110.105.1.10/31 <https://urldefense.proofpoint.com/v2/url?u=http-3A__10.105.1.10_31&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=-p9Ki6n5W1WV1sy_k1TvuK40E8Bwj5zNUKhIHqRBiws&e=> dev enp4s0f0 proto kernel scope link src 10.105.1.1110.105.1.12/31 <https://urldefense.proofpoint.com/v2/url?u=http-3A__10.105.1.12_31&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=PPYkekks3l9B0WozwhhmanpPyqt-7_BalYLNq0I3QJM&e=> dev enp4s0f1 proto kernel scope link src 10.105.1.13
>>>>
>>>>
>>>> bird> show route all
>>>> Table master4:0.0.0.0/0 <https://urldefense.proofpoint.com/v2/url?u=http-3A__0.0.0.0_0&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=Cvj89uXo924yxK47AGuHlg3g1BKfJdkW6sUvQso_2xE&e=> unicast [bgp_A 2024-11-17] * (100) [AS4212010101i]
>>>> via 10.105.1.10 on enp5s0f0
>>>> Type: BGP univ
>>>> BGP.origin: IGP
>>>> BGP.as_path: 4259105001 4212010101
>>>> BGP.next_hop: 10.105.1.10
>>>> BGP.local_pref: 0
>>>> unicast [bgp_B 2024-11-18] (100) [AS4212010101i]
>>>> via 10.105.1.12 on enp5s0f1
>>>> Type: BGP univ
>>>> BGP.origin: IGP
>>>> BGP.as_path: 4259205001 4212010101
>>>> BGP.next_hop: 10.105.1.12
>>>> BGP.local_pref: 038.145.72.193/32 <https://urldefense.proofpoint.com/v2/url?u=http-3A__38.145.72.193_32&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=jKSN1FCc_6R4dNzWWkk4s9IEPghmnQKefyIIVtVmGsE&e=> unicast [direct1 2024-11-06] * (240)
>>>> dev em5
>>>> Type: device univ
>>>>
>>>>
>>>>
>>>>
>>>> # bird.conf
>>>> router id 172.18.xxx.yyy;
>>>> ipv4 table master4;
>>>>
>>>> define LOCAL_NET = [ 38.145.72.193/32 <https://urldefense.proofpoint.com/v2/url?u=http-3A__38.145.72.193_32&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=jKSN1FCc_6R4dNzWWkk4s9IEPghmnQKefyIIVtVmGsE&e=> ];
>>>>
>>>> protocol direct {
>>>> ipv4;
>>>> interface "em5",-"*";
>>>> }
>>>>
>>>> protocol kernel {
>>>> scan time 1;
>>>> merge paths yes limit 4;
>>>> ipv4 {
>>>> import none;
>>>> export filter {
>>>> if proto = "direct1" then reject;
>>>> krt_prefsrc = 38.145.72.193;
>>>> accept;
>>>> };
>>>> };
>>>> }
>>>>
>>>> protocol device {
>>>> scan time 1;
>>>> }
>>>>
>>>> protocol bgp bgp_A {
>>>> description "TOR A";
>>>> local 10.105.1.11 as 4290105101 ; # enp4s0f0
>>>> neighbor 10.105.1.10 as 4259105001; # TOR_A
>>>> path metric 1;
>>>> ipv4 {
>>>> import all;
>>>> export filter {
>>>> if net ~ LOCAL_NET then accept;
>>>> else reject;
>>>> };
>>>> next hop self;
>>>> };
>>>> }
>>>>
>>>> protocol bgp bgp_B {
>>>> bfd;
>>>> description "TOR B";
>>>> local 10.105.1.13 as 4290105101 ; # enp4s0f1
>>>> neighbor 10.105.1.12 as 4259205001; # TOR_B
>>>> default bgp_med 0;
>>>> default bgp_local_pref 0;
>>>> path metric 1;
>>>> ipv4 {
>>>> import all;
>>>> export filter {
>>>> if net ~ LOCAL_NET then accept;
>>>> else reject;
>>>> };
>>>> next hop self;
>>>> };
>>>> }
>>>>
>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20241120/571f8a3b/attachment.htm>
More information about the Bird-users
mailing list