How to advertise two virtual IPs using BGP?

Thu Nov 21 14:28:47 CET 2024

Then you can differentiate those routes somehow, for example by marking
them with a community, and check the community when exporting to kernel to
choose the desired ip for prefsrc.

On Thu, Nov 21, 2024 at 2:10 AM hans.heng <hans.heng at zoom.us> wrote:

> Or maybe you want to set the source IP based on some external information
> (for example what provider you received the default route from)?
>
>
> Yes, maybe this one.
> On Thu, November 21 2024 at 12:40 AM Alexander Zubkov <green at qrator.net>
> <green at qrator.net> wrote:
>
> It is still unclear what you want to achive. Do you want Linux to use both
> IPs as src at once in ECMP-like manner? Or maybe you want to set the source
> IP based on some external information (for example what provider you
> received the default route from)? Something else?
>
> On Wed, Nov 20, 2024 at 11:06 AM hans.heng <hans.heng at zoom.us> wrote:
>
>> I just think now these two VIP are unequal, because default routing will
>> use 38.145.72.193 instead of 38.145.72.198… No actual problem now, just
>> a question and can we achieve this?
>> On Wed, November 20 2024 at 6:00 PM Alexander Zubkov <green at qrator.net>
>> <green at qrator.net> wrote:
>>
>> And what is you intention then? You want to use both sources at once in
>> ecmp-like manner, when the server makes a connection? Or something else?
>>
>> On Wed, Nov 20, 2024, 10:44 hans.heng <hans.heng at zoom.us> wrote:
>>
>>> You can set krt_prefsrc in bird. If I remember the option name right.
>>>
>>>
>>> But we have already this for the first virtual ip 38.145.72.193, I do
>>> not know how to additionally add routing I mentioned in the previoius
>>> thread for the second virtual ip 38.145.72.198.
>>>
>>> protocol kernel {
>>>     scan time 1;
>>>     merge paths yes limit 4;
>>>     ipv4 {
>>>       import none;
>>>       export filter {
>>>         if proto = direct1 then reject;
>>>         krt_prefsrc = 38.145.72.193;
>>>         accept;
>>>       };
>>>   };
>>> }
>>>
>>> Thanks,
>>> Hans
>>>
>>> On Wed, November 20 2024 at 5:40 PM Alexander Zubkov <green at qrator.net>
>>> <green at qrator.net> wrote:
>>>
>>> You can set krt_prefsrc in bird. If I remember the option name right.
>>>
>>> On Wed, Nov 20, 2024, 10:11 hans.heng <hans.heng at zoom.us> wrote:
>>>
>>>> > Hi Hans,
>>>> >
>>>> > What about just adding it to your LOCAL_NET list? If it works for the first
>>>> > IP, why it shouldn't work for the other?
>>>>
>>>> Hi Alexander,
>>>>
>>>> You’re right, simply adding it to LOCAL_NET list does work, other hosts then can test tcp stream on this new virtual ip.
>>>>
>>>> But what confused me is that how can we add export a routing rule like this:
>>>>
>>>> $ ip route
>>>> default proto bird src 38.145.72.193 metric 32
>>>>         nexthop via 10.105.1.10 dev enp4s0f0 weight 1
>>>>         nexthop via 10.105.1.12 dev enp4s0f1 weight 1
>>>>
>>>> Namely, how this server sends out the traffic using new virtual ip 38.145.72.198 as source addr?
>>>>
>>>> Thanks,
>>>> Hans
>>>>
>>>> On Wed, November 20 2024 at 4:03 PM Alexander Zubkov <green at qrator.net>
>>>> <green at qrator.net> wrote:
>>>>
>>>> Hi Hans,
>>>>
>>>> What about just adding it to your LOCAL_NET list? If it works for the
>>>> first IP, why it shouldn't work for the other?
>>>>
>>>> On Wed, Nov 20, 2024 at 8:36 AM Hans Heng via Bird-users <
>>>> bird-users at network.cz> wrote:
>>>>
>>>>> Hi all!
>>>>>
>>>>> I have a dual-home server, whose connection topology and configuration is described as below.
>>>>>
>>>>>
>>>>> **** Connection Topology and Configuration ****
>>>>>
>>>>> The server has two physical NICs enp4s0f0 and enp4s0f1, which are connected to two separate ports TOR_A and TOR_B on a Top of Rack (TOR) router, each representing a separate BGP session through bgp_A and bgp_B protocol.
>>>>>
>>>>> The server also has a dummy interface named em5, which has a private ip 38.145.72.193/32 <https://urldefense.proofpoint.com/v2/url?u=http-3A__38.145.72.193_32&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=jKSN1FCc_6R4dNzWWkk4s9IEPghmnQKefyIIVtVmGsE&e=>.
>>>>>
>>>>> Bird kernel protocol exports an ECMP routing rule to kernel as a kernel default routing, and bgp_A/bgp_B protocol export the private ip to my internet, then 38.145.72.193/32 <https://urldefense.proofpoint.com/v2/url?u=http-3A__38.145.72.193_32&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=jKSN1FCc_6R4dNzWWkk4s9IEPghmnQKefyIIVtVmGsE&e=> on em5 acts as a public ip.
>>>>>
>>>>>
>>>>> ****   My goal ****
>>>>>
>>>>> I want to add another virtual ip on em5, say 38.145.72.198/32 <https://urldefense.proofpoint.com/v2/url?u=http-3A__38.145.72.198_32&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=H85Ro8DXm3uWfnfQU4MX2w7eTYkSllixeGgTN4D3XF8&e=>, and let this new virtual ip act as a public ip too.
>>>>> Can this requirement be met? If yes, how should I modify the configuration to make BGP advertise this ip over my internet?
>>>>>
>>>>>
>>>>>
>>>>> **** Additional Information on Server ****
>>>>>
>>>>>
>>>>> ## bird setup an ECMP route on 2 phy nics as default route,
>>>>> ## which set source ip to the public ip
>>>>> $ ip route
>>>>> default proto bird src 38.145.72.193 metric 32
>>>>>         nexthop via 10.105.1.10 dev enp4s0f0 weight 1
>>>>>         nexthop via 10.105.1.12 dev enp4s0f1 weight 110.105.1.10/31 <https://urldefense.proofpoint.com/v2/url?u=http-3A__10.105.1.10_31&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=-p9Ki6n5W1WV1sy_k1TvuK40E8Bwj5zNUKhIHqRBiws&e=> dev enp4s0f0 proto kernel scope link src 10.105.1.1110.105.1.12/31 <https://urldefense.proofpoint.com/v2/url?u=http-3A__10.105.1.12_31&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=PPYkekks3l9B0WozwhhmanpPyqt-7_BalYLNq0I3QJM&e=> dev enp4s0f1 proto kernel scope link src 10.105.1.13
>>>>>
>>>>>
>>>>> bird> show route all
>>>>> Table master4:0.0.0.0/0 <https://urldefense.proofpoint.com/v2/url?u=http-3A__0.0.0.0_0&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=Cvj89uXo924yxK47AGuHlg3g1BKfJdkW6sUvQso_2xE&e=>            unicast [bgp_A 2024-11-17] * (100) [AS4212010101i]
>>>>>         via 10.105.1.10 on enp5s0f0
>>>>>         Type: BGP univ
>>>>>         BGP.origin: IGP
>>>>>         BGP.as_path: 4259105001 4212010101
>>>>>         BGP.next_hop: 10.105.1.10
>>>>>         BGP.local_pref: 0
>>>>>                      unicast [bgp_B 2024-11-18] (100) [AS4212010101i]
>>>>>         via 10.105.1.12 on enp5s0f1
>>>>>         Type: BGP univ
>>>>>         BGP.origin: IGP
>>>>>         BGP.as_path: 4259205001 4212010101
>>>>>         BGP.next_hop: 10.105.1.12
>>>>>         BGP.local_pref: 038.145.72.193/32 <https://urldefense.proofpoint.com/v2/url?u=http-3A__38.145.72.193_32&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=jKSN1FCc_6R4dNzWWkk4s9IEPghmnQKefyIIVtVmGsE&e=>     unicast [direct1 2024-11-06] * (240)
>>>>>         dev em5
>>>>>         Type: device univ
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> # bird.conf
>>>>> router id 172.18.xxx.yyy;
>>>>> ipv4 table master4;
>>>>>
>>>>> define LOCAL_NET = [ 38.145.72.193/32 <https://urldefense.proofpoint.com/v2/url?u=http-3A__38.145.72.193_32&d=DwMFaQ&c=8lBT5Jra4Bm5rFhLVR7k1wx3__gIUgr523Abjhgq6Gg&r=2bMJ37PQSlB2sRdYUDvVq5IXWp4L1dKQ8V4ZALYNl1I&m=WC9AjD5ZaNv4Fa_mh7nA7q4p-qW7Lj3LBH1uqKj-709dNQOFf9b092u8Xwq5Ago4&s=jKSN1FCc_6R4dNzWWkk4s9IEPghmnQKefyIIVtVmGsE&e=> ];
>>>>>
>>>>> protocol direct {
>>>>>     ipv4;
>>>>>     interface "em5",-"*";
>>>>> }
>>>>>
>>>>> protocol kernel {
>>>>>     scan time 1;
>>>>>     merge paths yes limit 4;
>>>>>     ipv4 {
>>>>>       import none;
>>>>>       export filter {
>>>>>         if proto = "direct1" then reject;
>>>>>         krt_prefsrc = 38.145.72.193;
>>>>>         accept;
>>>>>       };
>>>>>   };
>>>>> }
>>>>>
>>>>> protocol device {
>>>>>     scan time 1;
>>>>> }
>>>>>
>>>>> protocol bgp bgp_A {
>>>>>     description "TOR A";
>>>>>     local 10.105.1.11 as 4290105101 ; # enp4s0f0
>>>>>     neighbor 10.105.1.10 as 4259105001; # TOR_A
>>>>>     path metric 1;
>>>>>     ipv4 {
>>>>>        import all;
>>>>>        export filter {
>>>>>            if net ~ LOCAL_NET then accept;
>>>>>            else reject;
>>>>>        };
>>>>>        next hop self;
>>>>>      };
>>>>> }
>>>>>
>>>>> protocol bgp bgp_B {
>>>>>     bfd;
>>>>>     description "TOR B";
>>>>>     local 10.105.1.13 as 4290105101 ; # enp4s0f1
>>>>>     neighbor 10.105.1.12 as 4259205001; # TOR_B
>>>>>     default bgp_med 0;
>>>>>     default bgp_local_pref 0;
>>>>>     path metric 1;
>>>>>     ipv4 {
>>>>>        import all;
>>>>>        export filter {
>>>>>            if net ~ LOCAL_NET then accept;
>>>>>            else reject;
>>>>>        };
>>>>>        next hop self;
>>>>>      };
>>>>> }
>>>>>
>>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20241121/9ac56ce8/attachment.htm>