Discussion:
bgp router with multi asn's - neighbor config ?
Kai
2014-09-02 21:36:43 UTC
Permalink
G'day!

For the configuration we want to set up, I couldn't find any details in
the docs, the wiki or the list archive. So please allow me to ask my
questions here (questions see below).

desired setup:

We want to establish a router ('A') announcing two different ASNs
(as1,as2) to it's neighbours. In fact we want to setup three routers A,
B and C, all of them corporately announcing as1 and as2.

I'd guess the config on router A should include some lines like these:
protocol bgp {
local as <as1>;
neighbor X as as9;
(...)
}
protocol bgp {
local as <as2>;
neighbor X as as9;
(...)
}
X being one of the neighbours and announcing as9.

Question 1: Is this basically the correct approach?

Question 2: What would be the correct config on router X (A's neighbour)
in this setup? Would it look like:
protocol bgp {
local as <as9>;
neighbor A as as1;
(...)
}
protocol bgp {
local as <as9>;
neighbor A as as2;
(...)
}

Question 3: Does anyone have a pointer to a text/tutorial/whatever that
explains in detail what config is needed for this kind of setup?

Best regards, Kai

--
"Das ist Demokratie, wenn man sich aussuchen darf, wer einen verarscht."
(Hagen Rether)
D-65203 Wiesi fast: kai_pf (aT] web(dot)de
++ PGP Key fingerprint B567 C43E 99D1 7709 7D64 3BF8 2DE8 1092 0EEF D58E ++
-----BEGIN GEEK CODE BLOCK-----
VERSION: 3.12
GCS/IT/CM d- s:- a+>-----(?) C++$ UL++(++++$) P+++ L++ E-(+) W--(+) N
!w---($) !O !M V? PS+ PE-() Y+ PGP(+) t R*@ tv--@ b+>++ DI++ G e+++(*) h? y?
------END GEEK CODE BLOCK------
Kai
2014-09-04 11:44:42 UTC
Permalink
Hello bird-users and -experts!

Does anyone have hints for a bird-neewbie like me on this kind of setup
(see below)?

Best regards, Kai

On Tue, 2014-09-02 at 23:36 +0200, Kai wrote:
> G'day!
>
> For the configuration we want to set up, I couldn't find any details in
> the docs, the wiki or the list archive. So please allow me to ask my
> questions here (questions see below).
>
> desired setup:
>
> We want to establish a router ('A') announcing two different ASNs
> (as1,as2) to it's neighbours. In fact we want to setup three routers A,
> B and C, all of them corporately announcing as1 and as2.
>
> I'd guess the config on router A should include some lines like these:
> protocol bgp {
> local as <as1>;
> neighbor X as as9;
> (...)
> }
> protocol bgp {
> local as <as2>;
> neighbor X as as9;
> (...)
> }
> X being one of the neighbours and announcing as9.
>
> Question 1: Is this basically the correct approach?
>
> Question 2: What would be the correct config on router X (A's neighbour)
> in this setup? Would it look like:
> protocol bgp {
> local as <as9>;
> neighbor A as as1;
> (...)
> }
> protocol bgp {
> local as <as9>;
> neighbor A as as2;
> (...)
> }
>
> Question 3: Does anyone have a pointer to a text/tutorial/whatever that
> explains in detail what config is needed for this kind of setup?
>
> Best regards, Kai
>


--
"Das ist Demokratie, wenn man sich aussuchen darf, wer einen verarscht."
(Hagen Rether)
D-65203 Wiesi fast: kai_pf (aT] web(dot)de
++ PGP Key fingerprint B567 C43E 99D1 7709 7D64 3BF8 2DE8 1092 0EEF D58E ++
-----BEGIN GEEK CODE BLOCK-----
VERSION: 3.12
GCS/IT/CM d- s:- a+>-----(?) C++$ UL++(++++$) P+++ L++ E-(+) W--(+) N
!w---($) !O !M V? PS+ PE-() Y+ PGP(+) t R*@ tv--@ b+>++ DI++ G e+++(*) h? y?
------END GEEK CODE BLOCK------
Ondrej Filip
2014-09-04 11:54:55 UTC
Permalink
On 2.9.2014 23:36, Kai wrote:
> G'day!

Hi!

>
> For the configuration we want to set up, I couldn't find any details in
> the docs, the wiki or the list archive. So please allow me to ask my
> questions here (questions see below).
>
> desired setup:
>
> We want to establish a router ('A') announcing two different ASNs
> (as1,as2) to it's neighbours. In fact we want to setup three routers A,
> B and C, all of them corporately announcing as1 and as2.
>

You cannot have two BGP relations to a single peer. I see two options:

1) You will announce two different AS paths with the same first AS:

< as1 >
< as2 as1 >

so you can see as2 is announced "behind" as1.

2) You can announce two same as paths:

< as1 >
< as2 >

But the peer must disable check on 1st AS in AS paths. Cisco command
"no bgp enforce-first-as"


In both case the configuration is:
protocol bgp {
local as <as1>;
neighbor X as as9;
(...)
}

Different is synthesis of propagated prefixes.

Ondrej


> I'd guess the config on router A should include some lines like these:
> protocol bgp {
> local as <as1>;
> neighbor X as as9;
> (...)
> }
> protocol bgp {
> local as <as2>;
> neighbor X as as9;
> (...)
> }
> X being one of the neighbours and announcing as9.
>
> Question 1: Is this basically the correct approach?
>
> Question 2: What would be the correct config on router X (A's neighbour)
> in this setup? Would it look like:
> protocol bgp {
> local as <as9>;
> neighbor A as as1;
> (...)
> }
> protocol bgp {
> local as <as9>;
> neighbor A as as2;
> (...)
> }
>
> Question 3: Does anyone have a pointer to a text/tutorial/whatever that
> explains in detail what config is needed for this kind of setup?
>
> Best regards, Kai
>
Leo Vandewoestijne
2014-09-04 12:32:46 UTC
Permalink
Hi,


On Thu, 04 Sep 2014, Ondrej Filip wrote:

> On 2.9.2014 23:36, Kai wrote:
> > G'day!
>
> Hi!
>
> >
> > For the configuration we want to set up, I couldn't find any details in
> > the docs, the wiki or the list archive. So please allow me to ask my
> > questions here (questions see below).
> >
> > desired setup:
> >
> > We want to establish a router ('A') announcing two different ASNs
> > (as1,as2) to it's neighbours. In fact we want to setup three routers A,
> > B and C, all of them corporately announcing as1 and as2.
> >
>
> You cannot have two BGP relations to a single peer. I see two options:
>
You will certainly have to do this on different IP's.
And actually I only do it with different IP's in different netmasks.

I think this config is exactly what's requested.
It was written for use on FreeBSD (using multifib).
At one point I got collisons, and I did all my best to prevent that (with success).
So probaly you can make it more simple.

The compact version of bird.conf would be:


table as1;
table as2;

listen bgp address 10.0.1.102 port 179;
listen bgp address 10.0.2.102 port 179;

protocol static stat_net1 {
table as1;
route 192.168.3.0/24 via "em0";
}

protocol static stat_net2 {
table as2;
route 192.168.188.0/24 via "em0";
}

protocol bgp COMPANY1 {
table as1;
router id 10.0.1.102;
local 10.0.1.102 as 1;
neighbor 10.0.1.101 as 69;
direct;
export where proto = "stat_net1";
}

protocol bgp COMPANY2 {
table as2;
router id 10.0.2.102;
local 10.0.2.102 as 2;
neighbor 10.0.2.101 as 69;
direct;
export where proto = "stat_net2";
}


I'm very curious to hear any comments, or see different approaches.


Leo.

--

Sent from my Google Glass
Ondrej Zajicek
2014-09-04 14:32:58 UTC
Permalink
On Thu, Sep 04, 2014 at 12:32:46PM +0000, Leo Vandewoestijne wrote:
> > > We want to establish a router ('A') announcing two different ASNs
> > > (as1,as2) to it's neighbours. In fact we want to setup three routers A,
> > > B and C, all of them corporately announcing as1 and as2.
> > >
> >
> > You cannot have two BGP relations to a single peer. I see two options:
> >
> You will certainly have to do this on different IP's.
> And actually I only do it with different IP's in different netmasks.

Yes, you can have two BGP sessions between two BGP neighbors if you use
two pairs of IP addresses, IMHO it should work even if all addresses have
the same netmask.

> I think this config is exactly what's requested.
> It was written for use on FreeBSD (using multifib).
> At one point I got collisons, and I did all my best to prevent that (with success).
> So probaly you can make it more simple.

> listen bgp address 10.0.1.102 port 179;
> listen bgp address 10.0.2.102 port 179;

I don't think you should have two 'listen bgp' options. AFAIK there is
only one listening BGP socket in BIRD, but it is OK to have it listen on
0.0.0.0 (default value). Incoming sessions are dispatched based on their
source addresses.

--
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: ***@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
Leo Vandewoestijne
2014-09-04 17:31:44 UTC
Permalink
On Thu, 04 Sep 2014, Ondrej Zajicek wrote:

> > listen bgp address 10.0.1.102 port 179;
> > listen bgp address 10.0.2.102 port 179;
>
> I don't think you should have two 'listen bgp' options. AFAIK there is
> only one listening BGP socket in BIRD, but it is OK to have it listen on
> 0.0.0.0 (default value). Incoming sessions are dispatched based on their
> source addresses.
>
Oh yes, that's true.
In fact in FreeBSD defining two addresses now breaks it;
I'm not sure if that's because I started to use version 10,
or if something changed in Bird.
And so I stopped doing that around January 2014.
Before that, in 9 with a current version of Bird, it worked fine.

--

Leo
Kai
2014-09-25 22:36:54 UTC
Permalink
Hi Ondrej!

Thanks for your hints. Please let me add a question! (see below)

On Thu, 2014-09-04 at 16:32 +0200, Ondrej Zajicek wrote:
> On Thu, Sep 04, 2014 at 12:32:46PM +0000, Leo Vandewoestijne wrote:
> > >
> > > You cannot have two BGP relations to a single peer. I see two options:
> > >
> > You will certainly have to do this on different IP's.
> > And actually I only do it with different IP's in different netmasks.
>
> Yes, you can have two BGP sessions between two BGP neighbors if you use
> two pairs of IP addresses, IMHO it should work even if all addresses have
> the same netmask.

I now tried a setup with a peer (only one IP address) and a router on my
side which has two IP addresses configured on the same interface
(primary and secondary).

The schema of config on my side would look like this:

interface tun0:
10.0.0.1 (primary)
10.0.0.2 (secondary)

protocol bgp me_1 {6
local 10.0.0.1 as 1;
router id 10.0.0.1;
neighbor 10.0.0.9 as 9;
direct;
}

protocol bgp me_2 {6
local 10.0.0.2 as 2;
router id 10.0.0.2;
neighbor 10.0.0.9 as 9;
direct;
}

(In fact there are a lot of peers like this one.)
This setup doesn't seem to work. It seems as if, with each restart, only
on of the two connections comes online, not always the same one. The
second connection is rejected when incoming.
Which is the mistake I made here? Or does the peer have to have two IP
addresses as well?

The bird user manual states "Note that contrary to other IP routers,
BIRD is able to act as a router located in multiple AS’es
simultaneously". What is the intended way to configure this situation?

Best regards and many thanks, Kai

--
"Das ist Demokratie, wenn man sich aussuchen darf, wer einen verarscht."
(Hagen Rether)
D-65203 Wiesi fast: kai_pf (aT] web(dot)de
++ PGP Key fingerprint B567 C43E 99D1 7709 7D64 3BF8 2DE8 1092 0EEF D58E ++
-----BEGIN GEEK CODE BLOCK-----
VERSION: 3.12
GCS/IT/CM d- s:- a+>-----(?) C++$ UL++(++++$) P+++ L++ E-(+) W--(+) N
!w---($) !O !M V? PS+ PE-() Y+ PGP(+) t R*@ tv--@ b+>++ DI++ G e+++(*) h? y?
------END GEEK CODE BLOCK------
Leo Vandewoestijne
2014-09-29 14:19:03 UTC
Permalink
On Fri, 26 Sep 2014, Kai wrote:

> protocol bgp me_1 {6
> local 10.0.0.1 as 1;
> router id 10.0.0.1;
> neighbor 10.0.0.9 as 9;
> direct;
> }
>
> protocol bgp me_2 {6
> local 10.0.0.2 as 2;
> router id 10.0.0.2;
> neighbor 10.0.0.9 as 9;
> direct;
> }
>
> (In fact there are a lot of peers like this one.)
> This setup doesn't seem to work. It seems as if, with each restart, only
> on of the two connections comes online, not always the same one. The
> second connection is rejected when incoming.
>
I'm familiar with that collision, so not surprised.

> Which is the mistake I made here? Or does the peer have to have two IP
> addresses as well?
>
Yes, that's very likely the case.
I've done this with Cisco, Juniper and Foundry neighbours,
and in all cases I ended up using aliased IP's for the same neighbour.
After trial and (many) error, I concluded that appearently Bird can't otherwise make a distinct.


And when re-reading the thread Ondrej Zajicek said that twice:

here subtle:

> Yes, you can have two BGP sessions between two BGP neighbors if you use
> two pairs of IP addresses

and here more clear/explained:

> Incoming sessions are dispatched based on their source addresses.



--

Met vriendelijke groet,
With kind regards,


Leo Vandewoestijne
Ondrej Zajicek
2014-10-01 10:47:30 UTC
Permalink
On Mon, Sep 29, 2014 at 02:19:03PM +0000, Leo Vandewoestijne wrote:
> On Fri, 26 Sep 2014, Kai wrote:
>
> > protocol bgp me_1 {6
> > local 10.0.0.1 as 1;
> > router id 10.0.0.1;
> > neighbor 10.0.0.9 as 9;
> > direct;
> > }
> >
> > protocol bgp me_2 {6
> > local 10.0.0.2 as 2;
> > router id 10.0.0.2;
> > neighbor 10.0.0.9 as 9;
> > direct;
> > }
> >
> > (In fact there are a lot of peers like this one.)
> > This setup doesn't seem to work. It seems as if, with each restart, only
> > on of the two connections comes online, not always the same one. The
> > second connection is rejected when incoming.
> >
> I'm familiar with that collision, so not surprised.
>
> > Which is the mistake I made here? Or does the peer have to have two IP
> > addresses as well?
> >
> Yes, that's very likely the case.

That is true. You have to use two addresses on the other side.

But it would be a good idea to implement it in the future versions.

--
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: ***@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
Kai
2014-10-01 11:11:01 UTC
Permalink
> Gesendet: Mittwoch, 01. Oktober 2014 um 12:47 Uhr
> Von: "Ondrej Zajicek" <***@crfreenet.org>
>
> On Mon, Sep 29, 2014 at 02:19:03PM +0000, Leo Vandewoestijne wrote:
> > On Fri, 26 Sep 2014, Kai wrote:
> >
> > > protocol bgp me_1 {6
> > > local 10.0.0.1 as 1;
> > > router id 10.0.0.1;
> > > neighbor 10.0.0.9 as 9;
> > > direct;
> > > }
> > >
> > > protocol bgp me_2 {6
> > > local 10.0.0.2 as 2;
> > > router id 10.0.0.2;
> > > neighbor 10.0.0.9 as 9;
> > > direct;
> > > }
> > >
> > > (In fact there are a lot of peers like this one.)
> > > This setup doesn't seem to work. It seems as if, with each restart, only
> > > on of the two connections comes online, not always the same one. The
> > > second connection is rejected when incoming.
> > >
> > I'm familiar with that collision, so not surprised.
> >
> > > Which is the mistake I made here? Or does the peer have to have two IP
> > > addresses as well?
> > >
> > Yes, that's very likely the case.
>
> That is true. You have to use two addresses on the other side.

Dear Leo, dear Ondrej,

Thanks a lot for making this point more clear again, so that even I was able to grasp it finally. ;)

> But it would be a good idea to implement it in the future versions.

As I cannot reasonably ask a lot og peers to implement an unusal IP setup just for my special case, I'm going to switch to a completely different approach.

But I'd like to strongly support the notion of implemeting a change in future versions.

Best regards, Kai
Kai
2014-09-08 13:42:39 UTC
Permalink
Hello,

Many thanks already for your input!
While working further on the topic, I stubled about one more uncertainty - maybe some kind soul can provide me with one or two additional answers? :)

> Von: "Leo Vandewoestijne" <***@unicycle.net>
> On Thu, 04 Sep 2014, Ondrej Filip wrote:
> > On 2.9.2014 23:36, Kai wrote:
> > > desired setup:
> > >
> > > We want to establish a router ('A') announcing two different ASNs
> > > (as1,as2) to it's neighbours. In fact we want to setup three routers A,
> > > B and C, all of them corporately announcing as1 and as2.
> >
> > You cannot have two BGP relations to a single peer. I see two options:
> >
> You will certainly have to do this on different IP's.
> And actually I only do it with different IP's in different netmasks.
>
> I think this config is exactly what's requested.
[...]
> protocol bgp COMPANY1 {
> table as1;
> router id 10.0.1.102;
> local 10.0.1.102 as 1;
> neighbor 10.0.1.101 as 69;
> direct;
> export where proto = "stat_net1";
> }
>
> protocol bgp COMPANY2 {
[...]

In this example, that would supposedly perfectly suit my problem, the "router id" config param is used _inside_ a "protocol bgp" block. The version of the "BIRD User's Guide" I have (it doesn't tell it's version, quite new, pdf 49 pages) documents the use of "router id" only _outside_ of "protocol" blocks.

So, (1) should it work to use "router id" inside a "protocol" block (and different router ids inside different blocks), and (2) is this use of the "router id" directive officially supported?

(Regarding 1: it apparently does!?)

Best regards, Kai
Leo Vandewoestijne
2014-09-08 16:59:31 UTC
Permalink
On Mon, 08 Sep 2014, Kai wrote:

> So, (1) should it work to use "router id" inside a "protocol" block (and different router ids inside different blocks),
> and (2) is this use of the "router id" directive officially supported?
>
I found that on http://bird.network.cz/?get_doc&f=bird-3.html#ss3.3
under "router id IPv4 address" (the one first listed under 3.3):

"This option can be used to override global router id for a given protocol. Default: uses global router id."

--

Met vriendelijke groet,
With kind regards,


Leo Vandewoestijne

--

Sent from my Google Glass
Loading...