Routing – Establish an iBGP connection using BIRD

bgprouting

I'm trying to setup an iBGP session between two nodes running BIRD 1.4.5 in my lab network but I can't establish a working session.

My config looks like this on both hosts except the different neighbor ip and router id:

log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
router id 10.142.0.6;
debug protocols all;

protocol kernel {
import none;
export filter {
    if source = RTS_STATIC then reject;
    accept;
  };

}

protocol static {
    route 10.142.120.0/22 reject;
}

protocol bgp {
    local as 76118;
    neighbor 10.142.12.2 as 76118;
    export where source=RTS_STATIC;
    import all;
    direct;
    next hop self;
}

The two hosts are connected via a tinc vpn and are both in the 10.142.12.0/24 subnet. The interfaces are configured properly.

With this setup there is no error in my log files but the BGP session is only in idle state. I've checked my config with some other people running almost the same config and it works for them.

If I remove the "direct" and "next hop self" config options it results in this routes in the master routing table.

10.142.112.0/22    unreachable [bgp1 16:38:55 from 10.142.12.2] * (100/-) [i]
10.142.120.0/22    unreachable [static1 16:25:50] * (200)

Best Answer

So I've got the problem fixed.

The first problem was the missing device protocol. This protocol is needed to get the interfaces of the router.

The second problem is connected with the first. BIRD has to know the route to the interface where my vpn network is connected to. To get this routes I've to add a static route at the static protocol block or I've to get theme dynamically with a direct protocol definition.

As a last modification I have to delete the direct option. I don't exactly know why but with the direct; option defined the two BIRD instances can't connect and there ins't traffic on the interface between them. So I have to run this iBGP BIRD Session in multihop mode. It would be great if someone can explane this last little problem.

My working config looks like this:

log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
router id 10.142.0.2;
protocol device {
    scan time 10;
};
debug protocols all;
protocol kernel {
export filter {    
    if source = RTS_STATIC then reject;
    accept;
  };

}
protocol direct {
        interface "*";
}

protocol static {
    route 10.142.112.0/22 reject;
#   route 10.142.12.0/24 via "mapbone";
}

protocol bgp {
    local as 76118;
    neighbor 10.142.12.6 as 76118;
    export where source=RTS_STATIC;
    import all;
    next hop self;
}

Related Solutions

Bgp – Why does export/import policy addition/removal cause a BGP session reset

Well, there are 3 ways to update policy (apply a policy to our Adj-RIB-In):

hard reset - cause a full reset of session with a neighbor and apply policies to recieving routes;
soft reset - neighbors should support Route Refresh feature [ https://www.rfc-editor.org/rfc/rfc2918 ]. This feature uses special Refresh message which request to send a full neighbor's Adj-RIB-Out to us. This feature do not interrupt a forwarding plane;
soft reconfiguration - our router always stores full neighbor's Adj-RIB-Out in its Adj-RIB-In, so if we update a policies we don't even sending any request to neighbor and applies in on our Adj-RIB-In. This feature do not interrupt a forwarding plane. This feature enabled by default in Juniper Junos OS and works autimatically when we commit a configuration.

If we consider all of the above it was the soft reset which not interrupt router's forwarding plane or it was if one of neighbors don't supports Route Refresh and "soft reconfiguration" feature is disabled with "keep none" keyword.

Recently i wrote a small article about those features, but in russian language - http://sk1f3r.ru/bgp-softreset

Routing – bird internet routing daemon iBGP

I found the answer by myself:
If you want to create a failover between two Routers with the
bird internet routing daemon you need to follow the next steps:

1. Every router must be connected to an ISP: means 1 Router to 1 ISP
2. Form peers (BGP neighbor, eBGP) between your AS and the ISPs' AS
3. Form a peer (iBGP) between both of your Routers
4. Add a preference (highest preference wins)

Here's an example config:

# example ID, change at R2, e.g. 144.233.0.2
router id 144.233.0.1; 
debug protocols all;

# filtering routes
function avoid_martians() 
prefix set martians; 
{   
martians = [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+, 0.0.0.0/0 ];

  # Avoid RFC1918 and similar networks   
  if net ~ martians then return false;

  return true; 
  }

filter bgp_in {
        if ! (avoid_martians())
                then reject;
        accept; 
       }

# tell BGP about your routes to your systems
# change to 144.233.0.3 at R2
protocol static {
        route 144.233.0.0/22 via 144.233.0.2; 
        }

protocol kernel {
        learn;
        scan time 20;
        import filter bgp_in;
        export all; 
       }

protocol device {
        scan time 10; 
        }


protocol bgp iBGP_INSTANCE {
        local as 500000;                # local AS
        neighbor 144.233.0.3 as 500000; # iBGP peering to R2, change to 144.233.0.2 at R2 
        keepalive time 5;               # keepalive timer
        graceful restart;                    
        import filter bgp_in;
        export all;
        preference 150;                 # highest preference "wins", 100 at R2
        direct;
        gateway direct; 
        }

protocol bgp eBGP_INSTANCE {
        local as 500000;                
        neighbor 155.0.0.3 as 102;      # eBGP peering to ISP1, change at R2
        direct;                         
        keepalive time 5;               
        graceful restart;               
        import filter bgp_in;
        export all;
        hold time 10;
        preference 150;                # highest preference "wins", 100 at R2
        }

The config above creates two BGP instances.
One for the internal BGP (same AS as the other Router) and one external BGP (an other AS as the other Router).

As I commented in the config, the Router with the highest preference will be the "Master Router". The traffic now flows through R1 to ISP1.
But what if R1 doesn't get any update and/or keepalive message from the ISP?

The answer is simple:
R1 doesn't get any update from ISP1. Means, there is no route to the destination.
Now that R1 and R2 has formed a peer (iBGP), R1 gets updates from R2.
This means now that R1 has to send every traffic from below to R2 who sends it to the ISP2.

//edit: corrected typos

Best Answer

Related Solutions

Bgp – Why does export/import policy addition/removal cause a BGP session reset

Routing – bird internet routing daemon iBGP

Related Topic