[prev in list] [next in list] [prev in thread] [next in thread]
List: bird-users
Subject: Re: Simple BGP with two operators, one advertisement and prepending
From: Wojciech Bajorek <wojciech.bajorek () gmail ! com>
Date: 2017-04-27 11:59:55
Message-ID: CAA+tadK_Y=k4x96hv4BSVXX32+kGbKjEBntxesW9000peY6H8g () mail ! gmail ! com
[Download RAW message or body]
Hi,
It seems that rp_filter was the key. Both BGP sessions are up, thanks for
tip.
Now, I have a different topic - can you suggest a solution to overcome
situation, where one ISP sends two AS numbers and in most cases their path
is longer for outgoing traffic?
Regards,
Wojciech Bajorek
2017-04-25 15:46 GMT+02:00 Wojciech Bajorek <wojciech.bajorek@gmail.com>:
> Thanks, you might be right, indeed rp_filter was enabled.
>
> I will test it today and see if it helps.
>
> Does it mean that my config is just fine?
>
> Regards,
> Wojciech Bajorek
>
>
> 2017-04-25 12:36 GMT+02:00 Andrew <nitr0@seti.kr.ua>:
>
>> Maybe you forgot to disable rp_filter on uplink ifaces?
>>
>> And prepend works for incoming traffic, for outgoing - there is
>> localpref. So, if outgoing traffic goes via ISP2 and incoming passed via
>> ISP1 - it's dropped if rp_filter is enabled.
>>
>>
>> On 25.04.2017 10:36, Wojciech Bajorek wrote:
>>
>> Hi,
>>
>> I have a pretty simple BGP configuration with two ISP and one static
>> subnet to advertise.
>> There is also one prepending configured but I'm not sure if it's working.
>>
>> The thing is that for some reason when I connect both ISP peers, traffic
>> to the advertised ISP#2 networks (with shorter path) stops working after a
>> couple of seconds. Tracert shows the last hop as ISP#2 border router.
>>
>> Similar configuration on Juniper router works without any problem, so I'm
>> afraid that there is an error within my Bird config.
>> Can you please help me out?
>>
>> PS. Without prepending situation is exactly the same.
>>
>> OS: Debian 8
>> Bird: 1.4.5-1+deb8u1
>>
>>
>> router id 90.90.90.1;
>>
>> protocol kernel {
>> persist;
>> scan time 15;
>> import all;
>> export all;
>> }
>>
>> protocol device {
>> scan time 10;
>> }
>>
>> filter bgp_isp1_out {
>> if net = 90.90.90.0/24 then
>> {
>> accept;
>> }
>> else reject;
>> }
>>
>> filter bgp_isp2_out {
>> if net = 90.90.90.0/24 then
>> {
>> bgp_path.prepend(12345);
>> bgp_path.prepend(12345);
>> accept;
>> }
>> else reject;
>> }
>>
>> protocol bgp bgp_isp1 {
>> import all;
>> export filter bgp_isp1_out;
>>
>> local as 12345;
>> neighbor 2.3.4.5 as 2345;
>> }
>>
>> protocol bgp bgp_isp2 {
>> import all;
>> export filter bgp_isp2_out;
>>
>> local as 12345;
>> neighbor 3.4.5.6 as 3456;
>> }
>>
>>
>> Thank you.
>>
>> Regards,
>> Wojciech Bajorek
>>
>>
>>
>
[Attachment #3 (text/html)]
<div dir="ltr">Hi,<div><br></div><div>It seems that rp_filter was the key. Both BGP \
sessions are up, thanks for tip.</div><div><br></div><div>Now, I have a different \
topic - can you suggest a solution to overcome situation, where one ISP sends two AS \
numbers and in most cases their path is longer for outgoing \
traffic?</div><div><br></div><div>Regards,</div><div>Wojciech \
Bajorek</div><div><br></div><div class="gmail_extra"><br><div \
class="gmail_quote">2017-04-25 15:46 GMT+02:00 Wojciech Bajorek <span \
dir="ltr"><<a href="mailto:wojciech.bajorek@gmail.com" \
target="_blank">wojciech.bajorek@gmail.com</a>></span>:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Thanks, you might be right, indeed rp_filter \
was enabled.<div><br></div><div>I will test it today and see if it \
helps.</div><div><br></div><div>Does it mean that my config is just \
fine?</div><div><br></div><div>Regards,</div><div>Wojciech Bajorek<div><div \
class="h5"><br><div class="gmail_extra"><br><div class="gmail_quote">2017-04-25 12:36 \
GMT+02:00 Andrew <span dir="ltr"><<a href="mailto:nitr0@seti.kr.ua" \
target="_blank">nitr0@seti.kr.ua</a>></span>:<br><blockquote class="gmail_quote" \
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div class="m_-1802359898026081270m_-4942591669520147308moz-cite-prefix">Maybe \
you forgot to disable rp_filter on uplink ifaces?<br>
<br>
And prepend works for incoming traffic, for outgoing - there is
localpref. So, if outgoing traffic goes via ISP2 and incoming
passed via ISP1 - it's dropped if rp_filter is enabled.<div><div \
class="m_-1802359898026081270h5"><br> <br>
On 25.04.2017 10:36, Wojciech Bajorek wrote:<br>
</div></div></div><div><div class="m_-1802359898026081270h5">
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>I have a pretty simple BGP configuration with two ISP and
one static subnet to advertise.</div>
<div>There is also one prepending configured but I'm not sure if
it's working.</div>
<div><br>
</div>
<div>The thing is that for some reason when I connect both ISP
peers, traffic to the advertised ISP#2 networks (with shorter
path) stops working after a couple of seconds. Tracert shows
the last hop as ISP#2 border router.</div>
<div><br>
</div>
<div>Similar configuration on Juniper router works without any
problem, so I'm afraid that there is an error within my Bird
config. </div>
<div>Can you please help me out?</div>
<div><br>
</div>
<div>PS. Without prepending situation is exactly the same.</div>
<div><br>
</div>
<div>OS: Debian 8</div>
<div>Bird: 1.4.5-1+deb8u1</div>
<div><br>
</div>
<div>
<div> </div>
<div>router id 90.90.90.1;</div>
<div><br>
</div>
<div>protocol kernel {</div>
<div> persist;</div>
<div> scan time 15;</div>
<div> import all;</div>
<div> export all;</div>
<div>}</div>
<div><br>
</div>
<div>protocol device {</div>
<div> scan time 10;</div>
<div>}</div>
<div><br>
</div>
<div>filter bgp_isp1_out {</div>
<div> if net = <a href="http://90.90.90.0/24" \
target="_blank">90.90.90.0/24</a> then</div> <div> {</div>
<div> accept;</div>
<div> }</div>
<div> else reject;</div>
<div>}</div>
<div><br>
</div>
<div>filter bgp_isp2_out {</div>
<div> if net = <a href="http://90.90.90.0/24" \
target="_blank">90.90.90.0/24</a> then</div> <div> {</div>
<div> bgp_path.prepend(12345);</div>
<div> bgp_path.prepend(12345);</div>
<div> accept;</div>
<div> }</div>
<div> else reject;</div>
<div>}</div>
<div><br>
</div>
<div>protocol bgp bgp_isp1 {</div>
<div> import all;</div>
<div> export filter bgp_isp1_out;</div>
<div><br>
</div>
<div> local as 12345;</div>
<div> neighbor 2.3.4.5 as 2345;</div>
<div>}</div>
<div><br>
</div>
<div>protocol bgp bgp_isp2 {</div>
<div> import all;</div>
<div> export filter bgp_isp2_out;</div>
<div><br>
</div>
<div> local as 12345;</div>
<div> neighbor 3.4.5.6 as 3456;</div>
<div>}</div>
<div><br>
</div>
</div>
<div><br>
</div>
<div>Thank you.</div>
<div><br>
</div>
<div>Regards,</div>
<div>Wojciech Bajorek</div>
</div>
</blockquote>
<p><br>
</p>
</div></div></div>
</blockquote></div><br></div></div></div></div></div>
</blockquote></div><br></div></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic