Bird

basic configuration

Enable the direct protocol. This will make Bird to learn all of your directly attached routes.

protocol direct {
       export all;
}

In the kernel protocol, uncomment the following line:

#     learn;   # Learn all alien routes from the kernel

filter configuration

filter in_filter {
       # do not accept routes for our directly connected network
       if ( net = 185.117.82.112/29 ) then reject;
       accept;
}
filter out_filter {
       # do not export anything that is not our directly connected network
       if ( net = 185.117.82.112/29 ) then accept;
       reject;
}

bgp template

template bgp PEERS {
       debug { states, events };
       local as myas;
       startup hold time 0;
       import keep filtered;  # keep filtered routes in bird, so you can see it in: show route filtered
       import filter in_filter;
       export filter out_filter;
       gateway direct;
}

neighbor configuration

protocol bgp bgp_up1 from lab {
       description "Upstream 1 (cassie) via eth0.111";
       neighbor 10.125.11.1 as 65535;
       source address 10.125.11.2;
}
protocol bgp bgp_up2 from lab {
       description "Upstream 2 (beta) via eth0.211";
       neighbor 10.126.11.1 as 59851;
       source address 10.126.11.2;
}

Commands cheat sheet

show protocols - list all configured protocols
show protocol bgp_up2 - get the status information for protocol bgp_up2
show route export bgp_up2 - list all exported networks to peer bgp_up2
show route for 185.117.82.104 - get the routes for 185.117.82.104
show route filtered - list all prefixes that are filtered 
show route protocol bgp_up2 - list all prefixes that you receive from peer bgp_up2

Quagga

basic configuration

router bgp 65011
 bgp router-id 185.117.82.113
 bgp log-neighbor-changes
 bgp graceful-restart
 network 185.117.82.112/29

neighbors configuration

neighbor 10.125.11.1 remote-as 65535
neighbor 10.125.11.1 description "Upstream 1 (cassie) via eth0.111"
neighbor 10.125.11.1 update-source 10.125.11.2
neighbor 10.125.11.1 soft-reconfiguration inbound
neighbor 10.125.11.1 prefix-list in_filter in
neighbor 10.125.11.1 prefix-list out_filter out

neighbor 10.126.11.1 remote-as 59851
neighbor 10.126.11.1 description "Upstream 2 (beta) via eth0.211"
neighbor 10.126.11.1 update-source 10.125.11.2
neighbor 10.126.11.1 soft-reconfiguration inbound
neighbor 10.126.11.1 prefix-list in_filter in
neighbor 10.126.11.1 prefix-list out_filter out

prefix lists

allow all prefixes except the one I'm advertising

ip prefix-list in_filter seq 1 deny 185.117.82.112/29
ip prefix-list in_filter seq 10 permit any

Export only my directly connected prefix

ip prefix-list out_filter seq 1 permit 185.117.82.112/29
ip prefix-list out_filter seq 10 deny any

Client container

sysctl net.ipv4.ip_forward=1
ip netns add bgp
ip link add veth0 type veth peer name veth1
ip link set veth1 netns bgp
ip netns exec bgp /bin/bash

iproute2 commands

• Add a VLAN 111 to eth0

# ip link add link eth0 name eth0.111 type vlan id 111 

• Bring a device UP

# ip link set up dev eth0

• Bring a device DOWN

# ip link set down dev eth0

• Check the route to a destination

# ip route get 8.8.8.8

• Create a new virtual ethernet pair. Useful for communication with containers.

# ip link add veth0 type veth peer name veth1

• Create a new network namespace called bgp

# ip netns add bgp

• Move device veth1 into network namespace bgp

# ip link set veth1 netns bgp

• Execute a command inside netns bgp. Its easiest if the command is a shell

# ip netns exec bgp /bin/bash