Workshop/BGP-configs

From initLab
Jump to navigation Jump to search

Bird

basic configuration

Enable the direct protocol. This will make Bird to learn all of your directly attached routes.

protocol direct {
       export all;
}

In the kernel protocol, uncomment the following line:

#     learn;   # Learn all alien routes from the kernel

filter configuration

filter in_filter {
       # do not accept routes for our directly connected network
       if ( net = 185.117.82.112/29 ) then reject;
       accept;
}
filter out_filter {
       # do not export anything that is not our directly connected network
       if ( net = 185.117.82.112/29 ) then accept;
       reject;
}

bgp template

template bgp PEERS {
       debug { states, events };
       local as myas;
       startup hold time 0;
       import keep filtered;  # keep filtered routes in bird, so you can see it in: show route filtered
       import filter in_filter;
       export filter out_filter;
       gateway direct;
}

neighbor configuration

protocol bgp bgp_up1 from lab {
       description "Upstream 1 (cassie) via eth0.111";
       neighbor 10.125.11.1 as 65535;
       source address 10.125.11.2;
}
protocol bgp bgp_up2 from lab {
       description "Upstream 2 (beta) via eth0.211";
       neighbor 10.126.11.1 as 59851;
       source address 10.126.11.2;
}

Commands cheat sheet

show protocols                - list all configured protocols
show protocol bgp_up2         - get the status information for protocol bgp_up2
show route export bgp_up2     - list all exported networks to peer bgp_up2
show route for 185.117.82.104 - get the routes for 185.117.82.104
show route filtered           - list all prefixes that are filtered 
show route protocol bgp_up2   - list all prefixes that you receive from peer bgp_up2
show memory                   - get the memory usage of Bird

Quagga

basic configuration

router bgp 65011
 bgp router-id 185.117.82.113
 bgp log-neighbor-changes
 bgp graceful-restart
 network 185.117.82.112/29

neighbors configuration

neighbor 10.125.11.1 remote-as 65535
neighbor 10.125.11.1 description "Upstream 1 (cassie) via eth0.111"
neighbor 10.125.11.1 update-source 10.125.11.2
neighbor 10.125.11.1 soft-reconfiguration inbound
neighbor 10.125.11.1 prefix-list in_filter in
neighbor 10.125.11.1 prefix-list out_filter out
neighbor 10.126.11.1 remote-as 59851
neighbor 10.126.11.1 description "Upstream 2 (beta) via eth0.211"
neighbor 10.126.11.1 update-source 10.125.11.2
neighbor 10.126.11.1 soft-reconfiguration inbound
neighbor 10.126.11.1 prefix-list in_filter in
neighbor 10.126.11.1 prefix-list out_filter out

prefix lists

allow all prefixes except the one I'm advertising

ip prefix-list in_filter seq 1 deny 185.117.82.112/29
ip prefix-list in_filter seq 10 permit any

Export only my directly connected prefix

ip prefix-list out_filter seq 1 permit 185.117.82.112/29
ip prefix-list out_filter seq 10 deny any

Commands cheat sheet

show ip bgp neighbors   - list all configured neighbors and full information about them
show ip prefix-list     - list all prefix lists
show memory             - get a memory usage info

Client container

sysctl net.ipv4.ip_forward=1
ip netns add bgp
ip link add veth0 type veth peer name veth1
ip link set veth1 netns bgp
ip netns exec bgp /bin/bash

iproute2 commands

  • Add a VLAN 111 to eth0
# ip link add link eth0 name eth0.111 type vlan id 111 
  • Bring a device UP
# ip link set up dev eth0
  • Bring a device DOWN
# ip link set down dev eth0
  • Check the route to a destination
# ip route get 8.8.8.8
  • Create a new virtual ethernet pair. Useful for communication with containers.
# ip link add veth0 type veth peer name veth1
  • Create a new network namespace called bgp
# ip netns add bgp
  • Move device veth1 into network namespace bgp
# ip link set veth1 netns bgp
  • Execute a command inside netns bgp. Its easiest if the command is a shell
# ip netns exec bgp /bin/bash