BGP

From VyOS Wiki
Jump to: navigation, search

Configuring BGP

BGP uses AS (autonomous numbers) to prevent routing loops

Topology


VYOS1_eth0_1.1.1.1________1.1.1.2_eth0_VYOS2
BGP_AS1_____eBG__(external BGP)_____BGP_AS2   << eBGP connection - Different BGP AS numbers

BGP_AS1_____iBGP__(internal BGP)____BGP_AS1   << iBGP connection - Same BGP AS numbers

Configuration Example

Different BGP AS - eBGP

set protocols bgp 1 neighbor 1.1.1.2 remote-as '2'

Same BGP AS - iBGP

set protocols bgp 1 neighbor 1.1.1.1 remote-as '1'

Verify BGP

show ip bgp summary

Example

vyos@vos1:~$ show ip bgp summary 

BGP router identifier 192.168.56.101, local AS number 1

IPv4 Unicast - max multipaths: ebgp 1 ibgp 1

RIB entries 0, using 0 bytes of memory

Peers 1, using 2524 bytes of memory,

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

1.1.1.2         4     2      97      99        0    0    0 01:36:15        0


Total number of neighbors 1

vyos@vos1:~$

Advertise Routes

Example:

set protocols bgp 2 network '22.22.22.22/32'


Verify Route Advertisement

vyos@vos2:~$ show ip bgp

BGP table version is 0, local router ID is 22.22.22.22

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale, R Removed,

Origin codes: i - IGP, e - EGP, ? - incomplete,


	Network			Next Hop	Metric	LocPrf	Weight Path,

	*> 22.22.22.22/32   	0.0.0.0		1		32768	 i,

Total number of prefixes 1

vyos@vos2:~$

BGP for IPv6

BGP-sessions for IPv6 are at some view similar to IPv4-BGP-sessions. The announced networks needs to be set in another way and the neighbors need an additional setting.

In the following example the local router is 2001:db8:1::1 (AS 1) and announces network 2001:db8:1::/48 to it's neighbor 2001:db8:1::2 (AS 2).

# network needs to be set in another way
set protocols bgp 1 address-family ipv6-unicast network 2001:db8:1::/48
# basic neighbor configuration as usual
set protocols bgp 1 neighbor 2001:db8:1::2 remote-as 2
set protocols bgp 1 neighbor 2001:db8:1::2 update-source 2001:db8:1::1
# additionally, mark as ipv6-unicast router
set protocols bgp 1 neighbor 2001:db8:1::2 address-family ipv6-unicast

Pitfall: Firewall

If firewalling the interface from which you expect incoming BGP make sure to allow incoming connections from link-local addresses. Routers may use a link-local address to connect to yours (as there should be no hop between their and your router).

Pitfall: Filtering AS/Networks/Prefixes/Maps etc.

Filtering anything of AS', networks, prefixes or through route-maps is configured in same way but another section. Example for filtering AS exports:

set protocols bgp 1 neighbor 2001:db8:1::2 address-family ipv6-unicast filter-list export own-as
set policy as-path-list own-as description "Accept only own AS, do not redistribute other AS"
set policy as-path-list own-as rule 10 action permit
set policy as-path-list own-as rule 10 regex ^$
set policy as-path-list own-as rule 20 action deny
set policy as-path-list own-as rule 20 regex .+

(Example only exports routes from empty AS-chains - meaning only routes inside AS 1)

Communication to other BGP-Routers with specific IP

This is needed if your router has a Loopback-Address and should communicate using this address. To configure it in a clean way, let's assume the Loopback of router VYOS1 is `1.1.2.1/32` and configured as `lo`.

# interface configuration part
set interface loopback lo address 1.1.2.1/32
# BGP source address
set protocols bgp 1 parameters router-id 1.1.2.1
set protocols bgp 1 neighbor 1.1.1.2 update-source lo
# rest as usual
set protocols bgp 1 neighbor 1.1.1.2 remote-as 2


Peer-Groups

For simplifying configuration and maintain readability similar peer session can be combined into *peer groups*. Peer groups are configured the same as normal peers. A peer group is then applied to all peers that should use those configuration. As peer group is created by

 
protocols bgp <asn> peer-group <group-name>

and are applied to peers using

 
protocols bgp <asn> neighbor <id> peer-group <group-name>