On 2010-06-29, BARDOU Pierre <bardo...@mipih.fr> wrote: > Hello, > > I tried to follow your advices, and I set : > network 1.1.1.0/24 > network 1.1.1.0/25 set prepend-self 5
hmm, I meant that you should announce the larger network (/24) from both sites, and the more-specific (/25) from each site. e.g. from the main site: network 1.1.1.0/24 network 1.1.1.0/25 and from the backup site: network 1.1.1.0/24 network 1.1.1.128/25 No need to mess about with prepends for this. > The /25 appears on the RIB of router A, but not in ISP A router RIB. > Why ? My only filter rule is "allow from any" Are you absolutely certain you have "allow from any" everywhere that you need it? > A few details : > * 1.1.1.0/24 is for testing purposes an used only in my (isolated) lab. I have > a true /24, registered with RIPE. It is still bad practice. What if someone were to use your registered /24 in their test network, and then accidentally announce it to the internet? Sometimes things which "shouldn't happen" do; the point of this is to avoid breaking other people's networks when things go wrong. > * I have an MPLS VPN between my two sites, which uses different wires from > Internet > * I didn't knew the issue about propagating a /25 to the internet. Thanks for > the information, I'll have to think about that before setting this in > production... Yes, something like the "allow from any inet prefixlen 8 - 24" in the sample bgpd.conf (i.e. don't allow longer prefixes) is pretty common practice in many networks. > > Many thanks for the help > -- > Cordialement, > Pierre BARDOU > > > -----Message d'origine----- > De : Stuart Henderson [mailto:s...@spacehopper.org] > Envoyi : samedi 26 juin 2010 12:18 > @ : misc@openbsd.org > Objet : Re: Load balancing incoming trafic with BGP > > On 2010-06-25, BARDOU Pierre <bardo...@mipih.fr> wrote: >> I have issues trying to setup this : >> >> ISP A ISP B >> | | >> Router A Router B >> Main site ------- Backup site >> 1.1.1.0/25 1.1.1.128/25 > > I think you will have to rethink a bit. > > Even if your immediate upstreams accept it (which is unlikely without > a special arrangement), there is no way that most of the internet will > accept a /25 announcement. You would want to use at least a /23 for > the whole net, so your site-specific announcements can be /24. > > You will also have to ensure connectivity between the two sites > under normal conditions (if you don't have a direct link, then you > could consider a tunnel between addresses from outside this network; > either plain gif/gre and accept the restricted MTU, or you could use a > gre+vether+bridge+pf setup which would let you run at the lowest MTU > of the physical links between them). > >> I'd like that connections to the main site flow through ISP A, to the > backup >> site flow through ISP B, with backup through the other ISP if one fails. >> So I set up openBGPd like this : >> Router A : >> AS 65001 >> network 1.1.1.0/25 >> network 1.1.1.128/25 set prepend-self 5 > > From one site you would want to announce x.x.x.0/25 and x.x.x.0/24 > From the other you want x.x.x.128/25 and x.x.x.0/24 (or similar with > /24 and /23 if you actually want it to work from the rest of the > internet). > > Also: note that 1.0.0.0/8 is an allocated network. Please do not > use addresses from this block even as a test network unless they are > properly allocated to you (which being in europe, they are not).
