Re: roa_check RPKI

2020-10-11 Thread Fabiano D'Agostino 
Hi Alarig,
I just invented some data to do the example and I wanted to understand
given that example to what bgp_path.last refers to.

Thanks,

Il giorno sab 10 ott 2020 alle ore 23:29 Alarig Le Lay 
ha scritto:

> I wrongly pasted your errors, but 78.150.32.0/20 and 78.150.44.0/22 are
> the correct ones.
>
> --
> Alarig
>

roa_check RPKI

2020-10-10 Thread Fabiano D'Agostino 
How does roa_check(roa_table,net,bgp_path.last) work?
Having such a ROA as example:
origin AS: 64513
prefix: 78.150.40.0/20
max mask: 24

and a BGP announcement:
origin AS: 64514
prefix: 78.150.45.0/22

so it's as invalid, but how does this check work?
roa_table: validated roa record (validated cache)
net: should be the current prefix so 78.150.45.0/22
what is bgp_path.last and how does roa_check function do the check?

Thanks,

Fabiano

Check filtered RPKI routes

2020-07-10 Thread Fabiano D'Agostino 
Hi all,
is there a way to check quickly filtered RPKI routes?
I can check the syslog, but if I delete the log I think the only way to
check filtered routes (having import keep filtered enabled) is:

show route table table_name all filtered

but having a lot of tables it is not easy to handle this command for every
single table.

Thanks,

Fabiano

Static routes BGP

2020-06-15 Thread Fabiano D'Agostino 
Hi everyone,
I have this configuration:
protocol static {
ipv4 { preference 110;};
   route 10.0.0.0/8 via 192.168.1.1;
}

protocol bgp {
local as 1;
neighbor x.x.x.x as x
ipv4 {
import all;
export filter {if (net ~ [10.0.0.0/8] ) then accept;
reject;};  #also tried with export all;
};
}


On route-server I have:
ipv4 table test_4;

protocol pipe Ptest_4 {
table master4;
peer table test_4;
import all;
export all;
}

protocol bgp  Btest_4 from rsclient_4 {
neighbor x.x.x.x as x
multihop 15;
ipv4 {
table test_4;
import all;
export all;
};
}


I don’t understand why 10.0.0.0/8 is not in master4 and test_4 tables of
the route-server. How could I announce a test prefix from a client to the
route-server?

Thanks in advance,

Fabiano D'Agostino

Re: Start BIRD automatically

2020-06-02 Thread Fabiano D'Agostino 
It seems that if bird.service is located in /etc/systemd/system sudo
systemctl start bird.service is enough and when I reboot the system bird is
running, indeed if I try sudo systemctl enable bird.service I get 'no such
file or directory'. Instead if I place bird.service in /lib/systemd/system
I have to do sudo systemctl enable bird.service.

Fabiano

Re: Start BIRD automatically

2020-06-02 Thread Fabiano D'Agostino 
Hi,
thank you! It seems working. But do I have to execute sudo systemctl enable
bird.service?

Because I just did sudo systemctl start bird.service and it seems
restarting after reboot

Il giorno mar 2 giu 2020 alle ore 17:03 Toke Høiland-Jørgensen 
ha scritto:

> "Fabiano D'Agostino"  writes:
>
> > Hi,
> > how can BIRD automatically start after a reboot or a crash? Should I use
> > systemd?
> > I am using BIRD v2 on Ubuntu 20.04.
>
> I'm using this:
>
> [Unit]
> Description=BIRD routing daemon
> After=network.target
>
> [Service]
> Type=forking
> Restart=always
> ExecStart=/usr/bin/bird
> ExecReload=/usr/bin/birdc configure
> ExecStop=/usr/bin/birdc down
>
> [Install]
> WantedBy=multi-user.target
>

Start BIRD automatically

2020-06-02 Thread Fabiano D'Agostino 
Hi,
how can BIRD automatically start after a reboot or a crash? Should I use
systemd?
I am using BIRD v2 on Ubuntu 20.04.

Fabiano

Re: BIRD unknown character using text editor

2020-06-02 Thread Fabiano D'Agostino 
Hey Job,
yes I solved using dos2unix.

Fabiano

Il giorno mar 2 giu 2020 alle ore 14:42 Job Snijders  ha
scritto:

> have you tried running the file through the 'dos2unix' utility to remove
> Windows specific quirks from the file?
>
> Kind regards,
>
> Job
>
> On Tue, Jun 2, 2020, at 11:55, Fabiano D'Agostino wrote:
> > I am using a text editor on Windows to edit the bird.conf. When I get
> > my bird.conf in my linux machine and I try bird -p I get this error at
> > the end of the line:
> > Unknown character
> >
> > But everything is right.
> >
> > How can I solve?
> >
> > Thanks,
> >
> > Fabiano
>

Re: BIRD unknown character using text editor

2020-06-02 Thread Fabiano D'Agostino 
Hey Adam,
thank you, I was able to solve using dos2unix command.

Fabiano

Il giorno mar 2 giu 2020 alle ore 14:03 Adam Thompson <
athomp...@merlin.mb.ca> ha scritto:

> Ensure your text editor is saving the file in UTF-8 (which is not the
> default on Windows).
> The default encoding on Windows is UTF-16 which is not compatible with
> most UNIX software.
> In Win10 Notepad, the File->Save As dialog has an Encoding drop-down where
> you can change it.
> -Adam
>
> On Jun. 2, 2020 06:56, Fabiano D'Agostino 
> wrote:
> I am using a text editor on Windows to edit the bird.conf. When I get my
> bird.conf in my linux machine and I try bird -p I get this error at the end
> of the line:
> Unknown character
>
> But everything is right.
>
> How can I solve?
>
> Thanks,
>
> Fabiano
>

BIRD unknown character using text editor

2020-06-02 Thread Fabiano D'Agostino 
I am using a text editor on Windows to edit the bird.conf. When I get my
bird.conf in my linux machine and I try bird -p I get this error at the end
of the line:
Unknown character

But everything is right.

How can I solve?

Thanks,

Fabiano

Re: BGP password

2020-05-21 Thread Fabiano D'Agostino 
Good morning Chriztoffer,
sorry for the late reply. Anyway, this is the local bird2 log:

https://pastebin.com/FFtR5RGi

Right now, I don't have access to the remote bgp speaker.

Thanks again,

Fabiano

Il giorno mer 13 mag 2020 alle ore 10:14 Chriztoffer Hansen <
chriztoffer.han...@de-cix.net> ha scritto:

>
> Fabiano D'Agostino wrote on 2020-05-12 17:27:
> > I am using BIRD 2, my configuration looks like the following:
> >
> > ipv4 table t4;
> >
> > protocol pipe {
> >   table master4;
> >   peer table t4;
> >   import all;
> >   export all;
> > }
> >
> > protocol bgp {
> >   multihop 15;
> >   neighbor 192.168.1.2 as 1;
> >   password "password";
> >   ipv4 {
> > import all;
> > table t4;
> > export none;
> >   };
> > }
> >
> > Without password it is working.
>
> What log messages are written by the remote bgp speaker and the local
> bird2 bgp speaker?
>
> https://bird.network.cz/?get_doc=20=bird-3.html#ss3.2
>
> Cheers,
> Chriztoffer
>
>

Re: BGP password

2020-05-12 Thread Fabiano D'Agostino 
Hi Chriztoffer,
I am using BIRD 2, my configuration looks like the following:

ipv4 table t4;

protocol pipe {
 table master4;
 peer table t4;
 import all;
 export all;
}

protocol bgp {
multihop 15;
neighbor 192.168.1.2 as 1;
password "password";

   ipv4 {
   import all;
   table t4;
   export none;};
}

Without password it is working.

Thanks,

Fabiano

Il giorno mar 12 mag 2020 alle ore 16:54 Chriztoffer Hansen <
chriztoffer.han...@de-cix.net> ha scritto:

> Dear Fabiano,
>
> Fabiano D'Agostino wrote on 2020-05-12 14:29:
> > when I try to set up a password for a BGP peering the connection state
> > is Connect and not Established, so BGP is not importing prefixes.
> >
> > The neighbor which is doing a peering is a Cisco router and I set up the
> > password with neighbor ip-address password string command.
>
> Config examples of what troubles you would help, plus if you are using
> Bird 1 or Bird 2 in your set-up.
>
> Cheers,
> Chriztoffer
>
>

BGP password

2020-05-12 Thread Fabiano D'Agostino 
Hi everyone,
when I try to set up a password for a BGP peering the connection state is
Connect and not Established, so BGP is not importing prefixes.

The neighbor which is doing a peering is a Cisco router and I set up the
password with neighbor ip-address password string command.

Thanks,

Fabiano

Re: Enable RPKI on Centos

2020-05-05 Thread Fabiano D'Agostino 
Thank you, but did I install it in the right way?
I did: rpm -i package.rpm, but in /usrlocal/etc I have no bird.conf.
I tried to add a new bird.conf but it seems that it isn't recognized.

Il giorno mar 5 mag 2020 alle ore 14:17 Asher Baker  ha
scritto:

> The CentOS 7 bird2 package has the libssh feature enabled from what I can
> tell, I don't think you should have to do anything special.
>
> On Tue, May 5, 2020 at 1:07 PM Fabiano D'Agostino <
> fabiano.dagostin...@gmail.com> wrote:
>
>> Good evening,
>> Before I was using Ubuntu and to enable the RPKI protocol I did:
>> ./configure --enable-libssh.
>>
>> Now I am a new Centos7 user and I don't know really well how to enable
>> RPKI.
>>
>> I downloaded bird2-2.0.6-1.el7.x86_64.rpm
>> <ftp://bird.network.cz/pub/bird/centos/7/x86_64/bird2-2.0.6-1.el7.x86_64.rpm>
>>  and
>> then:
>> yum install bird2-2.0.6-1.el7.x86_64.rpm
>> <ftp://bird.network.cz/pub/bird/centos/7/x86_64/bird2-2.0.6-1.el7.x86_64.rpm>
>>
>> But now how do I enable RPKI?
>>
>> Thanks in advance,
>> Fabiano
>>
>

Enable RPKI on Centos

2020-05-05 Thread Fabiano D'Agostino 
Good evening,
Before I was using Ubuntu and to enable the RPKI protocol I did:
./configure --enable-libssh.

Now I am a new Centos7 user and I don't know really well how to enable
RPKI.

I downloaded bird2-2.0.6-1.el7.x86_64.rpm

and
then:
yum install bird2-2.0.6-1.el7.x86_64.rpm


But now how do I enable RPKI?

Thanks in advance,
Fabiano

Re: Invalid ROA

2020-04-28 Thread Fabiano D'Agostino 
How can I ask for that?
Now I am using just RPKI as filter and I can check invalid roa in syslog
or  with 'show route table name all filtered'.

I would like to check valid/unknown roa too and I could do something like
this:
if (roa_check(r4, net, bgp_path.last) = ROA_VALID) then
{
print "RPKI valid ", net, " for ASN ", bgp_path.last;  }

and then check the syslog, but I think using communities would be better so
that I can use a command such as this one:
 'show route table t_0002_as2 where bgp_large_community  ~ [(1,1101,13)]'
or  'show route table t_0002_as2 where bgp_large_community  ~ [(1,1101,13)]
count' .
But how can I make BIRD working with filtered routes?

Thanks,
Fabiano

Il giorno lun 20 apr 2020 alle ore 15:50 Maria Matejka 
ha scritto:

> Ooops, filtered. The filtered routes are by default excluded from the
> filters. You have to explicitly ask for filtered routes to make BIRD
> work with them.
>
> Maria
>
> On 4/20/20 3:47 PM, Fabiano D'Agostino wrote:
> > Thanks, I did it but it is still not working. Nevermind I will use 'show
> > route filtered'.
> >
> > Il giorno lun 20 apr 2020 alle ore 15:27 Maria Matejka
> > mailto:maria.mate...@nic.cz>> ha scritto:
> >
> > The tilde operator is not symmetric, although it visually seems to
> be.
> > It can be (at least in this case) vaguely interpreted as »left
> operand
> > is contained by the right operand«.
> >
> > In other words, exchange the operands of the tilde.
> >
> > Maria
> >
> > On 4/20/20 3:19 PM, Fabiano D'Agostino wrote:
> >  > Thanks, it worked. So the community isn't needed? I tried 'show
> > route
> >  > table t_0002_as2 where bgp_large_community ~ [(1,1101,13)]' and
> > it prints:
> >  > Table t_0002_as2:
> >  >
> >  > Il giorno lun 20 apr 2020 alle ore 15:00 Maria Matejka
> >  > mailto:maria.mate...@nic.cz>
> > <mailto:maria.mate...@nic.cz <mailto:maria.mate...@nic.cz>>> ha
> scritto:
> >  >
> >  >  show route all filtered
> >  >
> >  >     shows only routes from master4 and master6 tables
> >  >
> >  > to show routes from this protocol, use
> >  >
> >  >  show route table t_0002_as2 all filtered
> >  >
> >  > Maria
> >  >
> >  > On 4/20/20 2:50 PM, Fabiano D'Agostino wrote:
> >  >  > Yes, I just enabled it:
> >  >  > protocol bgp {
> >  >  >  ...
> >  >  >  ipv4{
> >  >  > import keep fitlered;
> >  >  > import limit 250 action restart;
> >  >  > import filter filter_rpki;
> >  >  > table t_0002_as2;
> >  >  > }
> >  >  > }
> >  >  >
> >  >  > RPKI is working because if I check the syslog I find the
> > invalid
> >  > printed
> >  >  > prefixes, but 'show route all filtered' doesn't show
> anything.
> >  >  >
> >  >  > Il giorno lun 20 apr 2020 alle ore 14:05 Maria Matejka
> >  >  > mailto:maria.mate...@nic.cz>
> > <mailto:maria.mate...@nic.cz <mailto:maria.mate...@nic.cz>>
> >  > <mailto:maria.mate...@nic.cz <mailto:maria.mate...@nic.cz>
> > <mailto:maria.mate...@nic.cz <mailto:maria.mate...@nic.cz>>>> ha
> > scritto:
> >  >  >
> >  >  > And do you have
> >  >  > import keep filtered;
> >  >  > in your config?
> >  >  > Maria
> >  >  >
> >  >  > On 4/20/20 11:19 AM, Fabiano D'Agostino wrote:
> >  >  >  > Hi,
> >  >  >  > In my route server bird.conf I did this:
> >  >  >  > define FILTERED_RPKI_INVALID = (1,1101,13);
> >  >  >  >
> >  >  >  > filter filter_rpki{
> >  >  >  > if roa_check(..)=ROA_INVALID then
> >  >  >  >
> > {bgp_large_community.add(FILTERED_RPKI_INVALID);reject;}
> >  >  >  > }
> >  >  >  >
> >  >  >  > But when I do 'show route all filtered' I get
> > nothing, I also
> >  >  >

BGP Socket:Connection closed

2020-04-23 Thread Fabiano D'Agostino 
Good evening,
I am facing this problem with bgp protocol:
Info: Active   Socket:Connection closed

Why do I have this?

Thanks in advance,

Fabiano

Re: Invalid ROA

2020-04-20 Thread Fabiano D'Agostino 
Thanks, I did it but it is still not working. Nevermind I will use 'show
route filtered'.

Il giorno lun 20 apr 2020 alle ore 15:27 Maria Matejka 
ha scritto:

> The tilde operator is not symmetric, although it visually seems to be.
> It can be (at least in this case) vaguely interpreted as »left operand
> is contained by the right operand«.
>
> In other words, exchange the operands of the tilde.
>
> Maria
>
> On 4/20/20 3:19 PM, Fabiano D'Agostino wrote:
> > Thanks, it worked. So the community isn't needed? I tried 'show route
> > table t_0002_as2 where bgp_large_community ~ [(1,1101,13)]' and it
> prints:
> > Table t_0002_as2:
> >
> > Il giorno lun 20 apr 2020 alle ore 15:00 Maria Matejka
> > mailto:maria.mate...@nic.cz>> ha scritto:
> >
> >  show route all filtered
> >
> > shows only routes from master4 and master6 tables
> >
> > to show routes from this protocol, use
> >
> >      show route table t_0002_as2 all filtered
> >
> > Maria
> >
> > On 4/20/20 2:50 PM, Fabiano D'Agostino wrote:
> >  > Yes, I just enabled it:
> >  > protocol bgp {
> >  >  ...
> >  >  ipv4{
> >  > import keep fitlered;
> >  > import limit 250 action restart;
> >  > import filter filter_rpki;
> >  > table t_0002_as2;
> >  > }
> >  > }
> >  >
> >  > RPKI is working because if I check the syslog I find the invalid
> > printed
> >  > prefixes, but 'show route all filtered' doesn't show anything.
> >  >
> >  > Il giorno lun 20 apr 2020 alle ore 14:05 Maria Matejka
> >  > mailto:maria.mate...@nic.cz>
> > <mailto:maria.mate...@nic.cz <mailto:maria.mate...@nic.cz>>> ha
> scritto:
> >  >
> >  > And do you have
> >  > import keep filtered;
> >  > in your config?
> >  > Maria
> >  >
> >  > On 4/20/20 11:19 AM, Fabiano D'Agostino wrote:
> >  >  > Hi,
> >  >  > In my route server bird.conf I did this:
> >  >  > define FILTERED_RPKI_INVALID = (1,1101,13);
> >  >  >
> >  >  > filter filter_rpki{
> >  >  > if roa_check(..)=ROA_INVALID then
> >  >  > {bgp_large_community.add(FILTERED_RPKI_INVALID);reject;}
> >  >  > }
> >  >  >
> >  >  > But when I do 'show route all filtered' I get nothing, I
> also
> >  > tried with
> >  >  > 'show route bgp_large_community ~ [(1,1101,13)]' and I
> > have the
> >  > same result.
> >  >  > Because I would like to have some statistics about
> >  >  > VALID/INVALID/UNKOWN prefixes and I saw that I could use
> the
> >  >     'show route
> >  >  > stats' command.
> >  >  >
> >  >  > Thanks,
> >  >  >
> >  >  > Fabiano
> >  >  >
> >  >  > Il giorno dom 19 apr 2020 alle ore 21:30 Alarig Le Lay
> >  >  > mailto:ala...@swordarmor.fr>
> > <mailto:ala...@swordarmor.fr <mailto:ala...@swordarmor.fr>>
> >  > <mailto:ala...@swordarmor.fr <mailto:ala...@swordarmor.fr>
> > <mailto:ala...@swordarmor.fr <mailto:ala...@swordarmor.fr>>>> ha
> > scritto:
> >  >  >
> >  >  > On Sun 19 Apr 2020 20:42:21 GMT, Fabiano D'Agostino
> wrote:
> >  >  >  > Thanks!
> >  >  >  > But can I also use birdc to check rejected prefixes?
> >  >  >
> >  >  > If you add a community, it will be visible with `show
> > route all
> >  >  > filtered`
> >  >  >
> >  >  >  > Anyway why do you suggest to use
> > bgp_path.last_noaggregated?
> >  >  >
> >  >  > Because you don’t want to check ROA against another
> > ASN in the
> >  >  > aggregated path.
> >  >  >
> >  >  > --
> >  >  > Alarig
> >  >  >
> >  >
> >
>

Re: Invalid ROA

2020-04-20 Thread Fabiano D'Agostino 
Thanks, it worked. So the community isn't needed? I tried 'show route table
t_0002_as2 where bgp_large_community  ~ [(1,1101,13)]' and it prints:
Table t_0002_as2:

Il giorno lun 20 apr 2020 alle ore 15:00 Maria Matejka 
ha scritto:

> show route all filtered
>
> shows only routes from master4 and master6 tables
>
> to show routes from this protocol, use
>
> show route table t_0002_as2 all filtered
>
> Maria
>
> On 4/20/20 2:50 PM, Fabiano D'Agostino wrote:
> > Yes, I just enabled it:
> > protocol bgp {
> >  ...
> >  ipv4{
> > import keep fitlered;
> > import limit 250 action restart;
> > import filter filter_rpki;
> > table t_0002_as2;
> > }
> > }
> >
> > RPKI is working because if I check the syslog I find the invalid printed
> > prefixes, but 'show route all filtered' doesn't show anything.
> >
> > Il giorno lun 20 apr 2020 alle ore 14:05 Maria Matejka
> > mailto:maria.mate...@nic.cz>> ha scritto:
> >
> > And do you have
> > import keep filtered;
> > in your config?
> > Maria
> >
> > On 4/20/20 11:19 AM, Fabiano D'Agostino wrote:
> >  > Hi,
> >  > In my route server bird.conf I did this:
> >  > define FILTERED_RPKI_INVALID = (1,1101,13);
> >  >
> >  > filter filter_rpki{
> >  > if roa_check(..)=ROA_INVALID then
> >  > {bgp_large_community.add(FILTERED_RPKI_INVALID);reject;}
> >  > }
> >  >
> >  > But when I do 'show route all filtered' I get nothing, I also
> > tried with
> >  > 'show route bgp_large_community ~ [(1,1101,13)]' and I have the
> > same result.
> >  > Because I would like to have some statistics about
> >  > VALID/INVALID/UNKOWN prefixes and I saw that I could use the
> > 'show route
> >  > stats' command.
> >  >
> >  > Thanks,
> >  >
> >  > Fabiano
> >  >
> >  > Il giorno dom 19 apr 2020 alle ore 21:30 Alarig Le Lay
> >  > mailto:ala...@swordarmor.fr>
> > <mailto:ala...@swordarmor.fr <mailto:ala...@swordarmor.fr>>> ha
> scritto:
> >  >
> >  > On Sun 19 Apr 2020 20:42:21 GMT, Fabiano D'Agostino wrote:
> >  >  > Thanks!
> >  >  > But can I also use birdc to check rejected prefixes?
> >  >
> >  > If you add a community, it will be visible with `show route
> all
> >  > filtered`
> >  >
> >  >  > Anyway why do you suggest to use
> bgp_path.last_noaggregated?
> >  >
> >  > Because you don’t want to check ROA against another ASN in the
> >  > aggregated path.
> >  >
> >  > --
> >  > Alarig
> >  >
> >
>

Re: Invalid ROA

2020-04-20 Thread Fabiano D'Agostino 
Yes, I just enabled it:
protocol bgp {
...
ipv4{
   import keep fitlered;
   import limit 250 action restart;
   import filter filter_rpki;
   table t_0002_as2;
   }
}

RPKI is working because if I check the syslog I find the invalid printed
prefixes, but 'show route all filtered' doesn't show anything.

Il giorno lun 20 apr 2020 alle ore 14:05 Maria Matejka 
ha scritto:

> And do you have
> import keep filtered;
> in your config?
> Maria
>
> On 4/20/20 11:19 AM, Fabiano D'Agostino wrote:
> > Hi,
> > In my route server bird.conf I did this:
> > define FILTERED_RPKI_INVALID = (1,1101,13);
> >
> > filter filter_rpki{
> > if roa_check(..)=ROA_INVALID then
> > {bgp_large_community.add(FILTERED_RPKI_INVALID);reject;}
> > }
> >
> > But when I do 'show route all filtered' I get nothing, I also tried with
> > 'show route bgp_large_community ~ [(1,1101,13)]' and I have the same
> result.
> > Because I would like to have some statistics about
> > VALID/INVALID/UNKOWN prefixes and I saw that I could use the 'show route
> > stats' command.
> >
> > Thanks,
> >
> > Fabiano
> >
> > Il giorno dom 19 apr 2020 alle ore 21:30 Alarig Le Lay
> > mailto:ala...@swordarmor.fr>> ha scritto:
> >
> > On Sun 19 Apr 2020 20:42:21 GMT, Fabiano D'Agostino wrote:
> >  > Thanks!
> >  > But can I also use birdc to check rejected prefixes?
> >
> > If you add a community, it will be visible with `show route all
> > filtered`
> >
> >  > Anyway why do you suggest to use bgp_path.last_noaggregated?
> >
> > Because you don’t want to check ROA against another ASN in the
> > aggregated path.
> >
> > --
> > Alarig
> >
>

Re: Invalid ROA

2020-04-20 Thread Fabiano D'Agostino 
Hi,
In my route server bird.conf I did this:
define FILTERED_RPKI_INVALID = (1,1101,13);

filter filter_rpki{
if roa_check(..)=ROA_INVALID then
{bgp_large_community.add(FILTERED_RPKI_INVALID);reject;}
}

But when I do 'show route all filtered' I get nothing, I also tried with
'show route bgp_large_community ~ [(1,1101,13)]' and I have the same result.
Because I would like to have some statistics about
VALID/INVALID/UNKOWN prefixes and I saw that I could use the 'show route
stats' command.

Thanks,

Fabiano

Il giorno dom 19 apr 2020 alle ore 21:30 Alarig Le Lay 
ha scritto:

> On Sun 19 Apr 2020 20:42:21 GMT, Fabiano D'Agostino wrote:
> > Thanks!
> > But can I also use birdc to check rejected prefixes?
>
> If you add a community, it will be visible with `show route all
> filtered`
>
> > Anyway why do you suggest to use bgp_path.last_noaggregated?
>
> Because you don’t want to check ROA against another ASN in the
> aggregated path.
>
> --
> Alarig
>

Re: Invalid ROA

2020-04-19 Thread Fabiano D'Agostino 
Thanks!
But can I also use birdc to check rejected prefixes?
Anyway why do you suggest to use bgp_path.last_noaggregated?

Il giorno dom 19 apr 2020 alle ore 19:19 Job Snijders  ha
scritto:

> Hi,
>
> On Sun, Apr 19, 2020, at 19:09, Fabiano D'Agostino wrote:
> > how can I check which prefixes are not valid and so rejected? It seems
> > the rpki is working, but I'd like to be sure. I have this:
> > if (roa_check(r4, net, bgp_path.last) = ROA_INVALID) then
> > {
> > print "Ignore RPKI invalid ", net, " for ASN ", bgp_path.last;
> >
> > but I don't understand where the prints go.
>
> They go to syslog.
>
> Make sure to match in this: bgp_path.last_nonaggregated
>
> Kind regards,
>
> Job
>

Invalid ROA

2020-04-19 Thread Fabiano D'Agostino 
Hi,
how can I check which prefixes are not valid and so rejected? It seems the
rpki is working, but I'd like to be sure. I have this:
if (roa_check(r4, net, bgp_path.last) = ROA_INVALID) then
{
print "Ignore RPKI invalid ", net, " for ASN ", bgp_path.last;

but I don't understand where the prints go.

Thanks,

Fabiano

Export clause in Pipe protocol

2020-04-08 Thread Fabiano D'Agostino 
Good evening,
I have this kind of bird.conf:
https://pastebin.com/6pMkJFix

I understand that in the Pipe protocol I need the 'import' clause to import
in master table routes learn by BGP. But I don't understand why in the Pipe
protocol in combination with BGP is useful to have the 'export' clause and
why having an 'export' clause in the Pipe protocol based on communities, I
mean I will filter routes based on communities on BGP 'import/export'
clauses, not in the Pipe protocol.

Thanks,

Fabiano

Re: BGP communities

2020-04-06 Thread Fabiano D'Agostino 
Thank you I was able to solve in this way:
My testing network is made up of router server (as1), router2(as2), router3
(as3).
The goal: as2's routes don't have to be announced to as3
route server conf:
function bgp_out(int peerID)
{
   if(0,peerID) ~ bgp_community then return false;
  return true;
}
protocol pipe as2 {
   import something;
   export where bgp_out(2);
}
protocol bgp { ipv4  {import/export all;}}

router2 config:
protocol bgp {
   ipv4  {
  import all;
  export filter {bgp_community.add((0,3)); };
   }
}

With this configuration AS3 doesn't receive AS2's routes anymore. But I
have a question, why the if condition is true? It should be if (0,2) ~ (is
inside) [(0,3),..], isn't it?

Thanks,

Il giorno lun 6 apr 2020 alle ore 21:06 Alexander Zubkov 
ha scritto:

> You have to configure export filter with something like:
> bgp_community.add((x,y));
> This is for community written as x:y on most hardware routers.
>
> On Mon, Apr 6, 2020 at 8:57 PM Fabiano D'Agostino
>  wrote:
> >
> > Thanks for your helping,
> > How do I set in my router (AS2) the community to the exported routes? I
> don't understand this.
> >
> >
> >
> > Il giorno lun 6 apr 2020 alle ore 20:26 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >>
> >> OK. So you have some route x.x.x.x/y that you receive from AS2 by
> >> protocol bgp pb_0002_as2?
> >>
> >> 1) it is received via bgp pb_0002_as2 into table t_0002_as2
> >> 2) it is piped from table t_0002_as2 to master4 with filter
> >> f_export_to_master (missing in your config)
> >> 3) it is piped from table master4 to t_0005_as3 with filter where
> >> ixp_community_filter(3) (ixp_community_filter is also missing)
> >> 4) it is exported to bgp pb_0005_as3
> >>
> >> At which point do you think it should be filtered and why?
> >> As I see, your routers (AS2) do not set any communities to the
> >> exported routes, so if you do not set them in any of those missing
> >> filters, then your check for the presence of the community will not
> >> fire.
> >>
> >> On Mon, Apr 6, 2020 at 7:03 PM Fabiano D'Agostino
> >>  wrote:
> >> >
> >> > This is the bird.conf of the route server:
> >> > https://pastebin.com/qwp6nBtz
> >> > This is the bird.conf of one router:
> >> > https://pastebin.com/trwgKG92
> >> >
> >> > Why does AS3 still receive routes from AS2? What am I missing?
> >> >
> >> > Thanks,
> >> >
> >> > Il giorno lun 6 apr 2020 alle ore 18:13 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >> >>
> >> >> It is really hard to guess what routes you have actually in your
> >> >> bird's table and how your bird is configured.
> >> >>
> >> >> > I just edited the bird.conf of the route server, should I also
> edit the bird.conf of the routers which are peering with the route server?
> >> >>
> >> >> Filters on peers can affect only communities you are sending and
> other
> >> >> attributes, but they do not affect directly the logic of your route
> >> >> server's filters, there is no magic here.
> >> >>
> >> >> On Mon, Apr 6, 2020 at 6:08 PM Fabiano D'Agostino
> >> >>  wrote:
> >> >> >
> >> >> > Does 'show route where' exist as command? Because I have syntax
> error.
> >> >> > Anyway I set up my route server as here:
> >> >> > https://www.slideshare.net/apnic/bird-routing-daemon
> >> >> > But I am having the problem described here:
> >> >> >
> https://bird.network.cz/pipermail/bird-users/2010-September/001620.html
> >> >> >
> >> >> > I just edited the bird.conf of the route server, should I also
> edit the bird.conf of the routers which are peering with the route server?
> >> >> >
> >> >> > Thanks,
> >> >> >
> >> >> > Il giorno lun 6 apr 2020 alle ore 17:50 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >> >> >>
> >> >> >> Have you tried to check that in cli like:
> >> >> >> show route where bgp_out(...)
> >> >> >> And check that required route has all needed communities:
> >> >> >> show route all x.x.x.x/y
> >> >> >>
> >> >> >> On Mon, Apr 6, 2020 at 5:35 PM Fabiano D'Agostino
> >> >> >>  wrote:
> >>

Re: BGP communities

2020-04-06 Thread Fabiano D'Agostino 
Thanks for your helping,
How do I set in my router (AS2) the community to the exported routes? I
don't understand this.



Il giorno lun 6 apr 2020 alle ore 20:26 Alexander Zubkov 
ha scritto:

> OK. So you have some route x.x.x.x/y that you receive from AS2 by
> protocol bgp pb_0002_as2?
>
> 1) it is received via bgp pb_0002_as2 into table t_0002_as2
> 2) it is piped from table t_0002_as2 to master4 with filter
> f_export_to_master (missing in your config)
> 3) it is piped from table master4 to t_0005_as3 with filter where
> ixp_community_filter(3) (ixp_community_filter is also missing)
> 4) it is exported to bgp pb_0005_as3
>
> At which point do you think it should be filtered and why?
> As I see, your routers (AS2) do not set any communities to the
> exported routes, so if you do not set them in any of those missing
> filters, then your check for the presence of the community will not
> fire.
>
> On Mon, Apr 6, 2020 at 7:03 PM Fabiano D'Agostino
>  wrote:
> >
> > This is the bird.conf of the route server:
> > https://pastebin.com/qwp6nBtz
> > This is the bird.conf of one router:
> > https://pastebin.com/trwgKG92
> >
> > Why does AS3 still receive routes from AS2? What am I missing?
> >
> > Thanks,
> >
> > Il giorno lun 6 apr 2020 alle ore 18:13 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >>
> >> It is really hard to guess what routes you have actually in your
> >> bird's table and how your bird is configured.
> >>
> >> > I just edited the bird.conf of the route server, should I also edit
> the bird.conf of the routers which are peering with the route server?
> >>
> >> Filters on peers can affect only communities you are sending and other
> >> attributes, but they do not affect directly the logic of your route
> >> server's filters, there is no magic here.
> >>
> >> On Mon, Apr 6, 2020 at 6:08 PM Fabiano D'Agostino
> >>  wrote:
> >> >
> >> > Does 'show route where' exist as command? Because I have syntax error.
> >> > Anyway I set up my route server as here:
> >> > https://www.slideshare.net/apnic/bird-routing-daemon
> >> > But I am having the problem described here:
> >> >
> https://bird.network.cz/pipermail/bird-users/2010-September/001620.html
> >> >
> >> > I just edited the bird.conf of the route server, should I also edit
> the bird.conf of the routers which are peering with the route server?
> >> >
> >> > Thanks,
> >> >
> >> > Il giorno lun 6 apr 2020 alle ore 17:50 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >> >>
> >> >> Have you tried to check that in cli like:
> >> >> show route where bgp_out(...)
> >> >> And check that required route has all needed communities:
> >> >> show route all x.x.x.x/y
> >> >>
> >> >> On Mon, Apr 6, 2020 at 5:35 PM Fabiano D'Agostino
> >> >>  wrote:
> >> >> >
> >> >> > Hey,
> >> >> > thank you! I think I am having the same problem they had here:
> >> >> >
> https://bird.network.cz/pipermail/bird-users/2010-September/001620.html
> >> >> >
> >> >> > But I didn't understand how they solved.
> >> >> >
> >> >> > Regards,
> >> >> > Fabiano
> >> >> >
> >> >> > Il giorno lun 6 apr 2020 alle ore 17:16 Cybertinus <
> b...@cybertinus.nl> ha scritto:
> >> >> >>
> >> >> >> Hello Fabiano,
> >> >> >>
> >> >> >>
> >> >> >> BGP Communities are basically tags you add to a prefix that is
> received from, or send to, a peer. And in Bird you can do whatever you want
> with these communities. A community by itself has no meaning and has no
> influence on the routing decision whatsoever. It is the meaning you add to
> it in your configuration what makes them work.
> >> >> >>
> >> >> >> More information about communities:
> https://en.wikipedia.org/wiki/Border_Gateway_Protocol#Communities
> >> >> >>
> >> >> >>
> >> >> >> Kind regards,
> >> >> >> Cybertinus
> >> >> >>
> >> >> >>
> >> >> >> On 2020-04-06 17:03, Fabiano D'Agostino wrote:
> >> >> >>
> >> >> >> and how these kind of checks are handled?
>

Re: BGP communities

2020-04-06 Thread Fabiano D'Agostino 
This is the bird.conf of the route server:
https://pastebin.com/qwp6nBtz
This is the bird.conf of one router:
https://pastebin.com/trwgKG92

Why does AS3 still receive routes from AS2? What am I missing?

Thanks,

Il giorno lun 6 apr 2020 alle ore 18:13 Alexander Zubkov 
ha scritto:

> It is really hard to guess what routes you have actually in your
> bird's table and how your bird is configured.
>
> > I just edited the bird.conf of the route server, should I also edit the
> bird.conf of the routers which are peering with the route server?
>
> Filters on peers can affect only communities you are sending and other
> attributes, but they do not affect directly the logic of your route
> server's filters, there is no magic here.
>
> On Mon, Apr 6, 2020 at 6:08 PM Fabiano D'Agostino
>  wrote:
> >
> > Does 'show route where' exist as command? Because I have syntax error.
> > Anyway I set up my route server as here:
> > https://www.slideshare.net/apnic/bird-routing-daemon
> > But I am having the problem described here:
> > https://bird.network.cz/pipermail/bird-users/2010-September/001620.html
> >
> > I just edited the bird.conf of the route server, should I also edit the
> bird.conf of the routers which are peering with the route server?
> >
> > Thanks,
> >
> > Il giorno lun 6 apr 2020 alle ore 17:50 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >>
> >> Have you tried to check that in cli like:
> >> show route where bgp_out(...)
> >> And check that required route has all needed communities:
> >> show route all x.x.x.x/y
> >>
> >> On Mon, Apr 6, 2020 at 5:35 PM Fabiano D'Agostino
> >>  wrote:
> >> >
> >> > Hey,
> >> > thank you! I think I am having the same problem they had here:
> >> >
> https://bird.network.cz/pipermail/bird-users/2010-September/001620.html
> >> >
> >> > But I didn't understand how they solved.
> >> >
> >> > Regards,
> >> > Fabiano
> >> >
> >> > Il giorno lun 6 apr 2020 alle ore 17:16 Cybertinus <
> b...@cybertinus.nl> ha scritto:
> >> >>
> >> >> Hello Fabiano,
> >> >>
> >> >>
> >> >> BGP Communities are basically tags you add to a prefix that is
> received from, or send to, a peer. And in Bird you can do whatever you want
> with these communities. A community by itself has no meaning and has no
> influence on the routing decision whatsoever. It is the meaning you add to
> it in your configuration what makes them work.
> >> >>
> >> >> More information about communities:
> https://en.wikipedia.org/wiki/Border_Gateway_Protocol#Communities
> >> >>
> >> >>
> >> >> Kind regards,
> >> >> Cybertinus
> >> >>
> >> >>
> >> >> On 2020-04-06 17:03, Fabiano D'Agostino wrote:
> >> >>
> >> >> and how these kind of checks are handled?
> >> >> if (myas,peeras) ~ bgp_community  what is bgp_community?
> >> >>
> >> >> Thanks,
> >> >>
> >> >> Il giorno lun 6 apr 2020 alle ore 15:32 Fabiano D'Agostino <
> fabiano.dagostin...@gmail.com> ha scritto:
> >> >>
> >> >> Thank you, but "if the route does not come from BGP then false"
> >> >> here I have:
> >> >> protocol pipe a {
> >> >> table master;
> >> >> mode transparent;
> >> >> peer table a;
> >> >> import all;
> >> >> export where bgp_out(x); => this becomes false, what does this
> mean?
> >> >> #export all;
> >> >> }
> >> >>
> >> >> Thanks,
> >> >>
> >> >> Il giorno lun 6 apr 2020 alle ore 10:50 Bernd Naumann <
> b...@spreadshirt.net> ha scritto:
> >> >>
> >> >> On 05.04.20 23:08, Fabiano D'Agostino wrote:
> >> >> > Good evening,
> >> >> > could someone explain me the meaning of these lines?
> >> >> >
> >> >> > function bgp_out(int peeras)
> >> >> > {
> >> >> > if ! (source = RTS_BGP ) then return false;
> >> >> > if peeras > 65535 then return true; ### communities do not support
> AS32
> >> >> > if (0,peeras) ~ bgp_community then return false;
> >> >> > if (myas,peeras) ~ bgp_community then return true;
> >> >> > if (0, myas) ~ bgp_community then return false;
> >> >> > return true;
> >> >> > }
> >> >> >
> >> >> > Thanks,
> >> >> >
> >> >> > Fabiano
> >> >> >
> >> >>
> >> >> Morning,
> >> >>
> >> >> I can not cover the whole section but as a start...
> >> >>
> >> >> * if the route does not come from BGP then false (routing table
> source?)
> >> >> * if the remote AS Number is greater 65535 (16 Bit) then "just"
> return
> >> >> true (see AS 32 Bit Numbers, and the non-support of older
> >> >> devices/implementations)
> >> >> * For the next 3 I'm not 100% sure how to read but I found
> >> >>
> https://bird-users.network.narkive.com/3uDbo6H9/any-ix-willing-to-share-their-config
> >> >>
> >> >> ```
> >> >> 0:X - Do not announce route to peer X
> >> >> 0:MyASN - Do not announce route to all peers
> >> >> MyASN:X - Announce route to peer X only
> >> >> MyASN:MyASN - Announce routes to all peers. This community is
> >> >> automatically added to all routes that are not
> >> >> tagged with any of MyASN:X communities.
> >> >> ```
> >> >>
> >> >> Maybe this helps a little bit.
> >> >>
> >> >> Bernd
>

Re: BGP communities

2020-04-06 Thread Fabiano D'Agostino 
Does 'show route where' exist as command? Because I have syntax error.
Anyway I set up my route server as here:
https://www.slideshare.net/apnic/bird-routing-daemon
But I am having the problem described here:
https://bird.network.cz/pipermail/bird-users/2010-September/001620.html

I just edited the bird.conf of the route server, should I also edit the
bird.conf of the routers which are peering with the route server?

Thanks,

Il giorno lun 6 apr 2020 alle ore 17:50 Alexander Zubkov 
ha scritto:

> Have you tried to check that in cli like:
> show route where bgp_out(...)
> And check that required route has all needed communities:
> show route all x.x.x.x/y
>
> On Mon, Apr 6, 2020 at 5:35 PM Fabiano D'Agostino
>  wrote:
> >
> > Hey,
> > thank you! I think I am having the same problem they had here:
> > https://bird.network.cz/pipermail/bird-users/2010-September/001620.html
> >
> > But I didn't understand how they solved.
> >
> > Regards,
> > Fabiano
> >
> > Il giorno lun 6 apr 2020 alle ore 17:16 Cybertinus 
> ha scritto:
> >>
> >> Hello Fabiano,
> >>
> >>
> >> BGP Communities are basically tags you add to a prefix that is received
> from, or send to, a peer. And in Bird you can do whatever you want with
> these communities. A community by itself has no meaning and has no
> influence on the routing decision whatsoever. It is the meaning you add to
> it in your configuration what makes them work.
> >>
> >> More information about communities:
> https://en.wikipedia.org/wiki/Border_Gateway_Protocol#Communities
> >>
> >>
> >> Kind regards,
> >> Cybertinus
> >>
> >>
> >> On 2020-04-06 17:03, Fabiano D'Agostino wrote:
> >>
> >> and how these kind of checks are handled?
> >> if (myas,peeras) ~ bgp_community  what is bgp_community?
> >>
> >> Thanks,
> >>
> >> Il giorno lun 6 apr 2020 alle ore 15:32 Fabiano D'Agostino <
> fabiano.dagostin...@gmail.com> ha scritto:
> >>
> >> Thank you, but "if the route does not come from BGP then false"
> >> here I have:
> >> protocol pipe a {
> >> table master;
> >> mode transparent;
> >> peer table a;
> >> import all;
> >> export where bgp_out(x); => this becomes false, what does this mean?
> >> #export all;
> >> }
> >>
> >> Thanks,
> >>
> >> Il giorno lun 6 apr 2020 alle ore 10:50 Bernd Naumann <
> b...@spreadshirt.net> ha scritto:
> >>
> >> On 05.04.20 23:08, Fabiano D'Agostino wrote:
> >> > Good evening,
> >> > could someone explain me the meaning of these lines?
> >> >
> >> > function bgp_out(int peeras)
> >> > {
> >> > if ! (source = RTS_BGP ) then return false;
> >> > if peeras > 65535 then return true; ### communities do not support
> AS32
> >> > if (0,peeras) ~ bgp_community then return false;
> >> > if (myas,peeras) ~ bgp_community then return true;
> >> > if (0, myas) ~ bgp_community then return false;
> >> > return true;
> >> > }
> >> >
> >> > Thanks,
> >> >
> >> > Fabiano
> >> >
> >>
> >> Morning,
> >>
> >> I can not cover the whole section but as a start...
> >>
> >> * if the route does not come from BGP then false (routing table source?)
> >> * if the remote AS Number is greater 65535 (16 Bit) then "just" return
> >> true (see AS 32 Bit Numbers, and the non-support of older
> >> devices/implementations)
> >> * For the next 3 I'm not 100% sure how to read but I found
> >>
> https://bird-users.network.narkive.com/3uDbo6H9/any-ix-willing-to-share-their-config
> >>
> >> ```
> >> 0:X - Do not announce route to peer X
> >> 0:MyASN - Do not announce route to all peers
> >> MyASN:X - Announce route to peer X only
> >> MyASN:MyASN - Announce routes to all peers. This community is
> >> automatically added to all routes that are not
> >> tagged with any of MyASN:X communities.
> >> ```
> >>
> >> Maybe this helps a little bit.
> >>
> >> Bernd
>

Re: BGP communities

2020-04-06 Thread Fabiano D'Agostino 
Hey,
thank you! I think I am having the same problem they had here:
https://bird.network.cz/pipermail/bird-users/2010-September/001620.html

But I didn't understand how they solved.

Regards,
Fabiano

Il giorno lun 6 apr 2020 alle ore 17:16 Cybertinus  ha
scritto:

> Hello Fabiano,
>
>
> BGP Communities are basically tags you add to a prefix that is received
> from, or send to, a peer. And in Bird you can do whatever you want with
> these communities. A community by itself has no meaning and has no
> influence on the routing decision whatsoever. It is the meaning you add to
> it in your configuration what makes them work.
>
> More information about communities:
> https://en.wikipedia.org/wiki/Border_Gateway_Protocol#Communities
>
>
> Kind regards,
> Cybertinus
>
>
> On 2020-04-06 17:03, Fabiano D'Agostino wrote:
>
> and how these kind of checks are handled?
> if (myas,peeras) ~ bgp_community  what is bgp_community?
>
> Thanks,
>
> Il giorno lun 6 apr 2020 alle ore 15:32 Fabiano D'Agostino <
> fabiano.dagostin...@gmail.com> ha scritto:
>
> Thank you, but "if the route does not come from BGP then false"
> here I have:
> protocol pipe a {
> table master;
> mode transparent;
> peer table a;
> import all;
> export where bgp_out(x); => this becomes false, what does this mean?
> #export all;
> }
>
> Thanks,
>
> Il giorno lun 6 apr 2020 alle ore 10:50 Bernd Naumann <
> b...@spreadshirt.net> ha scritto:
>
> On 05.04.20 23:08, Fabiano D'Agostino wrote:
> > Good evening,
> > could someone explain me the meaning of these lines?
> >
> > function bgp_out(int peeras)
> > {
> > if ! (source = RTS_BGP ) then return false;
> > if peeras > 65535 then return true; ### communities do not support AS32
> > if (0,peeras) ~ bgp_community then return false;
> > if (myas,peeras) ~ bgp_community then return true;
> > if (0, myas) ~ bgp_community then return false;
> > return true;
> > }
> >
> > Thanks,
> >
> > Fabiano
> >
>
> Morning,
>
> I can not cover the whole section but as a start...
>
> * if the route does not come from BGP then false (routing table source?)
> * if the remote AS Number is greater 65535 (16 Bit) then "just" return
> true (see AS 32 Bit Numbers, and the non-support of older
> devices/implementations)
> * For the next 3 I'm not 100% sure how to read but I found
>
> https://bird-users.network.narkive.com/3uDbo6H9/any-ix-willing-to-share-their-config
>
> ```
> 0:X - Do not announce route to peer X
> 0:MyASN - Do not announce route to all peers
> MyASN:X - Announce route to peer X only
> MyASN:MyASN - Announce routes to all peers. This community is
> automatically added to all routes that are not
> tagged with any of MyASN:X communities.
> ```
>
> Maybe this helps a little bit.
>
> Bernd
>
>

Re: BGP communities

2020-04-06 Thread Fabiano D'Agostino 
and how these kind of checks are handled?
if (myas,peeras) ~ bgp_community  what is bgp_community?

Thanks,

Il giorno lun 6 apr 2020 alle ore 15:32 Fabiano D'Agostino <
fabiano.dagostin...@gmail.com> ha scritto:

> Thank you, but "if the route does not come from BGP then false"
> here I have:
> protocol pipe a {
> table master;
> mode transparent;
> peer table a;
> import all;
> export where bgp_out(x); => this becomes false, what does this mean?
> #export all;
> }
>
> Thanks,
>
> Il giorno lun 6 apr 2020 alle ore 10:50 Bernd Naumann <
> b...@spreadshirt.net> ha scritto:
>
>> On 05.04.20 23:08, Fabiano D'Agostino wrote:
>> > Good evening,
>> > could someone explain me the meaning of these lines?
>> >
>> > function bgp_out(int peeras)
>> > {
>> > if ! (source = RTS_BGP ) then return false;
>> > if peeras > 65535 then return true; ### communities do not support AS32
>> > if (0,peeras) ~ bgp_community then return false;
>> > if (myas,peeras) ~ bgp_community then return true;
>> > if (0, myas) ~ bgp_community then return false;
>> > return true;
>> > }
>> >
>> > Thanks,
>> >
>> > Fabiano
>> >
>>
>> Morning,
>>
>> I can not cover the whole section but as a start...
>>
>> * if the route does not come from BGP then false (routing table source?)
>> * if the remote AS Number is greater 65535 (16 Bit) then "just" return
>> true (see AS 32 Bit Numbers, and the non-support of older
>> devices/implementations)
>> * For the next 3 I'm not 100% sure how to read but I found
>>
>> https://bird-users.network.narkive.com/3uDbo6H9/any-ix-willing-to-share-their-config
>>
>> ```
>> 0:X - Do not announce route to peer X
>> 0:MyASN - Do not announce route to all peers
>> MyASN:X - Announce route to peer X only
>> MyASN:MyASN - Announce routes to all peers. This community is
>> automatically added to all routes that are not
>> tagged with any of MyASN:X communities.
>> ```
>>
>> Maybe this helps a little bit.
>>
>> Bernd
>>
>

Re: BGP communities

2020-04-06 Thread Fabiano D'Agostino 
Thank you, but "if the route does not come from BGP then false"
here I have:
protocol pipe a {
table master;
mode transparent;
peer table a;
import all;
export where bgp_out(x); => this becomes false, what does this mean?
#export all;
}

Thanks,

Il giorno lun 6 apr 2020 alle ore 10:50 Bernd Naumann 
ha scritto:

> On 05.04.20 23:08, Fabiano D'Agostino wrote:
> > Good evening,
> > could someone explain me the meaning of these lines?
> >
> > function bgp_out(int peeras)
> > {
> > if ! (source = RTS_BGP ) then return false;
> > if peeras > 65535 then return true; ### communities do not support AS32
> > if (0,peeras) ~ bgp_community then return false;
> > if (myas,peeras) ~ bgp_community then return true;
> > if (0, myas) ~ bgp_community then return false;
> > return true;
> > }
> >
> > Thanks,
> >
> > Fabiano
> >
>
> Morning,
>
> I can not cover the whole section but as a start...
>
> * if the route does not come from BGP then false (routing table source?)
> * if the remote AS Number is greater 65535 (16 Bit) then "just" return
> true (see AS 32 Bit Numbers, and the non-support of older
> devices/implementations)
> * For the next 3 I'm not 100% sure how to read but I found
>
> https://bird-users.network.narkive.com/3uDbo6H9/any-ix-willing-to-share-their-config
>
> ```
> 0:X - Do not announce route to peer X
> 0:MyASN - Do not announce route to all peers
> MyASN:X - Announce route to peer X only
> MyASN:MyASN - Announce routes to all peers. This community is
> automatically added to all routes that are not
> tagged with any of MyASN:X communities.
> ```
>
> Maybe this helps a little bit.
>
> Bernd
>

BGP communities

2020-04-05 Thread Fabiano D'Agostino 
Good evening,
could someone explain me the meaning of these lines?

function bgp_out(int peeras)
{
if ! (source = RTS_BGP ) then return false;
if peeras > 65535 then return true; ### communities do not support AS32
if (0,peeras) ~ bgp_community then return false;
if (myas,peeras) ~ bgp_community then return true;
if (0, myas) ~ bgp_community then return false;
return true;
}

Thanks,

Fabiano

Re: How to see as path

2020-04-03 Thread Fabiano D'Agostino 
Thank you!

Il Ven 3 Apr 2020, 12:32 Maria Matějka  ha scritto:

> The show route command shows only reduced info. Use
>
> show route all
>
> to get full information.
> Maria
>
> On April 3, 2020 11:47:04 AM GMT+02:00, Fabiano D'Agostino <
> fabiano.dagostin...@gmail.com> wrote:
>>
>> Good morning,
>> how can I see the as path of a route?
>> I think the command is 'show route' and I get:
>> 192.168.5.0/24 unicast [bgp1 ...]*(100) [AS3i] via..
>>
>> What is 100?
>> AS3 should be the as path, right? Why is there an 'i'?
>>
>> Thanks,
>>
>> Fabiano
>>
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>

How to see as path

2020-04-03 Thread Fabiano D'Agostino 
Good morning,
how can I see the as path of a route?
I think the command is 'show route' and I get:
192.168.5.0/24 unicast [bgp1 ...]*(100) [AS3i] via..

What is 100?
AS3 should be the as path, right? Why is there an 'i'?

Thanks,

Fabiano

Re: Bird on Scientific Linux

2020-03-28 Thread Fabiano D'Agostino 
Good evening Robert,
It was 'some' errors. When I do 'make' and 'make install' I get this errors:
https://pastebin.com/DnLjC36T

Anyway I was able to install the 1.3.6 version without problems.

Thanks,

Fabiano

Il giorno sab 28 mar 2020 alle ore 20:37 Robert Scheck <
b...@robert-scheck.de> ha scritto:

> Hello Fabiano,
>
> On Sat, 28 Mar 2020, Fabiano D'Agostino wrote:
> > I am using Scientific Linux 6 (RHEL 6) and I was able to install Bird
> > 1.3.6, but when I try to install Bird 2.0.7 I get same errors? Why?
>
> what does "same errors" mean exactly? Which errors? Do you have specific
> error messages? Run-time or compile-time? Note that RHEL 6 and derviates
> are close to EOL (end of November 2020), consider moving to CentOS 8 for
> continued security updates (there you also could get BIRD 2.0.7 via the
> EPEL 8 repository to reduce your maintenance work).
>
>
> Regards,
>   Robert
>

Bird on Scientific Linux

2020-03-28 Thread Fabiano D'Agostino 
Hi all,
I am using Scientific Linux 6 (RHEL 6) and I was able to install Bird
1.3.6, but when I try to install Bird 2.0.7 I get same errors? Why?

Thanks in advance,

Fabiano

Re: Upgrade from Bird 1.3.6 to Bird 2.0.7

2020-03-28 Thread Fabiano D'Agostino 
Hey,
how can I run several instances of the same version of Bird? And why
someone should run multiple instances?

Il giorno sab 28 mar 2020 alle ore 12:46 Alexander Zubkov 
ha scritto:

> Hi,
>
> Of course, as long as they do not try to bind the same network or
> control sockets. Almost the same way as you can run several instances
> of the same version of the bird.
>
> On Sat, Mar 28, 2020 at 7:21 AM Fabiano D'Agostino
>  wrote:
> >
> > Good morning Maria,
> > but how can I guarantee business continuity? I mean can two versions of
> Bird running on the same host at the same time?
> >
> > Thanks,
> >
> > Il Sab 28 Mar 2020, 00:34 Maria Matějka  ha
> scritto:
> >>
> >> Hello!
> >> No. There is a need to check by hand whether your config has been
> converted properly. As the config language is complex a lot, we haven't
> prepared an automatic config converter. Anyway, feel free to create any
> such converter or any approximation of it.
> >> Maria
> >>
> >> On March 27, 2020 6:46:23 PM GMT+01:00, Fabiano D'Agostino <
> fabiano.dagostin...@gmail.com> wrote:
> >>>
> >>> Hey,
> >>> I read the guide, I mean is there any automatic way to do the
> migration?
> >>>
> >>>
> >>> Il Ven 27 Mar 2020, 18:39 Ondrej Zajicek  ha
> scritto:
> >>>>
> >>>> On Fri, Mar 27, 2020 at 05:31:11PM +0100, Fabiano D'Agostino wrote:
> >>>> > Hi all,
> >>>> > is there any easy way to upgrade from Bird 1.3.6 to Bird 2.0.7?
> >>>>
> >>>> Hi, there is a guide for config changes:
> >>>>
> >>>>
> https://gitlab.labs.nic.cz/labs/bird/-/wikis/transition-notes-to-bird-2
> >>>>
> >>>> --
> >>>> Elen sila lumenn' omentielvo
> >>>>
> >>>> Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
> >>>> OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3,
> wwwkeys.pgp.net)
> >>>> "To err is human -- to blame it on a computer is even more so."
> >>
> >>
> >> --
> >> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>

Re: Upgrade from Bird 1.3.6 to Bird 2.0.7

2020-03-28 Thread Fabiano D'Agostino 
Good morning Maria,
but how can I guarantee business continuity? I mean can two versions of
Bird running on the same host at the same time?

Thanks,

Il Sab 28 Mar 2020, 00:34 Maria Matějka  ha scritto:

> Hello!
> No. There is a need to check by hand whether your config has been
> converted properly. As the config language is complex a lot, we haven't
> prepared an automatic config converter. Anyway, feel free to create any
> such converter or any approximation of it.
> Maria
>
> On March 27, 2020 6:46:23 PM GMT+01:00, Fabiano D'Agostino <
> fabiano.dagostin...@gmail.com> wrote:
>>
>> Hey,
>> I read the guide, I mean is there any automatic way to do the migration?
>>
>>
>> Il Ven 27 Mar 2020, 18:39 Ondrej Zajicek  ha
>> scritto:
>>
>>> On Fri, Mar 27, 2020 at 05:31:11PM +0100, Fabiano D'Agostino wrote:
>>> > Hi all,
>>> > is there any easy way to upgrade from Bird 1.3.6 to Bird 2.0.7?
>>>
>>> Hi, there is a guide for config changes:
>>>
>>> https://gitlab.labs.nic.cz/labs/bird/-/wikis/transition-notes-to-bird-2
>>>
>>> --
>>> Elen sila lumenn' omentielvo
>>>
>>> Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
>>> OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
>>> "To err is human -- to blame it on a computer is even more so."
>>>
>>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>

Upgrade from Bird 1.3.6 to Bird 2.0.7

2020-03-27 Thread Fabiano D'Agostino 
Hi all,
is there any easy way to upgrade from Bird 1.3.6 to Bird 2.0.7?

Thanks,

Fabiano D'Agostino

Re: Direct protocol affects BGP

2020-03-25 Thread Fabiano D'Agostino 
ah okay thanks, I understand now!

Il giorno mer 25 mar 2020 alle ore 17:33 Alexander Zubkov 
ha scritto:

> Than I see no problem. When you have direct protocol off - your router
> have nothing imported to the bird's routing table and so nothing is
> exported to the bgp peer. A kernel protocol does not import those
> routes, from the documentation:
>
> > Note that routes created by OS kernel itself, namely direct routes
> representing IP subnets of associated interfaces, are not imported even
> with learn enabled. You can use Direct protocol to generate these direct
> routes.
>
> On Wed, Mar 25, 2020 at 5:21 PM Fabiano D'Agostino
>  wrote:
> >
> > Yes, I disabled direct protocol on both routers. The full bird.conf is
> the following:
> > log syslog all;
> > ipv4 table master4;
> > ipv6 table master6;
> > router1 bgp configuration:
> > protocol bgp {
> > ipv4 {
> > import all;
> > export all;
> >};
> >local as 1;
> >neighbor 192.168.2.22 as 2;
> > }
> > protocol device {
> > }
> > protocol kernel {
> > ipv4 {
> > table master4;
> > import all;
> > export all;
> > };
> > }
> > protocol static {
> > ipv4;
> > }
> >
> >
> > Il giorno mer 25 mar 2020 alle ore 17:06 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >>
> >> Do you disable direct protocol on both router1 and router2?
> >> And that is definitely not the full bird config, you do not have a
> >> kernel protocol for example.
> >>
> >> On Tue, Mar 24, 2020 at 10:50 PM Fabiano D'Agostino
> >>  wrote:
> >> >
> >> > There is no gateway because they are directly connected. However my
> network topology is the following:
> >> > [pc-a - router1 ]=AS 1 ; [pc-b - router 2]=AS 2;
> >> > pc-a:
> >> > enp0s3
> >> > address 192.168.1.11
> >> > gw 192.168.1.1
> >> > router1:
> >> > enp0s3
> >> > address 192.168.1.1
> >> > enp0s8
> >> > 192.168.2.2
> >> >
> >> > router1 bgp configuration:
> >> > protocol bgp {
> >> > ipv4 {
> >> >     import all;
> >> > export all;
> >> >}
> >> > local as 1;
> >> > neighbor 192.168.2.22 as 2
> >> >
> >> >
> >> > Il giorno mar 24 mar 2020 alle ore 22:40 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >> >>
> >> >> There is also no gateway in you "route" output on routes exported
> from
> >> >> bird. Maybe you have some filters that causing it? Could you show
> your
> >> >> config if it is not secret?
> >> >>
> >> >> On Tue, Mar 24, 2020 at 9:53 PM Fabiano D'Agostino
> >> >>  wrote:
> >> >> >
> >> >> > Yes, 'show route', is from Bird. I don't have route-reflector, but
> just two routers which have a bgp session. Anyway, yes when direct is
> disabled, the bgp session is established.
> >> >> >
> >> >> > Il giorno mar 24 mar 2020 alle ore 21:45 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >> >> >>
> >> >> >> "show route" looks a little weird, is it from bird? There are also
> >> >> >> commonly a protocol and metric shown.
> >> >> >> Those are from your route-reflector? Do you have your bgp
> sessions up
> >> >> >> when direct is disabled?
> >> >> >>
> >> >> >> On Tue, Mar 24, 2020 at 9:33 PM Fabiano D'Agostino
> >> >> >>  wrote:
> >> >> >> >
> >> >> >> > Good evening Alexander,
> >> >> >> >
> >> >> >> > Direct protocol enabled:
> >> >> >> > 'route' command:
> >> >> >> > Destination Gateway GenmaskFlags Metric iface
> >> >> >> > 192.168.1.0  *255.255.255.0   U   0
>  enp0s3
> >> >> >> > 192.168.1.0  *255.255.255.0   U   32
>  enp0s3
> >> >> >> > 192.168.2.0  *255.255.255.0   U   0
>  enp0s8
> >> >> >> > 192.168.2.0  *255.255.255.0   U32
> enp0s8
> >> >> >> > 192.168.4.0  *

Re: Direct protocol affects BGP

2020-03-25 Thread Fabiano D'Agostino 
Yes, I disabled direct protocol on both routers. The full bird.conf is the
following:
log syslog all;
ipv4 table master4;
ipv6 table master6;
router1 bgp configuration:
protocol bgp {
ipv4 {
import all;
export all;
   };
   local as 1;
   neighbor 192.168.2.22 as 2;
}
protocol device {
}
protocol kernel {
ipv4 {
table master4;
import all;
export all;
};
}
protocol static {
ipv4;
}


Il giorno mer 25 mar 2020 alle ore 17:06 Alexander Zubkov 
ha scritto:

> Do you disable direct protocol on both router1 and router2?
> And that is definitely not the full bird config, you do not have a
> kernel protocol for example.
>
> On Tue, Mar 24, 2020 at 10:50 PM Fabiano D'Agostino
>  wrote:
> >
> > There is no gateway because they are directly connected. However my
> network topology is the following:
> > [pc-a - router1 ]=AS 1 ; [pc-b - router 2]=AS 2;
> > pc-a:
> > enp0s3
> > address 192.168.1.11
> > gw 192.168.1.1
> > router1:
> > enp0s3
> > address 192.168.1.1
> > enp0s8
> > 192.168.2.2
> >
> > router1 bgp configuration:
> > protocol bgp {
> > ipv4 {
> > import all;
> > export all;
> >}
> > local as 1;
> > neighbor 192.168.2.22 as 2
> >
> >
> > Il giorno mar 24 mar 2020 alle ore 22:40 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >>
> >> There is also no gateway in you "route" output on routes exported from
> >> bird. Maybe you have some filters that causing it? Could you show your
> >> config if it is not secret?
> >>
> >> On Tue, Mar 24, 2020 at 9:53 PM Fabiano D'Agostino
> >>  wrote:
> >> >
> >> > Yes, 'show route', is from Bird. I don't have route-reflector, but
> just two routers which have a bgp session. Anyway, yes when direct is
> disabled, the bgp session is established.
> >> >
> >> > Il giorno mar 24 mar 2020 alle ore 21:45 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >> >>
> >> >> "show route" looks a little weird, is it from bird? There are also
> >> >> commonly a protocol and metric shown.
> >> >> Those are from your route-reflector? Do you have your bgp sessions up
> >> >> when direct is disabled?
> >> >>
> >> >> On Tue, Mar 24, 2020 at 9:33 PM Fabiano D'Agostino
> >> >>  wrote:
> >> >> >
> >> >> > Good evening Alexander,
> >> >> >
> >> >> > Direct protocol enabled:
> >> >> > 'route' command:
> >> >> > Destination Gateway GenmaskFlags Metric iface
> >> >> > 192.168.1.0  *255.255.255.0   U   0
>  enp0s3
> >> >> > 192.168.1.0  *255.255.255.0   U   32
>  enp0s3
> >> >> > 192.168.2.0  *255.255.255.0   U   0
>  enp0s8
> >> >> > 192.168.2.0  *255.255.255.0   U32
> enp0s8
> >> >> > 192.168.4.0  *255.255.255.0   U32
> enp0s8
> >> >> > 'show route' command:
> >> >> > 192.168.1.0/24 enp0s3
> >> >> > 192.168.2.0/24  enp0s8 via 192.168.2.22 on enp0s8
> >> >> > 192.168.4.0/24 via 192.168.2.22 on enp0s8
> >> >> >
> >> >> > Direct protocol disabled:
> >> >> > 'route' command:
> >> >> > Destination Gateway GenmaskFlags Metric iface
> >> >> > 192.168.1.0  *255.255.255.0   U   0
>  enp0s3
> >> >> > 192.168.2.0  *255.255.255.0   U   0
>  enp0s8
> >> >> > 'show route' command:
> >> >> > empty
> >> >> >
> >> >> > Thanks,
> >> >> >
> >> >> > Fabiano
> >> >> >
> >> >> > Il giorno mar 24 mar 2020 alle ore 21:00 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >> >> >>
> >> >> >> I think it would be easier if you showed your route tables in
> both cases.
> >> >> >>
> >> >> >> On Tue, Mar 24, 2020 at 8:57 AM Irene Lalioti <
> irene.lali...@restena.lu> wrote:
> >> >> >> >
> >> >> >> > Hello guys!
> >> >> >> >
> >> >> >> > Just because today we encountered again the same

Re: Direct protocol affects BGP

2020-03-24 Thread Fabiano D'Agostino 
There is no gateway because they are directly connected. However my network
topology is the following:
[pc-a - router1 ]=AS 1 ; [pc-b - router 2]=AS 2;
pc-a:
enp0s3
address 192.168.1.11
gw 192.168.1.1
router1:
enp0s3
address 192.168.1.1
enp0s8
192.168.2.2

router1 bgp configuration:
protocol bgp {
ipv4 {
import all;
export all;
   }
local as 1;
neighbor 192.168.2.22 as 2


Il giorno mar 24 mar 2020 alle ore 22:40 Alexander Zubkov 
ha scritto:

> There is also no gateway in you "route" output on routes exported from
> bird. Maybe you have some filters that causing it? Could you show your
> config if it is not secret?
>
> On Tue, Mar 24, 2020 at 9:53 PM Fabiano D'Agostino
>  wrote:
> >
> > Yes, 'show route', is from Bird. I don't have route-reflector, but just
> two routers which have a bgp session. Anyway, yes when direct is disabled,
> the bgp session is established.
> >
> > Il giorno mar 24 mar 2020 alle ore 21:45 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >>
> >> "show route" looks a little weird, is it from bird? There are also
> >> commonly a protocol and metric shown.
> >> Those are from your route-reflector? Do you have your bgp sessions up
> >> when direct is disabled?
> >>
> >> On Tue, Mar 24, 2020 at 9:33 PM Fabiano D'Agostino
> >>  wrote:
> >> >
> >> > Good evening Alexander,
> >> >
> >> > Direct protocol enabled:
> >> > 'route' command:
> >> > Destination Gateway GenmaskFlags Metric iface
> >> > 192.168.1.0  *255.255.255.0   U   0 enp0s3
> >> > 192.168.1.0  *255.255.255.0   U   32   enp0s3
> >> > 192.168.2.0  *255.255.255.0   U   0 enp0s8
> >> > 192.168.2.0  *255.255.255.0   U32  enp0s8
> >> > 192.168.4.0  *255.255.255.0   U32  enp0s8
> >> > 'show route' command:
> >> > 192.168.1.0/24 enp0s3
> >> > 192.168.2.0/24  enp0s8 via 192.168.2.22 on enp0s8
> >> > 192.168.4.0/24 via 192.168.2.22 on enp0s8
> >> >
> >> > Direct protocol disabled:
> >> > 'route' command:
> >> > Destination Gateway GenmaskFlags Metric iface
> >> > 192.168.1.0  *255.255.255.0   U   0 enp0s3
> >> > 192.168.2.0  *255.255.255.0   U   0 enp0s8
> >> > 'show route' command:
> >> > empty
> >> >
> >> > Thanks,
> >> >
> >> > Fabiano
> >> >
> >> > Il giorno mar 24 mar 2020 alle ore 21:00 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >> >>
> >> >> I think it would be easier if you showed your route tables in both
> cases.
> >> >>
> >> >> On Tue, Mar 24, 2020 at 8:57 AM Irene Lalioti <
> irene.lali...@restena.lu> wrote:
> >> >> >
> >> >> > Hello guys!
> >> >> >
> >> >> > Just because today we encountered again the same issue with
> direct, I am very curious on this:
> >> >> >
> >> >> > I totally agree with what you guys explained about the need of the
> direct protocol. Once we set it then reachability works and all is ok.
> >> >> >
> >> >> > Our big question is why was it working before the moment it lost
> the BGP session?? In other words: the set up :
> >> >> >
> >> >> > RS - BGP session with the ROUTER - and behind the Router we have
> Caches.
> >> >> >
> >> >> > Before the router was announcing to the RS(BIRD v2.0.7) the caches
> and that they are reachable by the router. Without any direct.
> >> >> >
> >> >> > Until one day we lose the bgp session, and we can ping the caches
> from the RS but not reachable . Once we set it as direct on the bird then
> all is fine.
> >> >> >
> >> >> > Question is why was it working before without direct ?? :=)
> >> >> >
> >> >> > Many thanks for your time!
> >> >> >
> >> >> > Have a great day all!
> >> >> >
> >> >> > Irene.
> >> >> >
> >> >> > On 23/03/2020 17:07, Fabiano D'Agostino wrote:
> >> >> >
> >> >> > Hi Bernd,
> >> >> > no, the routing "from the kernel" doesn

Re: Direct protocol affects BGP

2020-03-24 Thread Fabiano D'Agostino 
Yes, 'show route', is from Bird. I don't have route-reflector, but just two
routers which have a bgp session. Anyway, yes when direct is disabled, the
bgp session is established.

Il giorno mar 24 mar 2020 alle ore 21:45 Alexander Zubkov 
ha scritto:

> "show route" looks a little weird, is it from bird? There are also
> commonly a protocol and metric shown.
> Those are from your route-reflector? Do you have your bgp sessions up
> when direct is disabled?
>
> On Tue, Mar 24, 2020 at 9:33 PM Fabiano D'Agostino
>  wrote:
> >
> > Good evening Alexander,
> >
> > Direct protocol enabled:
> > 'route' command:
> > Destination Gateway GenmaskFlags Metric iface
> > 192.168.1.0  *255.255.255.0   U   0 enp0s3
> > 192.168.1.0  *255.255.255.0   U   32   enp0s3
> > 192.168.2.0  *255.255.255.0   U   0 enp0s8
> > 192.168.2.0  *255.255.255.0   U32  enp0s8
> > 192.168.4.0  *255.255.255.0   U32  enp0s8
> > 'show route' command:
> > 192.168.1.0/24 enp0s3
> > 192.168.2.0/24  enp0s8 via 192.168.2.22 on enp0s8
> > 192.168.4.0/24 via 192.168.2.22 on enp0s8
> >
> > Direct protocol disabled:
> > 'route' command:
> > Destination Gateway GenmaskFlags Metric iface
> > 192.168.1.0  *255.255.255.0   U   0 enp0s3
> > 192.168.2.0  *255.255.255.0   U   0 enp0s8
> > 'show route' command:
> > empty
> >
> > Thanks,
> >
> > Fabiano
> >
> > Il giorno mar 24 mar 2020 alle ore 21:00 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >>
> >> I think it would be easier if you showed your route tables in both
> cases.
> >>
> >> On Tue, Mar 24, 2020 at 8:57 AM Irene Lalioti 
> wrote:
> >> >
> >> > Hello guys!
> >> >
> >> > Just because today we encountered again the same issue with direct, I
> am very curious on this:
> >> >
> >> > I totally agree with what you guys explained about the need of the
> direct protocol. Once we set it then reachability works and all is ok.
> >> >
> >> > Our big question is why was it working before the moment it lost the
> BGP session?? In other words: the set up :
> >> >
> >> > RS - BGP session with the ROUTER - and behind the Router we have
> Caches.
> >> >
> >> > Before the router was announcing to the RS(BIRD v2.0.7) the caches
> and that they are reachable by the router. Without any direct.
> >> >
> >> > Until one day we lose the bgp session, and we can ping the caches
> from the RS but not reachable . Once we set it as direct on the bird then
> all is fine.
> >> >
> >> > Question is why was it working before without direct ?? :=)
> >> >
> >> > Many thanks for your time!
> >> >
> >> > Have a great day all!
> >> >
> >> > Irene.
> >> >
> >> > On 23/03/2020 17:07, Fabiano D'Agostino wrote:
> >> >
> >> > Hi Bernd,
> >> > no, the routing "from the kernel" doesn't come via 'learn yes', but
> via RIB, I mean if I do 'route' it shows the directly connected networks.
> The problem is that if I use the Direct protocol, the command 'route' shows
> me two same directly connected networks, one coming from RIB and the other
> one coming from Bird.
> >> > I tried protocol bgp { direct; }, but it doesn't change.
> >> >
> >> > Thanks,
> >> >
> >> > Fabiano
> >> >
> >> > Il giorno lun 23 mar 2020 alle ore 16:15 Bernd Naumann <
> b...@spreadshirt.net> ha scritto:
> >> >>
> >> >> On 23.03.20 16:01, Fabiano D'Agostino wrote:
> >> >> > Hi Benedikt,
> >> >> > I am just learning Bird and I didn't want to use the Direct
> protocol
> >> >> > because using it I have two same routes in the RIB for the directly
> >> >> > connected networks, one coming from the kernel and the second one
> coming
> >> >> > from the direct protocol.
> >> >>
> >> >>
> >> >> Is the routing "from the kernel" coming via `learn yes;`? If you
> have no
> >> >> need to import "alien" routes, you can disable `learn` and just use
> >> >> `direct` and `static` protocol. /* OR if you know that your neighbor
> is
> >> >> directly connected to you can also set 'direct' on the `protocol
> bgp`. */
> >> >>
> >> >> Bernd
> >> >>
> >> >>
> >> >
> >> > --
> >> > Irene Lalioti
> >> > Network Engineer
> >> > Fondation RESTENA
> >> > 2, avenue de l'Université
> >> > L-4365 Esch/Alzette
> >> >
> >> > Tel: +352 424409 1
> >> > Fax: +352 422473
>

Re: Direct protocol affects BGP

2020-03-24 Thread Fabiano D'Agostino 
Good evening Alexander,

Direct protocol enabled:
'route' command:
Destination Gateway GenmaskFlags Metric iface
192.168.1.0  *255.255.255.0   U   0 enp0s3
192.168.1.0  *255.255.255.0   U   32   enp0s3
192.168.2.0  *255.255.255.0   U   0 enp0s8
192.168.2.0  *255.255.255.0   U32  enp0s8
192.168.4.0  *255.255.255.0   U32  enp0s8
'show route' command:
192.168.1.0/24 enp0s3
192.168.2.0/24  enp0s8 via 192.168.2.22 on enp0s8
192.168.4.0/24 via 192.168.2.22 on enp0s8

Direct protocol disabled:
'route' command:
Destination Gateway GenmaskFlags Metric iface
192.168.1.0  *255.255.255.0   U   0 enp0s3
192.168.2.0  *255.255.255.0   U   0 enp0s8
'show route' command:
empty

Thanks,

Fabiano

Il giorno mar 24 mar 2020 alle ore 21:00 Alexander Zubkov 
ha scritto:

> I think it would be easier if you showed your route tables in both cases.
>
> On Tue, Mar 24, 2020 at 8:57 AM Irene Lalioti 
> wrote:
> >
> > Hello guys!
> >
> > Just because today we encountered again the same issue with direct, I am
> very curious on this:
> >
> > I totally agree with what you guys explained about the need of the
> direct protocol. Once we set it then reachability works and all is ok.
> >
> > Our big question is why was it working before the moment it lost the BGP
> session?? In other words: the set up :
> >
> > RS - BGP session with the ROUTER - and behind the Router we have Caches.
> >
> > Before the router was announcing to the RS(BIRD v2.0.7) the caches and
> that they are reachable by the router. Without any direct.
> >
> > Until one day we lose the bgp session, and we can ping the caches from
> the RS but not reachable . Once we set it as direct on the bird then all is
> fine.
> >
> > Question is why was it working before without direct ?? :=)
> >
> > Many thanks for your time!
> >
> > Have a great day all!
> >
> > Irene.
> >
> > On 23/03/2020 17:07, Fabiano D'Agostino wrote:
> >
> > Hi Bernd,
> > no, the routing "from the kernel" doesn't come via 'learn yes', but via
> RIB, I mean if I do 'route' it shows the directly connected networks. The
> problem is that if I use the Direct protocol, the command 'route' shows me
> two same directly connected networks, one coming from RIB and the other one
> coming from Bird.
> > I tried protocol bgp { direct; }, but it doesn't change.
> >
> > Thanks,
> >
> > Fabiano
> >
> > Il giorno lun 23 mar 2020 alle ore 16:15 Bernd Naumann <
> b...@spreadshirt.net> ha scritto:
> >>
> >> On 23.03.20 16:01, Fabiano D'Agostino wrote:
> >> > Hi Benedikt,
> >> > I am just learning Bird and I didn't want to use the Direct protocol
> >> > because using it I have two same routes in the RIB for the directly
> >> > connected networks, one coming from the kernel and the second one
> coming
> >> > from the direct protocol.
> >>
> >>
> >> Is the routing "from the kernel" coming via `learn yes;`? If you have no
> >> need to import "alien" routes, you can disable `learn` and just use
> >> `direct` and `static` protocol. /* OR if you know that your neighbor is
> >> directly connected to you can also set 'direct' on the `protocol bgp`.
> */
> >>
> >> Bernd
> >>
> >>
> >
> > --
> > Irene Lalioti
> > Network Engineer
> > Fondation RESTENA
> > 2, avenue de l'Université
> > L-4365 Esch/Alzette
> >
> > Tel: +352 424409 1
> > Fax: +352 422473
>

Re: Direct protocol affects BGP

2020-03-23 Thread Fabiano D'Agostino 
Hi Bernd,
no, the routing "from the kernel" doesn't come via 'learn yes', but via
RIB, I mean if I do 'route' it shows the directly connected networks. The
problem is that if I use the Direct protocol, the command 'route' shows me
two same directly connected networks, one coming from RIB and the other one
coming from Bird.
I tried protocol bgp { direct; }, but it doesn't change.

Thanks,

Fabiano

Il giorno lun 23 mar 2020 alle ore 16:15 Bernd Naumann 
ha scritto:

> On 23.03.20 16:01, Fabiano D'Agostino wrote:
> > Hi Benedikt,
> > I am just learning Bird and I didn't want to use the Direct protocol
> > because using it I have two same routes in the RIB for the directly
> > connected networks, one coming from the kernel and the second one coming
> > from the direct protocol.
>
>
> Is the routing "from the kernel" coming via `learn yes;`? If you have no
> need to import "alien" routes, you can disable `learn` and just use
> `direct` and `static` protocol. /* OR if you know that your neighbor is
> directly connected to you can also set 'direct' on the `protocol bgp`. */
>
> Bernd
>
>
>

Re: Direct protocol affects BGP

2020-03-23 Thread Fabiano D'Agostino 
Hi Benedikt,
I am just learning Bird and I didn't want to use the Direct protocol
because using it I have two same routes in the RIB for the directly
connected networks, one coming from the kernel and the second one coming
from the direct protocol.

Il giorno lun 23 mar 2020 alle ore 16:01 Fabiano D'Agostino <
fabiano.dagostin...@gmail.com> ha scritto:

> Hi Benedikt,
> I am just learning Bird and I didn't want to use the Direct protocol
> because using it I have two same routes in the RIB for the directly
> connected networks, one coming from the kernel and the second one coming
> from the direct protocol.
>
> Il giorno lun 23 mar 2020 alle ore 15:38 Benedikt Neuffer <
> benedikt.neuf...@kit.edu> ha scritto:
>
>> Hi Fabiano,
>>
>> that should be the reason. The TCP connection is done via RIB (kernel
>> routing table). In FIB (birds internal table) the route is currently
>> missing.
>> If you enable the direct protocol a route for  192.168.2.22 will be
>> appear in the FIB and the nexthop resolution will work.
>>
>> Is there a reason why you don't want to use the direct protocol?
>>
>> Regards,
>> Benedikt
>>
>> On 23.03.20 14:46, Fabiano D'Agostino wrote:
>> > Hi,
>> > thanks for helping,
>> > I did show route for 192.168.2.22 (which is my neighbor) table all all
>> > --> I get Network not found.
>> > show protocols: bgp established
>> > show protocol all bgp1: 0 imported, 0 exported
>> >
>> >
>> > Il giorno lun 23 mar 2020 alle ore 14:18 Benedikt Neuffer
>> > mailto:benedikt.neuf...@kit.edu>> ha
>> scritto:
>> >
>> > Hi Fabio,
>> >
>> > so the routes are in FIB (kernel) but maybe not in RIB (bird).bb
>> >
>> > Can you provide me the output of "show route for  table all
>> all"
>> > where  should be the prefix configured on the connection or
>> the
>> > ip address of the neighbor.
>> >
>> > Regards,
>> > Bene
>> >
>> > On 23.03.20 12:43, Fabiano D'Agostino wrote:
>> > > Hi Benedikt,
>> > > the nexthop is resolvable, indeed router1 can ping router2'nic in
>> the
>> > > same network of router1, with direct protocol disabled. The
>> > scenario is:
>> > > PCa - R1 - R2 - PCb
>> > > With direct protocol enabled and bgp working: PCa can ping PCb
>> > > With direct protocol disabled and bgp working: PCa can't ping PCb
>> > >
>> > >
>> > > Il giorno lun 23 mar 2020 alle ore 12:26 Benedikt Neuffer
>> > > mailto:benedikt.neuf...@kit.edu>
>> > <mailto:benedikt.neuf...@kit.edu <mailto:benedikt.neuf...@kit.edu
>> >>>
>> > ha scritto:
>> > >
>> > > Hi Fabio,
>> > >
>> > > the BGP nexthop field must be resolvable. In other words there
>> > must be a
>> > > route to the neighbor in RIB.
>> > >
>> > > Regards,
>> > > Bene
>> > >
>> > >
>> > > On 23.03.20 12:05, Fabiano D'Agostino wrote:
>> > > > Hi all,
>> > > > why if I disable the direct protocol the BGP routes are not
>> > > > imported/exported? If I run show route, it is empty, while
>> > if I enable
>> > > > the direct protocol show route has directly connected
>> routes and
>> > > BGP routes.
>> > > > My configuration is very easy, two routers make a eBGP
>> > peering and
>> > > they
>> > > > import and export all routes. I am using Bird 2.0.7.
>> > > >
>> > > > Thanks,
>> > > >
>> > > > Fabiano
>> > >
>> > >
>> > > --
>> > > Karlsruher Institut für Technologie (KIT)
>> > > Steinbuch Centre for Computing (SCC)
>> > >
>> > > Benedikt Neuffer
>> > > Netze und Telekommunikation (NET)
>> > >
>> > > Hermann-von-Helmholtz-Platz 1
>> > > Gebäude 442
>> > > Raum 185
>> > > 76344 Eggenstein-Leopoldshafen
>> > >
>> > > Telefon: +49 721 608-24502
>&g

Re: Direct protocol affects BGP

2020-03-23 Thread Fabiano D'Agostino 
Hi,
thanks for helping,
I did show route for 192.168.2.22 (which is my neighbor) table all all -->
I get Network not found.
show protocols: bgp established
show protocol all bgp1: 0 imported, 0 exported


Il giorno lun 23 mar 2020 alle ore 14:18 Benedikt Neuffer <
benedikt.neuf...@kit.edu> ha scritto:

> Hi Fabio,
>
> so the routes are in FIB (kernel) but maybe not in RIB (bird).
>
> Can you provide me the output of "show route for  table all all"
> where  should be the prefix configured on the connection or the
> ip address of the neighbor.
>
> Regards,
> Bene
>
> On 23.03.20 12:43, Fabiano D'Agostino wrote:
> > Hi Benedikt,
> > the nexthop is resolvable, indeed router1 can ping router2'nic in the
> > same network of router1, with direct protocol disabled. The scenario is:
> > PCa - R1 - R2 - PCb
> > With direct protocol enabled and bgp working: PCa can ping PCb
> > With direct protocol disabled and bgp working: PCa can't ping PCb
> >
> >
> > Il giorno lun 23 mar 2020 alle ore 12:26 Benedikt Neuffer
> > mailto:benedikt.neuf...@kit.edu>> ha scritto:
> >
> > Hi Fabio,
> >
> > the BGP nexthop field must be resolvable. In other words there must
> be a
> > route to the neighbor in RIB.
> >
> > Regards,
> > Bene
> >
> >
> > On 23.03.20 12:05, Fabiano D'Agostino wrote:
> > > Hi all,
> > > why if I disable the direct protocol the BGP routes are not
> > > imported/exported? If I run show route, it is empty, while if I
> enable
> > > the direct protocol show route has directly connected routes and
> > BGP routes.
> > > My configuration is very easy, two routers make a eBGP peering and
> > they
> > > import and export all routes. I am using Bird 2.0.7.
> > >
> > > Thanks,
> > >
> > > Fabiano
> >
> >
> > --
> > Karlsruher Institut für Technologie (KIT)
> > Steinbuch Centre for Computing (SCC)
> >
> > Benedikt Neuffer
> > Netze und Telekommunikation (NET)
> >
> > Hermann-von-Helmholtz-Platz 1
> > Gebäude 442
> > Raum 185
> > 76344 Eggenstein-Leopoldshafen
> >
> > Telefon: +49 721 608-24502
> > Fax: +49 721 608-47763
> > E-Mail: benedikt.neuf...@kit.edu <mailto:benedikt.neuf...@kit.edu>
> > Web: https://www.scc.kit.edu
> >
> >
> >
> > Sitz der Körperschaft:
> > Kaiserstraße 12, 76131 Karlsruhe
> >
> >
> >
> > KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
> >
> >
> >
> > Signaturversion: 19.1.0 beta
> >
>
>
> --
> Karlsruher Institut für Technologie (KIT)
> Steinbuch Centre for Computing (SCC)
>
> Benedikt Neuffer
> Netze und Telekommunikation (NET)
>
> Hermann-von-Helmholtz-Platz 1
> Gebäude 442
> Raum 185
> 76344 Eggenstein-Leopoldshafen
>
> Telefon: +49 721 608-24502
> Fax: +49 721 608-47763
> E-Mail: benedikt.neuf...@kit.edu
> Web: https://www.scc.kit.edu
>
>
>
> Sitz der Körperschaft:
> Kaiserstraße 12, 76131 Karlsruhe
>
>
>
> KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
>
>
>
> Signaturversion: 19.1.0 beta
>
>

Direct protocol affects BGP

2020-03-23 Thread Fabiano D'Agostino 
Hi all,
why if I disable the direct protocol the BGP routes are not
imported/exported? If I run show route, it is empty, while if I enable the
direct protocol show route has directly connected routes and BGP routes.
My configuration is very easy, two routers make a eBGP peering and they
import and export all routes. I am using Bird 2.0.7.

Thanks,

Fabiano

Re: Proper way to start Bird

2020-03-22 Thread Fabiano D'Agostino 
Yes, but how can I do that command if when I try to connect to birdc I get
the error above?

Il Dom 22 Mar 2020, 09:18 Alexander Zubkov  ha scritto:

> It is right there in the documentation:
> https://bird.network.cz/?get_doc=20=bird-4.html#cli-down
>
> down
> Shut BIRD down.
>
> On Sat, Mar 21, 2020 at 11:49 PM Fabiano D'Agostino
>  wrote:
> >
> > I am using Bird 2.0.7 and I didn't find any way to stop the process, I
> mean I didn't find any command
> >
> > Il giorno sab 21 mar 2020 alle ore 22:28 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >>
> >> You can send it a command to shut down itself, or you can send some
> >> signals to the process kill TERM or even KILL.
> >>
> >> On Sat, Mar 21, 2020 at 8:43 PM Fabiano D'Agostino
> >>  wrote:
> >> >
> >> > Good evening Alexander,
> >> > the directory exists, how can I stop the other bird process?
> >> >
> >> > Il giorno sab 21 mar 2020 alle ore 20:00 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >> >>
> >> >> Hello,
> >> >>
> >> >> You probably have another bird process running already. Also ensure
> >> >> that /usr/local/var/run/ exists with proper permissions.
> >> >>
> >> >> On Sat, Mar 21, 2020 at 7:31 PM Fabiano D'Agostino
> >> >>  wrote:
> >> >> >
> >> >> > According to the documentation the socket is in
> prefix/var/run/bird.ctl
> >> >> > Anyway if I run bird I get this error:Cannot create control socket
> Address already in use
> >> >> >
> >> >> > Il giorno sab 21 mar 2020 alle ore 15:35 Fabiano D'Agostino <
> fabiano.dagostin...@gmail.com> ha scritto:
> >> >> >>
> >> >> >> Hi Martin,
> >> >> >> my socket is at /usr/local/var/run/. I am running bird on a VM,
> the first time I run Bird it worked, but then I reboot my VM and now I get
> this error..
> >> >> >>
> >> >> >> Thanks,
> >> >> >>
> >> >> >> Il giorno sab 21 mar 2020 alle ore 15:28 Martin Weinelt <
> mar...@darmstadt.freifunk.net> ha scritto:
> >> >> >>>
> >> >> >>> Hi Fabiano,
> >> >> >>>
> >> >> >>> you need to specify the correct path your the control socket via
> `birdc
> >> >> >>> -s `. You apparently built your bird with
> PREFIX=/usr/local but
> >> >> >>> the control socket is not there. Have you checked whether it is
> at
> >> >> >>> `/run/bird.ctl` instead?
> >> >> >>>
> >> >> >>> Best,
> >> >> >>>
> >> >> >>> Martin
> >> >> >>>
> >> >> >>> On 3/21/20 2:59 PM, Fabiano D'Agostino wrote:
> >> >> >>> > Hi all,
> >> >> >>> > which is the proper way to start Bird?
> >> >> >>> > I edited the bird.conf and now I am getting this error when I
> lunch birdc:
> >> >> >>> > Unable to connect to server control socket
> >> >> >>> > (/usr/local/var/run/bird.ctl): Connection refused
> >> >> >>> > I also did bird -p
> >> >> >>> >
> >> >> >>> > Thanks,
> >> >> >>> >
> >> >> >>> > Fabiano
> >> >> >>>
>

Re: Proper way to start Bird

2020-03-21 Thread Fabiano D'Agostino 
Good evening Alexander,
the directory exists, how can I stop the other bird process?

Il giorno sab 21 mar 2020 alle ore 20:00 Alexander Zubkov 
ha scritto:

> Hello,
>
> You probably have another bird process running already. Also ensure
> that /usr/local/var/run/ exists with proper permissions.
>
> On Sat, Mar 21, 2020 at 7:31 PM Fabiano D'Agostino
>  wrote:
> >
> > According to the documentation the socket is in  prefix/var/run/bird.ctl
> > Anyway if I run bird I get this error:Cannot create control socket
> Address already in use
> >
> > Il giorno sab 21 mar 2020 alle ore 15:35 Fabiano D'Agostino <
> fabiano.dagostin...@gmail.com> ha scritto:
> >>
> >> Hi Martin,
> >> my socket is at /usr/local/var/run/. I am running bird on a VM, the
> first time I run Bird it worked, but then I reboot my VM and now I get this
> error..
> >>
> >> Thanks,
> >>
> >> Il giorno sab 21 mar 2020 alle ore 15:28 Martin Weinelt <
> mar...@darmstadt.freifunk.net> ha scritto:
> >>>
> >>> Hi Fabiano,
> >>>
> >>> you need to specify the correct path your the control socket via `birdc
> >>> -s `. You apparently built your bird with PREFIX=/usr/local but
> >>> the control socket is not there. Have you checked whether it is at
> >>> `/run/bird.ctl` instead?
> >>>
> >>> Best,
> >>>
> >>> Martin
> >>>
> >>> On 3/21/20 2:59 PM, Fabiano D'Agostino wrote:
> >>> > Hi all,
> >>> > which is the proper way to start Bird?
> >>> > I edited the bird.conf and now I am getting this error when I lunch
> birdc:
> >>> > Unable to connect to server control socket
> >>> > (/usr/local/var/run/bird.ctl): Connection refused
> >>> > I also did bird -p
> >>> >
> >>> > Thanks,
> >>> >
> >>> > Fabiano
> >>>
>

Re: Proper way to start Bird

2020-03-21 Thread Fabiano D'Agostino 
According to the documentation the socket is in  *prefix*/var/run/bird.ctl
Anyway if I run bird I get this error:Cannot create control socket Address
already in use

Il giorno sab 21 mar 2020 alle ore 15:35 Fabiano D'Agostino <
fabiano.dagostin...@gmail.com> ha scritto:

> Hi Martin,
> my socket is at /usr/local/var/run/. I am running bird on a VM, the first
> time I run Bird it worked, but then I reboot my VM and now I get this
> error..
>
> Thanks,
>
> Il giorno sab 21 mar 2020 alle ore 15:28 Martin Weinelt <
> mar...@darmstadt.freifunk.net> ha scritto:
>
>> Hi Fabiano,
>>
>> you need to specify the correct path your the control socket via `birdc
>> -s `. You apparently built your bird with PREFIX=/usr/local but
>> the control socket is not there. Have you checked whether it is at
>> `/run/bird.ctl` instead?
>>
>> Best,
>>
>> Martin
>>
>> On 3/21/20 2:59 PM, Fabiano D'Agostino wrote:
>> > Hi all,
>> > which is the proper way to start Bird?
>> > I edited the bird.conf and now I am getting this error when I lunch
>> birdc:
>> > Unable to connect to server control socket
>> > (/usr/local/var/run/bird.ctl): Connection refused
>> > I also did bird -p
>> >
>> > Thanks,
>> >
>> > Fabiano
>>
>>

Re: Proper way to start Bird

2020-03-21 Thread Fabiano D'Agostino 
Hi Martin,
my socket is at /usr/local/var/run/. I am running bird on a VM, the first
time I run Bird it worked, but then I reboot my VM and now I get this
error..

Thanks,

Il giorno sab 21 mar 2020 alle ore 15:28 Martin Weinelt <
mar...@darmstadt.freifunk.net> ha scritto:

> Hi Fabiano,
>
> you need to specify the correct path your the control socket via `birdc
> -s `. You apparently built your bird with PREFIX=/usr/local but
> the control socket is not there. Have you checked whether it is at
> `/run/bird.ctl` instead?
>
> Best,
>
> Martin
>
> On 3/21/20 2:59 PM, Fabiano D'Agostino wrote:
> > Hi all,
> > which is the proper way to start Bird?
> > I edited the bird.conf and now I am getting this error when I lunch
> birdc:
> > Unable to connect to server control socket
> > (/usr/local/var/run/bird.ctl): Connection refused
> > I also did bird -p
> >
> > Thanks,
> >
> > Fabiano
>
>

Proper way to start Bird

2020-03-21 Thread Fabiano D'Agostino 
Hi all,
which is the proper way to start Bird?
I edited the bird.conf and now I am getting this error when I lunch birdc:
Unable to connect to server control socket (/usr/local/var/run/bird.ctl):
Connection refused
I also did bird -p

Thanks,

Fabiano

Re: BGP between VMs

2020-03-20 Thread Fabiano D'Agostino 
Hi all,
thank you for helping, but so I have to set up an entire network lab using
LXC and OpenvSwitch? Otherwise, how can I set up a router, AS number and
prefixes that a router wants to announce inside a VM?

Fabiano

Il giorno ven 20 mar 2020 alle ore 09:40 Md Alamgir Kabir <
kabirra...@gmail.com> ha scritto:

> Hi all
> You are really doing good research, which of course can be fixed between
> two VMs. You can also do different IPs and ASN in the same block. Again, if
> the IP and separate ASN of a different block can be done.
>
>
> [image: image.png]
>
> [image: image.png]
> With Kinds Regards
> --
> *Md Alamgir Kabi*r
>
>
>
> On Fri, Mar 20, 2020 at 3:31 AM Fabiano D'Agostino <
> fabiano.dagostin...@gmail.com> wrote:
>
>> Hi all,
>> I am new to Bird and I would like to do the following. I have two VMs and
>> I would like to make a BGP peering between the two VMs, is it possible
>> using Bird?
>>
>> Thanks in advance,
>>
>> Fabiano
>>
>

Re: BGP between VMs

2020-03-20 Thread Fabiano D'Agostino 
Hi Kees,
thanks for helping me, as I told I am new to Bird, so I directly installed
the latest version 2.07.

Fabiano

Il giorno ven 20 mar 2020 alle ore 08:41 Kees Meijs  ha
scritto:

> Hi Fabiano,
>
> Not sure if someone (or some documentation) already pointed out this
> guide: https://github.com/knorrie/network-examples/tree/master/bgp-intro
>
> The guide uses BIRD 1.4.5 but I guess as long as you're not using BIRD2
> you should be fine while taking your first steps.
>
> In mean time, you could (and should) migrate your production configuration
> towards BIRD2.
>
> Cheers,
> Kees
>
> On 20-03-2020 08:25, Fabiano D'Agostino wrote:
>
> Hi,
> thanks everyone, I read the guide, but I didn't find how to put the two
> VMs in two different ASs.
>
> Il giorno ven 20 mar 2020 alle ore 02:43 Robert Blayzor <
> rblayzor.b...@inoc.net> ha scritto:
>
>> On 3/19/20 7:11 PM, Chriztoffer Hansen wrote:
>> > EBGP between two bgp speakers (eg. VMs) is rule of thumb done using
>> > interfaces on each ebgp speaker in a shared L2 domain, with ip addresses
>> > on each interface in a shared subnet, eg. Ipv4 /30, /31, IPv6 /64, /126,
>> > /127.
>> > If both VMs are on the same hypervisor. A virtual L2 network between VM
>> > interfaces is the easiest option to get going. 
>> >
>>
>> There is no same subnet/L2 adjacency requirement for EBGP peering, only
>> that the two peers are reachable to each other.
>>
>> --
>> inoc.net!rblayzor
>> XMPP: rblayzor.AT.inoc.net
>> PGP:  https://pgp.inoc.net/rblayzor/
>>
>
>

Re: BGP between VMs

2020-03-20 Thread Fabiano D'Agostino 
Hi,
thanks everyone, I read the guide, but I didn't find how to put the two VMs
in two different ASs.

Il giorno ven 20 mar 2020 alle ore 02:43 Robert Blayzor <
rblayzor.b...@inoc.net> ha scritto:

> On 3/19/20 7:11 PM, Chriztoffer Hansen wrote:
> > EBGP between two bgp speakers (eg. VMs) is rule of thumb done using
> > interfaces on each ebgp speaker in a shared L2 domain, with ip addresses
> > on each interface in a shared subnet, eg. Ipv4 /30, /31, IPv6 /64, /126,
> > /127.
> > If both VMs are on the same hypervisor. A virtual L2 network between VM
> > interfaces is the easiest option to get going. 
> >
>
> There is no same subnet/L2 adjacency requirement for EBGP peering, only
> that the two peers are reachable to each other.
>
> --
> inoc.net!rblayzor
> XMPP: rblayzor.AT.inoc.net
> PGP:  https://pgp.inoc.net/rblayzor/
>

Re: BGP between VMs

2020-03-19 Thread Fabiano D'Agostino 
Hi Mattia,
thanks for answering, but should I create a sort of virtual network? I mean
each VM has its own AS number and router and the two routers make a BGP
peering, how can I do it?

Il giorno gio 19 mar 2020 alle ore 22:56 
ha scritto:

> Hello,
>
> I confirm, it’s possible and to do it you must put the two VM interfaces
> in the same subnetwork.
> A /30 subnetwork is sufficient.
>
> After that you have to configure in the correct way the two bird daemons.
>
> For the config file you have to refer to the guide on the bird website,
> and for the peering relationship I can suggest you to read the
> documentation example about bgp filtering (easily accessible from gitlab).
>
> Mattia
>
> > Il giorno 19 mar 2020, alle ore 22:38, Fabiano D'Agostino <
> fabiano.dagostin...@gmail.com> ha scritto:
> >
> > 
> > Hi all,
> > I am new to Bird and I would like to do the following. I have two VMs
> and I would like to make a BGP peering between the two VMs, is it possible
> using Bird?
> >
> > Thanks in advance,
> >
> > Fabiano
>

Re: BGP between VMs

2020-03-19 Thread Fabiano D'Agostino 
Good evening Alexander,
thanks for answering, could you give me some hints of how to do it?

Il giorno gio 19 mar 2020 alle ore 22:37 Alexander Zubkov 
ha scritto:

> Hi,
>
> Yes, it is possible.
>
> On Thu, Mar 19, 2020 at 10:34 PM Fabiano D'Agostino
>  wrote:
> >
> > Hi all,
> > I am new to Bird and I would like to do the following. I have two VMs
> and I would like to make a BGP peering between the two VMs, is it possible
> using Bird?
> >
> > Thanks in advance,
> >
> > Fabiano
>

BGP between VMs

2020-03-19 Thread Fabiano D'Agostino 
Hi all,
I am new to Bird and I would like to do the following. I have two VMs and I
would like to make a BGP peering between the two VMs, is it possible using
Bird?

Thanks in advance,

Fabiano