subject:"Bgpd multipath conf"

Re: Bgpd multipath conf

2024-05-22 Thread Marco Agostani

In the end I found out a way to  manage mutipath.
Outside the bgpd daemon.
Basically I evaluate the bgp peer status from ifstated rules and I 
install/remove static multipath route on variation.
The first test seem promising.
In the end I can even manage carp based on peer availabilty with this approach.

If someone is interested in conf I can post as well as soon as I finish my test 
base.

Cheers
M.

Caterpillar: Confidential Green
-Original Message-
From: Benjamin Raskin 
Sent: Thursday, May 16, 2024 3:47 PM
To: Stuart Henderson ; Marco Agostani 

Cc: misc@openbsd.org
Subject: Re: Bgpd multipath conf

CAUTION: EXTERNAL EMAIL  This is a message from raskinbenjam...@gmail.com.  Use 
caution when opening unexpected emails and do not click on links or attachments 
from unknown senders. For more resources, visit security.cat.com/phishing.

__
I'm working on something similar right now for bgpd, where any connected /128 
ipv6 address will be announced over bgp.

For example if the router is connected to an adjacent host that has assigned 
itself an address through slaac such that the router has an entry for that 
particular host in the routing table, then the router will announce the host's 
/128 address.

On Thu, May 16, 2024 at 6:24 AM Stuart Henderson  
wrote:
>
> On 2024-05-16, Marco Agostani  wrote:
> > Ok so in the end is there a way to install more then one route in the 
> > kernel table through bgpd or not ?
>
> No. That is what "bgpd ... does not handle adding multiple paths for
> the same prefix to the FIB" means. (FIB = "forwarding information
> base" = kernel route table)
>
> > And if it's something that could be done in the future ?
>
> could? sure, if someone were to write the code to support it.
>
> I don't think it will be a particularly easy thing to do though.
>
>
> --
> Please keep replies on the mailing list.
>

Re: Bgpd multipath conf

2024-05-16 Thread Benjamin Raskin

I'm working on something similar right now for bgpd, where any
connected /128 ipv6 address will be announced over bgp.

For example if the router is connected to an adjacent host that
has assigned itself an address through slaac such that the router
has an entry for that particular host in the routing table, then the
router will announce the host's /128 address.

On Thu, May 16, 2024 at 6:24 AM Stuart Henderson
 wrote:
>
> On 2024-05-16, Marco Agostani  wrote:
> > Ok so in the end is there a way to install more then one route in the 
> > kernel table through bgpd or not ?
>
> No. That is what "bgpd ... does not handle adding multiple paths for the
> same prefix to the FIB" means. (FIB = "forwarding information base" =
> kernel route table)
>
> > And if it's something that could be done in the future ?
>
> could? sure, if someone were to write the code to support it.
>
> I don't think it will be a particularly easy thing to do though.
>
>
> --
> Please keep replies on the mailing list.
>

Re: Bgpd multipath conf

2024-05-16 Thread Marco Agostani



>> Ok so in the end is there a way to install more then one route in the kernel 
>> table through bgpd or not ?

>No. That is what "bgpd ... does not handle adding multiple paths for the same 
>prefix to the FIB" means. (FIB = "forwarding information base" = kernel route 
>table)

Ok so the only  thing is having a 3 routers instead of one.
Two speaking ebgp   and the third speaking ospf with them  or static multipath 
in order to send load balanced traffic .

>> And if it's something that could be done in the future ?

>could? sure, if someone were to write the code to support it.

>I don't think it will be a particularly easy thing to do though.

Yeah, probably not me ☹.

Anyway tks a lot for your answer .

Cheers
Marco

--
Please keep replies on the mailing list.


Caterpillar: Confidential Green

Re: Bgpd multipath conf

2024-05-16 Thread Stuart Henderson

On 2024-05-16, Marco Agostani  wrote:
> Ok so in the end is there a way to install more then one route in the kernel 
> table through bgpd or not ?

No. That is what "bgpd ... does not handle adding multiple paths for the
same prefix to the FIB" means. (FIB = "forwarding information base" =
kernel route table)

> And if it's something that could be done in the future ?

could? sure, if someone were to write the code to support it.

I don't think it will be a particularly easy thing to do though.

-- 
Please keep replies on the mailing list.

Re: Bgpd multipath conf

2024-05-16 Thread Marco Agostani

Ok so in the end is there a way to install more then one route in the kernel 
table through bgpd or not ?
And if it's something that could be done in the future ?

Cheers
Marco




Caterpillar: Confidential Green
-Original Message-
From: Stuart Henderson 
Sent: Wednesday, May 15, 2024 8:26 AM
To: misc@openbsd.org
Subject: Re: Bgpd multipath conf

CAUTION: EXTERNAL EMAIL  This is a message from owner-m...@openbsd.org.  Use 
caution when opening unexpected emails and do not click on links or attachments 
from unknown senders. For more resources, visit security.cat.com/phishing.

__
On 2024-05-14, Marco Agostani  wrote:
> I try to setup an openbgpd setup involving multipath configuration
> ...with = no success.
...
>   neighbor $GW01 {
>  descr "bgp#1"
>  announce IPv4 unicast
>  announce add-path recv yes
>  set localpref 110
>   }

This just announces the add-path BGP capability.

> #bgpctl sh rib
> https://urldefense.com/v3/__http://172.18.180.0/24__;!!FtR4BK4x7WL3xYs
> !6DAqIASIWdakyXeDyLwAsmIOK4cM3WJigBhTBEZwFP2QSx-N8iqQRQKGfW0L4XpCyVGG2
> 7Pi4GFOtJXl9T8K7jGv49b5Fz40$
>
> flags: * =3D Valid, > =3D Selected, I =3D via IBGP, A =3D Announced,
>S =3D Stale, E =3D Error
> origin validation state: N =3D not-found, V =3D valid, ! =3D invalid
> aspa validation state: ? =3D unknown, V =3D valid, ! =3D invalid
> origin: i =3D IGP, e =3D EGP, ? =3D Incomplete
>
> flags  vs destination  gateway  lpref   med aspath origin
> *>N-? 
> https://urldefense.com/v3/__http://172.18.180.0/24__;!!FtR4BK4x7WL3xYs!6DAqIASIWdakyXeDyLwAsmIOK4cM3WJigBhTBEZwFP2QSx-N8iqQRQKGfW0L4XpCyVGG27Pi4GFOtJXl9T8K7jGv49b5Fz40$
>
> https://urldefense.com/v3/__http://10.0.1.241__;!!FtR4BK4x7WL3xYs!6DAqIASIWdakyXeDyLwAsmIOK4cM3WJigBhTBEZwFP2QSx-N8iqQRQKGfW0L4XpCyVGG27Pi4GFOtJXl9T8K7jGv41J-7V7w$
>  110 0 14381 i
> *mN-? 
> https://urldefense.com/v3/__http://172.18.180.0/24__;!!FtR4BK4x7WL3xYs!6DAqIASIWdakyXeDyLwAsmIOK4cM3WJigBhTBEZwFP2QSx-N8iqQRQKGfW0L4XpCyVGG27Pi4GFOtJXl9T8K7jGv49b5Fz40$
>
> https://urldefense.com/v3/__http://10.0.1.245__;!!FtR4BK4x7WL3xYs!6DAqIASIWdakyXeDyLwAsmIOK4cM3WJigBhTBEZwFP2QSx-N8iqQRQKGfW0L4XpCyVGG27Pi4GFOtJXl9T8K7jGv48_2TUKx$
>  110 0 14381 i
>
> Show me two routes one marked with multipath
>
> But in fib I see only one route
>
> #bgpctl sh fib
> https://urldefense.com/v3/__http://172.18.180.0/24__;!!FtR4BK4x7WL3xYs
> !6DAqIASIWdakyXeDyLwAsmIOK4cM3WJigBhTBEZwFP2QSx-N8iqQRQKGfW0L4XpCyVGG2
> 7Pi4GFOtJXl9T8K7jGv49b5Fz40$
>
> flags: B =3D BGP, C =3D Connected, S =3D Static
>N =3D BGP Nexthop reachable via this route
>r =3D reject route, b =3D blackhole route
> flags prio destination  gateway
> B   48 
> https://urldefense.com/v3/__http://172.18.180.0/24__;!!FtR4BK4x7WL3xYs!6DAqIASIWdakyXeDyLwAsmIOK4cM3WJigBhTBEZwFP2QSx-N8iqQRQKGfW0L4XpCyVGG27Pi4GFOtJXl9T8K7jGv49b5Fz40$
>
> https://urldefense.com/v3/__http://10.0.1.241__;!!FtR4BK4x7WL3xYs!6DAqIASIWdakyXeDyLwAsmIOK4cM3WJigBhTBEZwFP2QSx-N8iqQRQKGfW0L4XpCyVGG27Pi4GFOtJXl9T8K7jGv41J-7V7w$
...
> What I miss here ??

bgpd does allow add-path and having multiple paths to a prefix in the RIB (e.g. 
perhaps useful on a route-server) but it does not handle adding multiple paths 
for the same prefix to the FIB.

Re: Bgpd multipath conf

2024-05-14 Thread Stuart Henderson

On 2024-05-14, Marco Agostani  wrote:
> I try to setup an openbgpd setup involving multipath configuration ...with =
> no success.
...
>   neighbor $GW01 {
>  descr "bgp#1"
>  announce IPv4 unicast
>  announce add-path recv yes
>  set localpref 110
>   }

This just announces the add-path BGP capability.

> #bgpctl sh rib 172.18.180.0/24
>
> flags: * =3D Valid, > =3D Selected, I =3D via IBGP, A =3D Announced,
>S =3D Stale, E =3D Error
> origin validation state: N =3D not-found, V =3D valid, ! =3D invalid
> aspa validation state: ? =3D unknown, V =3D valid, ! =3D invalid
> origin: i =3D IGP, e =3D EGP, ? =3D Incomplete
>
> flags  vs destination  gateway  lpref   med aspath origin
> *>N-? 172.18.180.0/24  10.0.1.241110 0 14381 i
> *mN-? 172.18.180.0/24  10.0.1.245110 0 14381 i
>
> Show me two routes one marked with multipath
>
> But in fib I see only one route
>
> #bgpctl sh fib 172.18.180.0/24
>
> flags: B =3D BGP, C =3D Connected, S =3D Static
>N =3D BGP Nexthop reachable via this route
>r =3D reject route, b =3D blackhole route
> flags prio destination  gateway
> B   48 172.18.180.0/24  10.0.1.241
...
> What I miss here ??

bgpd does allow add-path and having multiple paths to a prefix in the
RIB (e.g. perhaps useful on a route-server) but it does not handle
adding multiple paths for the same prefix to the FIB.

Bgpd multipath conf

2024-05-14 Thread Marco Agostani

Hello guys,
I try to setup an openbgpd setup involving multipath configuration ...with no 
success.


My bgpd.conf  is like that



prefix-set privnetworks {
10.55.0.0/16
10.60.0.0/16
172.16.0.0/12
}

log updates
network 10.240.0.0/16

group "eBGP" {
  remote-as $AS1
  neighbor $GW01 {
 descr "bgp#1"
 announce IPv4 unicast
 announce add-path recv yes
 set localpref 110
  }

  neighbor $GW02 {
 descr "bgp#2"
 announce IPv4 unicast
 announce add-path recv yes
 set localpref 110
  }
}

match from any community GRACEFUL_SHUTDOWN set { localpref 0 }
deny quick from group eBGP prefix 0.0.0.0/0
Deny out internal route
deny quick from group eBGP prefix 10.240.0.0/16 or-longer
##allow private
allow quick from group eBGP prefix-set privnetworks or-longer set rtlabel 
PRIVNET

allow quick to group eBGP prefix 10.240.0.0/16
deny quick from any

#bgpctl sh rib 172.18.180.0/24

flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
   S = Stale, E = Error
origin validation state: N = not-found, V = valid, ! = invalid
aspa validation state: ? = unknown, V = valid, ! = invalid
origin: i = IGP, e = EGP, ? = Incomplete

flags  vs destination  gateway  lpref   med aspath origin
*>N-? 172.18.180.0/24  10.0.1.241110 0 14381 i
*mN-? 172.18.180.0/24  10.0.1.245110 0 14381 i

Show me two routes one marked with multipath

But in fib I see only one route

#bgpctl sh fib 172.18.180.0/24

flags: B = BGP, C = Connected, S = Static
   N = BGP Nexthop reachable via this route
   r = reject route, b = blackhole route
flags prio destination  gateway
B   48 172.18.180.0/24  10.0.1.241

Confirmed by route

#route -n get 172.18.180.0/24
   route to: 172.18.180.0
destination: 172.18.180.0
   mask: 255.255.255.0
gateway: 10.0.1.241
  interface: sec7130
if address: 10.0.1.242
   priority: 48 (bgp)
  flags: 
  label: PRIVNET
 use   mtuexpire
   0 0 0
sockaddrs: 

Multipath is enabled

# sysctl net.inet.ip.multipath
net.inet.ip.multipath=1

and static routes with -mpath option are setup correctly

What I miss here ??

Cheers
Marco




Caterpillar: Confidential Green

Re: Bgpd multipath conf

Re: Bgpd multipath conf

Re: Bgpd multipath conf

Re: Bgpd multipath conf

Re: Bgpd multipath conf

Re: Bgpd multipath conf

Bgpd multipath conf

7 matches

Site Navigation

Mail list logo

Footer information