Hi, I'm glad to hear you have it working now.
Since you are exporting your aggregate (/21) via a static route to your loopback interface, you don't have to assign the entire /21 to eth1. You can segment it in whatever way you choose as it will still always be exported as a /21 based on your existing policy. Basically, you can set whatever IP and prefix length you want on your eth1 as long as it is a valid part of your /21 aggregate prefix. Thank you, Robyn Poh Yong Hwang wrote: > Hi all, > > Sorry for getting back so late as I am tied up with some other > stuffs.. Thanks for all the advice and my upstream managed to see my > prefix. Seems that changing the next hop to my eth0 public ip address > did the trick. > > Now as my eth0 is connected to my upstream, what IP address should I > set on my eth1? It will be connected to a layer 3 switch (core switch) > which all our servers will be connected to that switch. I have a /21 > range of ip addresses, so should I just use the first ip to set on > eth1? What prefix-length should I set on that as well? > > Please advise. > > Thanks! > > > > On Dec 20, 2007 1:52 AM, Robyn Orosz <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > Hi There, > > The next-hop value is providing the peer with the next-hop value > to use > for the advertised prefixes from your router. So, the next-hop should > be an address on your router. It looks correct based on your edited > configuration file. > > If you run a 'show bgp peers' it will show you whether or not your > session is established with your peer. If it's not established, that > would be one reason why the ISP claims they did not receive a prefix > advertisement from you. First off, verify your configuration is > correct > (IPs, ASNs etc). Then you can run a tshark on eth0 (your BGP peering > interface) on port 179 (tshark -i eth0 port 179 -Vn) to take a > look at > the BGP packets and also take a look at the logs 'show log.' > > If your session is established, make sure the route you are > advertising > with your policy exists in the routing table and matches the > prefix in > the policy. You can check the route by running a 'show route protocol > static.' You must see the static route that you've pointed to your > loopback interface in the table. If it's not there, verify your > configuration etc. > > If it is there, make sure the prefix in your policy matches the route > exactly. If it does not match, it won't be advertised. > > If all of the above are correct, take a look at 'show bgp route' and > make sure you see your advertised prefix in the output. If it's there > then your ISP is probably rejecting your advertisement. They need to > add your prefix to their prefix list. ISPs forget to add their > customer's prefixes to their prefix lists all the time. > > The loopback address for the BGP ID won't hurt anything but Ahsan is > correct that for eBGP peering with external public peers, you should > probably set your BGP ID to your public IP on eth0. > > Thanks! and I hope this helps. > > -Robyn > > Ahsan Khan wrote: > > Hi, > > > > I think your nexthop IP should be your ISP IP address and > not your > > own. Also check with your ISP if they can confirm about BGP session > > establishment, Most router like Juniper, Cisco can explain a lot > in their > > output the reasons if the session is not established. > > > > Also loopback IP is normally used in BGP if you have multiple > interfaces > > connected to same ISP, or you are using some other complex > configuration. I > > would use interface IP connected to ISP to avoid routing issues > etc. > > > > Thanks. > > > > Ahsan Khan > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > [mailto:[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>] On Behalf Of Poh > Yong Hwang > > Sent: Tuesday, December 18, 2007 11:20 PM > > To: Justin Fletcher > > Cc: vyatta-users > > Subject: Re: [Vyatta-users] Advises on configuring BGP > > > > Hi, > > > > Thanks. I just could not traceroute to the router and according > to my > > peering upstream, they mention that they did not receive any of > my prefix > > announcement. > > > > Basically i just want to do a simple setup at this moment with > one box > > running Vyatta and eth0 is link to one of our upstream provider > which we > > want to peer with. I have my ASN number as well as a /21 range > of IP > > addresses to announce. Here is my configuration: > > > > loopback ip : 10.0.0.65 <http://10.0.0.65> > > My ASN : 100 > > My IP Range : XX.XX.XX.XX/21 > > > > Upstream Route IP : a.b.c.d > > Customer Interface IP : c.d.e.f > > Upstream ASN : 200 > > > > protocols { > > bgp { > > bgp-id: 10.0.0.65 <http://10.0.0.65> > > local-as: 100 > > import: "" > > export: "BGP_EXPORT" > > peer " a.b.c.d" { > > import: "" > > export: "" > > multihop: 1 > > peer-port: 179 > > local-port: 179 > > local-ip: c.d.e.f > > as: 9989 > > next-hop: c.d.e.f > > holdtime: 90 > > delay-open-time: 0 > > client: false > > confederation-member: false > > disable: false > > ipv4-unicast: true > > ipv4-multicast: false > > ipv6-unicast: false > > ipv6-multicast: false > > md5-key: "" > > } > > } > > static { > > disable: false > > route XX.XX.XX.XX/21 { > > next-hop: 10.0.0.65 <http://10.0.0.65> > > metric: 1 > > } > > } > > } > > policy { > > policy-statement "BGP_EXPORT" { > > term 1 { > > from { > > protocol: "static" > > network4: XX.XX.XX.XX/21 > > } > > then { > > action: "accept" > > } > > } > > } > > } > > interfaces { > > restore: false > > loopback lo { > > description: "" > > address 10.0.0.65 <http://10.0.0.65> { > > prefix-length: 32 > > disable: false > > } > > } > > ethernet eth0 { > > disable: false > > discard: false > > description: "" > > hw-id: 00:30:48:55:63:FC > > duplex: "auto" > > speed: "auto" > > address c.d.e.f { > > prefix-length: 25 > > disable: false > > } > > } > > ethernet eth1 { > > disable: false > > discard: false > > description: "" > > hw-id: 00:30:48:55:63:FD > > duplex: "auto" > > speed: "auto" > > address XX.XX.XX.1 { > > prefix-length: 21 > > disable: false > > } > > } > > } > > service { > > http { > > port: 80 > > } > > } > > firewall { > > log-martians: "enable" > > send-redirects: "disable" > > receive-redirects: "disable" > > ip-src-route: "disable" > > broadcast-ping: "disable" > > syn-cookies: "enable" > > } > > system { > > host-name: "vyatta" > > domain-name: "" > > time-zone: "GMT" > > ntp-server "69.59.150.135 <http://69.59.150.135>" > > login { > > user root { > > full-name: "" > > authentication { > > encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." > > } > > } > > user vyatta { > > full-name: "" > > authentication { > > encrypted-password: "$1$$Ht7gBYnxI1xCdO/JOnodh." > > } > > } > > } > > package { > > auto-sync: 1 > > repository community { > > component: "main" > > url: "http://archive.vyatta.com/vyatta > <http://archive.vyatta.com/vyatta>" > > } > > } > > } > > rtrmgr { > > config-directory: "/opt/vyatta/etc/config" > > } > > > > Is this config correct? > > > > Thanks > > > > > > > > On Dec 18, 2007 3:17 AM, Justin Fletcher < [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > wrote: > > > > > > It's hard to tell without the full configuration, but > remember that > > you need > > both a route out, as well as the rest of the internet > needs to be > > able to > > find their way back to you. You can check to see if you're > > reachable > > using an external traceroute; see www.traceroute.org > <http://www.traceroute.org> > > <http://www.traceroute.org <http://www.traceroute.org>> to > check and see > > if you're reachable. > > > > Best, > > Justin > > > > > > On Dec 17, 2007 2:05 AM, Poh Yong Hwang < > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > wrote: > > > Hi, > > > > > > I have managed to setup the BGP session with my peer and > also > > based on the > > > topic on Originating a Route to eBGP neighbors to > announce my IP > > ranges. I > > > have set my eth1 ip to be XX.XX.XX.1/21 and connect one > server > > directly to > > > eth1 for testing. Setting XX.XX.XX.2 with subnet of > 255.255.248.0 <http://255.255.248.0> > > and > > > XX.XX.XX.1 for default gateway on the server itself, I > cannot go > > out of the > > > internet (Cannot surf net using that server). Eth0 is > link with > > the UTP > > > cable provided by upstream for peering > > > > > > Is this the correct way to set it up? > > > > > > Please advise > > > > > > Thanks > > > > > > Regards > > > Yongsan > > > > > > > > > > > > On Dec 14, 2007 12:24 PM, Poh Yong Hwang < > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > wrote: > > > > Hi, > > > > > > > > I have read the docs that was available but still have > a few > > questions in > > > mind. I have a UTP cable that was provided by the > provider that I > > would like > > > to peer with so I have plug it into my eth0. So what IP > address > > should I set > > > on my eth0? Where can I set the IP range XX.XX.XX.XX/21 > that I > > want to > > > announce? > > > > > > > > Please advise. > > > > > > > > Thanks! > > > > > > > > Yongsan > > > > > > > > > > > > > > > > > > > > > > > > On Dec 12, 2007 12:03 AM, Justin Fletcher < > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > <mailto: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > wrote: > > > > > > > > > Certainly; there's documentation with examples from > > > > > http://www.vyatta.com/documentation/index.php or > > > > > > > http://www.vyatta.com/twiki/bin/view/Community/DocumentationSet > <http://www.vyatta.com/twiki/bin/view/Community/DocumentationSet>. > > > > > > > > > > Best, > > > > > Justin > > > > > > > > > > > > > > > > > > > > > > > > > On Dec 10, 2007 8:18 PM, Poh Yong Hwang > <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > wrote: > > > > > > Hi, > > > > > > > > > > > > Thanks! I am a noob in setting up BGP and we have the > > following info > > > from > > > > > > our upstream provider > > > > > > > > > > > > Upstream Router Server IP Address > > > > > > Customer Primary Interface Address > > > > > > Upstream Secondary Router Server IP Address > > > > > > Customer Secondary Interface Address > > > > > > > > > > > > Plus my ASN number as well as my IP range > XX.XX.XX.XX/21 > > > > > > > > > > > > So is all these information be enough to configure > it? Is > > there any > > > examples > > > > > > I can follow? > > > > > > > > > > > > Thanks! > > > > > > > > > > > > Yongsan > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Dec 11, 2007 11:33 AM, Justin Fletcher > > <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: > > > > > > > Well, yes - Vyatta has full BGP support, so > you'll be able > > to peer > > > > > > > with your provider. > > > > > > > > > > > > > > Best, > > > > > > > Justin > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Dec 10, 2007 7:26 PM, Poh Yong Hwang < > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: > > > > > > > > Hi, > > > > > > > > > > > > > > > > New here and to Vynatta and hope to get advises on > > getting this > > > up. I > > > > > > wish > > > > > > > > to setup a BGP router for our current setup > (We have got > > our ASN > > > number, > > > > > > IP > > > > > > > > range) and we will peer with our upstream > provider for > > MLPA. > > > > > > > > > > > > > > > > Just some simple BGP routes for testing > purposes. So > > just > > > wondering if > > > > > > > > Vynatta is able to do that? > > > > > > > > > > > > > > > > Thanks! > > > > > > > > > > > > > > > > Yongsan > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > Vyatta-users mailing list > > > > > > > > Vyatta-users@mailman.vyatta.com > <mailto:Vyatta-users@mailman.vyatta.com> > > <mailto:Vyatta-users@mailman.vyatta.com > <mailto:Vyatta-users@mailman.vyatta.com>> > > > > > > > > > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > Vyatta-users mailing list > > Vyatta-users@mailman.vyatta.com > <mailto:Vyatta-users@mailman.vyatta.com> > > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > > _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
