Hi, I tried to add a ip address 11.11.11.12 with prefix length of 21 to eth1. But i still cannot remote access or ping to this ip address from outside. I hope to able to access the web gui of Vyatta remotely using the eth1 ip address. Also this eth1 will be link to a switch and to the rest of the servers, so am I right to set all the servers default gateway to be 11.11.11.12 which is the ip address of the eth1?
thanks for all your patience On Jan 4, 2008 10:25 PM, Robyn Orosz <[EMAIL PROTECTED]> wrote: > Hi, > > I'm glad to hear you have it working now. > > Since you are exporting your aggregate (/21) via a static route to your > loopback interface, you don't have to assign the entire /21 to eth1. > You can segment it in whatever way you choose as it will still always be > exported as a /21 based on your existing policy. Basically, you can set > whatever IP and prefix length you want on your eth1 as long as it is a > valid part of your /21 aggregate prefix. > > Thank you, > > Robyn > > Poh Yong Hwang wrote: > > Hi all, > > > > Sorry for getting back so late as I am tied up with some other > > stuffs.. Thanks for all the advice and my upstream managed to see my > > prefix. Seems that changing the next hop to my eth0 public ip address > > did the trick. > > > > Now as my eth0 is connected to my upstream, what IP address should I > > set on my eth1? It will be connected to a layer 3 switch (core switch) > > which all our servers will be connected to that switch. I have a /21 > > range of ip addresses, so should I just use the first ip to set on > > eth1? What prefix-length should I set on that as well? > > > > Please advise. > > > > Thanks! > > > > > > > > On Dec 20, 2007 1:52 AM, Robyn Orosz <[EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > Hi There, > > > > The next-hop value is providing the peer with the next-hop value > > to use > > for the advertised prefixes from your router. So, the next-hop > should > > be an address on your router. It looks correct based on your edited > > configuration file. > > > > If you run a 'show bgp peers' it will show you whether or not your > > session is established with your peer. If it's not established, > that > > would be one reason why the ISP claims they did not receive a prefix > > advertisement from you. First off, verify your configuration is > > correct > > (IPs, ASNs etc). Then you can run a tshark on eth0 (your BGP > peering > > interface) on port 179 (tshark -i eth0 port 179 -Vn) to take a > > look at > > the BGP packets and also take a look at the logs 'show log.' > > > > If your session is established, make sure the route you are > > advertising > > with your policy exists in the routing table and matches the > > prefix in > > the policy. You can check the route by running a 'show route > protocol > > static.' You must see the static route that you've pointed to your > > loopback interface in the table. If it's not there, verify your > > configuration etc. > > > > If it is there, make sure the prefix in your policy matches the > route > > exactly. If it does not match, it won't be advertised. > > > > If all of the above are correct, take a look at 'show bgp route' and > > make sure you see your advertised prefix in the output. If it's > there > > then your ISP is probably rejecting your advertisement. They need > to > > add your prefix to their prefix list. ISPs forget to add their > > customer's prefixes to their prefix lists all the time. > > > > The loopback address for the BGP ID won't hurt anything but Ahsan is > > correct that for eBGP peering with external public peers, you should > > probably set your BGP ID to your public IP on eth0. > > > > Thanks! and I hope this helps. > > > > -Robyn > > > > Ahsan Khan wrote: > > > Hi, > > > > > > I think your nexthop IP should be your ISP IP address and > > not your > > > own. Also check with your ISP if they can confirm about BGP > session > > > establishment, Most router like Juniper, Cisco can explain a lot > > in their > > > output the reasons if the session is not established. > > > > > > Also loopback IP is normally used in BGP if you have multiple > > interfaces > > > connected to same ISP, or you are using some other complex > > configuration. I > > > would use interface IP connected to ISP to avoid routing issues > > etc. > > > > > > Thanks. > > > > > > Ahsan Khan > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]> > > > [mailto:[EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>] On Behalf Of Poh > > Yong Hwang > > > Sent: Tuesday, December 18, 2007 11:20 PM > > > To: Justin Fletcher > > > Cc: vyatta-users > > > Subject: Re: [Vyatta-users] Advises on configuring BGP > > > > > > Hi, > > > > > > Thanks. I just could not traceroute to the router and according > > to my > > > peering upstream, they mention that they did not receive any of > > my prefix > > > announcement. > > > > > > Basically i just want to do a simple setup at this moment with > > one box > > > running Vyatta and eth0 is link to one of our upstream provider > > which we > > > want to peer with. I have my ASN number as well as a /21 range > > of IP > > > addresses to announce. Here is my configuration: > > > > > > loopback ip : 10.0.0.65 <http://10.0.0.65> > > > My ASN : 100 > > > My IP Range : XX.XX.XX.XX/21 > > > > > > Upstream Route IP : a.b.c.d > > > Customer Interface IP : c.d.e.f > > > Upstream ASN : 200 > > > > > > protocols { > > > bgp { > > > bgp-id: 10.0.0.65 <http://10.0.0.65> > > > local-as: 100 > > > import: "" > > > export: "BGP_EXPORT" > > > peer " a.b.c.d" { > > > import: "" > > > export: "" > > > multihop: 1 > > > peer-port: 179 > > > local-port: 179 > > > local-ip: c.d.e.f > > > as: 9989 > > > next-hop: c.d.e.f > > > holdtime: 90 > > > delay-open-time: 0 > > > client: false > > > confederation-member: false > > > disable: false > > > ipv4-unicast: true > > > ipv4-multicast: false > > > ipv6-unicast: false > > > ipv6-multicast: false > > > md5-key: "" > > > } > > > } > > > static { > > > disable: false > > > route XX.XX.XX.XX/21 { > > > next-hop: 10.0.0.65 <http://10.0.0.65> > > > metric: 1 > > > } > > > } > > > } > > > policy { > > > policy-statement "BGP_EXPORT" { > > > term 1 { > > > from { > > > protocol: "static" > > > network4: XX.XX.XX.XX/21 > > > } > > > then { > > > action: "accept" > > > } > > > } > > > } > > > } > > > interfaces { > > > restore: false > > > loopback lo { > > > description: "" > > > address 10.0.0.65 <http://10.0.0.65> { > > > prefix-length: 32 > > > disable: false > > > } > > > } > > > ethernet eth0 { > > > disable: false > > > discard: false > > > description: "" > > > hw-id: 00:30:48:55:63:FC > > > duplex: "auto" > > > speed: "auto" > > > address c.d.e.f { > > > prefix-length: 25 > > > disable: false > > > } > > > } > > > ethernet eth1 { > > > disable: false > > > discard: false > > > description: "" > > > hw-id: 00:30:48:55:63:FD > > > duplex: "auto" > > > speed: "auto" > > > address XX.XX.XX.1 { > > > prefix-length: 21 > > > disable: false > > > } > > > } > > > } > > > service { > > > http { > > > port: 80 > > > } > > > } > > > firewall { > > > log-martians: "enable" > > > send-redirects: "disable" > > > receive-redirects: "disable" > > > ip-src-route: "disable" > > > broadcast-ping: "disable" > > > syn-cookies: "enable" > > > } > > > system { > > > host-name: "vyatta" > > > domain-name: "" > > > time-zone: "GMT" > > > ntp-server "69.59.150.135 <http://69.59.150.135>" > > > login { > > > user root { > > > full-name: "" > > > authentication { > > > encrypted-password: > "$1$$Ht7gBYnxI1xCdO/JOnodh." > > > } > > > } > > > user vyatta { > > > full-name: "" > > > authentication { > > > encrypted-password: > "$1$$Ht7gBYnxI1xCdO/JOnodh." > > > } > > > } > > > } > > > package { > > > auto-sync: 1 > > > repository community { > > > component: "main" > > > url: "http://archive.vyatta.com/vyatta > > <http://archive.vyatta.com/vyatta>" > > > } > > > } > > > } > > > rtrmgr { > > > config-directory: "/opt/vyatta/etc/config" > > > } > > > > > > Is this config correct? > > > > > > Thanks > > > > > > > > > > > > On Dec 18, 2007 3:17 AM, Justin Fletcher < [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]> > > > <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > wrote: > > > > > > > > > It's hard to tell without the full configuration, but > > remember that > > > you need > > > both a route out, as well as the rest of the internet > > needs to be > > > able to > > > find their way back to you. You can check to see if you're > > > reachable > > > using an external traceroute; see www.traceroute.org > > <http://www.traceroute.org> > > > <http://www.traceroute.org <http://www.traceroute.org>> to > > check and see > > > if you're reachable. > > > > > > Best, > > > Justin > > > > > > > > > On Dec 17, 2007 2:05 AM, Poh Yong Hwang < > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > wrote: > > > > Hi, > > > > > > > > I have managed to setup the BGP session with my peer and > > also > > > based on the > > > > topic on Originating a Route to eBGP neighbors to > > announce my IP > > > ranges. I > > > > have set my eth1 ip to be XX.XX.XX.1/21 and connect one > > server > > > directly to > > > > eth1 for testing. Setting XX.XX.XX.2 with subnet of > > 255.255.248.0 <http://255.255.248.0> > > > and > > > > XX.XX.XX.1 for default gateway on the server itself, I > > cannot go > > > out of the > > > > internet (Cannot surf net using that server). Eth0 is > > link with > > > the UTP > > > > cable provided by upstream for peering > > > > > > > > Is this the correct way to set it up? > > > > > > > > Please advise > > > > > > > > Thanks > > > > > > > > Regards > > > > Yongsan > > > > > > > > > > > > > > > > On Dec 14, 2007 12:24 PM, Poh Yong Hwang < > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > wrote: > > > > > Hi, > > > > > > > > > > I have read the docs that was available but still have > > a few > > > questions in > > > > mind. I have a UTP cable that was provided by the > > provider that I > > > would like > > > > to peer with so I have plug it into my eth0. So what IP > > address > > > should I set > > > > on my eth0? Where can I set the IP range XX.XX.XX.XX/21 > > that I > > > want to > > > > announce? > > > > > > > > > > Please advise. > > > > > > > > > > Thanks! > > > > > > > > > > Yongsan > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Dec 12, 2007 12:03 AM, Justin Fletcher < > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > <mailto: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > wrote: > > > > > > > > > > > Certainly; there's documentation with examples from > > > > > > http://www.vyatta.com/documentation/index.php or > > > > > > > > > http://www.vyatta.com/twiki/bin/view/Community/DocumentationSet > > <http://www.vyatta.com/twiki/bin/view/Community/DocumentationSet>. > > > > > > > > > > > > Best, > > > > > > Justin > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Dec 10, 2007 8:18 PM, Poh Yong Hwang > > <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > wrote: > > > > > > > Hi, > > > > > > > > > > > > > > Thanks! I am a noob in setting up BGP and we have > the > > > following info > > > > from > > > > > > > our upstream provider > > > > > > > > > > > > > > Upstream Router Server IP Address > > > > > > > Customer Primary Interface Address > > > > > > > Upstream Secondary Router Server IP Address > > > > > > > Customer Secondary Interface Address > > > > > > > > > > > > > > Plus my ASN number as well as my IP range > > XX.XX.XX.XX/21 > > > > > > > > > > > > > > So is all these information be enough to configure > > it? Is > > > there any > > > > examples > > > > > > > I can follow? > > > > > > > > > > > > > > Thanks! > > > > > > > > > > > > > > Yongsan > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Dec 11, 2007 11:33 AM, Justin Fletcher > > > <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: > > > > > > > > Well, yes - Vyatta has full BGP support, so > > you'll be able > > > to peer > > > > > > > > with your provider. > > > > > > > > > > > > > > > > Best, > > > > > > > > Justin > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Dec 10, 2007 7:26 PM, Poh Yong Hwang < > > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: > > > > > > > > > Hi, > > > > > > > > > > > > > > > > > > New here and to Vynatta and hope to get advises > on > > > getting this > > > > up. I > > > > > > > wish > > > > > > > > > to setup a BGP router for our current setup > > (We have got > > > our ASN > > > > number, > > > > > > > IP > > > > > > > > > range) and we will peer with our upstream > > provider for > > > MLPA. > > > > > > > > > > > > > > > > > > Just some simple BGP routes for testing > > purposes. So > > > just > > > > wondering if > > > > > > > > > Vynatta is able to do that? > > > > > > > > > > > > > > > > > > Thanks! > > > > > > > > > > > > > > > > > > Yongsan > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > > Vyatta-users mailing list > > > > > > > > > Vyatta-users@mailman.vyatta.com > > <mailto:Vyatta-users@mailman.vyatta.com> > > > <mailto:Vyatta-users@mailman.vyatta.com > > <mailto:Vyatta-users@mailman.vyatta.com>> > > > > > > > > > > > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > Vyatta-users mailing list > > > Vyatta-users@mailman.vyatta.com > > <mailto:Vyatta-users@mailman.vyatta.com> > > > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > > > > > >
_______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
