Showing posts with label BGP. Show all posts
Showing posts with label BGP. Show all posts

Friday, 4 June 2010

Basic BGP - Path Selection with Vyatta

There is actually very little BGP documentation out there on Vyatta, which is strange as if there is one real strength of Vyatta it is BGP.
This set of videos is all about BGP and if it proves popular I will do some more with some more advanced features.

Here is the Picture:




Basic BGP - Path Selection with Vyatta -Part 1
General Setup

Basic BGP - Path Selection with Vyatta -Part 1 from Roggy on Vimeo.




Basic BGP - Path Selection with Vyatta -Part 2
Checking BGP peering
Adding Next-hop-self

Basic BGP - Path Selection with Vyatta -Part 2 from Roggy on Vimeo.



Basic BGP - Path Selection with Vyatta -Part 3
Creating ACLs
Creating Prefix Lists
Creating Route-maps
Setting Local Pref
Setting Med
Clearing a Peer

Basic BGP - Path Selection with Vyatta -Part 3 from Roggy on Vimeo.




Although it can seem a little boring, I always like to include the full configs:
R1

firewall {
all-ping enable
broadcast-ping disable
conntrack-table-size 32768
conntrack-tcp-loose enable
ip-src-route disable
ipv6-receive-redirects disable
ipv6-src-route disable
log-martians enable
name ALLOW_ESTABLISHED {
default-action drop
rule 10 {
action accept
state {
established enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 172.12.123.1/24
description R1-R2-R3
duplex auto
hw-id 00:0c:29:fe:17:2d
smp_affinity auto
speed auto
}
ethernet eth1 {
duplex auto
hw-id 00:0c:29:fe:17:37
smp_affinity auto
speed auto
}
ethernet eth2 {
address dhcp
duplex auto
hw-id 00:0c:29:fe:17:41
smp_affinity auto
speed auto
}
loopback lo {
address 5.5.5.5/24
address 6.6.6.6/24
address 7.7.7.7/24
address 8.8.8.8/24
}
}
policy {
}
protocols {
bgp 1 {
neighbor 172.12.123.2 {
remote-as 234
}
neighbor 172.12.123.3 {
remote-as 234
}
redistribute {
connected {
}
}
}
}
service {
dns {
forwarding {
cache-size 150
listen-on eth1
name-server 208.67.222.222
name-server 208.67.220.220
}
}
nat {
rule 10 {
outbound-interface eth0
source {
address 192.168.10.0/24
}
type masquerade
}
}
ssh {
allow-root
port 22
protocol-version v2
}
}
system {
host-name R1
login {
user root {
authentication {
encrypted-password $1$ORKO400D$9GoL/vifapZLo3p.sLkUs/
plaintext-password ""
}
level admin
}
user vyatta {
authentication {
encrypted-password $1$Z9oMjC/m$r.T2vNILnVuZnIwkKhg58.
}
level admin
}
}
ntp-server 0.vyatta.pool.ntp.org
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
repository lenny {
components main
distribution lenny
password ""
url http://packages.vyatta.com/debian/
username ""
}
repository VC6 {
components main
distribution VC6.0
password ""
url http://packages.vyatta.com/vyatta/
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone GMT
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "cluster@1:dhcp-relay@1:dhcp-server@4:firewall@3:ipsec@2:nat@3:quagga@1:system@3:vrrp@1:wanloadbalance@2:webgui@1:webproxy@1" === */
/* Release version: VC6.0-2010.03.22 */



R2

firewall {
all-ping enable
broadcast-ping disable
conntrack-table-size 32768
conntrack-tcp-loose enable
ip-src-route disable
ipv6-receive-redirects disable
ipv6-src-route disable
log-martians enable
name ALLOW_ESTABLISHED {
default-action drop
rule 10 {
action accept
state {
established enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 172.12.123.2/24
description R1-R2-R3
duplex auto
hw-id 00:0c:29:fa:84:8d
smp_affinity auto
speed auto
}
ethernet eth1 {
address 172.12.234.2/24
description Inside
duplex auto
hw-id 00:0c:29:fa:84:97
smp_affinity auto
speed auto
}
ethernet eth2 {
address dhcp
description DMZ
duplex auto
hw-id 00:0c:29:fa:84:a1
smp_affinity auto
speed auto
}
loopback lo {
}
}
policy {
access-list 100 {
rule 10 {
action permit
destination {
any
}
source {
any
}
}
}
access-list 150 {
rule 10 {
action permit
destination {
any
}
source {
inverse-mask 0.0.0.255
network 172.12.234.0
}
}
}
route-map SET-LOCAL-PREF {
rule 10 {
action permit
match {
ip {
address {
access-list 100
}
}
}
set {
local-preference 301
}
}
}
route-map SET-MED {
rule 10 {
action permit
match {
ip {
address {
access-list 150
}
}
}
set {
metric 201
}
}
rule 20 {
action permit
match {
ip {
address {
access-list 100
}
}
}
}
}
}
protocols {
bgp 234 {
neighbor 172.12.123.1 {
remote-as 1
route-map {
export SET-MED
}
}
neighbor 172.12.234.4 {
nexthop-self
remote-as 234
route-map {
export SET-LOCAL-PREF
}
}
redistribute {
connected {
}
}
}
}
service {
dns {
forwarding {
cache-size 150
listen-on eth1
name-server 208.67.222.222
name-server 208.67.220.220
}
}
ssh {
allow-root
port 22
protocol-version v2
}
}
system {
host-name R2
login {
user root {
authentication {
encrypted-password $1$ORKO400D$9GoL/vifapZLo3p.sLkUs/
plaintext-password ""
}
level admin
}
user vyatta {
authentication {
encrypted-password $1$Z9oMjC/m$r.T2vNILnVuZnIwkKhg58.
}
level admin
}
}
ntp-server 0.vyatta.pool.ntp.org
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
repository lenny {
components main
distribution lenny
password ""
url http://packages.vyatta.com/debian/
username ""
}
repository VC6 {
components main
distribution VC6.0
password ""
url http://packages.vyatta.com/vyatta/
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone GMT
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "cluster@1:dhcp-relay@1:dhcp-server@4:firewall@3:ipsec@2:nat@3:quagga@1:system@3:vrrp@1:wanloadbalance@2:webgui@1:webproxy@1" === */
/* Release version: VC6.0-2010.03.22 */



R3

firewall {
all-ping enable
broadcast-ping disable
conntrack-table-size 32768
conntrack-tcp-loose enable
ip-src-route disable
ipv6-receive-redirects disable
ipv6-src-route disable
log-martians enable
name ALLOW_ESTABLISHED {
default-action drop
rule 10 {
action accept
state {
established enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 172.12.123.3/24
description R1-R2-R3
duplex auto
hw-id 00:0c:29:21:bd:6f
smp_affinity auto
speed auto
}
ethernet eth1 {
address 172.12.234.3/24
description R2-R3-R4
duplex auto
hw-id 00:0c:29:21:bd:79
smp_affinity auto
speed auto
}
ethernet eth2 {
address dhcp
description DMZ
duplex auto
hw-id 00:0c:29:21:bd:83
smp_affinity auto
speed auto
}
loopback lo {
}
}
policy {
access-list 150 {
rule 10 {
action permit
destination {
any
}
source {
inverse-mask 0.0.0.255
network 172.12.234.0
}
}
}
prefix-list ALL-ROUTES {
rule 10 {
action permit
le 32
prefix 0.0.0.0/0
}
}
route-map SET-LOCAL-PREF {
rule 10 {
action permit
match {
ip {
address {
prefix-list ALL-ROUTES
}
}
}
set {
local-preference 201
}
}
}
route-map SET-MED {
rule 10 {
action permit
match {
ip {
address {
access-list 150
}
}
}
set {
metric 101
}
}
rule 20 {
action permit
match {
ip {
address {
prefix-list ALL-ROUTES
}
}
}
}
}
}
protocols {
bgp 234 {
neighbor 172.12.123.1 {
remote-as 1
route-map {
export SET-MED
}
}
neighbor 172.12.234.4 {
nexthop-self
remote-as 234
route-map {
export SET-LOCAL-PREF
}
}
redistribute {
connected {
}
}
}
}
service {
dns {
forwarding {
cache-size 150
listen-on eth1
name-server 208.67.222.222
name-server 208.67.220.220
}
}
ssh {
allow-root
port 22
protocol-version v2
}
}
system {
host-name R3
login {
user root {
authentication {
encrypted-password $1$ORKO400D$9GoL/vifapZLo3p.sLkUs/
plaintext-password ""
}
level admin
}
user vyatta {
authentication {
encrypted-password $1$Z9oMjC/m$r.T2vNILnVuZnIwkKhg58.
}
level admin
}
}
ntp-server 0.vyatta.pool.ntp.org
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
repository lenny {
components main
distribution lenny
password ""
url http://packages.vyatta.com/debian/
username ""
}
repository VC6 {
components main
distribution VC6.0
password ""
url http://packages.vyatta.com/vyatta/
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone GMT
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "cluster@1:dhcp-relay@1:dhcp-server@4:firewall@3:ipsec@2:nat@3:quagga@1:system@3:vrrp@1:wanloadbalance@2:webgui@1:webproxy@1" === */
/* Release version: VC6.0-2010.03.22 */



R4

firewall {
all-ping enable
broadcast-ping disable
conntrack-table-size 32768
conntrack-tcp-loose enable
ip-src-route disable
ipv6-receive-redirects disable
ipv6-src-route disable
log-martians enable
name ALLOW_ESTABLISHED {
default-action drop
rule 10 {
action accept
state {
established enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 172.12.234.4/24
duplex auto
smp_affinity auto
speed auto
}
ethernet eth2 {
address dhcp
duplex auto
smp_affinity auto
speed auto
}
loopback lo {
}
}
protocols {
bgp 234 {
neighbor 172.12.234.2 {
remote-as 234
}
neighbor 172.12.234.3 {
remote-as 234
}
redistribute {
connected {
}
}
}
}
service {
dhcp-server {
disabled false
shared-network-name POOL1 {
authoritative disable
subnet 192.168.10.0/24 {
default-router 192.168.10.1
dns-server 192.168.10.1
domain-name Vyatta.local
lease 86400
start 192.168.10.10 {
stop 192.168.10.200
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on eth1
name-server 208.67.222.222
name-server 208.67.220.220
}
}
nat {
rule 10 {
outbound-interface eth0
source {
address 192.168.10.0/24
}
type masquerade
}
}
ssh {
allow-root
port 22
protocol-version v2
}
}
system {
host-name R4
login {
user root {
authentication {
encrypted-password $1$ORKO400D$9GoL/vifapZLo3p.sLkUs/
plaintext-password ""
}
level admin
}
user vyatta {
authentication {
encrypted-password $1$Z9oMjC/m$r.T2vNILnVuZnIwkKhg58.
}
level admin
}
}
ntp-server 0.vyatta.pool.ntp.org
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
repository lenny {
components main
distribution lenny
password ""
url http://packages.vyatta.com/debian/
username ""
}
repository VC6 {
components main
distribution VC6.0
password ""
url http://packages.vyatta.com/vyatta/
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone GMT
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "cluster@1:dhcp-relay@1:dhcp-server@4:firewall@3:ipsec@2:nat@3:quagga@1:system@3:vrrp@1:wanloadbalance@2:webgui@1:webproxy@1" === */
/* Release version: VC6.0-2010.03.22 */
Posted by at 3 comments:
Labels: , , , , ,

Thursday, 4 February 2010

Vyatta - Load Balancing with Exceptions

Currently working on this lab:
Posted by at 4 comments:
Labels: , , ,

Thursday, 4 June 2009

BGP Lab configs

Ok here are the import bits from the configs:

R1

router bgp 1
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
network 172.12.123.0 mask 255.255.255.0
neighbor 172.12.123.2 remote-as 234
neighbor 172.12.123.3 remote-as 234
no auto-summary


Show ip bgp

R1#sh ip bgp
BGP table version is 9, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*> 2.2.2.2/32 172.12.123.2 201 0 234 i
*> 3.3.3.3/32 172.12.123.3 101 0 234 i
*> 4.4.4.4/32 172.12.123.3 101 0 234 i
* 172.12.123.2 201 0 234 i
* 172.12.123.0/24 172.12.123.3 101 0 234 i
* 172.12.123.2 201 0 234 i
*> 0.0.0.0 0 32768 i
*> 172.12.234.0/24 172.12.123.3 101 0 234 i
* 172.12.123.2 201 0 234 i



R2:

router bgp 234
no synchronization
bgp router-id 2.2.2.2
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
network 172.12.123.0 mask 255.255.255.0
network 172.12.234.0 mask 255.255.255.0
neighbor 172.12.123.1 remote-as 1
neighbor 172.12.123.1 route-map SET_MED out
neighbor 172.12.234.4 remote-as 234
neighbor 172.12.234.4 next-hop-self
neighbor 172.12.234.4 route-map SET_LOCAL_PREF out
no auto-summary


route maps

ip prefix-list ALL_ROUTES seq 5 permit 0.0.0.0/0 le 32
access-list 110 permit ip any any
!
route-map SET_LOCAL_PREF permit 10
match ip address prefix-list ALL_ROUTES
set local-preference 301
!
route-map SET_MED permit 10
match ip address 110
set metric 201


Show ip bgp:

R2#sh ip bgp
BGP table version is 6, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 172.12.123.1 0 0 1 i
*> 2.2.2.2/32 0.0.0.0 0 32768 i
*>i4.4.4.4/32 172.12.234.4 0 100 0 i
* 172.12.123.0/24 172.12.123.1 0 0 1 i
*> 0.0.0.0 0 32768 i
* i172.12.234.0/24 172.12.234.4 0 100 0 i
*> 0.0.0.0 0 32768 i





R3:


router bgp 234
no synchronization
bgp router-id 3.3.3.3
bgp log-neighbor-changes
network 3.3.3.3 mask 255.255.255.255
network 172.12.123.0 mask 255.255.255.0
network 172.12.234.0 mask 255.255.255.0
neighbor 172.12.123.1 remote-as 1
neighbor 172.12.123.1 route-map SET_MED out
neighbor 172.12.234.4 remote-as 234
neighbor 172.12.234.4 next-hop-self
neighbor 172.12.234.4 route-map SET_LOCAL_PREF out
no auto-summary
!


Route maps

ip prefix-list ALL_ROUTES seq 5 permit 0.0.0.0/0 le 32
access-list 110 permit ip any any
!
route-map SET_LOCAL_PREF permit 10
match ip address prefix-list ALL_ROUTES
set local-preference 201
!
route-map test permit 10
!
route-map SET_MED permit 10
match ip address 110
set metric 101


Show ip bgp:

R3#sh ip bgp
BGP table version is 10, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 172.12.123.1 0 0 1 i
*> 3.3.3.3/32 0.0.0.0 0 32768 i
*>i4.4.4.4/32 172.12.234.4 0 100 0 i
*> 172.12.123.0/24 0.0.0.0 0 32768 i
* 172.12.123.1 0 0 1 i
*> 172.12.234.0/24 0.0.0.0 0 32768 i
* i 172.12.234.4 0 100 0 i


R4:

router bgp 234
no synchronization
bgp router-id 4.4.4.4
bgp log-neighbor-changes
network 4.4.4.4 mask 255.255.255.255
network 172.12.234.0 mask 255.255.255.0
neighbor 172.12.234.2 remote-as 234
neighbor 172.12.234.3 remote-as 234
no auto-summary


Show ip bgp

FR-R4#sh ip bgp
BGP table version is 7, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
* i1.1.1.1/32 172.12.234.3 0 201 0 1 i
*>i 172.12.234.2 0 301 0 1 i
*>i2.2.2.2/32 172.12.234.2 0 301 0 i
*>i3.3.3.3/32 172.12.234.3 0 201 0 i
*> 4.4.4.4/32 0.0.0.0 0 32768 i
* i172.12.123.0/24 172.12.234.3 0 201 0 i
*>i 172.12.234.2 0 301 0 i
* i172.12.234.0/24 172.12.234.3 0 201 0 i
* i 172.12.234.2 0 301 0 i
*> 0.0.0.0 0 32768 i


If you want to full configs mail me :)
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)