Question about bird RS config with BGP Community support
Hello, We are running a small IX fabric (in Mumbai, India) and with multiple route servers based on a bird. There has been a demand of support of BGP communities from some of our members and I am trying to find a way to set it up in the bird. Idea is to provide a community say 0:123 where tagged routes with 0:123 do not reach AS123. I am new to the bird. Tried testing with config given here - https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based... and that results in no announcement peer where the route is going out. (No specific comms even used. Just applying the export config results in a drop of the route announcement). I also tried other config example given over there for putting routes of each peer in their table (as per https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based...) and behaviour is same. No route announcement to peers. Was wondering if anyone can point to right config to support BGP communities? Thanks! -- Anurag Bhatia anuragbhatia.com
On Mon, 23 Jul 2018 at 23:00, Anurag Bhatia <me@anuragbhatia.com> wrote:
We are running a small IX fabric (in Mumbai, India) and with multiple route servers based on a bird. There has been a demand of support of BGP communities from some of our members and I am trying to find a way to set it up in the bird. Idea is to provide a community say 0:123 where tagged routes with 0:123 do not reach AS123. I am new to the bird.
I strongly recommend to either use “arouteserver” or “IXP manager” to generate the BIRD configuration files on your behalf, and no type it by hand. Setting up a fully featured secure route server is a lot of work and research, I’d really recommend to leverage the work others have done in this problem space. I fear otherwise you may risk repeating mistakes that others already made. https://arouteserver.readthedocs.io/en/latest/ https://github.com/pierky/arouteserver https://www.ixpmanager.org/ And using these automated tools means less work for the IX operator. Turning up new peers is a breeze with both tools! Kind regards, Job
As an operator of large, established IXP I would also recommend this path. A lot of work had gone into the likes of IXPManager and arouteserver and they provide great value in providing secure configurations with added features such as action communities you are after. Cheers, Tim
On 24 Jul 2018, at 7:05 am, Job Snijders <job@instituut.net> wrote:
On Mon, 23 Jul 2018 at 23:00, Anurag Bhatia <me@anuragbhatia.com> wrote:
We are running a small IX fabric (in Mumbai, India) and with multiple route servers based on a bird. There has been a demand of support of BGP communities from some of our members and I am trying to find a way to set it up in the bird. Idea is to provide a community say 0:123 where tagged routes with 0:123 do not reach AS123. I am new to the bird.
I strongly recommend to either use “arouteserver” or “IXP manager” to generate the BIRD configuration files on your behalf, and no type it by hand.
Setting up a fully featured secure route server is a lot of work and research, I’d really recommend to leverage the work others have done in this problem space. I fear otherwise you may risk repeating mistakes that others already made.
https://arouteserver.readthedocs.io/en/latest/ https://github.com/pierky/arouteserver https://www.ixpmanager.org/
And using these automated tools means less work for the IX operator. Turning up new peers is a breeze with both tools!
Kind regards,
Job
Hi Tim & Job Thanks a lot for your advice. I was aware of IXP Manager and there were certain issues we faced due to which we couldn't use it when we tried last time (which was a few months ago before the latest stable release). I wish to re-visit and keep on re-visiting it until we can make it work because it does seem like a package full of everything an IXP needs. :) I checked arouteseerver project which I missed during the previous lookup. It seems really good and I ended up in building config and getting it live. For now, we got what we needed (the BGP community support as well as a way to automatically update config regularly). I will explore IXP manager again in the very near future. Thanks again for your help. And oh btw I still do not have an answer to my question on why route announcement did not go. I do have a well tested and working config which does the job but the config generated by arouteserver is like 10x bigger than original config (for 5 peers). Still trying to read and get a sense from it on what was wrong earlier. Thanks. On Tue, Jul 24, 2018 at 2:58 AM Tim Raphael <raphael.timothy@gmail.com> wrote:
As an operator of large, established IXP I would also recommend this path. A lot of work had gone into the likes of IXPManager and arouteserver and they provide great value in providing secure configurations with added features such as action communities you are after.
Cheers,
Tim
On 24 Jul 2018, at 7:05 am, Job Snijders <job@instituut.net> wrote:
On Mon, 23 Jul 2018 at 23:00, Anurag Bhatia <me@anuragbhatia.com> wrote:
We are running a small IX fabric (in Mumbai, India) and with multiple route servers based on a bird. There has been a demand of support of BGP communities from some of our members and I am trying to find a way to set it up in the bird. Idea is to provide a community say 0:123 where tagged routes with 0:123 do not reach AS123. I am new to the bird.
I strongly recommend to either use “arouteserver” or “IXP manager” to generate the BIRD configuration files on your behalf, and no type it by hand.
Setting up a fully featured secure route server is a lot of work and research, I’d really recommend to leverage the work others have done in this problem space. I fear otherwise you may risk repeating mistakes that others already made.
https://arouteserver.readthedocs.io/en/latest/ https://github.com/pierky/arouteserver https://www.ixpmanager.org/
And using these automated tools means less work for the IX operator. Turning up new peers is a breeze with both tools!
Kind regards,
Job
-- Anurag Bhatia anuragbhatia.com
On Tue, Jul 24, 2018 at 11:36:21PM +0530, Anurag Bhatia wrote:
Thanks a lot for your advice. I was aware of IXP Manager and there were certain issues we faced due to which we couldn't use it when we tried last time (which was a few months ago before the latest stable release). I wish to re-visit and keep on re-visiting it until we can make it work because it does seem like a package full of everything an IXP needs. :)
I checked arouteseerver project which I missed during the previous lookup. It seems really good and I ended up in building config and getting it live. For now, we got what we needed (the BGP community support as well as a way to automatically update config regularly). I will explore IXP manager again in the very near future.
Note that you can use arouteserver in conjunction with IXP Manager: arouteserver can plug into IXP Manager so that you use IXP Manager for the administrative side of things (the portal, statistics, etc), and use arouteserver for the routeserver configuration generation. Arouteserver (compared to IXP Manager) offers a bunch of more advanced features such as "Use RPKI ROAs as route-objects", the "ARIN-WHOIS" data source, and some extra filters/features. Both are excellent, it is good to have a choice :-)
Thanks again for your help. And oh btw I still do not have an answer to my question on why route announcement did not go.
Feel free to send me your full BIRD configuration off-list and I'll help you analyse what's wrong in the adoption of that example config.
I do have a well tested and working config which does the job but the config generated by arouteserver is like 10x bigger than original config (for 5 peers). Still trying to read and get a sense from it on what was wrong earlier.
The arouteserver (or ixp manager) configurations are indeed bigger, most likely due to extensive prefix and as_path filtering! This is a good thing. Don't worry about size - I've loaded 50 megabyte config files into BIRD and it handles such large configurations fine. Kind regards, Job
participants (3)
-
Anurag Bhatia
-
Job Snijders
-
Tim Raphael