Re: OpenBGP on CARP

[Soeren Aurehoej]

Den 29/09/2009 kl. 18.24 skrev peter dunaskin:

Hello Soeren,
I'm trying to implement CARP on our edge BGP OpenBSD routers. CARP
itself seems to be working perfectly but I'm having problems  
figuring
out how to propertly configure BGP.

I have couple of external IP's on my network, so limited number of
them
is not an issue (as it's often with internet exchange points)
Could you get one BGP session  to each router from your provider.
That way you only need the carp on the inside.
It makes the setup a little simpler, and allows you to have 2 full  
BGP
views, making failover faster.
Thanks for your reply!
Yes, I could probably ask my provider to give me two BGP sessions.

From claudio's presentation it seems to me doing it by "depend on
carp0"
is wrong [1].

My setup is like this:

          [ upstream ]
           10.1.1.254
                |
            10.1.1.1
10.1.1.2 ---- carp0 ---- 10.1.1.3
[ router#1 ]             [ router#2 ]

Should I peer both routers using their external IP's to my upstream
ISP
and keep IBGP session between both of them?
That's what I do, with OSPF on top.

Could you please tell me what benefit does OSPF in this case give?
It seems to me like this makes things bit more complicated.
I need it due to having 4 upstream in 2 different PoP's to 2  
providers, with a fiber between.
OSPF does  make things more complicated/interesting though.


Could you please send your configuration?
I am not sure they are ready for public consumption... :-)
This is my first production BGP setup, and I could be absolutely wrong.
Beware, all advice from this end should be taken with absolute caution.
:-)


At this point my configuration is like this:

group "peering AS33333" {
       remote-as 22222
       neighbor $upstream {
               descr   "AS 33333 peer 1"
               announce self
               tcp md5sig password somepassword
               depend on carp0
               local-address 10.1.1.1 [this is carp address]
       }
}

group IBGP {
       remote-as 33333
       neighbor $core1b {
               descr   "core1b"
               tcp md5sig password somepassword
       }
}

It's not really clear to me what I should announce between my iBGP
peers.
Upstream I "announce self"
iBGP I "announce all"

All according to the manpage of bgpd.conf:

The default value for EBGP peers is self,
             which limits the sent UPDATE messages to announcements  
of the lo-
             cal AS.  The default for IBGP peers is all.


And it's bit complicated to test it, this system currently is in
production and I don't want to mess things up.
Make a testenvironment of old junk pc's ??


/Soeren