OpenBGP on CARP

2009-09-29 Thread peter dunaskin 
Hello,

I'm trying to implement CARP on our edge BGP OpenBSD routers. CARP
itself seems to be working perfectly but I'm having problems figuring
out how to propertly configure BGP.

I have couple of external IP's on my network, so limited number of them
is not an issue (as it's often with internet exchange points).

From claudio's presentation it seems to me doing it by depend on carp0
is wrong [1].

My setup is like this:

  [ upstream ]
   10.1.1.254
|
10.1.1.1
10.1.1.2  carp0  10.1.1.3
  [ router#1 ] [ router#2 ]

Should I peer both routers using their external IP's to my upstream ISP
and keep IBGP session between both of them? Or should I use depend on
carp0 and local-address 10.1.1.1 on both of them? In this case, what
am I supposed to announce between both of my routers?

Thanks,
Peter

1. http://www.openbsd.org/papers/linuxtag06-network/mgp00028.html

Re: OpenBGP on CARP

2009-09-29 Thread Soeren Aurehoej 

Hello Peter

Den 29/09/2009 kl. 14.33 skrev peter dunaskin:


Hello,

I'm trying to implement CARP on our edge BGP OpenBSD routers. CARP
itself seems to be working perfectly but I'm having problems figuring
out how to propertly configure BGP.

I have couple of external IP's on my network, so limited number of
them
is not an issue (as it's often with internet exchange points)

Could you get one BGP session  to each router from your provider.
That way you only need the carp on the inside.
It makes the setup a little simpler, and allows you to have 2 full BGP
views, making failover faster.


From claudio's presentation it seems to me doing it by depend on
carp0
is wrong [1].

My setup is like this:

[ upstream ]
 10.1.1.254
  |
  10.1.1.1
  10.1.1.2  carp0  10.1.1.3
[ router#1 ] [ router#2 ]

Should I peer both routers using their external IP's to my upstream
ISP
and keep IBGP session between both of them?

That's what I do, with OSPF on top.


Or should I use depend on
carp0 and local-address 10.1.1.1 on both of them? In this case,
what
am I supposed to announce between both of my routers?

Thanks,
Peter

1. http://www.openbsd.org/papers/linuxtag06-network/mgp00028.html




/Sxren

Re: OpenBGP on CARP

2009-09-29 Thread Soeren Aurehoej 

Den 29/09/2009 kl. 18.24 skrev peter dunaskin:


Hello Soeren,


I'm trying to implement CARP on our edge BGP OpenBSD routers. CARP
itself seems to be working perfectly but I'm having problems  
figuring

out how to propertly configure BGP.

I have couple of external IP's on my network, so limited number of
them
is not an issue (as it's often with internet exchange points)

Could you get one BGP session  to each router from your provider.
That way you only need the carp on the inside.
It makes the setup a little simpler, and allows you to have 2 full  
BGP

views, making failover faster.

Thanks for your reply!
Yes, I could probably ask my provider to give me two BGP sessions.


From claudio's presentation it seems to me doing it by depend on
carp0
is wrong [1].

My setup is like this:

  [ upstream ]
   10.1.1.254
|
10.1.1.1
10.1.1.2  carp0  10.1.1.3
[ router#1 ] [ router#2 ]

Should I peer both routers using their external IP's to my upstream
ISP
and keep IBGP session between both of them?

That's what I do, with OSPF on top.


Could you please tell me what benefit does OSPF in this case give?
It seems to me like this makes things bit more complicated.
I need it due to having 4 upstream in 2 different PoP's to 2  
providers, with a fiber between.

OSPF does  make things more complicated/interesting though.



Could you please send your configuration?

I am not sure they are ready for public consumption... :-)
This is my first production BGP setup, and I could be absolutely wrong.
Beware, all advice from this end should be taken with absolute caution.
:-)



At this point my configuration is like this:

group peering AS3 {
   remote-as 2
   neighbor $upstream {
   descr   AS 3 peer 1
   announce self
   tcp md5sig password somepassword
   depend on carp0
   local-address 10.1.1.1 [this is carp address]
   }
}

group IBGP {
   remote-as 3
   neighbor $core1b {
   descr   core1b
   tcp md5sig password somepassword
   }
}

It's not really clear to me what I should announce between my iBGP
peers.

Upstream I announce self
iBGP I announce all

All according to the manpage of bgpd.conf:

The default value for EBGP peers is self,
 which limits the sent UPDATE messages to announcements  
of the lo-

 cal AS.  The default for IBGP peers is all.



And it's bit complicated to test it, this system currently is in
production and I don't want to mess things up.

Make a testenvironment of old junk pc's ??


/Soeren