RE: manipulating the best path, eBGP, MED?

2018-04-14 Thread Thomas Valgaeren 
Hey Jerry,

Sorry to bother you, as I was working on my BGP implementation I stumbled
across a problem.
This led me to the Bird mailing list on an article that described my problem
exactly. But it was an item I created with your answer describing the
solution.

At the time I forgot to go further in to this and never got a working state.

Prepending the AS path will probably solve the solution, as I am not good
with programming I would like to ask for help.

This is a part of my configuration:

filter filter_public {
if net = 147.75.102.216/32 then accept;
if net = 147.75.102.217/32 then accept;
if net = 147.75.102.218/32 then accept;
if net = 147.75.102.219/32 then accept;
if net = 147.75.102.220/32 then accept;
if net = 147.75.102.221/32 then accept;
if net = 147.75.102.222/32 then accept;
if net = 147.75.102.223/32 then accept;
}

### To hosting provider
protocol bgp BGP_provider {
export filter filter_public;
local as 65000;
neighbor IPADDRESS as 65530;
password "USjdRHAbPxqj9WxvTRhe";
}


### To other hypervisor

protocol bgp H2 {
import filter filter_public;
export filter filter_public;
local as 65000;
neighbor IPADDRESS as 65000;
next hop self;
}

### Source public ip from a VM

protocol bgp BGP_IPVM {
import filter filter_public;
export none;
local as 65000;
source address internalIP;
neighbor VMinternalIP as 65001;
}

So the VM delivers the public ip to the hypervisor. And the hypervisor to
the provider and the other hypervisor.
How can I prepend the AS path so the provider will know that when a VM is on
Hypervisor1. The path prefix from Hypervisor2 to the provider is 2. And the
provider sees that the prefix form hypervisor1 is 1, and choose this path?

Thanks in advance.

Regards Thomas


-Original Message-
From: Bird-users  On Behalf Of Jerry Scharf
Sent: dinsdag 7 maart 2017 20:35
To: bird-users@network.cz
Subject: Re: manipulating the best path, eBGP, MED?

I always use aspath stuffing rather than MED for this kind of thing. 
After localpref, the next level of choice for a bgp route is the AS path
length, with shorter winning.

Say you want prefix 1 to always prefer hv1 and prefix2 to prefer hv2. On
hv2, prepend your AS onto prefix 1 and on hv1, prepend your AS onto prefix2.
When the other end receives the routes, it will see that the AS path length
is longer to prefix1 from hv2, so it will always prefer hv1. 
If hv1 dies, then it will only have the hv2 route and that will be used. 
When hv1 starts advertising prefix 1 again, the traffic will flow back to
hv1.

It may seem a little gross, but it is simple and effective. MEDs are much
trickier and were designed for the case when you have two different
connections through an intervening AS between the source and destination AS.

jerry
On 3/7/17 11:16 AM, Thomas@PhaseHosting wrote:
> Supp,
>
> I want to send the med with eBGP to my hosts their routers so i can 
> influence where the network traffic enters my virtual envirement. I 
> have 3 hypervisors that run bird.
>
> I can only controll the traffic from my virtual envirement to the 
> internet, because this runs on bird and ucarp. So through the 
> hypervisor where the ucarp interface is placed does my traffic leave.
> this subnet is also distributed to the other hypervisors through iBGP.
>
>
> These hypervisors have all an eBGP connection to my hosts addressing 
> the subnet. So hypervisor 1 isnt the single point of failure. But know 
> the best route (at my hosts to my subnet) is chosen on router age. So 
> in case the first hypervisor dies and the second takes over everything 
> works. but if the first hypervisor comes back alive the eBGP 
> connection from hypervisor 2 stays because of its age.
>
> I want to send a med value on all the eBGp connections from the 
> hypervisors. So my hosts routes always first to hypervisor 1 and then 
> to 2 and so on.
>
> so is this the right configuration to send a med value to my host with 
> the subnet as static route:
>
>
> # your default gateway IP below here
> protocol bgp eBGP {
> import none;
> export  filter {
>   where proto = "static_packet";
>   bgp_med = 100;
>};
> local as 65000;
> neighbor 10.80.x.x as 65530;
> password "SECRET";
> }
>
>
>
> Op 3/7/2017 om 7:08 PM schreef Ondrej Zajicek:
>> On Tue, Mar 07, 2017 at 03:43:13PM +0100, Thomas@PhaseHosting wrote:
>>> Supp,
>>>
>>> thnqx for the reply,
>>>
>>> The BGP i have figured out and i have confirmation from my host they 
>>> accept customer-set MEDs. Only i couldn't get these working and i 
>>> found 2 posts on the internet with a different configuration and i 
>>> don't know which one is the right one, "med metric 10;" or "default 
>>> bgp_med 10;"
>>>
>>> Am i r

Re: [SPAM] Re: manipulating the best path, eBGP, MED?

2017-03-07 Thread Michael McConnell 

> On Mar 7, 2017, at 1:16 PM, Thomas@PhaseHosting  
> wrote:
> 
> Supp,
> 
> I want to send the med with eBGP to my hosts their routers so i can influence 
> where the network traffic enters my virtual envirement. I have 3 hypervisors 
> that run bird.
> 
> I can only controll the traffic from my virtual envirement to the internet, 
> because this runs on bird and ucarp. So through the hypervisor where the 
> ucarp interface is placed does my traffic leave. this subnet is also 
> distributed to the other hypervisors through iBGP.
> 
> 
> These hypervisors have all an eBGP connection to my hosts addressing the 
> subnet. So hypervisor 1 isnt the single point of failure. But know the best 
> route (at my hosts to my subnet) is chosen on router age. So in case the 
> first hypervisor dies and the second takes over everything works. but if the 
> first hypervisor comes back alive the eBGP connection from hypervisor 2 stays 
> because of its age.
> 
> I want to send a med value on all the eBGp connections from the hypervisors. 
> So my hosts routes always first to hypervisor 1 and then to 2 and so on.

in your environment if the oldest BGP session is the inbound, if you want to 
make hyper1 the master again, just do a soft reset of the BGP session on 
hypervisor 2. you can configure this to be executed via a ucarp script when 
hypervisor 1 comes back online. 

outbound will always be via the ucarp floating address (the gateway)

> 
> so is this the right configuration to send a med value to my host with the 
> subnet as static route:
> 
> 
> # your default gateway IP below here
> protocol bgp eBGP {
> import none;
> export  filter {
>  where proto = "static_packet";
>  bgp_med = 100;
>   };
> local as 65000;
> neighbor 10.80.x.x as 65530;
> password "SECRET";
> }
> 
> 
> 
> Op 3/7/2017 om 7:08 PM schreef Ondrej Zajicek:
>> On Tue, Mar 07, 2017 at 03:43:13PM +0100, Thomas@PhaseHosting wrote:
>>> Supp,
>>> 
>>> thnqx for the reply,
>>> 
>>> The BGP i have figured out and i have confirmation from my host they accept
>>> customer-set MEDs. Only i couldn't get these working and i found 2 posts on
>>> the internet with a different configuration and i don't know which one is
>>> the right one, "med metric 10;" or "default bgp_med 10;"
>>> 
>>> Am i right that MED is the only option to influence the  eBGP and manipulate
>>> the prefered path? ( Values like AS are the same and others are not
>>> accepted)
>> Hi
>> 
>> I do not understand if you are trying to manipulate your hosts/routers (i.e.
>> outgoing direction) or neighbors routers (i.e. incoming direction).
>> Both could be influenced by bgp_med attribute (e.g. 'bgp_med = 100;' in
>> import or export filter) assuming your neighbors are from the same AS.
>> 
>> Option 'default bgp_med' is probably not what you want, that is used only if
>> a route with MED is compared to a route without MED.
>> 
>> Option 'med metric' could be used if you want to compare bgp_med
>> attributes on routes received from different AS numbers. But it is a
>> true/false option, the MED still must be set in filters.
>> 
> 
> -- 
> Thomas Valgaeren
> tho...@phasehosting.io
> +32477915307

Re: manipulating the best path, eBGP, MED?

2017-03-07 Thread Jerry Scharf 
I always use aspath stuffing rather than MED for this kind of thing. 
After localpref, the next level of choice for a bgp route is the AS path 
length, with shorter winning.


Say you want prefix 1 to always prefer hv1 and prefix2 to prefer hv2. On 
hv2, prepend your AS onto prefix 1 and on hv1, prepend your AS onto 
prefix2. When the other end receives the routes, it will see that the AS 
path length is longer to prefix1 from hv2, so it will always prefer hv1. 
If hv1 dies, then it will only have the hv2 route and that will be used. 
When hv1 starts advertising prefix 1 again, the traffic will flow back 
to hv1.


It may seem a little gross, but it is simple and effective. MEDs are 
much trickier and were designed for the case when you have two different 
connections through an intervening AS between the source and destination AS.


jerry
On 3/7/17 11:16 AM, Thomas@PhaseHosting wrote:

Supp,

I want to send the med with eBGP to my hosts their routers so i can 
influence where the network traffic enters my virtual envirement. I 
have 3 hypervisors that run bird.


I can only controll the traffic from my virtual envirement to the 
internet, because this runs on bird and ucarp. So through the 
hypervisor where the ucarp interface is placed does my traffic leave. 
this subnet is also distributed to the other hypervisors through iBGP.



These hypervisors have all an eBGP connection to my hosts addressing 
the subnet. So hypervisor 1 isnt the single point of failure. But know 
the best route (at my hosts to my subnet) is chosen on router age. So 
in case the first hypervisor dies and the second takes over everything 
works. but if the first hypervisor comes back alive the eBGP 
connection from hypervisor 2 stays because of its age.


I want to send a med value on all the eBGp connections from the 
hypervisors. So my hosts routes always first to hypervisor 1 and then 
to 2 and so on.


so is this the right configuration to send a med value to my host with 
the subnet as static route:



# your default gateway IP below here
protocol bgp eBGP {
import none;
export  filter {
  where proto = "static_packet";
  bgp_med = 100;
   };
local as 65000;
neighbor 10.80.x.x as 65530;
password "SECRET";
}



Op 3/7/2017 om 7:08 PM schreef Ondrej Zajicek:

On Tue, Mar 07, 2017 at 03:43:13PM +0100, Thomas@PhaseHosting wrote:

Supp,

thnqx for the reply,

The BGP i have figured out and i have confirmation from my host they 
accept
customer-set MEDs. Only i couldn't get these working and i found 2 
posts on
the internet with a different configuration and i don't know which 
one is

the right one, "med metric 10;" or "default bgp_med 10;"

Am i right that MED is the only option to influence the  eBGP and 
manipulate

the prefered path? ( Values like AS are the same and others are not
accepted)

Hi

I do not understand if you are trying to manipulate your 
hosts/routers (i.e.

outgoing direction) or neighbors routers (i.e. incoming direction).
Both could be influenced by bgp_med attribute (e.g. 'bgp_med = 100;' in
import or export filter) assuming your neighbors are from the same AS.

Option 'default bgp_med' is probably not what you want, that is used 
only if

a route with MED is compared to a route without MED.

Option 'med metric' could be used if you want to compare bgp_med
attributes on routes received from different AS numbers. But it is a
true/false option, the MED still must be set in filters.





--
Soundhound Devops
"What could possibly go wrong?"

Re: manipulating the best path, eBGP, MED?

2017-03-07 Thread Stefan Jakob 
Hi Thomas,


You could also consider to prepend your AS in the path. Just some random
google result:

https://www.juniper.net/documentation/en_US/junos/topics/usage-guidelines/policy-prepending-as-numbers-to-bgp-as-paths.html

In Bird:

export filter {
if source = RTS_STATIC then {
bgp_path.prepend(65000);
accept;
}
reject;
};

Our an unchecked adoption of your example:

# your default gateway IP below here
protocol bgp eBGP {
import none;
export  filter {
  where proto = "static_packet";
   # 65000 -> put you AS here or define variable
   bgp_path.prepend(65000);
   # bgp_med = 100;
   };
local as 65000;
neighbor 10.80.x.x as 65530;
password "SECRET";
}

Another option might be to ask for BGP ecmp on transit side.

Hth, SJ

Re: manipulating the best path, eBGP, MED?

2017-03-07 Thread Thomas@PhaseHosting 

Supp,

I want to send the med with eBGP to my hosts their routers so i can 
influence where the network traffic enters my virtual envirement. I have 
3 hypervisors that run bird.


I can only controll the traffic from my virtual envirement to the 
internet, because this runs on bird and ucarp. So through the hypervisor 
where the ucarp interface is placed does my traffic leave. this subnet 
is also distributed to the other hypervisors through iBGP.



These hypervisors have all an eBGP connection to my hosts addressing the 
subnet. So hypervisor 1 isnt the single point of failure. But know the 
best route (at my hosts to my subnet) is chosen on router age. So in 
case the first hypervisor dies and the second takes over everything 
works. but if the first hypervisor comes back alive the eBGP connection 
from hypervisor 2 stays because of its age.


I want to send a med value on all the eBGp connections from the 
hypervisors. So my hosts routes always first to hypervisor 1 and then to 
2 and so on.


so is this the right configuration to send a med value to my host with 
the subnet as static route:



# your default gateway IP below here
protocol bgp eBGP {
import none;
export  filter {
  where proto = "static_packet";
  bgp_med = 100;
   };
local as 65000;
neighbor 10.80.x.x as 65530;
password "SECRET";
}



Op 3/7/2017 om 7:08 PM schreef Ondrej Zajicek:

On Tue, Mar 07, 2017 at 03:43:13PM +0100, Thomas@PhaseHosting wrote:

Supp,

thnqx for the reply,

The BGP i have figured out and i have confirmation from my host they accept
customer-set MEDs. Only i couldn't get these working and i found 2 posts on
the internet with a different configuration and i don't know which one is
the right one, "med metric 10;" or "default bgp_med 10;"

Am i right that MED is the only option to influence the  eBGP and manipulate
the prefered path? ( Values like AS are the same and others are not
accepted)

Hi

I do not understand if you are trying to manipulate your hosts/routers (i.e.
outgoing direction) or neighbors routers (i.e. incoming direction).
Both could be influenced by bgp_med attribute (e.g. 'bgp_med = 100;' in
import or export filter) assuming your neighbors are from the same AS.

Option 'default bgp_med' is probably not what you want, that is used only if
a route with MED is compared to a route without MED.

Option 'med metric' could be used if you want to compare bgp_med
attributes on routes received from different AS numbers. But it is a
true/false option, the MED still must be set in filters.



--
Thomas Valgaeren
tho...@phasehosting.io
+32477915307

Re: manipulating the best path, eBGP, MED?

2017-03-07 Thread Ondrej Zajicek 
On Tue, Mar 07, 2017 at 03:43:13PM +0100, Thomas@PhaseHosting wrote:
> Supp,
> 
> thnqx for the reply,
> 
> The BGP i have figured out and i have confirmation from my host they accept
> customer-set MEDs. Only i couldn't get these working and i found 2 posts on
> the internet with a different configuration and i don't know which one is
> the right one, "med metric 10;" or "default bgp_med 10;"
> 
> Am i right that MED is the only option to influence the  eBGP and manipulate
> the prefered path? ( Values like AS are the same and others are not
> accepted)

Hi

I do not understand if you are trying to manipulate your hosts/routers (i.e.
outgoing direction) or neighbors routers (i.e. incoming direction).
Both could be influenced by bgp_med attribute (e.g. 'bgp_med = 100;' in
import or export filter) assuming your neighbors are from the same AS.

Option 'default bgp_med' is probably not what you want, that is used only if
a route with MED is compared to a route without MED.

Option 'med metric' could be used if you want to compare bgp_med
attributes on routes received from different AS numbers. But it is a
true/false option, the MED still must be set in filters.

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."

Re: manipulating the best path, eBGP, MED?

2017-03-07 Thread Thomas@PhaseHosting 

Supp,

thnqx for the reply,

The BGP i have figured out and i have confirmation from my host they 
accept customer-set MEDs. Only i couldn't get these working and i found 
2 posts on the internet with a different configuration and i don't know 
which one is  the right one, "med metric 10;" or "default bgp_med 10;"


Am i right that MED is the only option to influence the  eBGP and 
manipulate the prefered path? ( Values like AS are the same and others 
are not accepted)



I attached my eBGP in previous mail.


Regards Thomas



Op 3/7/2017 om 2:26 PM schreef Michael McConnell:

Hello Thomas,

I’m a tiny bit confused by your question, but here is my best attempt 
to answer it. In regards to multiple routers say you have .4 and .5 
both with a HA address of .1 when using eBGP it will likely be the 
“old first” as you say that your host will pass the INBOUND data to. 
In regards to the outbound data, your host will accept the data from 
either .4 or .5 without issue, in fact it is a common configuration to 
have people the oldest BGP session be the inbound and then manipulate 
the HA and have .1 be on the newest. That way you have a bit of load 
distributed between the inbound and outbound host.


Hope that helps,
Mike

*--*
*Michael McConnell*
*WINK Streaming;*
*email:* mich...@winkstreaming.com 
*phone:* +1 312 281-5433 *x 7400*
*cell:* +506 8706-2389
*skype:* wink-michael
*web:* http://winkstreaming.com 

On Mar 6, 2017, at 6:27 PM, Thomas@PhaseHosting 
mailto:tho...@phasehosting.io>> wrote:


Supp,

I implemented bird in our Private cloud running proxmox to distribute 
our public address with eBGP to our serverhost.


Through iBGP and a ucarp interface i have a HA gateway, the problem 
is that our host receives the routes but there are multiple entry 
points to our subnet ( the proxmox hosts). This makes that a diffrent 
in & out route doenst work. through following link: 
https://supportforums.cisco.com/document/126691/understanding-bgp-best-path-selection-manipulation 
I learned that my hosts selects its route based on age ( the bird 
with the first connection is chosen).



Can i send a multi-exit discriminator with my eBGP connection to my 
host? I googled but could find 2 answers that did't change anything:


# your default gateway IP below here
protocol bgp eBGP {
import none;
export  where proto = "static_packet";
local as 65000;
neighbor 10.80.x.x as 65530;
password "SECRET";
#med metric 10;
#default bgp_med 10;
}

(offcourse i tried both without # and waited till export)


Or is there an other way to make sure that our host routes always to 
the first server and so on.




--
Thomas Valgaeren
tho...@phasehosting.io 
+32477915307




--
Thomas Valgaeren
tho...@phasehosting.io
+32477915307

Re: manipulating the best path, eBGP, MED?

2017-03-07 Thread Michael McConnell 
Hello Thomas,

I’m a tiny bit confused by your question, but here is my best attempt to answer 
it. In regards to multiple routers say you have .4 and .5 both with a HA 
address of .1 when using eBGP it will likely be the “old first” as you say that 
your host will pass the INBOUND data to. In regards to the outbound data, your 
host will accept the data from either .4 or .5 without issue, in fact it is a 
common configuration to have people the oldest BGP session be the inbound and 
then manipulate the HA and have .1 be on the newest. That way you have a bit of 
load distributed between the inbound and outbound host. 

Hope that helps,
Mike

--
Michael McConnell
WINK Streaming;
email: mich...@winkstreaming.com 
phone: +1 312 281-5433 x 7400
cell: +506 8706-2389
skype: wink-michael
web: http://winkstreaming.com 
> On Mar 6, 2017, at 6:27 PM, Thomas@PhaseHosting  
> wrote:
> 
> Supp,
> 
> I implemented bird in our Private cloud running proxmox to distribute our 
> public address with eBGP to our serverhost.
> 
> Through iBGP and a ucarp interface i have a HA gateway, the problem is that 
> our host receives the routes but there are multiple entry points to our 
> subnet ( the proxmox hosts). This makes that a diffrent in & out route doenst 
> work. through following link: 
> https://supportforums.cisco.com/document/126691/understanding-bgp-best-path-selection-manipulation
>  I learned that my hosts selects its route based on age ( the bird with the 
> first connection is chosen).
> 
> 
> Can i send a multi-exit discriminator with my eBGP connection to my host? I 
> googled but could find 2 answers that did't change anything:
> 
> # your default gateway IP below here
> protocol bgp eBGP {
> import none;
> export  where proto = "static_packet";
> local as 65000;
> neighbor 10.80.x.x as 65530;
> password "SECRET";
> #med metric 10;
> #default bgp_med 10;
> }
> 
> (offcourse i tried both without # and waited till export)
> 
> 
> Or is there an other way to make sure that our host routes always to the 
> first server and so on.
> 
> 
> 
> -- 
> Thomas Valgaeren
> tho...@phasehosting.io
> +32477915307