BGP Configuration Base

WebToor · May 12, 2020, 1:52pm

Hi,

I’m working on BGP LAB, to get VCNE :

My actual config :

As you can see Between VyOS2 & 1 this is a OSPF area “0”

From Vy-1 i can reach PC&1 in LAN 10.0.0.1

So now i need to configure BGP “eBGP” on Vy-1 & Vy-3

BGP STATUS :

Vy-3 ROUTE TABLE :

Vy-1 ROUTE TABLE :

I don’t understand how to get route on Vy-3 to reach LAN 10.0.0.0/24

Config after so many test :

Vy-1 :

interfaces {
ethernet eth0 {
address 192.168.1.1/24
description WAN-OSPF
hw-id 0c:a4:ec:2b:ce:00
}
ethernet eth1 {
hw-id 0c:a4:ec:2b:ce:01
}
ethernet eth2 {
hw-id 0c:a4:ec:2b:ce:02
}
ethernet eth3 {
address 88.88.88.1/16
hw-id 0c:a4:ec:2b:ce:03
}
loopback lo {
address 10.1.1.1/32
}
}
policy {
prefix-list AS65535-IN {
rule 10 {
action permit
prefix 192.168.0.0/16
}
}
prefix-list AS65535-OUT {
rule 10 {
action permit
prefix 192.168.0.0/16
}
}
route-map AS65535-IN {
rule 10 {
action permit
match {
ip {
address {
prefix-list AS65535-IN
}
}
}
}
}
route-map AS65535-OUT {
rule 10 {
action permit
match {
ip {
address {
prefix-list AS65535-OUT
}
}
}
}
}
route-map CONNECT {
rule 10 {
action permit
match {
interface eth0
}
}
}
}
protocols {
bgp 65534 {
address-family {
ipv4-unicast {
network 10.1.1.1/32 {
}
}
}
neighbor 88.88.88.2 {
address-family {
ipv4-unicast {
route-map {
export AS65535-OUT
import AS65535-IN
}
}
}
ebgp-multihop 2
remote-as 65535
update-source 88.88.88.1
}
parameters {
router-id 88.88.88.1
}
}

Vy-3

Interfaces {
ethernet eth0 {
address 88.88.88.2/16
hw-id 0c:a4:ec:b3:1c:00
}
ethernet eth1 {
hw-id 0c:a4:ec:b3:1c:01
}
ethernet eth2 {
hw-id 0c:a4:ec:b3:1c:02
}
ethernet eth3 {
hw-id 0c:a4:ec:b3:1c:03
}
loopback lo {
address 10.2.2.2/32
}
}
policy {
prefix-list AS65535-IN {
rule 10 {
action permit
prefix 88.88.0.0/16
}
}
prefix-list AS65535-OUT {
rule 10 {
action permit
prefix 88.88.0.0/16
}
}
route-map AS65535-IN {
rule 10 {
action permit
match {
ip {
address {
prefix-list AS65535-IN
}
}
}
}
}
route-map AS65535-OUT {
rule 10 {
action permit
match {
ip {
address {
prefix-list AS65535-OUT
}
}
}
}
}
}
protocols {
bgp 65535 {
address-family {
ipv4-unicast {
network 10.2.2.2/32 {
}
}
}
neighbor 88.88.88.1 {
address-family {
ipv4-unicast {
route-map {
export AS65535-OUT
import AS65535-IN
}
}
}
ebgp-multihop 2
remote-as 65534
update-source 88.88.88.2
}
parameters {
router-id 88.88.88.2
}
}
static {
route 10.2.2.2/32 {
blackhole {
distance 254
}
}
}
}

Thanks in advance.

Jeff · May 12, 2020, 2:05pm

Since you use 2 routing protocols, OSPF and BGP, did you enable redistribution of OSPF in BGP and of BGP in OSPF on Vy1?

(you should put the entire configuration of each router)

olofl · May 12, 2020, 2:06pm

vyos-1 is not redistributing 10.0.0.0/24.
your prefix lists doesn’t match 10.0.0.0/24.

WebToor · May 12, 2020, 2:14pm

Hi Jeff, hi olofl

Thanks for your quick reply so :

Config belongs,

Rule 11 about olofl

Vy-1

interfaces {
ethernet eth0 {
address 192.168.1.1/24
description WAN-OSPF
hw-id 0c:a4:ec:2b:ce:00
}
ethernet eth1 {
hw-id 0c:a4:ec:2b:ce:01
}
ethernet eth2 {
hw-id 0c:a4:ec:2b:ce:02
}
ethernet eth3 {
address 88.88.88.1/16
hw-id 0c:a4:ec:2b:ce:03
}
loopback lo {
address 10.1.1.1/32
}
}
policy {
prefix-list AS65535-IN {
rule 10 {
action permit
prefix 192.168.0.0/16
}
rule 11 {
** action permit**
** prefix 10.0.0.0/24**
** }**
** }**
prefix-list AS65535-OUT {
rule 10 {
action permit
prefix 192.168.0.0/16
}
rule 11 {
** action permit**
** prefix 10.0.0.0/24**
** }**
** }**
route-map AS65535-IN {
rule 10 {
action permit
match {
ip {
address {
prefix-list AS65535-IN
}
}
}
}
}
route-map AS65535-OUT {
rule 10 {
action permit
match {
ip {
address {
prefix-list AS65535-OUT
}
}
}
}
}
route-map CONNECT {
rule 10 {
action permit
match {
interface eth0
}
}
}
}
protocols {
bgp 65534 {
address-family {
ipv4-unicast {
network 10.1.1.1/32 {
}
}
}
neighbor 88.88.88.2 {
address-family {
ipv4-unicast {
route-map {
export AS65535-OUT
import AS65535-IN
}
}
}
ebgp-multihop 2
remote-as 65535
update-source 88.88.88.1
}
parameters {
router-id 88.88.88.1
}
}
ospf {
area 0 {
network 192.168.1.0/24
}
default-information {
originate {
always
metric 10
metric-type 2
}
}
log-adjacency-changes {
}
parameters {
abr-type cisco
router-id 192.168.1.1
}
redistribute {
connected {
metric-type 2
route-map CONNECT
}
}
}
static {
route 10.1.1.1/32 {
blackhole {
distance 254
}
}
}
}

Vy-3

interfaces {
ethernet eth0 {
address 88.88.88.2/16
hw-id 0c:a4:ec:b3:1c:00
}
ethernet eth1 {
hw-id 0c:a4:ec:b3:1c:01
}
ethernet eth2 {
hw-id 0c:a4:ec:b3:1c:02
}
ethernet eth3 {
hw-id 0c:a4:ec:b3:1c:03
}
loopback lo {
address 10.2.2.2/32
}
}
policy {
prefix-list AS65535-IN {
rule 10 {
action permit
prefix 88.88.0.0/16
}
}
prefix-list AS65535-OUT {
rule 10 {
action permit
prefix 88.88.0.0/16
}
}
route-map AS65535-IN {
rule 10 {
action permit
match {
ip {
address {
prefix-list AS65535-IN
}
}
}
}
}
route-map AS65535-OUT {
rule 10 {
action permit
match {
ip {
address {
prefix-list AS65535-OUT
}
}
}
}
}
}
protocols {
bgp 65535 {
address-family {
ipv4-unicast {
network 10.2.2.2/32 {
}
}
}
neighbor 88.88.88.1 {
address-family {
ipv4-unicast {
route-map {
export AS65535-OUT
import AS65535-IN
}
}
}
ebgp-multihop 2
remote-as 65534
update-source 88.88.88.2
}
parameters {
router-id 88.88.88.2
}
}
static {
route 10.2.2.2/32 {
blackhole {
distance 254
}
}
}
}

Vy-2

interfaces {
ethernet eth0 {
address 192.168.1.2/24
description WAN-OSPF
hw-id 0c:a4:ec:27:f6:00
}
ethernet eth1 {
address 10.0.0.1/24
description LAN-1
hw-id 0c:a4:ec:27:f6:01
}
ethernet eth2 {
hw-id 0c:a4:ec:27:f6:02
}
ethernet eth3 {
hw-id 0c:a4:ec:27:f6:03
}
loopback lo {
}
}
policy {
route-map CONNECT {
rule 10 {
action permit
match {
interface eth0
}
}
rule 11 {
action permit
match {
interface eth1
}
}
}
}
protocols {
ospf {
area 0 {
network 192.168.1.0/24
}
log-adjacency-changes {
}
parameters {
abr-type cisco
router-id 192.168.1.2
}
redistribute {
connected {
metric-type 2
route-map CONNECT
}
}
}
}
service {
dhcp-server {
shared-network-name DHCP {
authoritative
subnet 10.0.0.0/24 {
default-router 10.0.0.1
dns-server 10.0.0.1
lease 86400
range 0 {
start 10.0.0.10
stop 10.0.0.20
}
}
}
}
}
system {
config-management {
commit-revisions 100
}
console {
device ttyS0 {
speed 115200
}
}
host-name vyos
login {
user vyos {
authentication {
encrypted-password ****************
plaintext-password ****************
}
}
}
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
}

den · May 12, 2020, 6:54pm

Hello,
You are filtering 10.0.0.0/24 on Vy-3 side.
On Vy-3 you need to add

set policy prefix-list AS65535-IN rule 20 action permit
set policy prefix-list AS65535-IN rule 20 prefix 10.0.0.0/24

into AS65535-IN prefix-list

den · May 12, 2020, 7:41pm

And btw - you need to do

set protocols bgp 65534 address-family ipv4-unicast redistribute ospf route-map AS65535-OUT

on Vy-1 because export AS65535-OUT it is not redistribution, it is only filtering on outgoing way.

WebToor · May 13, 2020, 6:47am

Hello Den,

Thanks for your reply.i check

system · May 15, 2020, 6:57am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.