BGP IPv6 prepend one of my h:h:h:h:h:h:h:h/32 networks - how?

Topic: I’m a new-be to VyOS BGP IPv6 prepend one of my h:h:h:h:h:h:h:h/32 networks - how ?

I have configured two IPv6 VyOS routers now running. Basic IPv6 BGP , nothing fancy nothing special.
I have two IPv6 /32 networks I am announcing.
I am now trying to prepend one of my IPv6 /32 networks so that that one of my IPv6 /32 networks becomes less desirable so that my other IPv6 BGP router then starts receiving more IPv6 incoming connections.

I barely understand BGP and I am almost clueless on route maps and what is needed to prepend an IPv6 network ( add my AS times to a specific IPv6 /32 network ).

Prior to asking , I have searched these Vyos forums and have not been able to get prepend working.

here is a show command config on one of my working IPv6 VyOS bgp routers:

 set protocols bgp address-family ipv6-unicast network 2605:4e40::/32
 set protocols bgp address-family ipv6-unicast network 2605:6340::/32
 set protocols bgp neighbor 2605:21c0:1000:26::1 address-family ipv6-unicast
 set protocols bgp neighbor 2605:21c0:1000:26::1 remote-as '20055'
 set protocols bgp system-as '40033'

I wish to ask for some help. Here is what I am trying on one of my IPv6 BGP routers , but not working - a little help please - thank you:

set policy route-map 2605-4e40–_32-OUT rule 10 action permit
set policy route-map 2605-4e40–_32-OUT rule 10 match ipv6 address prefix-list 2605:4e40::/32
set policy route-map 2605-4e40–_32-OUT rule 10 set as-path prepend-last-as 4
*** ( prepend my AS # four times to this BGP /32 announcement )

*** O any by the way , I am really starting to like VyOS

Thank you

North Idaho Tom Jones

It takes a little while using route-maps to understand how they work, as they’re used flexibly in a variety of scenarios.

For this one, it looks like you’re nearly there. You’re setting up an export route-map for a specific upstream neighbour.

First thing, a prefix-list is an separate config element, not an address embedded in the route-map, for eg:

set policy prefix-list6 PL-PREPENDED-NETS description "Prefixes we want to prepend upstream"
set policy prefix-list6 PL-PREPENDED-NETS rule 10 action permit
set policy prefix-list6 PL-PREPENDED-NETS rule 10 prefix 2605:4e40::/32
set policy prefix-list6 PL-ANNOUNCED-NETS description "Prefixes we want to announce upstream"
set policy prefix-list6 PL-ANNOUNCED-NETS rule 10 action permit
set policy prefix-list6 PL-ANNOUNCED-NETS rule 10 prefix 2605:4e40::/32
set policy prefix-list6 PL-ANNOUNCED-NETS rule 20 action permit
set policy prefix-list6 PL-ANNOUNCED-NETS rule 20 prefix 2605:6340::/32

Then you just need a route-map setup appropriately:

set policy route-map UPSTREAM-AS20055-OUT rule 100 description "Announce with prepending"
set policy route-map UPSTREAM-AS20055-OUT rule 100 action permit
set policy route-map UPSTREAM-AS20055-OUT rule 100 match ipv6 address prefix-list PL-PREPENDED-NETS
set policy route-map UPSTREAM-AS20055-OUT rule 100 set as-path prepend-last-as 4
set policy route-map UPSTREAM-AS20055-OUT rule 200 description "Announce all valid"
set policy route-map UPSTREAM-AS20055-OUT rule 200 action permit
set policy route-map UPSTREAM-AS20055-OUT rule 200 match ipv6 address prefix-list PL-ANNOUNCED-NETS

Finally set it as the export RM for that neighbour or peer-group:

set protocols bgp neighbor 2605:21c0:1000:26::1 address-family ipv6-unicast route-map export UPSTREAM-AS20055-OUT 

Commit & confirm expected operation from op-mode (or use run from config-mode):

show bgp ipv6 neighbors 2605:21c0:1000:26::1 advertised-routes 

And it doesn’t hurt to check an external looking glass.

If that doesn’t work, then prepend-last-as may not apply to local announcements. I’ve not used it yet, I still use the older style set as-path prepend "40033 40033 40033".

You can use other matching criteria for more complex networks, not just prefix-lists. For eg, if you had some central peers announcing your internal prefixes and several border routers speaking to external peers, the announcing routers can set community tags and other attributes on the prefixes for the borders to match when they’re deciding what to announce and how. The border can set attributes so interior routers know where external prefixes entered the network for filtering and preferencing. Route-maps are also capable of some simple logic with the “on-match”, “continue” and “call” parameters - but it’s a good idea to keep it as simple as possible.

I find it’s best to have a “default-deny” mindset with external BGP - if a prefix isn’t needed, don’t announce it. In my example above, that means the only prefixes we can announce are the ones we want to - we aren’t pumping out accidental private management ranges or locally connected interfaces that managed to sneak into internal BGP, or reflecting any upstream misconfiguration out to another carrier. IBGP is a bit different but in larger networks does need similar constraints.

Finally, keep in mind that external peers have their own policies and may manipulate your presented path as they see fit. For eg, some providers will strip too many prepends down to a maximum number if they receive them, for others it may not match their path filters.

talmakion - Thank you for your prompt reply.

Your answer to my question appears somewhat easy to understand and it appears straight forward to follow the flow for what the two prefix-list6 lists are doing , then continue following the flow into the route-map section.

Again - thank you

I will reconfigure one of my IPv6 BGP routers using the example you have provided. Then check the looking glass servers and also check my BGP IPv6 advertised-routes , and also perform some remote Internet traceroutes into my IPv6 BGP routers. I will come back later and post my results.

FYI :

• I have two VyOS IPv6 BGP routers and another two Mikrotik IPv4 CHR BGP routers. Sometime possibly today , I will be switching from Mikrotik IPv4 CHR BGP routers to VyOS IPv4 BGP routers and I will also be creating some similar AS prepends on some of my IPv4 BGP announcements.

Re your statement ; … some providers will strip … prepends
I am lucky , I already have some IPv4 and IPv6 prepends that were working on my older Mikrotik CHR routers ( which will all soon be VyOS ).

I will soon be migrating from two 10-Gig BGP feeds to possibly 100-Gig BGP feeds. Mikrotik CHR routers are only virtual routers and can not handle that amount of traffic. With VyOS routers , I can first build some VyOS virtual routers , then later move into some bare-metal high-end dedicated hardware for my high-throughput VyOS routers.

again - thank you for your answer and advice
North Idaho Tom Jones

Well - hate so say it , but I failed on my many attempts to prepend.

I tried several dozen times - your posted config and multiple variants , I even tried it on an IPv4 BGP router and no luck.

I even tried replacing → set policy route-map UPSTREAM-AS20055-OUT rule 100 set as-path prepend-last-as 4
with → set policy route-map UPSTREAM-AS20055-OUT rule 100 set as-path prepend ‘40033 40033 40033 40033’

Looks like I’m going to need to set up a lab network and do some reading to get a working knowledge how this works.

so for now - I am back to my original working config that does not prepend:
set protocols bgp address-family ipv6-unicast network 2605:4e40::/32
set protocols bgp address-family ipv6-unicast network 2605:6340::/32
set protocols bgp neighbor 2605:21c0:1000:26::1 address-family ipv6-unicast
set protocols bgp neighbor 2605:21c0:1000:26::1 remote-as ‘20055’
set protocols bgp system-as ‘40033’

North Idaho Tom Jones

Well - hate so say it , but I failed on my many attempts to prepend.

I tried several dozen times - your posted config and multiple variants , I even tried it on an IPv4 BGP router and no luck.

I even tried replacing → set policy route-map UPSTREAM-AS20055-OUT rule 100 set as-path prepend-last-as 4
with → set policy route-map UPSTREAM-AS20055-OUT rule 100 set as-path prepend ‘40033 40033 40033 40033’

Looks like I’m going to need to set up a lab network and do some reading to get a working knowledge how this works.

so for now - I am back to my original working config that does not prepend:
set protocols bgp address-family ipv6-unicast network 2605:4e40::/32
set protocols bgp address-family ipv6-unicast network 2605:6340::/32
set protocols bgp neighbor 2605:21c0:1000:26::1 address-family ipv6-unicast
set protocols bgp neighbor 2605:21c0:1000:26::1 remote-as ‘20055’
set protocols bgp system-as ‘40033’

North Idaho Tom Jones

The as-path prepend-last-as 4 won’t work because you’re trying to prepend to routes with a null as-path (locally advertised prefixes).

as-path prepend ‘40033 40033 40033 40033’ should work just fine though. You can even apply it to the network statement instead of to an export policy.

Try this:

set policy route-map PP_40033_4 rule 10 action 'permit'
set policy route-map PP_40033_4 rule 10 set as-path prepend '40033 40033 40033 40033'
set protocols bgp address-family ipv6-unicast network 2605:4e40::/32 route-map 'PP_40033_4'

You may need to do a soft clear for the upstream to receive the updated routes:

reset bgp ipv6 2605:21c0:1000:26::1 soft

L0crian - thank you for your post and help.

So , with my current config:
set protocols bgp address-family ipv6-unicast network 2605:4e40::/32
set protocols bgp address-family ipv6-unicast network 2605:6340::/32
set protocols bgp neighbor 2605:21c0:1000:26::1 address-family ipv6-unicast
set protocols bgp neighbor 2605:21c0:1000:26::1 remote-as ‘20055’
set protocols bgp system-as ‘40033’

is all I need to do is simply paste in the config below , do a soft reset and it should then I should end up with a working prepend ?

set policy route-map PP_40033_4 rule 10 action ‘permit’
set policy route-map PP_40033_4 rule 10 set as-path prepend ‘40033 40033 40033 40033’
set protocols bgp address-family ipv6-unicast network 2605:4e40::/32 route-map ‘PP_40033_4’

– thank you –

North Idaho Tom Jones
fyi - normally , I’m the one helping others on their what-ever configurations …

Yep, assuming your config didn’t include any placeholders, you should just need to paste that in.

It works

I triple verified the IPv6 prepending works.

What can I say … a big thank you !!!

Starting with my original configuration :
set protocols bgp address-family ipv6-unicast network 2605:4e40::/32
set protocols bgp address-family ipv6-unicast network 2605:6340::/32
set protocols bgp neighbor 2605:21c0:1000:26::1 address-family ipv6-unicast
set protocols bgp neighbor 2605:21c0:1000:26::1 remote-as ‘20055’
set protocols bgp system-as ‘40033’

and adding the following :
set policy route-map PP_40033_4 rule 10 action ‘permit’
set policy route-map PP_40033_4 rule 10 set as-path prepend ‘40033 40033 40033 40033’
set protocols bgp address-family ipv6-unicast network 2605:4e40::/32 route-map ‘PP_40033_4’

I end up with this working IPv6 prepend for my 2605:4e40::/32 network anouncements:
set policy route-map PP_40033_4 rule 10 action ‘permit’
set policy route-map PP_40033_4 rule 10 set as-path prepend ‘40033 40033 40033 40033’
set protocols bgp address-family ipv6-unicast network 2605:4e40::/32 route-map ‘PP_40033_4’
set protocols bgp address-family ipv6-unicast network 2605:6340::/32
set protocols bgp neighbor 2605:21c0:1000:26::1 address-family ipv6-unicast
set protocols bgp neighbor 2605:21c0:1000:26::1 remote-as ‘20055’
set protocols bgp system-as ‘40033’

again - thank you

North Idaho Tom Jones

Awesome! Glad to hear you got everything sorted.

L0crian - again thank you.

I applied the same configuration steps you supplied to one of my IPv4 VyOS BGP servers and it also works. Of course I changed all IPv6 references to IPv4 , then simply paste in the additional configuration using a single prepend instead of four prepends , and presto … it also worked.

I like your 3-line configuration for prepending , it’s simple, and it works.

I hope others VyOS admins easily find this prepend forum topic when searching to do the same thing on their BGP servers.

North Idaho Tom Jones

No problem! Applying policy as you import prefixes into BGP can be an effective way to change attributes, since you don’t have to worry about directionality when calling them. It’s also scalable since you can create the policy once, and apply it to prefixes as you import them.

Don’t forget to add descriptions to your route-map entries as you go. It’s not too bad if you only have a couple, but once they start to add up, you’ll thank yourself later.

One last thing to remember, this method only works when importing prefixes into BGP (from connected, static, IGP, etc…). If you receive the prefix from a BGP peer, and need to apply policy, you’ll need to apply the policies like @talmakion mentioned, with a matched object (prefix-list, community-list, etc…), set command, and applied in a direction to the BGP peer.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.