Hi everyone, I’m new to VyOS but I have used JunOS before, so it’s not to hard for me to handle VyOS.
I use VyOS 1.3.2 to operate a BGP network with a few upstreams. Here is what I’m facing:
set interfaces ethernet eth0 address ‘x.x.x.x/31’
set interfaces ethernet eth0 description ‘Upstream BGP IP’
set interfaces ethernet eth0 firewall local name ‘BGP’
set firewall name BGP default-action ‘drop’
set firewall name BGP rule 1 action ‘accept’
set firewall name BGP rule 1 description ‘Allow traffic from upstream IP’
set firewall name BGP rule 1 source group address-group ‘BGP-IP’
set interfaces ethernet eth1 address ‘x.x.x.1/24’
set interfaces ethernet eth1 description ‘Owned Announcing IP’
set policy route-map BGP-import rule 1 action ‘deny’
set policy route-map BGP-import rule 1 match ip address prefix-list ‘bogons’
set policy route-map BGP-import rule 2 action ‘deny’
set policy route-map BGP-import rule 2 match ipv6 address prefix-list ‘bogonsv6’
set policy route-map BGP-import rule 3 action ‘permit’
set policy route-map BGP-import rule 3 set as-path-exclude ‘xxxxx’
set policy route-map BGP-import rule 3 set src ‘x.x.x.1’
set protocols bgp xxxxx address-family ipv4-unicast network x.x.x.0/24
set protocols bgp xxxxx neighbor xx.xx.xx.xx address-family ipv4-unicast route-map import ‘BGP-import’
set protocols bgp xxxxx neighbor xx.xx.xx.xx remote-as ‘xxxxx’
set protocols bgp xxxxx neighbor xx.xx.xx.xx solo
I use route-map to set src IP, but nothing happened.
Hi @ILLKX , did you configure source ip address on eth0 which you define in policy route-map BGP-import rule 3 set src ‘x.x.x.1’?
A bit complex to understand without toplogy and full ip address masking, what do you really want to achive . Maybe it will be better to use show configuration commands | strip-private
Thank you very much for the reply. Yes, the x.x.x.1 has been configured on eth1 instead of eth0. I have spent some time to reproduce on a completely new machine with both VyOS 1.3.2 and the rolling release and the result remains. Below is my configuration:
set interfaces ethernet eth0 address 'xxx.xxx.109.211/23'
set interfaces ethernet eth1 address 'xxx.xxx.0.1/24'
set interfaces loopback lo
set policy route-map import rule 1 action 'permit'
set policy route-map import rule 1 set local-preference '100'
set policy route-map import rule 1 set src 'xxx.xxx.0.1'
set protocols bgp neighbor xxx.xxx.169.254 address-family ipv4-unicast route-map import 'import'
set protocols bgp neighbor xxx.xxx.169.254 ebgp-multihop '2'
set protocols bgp neighbor xxx.xxx.169.254 password xxxxxx
set protocols bgp neighbor xxx.xxx.169.254 remote-as '64515'
set protocols bgp neighbor xxx.xxx.169.254 solo
set protocols bgp parameters default local-pref '100'
set protocols bgp parameters ebgp-requires-policy
set protocols bgp system-as '4288000215'
set protocols static route xxx.xxx.0.0/0 next-hop xxx.xxx.108.1
set protocols static route xxx.xxx.169.254/32 next-hop xxx.xxx.108.1
set service ssh port '22'
set system config-management commit-revisions '100'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed '115200'
set system host-name xxxxxx
set system login user xxxxxx authentication encrypted-password xxxxxx
set system ntp server xxxxx.tld
set system ntp server xxxxx.tld
set system ntp server xxxxx.tld
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
I hope this configuration will help you address the issue.
vyos@vyos:~$ show version
Version: VyOS 1.5-rolling-202402140022
Release train: current
Built by: autobuild@vyos.net
Built on: Wed 14 Feb 2024 02:22 UTC
Build UUID: e810dc91-59c5-4aba-80b4-8f5e6b5ccc96
Build commit ID: 22959ce1c0ab80
Architecture: x86_64
Boot via: installed image
System type: KVM guest
Hardware vendor: Alibaba Cloud
Hardware model: Alibaba Cloud ECS
Hardware S/N: 9429f738-3054-426d-8dcf-fe8e3eb8e5de
Hardware UUID: 9429f738-3054-426d-8dcf-fe8e3eb8e5de
Copyright: VyOS maintainers and contributors
set interfaces dummy dum0 address 'xxxx:xxxx:e15e::120/128'
set interfaces ethernet eth0 address 'xxx.xxx.9.198/18'
set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:e9'
set interfaces loopback lo
set interfaces tunnel tun20 address 'xxxx:xxxx:xx:3023::120/127'
set interfaces tunnel tun20 encapsulation 'gre'
set interfaces tunnel tun20 remote 'xxx.xxx.132.153'
set interfaces tunnel tun20 source-address 'xxx.xxx.9.198'
set policy route-map ROUTES-IPV6-IBGP-IN rule 10 action 'permit'
set policy route-map ROUTES-IPV6-IBGP-IN rule 10 set src 'xxxx:xxxx:e15e::120'
set protocols bgp address-family ipv6-unicast redistribute connected
set protocols bgp neighbor xxxx:xxxx:xx:3023::121 address-family ipv6-unicast route-map import 'ROUTES-IPV6-IBGP-IN'
set protocols bgp neighbor xxxx:xxxx:xx:3023::121 remote-as 'internal'
set protocols bgp neighbor xxxx:xxxx:xx:3023::121 solo
set protocols bgp neighbor xxxx:xxxx:xx:3023::121 update-source 'tun20'
set protocols bgp parameters router-id 'xxx.xxx.xx.xxx'
set protocols bgp system-as 'my asn'
vyos@vyos:~$ ip -6 r|head
100::1 nhid 50126 via fe80::2d94:8499 dev tun20 proto bgp metric 20 pref medium
2001::/32 nhid 50126 via fe80::2d94:8499 dev tun20 proto bgp metric 20 pref medium
2001:4:112::/48 nhid 50126 via fe80::2d94:8499 dev tun20 proto bgp metric 20 pref medium
2001:200:900::/40 nhid 50126 via fe80::2d94:8499 dev tun20 proto bgp metric 20 pref medium
...
