How To: BGP Peering at Coloclue


How To: BGP Peering at Coloclue

First of all let me tell you about Datacenter Netwerkvereniging Coloclue an Amsterdam based non-profit association for Server colocation. A colocation service that is more then just rackspace and network. In coloclue you will find a great community exchange tip tips and tricks with each other online and offline.

This meens that since the entire network from uplinks to access is ran by the association and the rackspace is owned by the association you have more freedom to do things like accessing the core routers or BGP peering, which we will cover today in this article.

This article explains only the BGP peering from the client side and basic debugging.

Checkout Coloclue Here and readbelow for the howto.

Configuring the VPS host

Install packages if you want to use vlans:

apt-get install vlan

Now create a new interface in /etc/network/interfaces, this interface is used for all virtual machines to connect to. The used IP will be the gateway for your virtual machines.

auto vlanbr

iface vlanbr inet static

address 10.0.0.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
bridge_maxwait 0

Prepare your VPS host for forwarding and NAT for outgoing connections:

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -A INPUT -d 255.255.255.255/32 -i vlanbr -j ACCEPT
iptables -A INPUT -s 10.0.0.0/24 -i vlanbr -j ACCEPT
iptables -A INPUT -s 10.0.0.0/24 -i eth0 -j ACCEPT
iptables -A FORWARD -s 10.0.0.0/24 -i vlanbr -o eth0 -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -d 10.0.0.0/24 -o eth0 -j LOG
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -d 255.255.255.255/32 -o vlanbr -j ACCEPT
iptables -A OUTPUT -d 10.0.0.0/24 -o vlanbr -j ACCEPT
iptables -A OUTPUT -d 255.255.255.255/32 -o eth0 -j ACCEPT

iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE

Per IP that should point to your VPS you will do something like:

/sbin/route add -net 172.16.10.10 netmask 255.255.255.255 gw 10.0.0.10

In this example 172.16.10.10 should be replaced with your public ip you want to route to your VPS. 10.0.0.10 is the internal IP for your VPS.

Per VPS you also want a line like this if you want outgoing connections from that VPS to use the public IP:

iptables -I POSTROUTING -s 10.0.0.10/32 -o eth0 -j SNAT --to-source 172.16.10.10

In this example the IP addresses have the same meaning as the previous example. eth0 is the interface used for all outgoing connections.

This is everything that is needed for routing IP addresses to your VPS guests from the VPS host. Now we will first at BGP on the VPS host and after that we will configure the important sections on the VPS guest.

BGP on the VPS host

Install required package (bird6 is used for IPv6, not covered besides the installation):

apt-get install bird bird6

Configure bird. You can base it on the example below, comment lines start with # and are used to explain the line just above it. Edit /etc/bird/bird.conf this configuration is for V4 only i have added the v6 configuration below and as you will see it is prettymuch the same.

log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
router id 172.16.25.25;
# Replace 172.16.25.25 with your public IPv4 address for the VPS host. If only a private IP is available check that it is uniq in your environment.

function is_owned_by_me()
prefix set owned_by_me_space;
{
owned_by_me_space = [ 172.16.10.10/30{30,32}, 172.16.20.20/31{31,32} ];
# Replace 172.16.10.10/30 and 172.16.20.20/31 with the prefixes that should be routed to you. Also mention the largest and biggest announcements that are allowed within { and }. The first example allows a /30, /31 and /32 to be announced for this range. In the last example only /31 and /32 are allowed.
if net ~ owned_by_me_space then return true;
return false;
}

filter ebgp_import {
if ( is_owned_by_me () ) then accept;
reject;
}

template bgp ebgp {
local as 65151;
# Define a local as, if you don't have an AS from a RIR use something that is uniq in your network. If needed ask what you need to use at your network supplier/network admin.
import all;
export filter ebgp_import;
source address 172.16.25.25;
# Replace 172.16.25.25 with your public IPv4 address for the VPS host. If only a private IP is available check that it is uniq in your environment. This should be the address used for communication between the host and the routers.
next hop self;
}

protocol bgp dcg1 from ebgp {
neighbor 172.16.25.254 as 8283;
# Replace 172.16.25.254 with the IP of the first router that is your uplink
}
protocol bgp dcg2 from ebgp {
neighbor 172.16.25.253 as 8283;
# Replace 172.16.25.253 with the IP of the second router that is your uplink
}

protocol kernel {
learn; # Learn all alien routes from the kernel
persist; # Don't remove routes on bird shutdown
scan time 20; # Scan kernel routing table every 20 seconds
import all; # Default is import all
export all; # Default is export none, changed to all
}
# This pseudo-protocol watches all interface up/down events.
protocol device {
scan time 10; # Scan interfaces every 10 seconds
}
protocol direct {
interface "eth0";
}
After this restart bird (/etc/init.d/bird restart). 
If you are using systemd then do (systemctl enable bird; systemctl start bird). 

Now for the V6 configuration which is pretty much the exact same please note the Router ID is the v4 address due to the fact that a router ID can only be 32bits max this is why we do not set the v6 address as the Router ID. To add v6 peering you need to edit /etc/bird/bird6.conf.

log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
router id 172.16.25.25;
# Replace 172.16.25.25 with your public IPv4 address for the VPS host. If only a private IP is available check that it is uniq in your environment.

function is_owned_by_me()
prefix set owned_by_me_space;
{
owned_by_me_space = [ fd7e:b83c:3e0e::/48{48,128} ];
# Replace fd7e:b83c:3e0e::/48 with the prefixes that should be routed to you. Also mention the largest and biggest announcements that are allowed within { and }. This example allows all ranges between /48 and /128 to be announced.

if net ~ owned_by_me_space then return true;
return false;
}

filter ebgp_import {
if ( is_owned_by_me () ) then accept;
reject;
}

template bgp ebgp {
local as 65151;
# Define a local as, if you don't have an AS from a RIR use something that is uniq in your network. If needed ask what you need to use at your network supplier/network admin.
import all;
export filter ebgp_import;
source address fd38:596b:418c:2fc7::254;
# Replace fd38:596b:418c:2fc7::254 with your public IPv6 address for the VPS host. If only a private IP is available check that it is uniq in your environment. This should be the address used for communication between the host and the routers.
next hop self;
}

protocol bgp dcg1 from ebgp {
neighbor fd38:596b:418c:2fc7::1 as 8283;
# Replace fd38:596b:418c:2fc7::1 with the IP of the first router that is your uplink
}
protocol bgp dcg2 from ebgp {
neighbor fd38:596b:418c:2fc7::2 as 8283;
# Replace fd38:596b:418c:2fc7::2 with the IP of the second router that is your uplink
}

protocol kernel {
learn; # Learn all alien routes from the kernel
persist; # Don't remove routes on bird shutdown
scan time 20; # Scan kernel routing table every 20 seconds
import all; # Default is import all
export all; # Default is export none, changed to all
}
# This pseudo-protocol watches all interface up/down events.
protocol device {
scan time 10; # Scan interfaces every 10 seconds
}
protocol direct {
interface "eth0";
}

After this restart bird (/etc/init.d/bird6 restart).

If you are using systemd then do (systemctl enable bird6; systemctl start bird6).

The host is now configured. Now go to the VPS guests.

The VPS guests network configuration

For the installation configure everything to use the internal IP (10.0.0.10 in the example). After that add the following to /etc/network/interfaces and bring up the new interface.

auto lo:0
iface lo:0 inet static
address 172.16.10.10
netmask 255.255.255.255

Per public/external IP add an interface with the IP.

Now run the following commands and it should work:

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf

echo 1 > /proc/sys/net/ipv4/ip_forward

Now everything should be configured.

Troubeshooting

Now for me i had some issues at first and i wanted to know more about what was going on so here is a few commands to help you get started.

V4 Bird

To reload config. birdc config
To show BGP Status and if hosts and peers. birdc show protocols
To show detailed status over BGP session and peers. birdc show protocols all
To show detailed status over BGP session and peers. birdc show protocols all PEERNAME
Show exported routes to neighbor router. birdc show route export PEERNAME all

V6 Bird

To reload config. birdc6 config
To show BGP Status and if hosts and peers. birdc6 show protocols
To show detailed status over BGP session and peers. birdc6 show protocols all
To show detailed status over BGP session and peers. birdc6 show protocols all PEERNAME
Show exported routes to neighbor router. birdc6 show route export PEERNAME all

Sourced from article: How to use a routed network for a VPS by Mark Scholten.


Written by Matthew Frost on Saturday October 17, 2015
Tags: