- en
- fr
Table of Contents
BGP Route reflector and Confederation using FRRouting and Bird
Presentation
Network diagram
Preparing
This chapter will describe how to start the lab.
Setting-up the lab
See instruction on How to build a BSDRP router lab.
Starting the lab
Start this lab with with one of the script corresponding to your needs (vbox, qemu, bhyve) The output should be like that:
root@lab:~ # BSDRP-lab-bhyve.sh -i BSDRP-1.52-full-amd64-serial.img.xz -n 7 -l 1 BSD Router Project (http://bsdrp.net) - bhyve full-meshed lab script Setting-up a virtual envirronement with 7 VM(s): - Working directory: /tmp/BSDRP - Each VM have 1 core(s) and 256M RAM - 1 LAN(s) between all VM - Full mesh Ethernet links between each VM VM 1 have the following NIC: - vtnet0 connected to VM 2. - vtnet1 connected to VM 3. - vtnet2 connected to VM 4. - vtnet3 connected to VM 5. - vtnet4 connected to VM 6. - vtnet5 connected to VM 7. - vtnet6 connected to LAN number 1 VM 2 have the following NIC: - vtnet0 connected to VM 1. - vtnet1 connected to VM 3. - vtnet2 connected to VM 4. - vtnet3 connected to VM 5. - vtnet4 connected to VM 6. - vtnet5 connected to VM 7. - vtnet6 connected to LAN number 1 VM 3 have the following NIC: - vtnet0 connected to VM 1. - vtnet1 connected to VM 2. - vtnet2 connected to VM 4. - vtnet3 connected to VM 5. - vtnet4 connected to VM 6. - vtnet5 connected to VM 7. - vtnet6 connected to LAN number 1 VM 4 have the following NIC: - vtnet0 connected to VM 1. - vtnet1 connected to VM 2. - vtnet2 connected to VM 3. - vtnet3 connected to VM 5. - vtnet4 connected to VM 6. - vtnet5 connected to VM 7. - vtnet6 connected to LAN number 1 VM 5 have the following NIC: - vtnet0 connected to VM 1. - vtnet1 connected to VM 2. - vtnet2 connected to VM 3. - vtnet3 connected to VM 4. - vtnet4 connected to VM 6. - vtnet5 connected to VM 7. - vtnet6 connected to LAN number 1 VM 6 have the following NIC: - vtnet0 connected to VM 1. - vtnet1 connected to VM 2. - vtnet2 connected to VM 3. - vtnet3 connected to VM 4. - vtnet4 connected to VM 5. - vtnet5 connected to VM 7. - vtnet6 connected to LAN number 1 VM 7 have the following NIC: - vtnet0 connected to VM 1. - vtnet1 connected to VM 2. - vtnet2 connected to VM 3. - vtnet3 connected to VM 4. - vtnet4 connected to VM 5. - vtnet5 connected to VM 6. - vtnet6 connected to LAN number 1 For connecting to VM'serial console, you can use: - VM 1 : cu -l /dev/nmdm1B - VM 2 : cu -l /dev/nmdm2B - VM 3 : cu -l /dev/nmdm3B - VM 4 : cu -l /dev/nmdm4B - VM 5 : cu -l /dev/nmdm5B - VM 6 : cu -l /dev/nmdm6B - VM 7 : cu -l /dev/nmdm7B
Routers configuration
All these routers can be configured with labconfig tool (use it only on a lab, because it will replace your current running configuration):
labconfig bgp_vm[VM-NUMBER]
Router 1
sysrc hostname=R1 sysrc ifconfig_vtnet6="10.0.6.1/24" sysrc ifconfig_vtnet6_ipv6="inet6 2001:db8:6::1 prefixlen 64" sysrc ifconfig_vtnet0="10.0.1.1/24" sysrc ifconfig_vtnet0_ipv6="inet6 2001:db8:1::1 prefixlen 64" hostname R1 service netif restart
Bird v1.x configuration style:
sysrc bird_enable=YES sysrc bird6_enable=YES cat > /usr/local/etc/bird.conf <<'EOF' # Configure logging log syslog all; log "/var/log/bird.log" all; log stderr all; # Override router ID router id 0.0.0.101; # Sync bird routing table with kernel protocol kernel { export all; } # Include device route (warning, a device route is a /32) protocol device { scan time 10; } # Include directly connected networks protocol direct { interface "vtnet0","vtnet6"; } protocol bgp R2 { local as 100; neighbor 10.0.6.2 as 100; export all; import all; } 'EOF' cat > /usr/local/etc/bird6.conf <<'EOF' # Configure logging log syslog all; log "/var/log/bird6.log" all; log stderr all; # Override router ID router id 0.0.0.101; # Sync bird routing table with kernel protocol kernel { export all; } protocol device { scan time 10; } # Include directly connected networks protocol direct { interface "vtnet0","vtnet6"; } protocol bgp R2 { local as 100; neighbor 2001:db8:6::2 as 100; import all; export all; } 'EOF' service bird start service bird6 start
Bird v2.x configuration style:
sysrc bird_enable=YES cat > /usr/local/etc/bird.conf <<'EOF' # Configure logging log syslog all; log "/var/log/bird.log" all; log stderr all; # Override router ID router id 0.0.0.101; # Sync bird routing table with kernel protocol kernel kernel4 { ipv4 { export all; }; } protocol kernel kernel6 { ipv6 { export all; }; } # Include device route (warning, a device route is a /32) protocol device { scan time 10; } # Include directly connected networks protocol direct { ipv4; ipv6; } protocol bgp R2inet4 { local as 100; neighbor 10.0.6.2 as 100; ipv4 { export all; import all; }; } protocol bgp R2inet6 { local as 100; neighbor 2001:db8:6::2 as 100; ipv6 { export all; import all; }; } 'EOF' service bird start
And last save config:
config save
Router 2
sysrc hostname=R2 sysrc ifconfig_vtnet6="10.0.6.2/24" sysrc ifconfig_vtnet6_ipv6="inet6 2001:db8:6::2 prefixlen 64" hostname R2 service netif restart
Bird v1.X configuration style:
sysrc bird_enable=YES sysrc bird6_enable=YES cat > /usr/local/etc/bird.conf <<'EOF' # Configure logging log syslog all; log "/var/log/bird.log" all; log stderr all; # Override router ID router id 0.0.0.102; # Define variable define myas = 100; # Sync bird routing table with kernel protocol kernel { export all; } protocol device { scan time 10; } # Include directly connected networks protocol direct { interface "vtnet6"; } protocol bgp R1 { local as myas; neighbor 10.0.6.1 as myas; import all; export all; rr client; } protocol bgp R3 { local as myas; neighbor 10.0.6.3 as myas; import all; export all; rr client; } 'EOF' cat > /usr/local/etc/bird6.conf <<'EOF' # Configure logging log syslog all; log "/var/log/bird6.log" all; log stderr all; # Override router ID router id 0.0.0.102; # Define variable define myas = 100; # Sync bird routing table with kernel protocol kernel { export all; } protocol device { scan time 10; } # Include directly connected network protocol direct { interface "vtnet6"; } protocol bgp R1 { local as myas; neighbor 2001:db8:6::1 as myas; import all; export all; rr client; } protocol bgp R3 { local as myas; neighbor 2001:db8:6::3 as myas; import all; export all; rr client; } 'EOF' service bird start service bird6 start
Bird v2.X configuration style:
sysrc bird_enable=YES cat > /usr/local/etc/bird.conf <<'EOF' # Configure logging log syslog all; log "/var/log/bird.log" all; log stderr all; # Override router ID router id 0.0.0.102; # Define variable define myas = 100; # Sync bird routing table with kernel protocol kernel kernel4 { ipv4 { export all; }; } protocol kernel kernel6 { ipv6 { export all; }; } protocol device { scan time 10; } # Include directly connected networks protocol direct { ipv4; ipv6; } protocol bgp R1inet4 { local as myas; neighbor 10.0.6.1 as myas; rr client; ipv4 { import all; export all; }; } protocol bgp R3inet4 { local as myas; neighbor 10.0.6.3 as myas; ipv4 { import all; export all; }; rr client; } protocol bgp R1inet6 { local as myas; neighbor 2001:db8:6::1 as myas; ipv6 { import all; export all; }; rr client; } protocol bgp R3inet6 { local as myas; neighbor 2001:db8:6::3 as myas; ipv6 { import all; export all; }; rr client; } 'EOF' service bird start
And writing configuration:
config save
And check that it learn IPv4 route from R1:
[root@R2]~# birdc show protocols all R1inet4 BIRD 2.0.2 ready. Name Proto Table State Since Info R1inet4 BGP --- up 10:18:57.635 Established BGP state: Established Neighbor address: 10.0.6.1 Neighbor AS: 100 Neighbor ID: 0.0.0.101 Local capabilities Multiprotocol AF announced: ipv4 Route refresh Graceful restart 4-octet AS numbers Enhanced refresh Neighbor capabilities Multiprotocol AF announced: ipv4 Route refresh Graceful restart 4-octet AS numbers Enhanced refresh Session: internal multihop route-reflector AS4 Source address: 10.0.6.2 Hold timer: 227.825/240 Keepalive timer: 26.990/80 Channel ipv4 State: UP Table: master4 Preference: 100 Input filter: ACCEPT Output filter: ACCEPT Routes: 2 imported, 2 exported Route change stats: received rejected filtered ignored accepted Import updates: 2 0 0 0 2 Import withdraws: 0 0 --- 0 0 Export updates: 3 1 0 --- 2 Export withdraws: 0 --- --- --- 0 BGP Next hop: 10.0.6.2 IGP IPv4 table: master4 [root@R2]~# birdc show route 10.0.1.0/24 BIRD 2.0.2 ready. Table master4: 10.0.1.0/24 unicast [R1inet4 10:18:57.635] * (100/0) [i] via 10.0.6.1 on vtnet6
And check that it learn IPv6 route from R1:
[root@R2]~# birdc show protocols all R1inet6 BIRD 2.0.2 ready. Name Proto Table State Since Info R1inet6 BGP --- up 10:18:57.628 Established BGP state: Established Neighbor address: 2001:db8:6::1 Neighbor AS: 100 Neighbor ID: 0.0.0.101 Local capabilities Multiprotocol AF announced: ipv6 Route refresh Graceful restart 4-octet AS numbers Enhanced refresh Neighbor capabilities Multiprotocol AF announced: ipv6 Route refresh Graceful restart 4-octet AS numbers Enhanced refresh Session: internal multihop route-reflector AS4 Source address: 2001:db8:6::2 Hold timer: 164.219/240 Keepalive timer: 7.453/80 Channel ipv6 State: UP Table: master6 Preference: 100 Input filter: ACCEPT Output filter: ACCEPT Routes: 2 imported, 6 exported Route change stats: received rejected filtered ignored accepted Import updates: 2 0 0 0 2 Import withdraws: 0 0 --- 0 0 Export updates: 7 1 0 --- 6 Export withdraws: 0 --- --- --- 0 BGP Next hop: 2001:db8:6::2 IGP IPv6 table: master6 [root@R2]~# birdcl show route 2001:db8:1::/64 BIRD 2.0.2 ready. Table master6: 2001:db8:1::/64 unicast [R1inet6 10:18:57.628] * (100/0) [i] via 2001:db8:6::1 on vtnet6
Router 3
sysrc hostname=R3 sysrc ifconfig_vtnet6="10.0.6.3/24" sysrc ifconfig_vtnet6_ipv6="inet6 2001:db8:6::3 prefixlen 64" sysrc ifconfig_vtnet2="10.0.2.3/24" sysrc ifconfig_vtnet2_ipv6="inet6 2001:db8:2::3 prefixlen 64" hostname R3 service netif restart
Bird v1.x configuration style:
sysrc bird_enable=YES sysrc bird6_enable=YES cat > /usr/local/etc/bird.conf <<'EOF' # Configure logging log syslog all; log "/var/log/bird.log" all; log stderr all; # Override router ID router id 0.0.0.103; # Define variable define myas = 100; # Sync bird routing table with kernel protocol kernel { export all; } protocol device { scan time 10; } # Include directly connected network protocol direct { interface "vtnet6","vtnet2"; } protocol bgp R2 { local as myas; neighbor 10.0.6.2 as myas; import all; export all; next hop self; } protocol bgp R4 { local as myas; # Bird creates IPSEC SAD entry automatically but it need to know the source IP address # Otherwise it will use the wrong 0.0.0.0 IP as source source address 10.0.2.3; neighbor 10.0.2.4 as 200; password "abigpassword"; import all; export all; next hop self; } 'EOF' service bird start cat > /usr/local/etc/bird6.conf <<'EOF' # Configure logging log syslog all; log "/var/log/bird6.log" all; log stderr all; # Override router ID router id 0.0.0.103; # Define variable define myas = 100; # Sync bird routing table with kernel protocol kernel { export all; } protocol device { scan time 10; } # Include directly connected network protocol direct { interface "vtnet6","vtnet2"; } protocol bgp R2 { local as myas; neighbor 2001:db8:6::2 as myas; import all; export all; next hop self; } protocol bgp R4 { local as myas; # Bird creates IPSEC SAD entry automatically but it need to know the source IP address # Otherwise it will use the wrong :: IP as source source address 2001:db8:2::3; neighbor 2001:db8:2::4 as 200; password "abigpassword"; import all; export all; next hop self; } 'EOF' service bird6 start
bird v2 configuration style:
sysrc bird_enable=YES cat > /usr/local/etc/bird.conf <<'EOF' # Configure logging log syslog all; log "/var/log/bird.log" all; log stderr all; # Override router ID router id 0.0.0.103; # Define variable define myas = 100; # Sync bird routing table with kernel protocol kernel kernel4 { ipv4 { export all; }; } protocol kernel kernel6 { ipv6 { export all; }; } protocol device { scan time 10; } # Include directly connected networks protocol direct { ipv4; ipv6; } protocol bgp R2inet4 { local as myas; neighbor 10.0.6.2 as myas; ipv4 { import all; export all; next hop self; }; } protocol bgp R4inet4 { local as myas; # Bird creates IPSEC SAD entry automatically but it need to know the source IP address # Otherwise it will use the wrong 0.0.0.0 IP as source source address 10.0.2.3; neighbor 10.0.2.4 as 200; password "abigpassword"; ipv4 { import all; export all; next hop self; }; } protocol bgp R2inet6 { local as myas; neighbor 2001:db8:6::2 as myas; ipv6 { import all; export all; next hop self; }; } protocol bgp R4inet6 { local as myas; # Bird creates IPSEC SAD entry automatically but it need to know the source IP address # Otherwise it will use the wrong :: IP as source source address 2001:db8:2::3; neighbor 2001:db8:2::4 as 200; password "abigpassword"; ipv6 { import all; export all; next hop self; }; } EOF service bird start
And write configuration:
config save
And check that it learn IPv4 route:
[root@R3]~# birdcl show protocols all R2inet4 BIRD 2.0.2 ready. Name Proto Table State Since Info R2inet4 BGP --- up 10:19:03.538 Established BGP state: Established Neighbor address: 10.0.6.2 Neighbor AS: 100 Neighbor ID: 0.0.0.102 Local capabilities Multiprotocol AF announced: ipv4 Route refresh Graceful restart 4-octet AS numbers Enhanced refresh Neighbor capabilities Multiprotocol AF announced: ipv4 Route refresh Graceful restart 4-octet AS numbers Enhanced refresh Session: internal multihop AS4 Source address: 10.0.6.3 Hold timer: 181.078/240 Keepalive timer: 30.892/80 Channel ipv4 State: UP Table: master4 Preference: 100 Input filter: ACCEPT Output filter: ACCEPT Routes: 2 imported, 2 exported Route change stats: received rejected filtered ignored accepted Import updates: 2 0 0 0 2 Import withdraws: 0 0 --- 0 0 Export updates: 3 1 0 --- 2 Export withdraws: 0 --- --- --- 0 BGP Next hop: 10.0.6.3 IGP IPv4 table: master4 [root@R3]~# birdcl show route 10.0.1.0/24 BIRD 2.0.2 ready. Table master4: 10.0.1.0/24 unicast [R2inet4 10:19:03.538 from 10.0.6.2] * (100/0) [i] via 10.0.6.1 on vtnet6
and check that it learn IPv6 route:
[root@R3]~# birdc show protocols all R2inet6 BIRD 2.0.2 ready. Name Proto Table State Since Info R2inet6 BGP --- up 10:19:03.733 Established BGP state: Established Neighbor address: 2001:db8:6::2 Neighbor AS: 100 Neighbor ID: 0.0.0.102 Local capabilities Multiprotocol AF announced: ipv6 Route refresh Graceful restart 4-octet AS numbers Enhanced refresh Neighbor capabilities Multiprotocol AF announced: ipv6 Route refresh Graceful restart 4-octet AS numbers Enhanced refresh Session: internal multihop AS4 Source address: 2001:db8:6::3 Hold timer: 170.844/240 Keepalive timer: 61.380/80 Channel ipv6 State: UP Table: master6 Preference: 100 Input filter: ACCEPT Output filter: ACCEPT Routes: 2 imported, 6 exported Route change stats: received rejected filtered ignored accepted Import updates: 2 0 0 0 2 Import withdraws: 0 0 --- 0 0 Export updates: 7 1 0 --- 6 Export withdraws: 0 --- --- --- 0 BGP Next hop: 2001:db8:6::3 IGP IPv6 table: master6 [root@R3]~# birdcl show route 2001:db8:1::/64 BIRD 2.0.2 ready. Table master6: 2001:db8:1::/64 unicast [R2inet6 10:19:03.733 from 2001:db8:6::2] * (100/0) [i] via 2001:db8:6::1 on vtnet6
Router 4
sysrc hostname=R4 hostname R4 sysrc frr_enable=YES sysrc ipsec_enable=YES sysrc ipsec_file="/etc/ipsec.conf" cat <<EOF > /etc/ipsec.conf flush ; add 10.0.2.3 10.0.2.4 tcp 0x1000 -A tcp-md5 "abigpassword" ; add 10.0.2.4 10.0.2.3 tcp 0x1001 -A tcp-md5 "abigpassword" ; add -6 2001:db8:2::3 2001:db8:2::4 tcp 0x1002 -A tcp-md5 "abigpassword" ; add -6 2001:db8:2::4 2001:db8:2::3 tcp 0x1003 -A tcp-md5 "abigpassword" ; EOF service ipsec start cat > /usr/local/etc/frr/frr.conf <<EOF interface vtnet2 ip address 10.0.2.4/24 ipv6 address 2001:db8:2::4/64 interface vtnet3 ip address 10.0.3.4/24 ipv6 address 2001:db8:3::4/64 router bgp 64512 bgp router-id 0.0.0.204 bgp confederation identifier 200 bgp confederation peers 65535 no bgp ebgp-requires-policy no bgp default ipv4-unicast neighbor 10.0.2.3 remote-as 100 neighbor 10.0.2.3 password abigpassword neighbor 10.0.3.5 remote-as 64512 neighbor 2001:db8:2::3 remote-as 100 neighbor 2001:db8:2::3 password abigpassword neighbor 2001:db8:3::5 remote-as 64512 ! address-family ipv4 unicast network 10.0.3.0/24 neighbor 10.0.2.3 activate neighbor 10.0.3.5 activate neighbor 10.0.3.5 next-hop-self no neighbor 2001:db8:2::3 activate no neighbor 2001:db8:3::5 activate exit-address-family ! address-family ipv6 unicast network 2001:db8:3::/64 neighbor 2001:db8:2::3 activate neighbor 2001:db8:3::5 activate neighbor 2001:db8:3::5 next-hop-self exit-address-family ! EOF service frr start config save
Check that BGP IPv4 and IPV6 peers are UP between R4 and R3:
[root@R4]~# cli Hello, this is FRRouting (version 6.0). Copyright 1996-2005 Kunihiro Ishiguro, et al. R4# sh bgp summary IPv4 Unicast Summary: BGP router identifier 0.0.0.204, local AS number 64512 vrf-id 0 BGP table version 5 RIB entries 9, using 1440 bytes of memory Peers 4, using 54 KiB of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.2.3 4 100 7 8 0 0 0 00:02:59 3 10.0.3.5 4 64512 4 6 0 0 0 00:00:54 2 Total number of neighbors 2 IPv6 Unicast Summary: BGP router identifier 0.0.0.204, local AS number 64512 vrf-id 0 BGP table version 7 RIB entries 13, using 2080 bytes of memory Peers 4, using 54 KiB of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2001:db8:2::3 4 100 25 27 0 0 0 00:18:14 3 2001:db8:3::5 4 64512 24 23 0 0 0 00:18:10 4 Total number of neighbors 2
And check that R4 learn the IPv4/IPv6 routes from AS100:
R4# show ip route 10.0.1.0/24 Routing entry for 10.0.1.0/24 Known via "bgp", distance 20, metric 0, best Last update 00:03:26 ago * 10.0.2.3, via vtnet2 R4# show ipv6 route 2001:db8:1::/64 Routing entry for 2001:db8:1::/64 Known via "bgp", distance 20, metric 0, best Last update 00:03:34 ago * fe80::5a9c:fcff:fe03:403, via vtnet2
Router 5
sysrc hostname=R5 sysrc frr_enable=YES cat <<EOF > /usr/local/etc/frr/frr.conf log syslog interface vtnet3 ip address 10.0.3.5/24 ipv6 address 2001:db8:3::5/64 ! interface vtnet4 ip address 10.0.4.5/24 ipv6 address 2001:db8:4::5/64 router bgp 64512 bgp router-id 0.0.0.205 bgp confederation identifier 200 bgp confederation peers 65535 no bgp ebgp-requires-policy no bgp default ipv4-unicast neighbor 10.0.3.4 remote-as 64512 neighbor 10.0.4.6 remote-as 65535 neighbor 2001:db8:3::4 remote-as 64512 neighbor 2001:db8:4::6 remote-as 65535 ! address-family ipv4 unicast network 10.0.3.0/24 network 10.0.4.0/24 neighbor 10.0.3.4 activate neighbor 10.0.3.4 next-hop-self neighbor 10.0.4.6 activate neighbor 10.0.4.6 next-hop-self no neighbor 2001:db8:3::4 activate no neighbor 2001:db8:4::6 activate exit-address-family ! address-family ipv6 unicast network 2001:db8:3::/64 network 2001:db8:4::/64 neighbor 2001:db8:3::4 activate neighbor 2001:db8:3::4 next-hop-self neighbor 2001:db8:4::6 activate neighbor 2001:db8:4::6 next-hop-self exit-address-family EOF hostname R5 service frr start config save
Check that BGP IPv4 and IPV6 peers are UP between R5 and R4:
[root@R5]~# cli Hello, this is FRRouting (version 2.0). Copyright 1996-2005 Kunihiro Ishiguro, et al. R5# sh ip bgp summary BGP router identifier 0.0.0.205, local AS number 64512 vrf-id 0 BGP table version 5 RIB entries 9, using 1080 bytes of memory Peers 4, using 53 KiB of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.3.4 4 64512 6 6 0 0 0 00:02:07 4 10.0.4.6 4 65535 0 0 0 0 0 never Active Total number of neighbors 2 R5# sh ipv6 bgp summary BGP router identifier 0.0.0.205, local AS number 64512 vrf-id 0 BGP table version 2 RIB entries 9, using 1080 bytes of memory Peers 4, using 53 KiB of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2001:db8:3::4 4 64512 6 6 0 0 0 00:02:46 4 2001:db8:4::6 4 65535 0 0 0 0 0 never Active Total number of neighbors 2
And check that R5 learn the IPv4/IPv6 routes advertised by R4 from AS100:
R5# show ip route 10.0.1.0/24 Routing entry for 10.0.1.0/24 Known via "bgp", distance 200, metric 0, best Last update 00:01:43 ago * 10.0.3.4, via vtnet3 R5# show ipv6 route 2001:db8:1::/64 Routing entry for 2001:db8:1::/64 Known via "bgp", distance 200, metric 0, best Last update 00:00:11 ago * 2001:db8:3::4, via vtnet3
Router 6
sysrc hostname=R6 hostname R6 sysrc ipsec_enable=YES sysrc ipsec_file="/etc/ipsec.conf" sysrc frr_enable=YES cat <<EOF > /etc/ipsec.conf flush ; add 10.0.5.6 10.0.5.7 tcp 0x1000 -A tcp-md5 "abcdefgh" ; add 10.0.5.7 10.0.5.6 tcp 0x1001 -A tcp-md5 "abcdefgh" ; add -6 2001:db8:5::6 2001:db8:5::7 tcp 0x1002 -A tcp-md5 "abcdefgh" ; add -6 2001:db8:5::7 2001:db8:5::6 tcp 0x1003 -A tcp-md5 "abcdefgh" ; EOF service ipsec start cat <<EOF > /usr/local/etc/frr/frr.conf log syslog interface vtnet4 ip address 10.0.4.6/24 ipv6 address 2001:db8:4::6/64 ! interface vtnet5 ip address 10.0.5.6/24 ipv6 address 2001:db8:5::6/64 router bgp 65535 bgp router-id 0.0.0.206 bgp confederation identifier 200 bgp confederation peers 64512 no bgp ebgp-requires-policy no bgp default ipv4-unicast neighbor 10.0.4.5 remote-as 64512 neighbor 10.0.5.7 remote-as 65535 neighbor 10.0.5.7 password abcdefgh neighbor 2001:db8:4::5 remote-as 64512 neighbor 2001:db8:5::7 remote-as 65535 neighbor 2001:db8:5::7 password abcdefgh ! address-family ipv4 unicast network 10.0.5.0/24 neighbor 10.0.4.5 activate neighbor 10.0.4.5 next-hop-self neighbor 10.0.5.7 activate neighbor 10.0.5.7 next-hop-self no neighbor 2001:db8:4::5 activate no neighbor 2001:db8:5::7 activate exit-address-family ! address-family ipv6 unicast network 2001:db8:5::/64 neighbor 2001:db8:4::5 activate neighbor 2001:db8:4::5 next-hop-self neighbor 2001:db8:5::7 activate neighbor 2001:db8:5::7 next-hop-self exit-address-family EOF service frr start config save
Check that BGP IPv4 and IPV6 peers are UP between R6 and R5:
[root@R6]~# cli Hello, this is FRRouting (version 6.0). Copyright 1996-2005 Kunihiro Ishiguro, et al. R6# sh bgp summary IPv4 Unicast Summary: BGP router identifier 0.0.0.206, local AS number 65535 vrf-id 0 BGP table version 7 RIB entries 13, using 2080 bytes of memory Peers 4, using 54 KiB of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.4.5 4 64512 8 8 0 0 0 00:01:23 5 10.0.5.7 4 65535 4 7 0 0 0 00:00:11 2 Total number of neighbors 2 IPv6 Unicast Summary: BGP router identifier 0.0.0.206, local AS number 65535 vrf-id 0 BGP table version 7 RIB entries 13, using 2080 bytes of memory Peers 4, using 54 KiB of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2001:db8:4::5 4 64512 28 28 0 0 0 00:21:31 5 2001:db8:5::7 4 65535 25 27 0 0 0 00:21:27 2 Total number of neighbors 2
And check that R6 learn the IPv4/IPv6 routes advertised by R5:
R6# sh ip route 10.0.1.0/24 Routing entry for 10.0.1.0/24 Known via "bgp", distance 200, metric 0, best Last update 00:01:10 ago * 10.0.4.5, via vtnet4 R6# sh ipv6 route 2001:db8:1::/64 Routing entry for 2001:db8:1::/64 Known via "bgp", distance 200, metric 0, best Last update 00:01:17 ago * 2001:db8:4::5, via vtnet4
Router 7
Configure router hostname and ipsec.conf for the BGP TCP-MD5 session:
sysrc hostname=R7 hostname R7 sysrc ipsec_enable=YES sysrc ipsec_file="/etc/ipsec.conf" sysrc frr_enable=YES cat <<EOF > /etc/ipsec.conf flush ; add 10.0.5.6 10.0.5.7 tcp 0x1000 -A tcp-md5 "abcdefgh" ; add 10.0.5.7 10.0.5.6 tcp 0x1001 -A tcp-md5 "abcdefgh" ; add -6 2001:db8:5::6 2001:db8:5::7 tcp 0x1002 -A tcp-md5 "abcdefgh" ; add -6 2001:db8:5::7 2001:db8:5::6 tcp 0x1003 -A tcp-md5 "abcdefgh" ; EOF service ipsec start cat <<EOF > /usr/local/etc/frr/frr.conf log syslog interface vtnet0 ip address 10.0.7.7/24 ipv6 address 2001:db8:7::7/64 ! interface vtnet5 ip address 10.0.5.7/24 ipv6 address 2001:db8:5::7/64 router bgp 65535 bgp router-id 0.0.0.207 bgp confederation identifier 200 bgp confederation peers 64512 no bgp ebgp-requires-policy no bgp default ipv4-unicast neighbor 10.0.5.6 remote-as 65535 neighbor 10.0.5.6 password abcdefgh neighbor 2001:db8:5::6 remote-as 65535 neighbor 2001:db8:5::6 password abcdefgh ! address-family ipv4 unicast network 10.0.5.0/24 network 10.0.7.0/24 neighbor 10.0.5.6 activate no neighbor 2001:db8:5::6 activate exit-address-family ! address-family ipv6 unicast network 2001:db8:5::/64 network 2001:db8:7::/64 neighbor 2001:db8:5::6 activate exit-address-family EOF service frr start config save
Check that BGP IPv4 and IPV6 peers are UP between R7 and R6:
[root@R7]~# cli Hello, this is FRRouting (version 6.0). Copyright 1996-2005 Kunihiro Ishiguro, et al. R7# show bgp summary R7# sh bgp summary IPv4 Unicast Summary: BGP router identifier 0.0.0.207, local AS number 65535 vrf-id 0 BGP table version 7 RIB entries 13, using 2080 bytes of memory Peers 2, using 27 KiB of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.5.6 4 65535 7 5 0 0 0 00:01:55 6 Total number of neighbors 1 IPv6 Unicast Summary: BGP router identifier 0.0.0.207, local AS number 65535 vrf-id 0 BGP table version 7 RIB entries 13, using 2080 bytes of memory Peers 2, using 27 KiB of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2001:db8:5::6 4 65535 29 27 0 0 0 00:23:11 6 Total number of neighbors 1
And check that R7 learns the IPv4/IPv6 routes advertised by R6:
R7# show ip route 10.0.1.0/24 Routing entry for 10.0.1.0/24 Known via "bgp", distance 200, metric 0, best Last update 00:01:26 ago * 10.0.5.6, via vtnet5 R7# show ipv6 route 2001:db8:1::/64 Routing entry for 2001:db8:1::/64 Known via "bgp", distance 200, metric 0, best Last update 00:01:29 ago * 2001:db8:5::6, via vtnet5
Final testing
Verifying route between from R7 to R1 using source IP 10.0.7.7/2001:db8:7::7
R7# exit [root@R7]~# traceroute -s 10.0.7.7 10.0.1.1 traceroute to 10.0.1.1 (10.0.1.1) from 10.0.7.7, 64 hops max, 52 byte packets 1 10.0.5.6 (10.0.5.6) 1.412 ms 1.146 ms 0.304 ms 2 10.0.4.5 (10.0.4.5) 1.339 ms 1.959 ms 1.241 ms 3 10.0.3.4 (10.0.3.4) 2.064 ms 1.385 ms 0.735 ms 4 10.0.2.3 (10.0.2.3) 2.322 ms 1.682 ms 1.004 ms 5 10.0.1.1 (10.0.1.1) 2.695 ms 2.226 ms 1.135 ms [root@R7]~# traceroute6 -s 2001:db8:7::7 2001:db8:1::1 traceroute6 to 2001:db8:1::1 (2001:db8:1::1) from 2001:db8:7::7, 64 hops max, 12 byte packets 1 2001:db8:5::6 1.272 ms 0.481 ms 0.876 ms 2 2001:db8:4::5 2.568 ms 1.389 ms 2.216 ms 3 2001:db8:3::4 2.442 ms 2.740 ms 0.958 ms 4 2001:db8:2::3 1.290 ms 1.055 ms 1.489 ms 5 2001:db8:1::1 2.038 ms 2.033 ms 1.573 ms