Simple BGP/RIP/OSPF/BABEL with bird
This lab runs inside a single BSDRP VM and shows how to use BSDRP with Bird 2.
Overview¶
Network diagram¶
Here is the logical and physical view:
Router configuration¶
All the configuration details here can be generated by the embedded BSDRP lab script, which creates and configures 5 jails:
labconfig bird_jails
Host¶
Unhide the bpf interface in jails so tcpdump can be used inside them.
sysrc hostname=host \
cloned_interfaces="epair0 epair1 epair2 epair3 epair4" \
kld_list="ipsec"
cat > /etc/devfs.rules <<'EOF'
[devfsrules_jailbpf=4]
add include \$devfsrules_hide_all
add include \$devfsrules_unhide_basic
add include \$devfsrules_unhide_login
add path 'bpf*' unhide
'EOF'
service devfs restart
service netif restart
service hostname restart
service kld start
tenant -c -j jail1 -i epair0a
tenant -c -j jail2 -i epair0b,epair1a
tenant -c -j jail3 -i epair1b,epair2a
tenant -c -j jail4 -i epair2b,epair3a
tenant -c -j jail5 -i epair3b,epair4a
tenant -c -j jail6 -i epair4b
Jail 1¶
cat > /etc/jails/jail1/rc.conf <<EOF
hostname="jail1"
gateway_enable=YES
ipv6_gateway_enable=YES
sysrc cloned_interfaces=lo1
ifconfig_lo1="inet 192.168.10.1/24"
ifconfig_lo1_ipv6="inet6 2001:db8:10::1/64"
ifconfig_epair0a="inet 192.168.12.1/24"
ifconfig_epair0a_ipv6="inet6 2001:db8:12::1/64"
bird_enable=yes
EOF
cat > /etc/jails/jail1/local/bird.conf <<EOF
# Configure logging
log syslog all;
log "/var/log/bird.log" all;
log stderr all;
# Override router ID
router id 192.168.10.1;
# Sync bird routing table with kernel
protocol kernel kernel4 {
ipv4 {
export all;
};
}
protocol kernel kernel6 {
ipv6 {
export all;
};
}
protocol device {
scan time 10;
}
# Include directly connected networks
protocol direct {
ipv4;
ipv6;
}
protocol bgp bgp4 {
local as 12;
# Bird creates IPSEC SAD entry automatically but it need to know the source IP address
# Otherwise it will use the wrong 0.0.0.0 IP as source
source address 192.168.12.1;
neighbor 192.168.12.2 as 12;
password "abigpassword";
ipv4 {
import all;
export all;
};
}
protocol bgp bgp6 {
local as 12;
# Bird creates IPSEC SAD entry automatically but it need to know the source IP address
# Otherwise it will use the wrong :: IP as source
source address 2001:db8:12::1;
neighbor 2001:db8:12::2 as 12;
password "abigpassword";
ipv6 {
import all;
export all;
};
}
protocol bfd {}
EOF
Jail 2¶
cat > /etc/jails/jail2/rc.conf <<EOF
hostname="jail2"
gateway_enable=YES
ipv6_gateway_enable=YES
ifconfig_epair0b="inet 192.168.12.2/24"
ifconfig_epair0b_ipv6="inet6 2001:db8:12::2/64"
ifconfig_epair1a="inet 192.168.23.2/24"
ifconfig_epair1a_ipv6="inet6 2001:db8:23::2/64"
bird_enable=yes
EOF
cat > /etc/jails/jail2/local/bird.conf <<EOF
# Configure logging
log syslog all;
log "/var/log/bird.log" all;
log stderr all;
# Override router ID
router id 192.168.10.2;
# Sync bird routing table with kernel
protocol kernel kernel4 {
ipv4 {
export all;
};
}
protocol kernel kernel6 {
ipv6 {
export all;
};
}
protocol device {
scan time 10;
}
# Include directly connected networks
protocol direct {
ipv4;
ipv6;
}
protocol bgp bgp4 {
local as 12;
# Bird creates IPSEC SAD entry automatically but it need to know the source IP address
# Otherwise it will use the wrong 0.0.0.0 IP as source
source address 192.168.12.2;
neighbor 192.168.12.1 as 12;
password "abigpassword";
ipv4 {
import all;
export all;
next hop self;
};
}
protocol bgp bgp6 {
local as 12;
# Bird creates IPSEC SAD entry automatically but it need to know the source IP address
# Otherwise it will use the wrong :: IP as source
source address 2001:db8:12::2;
neighbor 2001:db8:12::1 as 12;
password "abigpassword";
ipv6 {
import all;
export all;
next hop self;
};
}
protocol bfd {}
protocol rip rip4 {
ipv4 { import all; export all;};
interface "epair1a" {};
}
protocol rip ng rip6 {
ipv6 { import all; export all;};
interface "epair1a" {};
}
EOF
Jail 3¶
cat > /etc/jails/jail3/rc.conf <<EOF
hostname="jail3"
gateway_enable=YES
ipv6_gateway_enable=YES
ifconfig_epair1b="inet 192.168.23.3/24"
ifconfig_epair1b_ipv6="inet6 2001:db8:23::3/64"
ifconfig_epair2a="inet 192.168.34.3/24"
ifconfig_epair2a_ipv6="inet6 2001:db8:34::3/64"
bird_enable=yes
EOF
cat > /etc/jails/jail3/local/bird.conf <<EOF
# Configure logging
log syslog all;
log "/var/log/bird.log" all;
log stderr all;
# Override router ID
router id 192.168.10.3;
# Sync bird routing table with kernel
protocol kernel kernel4 {
ipv4 {
export all;
};
}
protocol kernel kernel6 {
ipv6 {
export all;
};
}
protocol device {
scan time 10;
}
# Include directly connected networks
protocol direct {
ipv4;
ipv6;
}
protocol bfd {}
protocol rip rip4 {
ipv4 { import all; export all;};
interface "epair1b" {};
}
protocol rip ng rip6 {
ipv6 { import all; export all;};
interface "epair1b" {};
}
protocol ospf v2 opsf4 {
ipv4 { import all; export all;};
area 0 {
interface "epair2a" {};
};
}
protocol ospf v3 ospf6 {
ipv6 { import all; export all;};
area 0 {
interface "epair2a" {};
};
}
EOF
Jail 4¶
cat > /etc/jails/jail4/rc.conf <<EOF
hostname="jail4"
gateway_enable=YES
ipv6_gateway_enable=YES
ifconfig_epair2b="inet 192.168.34.4/24"
ifconfig_epair2b_ipv6="inet6 2001:db8:34::4/64"
ifconfig_epair3a="inet 192.168.45.4/24"
ifconfig_epair3a_ipv6="inet6 2001:db8:45::4/64"
bird_enable=yes
EOF
cat > /etc/jails/jail4/local/bird.conf <<EOF
# Configure logging
log syslog all;
log "/var/log/bird.log" all;
log stderr all;
# Override router ID
router id 192.168.10.4;
# Sync bird routing table with kernel
protocol kernel kernel4 {
ipv4 {
export all;
};
}
protocol kernel kernel6 {
ipv6 {
export all;
};
}
protocol device {
scan time 10;
}
# Include directly connected networks
protocol direct {
ipv4;
ipv6;
}
protocol bfd {}
protocol ospf v2 ospf4 {
ipv4 { import all; export all;};
area 0 {
interface "epair2b" {};
};
}
protocol ospf v3 ospf6 {
ipv6 { import all; export all;};
area 0 {
interface "epair2b" {};
};
}
protocol babel {
interface "epair3a" { type wired; };
ipv4 { import all; export all;};
ipv6 { import all; export all;};
}
EOF
Jail 5¶
cat > /etc/jails/jail5/rc.conf <<EOF
hostname="jail5"
gateway_enable=YES
ipv6_gateway_enable=YES
ifconfig_epair3b="inet 192.168.45.5/24"
ifconfig_epair3b_ipv6="inet6 2001:db8:45::5/64"
ifconfig_epair4a="inet 192.168.56.5/24"
ifconfig_epair4a_ipv6="inet6 2001:db8:56::5/64"
bird_enable=yes
EOF
cat > /etc/jails/jail5/local/bird.conf <<EOF
# Configure logging
log syslog all;
log "/var/log/bird.log" all;
log stderr all;
# Override router ID
router id 192.168.10.5;
# Sync bird routing table with kernel
protocol kernel kernel4 {
ipv4 {
export all;
};
}
protocol kernel kernel6 {
ipv6 {
export all;
};
}
protocol device {
scan time 10;
}
# Include directly connected networks
protocol direct {
ipv4;
ipv6;
}
protocol babel {
interface "epair3b" { type wired; };
ipv4 { import all; export all;};
ipv6 { import all; export all;};
}
protocol static static4 {
ipv4;
route 192.168.60.0/24 via 192.168.56.6;
}
protocol static static6 {
ipv6;
route 2001:db8:60::/64 via 2001:db8:56::6;
}
EOF
Jail 6¶
cat > /etc/jails/jail6/rc.conf <<EOF
hostname="jail6"
gateway_enable=YES
ipv6_gateway_enable=YES
cloned_interfaces=lo1
ifconfig_epair4b="inet 192.168.56.6/24"
ifconfig_epair4b_ipv6="inet6 2001:db8:56::6/64"
ifconfig_lo1="inet 192.168.60.6/24"
ifconfig_lo1_ipv6="inet6 2001:db8:60::6/64"
bird_enable=yes
EOF
cat > /etc/jails/jail6/local/bird.conf <<EOF
# Configure logging
log syslog all;
log "/var/log/bird.log" all;
log stderr all;
# Override router ID
router id 192.168.10.6;
# Sync bird routing table with kernel
protocol kernel kernel4 {
ipv4 {
export all;
};
}
protocol kernel kernel6 {
ipv6 {
export all;
};
}
protocol device {
scan time 10;
}
# Include directly connected networks
protocol direct {
ipv4;
ipv6;
}
protocol static static4 {
ipv4;
route 0.0.0.0/0 via 192.168.56.5;
}
protocol static static6 {
ipv6;
route ::/0 via 2001:db8:56::5;
}
EOF
Testing¶
Jail 1 routing table:
root@host:~ # jexec jail1 netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
127.0.0.1 link#16 UH lo0
192.168.10.0/24 link#26 U1 lo1
192.168.10.1 link#26 UH lo1
192.168.12.0/24 link#4 U epair0a
192.168.12.1 link#4 UHS lo0
192.168.23.0/24 192.168.12.2 UG1 epair0a
192.168.34.0/24 192.168.12.2 UG1 epair0a
192.168.45.0/24 192.168.12.2 UG1 epair0a
192.168.56.0/24 192.168.12.2 UG1 epair0a
192.168.60.0/24 192.168.12.2 UG1 epair0a
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0
::1 link#16 UHS lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
2001:db8:10::/64 link#26 U lo1
2001:db8:10::1 link#26 UHS lo0
2001:db8:12::/64 link#4 U epair0a
2001:db8:12::1 link#4 UHS lo0
2001:db8:23::/64 2001:db8:12::2 UG1 epair0a
2001:db8:34::/64 2001:db8:12::2 UG1 epair0a
2001:db8:45::/64 2001:db8:12::2 UG1 epair0a
2001:db8:56::/64 2001:db8:12::2 UG1 epair0a
2001:db8:60::/64 2001:db8:12::2 UG1 epair0a
fe80::/10 ::1 UGRS lo0
fe80::%epair0a/64 link#4 U epair0a
fe80::99:d6ff:fe95:710a%epair0a link#4 UHS lo0
fe80::%lo0/64 link#16 U lo0
fe80::1%lo0 link#16 UHS lo0
fe80::%lo1/64 link#26 U lo1
fe80::1%lo1 link#26 UHS lo0
ff02::/16 ::1 UGRS lo0
And traceroute from jail1 to jail6:
root@host:~ # jexec jail1 traceroute 192.168.60.6
traceroute to 192.168.60.6 (192.168.60.6), 64 hops max, 40 byte packets
1 192.168.12.2 (192.168.12.2) 0.038 ms 0.030 ms 0.014 ms
2 192.168.23.3 (192.168.23.3) 0.020 ms 0.025 ms 0.014 ms
3 192.168.34.4 (192.168.34.4) 0.020 ms 0.026 ms 0.016 ms
4 192.168.45.5 (192.168.45.5) 0.033 ms 0.027 ms 0.020 ms
5 192.168.60.6 (192.168.60.6) 0.031 ms 0.030 ms 0.020 ms
root@host:~ # jexec jail1 ping -c 2 2001:db8:60::6
PING6(56=40+8+8 bytes) 2001:db8:12::1 --> 2001:db8:60::6
16 bytes from 2001:db8:60::6, icmp_seq=0 hlim=60 time=0.091 ms
16 bytes from 2001:db8:60::6, icmp_seq=1 hlim=60 time=0.056 ms
--- 2001:db8:60::6 ping6 statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.056/0.073/0.091/0.018 ms