IP Setup for BGP

  • 0
  • 1
  • Question
  • Updated 5 years ago
Hi, I am preparing new IPs I have received for BGP and am wondering if my configuration is correct. 

I have a single /22 IPv4 which i have split into four separate /24's.

For the example this will be x.x.160.0/22
so the /24's are:
x.x.160.0/24
x.x.161.0/24
x.x.162.0/24
x.x.163.0/24

I am going to be peering using a BGP session connected over the vlan Default which already has IP's routed to it from our datacentre.

I have created four loopback VLAN's for the four /24's:

---------------------------------------------------------------------------------------Name            VID  Protocol Addr        Flags                Proto  Ports  Virtual
                                                                      Active router
                                                                      /Total
---------------------------------------------------------------------------------------
Default         1    x.x.x.x    /26  -f---------T----------- ANY    11/18  VR-Default

vlan_LB         4089 x.x.160.1   /24  -fL-------------------- ANY    0 /0   VR-Default
vlan_LB2        4087 x.x.161.1   /24  -fL-------------------- ANY    0 /0   VR-Default
vlan_LB3        4086 x.x.162.1   /24  -fL-------------------- ANY    0 /0   VR-Default
vlan_LB4        4085 x.x.163.1   /24  -fL-------------------- ANY    0 /0   VR-Default

as you can see, ipforwarding is enabled on all VLAN's.

show iproute:
Ori  Destination        Gateway         Mtr  Flags        VLAN       Duration
#d   x.x.x.x/26     x.x.x.x     1    U------um--f Default    0d:1h:40m:16s
#d   x.x.160.0/24    x.x.160.1    1    U------um--f vlan_LB    0d:0h:22m:8s
#d   x.x.161.0/24    x.x.161.1    1    U------um--f vlan_LB2   0d:1h:25m:1s
#d   x.x.162.0/24    x.x.162.1    1    U------um--f vlan_LB3   0d:1h:24m:9s
#d   x.x.163.0/24    x.x.163.1    1    U------um--f vlan_LB4   0d:1h:23m:56s


I have servers currently connected to the Default VLAN and will be intending to use these new IP's on these servers.

I have set the IPs on one of the servers to x.x.160.100 with the gateway x.x.160.1 which is the vlan_LB gateway IP. However the gateway is unreachable and cannot be pinged:

[root@localhost ~]# ping 185.53.160.1
PING 185.53.160.1 (185.53.160.1) 56(84) bytes of data.

--- 185.53.160.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1830ms

Is my configuration correct to add the gateway's to separate VLAN's?

I did a test and added the gateway x.x.160.1 IP as a secondary IP to the Default VLAN and I can ping the gateway x.x.160.1 from the test server.

Should I be adding the gateway's as IP's on their own loopback VLAN's, or add them as secondary IP's on the Default VLAN where they are going to be used?

for BGP I will use the below to peer:

configure bgp routerid x.x.160.2
configure bgp add network x.x.160.0/24
configure bgp add network x.x.161.0/24
configure bgp add network x.x.162.0/24
configure bgp add network x.x.163.0/24

Thanks.


Photo of Michael Goodliffe

Michael Goodliffe

  • 670 Points 500 badge 2x thumb

Posted 5 years ago

  • 0
  • 1
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
Hi,

you don't have any port in vlan vlan_LB:

vlan_LB         4089 x.x.160.1   /24  -fL-------------------- ANY    0 /0  <--- VR-Default

You must add a  port  which is connected to this server, for example:
configure "Default" delete ports 1
 configure vlan_LB add ports 1 untagged

--
Jarek



Photo of Michael Goodliffe

Michael Goodliffe

  • 670 Points 500 badge 2x thumb
Hi Jarek, thanks for the reply. The servers using these new IP's will be plugged into ports on the Default VLAN, so should I just configure these new gateway's on the Default VLAN as secondary IP's?
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
Yes, you should add it as secondary (if you need so).

But you can also add it in separate vlan, then you would have a smaller broadcast domain.



--
Jarek
Photo of Michael Goodliffe

Michael Goodliffe

  • 670 Points 500 badge 2x thumb
Thanks. I would prefer to keep it in a separate VLAN for easier management and maintenance.

Could you please explain to me how I would make the gateway accessible from the Default VLAN if it was on it's own VLAN with no ports, like I have above?

Photo of Sumit Tokle

Sumit Tokle, Alum

  • 5,738 Points 5k badge 2x thumb
In order to ping any vlan, you should have active port present in that vlan. If you don't want to add a port in vlan and at the same time want to activate the vlan then you have to enable the loopback mode on that vlan.

Command to enable the loopback mode is: "enable loopback-mode vlan vlan_name"
Photo of Michael Goodliffe

Michael Goodliffe

  • 670 Points 500 badge 2x thumb
Hi, I have already enabled loopback on all of the vlan_LB's. This is visible in the show vlan I pasted with the flag L, but the gateways are still not pingable from the Default VLAN.
Photo of Sumit Tokle

Sumit Tokle, Alum

  • 5,738 Points 5k badge 2x thumb
Sorry, I have missed the loopback flag L has enabled on vlans.

May I know what is the reason for connecting the server in default vlan instead of vlan_LB and configure these four vlan as Loopback vlan?


(Edited)
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
Michael,
in short I meant that you can add the ports for those servers to server  vlan , sorry for misunderstanding.

1) I don't now how is your network looks like, but I think in your case,
 you have some hosts in vlan default and want to add servers to this vlan.
This is OK, you  add a secondary IP''s and done, it will work.
But  you have all in one vlan - one domain.

2) You can also have in one vlan host and in second vlan servers. Then you have two smaller broadcast domain. Now host and servers are separated.
They will have contact to each other, because you enabled ipforwarding on this two vlans

In my opinion the second solution is better - "more secure".


--
Jarek

 


Photo of Michael Goodliffe

Michael Goodliffe

  • 670 Points 500 badge 2x thumb
I was looking at the guide by Extreme Networks on setting up BGP (https://www.youtube.com/playlist?list=PLF2BB0964BEE78586) and the IP's which are being routed to the BGP neighbour were added on loopback VLAN's. 
At the moment, I have a number of servers connected to the Default VLAN and they are using IP's routed from our Datacentre through port 1.

What I want to do is also perform a BGP session over this existing link on port 1 with the Datacentre for peering and announcing our new /22 IP range. They have said this is possible.

So what I want to do first is setup the gateway's before performing the BGP configuration.

Should I just add these gateway's to the Default VLAN as secondary IP's? That way they are pingable on the Default VLAN.

The issue is that I need the existing IP's to still be usable in the Default VLAN, along with the new IP's I am announcing.

I think your second solution is good, however this is currently a production environment and making changes is difficult.

I will be switching servers soon, so installing the new servers in a separate VLAN may be a good idea. If I create a VLAN for the new servers, and enable ip forwarding on that VLAN and the Default VLAN, the 2 should be able to communicate?

Thanks for all the help.