[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bgpd and two CARPed routers

* Hyb <maillist_(_dot_)_localhost_(_at_)_ntlworld_(_dot_)_com> [2005-08-11 14:18]:
> While I wouldn't consider my BGP knowledge as strong, it was fundamentally
> the CARP interaction that I was trying to grasp

oh, that is very easy.

you tell bgpd that a neighbor session depends on an interface. all it 
does is too look at that interface's status - let's assume carp here, 
that is what this is for really -, and as long as that interface is 
BACKUP, the session is kept in state IDLE. the very same moment the 
interface becomes MASTER it triggers a start event for the sessions in 
question, which means they go to CONNECT or ACTIVE, dependending on 
wether the question is configured passive or not. Thus (if not 
configured passive) bgpd tries to establish the session immediately 
when the carp interface becomes master.

> For instance is it possible to achieve an equivalent of Cisco's
> 'non-exist-map' statement?

dunno what this does ;)

> # /etc/bgpd.conf
> neighbour {
>   local-address
>   depend on carp0
>   descr "provider1 primary"

no point in depending on carp. you have two sessions from each of your 
uplinks for a reason - no carp in the game at all for those.

ok, let me try to make it clearer.
you run two core routers, core1 and core2.
you have two upstreams, upstream1 and upstream2.
and you are on an exchange poiint network.
now let's assume on core1 and core2:
-sk0 is connected to upstream1
-sk1 is connected to upstream2
-sk2 is connected to the exchange point network
-sk3 is your inside interface.

now, let's start with the easy part. you want one IP each on core1 and 
core2 sk3 for mangement purposes anyway. additionally, you have carp3 
on sk3 on each, with one IP on it. This IP you use as default gateway 
on your inner boxes.
also, you set up a BGP session between core1 and core2, using the IPs 
on sk3 (not carp). there is no "depend on .." statement for this 

sk0 on core1 and core2 each gets an IP from upstream1. each runs a BGP 
session to upstream1 over that. no "depend on" either.

sk1 on both core routers gets an IP each from upstream2. as above, each 
core has on BGP session to upstream2, and no "depend on".

On teh exchange point network, you likely only have one IP. here carp 
makes sense, this is what I wrote the "depend on" stuff for ;)
so, carp2 gets the exchange point IP, and is configured with "carpdev 
sk2" on each core router. you configure the BGP sessions too your 
peering partners on the IX network on each core (using a group makes a 
lot of sense here...), and they "depend on carp2" indeed.

hope it's clear now

BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Visit your host, monkey.org