Border Gateway Protocol (BGP)
The Anapaya appliance supports Border Gateway Protocol (BGP) only to BGP peers in the local network. There are two use cases for this:
- LAN connectivity: The local network is administered using BGP and the appliance needs to learn about reachable IP destinations in the local network via BGP.
- Route redistribution: The IP prefixes learned from local BGP peers are redistributed via SGRP to remote SCION ASes. Conversely, IP prefixes learned from remote SCION AS via SGRP are redistributed to local BGP peers. Accept- and announce-filters can be used to control which IP prefixes are redistributed.
For both use cases, the appliance needs to establish BGP sessions with local BGP peers. The BGP
configuration is specified in the bgp section of the appliance configuration. The Configuration
reference section provides the full configuration reference.
The BGP daemon configured in the bgp section receives and announces IP prefixes from and to peers
on the internal network and peers connected via legacy IP networks. IP prefixes learned and accepted
from SGRP peers in remote ASes are entered into the local routing table with a metric of 15 (the
Administrative Distance of SGRP). The BGP service picks those routes and propagates them tp BGP
peers in the local network. Similarly, routes learned from local BGP peers are picked up by the
IP-in-SCION tunneling endpoint and propagated to SGRP peers in remote ASes while respecting the
policies configured in the SCION tunneling section.
Configuration reference
Anapaya appliance configuration (bgp only)
bgp object
Top-level configuration and state for the BGP router.
global object
Global configuration for the BGP router
Local BGP autonomous system number of the router. Uses the 32-bit as-number type from the model in RFC 6991.
The list of network prefixes this BGP instance advertises.
Router id of the router - an unsigned 32-bit integer expressed in dotted quad notation.
Set the preferred source address when installing routes in the kernel.
neighbors object[]
Configuration for BGP neighbors
Reference to the MD5 authentication password for use with the neighboring device.
bfd object
BFD configuration parameters relating to the BGP neighbor
Minimum desired control packet transmission interval in milliseconds
Possible values: >= 10 and <= 60000
300Local session detection multiplier
Possible values: >= 2
3Enable BFD for the BGP neighbor
falseLocal address to use for BFD
For multihop sessions only: configure the minimum expected TTL for an incoming BFD control packet.
Possible values: >= 1 and <= 254
254Enable BFD multihop
falseMinimum required control packet receive interval in milliseconds
Possible values: >= 10 and <= 60000
300An optional textual description of the neighbor.
Specifying ebgp-multihop allows sessions with eBGP neighbors to establish when they are multiple hops away. When the neighbor is not directly connected and this setting is not enabled, the session will not establish.
Whether the BGP peer is enabled. In cases where the enabled leaf is set to false, the local system will not initiate connections to the neighbor, and will not respond to TCP connections attempts from the neighbor. If the BGP session is established at the time that this property is set to false, the session will be ceased.
trueThe local BGP autonomous system number that is to be used when establishing sessions with the remote peer or peer group, if this differs from the global BGP router autonomous system number.
Address of the BGP peer, either IPv4 or IPv6.
BGP autonomous system number of the peer.
timers object
Timers related to a BGP neighbor
Time interval in seconds between attempts to establish a session with the peer.
30Time interval in seconds that a BGP session will be considered active in the absence of keepalive or other messages from the peer. The hold-time is typically set to 3x the keepalive-interval.
30Time interval in seconds between transmission of keepalive messages to the neighbor. Typically set to 1/3 the hold-time.
10Minimum time in seconds which must elapse between subsequent UPDATE messages relating to a common set of NLRI being transmitted to a peer. This timer is referred to as MinRouteAdvertisementIntervalTimer by RFC 4721 and serves to reduce the number of UPDATE messages transmitted when a particular set of NLRI exhibit instability.
30transport object
Transport session parameters for the BGP neighbor
Set the local IPv4 address to be used for the session when sending BGP update messages. This may be expressed as either an IP address or the name of an interface.
BGP Time To Live (TTL) security check. Reference: RFC 5082: The Generalized TTL Security Mechanism (GTSM), RFC 7454: BGP Operations and Security.
Example
The example below is a BGP configuration with one neighbor.
Due to an external bug in FRR, there can be cases of mismatch between routes received from the remote IP-in-SCION tunneling peers and the routes advertised to internal BGP peers. In such cases, a BGPUnexportedRoutes alert is fired. See Runbooks for further information on alerts.
To fix it, run
appliance-cli debug frr non-advertised-routes --fix
To fix for a specific neighbor only the --neighbor flag.