Show Posts
1
23.7 Legacy Series / frr bgp config issue
« on: November 06, 2023, 04:01:02 pm »
Hello,
I'm trying to configure BGP with FRR (Version 1.36_1) and I'm having some issues. Maybe someone can help me?
I have 2 OPNsense (HA) with their own internet connections using BGP. If the internet connection of the primary OPNsense fails, it should switch to the secondary using BGP. This works fine with IPv4, but it doesn't work with IPv6.
Thank you for your help
#####Primary######
router bgp 65000
bgp router-id 192.168.19.50
bgp log-neighbor-changes
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
bgp graceful-restart
no bgp network import-check
neighbor 172.19.1.2 remote-as 65000
neighbor 172.19.1.2 bfd
neighbor 172.19.1.2 update-source igc2
neighbor <public_ipv4>.49 remote-as 1000
neighbor <public_ipv4>.49 bfd
neighbor <public_ipv4>.49 update-source igc1
neighbor <public_ipv6>:1003::1 remote-as 1000
neighbor <public_ipv6>:1003::1 bfd
neighbor <public_ipv6>:1003::1 interface igc1
neighbor <public_ipv6>:a1e0::2 remote-as 65000
neighbor <public_ipv6>:a1e0::2 bfd
neighbor <public_ipv6>:a1e0::2 interface igc2
!
address-family ipv4 unicast
redistribute connected
neighbor 172.19.1.2 activate
neighbor 172.19.1.2 next-hop-self force
neighbor 172.19.1.2 weight 20
neighbor <public_ipv4>.49 activate
neighbor <public_ipv4>.49 next-hop-self force
neighbor <public_ipv4>.49 weight 30
neighbor <public_ipv4>.49 prefix-list mci_prefix out
neighbor <public_ipv6>:1003::1 weight 30
neighbor <public_ipv6>:a1e0::2 weight 20
exit-address-family
!
address-family ipv6 unicast
redistribute connected
neighbor <public_ipv6>:1003::1 activate
neighbor <public_ipv6>:1003::1 next-hop-self force
neighbor <public_ipv6>:1003::1 prefix-list mci_prefix_ipv6 out
neighbor <public_ipv6>:a1e0::2 activate
exit-address-family
exit
#####Secondary######
router bgp 65000
bgp router-id 192.168.19.74
bgp log-neighbor-changes
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
bgp graceful-restart
no bgp network import-check
neighbor 172.19.1.1 remote-as 65000
neighbor 172.19.1.1 bfd
neighbor 172.19.1.1 update-source igc2
neighbor <public_ipv4>.73 remote-as 1000
neighbor <public_ipv4>.73 bfd
neighbor <public_ipv4>.73 update-source igc1
neighbor <public_ipv6>:1004::1 remote-as 1000
neighbor <public_ipv6>:1004::1 bfd
neighbor <public_ipv6>:1004::1 interface igc1
neighbor <public_ipv6>:a1e0::1 remote-as 65000
neighbor <public_ipv6>:a1e0::1 bfd
neighbor <public_ipv6>:a1e0::1 interface igc2
!
address-family ipv4 unicast
redistribute connected
neighbor 172.19.1.1 activate
neighbor 172.19.1.1 next-hop-self force
neighbor 172.19.1.1 weight 30
neighbor <public_ipv4>.73 activate
neighbor <public_ipv4>.73 next-hop-self force
neighbor <public_ipv4>.73 weight 20
neighbor <public_ipv4>.73 prefix-list mci_prefix out
neighbor <public_ipv6>:1004::1 weight 20
neighbor <public_ipv6>:a1e0::1 weight 30
exit-address-family
!
address-family ipv6 unicast
redistribute connected
neighbor <public_ipv6>:1004::1 activate
neighbor <public_ipv6>:1004::1 prefix-list mci_prefix_ipv6 out
neighbor <public_ipv6>:a1e0::1 activate
exit-address-family
exit
I'm trying to configure BGP with FRR (Version 1.36_1) and I'm having some issues. Maybe someone can help me?
I have 2 OPNsense (HA) with their own internet connections using BGP. If the internet connection of the primary OPNsense fails, it should switch to the secondary using BGP. This works fine with IPv4, but it doesn't work with IPv6.
Thank you for your help
#####Primary######
router bgp 65000
bgp router-id 192.168.19.50
bgp log-neighbor-changes
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
bgp graceful-restart
no bgp network import-check
neighbor 172.19.1.2 remote-as 65000
neighbor 172.19.1.2 bfd
neighbor 172.19.1.2 update-source igc2
neighbor <public_ipv4>.49 remote-as 1000
neighbor <public_ipv4>.49 bfd
neighbor <public_ipv4>.49 update-source igc1
neighbor <public_ipv6>:1003::1 remote-as 1000
neighbor <public_ipv6>:1003::1 bfd
neighbor <public_ipv6>:1003::1 interface igc1
neighbor <public_ipv6>:a1e0::2 remote-as 65000
neighbor <public_ipv6>:a1e0::2 bfd
neighbor <public_ipv6>:a1e0::2 interface igc2
!
address-family ipv4 unicast
redistribute connected
neighbor 172.19.1.2 activate
neighbor 172.19.1.2 next-hop-self force
neighbor 172.19.1.2 weight 20
neighbor <public_ipv4>.49 activate
neighbor <public_ipv4>.49 next-hop-self force
neighbor <public_ipv4>.49 weight 30
neighbor <public_ipv4>.49 prefix-list mci_prefix out
neighbor <public_ipv6>:1003::1 weight 30
neighbor <public_ipv6>:a1e0::2 weight 20
exit-address-family
!
address-family ipv6 unicast
redistribute connected
neighbor <public_ipv6>:1003::1 activate
neighbor <public_ipv6>:1003::1 next-hop-self force
neighbor <public_ipv6>:1003::1 prefix-list mci_prefix_ipv6 out
neighbor <public_ipv6>:a1e0::2 activate
exit-address-family
exit
#####Secondary######
router bgp 65000
bgp router-id 192.168.19.74
bgp log-neighbor-changes
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
bgp graceful-restart
no bgp network import-check
neighbor 172.19.1.1 remote-as 65000
neighbor 172.19.1.1 bfd
neighbor 172.19.1.1 update-source igc2
neighbor <public_ipv4>.73 remote-as 1000
neighbor <public_ipv4>.73 bfd
neighbor <public_ipv4>.73 update-source igc1
neighbor <public_ipv6>:1004::1 remote-as 1000
neighbor <public_ipv6>:1004::1 bfd
neighbor <public_ipv6>:1004::1 interface igc1
neighbor <public_ipv6>:a1e0::1 remote-as 65000
neighbor <public_ipv6>:a1e0::1 bfd
neighbor <public_ipv6>:a1e0::1 interface igc2
!
address-family ipv4 unicast
redistribute connected
neighbor 172.19.1.1 activate
neighbor 172.19.1.1 next-hop-self force
neighbor 172.19.1.1 weight 30
neighbor <public_ipv4>.73 activate
neighbor <public_ipv4>.73 next-hop-self force
neighbor <public_ipv4>.73 weight 20
neighbor <public_ipv4>.73 prefix-list mci_prefix out
neighbor <public_ipv6>:1004::1 weight 20
neighbor <public_ipv6>:a1e0::1 weight 30
exit-address-family
!
address-family ipv6 unicast
redistribute connected
neighbor <public_ipv6>:1004::1 activate
neighbor <public_ipv6>:1004::1 prefix-list mci_prefix_ipv6 out
neighbor <public_ipv6>:a1e0::1 activate
exit-address-family
exit