1

i have two machines participating in the DN42 network, a darknet driven by the Chaos Computer Club and others to play around with advanced routing techniques like BGP and stuff.

The machines are connected via an OpenVPN connection and can ping each other. Now, my challenge is: Since i own both machines, i'd like to establish an iBGP connection between them, so that they work in the same AS. I already have successful BGP peerings with other AS, but in this specific case, the propagated routes are marked as unreachable.

If that helps: One of the machine is a debian server, the other one is an OpenWRT router. I am using BIRD to get the BGP connections.

I am quite new to this advanced routing stuff, so i would be glad to receive some help. This is the example BIRD config from one of the machines, the config on the other machine looks similar.

# Configure logging
log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };

# Override router ID
router id 172.23.211.129;

define myas = 4242421111;

protocol kernel {
    scan time 20;           # Scan kernel routing table every 20 seconds
    import all;
    export where source != RTS_STATIC;
}

protocol device {
    scan time 10;           # Scan interfaces every 10 seconds
}

protocol static {
    route 172.23.211.128/25 via 172.23.211.129;
    #route 172.23.211.0/25 via 172.23.211.1;
}

# Protocol template
template bgp PEERS {
    import all;
    export all;
    #export where source = RTS_STATIC;
 }

 protocol bgp PEER2 from PEERS
{
    description "iBGP to home router";
    #direct;
    local 172.23.211.129 as myas;
    neighbor 172.23.211.1 as myas;
 }

As you can see, i have one /24 assigned to my AS, and i want to split it into two /25 subnets, the first assigned to my home machine, the second assigned to a server in a datacenter. So, now the routes between both machines are imported and exported, but birdc shows them as unreachable, and the kernel routing table shows them without any interface identifier. When i try to reach through the connection to ping some peers of the other machine, the network is unreachable...so, please help me.

masegaloeh
  • 17,978
  • 9
  • 56
  • 104
simonszu
  • 343
  • 5
  • 14

1 Answers1

0

The AS number should be a 16-bit number. Sinvce you're using a private AS, you should use one between 64000 and 65535.

You will (at least) need a route to the iBGP peer.

When using iBGP as a primary "internal" routing protocol in ISP backbones, the usual thing done is to use either IS-IS or OSPF to propagate routes for all backbone links and all router loopbacks.

Without this information, there's not enough IP routing info available to establish the iBGP session(s).

Vatine
  • 5,390
  • 23
  • 24
  • 1
    I am using 4242421111 as my AS, according to https://dn42.net/Services-Whois. Please note that the DN42 isn't "The internet" but rather a private network, relaying on "The internet" as it's primary transport network. It is completely disjunct from "The internet". I have a route to each iBGP peer on each node. I'll test OSPF now. – simonszu Sep 01 '14 at 12:16
  • [RFC 4893](https://tools.ietf.org/html/rfc4893) describes 32-bit (4-octet) AS numbers. – cherdt Aug 01 '18 at 20:45