Border Gateway Protocol (BGP)ΒΆ
The Anapaya appliance supports integration with the Border Gateway Protocol (BGP). There are two use cases for this:
LAN connectivity: The local network is administered using BGP and the appliance needs to learn about reachable IP destinations in the local network via BGP.
Route redistribution: The IP prefixes learned from local BGP peers are redistributed via SGRP to remote SCION ASes. Conversely, IP prefixes learned from remote SCION AS via SGRP are redistributed to local BGP peers. Accept- and announce-filters can be used to control which IP prefixes are redistributed.
For both use cases, the appliance needs to establish a BGP session with one or
more local BGP peers. The BGP configuration is specified in the bgp
section
of the appliance configuration. It is split into the following two subsections:
global
Global configures the configures global attributes that apply to communication with all BGP peers. This includes the following fields:
as
The local BGP autonomous system number of the appliance as 32-bit number from RFC 6991.
networks
A list of static network prefixes advertised to all BGP peers.
router_id
Id of the router - an unsigned 32-bit integer expressed in dotted quad notation. Usually, this is an IP address.
src_address
The preferred source IP address that is used when entering received routes in the Linux routing table.
neighbors
Configures the BGP neighbors. For each neighbor, the following can be specified:
auth_password_ref
Reference to the MD5 authentication password for use with the neighboring device.
Please see Secret Management for information on how to provision a secret and then reference it in the configuration.
description
An optional user-provided description of the neighbor.
enabled
Whether the BGP peer is enabled. If this is set to false, the local BGP daemon will not initiate connections to the neighbor, and will not respond to TCP connection attempts from the neighbor. If the BGP session is established at the time that this property is set to false, it will be ceased.
local_as
The local BGP autonomous system number is used to establish sessions with the peer. If this is not provided the global BGP autonomous system number is used.
neighbor_address
Address of the BGP peer, either IPv4 or IPv6.
peer_as
BGP autonomous system number of the peer.
timers.connect_retry
Time interval in seconds between attempts to establish a session with the peer.
timers.hold_time
Time interval in seconds that a BGP session will be considered active in the absence of keepalive or other messages from the peer. This is typically set to 3x the keepalive-interval.
timers.keepalive_interval
Time interval in seconds between transmission of keepalive messages to the neighbor.
timers.minimum_advertisement_interval
The minimum time in seconds which must elapse between subsequent UPDATE messages relating to a common set of prefixes being transmitted to a peer. This timer is referred to as MinRouteAdvertisementIntervalTimer by RFC 4271 and serves to reduce the number of UPDATE messages transmitted when a particular set of prefixes exhibit instability.
transport.local_address
Set the local IPv4 address to be used for the BGP session. This may be expressed as either an IP address or the name of an interface.
ttl_security
BGP Time To Live (TTL) security check. See RFC 5082 for details.
ebgp_multihop
Allow eBGP sessions to be established with peers that are not directly connected. This setting is mutually exclusive with
ttl_security
.
bfd.enabled
Enable BFD for the neighbor.
bfd.desired_transmission_interval
Desired BFD transmission interval in milliseconds.
bfd.required_receive_interval
Required BFD receive interval in milliseconds.
bfd.detection_multiplier
BFD detection multiplier.
bfd.multihop
Enable multihop for this BFD peer.
bfd.local_address
Set the local IP address to be used for the BFD session. This is required for IPv6 peers.
The BGP daemon configured in the bgp
section receives and announces IP
prefixes from and to peers on the internal network and peers connected via
legacy IP networks.
Prefixes can also be exchanged by the IP-in-SCION tunneling endpoints using SGRP. Please refer to the IP-in-SCION tunneling section documentation section for information how to configure this. IP prefixes learned and accepted from SCION remotes are entered into the local routing table with a metric of 15 (the Administrative Distance of SGRP). From there they will be picked up by the BGP service and propagated to the BGP peers. Similarly, routes learned via BGP are picked up by the IP-in-SCION tunneling endpoint and propagated to remote ASes while respecting the policies configured in the SCION tunneling section.
BGP Configuration Example
The example shows a BGP configuration with one neighbor.
{
"bgp": {
"global": {
"as": 64496,
"router_id": "10.0.0.1",
"networks": [
"10.31.206.120/32"
]
},
"neighbors": [
{
"auth_password_ref": "bgp-auth-password_10.0.0.2@1",
"enabled": true,
"local_as": 64510,
"neighbor_address": "10.0.0.2",
"peer_as": 64510
}
]
}
}