Bird is a open source routing engine, that's growing in popularity. It does the same thing as Zebra/Quagga routing daemon and seems okay.
It's not as strongly support as the legacy GateD routing daemon, and like GateD, it uses a routing monitor client to view and control parts of the routing engine.
Birdc vrs GateD gdc ( Bird vrs GateD)
you can find more information here;
http://bird.network.cz/
and
http://en.wikipedia.org/wiki/Merit_Network
http://www.merit.edu/services/
btw: GateD was great for OSPF routing and I ran a complete small ISP network off GateD back in the late 90s on a mix of Sun SparcStations and x386 platforms
( a little bit on my past history with Bird )
I've used Bird for route injection & with over 300K /32 routes, and it held up with little problems, but any traffic forwarding thru the box and along with bgp+ospf instability, seem to have a direct impact to the Bird daemon uptime. So I'm not 100% confident in bird in a full blown production center.
We had numerous nights of logining into our bird route-injector and to find the daemon had died. This was under FreeBSD & with a dedicate HP hardware btw. We also used Bird for locally redundant Bgp-RouteRefelector Servers.
The price of 2each simple Dell R610 servers ( freebsd+Bird), was much cheaper than a single cisco ISR2900 :)
Now let's look at Bird;
It support rip, ospf, & the bgp routing protocols and with the means to control route export & importation. To install it under pfsense, I had to resort to a manual pkg_add since the pfSense distribution doesn't have a pkg source available.
Next,
After you've installed the Bird pkg, you will need to craft your configuration file. Based on what your doing, that could be a few lines, or a few hundred lines.
Here's a preview of my configuration approach, which is for the very basic route importation for Bgp.
( which is the default for BGP )
Okay simple!
We've define a few global configuration items, and then we move into the "protocol bgp" section to define our neighbor.
Once you have the cfg setup, you could then use a simple cmd to check the cfg via the following;
Okay,
So after you have the bird-cfg checked out, we can start the process via;
bird6 -c /etc/bird6.conf -s 1001
This will start the process and set the control channel for socket 1001.
You can now confirm it's started via the system log and or the following;
Okay after it's started;
We can jump into the client monitor via the Bird client ( birdc6 -s 1001 )If all was good and we had a bgp session up. You could verify with any of the following;
show protocol all
show protocol bgp1
But in my case I was displayed an error;
I did have it started a few times, and we pulled in 12k+ ipv6 routes before it closed the session & with the same "malform attribute error", that was seen under OpenBGP.
I believe this is a problem in the BGP- UPDATEs from my arpnetwork peer. I'm still investigating this matter , but since the same 2 errors came in and with 2 different routing daemons, I think it's an update issue and from my upstream OpenBGP peer.
NOTE: Btw, on this pfsense host, I'm running a OpenBGP instance for ipv4 and Birdv6 for ipv6.
Here's some a screen shots on when it working & correctly;
And the system log file when it fails and our BGP session is torn down ;
( snip)
I do have a running pcap on my host, and later I'm going to diagnose it with wireshark/tshark and inspect the last bgp UPDATES & right before the tear down.
I believe my upstream peer has something hosed up. And as a side task, I'm in the process of crafting a GRE tunnel between my pfSense host, and to one of my Juniper J router.
We will establish a bgp-v6 peer between the these two devices, and validate that we do have stable bgp establishment for ipv6 peers & with Bird6. This could be a OS stack issues within pfSense 2.1rc. I'm only guessing as to what could be the issue(s) as of this time.
fwiw:
If anybody wants to establish a bgp peering session over a GRE tunnel for testing, please contact me at the below email.
This host is dual homed on a ipv4/6 backbone. And the problem with bgp establishments, seems to be ipv6 related. So I would like to test ipv6 connectivity to various other bgp peers, & using Bird6.
Ken Felix
Freelance Network/Security Engineer
kfelix --at-- hyperfeed --dot-- com
Stay tuned !
^ ^
= ( @ @ ) =
o
/ \
No comments:
Post a Comment