iFog BGP Configuration Using Bird on Ubuntu 22.04

Planted April 28, 2023

To anyone who is using iFog’s IXP access VM and having trouble (unreachable routes, invalid next hop) setting up BGP session using bird, this article might be helpful.

Head to the Full Configuration section to see the final configuration if you don’t want to read the whole article.

Please use more recent version of bird from the official repository if possible. As it fixes some bugs and has better error messages.

The Problem

The number of import updates is always 0, and in the route table there is no route from the IXP aside from the system default routes.

ubuntu@ifog:~$ sudo birdc s p a fog_transit_v6
...
Routes:         0 imported, 0 exported, 0 preferred
    Route change stats:     received   rejected   filtered    ignored   accepted
      Import updates:              0          0          0          0          0
      Import withdraws:       372201          0        ---     372201          0
      Export updates:              0          0          0        ---          0
      Export withdraws:            0        ---        ---        ---          0
...

The Cause

Before dive deeper into this problem, I take a look at the log file generated by bird. By default, bird outputs its logs to /var/log/syslog

ubuntu@ifog:~$ tail -f /var/log/syslog 
Apr 28 00:31:28 ifog bird: fog_transit_v6: Invalid NEXT_HOP attribute
Apr 28 00:32:34 ifog bird: message repeated 729 times: [ fog_transit_v6: Invalid NEXT_HOP attribute]
Apr 28 00:32:34 ifog bird: fog_transit_v6: Invalid NEXT_HOP attribute
Apr 28 00:32:36 ifog bird: message repeated 23 times: [ fog_transit_v6: Invalid NEXT_HOP attribute]
Apr 28 00:32:36 ifog bird: fog_transit_v6: Invalid NEXT_HOP attribute
Apr 28 00:32:40 ifog bird: message repeated 28 times: [ fog_transit_v6: Invalid NEXT_HOP attribute]
Apr 28 00:32:40 ifog bird: fog_transit_v6: Invalid NEXT_HOP attribute
Apr 28 00:32:43 ifog bird: message repeated 44 times: [ fog_transit_v6: Invalid NEXT_HOP attribute]
Apr 28 00:32:44 ifog bird: fog_transit_v6: Invalid NEXT_HOP attribute

Note: If you are using more recent version of bird, it will output more meaningful error messages.

Apr 28 04:52:20 ifog bird: fog_transit_v6: Invalid NEXT_HOP attribute - address 2a0c:9a40:1030::1 not directly re
achable
Apr 28 04:52:20 ifog bird: fog_transit_v6: Invalid route 2804:3d28:11::/48 withdrawn

As you can see, the router server is sending me routes, but bird is rejecting them because of Invalid NEXT_HOP attribute.

So what is the next hop attribute? According to RFC 4271, the next hop attribute is the IP address of the router that should be used to reach the destination network. In this case, I’m expecting the next hop to be the router server’s address 2a0c:9a40:1::1.

To find out what is the next hop attribute of the routes sent by the router server, I use tcpdump to capture the BGP packets.

ubuntu@ifog:~$ sudo tcpdump -i ens18 -n -w ens18.pcap port 179

Then I open the pcap file using wireshark and filter the BGP packets.

Multi-Protocol Reach NLRI (14), length: 44, Flags [O]: 
	    AFI: IPv6 (2), SAFI: Unicast (1)
	    nexthop: 2a0c:9a40:1030::1, fe80::b6fb:e4ff:fe26:c5d5, nh-length: 32, no SNPA
	      2001:678:80::/48

Clearly, the next hop attribute of the route is 2a0c:9a40:1030::1, which is not the router server’s address, and it’s not directly reachable (not in the same subnet as my VM). This is why bird is rejecting the routes.

Solution

To solve this problem, I need to configure bird to accept routes with next hop attribute that is not directly reachable.

protocol bgp fog_transit_v6 {
...
    multihop 2; # Add this line
...
}

After reconfiguring bird, I check the BGP status again and this time the number of import updates is not 0 anymore.

Credits

Thanks to CanadianPacketChaser#5264 from Discord for helping me to solve this problem.

Thanks to const#7179 from Discord.

Thanks to FHR's Blog - Bird Unreachable Routes on multihop BGP Sessions

Full Configuration

This is a very basic configuration of bird, but it’s enough to get the job done.

Assume that:

VM Network Configuration:
IPv4: 192.168.1.197/24 - Gateway: 192.168.1.1
IPv6: 2a0c:9a40:1::1014/48 - Gateway: 2a0c:9a40:1::1

NIC Assignment:
ens18: Uplink
ens20: FogIXP

Fog Transit BGP Session:
Their side: AS34927 - 2a0c:9a40:1::1
Our side: YOUR_ASN - 2a0c:9a40:1::1014

BGP Next Hop:
2a0c:9a40:1030::1

IPv6 Prefix to Announce: 
2abc:ffff:1::/48

Bird.conf will look like this (only IPv6 part):

# BIRD version 2.13
log syslog all;
router id 192.168.1.197;

protocol device {
}

protocol direct {
	disabled;
	ipv4;
	ipv6;
}

protocol kernel {
	ipv4 {
	      export all;
	};
}

protocol kernel {
    ipv6 {
	    import none;
        export all;
    };
}

define OWNNET = [
	2abc:ffff:1::/48
];

filter export_filter_v6 {
	if net ~ OWNNET then accept;
	reject;
};

protocol static static_v6 {
	ipv6;
	route 2abc:ffff:1::/48 via 2a0c:9a40:1::1014;
	# Tell bird that 2a0c:9a40:1030::1 is directly reachable via ens18
	route 2a0c:9a40:1030::1/128 via "ens18"; 
}

protocol bgp fog_transit_v6 {
    local 2a0c:9a40:1::1014 as YOUR_ASN;
    neighbor 2a0c:9a40:1::1 as 34927;
	multihop 2;
    ipv6 {
        import all;
        export filter export_filter_v6;
	    export limit 5;
    };
}

protocol bgp fog_ix_ams_v6 {
    local YOUR_FOG_IX_ADDRESS as YOUR_ASN;
    neighbor 2001:7f8:ca:1::111 as 47498;
    ipv6 {
        import all;
	    export filter export_filter_v6;
        export limit 5;
    };
}

protocol bgp fog_ix_zurich_v6 {
    local YOUR_FOG_IX_ADDRESS as YOUR_ASN;
    neighbor 2001:7f8:ca:1::222 as 47498;
    ipv6 {
        import all;
        export filter export_filter_v6;
        export limit 5;
    };
}