6c31f74bfefd042c682d1a955c66972b4009c0a0
howto/Bird-communities.md
| ... | ... | @@ -0,0 +1,129 @@ |
| 1 | +Bird is a commonly used BGP daemon. This page provides configuration and help for using BGP communities with Bird for dn42. |
|
| 2 | + |
|
| 3 | +Communities can be used to prioritize traffic based on different flags, in DN42 we are using communities to prioritize based on latency, bandwidth and encryption. Please note that everyone should be using community 64511. |
|
| 4 | + |
|
| 5 | +The community is applied to the route when it is imported and exported, therefore you need to change your bird configuration, in /etc/bird/peers4 if you followed the [Bird](/howto/Bird) guide. |
|
| 6 | + |
|
| 7 | +The calculations for finding the best route can be stored in a separate file, for example /etc/bird/community_filters.conf. |
|
| 8 | + |
|
| 9 | +Below, you will see an example config for peers4 as well as the and the suggested improvement by tombii (prefers low latency) to original filter implementation by welterde (prefers high BW over low latency). |
|
| 10 | + |
|
| 11 | +To properly assign the right community to your peer, please reference the table below. If you are running your own network and peering internally, please also apply the communities inside your network. |
|
| 12 | + |
|
| 13 | +## BGP community criteria |
|
| 14 | +``` |
|
| 15 | +(64511, 1) :: latency \in [0, 2.7ms] |
|
| 16 | +(64511, 2) :: latency \in [2.7ms, 7.3ms] |
|
| 17 | +(64511, 3) :: latency \in [7.3ms, 20ms] |
|
| 18 | +(64511, x) :: latency \in [exp(x-1), exp(x)] ms (for x < 10) |
|
| 19 | + |
|
| 20 | +(64511, 21) :: bw >= 0.1mbit |
|
| 21 | +(64511, 22) :: bw >= 1mbit |
|
| 22 | +(64511, 23) :: bw >= 10mbit |
|
| 23 | +(64511, 24) :: bw >= 100mbit |
|
| 24 | +(64511, 25) :: bw >= 1000mbit |
|
| 25 | +(64511, 2x) :: bw >= 10^(x-2) mbit |
|
| 26 | +bw = min(up,down) for asymmetric connections |
|
| 27 | + |
|
| 28 | +(64511, 31) :: not encrypted |
|
| 29 | +(64511, 32) :: encrypted with unsafe vpn solution |
|
| 30 | +(64511, 33) :: encrypted with safe vpn solution (but no PFS - the usual OpenVPN p2p configuration falls in this category) |
|
| 31 | +(64511, 34) :: encrypted with safe vpn solution with PFS |
|
| 32 | + |
|
| 33 | +Propagation: |
|
| 34 | +- - for latency pick max(received_route.latency, link_latency) |
|
| 35 | +- - for encryption and bandwidth pick min between received BGP community and peer link |
|
| 36 | +``` |
|
| 37 | +For example, if your peer is 12ms away and the link speed between you is 250Mbit/s and you are peering using OpenVPN P2P, then the community string would be (3, 24, 33). |
|
| 38 | + |
|
| 39 | +## Example configurations |
|
| 40 | +``` |
|
| 41 | +# /etc/bird/peers4/tombii.conf |
|
| 42 | +# As you are redefining the import and export filters, the check for is_valid_network() is no longer imported from dnpeers |
|
| 43 | +# This comes from my own experience so let me know if I'm wrong :) -tombii |
|
| 44 | +protocol bgp tombii from dnpeers { |
|
| 45 | + neighbor 172.23.102.x as 4242420321; |
|
| 46 | + import filter { |
|
| 47 | + if is_valid_network() && !is_self_net() then { |
|
| 48 | + update_flags(3,24,33); |
|
| 49 | + accept; |
|
| 50 | + } |
|
| 51 | + reject; |
|
| 52 | + }; |
|
| 53 | + export filter { |
|
| 54 | + if is_valid_network() then { |
|
| 55 | + update_flags(3,24,33); |
|
| 56 | + accept; |
|
| 57 | + } |
|
| 58 | + reject; |
|
| 59 | + }; |
|
| 60 | +}; |
|
| 61 | +``` |
|
| 62 | +``` |
|
| 63 | +#/etc/bird/community_filters.conf |
|
| 64 | +function update_latency(int link_latency) { |
|
| 65 | + bgp_community.add((64511, link_latency)); |
|
| 66 | + if (64511, 9) ~ bgp_community then { bgp_community.delete([(64511, 1..8)]); return 9; } |
|
| 67 | + else if (64511, 8) ~ bgp_community then { bgp_community.delete([(64511, 1..7)]); return 8; } |
|
| 68 | + else if (64511, 7) ~ bgp_community then { bgp_community.delete([(64511, 1..6)]); return 7; } |
|
| 69 | + else if (64511, 6) ~ bgp_community then { bgp_community.delete([(64511, 1..5)]); return 6; } |
|
| 70 | + else if (64511, 5) ~ bgp_community then { bgp_community.delete([(64511, 1..4)]); return 5; } |
|
| 71 | + else if (64511, 4) ~ bgp_community then { bgp_community.delete([(64511, 1..3)]); return 4; } |
|
| 72 | + else if (64511, 3) ~ bgp_community then { bgp_community.delete([(64511, 1..2)]); return 3; } |
|
| 73 | + else if (64511, 2) ~ bgp_community then { bgp_community.delete([(64511, 1..1)]); return 2; } |
|
| 74 | + else return 1; |
|
| 75 | +} |
|
| 76 | + |
|
| 77 | +function update_bandwidth(int link_bandwidth) { |
|
| 78 | + bgp_community.add((64511, link_bandwidth)); |
|
| 79 | + if (64511, 21) ~ bgp_community then { bgp_community.delete([(64511, 22..29)]); return 21; } |
|
| 80 | + else if (64511, 22) ~ bgp_community then { bgp_community.delete([(64511, 23..29)]); return 22; } |
|
| 81 | + else if (64511, 23) ~ bgp_community then { bgp_community.delete([(64511, 24..29)]); return 23; } |
|
| 82 | + else if (64511, 24) ~ bgp_community then { bgp_community.delete([(64511, 25..29)]); return 24; } |
|
| 83 | + else if (64511, 25) ~ bgp_community then { bgp_community.delete([(64511, 26..29)]); return 25; } |
|
| 84 | + else if (64511, 26) ~ bgp_community then { bgp_community.delete([(64511, 27..29)]); return 26; } |
|
| 85 | + else if (64511, 27) ~ bgp_community then { bgp_community.delete([(64511, 28..29)]); return 27; } |
|
| 86 | + else if (64511, 28) ~ bgp_community then { bgp_community.delete([(64511, 29..29)]); return 28; } |
|
| 87 | + else return 29; |
|
| 88 | +} |
|
| 89 | + |
|
| 90 | +function update_crypto(int link_crypto) { |
|
| 91 | + bgp_community.add((64511, link_crypto)); |
|
| 92 | + if (64511, 31) ~ bgp_community then { bgp_community.delete([(64511, 32..34)]); return 31; } |
|
| 93 | + else if (64511, 32) ~ bgp_community then { bgp_community.delete([(64511, 33..34)]); return 32; } |
|
| 94 | + else if (64511, 33) ~ bgp_community then { bgp_community.delete([(64511, 34..34)]); return 33; } |
|
| 95 | + else return 34; |
|
| 96 | +} |
|
| 97 | + |
|
| 98 | +function update_flags(int link_latency; int link_bandwidth; int link_crypto) |
|
| 99 | +int latency; |
|
| 100 | +int bandwidth; |
|
| 101 | +int crypto; |
|
| 102 | +{ |
|
| 103 | +latency = update_latency(link_latency); |
|
| 104 | +bandwidth = update_bandwidth(link_bandwidth) - 20; |
|
| 105 | +crypto = update_crypto(link_crypto) - 30; |
|
| 106 | +if bandwidth > 4 then bandwidth = 4; |
|
| 107 | +bgp_local_pref = 100*bandwidth + 100*(10-latency)-100*bgp_path.len+50*crypto; |
|
| 108 | +return true; |
|
| 109 | +} |
|
| 110 | +``` |
|
| 111 | +Please remember to include /etc/bird/community_filters.conf in your bird.conf/birdc6.conf |
|
| 112 | +``` |
|
| 113 | +# filter helpers |
|
| 114 | +################# |
|
| 115 | + |
|
| 116 | +include "/etc/bird/filter4.conf"; |
|
| 117 | +**include "/etc/bird/community_filters.conf";** |
|
| 118 | +``` |
|
| 119 | + |
|
| 120 | + |
|
| 121 | +*** |
|
| 122 | + |
|
| 123 | +Original implementation by Jplitza: https://gist.github.com/welterde/524cc9b37a618e29093d |
|
| 124 | + |
|
| 125 | +All props to him for the bird code based on the suggestion from welterde. |
|
| 126 | + |
|
| 127 | +Original email from welterde: http://lists.spaceboyz.net/pipermail/dn42/2015-February/000982.html |
|
| 128 | + |
|
| 129 | +My modification is only for the calculation of bgp_local_pref to adjust for prefering lower latency. Feel free to play around with the formula to find something that suits your needs. |
|
| ... | ... | \ No newline at end of file |