Getting Started to BGP

Still working on it

Topology

Still working on it

Addressing

local-private-as : 64535
remote-private-as : 64534
ptp-source : 137.59.127.134/30 [vlan-tagging : 197]
ptp-neighbour : 137.59.127.133/30 [vlan-tagging : 197]
advertising ip :
- 103.93.128.64/27
- 103.93.128.224/27

Physical infra (BCF)

  1. Plug-in server to physical switch BCF Staging SKIP-THIS-STEP
  2. Add routes (new subnet) and connect to logical segment/next-hope external SKIP-THIS-STEP
    -- define routes for every CIDR SKIP-THIS-STEP
  3. Add tenant on BCF. Under tenant, add segmentSKIP-THIS-STEP
    -- logical segment (setup ptp segment for bgp), for example : ptp-bgp SKIP-THIS-STEP
    -- segment interfaces. connect to logical-segment SKIP-THIS-STEP
  4. Under segment (ptp-bgp), add interface-group for all of ur exsi host (define-vlan-id)
    -- member interface-group exsi01-dvs VLAN-ID
    -- member interface-group exsi02-dvs VLAN-ID
    -- member interface-group exsi03-dvs VLAN-ID

vSphere section

  1. Create a portgroup on exsi host
    -- this will be used for ptp-source ip address : 137.59.127.134/30
    -- make sure that vlan-id tagging is matched with the destination
  2. Create VM for vRouter that wil handling bgp configuration and advertising public ip subnet
    -- download and use vyos-rolling-latest.iso
    -- read minimum requirements and installation guide here : https://docs.vyos.io/en/latest/install.html .
    -- disable secure boot options before installation.
    -- use one interfaces for a local ip with source-nat purpose from vyos -- use two interfaces from a network/portgroup that alredy defined on step 1
    -- eth0 -> 172.16.17.253/24
    -- eth1 -> 137.59.127.134/30
    -- eth2 -> 103.93.128.65/27 and 103.93.128.225/27 that will be used as gateway

vyOS Configuration

BASIC
    change vyos user password : sudo su; passwd vyos
INTERFACES
    $configure
    set interfaces ethernet eth0 address 172.16.17.0/24
    set interfaces ethernet eth1 address 137.59.127.134/30
    set interfaces ethernet eth2 address 103.93.128.65/27 
    set interfaces ethernet eth2 address 103.93.128.225/27 
    commit-confirm; commit; save

    show interfaces
    ethernet eth0 {
        address 172.16.17.0/24
    }

    ethernet eth1 {
        address 137.59.127.134/30
    }

    ethernet eth2 {
        address 103.93.128.65/27 
        address 103.93.128.225/27 
    }
SYSTEM
    $configure
    set system host-name vrouter.darin.web.id
    set system name-server 8.8.8.8
    set system name-server 1.1.1.1
    commit-confirm; commit; save
PROTOCOLS    
    #BGP-CONFIGURATION
    $configure
    set protocols bgp 64535
    set protocols bgp 64535 neighbor 137.59.127.133 ebgp-multihop 2
    set protocols bgp 64535 neighbor 137.59.127.133 remote-as 64534
    set protocols bgp 64535 neighbor 137.59.127.133 update-source 137.59.127.134
    set protocols bgp 64535 address-family ipv4-unicast network 103.93.128.64/27
    set protocols bgp 64535 address-family ipv4-unicast network 103.93.128.224/27
    set protocols bgp 64535 parameters router-id 137.59.127.134
    show protocols bgp -> result -> https://prnt.sc/vi9r0e

    #ROUTING
    $configure
    set protocols static route 0.0.0.0/0 next-hop 137.59.127.133

    #VERIFICATION. MAKE SURE ITS ESTABLISHED.
    #ALSO CHECK ON DESTINATION/REMOTE
    show ip bgp summary
    show ip bgp neighbors
    show ip bgp statistics


SERVICE
    #ALLOW-SSH-FROM-PUBLIC
    set service ssh listen-address 172.16.17.253
    set service ssh listen-address 103.93.128.65
    set service ssh listen-address 103.93.128.225
    set service ssh port XXX

    #ALLOW DNS-FORWARDING
    set service dns forwarding allow-from 172.16.17.0/24
    set service dns forwarding allow-from 103.93.128.64/27
    set service dns forwarding allow-from 103.93.128.224/27

    set service dns forwarding listen-address 172.16.17.253
    set service dns forwarding listen-address 103.93.128.65
    set service dns forwarding listen-address 103.93.128.225

    set service dns forwarding name-server 8.8.8.8
    set service dns forwarding name-server 1.1.1.1

    #ALLOW SOURCE-NAT MASQUERADE FOR ETH0 VIA ETH2
    set nat source rule 100 outbound-interface 'eth2'
    set nat source rule 100 source address '172.16.17.0/24'
    set nat source rule 100 translation address 'masquerade'

Testing Section

  1. Create VM using portgroup network same as vyos

  2. Configure IP Address for that VM, for example :
    ip-address : 103.93.128.226
    netmask : /27
    gateway : 103.93.128.225

  3. Curl ifconfig.me

  4. Ping internet

  5. Enable ssh service, try to access from internet.