16.2. Configuring BGP
This section describes how to configure BGP in Trisul ISP.
16.2.1 I-BGP Route Receiver
Trisul must be configured as a I-BGP peer with your external gateway routers or with your route reflectors. Trisul will not advertise or withdraw any routers, it will be a passive route collector. This allows Trisul to bulid a virtual RIB for each router. The netflow data from the routers is combined with this RIB to provide deep analytics.
16.2.2 Configuring Trisul as a BGP peer
The BGP support is present in the trisul-geo package. Ensure that the package is installed for on the probe. This package installs two systemd services
- trisul-bgp.service : the BGP peering service
- trisul-bgp-ramfs-mount.service : a service that prepares a special RAMFS partition to store the route database
16.2.3 trisul-bgp.service
This service uses a config file /usr/local/etc/trisul-probe/trisul_piranha.conf This is the only file you have to edit to start the service.
Say your AS Number is 55555 , the same AS Number must be specified in the configuration file local_as. Then add the neighbors one after the other. An minimal example config.
..
local_as 55555
local_ip4 172.17.17.27
bgp_router_id 172.17.17.27
neighbor 10.10.16.12 55555
..
The parameters are :
- local_as
- Your (ISPs) AS number. Important this is not an external ASN, because we are creating an I-BGP session.
- local_ip4
- IP Address of the Trisul-Probe
- bgp_router_id
- You can use the same value as
local_ip4. An IP Address of the Trisul-Probe, this address will appear in BGP messages on the remote peers. - neighbor
- IP Address of the BGP neighbor then a space and the AS Number
Starting and verifying
After configuring the neighbor above, you can start the BGP services.
$ systemctl start trisul-bgp-ramfs-mount
$ systemctl start trisul-bgp
Verifying
Login as admin/admin , then select Contexts: default > Admin Tasks > BGP Route Receiver
This should show status of each peer.
16.2.4 Netflow vs BGP Peer address
After the peering is established you may need to link the Netflow exporter IP address to the BGP Peer Address. Follow these steps.
- Login and go to Netflow>Routers and Intefaces Note down the router IP address. This is the Netflow exporter IP Address say this is 10.17.17.20
- Go to the router database directory. Here you will find the BGP Peer Addresses. The directory is located in
/usr/local/var/ramdisk. Say the BGP Peer address corresponding to the netflow exporter address 10.17.17.20 is 10.10.20.37, you will find a database here.
root@ATJHSD33:/usr/local/var/ramdisk# ls
10.10.20.37_routes.db.sqlite3
- Link the BGP peer database to the Netflow exporter database
$ ln -sf 10.10.20.37_routes.db.sqlite3 10.17.17.20_routes.db.sqlite3
The softlinks should show as below
$ ls -l
total 3300
-rw-r--r-- 1 trisul trisul 3379200 Jan 31 16:10 10.10.20.37_routes.db.sqlite3
lrwxrwxrwx 1 trisul trisul 32 Jan 6 16:03 10.17.17.20_routes.db.sqlite3-> 10.10.20.37_routes.db.sqlite3
16.2.5 Common errors
- Make sure TCP Port 179 is open on the trisul probe
firewall-cmd --zone=public --add-port=179/tcp - There is a space , tab , or special character in the neighbor line of the config file
- Double check the softlinks
- Restart the probes