For this example deployment, I'll be using my NSX-T Lab as the fabric, VyOS for the Overloaded Router role, and trying out hyperglass:
Installation (VyOS)
I already have a base image for VyOS with its management VRF set up - and updating the base image prior to deployment is a breeze due to the vSphere 7 VM Template Check Out Feature.
In this case, I'll deploy to an NSX-T External Port and peer up, with fully implemented ingress filtering:
Export Filters - Permit all prefixes:
Import Filters - don't trust any prefixes from this router:Set in the correct directions:
Configure the BGP Neighbors:
From here, we build the VNF, by adding the following configuration:
protocols {
bgp 64932 {
address-family {
ipv4-unicast {
maximum-paths {
ebgp 4
}
}
ipv6-unicast {
maximum-paths {
ebgp 4
}
}
}
neighbor 10.7.2.1 {
remote-as 64902
}
neighbor 10.7.2.2 {
remote-as 64902
}
neighbor x:x:x:dea::1 {
address-family {
ipv6-unicast {
}
}
remote-as 64902
}
neighbor x:x:x:dea::2 {
address-family {
ipv6-unicast {
}
}
remote-as 64902
}
timers {
holdtime 12
keepalive 4
}
}
}
Then, let's verify that BGP is working:
vyos@vyos-lg-01:~$ show ip bgp summary
IPv4 Unicast Summary:
BGP router identifier 10.7.2.254, local AS number 64932 vrf-id 0
BGP table version 156
RIB entries 75, using 14 KiB of memory
Peers 4, using 85 KiB of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt
10.7.2.1 4 64902 278 272 0 0 0 00:11:31 40 42
10.7.2.2 4 64902 16 13 0 0 0 00:00:16 39 42
x:x:x:dea::1 4 64902 234 264 0 0 0 00:11:43 NoNeg
x:x:x:dea::2 4 64902 283 368 0 0 0 00:11:43 NoNeg
Total number of neighbors 4
The VNF is configured! Now, we'll follow the application maintainer's instructions for installation: https://hyperglass.io/docs/getting-started
The documentation for install is pretty good - but some customization is still required. I built the following configuration files out - hyperglass leverages YAML as a configuration file format, examples are here. I did make some changes:
- Some combination of VyOS 1.4, MP-BGP, and/or VRF-lite changed the syntax for the BGP views around. Setting a commands file fixes this.
- VyOS driver is appending a host mask (/32, /128) on routes with no prefix specified.
- NB: I reached out to the maintainer (Matt Love) and he informed me that this was configurable per-VRF using the force-cidr option.
This particular tool has been extremely useful to me, as NSX-T still lacks comprehensive BGP visibility without CLI access - and even if it didn't, this will provide consumers an easy way to validate that prefixes have propagated, and where.
No comments:
Post a Comment