Changes in 5246c34: Update 'howto/vyos1.4.x.md' * Recommend MP-BGP peerings * add RFC9234 role * set peer description * show bgp summary example * add peer-group * add links to VyOS manual * add credit :)

howto/vyos1.4.x.md

@@ -191,6 +191,7 @@ set protocols bgp parameters router-id '172.20.20.1'

 ### Neighbor Up With Peers

 #### Option 1: MP-BGP (with Multi Protocol) - with Extended Next-Hop

+MP-BGP peerings over IPv6 are recommended on DN42.

 ```

 # For these examples, your peer's link-local address is fe80::4242

@@ -198,11 +199,16 @@ set protocols bgp neighbor fe80::4242 interface v6only remote-as '4242424242'

 set protocols bgp neighbor fe80::4242 remote-as '4242424242'

 set protocols bgp neighbor fe80::4242 interface source-interface 'wg4242424242'

 set protocols bgp neighbor fe80::4242 update-source 'wg4242424242'

+set protocols bgp neighbor fe80::4242 description 'FriendlyNet'

+

+# Set the RFC 9234 role to "peer". 

+set protocols bgp neighbor fe80::4242 local-role peer

 set protocols bgp neighbor fe80::4242 capability extended-nexthop

 set protocols bgp neighbor fe80::4242 address-family ipv4-unicast 

 set protocols bgp neighbor fe80::4242 address-family ipv6-unicast 

+

 ```

 #### Option 2: BGP (no Multi Protocol) - no Extended Next-Hop

 ```

@@ -211,6 +217,7 @@ set protocols bgp neighbor fe80::4242 interface remote-as '4242424242'

 set protocols bgp neighbor fe80::4242 interface source-interface 'wg4242424242'

 set protocols bgp neighbor fe80::4242 remote-as '4242424242'

 set protocols bgp neighbor fe80::4242 address-family ipv6-unicast 

+set protocols bgp neighbor fe80::4242 description 'FriendlyNet'

 # For the ipv4 part we need to add first a static ipv4 route to our peer tunneled ipv4 address

 set protocols static route 172.20.x.y interface wg1234

@@ -218,14 +225,58 @@ set protocols static route 172.20.x.y interface wg1234

 # 172.20.x.y is your peer tunneled IPv4

 set protocols bgp neighbor 172.20.x.y remote-as '<your peer ASN>'

 set protocols bgp neighbor 172.20.x.y address-family ipv4-unicast 

+set protocols bgp neighbor 172.20.x.y description 'FriendlyNet'

 # This setting may need to be adjusted depending on circumstances

 set protocols bgp neighbor 172.20.x.y ebgp-multihop 20

 ```

-You can now check your BGP summary

-`show ip bgp summary`

+You can now check your BGP summary:

+

+```shellsession

+vyos@vyos$ show ip bgp summary

+

+IPv4 Unicast Summary (VRF default):

+BGP router identifier 172.20.20.1, local AS number 4242421234 vrf-id 0

+BGP table version 2782

+RIB entries 1378, using 258 KiB of memory

+Peers 1, using 1 MiB of memory

+Peer groups 1, using 64 bytes of memory

+

+Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt Desc

+fe80::4242 4 4242424242 1031 6 0 0 0 00:04:20 710 1 FriendlyNet

+

+IPv6 Unicast Summary (VRF default):

+BGP router identifier 172.20.20.1, local AS number 4242421234 vrf-id 0

+BGP table version 2782

+RIB entries 1378, using 258 KiB of memory

+Peers 1, using 1 MiB of memory

+Peer groups 1, using 64 bytes of memory

+

+Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt Desc

+fe80::4242 4 4242424242 1031 6 0 0 0 00:04:20 710 1 FriendlyNet

+```

+

+Setting up peer-groups might help standardize multiple peerings:

+

+```

+# One peer group for all IPv6 MP-BGP link-local extended-nexthop peers

+set protocols bgp peer-group dn42 address-family ipv4-unicast

+set protocols bgp peer-group dn42 address-family ipv6-unicast

+set protocols bgp peer-group dn42 capability extended-nexthop

+set protocols bgp peer-group dn42 local-role peer

+

+set protocols bgp neighbor fe80::4242 peer-group dn42

+

+# If you have any non-multiprotocol peerings you'll need to set up peer-groups

+# for the individual address families. This is left up to the reader.

+

+# Delete the settings that are now redundant

+delete protocols bgp neighbor fe80::4242 address-family

+delete protocols bgp neighbor fe80::4242 capability

+```

+

 ## RPKI/ROA Checking

 ### Setup RPKI Caching Server

@@ -330,10 +381,13 @@ set protocols bgp neighbor x.x.x.x address-family ipv6-unicast route-map import 

 ```

 ## Credits

-This How-To has to be considered a work-in-progress by **Matwolf**.

+This How-To has to be considered a work-in-progress by **Matwolf** with parts co-authored by **bri**

 It's based on the original VyOS How-To made by **Owens Research**: [How-To/VyOS](/howto/vyos).

 The commands in this page have been adapted to be compatible with the new version of VyOS 1.4.x (sagitta) and to include configurations for IPv6 (MP-BGP over link-local and extended next-hop).

-If you have any questions or suggestions please reach me out.

+If you have any questions or suggestions please reach out.

+

+## See also

+[WireGuard](https://docs.vyos.io/en/latest/configuration/interfaces/wireguard.html) and [BGP](https://docs.vyos.io/en/latest/configuration/protocols/bgp.html) in the official VyOS documentation.

\ No newline at end of file

...	...	@@ -191,6 +191,7 @@ set protocols bgp parameters router-id '172.20.20.1'
191	191
192	192	### Neighbor Up With Peers
193	193	#### Option 1: MP-BGP (with Multi Protocol) - with Extended Next-Hop
	194	+MP-BGP peerings over IPv6 are recommended on DN42.
194	195	```
195	196	# For these examples, your peer's link-local address is fe80::4242
196	197
...	...	@@ -198,11 +199,16 @@ set protocols bgp neighbor fe80::4242 interface v6only remote-as '4242424242'
198	199	set protocols bgp neighbor fe80::4242 remote-as '4242424242'
199	200	set protocols bgp neighbor fe80::4242 interface source-interface 'wg4242424242'
200	201	set protocols bgp neighbor fe80::4242 update-source 'wg4242424242'
	202	+set protocols bgp neighbor fe80::4242 description 'FriendlyNet'
	203	+
	204	+# Set the RFC 9234 role to "peer".
	205	+set protocols bgp neighbor fe80::4242 local-role peer
201	206
202	207	set protocols bgp neighbor fe80::4242 capability extended-nexthop
203	208
204	209	set protocols bgp neighbor fe80::4242 address-family ipv4-unicast
205	210	set protocols bgp neighbor fe80::4242 address-family ipv6-unicast
	211	+
206	212	```
207	213	#### Option 2: BGP (no Multi Protocol) - no Extended Next-Hop
208	214	```
...	...	@@ -211,6 +217,7 @@ set protocols bgp neighbor fe80::4242 interface remote-as '4242424242'
211	217	set protocols bgp neighbor fe80::4242 interface source-interface 'wg4242424242'
212	218	set protocols bgp neighbor fe80::4242 remote-as '4242424242'
213	219	set protocols bgp neighbor fe80::4242 address-family ipv6-unicast
	220	+set protocols bgp neighbor fe80::4242 description 'FriendlyNet'
214	221
215	222	# For the ipv4 part we need to add first a static ipv4 route to our peer tunneled ipv4 address
216	223	set protocols static route 172.20.x.y interface wg1234
...	...	@@ -218,14 +225,58 @@ set protocols static route 172.20.x.y interface wg1234
218	225	# 172.20.x.y is your peer tunneled IPv4
219	226	set protocols bgp neighbor 172.20.x.y remote-as '<your peer ASN>'
220	227	set protocols bgp neighbor 172.20.x.y address-family ipv4-unicast
	228	+set protocols bgp neighbor 172.20.x.y description 'FriendlyNet'
221	229
222	230	# This setting may need to be adjusted depending on circumstances
223	231	set protocols bgp neighbor 172.20.x.y ebgp-multihop 20
224	232	```
225	233
226		-You can now check your BGP summary
227	234
228		-`show ip bgp summary`
	235	+You can now check your BGP summary:
	236	+
	237	+```shellsession
	238	+vyos@vyos$ show ip bgp summary
	239	+
	240	+IPv4 Unicast Summary (VRF default):
	241	+BGP router identifier 172.20.20.1, local AS number 4242421234 vrf-id 0
	242	+BGP table version 2782
	243	+RIB entries 1378, using 258 KiB of memory
	244	+Peers 1, using 1 MiB of memory
	245	+Peer groups 1, using 64 bytes of memory
	246	+
	247	+Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt Desc
	248	+fe80::4242 4 4242424242 1031 6 0 0 0 00:04:20 710 1 FriendlyNet
	249	+
	250	+IPv6 Unicast Summary (VRF default):
	251	+BGP router identifier 172.20.20.1, local AS number 4242421234 vrf-id 0
	252	+BGP table version 2782
	253	+RIB entries 1378, using 258 KiB of memory
	254	+Peers 1, using 1 MiB of memory
	255	+Peer groups 1, using 64 bytes of memory
	256	+
	257	+Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt Desc
	258	+fe80::4242 4 4242424242 1031 6 0 0 0 00:04:20 710 1 FriendlyNet
	259	+```
	260	+
	261	+Setting up peer-groups might help standardize multiple peerings:
	262	+
	263	+```
	264	+# One peer group for all IPv6 MP-BGP link-local extended-nexthop peers
	265	+set protocols bgp peer-group dn42 address-family ipv4-unicast
	266	+set protocols bgp peer-group dn42 address-family ipv6-unicast
	267	+set protocols bgp peer-group dn42 capability extended-nexthop
	268	+set protocols bgp peer-group dn42 local-role peer
	269	+
	270	+set protocols bgp neighbor fe80::4242 peer-group dn42
	271	+
	272	+# If you have any non-multiprotocol peerings you'll need to set up peer-groups
	273	+# for the individual address families. This is left up to the reader.
	274	+
	275	+# Delete the settings that are now redundant
	276	+delete protocols bgp neighbor fe80::4242 address-family
	277	+delete protocols bgp neighbor fe80::4242 capability
	278	+```
	279	+
229	280
230	281	## RPKI/ROA Checking
231	282	### Setup RPKI Caching Server
...	...	@@ -330,10 +381,13 @@ set protocols bgp neighbor x.x.x.x address-family ipv6-unicast route-map import
330	381	```
331	382
332	383	## Credits
333		-This How-To has to be considered a work-in-progress by Matwolf.
	384	+This How-To has to be considered a work-in-progress by Matwolf with parts co-authored by bri
334	385
335	386	It's based on the original VyOS How-To made by Owens Research: [How-To/VyOS](/howto/vyos).
336	387
337	388	The commands in this page have been adapted to be compatible with the new version of VyOS 1.4.x (sagitta) and to include configurations for IPv6 (MP-BGP over link-local and extended next-hop).
338	389
339		-If you have any questions or suggestions please reach me out.
	390	+If you have any questions or suggestions please reach out.
	391	+
	392	+## See also
	393	+[WireGuard](https://docs.vyos.io/en/latest/configuration/interfaces/wireguard.html) and [BGP](https://docs.vyos.io/en/latest/configuration/protocols/bgp.html) in the official VyOS documentation.
...	...	\ No newline at end of file