I had some struggle with the example config on the dn42.dev Website, as some commands are changed during the version change from 1.3 to 1.4 and now to 1.5. So here is a working config with BGP Multipath and Extended Netxthop capabilities:
Im using a random IPv4 and IPv6 prefix here as example, you have to use your own registered subnet!
Dummy / Loopback Interface for IPv4 and IPv6:
set interface dummy dum1 address 172.23.10.161/27
set interface dummy dum1 address fdca:fa:5a6b:a::1/64
To setup the first peer with wireguard as Tunnel you can use the all in one command to create a Tunnel Interface:
run generate pki wireguard key-pair install interface wg123456789
set interfaces wireguard wg123456789 address <Your IPv6 Link-Local>
I’m always using the AS im peering with as the interface name, you can do the same or name it whatever you want, but keep in mind: The more peers you have, it gets complicated, so choose your naming wisely 😉
You’ll should got your public key, note it somewhere you need it for the next steps
If you’re using the autopeering feature from some of the members of DN42 (You should), you got now a wireguard public key from the peering side, so lets add a wireguard peer:
set interfaces wireguard wg123456789 peer lon1-uk.dn42 address <Peer IP)
set interfaces wireguard wg123456789 peer lon1-uk.dn42 port <Peer Port)
set interfaces wireguard wg123456789 peer lon1-uk.dn42 public-key (Peer PK)set interfaces wireguard wg123456789 peer lon1-uk.dn42 persistent-keepalive 60
Now its time to setup your own BGP router and which of your own networks are distributed:
set protocols bgp system-as <Your own AS number from DN42>
set protocols bgp address-family ipv4-unicast network 172.23.10.160/27
set protocols bgp address-family ipv6-unicast network fdca:fa:5a6b::/48
set protocols bgp parameters router-id 172.23.10.161
Im always using a peer-group for simplicity, some parameters for each peer can be defined here, so you don’t have to do the same config each time you add a new peer.
set protocols bgp peer-group dn42 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp peer-group dn42 address-family ipv6-unicast soft-reconfiguration inbound
set protocols bgp peer-group dn42 capability extended-nexthop
You can (and should) also use this peer-group to add a route-map for inclusion and exclusion of networks you deal with.
Let’s add the first BGP peer!
For this you need the IPv6 link local adress from your peer and, of course, the AS number given from the auto-peering portal:
set protocols bgp neighbor fe80::aaaa:ffff desc <A description of your peer>
set protocols bgp neighbor fe80::aaaa:ffff interface source-interface wg123456789
set protocols bgp neighbor fe80::aaaa:ffff interface v6only
set protocols bgp neighbor fe80::aaaa:ffff peer-group dn42
set protocols bgp neighbor fe80::aaaa:ffff remote-as <AS of your peer>
set protocols bgp neighborg fe80::aaaa:ffff update-source wg123456789
If everything went well, you could now check you first BGP peering session with:
sh ip bgp summary
You should see some prefixes coming in on “State/PfxRcd”, if you see only “Connect” or something else, check if your wireguard peer is online and if everything is fine with your BGP config. As always you can check the logs with:
sh log protocol bgp
There is still a lot of “work” to do, you should filter the incoming and outgoing prefixes, setup RPKI / ROA checking and some more, everything is also documented well on the dn42.dev pages
If you want to peer with me, leave me a message on BlueSky or traditional email.
Happy learning!
0 Comments.