How to configure a BGP route reflector for data center redundancy
Set up a BGP route reflector on Ubuntu 24.04 to manage iBGP peering and provide redundant paths for your data center network.
You will configure a BGP route reflector on Ubuntu 24.04 to manage internal BGP peering and provide redundant paths for your data center network. This guide uses FRRouting (FRR) with Quagga compatibility to set up a non-client or client route reflector on a fresh server. The steps install the necessary packages, configure the BGP daemon, and define the route reflection policy.
Prerequisites
- Ubuntu Server 24.04 LTS or 22.04 LTS with root access.
- A static IP address assigned to the loopback interface (lo) for the BGP router ID.
- Access to the network segment containing other BGP speakers (clients or peers).
- At least two physical or virtual interfaces for redundancy (e.g., eth0 and eth1).
Step 1: Install FRRouting and dependencies
Update your package lists and install the FRRouting suite, which includes the BGP daemon (frr). This package provides the necessary tools to run a BGP process compatible with Quagga configurations.
apt update
apt install -y frr frr-doc
You will see a prompt to configure the FRR daemon. Press Enter to accept the defaults or press Ctrl+C to skip the interactive setup and configure manually later.
debconf: delaying package configuration, since apt-utils is not installed
Start the FRR service to ensure the daemon is running before adding configuration.
systemctl enable --now frr
Check the status to confirm the BGP process is active.
systemctl status frr
Expected output shows the service is active and running.
Step 2: Configure the FRR daemon file
Edit the main FRR configuration file to define the global settings. This file controls the behavior of the BGP daemon, including logging and daemon modes.
vi /etc/frr/daemons
Add the following lines to enable the BGP daemon and disable unnecessary processes like bgpd if you are using a specific daemon name, though standard practice is to enable bgpd.
bgpd=yes
ospfd=no
isisd=no
Save and exit the file. Ensure the file permissions are correct so the daemon can read it.
chown root:root /etc/frr/daemons
chmod 644 /etc/frr/daemons
Step 3: Configure the BGP process and Router ID
Create a new configuration directory for your BGP instance. This directory holds the specific settings for your route reflector, including the router ID and network statements.
mkdir -p /etc/frr/
vi /etc/frr/bgp.conf
Open the file and add the BGP process definition. Set the router ID to the IP address of your loopback interface. Replace 192.168.1.1 with your actual loopback IP.
router bgp 65001
bgp router-id 192.168.1.1
bgp log-neighbor-changes
neighbor 10.0.0.1 remote-as 65002
neighbor 10.0.0.2 remote-as 65002
neighbor 10.0.0.1 route-reflector-client
neighbor 10.0.0.2 route-reflector-client
The neighbor commands define the iBGP peers. The route-reflector-client keyword marks them as clients, allowing the route reflector to reflect their routes to other clients.
Add a second neighbor entry for redundancy. If you have a second peer, add it with the same route-reflector-client flag.
neighbor 10.0.0.3 remote-as 65002
neighbor 10.0.0.3 route-reflector-client
Save and exit the file.
Step 4: Configure BGP neighbors and redundancy
To ensure redundancy, configure the BGP process to listen on multiple interfaces or use passive mode if needed. Ensure that the BGP process binds to the correct interfaces. Add the following lines to the BGP configuration to specify the source interface for BGP sessions.
router bgp 65001
bgp router-id 192.168.1.1
bgp default-router-adv
neighbor 10.0.0.1 remote-as 65002
neighbor 10.0.0.1 update-source eth0
neighbor 10.0.0.2 remote-as 65002
neighbor 10.0.0.2 update-source eth1
neighbor 10.0.0.3 remote-as 65002
neighbor 10.0.0.3 update-source eth1
neighbor 10.0.0.1 route-reflector-client
neighbor 10.0.0.2 route-reflector-client
neighbor 10.0.0.3 route-reflector-client
The update-source command ensures that BGP sessions use the specified interface IP as the source. This is critical for redundancy when multiple paths exist.
Save and exit the file.
Step 5: Apply the configuration
Reload the FRR daemon to apply the new configuration. This step ensures that the BGP process picks up the new neighbor definitions and router ID.
frrreload
If the command is not available, restart the service directly.
systemctl restart frr
Check the logs to ensure there are no errors during the reload.
journalctl -u frr -f
Look for lines indicating that the BGP process has started and that neighbors are being established.
Verify the installation
Verify that the BGP neighbors are established. Use the show command to display the BGP neighbor table. This confirms that the route reflector is receiving updates from its clients.
show ip bgp neighbors
Expected output shows the state as Established for all neighbors.
BGP neighbor is 10.0.0.1, remote AS 65002, external link
BGP version 4, remote router ID 192.168.2.1
BGP state = Established, up for 00:05:12
...
Verify that the route reflector is reflecting routes correctly. Use the show ip bgp command to list the BGP table.
show ip bgp
Ensure that routes from clients appear in the table and that the next-hop is correct.
Troubleshooting
If BGP sessions fail to establish, check the logs for errors. Common issues include incorrect router IDs, mismatched AS numbers, or firewall rules blocking port 179.
journalctl -u frr -n 50
Ensure that the firewall allows BGP traffic. Use ufw to allow port 179.
ufw allow 179/tcp
ufw reload
Verify that the router ID is unique across the AS. If the router ID is not set manually, FRR may select an interface IP that conflicts with another router.
show ip bgp summary
Check that the BGP process is listening on the correct interfaces. Use the following command to see the BGP process status.
netstat -tlnp | grep frr
Ensure that the neighbor commands in the configuration file are syntactically correct. A typo in the neighbor IP or AS number will prevent the session from establishing.
If redundancy is not working, verify that the second neighbor is also configured as a route-reflector-client. If a neighbor is not a client, the route reflector will not reflect its routes to other clients.
Check that the BGP process is not restarting unexpectedly. Use the following command to monitor the service status.
systemctl status frr
Ensure that the BGP process is not being killed by resource limits. Check the system logs for OOM killer messages.
If the BGP table is empty, verify that the network statements are correct. Add a network statement to advertise a specific prefix if required.
network 192.168.1.0/24
Save the configuration and reload the daemon.
Finally, ensure that the BGP process is not using the wrong source interface for the session. Use the update-source command to bind the session to the correct interface.