New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
GRE/BGP
NetBizPartner
Member
in General
HI, could anyone help me asap? whats the purpose of having BGP with gre?
for example, if my peer address is x.x.x.x can anyone explain and give me some kind of sample configuration??
Thanks in advance
Comments
What?
I mean there is a requirement to set up bgp with gre, seperately i know how to setup gre or bgp neighborship, but do not know whats the purpose of using them together and how it should be done
You could announce at the end point of GRE your BGP sessions as a way to funnel your IP spaces traffic over a GRE. It is commonly used in DDOS protection, or other times when you quickly need to swap your IP spaces traffic through a different provider or network segments.
interface loopback 0
interface tunel0
ip address 1.1.1.1 255.255.255.252
tunnel source 2.2.2.2
tunnel destination 3.3.3.3
router bgp 7
neighbor 3.3.3.3 remote AS 8
network 2.2.2.0 mask 255.255.255.0
in this example how can i put gre in bgp? can u tell me this? and how does gre in bgp protects from ddos?
It doesn't. You would been peering with a provider that had DDOS protection in that example, and that way you are gaining protection for the ip space you have announced with them.
so to make it step by step:
I'm setting up gre:
interface loopback 0
ip address 2.2.2.2 255.25.255.0
interface tunel0
ip address 1.1.1.1 255.255.255.252
tunnel source 2.2.2.2
tunnel destination 3.3.3.3
and prior setting up bgp, I routing neighbors peer addres is known via that tunnel right?
ip route 4.4.4.4 255.255.255.255 tunel0
rougre bgp 7
neighbor 4.4.4.4 remote as 8
am i correct?
thank u so much for you time.
u are really helpful:-)
and is it ok to use same ip address for peering and for tunnel source?
in my case 2.2.2.2 ?
And is it okay for such people to play with real BGP? I you want to seriously setup a GRE tunnel and speak BGP to some other provider offering DDoS protection, then you really should know what you are doing. Sorry, I do not want to offend anybody, but this sounds a little bit scary to me..
If in doubt, please ask your provider. If you are going to establish a BGP peering, you will have to agree on certain conditions. One possible scenario could be setting up GRE over public internet, assigning some (other) IPs to your virtual GRE interface, and then establish a BGP peering through the GRE tunnel. This way you could announce prefixes through the GRE tunnel to your provider who in turn forward your announcements to other providers (i.e. the internet).
why?
Worst case you announce a /0 and your ISP will filter it, else all you do is fuck your own space up - no one should give any unfiltered sessions.
Zero danger.
Your description is also... useless? I can run BGP native via internet (multihop is a thing) or am L2 to the ISP anyway so if i just want announce i tell them to route it on my damn switch port.
But so many do, or don't realise they are (negligence)...
To further re-iterate others BGP does not provide DDoS protection, it is however a useful routing protocol
Sure, that's why I described one possible scenario (BGP within GRE). You described another second example_ (multihop BGP over public internet). There are probably a bunch of others as well.
Well, I'd say we are all just playing some kind of guessing game here as long as we do not have a precise description of the original requirements.