Configuring Anycast BGP - BlueCat Integrity - 26.1.0

Address Manager Administration Guide
ft:locale
en-US
Product name
BlueCat Integrity
Version
26.1.0

How to configure Anycast BGP.

To configure Anycast BGP on a managed BlueCat DNS Server:

  1. Select the Servers tab in the sidebar, then select Servers.
  2. Select the name of a server.
  3. Select the Services tab.
  4. Under Core services, locate the Anycast service panel and select Edit service.
  5. Under General, set the following parameters:
    • Enabled—select this check box to enable Anycast service; deselect this check box to disable Anycast service.
    • Protocol—BGP service should be selected by default. If not, select BGP from the drop-down menu. Different fields become available depending on the type of protocol that you select.
    • BGP local ASN—enter the local Autonomous System Number allocated for the Autonomous System to which the DNS server belongs (by default, 64999).
    • BGP router ID —enter the IPv4 Address of the BGP router.
    • Anycast IP addresses—enter a new IPv4 or IPv6 address (without CIDR netmask/prefix) for the virtual loopback interface and select add (+). The IPv4/IPv6 address appears in the list.
      • Add additional IPv4/IPv6 loopback addresses as needed.
      • To delete an IPv4/IPv6 loopback address, select the address and click remove (X).
        Note: The Service interface (eth0) serves as the source address for BGP peering on the DNS Server. Addresses assigned to the virtual loopback interface are announced as connected networks behind eth0. While the physical Service interface must always use a unique IP address through the network, the virtual loopback interface placed behind it may reuse the same IP address at any DNS Server. Reusing the same IP on multiple servers makes such an IP address an anycast. This approach also allows load balancing between DNS servers over multiple BGP paths to the same anycast IP destination.
    • Enable BGP command line interface—selected by default, this option allows you to configure additional BGP parameters via the Telnet BGP CLI. If selected, the Telnet password to BGP command line interface option becomes available.
    • Telnet password to BGP command line interface—(available only when BGP CLI is enabled) enter the Telnet password to access the BGP command line interface (by default, bgp).
      Note: The Telnet password is case-sensitive.
    • Keep alive interval—enter a time interval that keepalive notifications are sent to the BGP peer (by default, 60 seconds).
    • Hold time interval—enter a time inverval that determines after not receiving a keepalive notification that a BGP peer is declared dead (by default, 180 seconds).
  6. On the BGP IPv4 peer tab, configure the following BGP parameters:
    • BGP remote ASN in IPv4—ASN of the remote network containing the IPv4 BGP peer (from 1—65534).
    • IPv4 address of BGP peer—IPv4 address of the BGP router peering with the Anycast DNS server.
      Note: Ensure IPv4 communication can be established between this address and the IPv4 address of the Service interface (eth0) configured on the DNS Server. The IPv4 address of the BGP Peer should be on the same subnet or routed to the IPv4 gateway on the DNS Server.
    • IPv4 hop limit to the BGP peer—number of hops (from 1 to 255) permitted from the Anycast DNS server and its closest peer via IPv4 (by default, 1).
    • MD5 authentication password in IPv4—(OPTIONAL) alphanumeric password to enable MD5 authentication in BGP communication with neighboring IPv4 routers.
      Attention: MD5 authentication password requirements

      MD5 authentication requires a case-sensitive alphanumeric password of up to a maximum of 25 characters; no spaces. The following special characters are permitted: @ - . : _ [ ] .

      MD5 authentication with Anycast BGP

      If MD5 authentication passwords are configured incorrectly, the DNS Server won't be able to establish the BGP peering session. BlueCat recommends verifying that the BGP peering session is established after configuring MD5 authentication.

    • Announce next-hop-self to IPv4 BGP peer—(Reserved for future-use) if selected, enables the DNS server to advertise its IPv4 peering address to the BGP peer as the next hop for all IPv4 routes distributed by the DNS server.
      Attention: Announce next-hop parameters reserved for future-use

      The current Anycast BGP implementation supports only a single BGP peer per address family (IPv4 and IPv6). As such, enabling the Announce next-hop parameter will have no effect on the behavior of the DNS server.

  7. On the BGP IPv6 peer tab, configure the following BGP parameters:
    • BGP remote ASN in IPv6—ASN of the remote network containing the IPv6 BGP peer (from 1—65534).
    • IPv6 address of BGP peer—(OPTIONAL) IPv6 address of the BGP router peering with the Anycast DNS server.
      Note: Ensure IPv6 communication can be established between this address and the IPv6 address of the Service interface (eth0) configured on the DNS Server. The IPv6 address of the BGP Peer should be on the same subnet or routed to the IPv6 gateway on the DNS Server.
    • IPv6 hop limit to BGP peer—(OPTIONAL) number of hops (from 1 to 255) permitted from the Anycast DNS server and its closest peer via IPv6 (by default, 1).
    • MD5 authentication password in IPv6—(OPTIONAL) alphanumeric password to enable MD5 authentication in BGP communication with neighboring IPv6 routers.
      Attention: MD5 authentication password requirements

      MD5 authentication requires a case-sensitive alphanumeric password of up to a maximum of 25 characters; no spaces. The following special characters are permitted: @ - . : _ [ ] .

      MD5 authentication with Anycast BGP

      If MD5 authentication passwords are configured incorrectly, the DNS Server won't be able to establish the BGP peering session. BlueCat recommends verifying that the BGP peering session is established after configuring MD5 authentication.

    • Announce next-hop-self to IPv6 BGP peer—(Reserved for future-use) if selected, enables the DNS server to advertise its IPv6 peering address to the BGP peer as the next hop for all IPv6 routes distributed by the DNS server.
      Attention: Announce next-hop parameters reserved for future-use

      The current Anycast BGP implementation supports only a single BGP peer per address family (IPv4 and IPv6). As such, enabling the Announce next-hop parameter will have no effect on the behavior of the DNS server.

  8. OPTIONAL: On the BGP prefix filters tab, set Anycast BGP prefix filters:
    • From the Filter type drop-down menu, select either INPUTv4, OUTPUTv4, INPUTv6, or OUTPUTv6.
    • From the Action drop-down menu, select either Permit or Deny.
    • In the Prefix field, enter the IPv4/IPv6 address and netmask/prefix <IPv4/IPv6 address/CIDR> and select Add (+). The prefix list item appears in the list.
    • To delete a prefix list, select the Remove (x) button next to a prefix list item.
    Note: Two prefix lists can be defined in Address Manager for each IPv4 or IPv6 BGP peer:
    • one prefix list to filter INPUT IPv4 routing information
    • one prefix list to filter OUTPUT IPv4 routing information
    • one prefix list to filter INPUT IPv6 routing information
    • one prefix list to filter OUTPUT IPv6 routing information
  9. Select Save.