For this example deployment, I'll be using my NSX-T Lab as the fabric, VyOS for the Overloaded Router role, and trying out hyperglass:
Installation (VyOS)
I already have a base image for VyOS with its management VRF set up - and updating the base image prior to deployment is a breeze due to the vSphere 7 VM Template Check Out Feature.
In this case, I'll deploy to an NSX-T External Port and peer up, with fully implemented ingress filtering:
Export Filters - Permit all prefixes:
Import Filters - don't trust any prefixes from this router:
Set in the correct directions:
From here, we build the VNF, by adding the following configuration:
protocols { bgp 64932 { address-family { ipv4-unicast { maximum-paths { ebgp 4 } } ipv6-unicast { maximum-paths { ebgp 4 } } } neighbor 10.7.2.1 { remote-as 64902 } neighbor 10.7.2.2 { remote-as 64902 } neighbor x:x:x:dea::1 { address-family { ipv6-unicast { } } remote-as 64902 } neighbor x:x:x:dea::2 { address-family { ipv6-unicast { } } remote-as 64902 } timers { holdtime 12 keepalive 4 } }}
Then, let's verify that BGP is working:
vyos@vyos-lg-01:~$ show ip bgp summaryIPv4 Unicast Summary:BGP router identifier 10.7.2.254, local AS number 64932 vrf-id 0BGP table version 156RIB entries 75, using 14 KiB of memoryPeers 4, using 85 KiB of memoryNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt10.7.2.1 4 64902 278 272 0 0 0 00:11:31 40 4210.7.2.2 4 64902 16 13 0 0 0 00:00:16 39 42x:x:x:dea::1 4 64902 234 264 0 0 0 00:11:43 NoNegx:x:x:dea::2 4 64902 283 368 0 0 0 00:11:43 NoNegTotal number of neighbors 4
The VNF is configured! Now, we'll follow the application maintainer's instructions for installation: https://hyperglass.io/docs/getting-started
The documentation for install is pretty good - but some customization is still required. I built the following configuration files out - hyperglass leverages YAML as a configuration file format, examples are here. I did make some changes:
- Some combination of VyOS 1.4, MP-BGP, and/or VRF-lite changed the syntax for the BGP views around. Setting a commands file fixes this.
- VyOS driver is appending a host mask (/32, /128) on routes with no prefix specified.
This particular tool has been extremely useful to me, as NSX-T still lacks comprehensive BGP visibility without CLI access - and even if it didn't, this will provide consumers an easy way to validate that prefixes have propagated, and where.
Top comments (0)