2019-05-04

Free Range Routing


Since I discovered Docker, I have been busy designing my homelab to be as Cloud Native as possible, but in doing so, I realised that the default docker network (aka bridge) and the other networks defined by other containers from docker-compose bridge type networks isn't known by the upstream network collapsed core access layer network.

 In the past I have been adding static routes upstream and a default route on the docker host, but this was not ideal (read scalable) given the dynamic nature of docker networks created with docker-compose.

 I quickly realised that since I've developed significant experience in BGP (in service provider environments), I planned to just peer the docker host to the upstream access layer, but until now didn't know how to do this with Linux.

 I have always known about Quagga, but been a bit concerned about the learning curve required to get it working, but remembered about its fork called Free Range Routing. So I decided to make the a leap of faith and I have no regrets whatsoever.

 I was supprised at how easy it was to install and configure and to get it working which comprised of the following;

 On the Docker host;

  1. Setup the REPO
  2. Installed FRR and configred services for vtysh as per the official documentation
  3. Connected to the vtysh interface and
  4. Configured BGP and redistributed only conneted routes using route-map/prefix-list
On the upstream switch/access layer;
  1. Configured peering to FRR and squelched all but a summary route prefix-list/route-map.
Not only did I define the policies perfectly (woot!), but the neighbor came up without any issues at all!!!

My switch can now route traffic to any docker/docker-compose containers/services that are created with far less effort required to define routes to the containers as well as deleting them if no longer in use.

I am very supprised to learn that not only is it extremely easy to get FRR up and running but it is very easy to configure routing daemons/config for them especially if you have a grounding in Cisco as its vtysh is very closely matched with that of Cisco CLI - there are some slight and obvious differences to Cisco's not to mention the fact that you need to connect to the vtysh interface kind of like the root user does on a Juniper platform (cli).

Next up I need to figure out how to leverage Linux VRF namespaces using FRR vtysh, then I can migrate my infrastructure to MPLS!


Posted by DRAiNO at 21:34

Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
Google+