Configuring BGP with FRR on an Equinix Metal Server

FRRouting (FRR) is a set of open source internet routing protocols, including BGP, which you can use on Equinix Metal. This is a guide for a minimum viable configuration to announce an IP address from your server via BGP.

Previous versions of this Guide covered some Equinix Metal-created starter scripts in the packethost/network-helpers GitHub repository that can help you automate the process of pulling the BGP information you need from your server's BGP metadata and writing it into the FRR configuration file.

Getting Started

If you are configuring BGP for the first time, the BGP on Equinix Metal doc contains a high-level overview of enabling and using BGP on the platform.

For the example here, we have set up Local BGP to advertise a public IPv4 address that is reserved to our Equinix Metal project: 10.99.200.138/32. Also note that in this example we configured BGP on Equinix Metal without a password.

Updating the Network Interface

SSH into your server and update the server's network interfaces with a virtual loopback interface.

cat >>/etc/network/interfaces <<EOF
auto lo:0
iface lo:0 inet static
  address 10.99.200.138
  netmask 255.255.255.255
EOF

Then bring up the interface.

ifup lo:0

Installing FRR and Enabling BGP

Then install FRR.

apt -y update && apt -y install frr

Once installed, we need to enable BGP within FRR's configuration. Open the /etc/frr/daemons file and change the bgpd=no to bgpd=yes.

Gathering Your Neighbor Information

FRR comes with a minimal configuration file that we are going to add a few things to in order to get the basic "announce an IP address" functionality going.

These things are found in your server's BGP metadata once you have enabled BGP on both your Project and your server.

To get your server's neighbor information, SSH into the server and cURL the metadata endpoint.

curl https://metadata.platformequinix.com/metadata | jq '.bgp_neighbors[0] | { customer_ip: .customer_ip, customer_as: .customer_as, multihop: .multihop, peer_ips: .peer_ips, peer_as: .peer_as }'

Which will return a blob of relevant BGP information.

{
  "customer_ip": "10.67.50.3",
  "customer_as": 65000,
  "multihop": true,
  "peer_ips": [
    "169.254.255.1",
    "169.254.255.2"
  ],
  "peer_as": 65530
}

You will also need to set up static routes in your config, so again cURL the metadata endpoint for the public IP address of the gateway to the upstream routers.

curl https://metadata.platformequinix.com/metadata | jq -r '.network.addresses[] | select(.public == true and .address_family == 4) | { gateway: .gateway }'

In response, you get your server's IPv4 gateway address.

{
    "gateway": "198.51.100.0"
}

Filling Out the FRR Configuration File

Once FRR is installed, its configuration file is found in /etc/frr/frr.conf. We have an example configuration file for you to start with.

frr defaults traditional
log syslog informational
ipv6 forwarding
service integrated-vtysh-config
!
ip route 169.254.255.1/32 198.51.100.0
ip route 169.254.255.2/32 198.51.100.0
!
router bgp 65000
 bgp ebgp-requires-policy
 neighbor V4 peer-group
 neighbor V4 remote-as 65530
 neighbor V4 ebgp-multihop 5
 neighbor 169.254.255.1 peer-group V4
 neighbor 169.254.255.2 peer-group V4
 !
 address-family ipv4 unicast
  redistribute connected
  neighbor V4 route-map IMPORT in
  neighbor V4 route-map EXPORT out
 exit-address-family
 !
route-map EXPORT deny 100
!
route-map EXPORT permit 1
 match interface lo
!
route-map IMPORT deny 1
!
line vty
!

The metadata to field mappings are as follows:

You will also need to set up static routes from your server to Metal's routers, which are the two ip route line in the config, using the gateway address we pulled from the metadata.

ip route <peer_ips_1>/32 <gateway>
ip route <peer_ips_2>/32 <gateway>

It is also important to tell FRR which network interface to work with:

route-map EXPORT permit 1
 match interface lo

Finally, check that the config looks correct, then restart FRR:

systemctl restart frr

Verifying the FRR Configuration

You can verify the BGP session by starting up the vtysh shell,

vtysh

and the show bgp summary command.

show bgp summary

The results should reflect the information in your configuration file.

IPv4 Unicast Summary (VRF default):
BGP router identifier 147.75.109.216, local AS number 65000 vrf-id 0
BGP table version 3
RIB entries 5, using 920 bytes of memory
Peers 2, using 1446 KiB of memory
Peer groups 1, using 64 bytes of memory

Neighbor        V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt Desc
169.254.255.1   4      65530         6         6        0    0    0 00:02:15            0        1 N/A
169.254.255.2   4      65530         8         7        0    0    0 00:03:15            0        1 N/A

Total number of neighbors 2

To check and see if your server is now reachable at your advertised IP address, you can ping the IP address in a command line. If you are advertising a public IPv4 or IPv6 address, then you should be able to ping from any server. If you are announcing a private IPv4 address, however, you'll have to be connected to the private network so you can only ping from a server in the same project and metro (or just the same project if you have Backend Transfer enabled.)

Wrap-Up

Once you have configured BGP on the host, Equinix Metal provides monitoring for your BGP sessions. More information is on the Monitoring BGP page.

For a different example of the same process, but using BIRD to manage the server's BGP session, we also have a Configuring BGP with BIRD on an Equinix Metal Server guide.

For those interested, FRR can also be automatically deployed via Docker. See more about deploying FRR with Docker.