The BGP Community Services Plugin allows the 128T router to create services based on the community strings of prefixes learned via BGP from remote routers. The plugin allows you to configure a profile containing mappings of application names to community strings. A router can be assigned one profile, which will allow it to create application identification information to associate learned prefixes to application names. These application names can then be configured within a service definition in order to appropriately populate the routers FIB. The primary use case for this plugin was to identify Microsoft Office 365 application traffic for customers using ExpressRoute. However, there may be other use cases where it is desirable for prefixes identified by a BGP community string to be mapped into a service dynamically.
The instructions for installing and managing the plugin can be found here.
One or more BGP community profile objects can be configured at the authority level of the configuration. These profiles are then assigned to the individual routers.
BGP Community Services Profile Configuration
An example configuration is shown below, which shows the standard community strings for Microsoft Office 365 over ExpressRoute. The
application-name values are completely user configurable. The
bgp-community is a list object to allow for scenarios where you may want to associate multiple community strings with a single application.
In order to place prefixes learned for these applications in the FIB of a router, services must be created that reference the
application-name values chosen above. Example services that correspond to the previously configured
O365 profile are shown below.
Before the router can leverage the application identification module for BGP community services, you must assign a profile to the router as shown below.
In order for the router to use the prefix values calculated for each application, the
module MUST be enabled on the router as shown below.
When the plugin is installed on the conductor, each commit triggers a script called
generate_pillar to auto-generate pillar data for each node of each router. Please check the following locations on the conductor for debugging information.
- Logs for the pillar generation for each commit can be found here
- The actual pillar data containing mappings of application name to community strings can be found here
Router Application Identification Module Configuration
If a BGP Community Services Profile has been assigned to the router, the 128T-bgp-community-services router package should be installed on all nodes of the router via Salt. In addition, a configuration file should be generated and a symlink should be created to enable the application module.
- The configuration for the plugin module, directly generated from pillar data can be found here
- A symlink to the
bgp-community-servicesexecutible should exist as shown below
Application Identification Output
Once the application identification module is setup correctly and a configuration exists, it will begin to generate JSON data in an application module file. If this file does not exist, or if it is not being updated periodically, ensure that application-identification mode module is configured on the router.
- The application module file is located here
The contents of this file should show a JSON mapping of the user defined application names to a list of prefixes. If the module had any difficulties producing the data, it should generate an error message that can be used to help in determining the reason for the failure. The failure will also indicate which application and community string the module was processing when it encountered a failure. This may be useful in determining if the failure happened initially with the first application/community or later in the processing of the dta. Some examples are shown below.
- This error indicates that the routingManager API was not available to be queried. Please ensure the correct 128T software version is running on the router with this capability.
- This error indicates that the routingManager API was available but returned an error.
- This error indicates that routingManager did not return the expected data. Check to ensure BGP is configured correctly on the router.
- An empty result like this indicates that no match was found for the configured BGP community strings. Please check the received prefixes to ensure you are getting the communitie strings you expect.
Azure Express Route O365 Profile Definition
The output here is provided in
flat format to facilitate copy/pasting into an existing 128T conductor or router. This can be used to create a proile named
O365 which can be assigned to specific routers. It will define application-names
OtherO365 which can each be used in the
application-name field to define a service.