UniFi UDM Pro – BGP Configuration
I recently upgraded my home network with a UniFi UDM Pro router. These have only just been updated with support for BGP, so it’s now a really nice fit for my use case.
The documentation around BGP is pretty light at the moment, and it doesn’t feel “fully” integrated to the UniFi management suite. I assume that this will mature and improve over time.
To get this working, we need to create a configuration file to upload to the UDM that contains all the settings. Once complete it doesn’t really give us any indication if it’s working as expected so this might take some trial and error.
My home network looks like the below. This example covers the peering between AS 64900 (Home Networks) to AS 65000 (Lab Networks)
The BGP Peering VLAN has been created on the UDM as follows.
This gives us the dedicated IP on the UDM to peer the VyOS routers to.
eth0 on both VyOS Core routers are then connected to VLAN 999, and configured with IPs 172.16.0.2 and 172.16.0.3 respectively.
UDM Config File
router bgp 64900
bgp router-id 172.16.0.1
timers bgp 4 12
redistribute connected
neighbor vyos-core peer-group
neighbor vyos-core remote-as 65000
neighbor vyos-core default-originate
neighbor 172.16.0.2 peer-group vyos-core
neighbor 172.16.0.3 peer-group vyos-core
no bgp network import-check
no bgp ebgp-requires-policy
address-family ipv4 unicast
neighbor vyos-core activate
neighbor vyos-core send-community all
neighbor vyos-core soft-reconfiguration inboundNote: I had some issues where no routes were being exchanged with peers. This was because I was missing the line “no bgp ebgp-requires-policy” which will block routes unless you configure specific policies to enable them. This would be much more important in production networks, but since this is just a lab, I don’t really care.
VyOS BGP Core Configs
set protocols bgp system-as '65000'
set protocols bgp timers holdtime '12'
set protocols bgp timers keepalive '4'
set protocols bgp address-family ipv4-unicast redistribute connected
set protocols bgp neighbor 172.16.0.1 address-family ipv4-unicast
set protocols bgp neighbor 172.16.0.1 remote-as '64900'
I’m not sure how to verify connectivity from the UDM side yet, but we can check if the BGP sessions are established from the VyOS side:
vyos@lab-gateway-01:~$ show ip bgp neighbors 172.16.0.1
BGP neighbor is 172.16.0.1, remote AS 64900, local AS 65000, external link
Local Role: undefined
Remote Role: undefined
Hostname: Dream-Machine-Pro
BGP version 4, remote router ID 172.16.0.1, local router ID 192.168.202.2
BGP state = Established, up for 2d01h32m
Last read 00:00:02, Last write 00:00:01
Hold time is 12 seconds, keepalive interval is 4 seconds
Configured hold time is 12 seconds, keepalive interval is 4 seconds
Configured tcp-mss is 0, synced tcp-mss is 1448
Configured conditional advertisements interval is 60 seconds
...