When I use BGP technology, the virtual machine cannot connect to external gateways and networks

dong.zhaonan · June 6, 2024, 9:21am

When I set the configuration of a bridge network as follows:

incus network show dzn-test
config:
  bgp.peers.myfrr.address: 192.168.1.27
  bgp.peers.myfrr.asn: "398765"
  ipv4.address: 10.1.22.1/24
  ipv4.nat: "false"
  ipv6.address: fd42:fa1e:7602:e69e::1/64
  ipv6.nat: "true"
description: ""
name: dzn-test
type: bridge
used_by:
- /1.0/instances/dzn-bri
managed: true
status: Created
locations:
- hci01

The key attributes are ipv.nat=false,in which the virtual machine can access the host, but cannot access the host gateway 192.168.1.1 and www.google.com.
1717665457402

The reason why I set ipv4.nat=false is to use Incus’s BGP technology,here are the settings for my incus cluster
1717665648591

stgraber · June 6, 2024, 5:15pm

What does FRR see as far as received routes?

dong.zhaonan · June 7, 2024, 2:00am

This is my FRR configuration:

1717725381652

This is my FRR received routes:

This is my FRR ip routes:

1717725535258

stgraber · June 7, 2024, 4:53am

Cant the frr system ping 10.1.22.1?

dong.zhaonan · June 7, 2024, 5:52am

Of course, the FRR system can ping 10.1.22.1, as well as ping the addresses of virtual machines such as 10.1.22.244

stgraber · June 7, 2024, 4:59pm

Okay, so things are working as intended then.

Incus is advertising its network to your FRR router, that router received the route and properly put it in its routing table, allowing it to reach the instances running on Incus.

It sounds like your FRR router isn’t your primary router though, as that is at 192.168.1.27 whereas your primary router likely is at 192.168.1.1.

So your problem seems to be that your primary router itself isn’t aware of that 10.1.22.0/24 subnet and how to route to it, which is then why your VMs can properly interact with their host as well as with 192.168.1.27 but not with 192.168.1.1 or anything behind it (the global internet).

dong.zhaonan · June 11, 2024, 6:24am

How should I set up or have any method to enable my VMs to communicate with 192.168.1.1 or anything behind it (the global internet)?

stgraber · June 11, 2024, 1:35pm

Well, normally you’d want your router to run BGP so it can receive the routes.

If that’s not an option, then the whole BGP thing isn’t all that useful to you as you’d need to put a static route in place on your router.

dong.zhaonan · June 12, 2024, 1:52am

Do you mean that I should add static routing on the main router of 192.168.1.1 or the BGP router of 192.168.1.27?

stgraber · June 12, 2024, 1:58am

The main router.

Your BGP router doesn’t do anything as far as I can tell.
It does receive the routes from Incus but because it’s not the actual router for your network, it knowing the route to Incus doesn’t really do anything. You need your actual router to know how to route to Incus.