Date: Wed, 9 May 2007 15:12:21 -0300 From: AT Matik <asstec@matik.com.br> To: "Kirk Davis" <Kirk.Davis@epsb.ca> Cc: Freebsd-ipfw@freebsd.org Subject: Re: Policy Routing natd+ipfw Message-ID: <200705091512.22501.asstec@matik.com.br> In-Reply-To: <DB9A31C316524A4A83E54A2C0D2065570240029E@Exchange24.EDU.epsb.ca> References: <33910a2c0705041812s2aaf0b62t785e16abc0decee6@mail.gmail.com> <200705090647.31588.asstec@matik.com.br> <DB9A31C316524A4A83E54A2C0D2065570240029E@Exchange24.EDU.epsb.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 09 May 2007 14:05:52 Kirk Davis wrote: > > > > I do not know enough about quagga but if you really run BGP > > and quagga does > > what BGP is supposed to do I wuold say you shoudl use policy > > route-map > > filters for that purpose > > We are probably getting a little off topic for the ipfw list now ;-) > well, maybe we will be forgiven :) > BGP route-maps will not do what I need. I am not trying to change > the routes advertised to my peers (or change the incoming ones that I > receive). What I really need to virtual routing tables that I can then > control how they are updated from the BGP. Since FreeBSD only has one > core routing table then I seem to have to use the firewall rules to > modify the routes. It works but it is a kludge and doesn't scale well. > bypassing bgp with policy forwarding rules does not change route advertising to the bgp neighbour and vice-versa. You can do "redistribute static" if you are an endpoint but would not be wise eventually. Anyway the advertised routes need to be announced by your bgp router upwards and not by any artificial routing scenario otherwise there is no way to say that you get the traffic back over the same route, even if you frame bgp and they go out over path 1 you may get them back over path 3,4,5 or any other bgp may decide. And that is the point at the end, bgp does the routing decision when you are running bgp. So it does not matter which routing capacities your OS has because it comes after bgp did it's job. Joćo > I haven't played with them yet but the changes to ipfw may get me > closer to what I am looking for although ipfw probably isn't the best > place to do the full routing solution. > > ---- Kirk > > > A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705091512.22501.asstec>