Date: Wed, 24 Apr 2024 10:45:13 -0700 From: Gregory Shapiro <gshapiro@freebsd.org> To: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> Cc: freebsd-net@freebsd.org Subject: Re: Source IPv4 address selection vs BGP IX connection Message-ID: <bzhhs7vguggs5tkgt7kv4qrzmty5cj2jv6njknvmdeiqbu2vmb@ljd2x2zwoe5o> In-Reply-To: <8895bb37-ccf3-48fd-877c-74c659045b23@plan-b.pwste.edu.pl> References: <xrxvyz6h3t45tfbqxag2ueqe6ocg2myxhdg7kqsbjx6czj4xeo@jqwioylxcb2c> <8895bb37-ccf3-48fd-877c-74c659045b23@plan-b.pwste.edu.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 24, 2024 at 07:10:51AM +0200, Marek Zarychta wrote: > W dniu 24.04.2024 o 04:12, Gregory Shapiro pisze: > > Short version: > > > > Using FreeBSD as a BGP router has network issues caused by suboptimal > > default IPv4 source address selection when connected to Internet > > Exchanges (which are required to use IPs that aren't routable on the > > Internet). I was hoping to find more elegant workarounds or encourage > > FreeBSD to add source IPv4 selection akin to the existing IPv6 source > > address selection (no_prefer_iface and prefer_source). > In this case, probably best solution will probably be using multiple FIBs. > Running a BGP routing daemon under not default FIB after assigning its > interface to this FIB should solve the problem but it might create > eventually new problems to solve (for example in which FIB should imported > routes be stored). Thank you for sharing the ideas. This first idea seems to negate the positive impact of multihoming and connecting to the IX for peering and additional transit. If the routes aren't usable in the default routing RIB (for downstream/LAN hosts or the router itself), then there doesn't seem to be a purpose of having multiple routes. > It's also possible to set and use non-default FIB for DNS lookups and > maintenance tasks like pkg upgrade (setfib -1 pkg ....). This approach is > probably more straightforward to conduct. Until you consider that not all work is done from the command line such that 'setfib' can proceed every command. What if cron wants to send a message with output from a cron job? What if a system service needs to connect to another host (e.g., ntpd)? Even to ssh into the system, sshd needs DNS for PTR lookups. I really think this isn't an issue with routing (and therefore can't be fixed elegantly by changing routing). It is an issue with source IP selection (one that has been addressed for IPv6, just not IPv4). I'll try to dig into how FreeBSD does source IP selection and see if I can add code to tune that process.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bzhhs7vguggs5tkgt7kv4qrzmty5cj2jv6njknvmdeiqbu2vmb>