From owner-freebsd-net@FreeBSD.ORG Tue Apr 29 19:11:03 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 688A0106566B for ; Tue, 29 Apr 2008 19:11:03 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outM.internet-mail-service.net (outm.internet-mail-service.net [216.240.47.236]) by mx1.freebsd.org (Postfix) with ESMTP id 4DE8F8FC31 for ; Tue, 29 Apr 2008 19:11:03 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP; Tue, 29 Apr 2008 17:26:51 -0700 Received: from julian-mac.elischer.org (localhost [127.0.0.1]) by idiom.com (Postfix) with ESMTP id 1DABB2D6006; Tue, 29 Apr 2008 12:11:02 -0700 (PDT) Message-ID: <481772C7.8090300@elischer.org> Date: Tue, 29 Apr 2008 12:11:03 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.12 (Macintosh/20080213) MIME-Version: 1.0 To: Paul , FreeBSD Net References: <48134DDE.9010306@elischer.org> <20080429084032.GW71371@stlux503.dsto.defence.gov.au> <48175793.30606@elischer.org> <48175B91.1010202@gtcomm.net> <481766A2.7040809@elischer.org> <48176C65.4080600@gtcomm.net> In-Reply-To: <48176C65.4080600@gtcomm.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: Multiple routing tables in action... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Apr 2008 19:11:03 -0000 -net added to broaden the conversation Paul wrote: > The routing daemons run linked separate instances and create their own > RIB. Take a look at Cisco's VRF implementation. You can even have > interfaces assigned to the other routing instance so you could have > em0.001 on routing instance 1 and em0.002 on routing instance 2 and > without using any policies or firewall rules it would know that > everything coming on em0.002 uses the #2 instance and routes > accordingly. Same with Juniper. that's coming.. have patience.. we will have vimage (check google) plus multiple FIBS in each vimage.. for now use a firewall classifier. > Then you can export RIB entries , say > you have 5 BGP peers and you want to export 2 or 3 or all of them into > the 'main' routing instance you can set up a policy to add those learned > routes into the main instance and v-v. > Linux behaves a little bit differently as you have to make an 'ip rule' > entry for it but it doesn't use the firewall. for now this code asks you to use a firewall to classify incoming packets.. e.g. 100 setfib 2 ip from any to any in recv em0 > > I wish FreeBSD made a routing daemon that had total interactivity > between the OS and daemon which would be great.. Quagga is good but the > interaction is very annoying. Quagga has no idea what is going on on the > kernel level and the kernel has no idea what is going on with quagga. I'm not a routing daemon expert.. > Ex: if I add or remove a route from the kernel using 'route' command it > does not remove it in quagga. Would be great to have a BGP/OSPF combo > integrated into the kernel somehow. Sounds like Quagga needs to be made aware of routing events by listening for them on routing sockets. They are available. [chop] > I have need for > many many gigabit firewalls to put in front of many servers and the cost > for the hardware firewall devices is way too much to deploy in the > quantity that I need :/ > > Paul > If you have a roadmap, then get involved.. :-) We need end user quidance on some of this stuff.