Date: Tue, 29 Apr 2008 12:11:03 -0700 From: Julian Elischer <julian@elischer.org> To: Paul <paul@gtcomm.net>, FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: Multiple routing tables in action... Message-ID: <481772C7.8090300@elischer.org> In-Reply-To: <48176C65.4080600@gtcomm.net> References: <48134DDE.9010306@elischer.org> <20080429084032.GW71371@stlux503.dsto.defence.gov.au> <48175793.30606@elischer.org> <48175B91.1010202@gtcomm.net> <481766A2.7040809@elischer.org> <48176C65.4080600@gtcomm.net>
next in thread | previous in thread | raw e-mail | index | archive | help
-net added to broaden the conversation Paul wrote: > The routing daemons run linked separate instances and create their own > RIB. Take a look at Cisco's VRF implementation. You can even have > interfaces assigned to the other routing instance so you could have > em0.001 on routing instance 1 and em0.002 on routing instance 2 and > without using any policies or firewall rules it would know that > everything coming on em0.002 uses the #2 instance and routes > accordingly. Same with Juniper. that's coming.. have patience.. we will have vimage (check google) plus multiple FIBS in each vimage.. for now use a firewall classifier. > Then you can export RIB entries , say > you have 5 BGP peers and you want to export 2 or 3 or all of them into > the 'main' routing instance you can set up a policy to add those learned > routes into the main instance and v-v. > Linux behaves a little bit differently as you have to make an 'ip rule' > entry for it but it doesn't use the firewall. for now this code asks you to use a firewall to classify incoming packets.. e.g. 100 setfib 2 ip from any to any in recv em0 > > I wish FreeBSD made a routing daemon that had total interactivity > between the OS and daemon which would be great.. Quagga is good but the > interaction is very annoying. Quagga has no idea what is going on on the > kernel level and the kernel has no idea what is going on with quagga. I'm not a routing daemon expert.. > Ex: if I add or remove a route from the kernel using 'route' command it > does not remove it in quagga. Would be great to have a BGP/OSPF combo > integrated into the kernel somehow. Sounds like Quagga needs to be made aware of routing events by listening for them on routing sockets. They are available. [chop] > I have need for > many many gigabit firewalls to put in front of many servers and the cost > for the hardware firewall devices is way too much to deploy in the > quantity that I need :/ > > Paul > If you have a roadmap, then get involved.. :-) We need end user quidance on some of this stuff.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?481772C7.8090300>