Date: Wed, 9 May 2007 15:12:21 -0300 From: AT Matik <asstec@matik.com.br> To: "Kirk Davis" <Kirk.Davis@epsb.ca> Cc: Freebsd-ipfw@freebsd.org Subject: Re: Policy Routing natd+ipfw Message-ID: <200705091512.22501.asstec@matik.com.br> In-Reply-To: <DB9A31C316524A4A83E54A2C0D2065570240029E@Exchange24.EDU.epsb.ca> References: <33910a2c0705041812s2aaf0b62t785e16abc0decee6@mail.gmail.com> <200705090647.31588.asstec@matik.com.br> <DB9A31C316524A4A83E54A2C0D2065570240029E@Exchange24.EDU.epsb.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 09 May 2007 14:05:52 Kirk Davis wrote: > > > > I do not know enough about quagga but if you really run BGP > > and quagga does > > what BGP is supposed to do I wuold say you shoudl use policy > > route-map > > filters for that purpose > > We are probably getting a little off topic for the ipfw list now ;-) > well, maybe we will be forgiven :) > BGP route-maps will not do what I need. I am not trying to change > the routes advertised to my peers (or change the incoming ones that I > receive). What I really need to virtual routing tables that I can then > control how they are updated from the BGP. Since FreeBSD only has one > core routing table then I seem to have to use the firewall rules to > modify the routes. It works but it is a kludge and doesn't scale well. > bypassing bgp with policy forwarding rules does not change route advertisin= g=20 to the bgp neighbour and vice-versa. You can do "redistribute static" if yo= u=20 are an endpoint but would not be wise eventually. Anyway the advertised=20 routes need to be announced by your bgp router upwards and not by any=20 artificial routing scenario otherwise there is no way to say that you get t= he=20 traffic back over the same route, even if you frame bgp and they go out ove= r=20 path 1 you may get them back over path 3,4,5 or any other bgp may decide. A= nd=20 that is the point at the end, bgp does the routing decision when you are=20 running bgp. So it does not matter which routing capacities your OS has=20 because it comes after bgp did it's job. Jo=E3o > I haven't played with them yet but the changes to ipfw may get me > closer to what I am looking for although ipfw probably isn't the best > place to do the full routing solution. > > ---- Kirk > > > A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705091512.22501.asstec>