Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 9 May 2007 15:12:21 -0300
From:      AT Matik <>
To:        "Kirk Davis" <>
Subject:   Re: Policy Routing natd+ipfw
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

On Wednesday 09 May 2007 14:05:52 Kirk Davis wrote:
> >
> > I do not know enough about quagga but if you really run BGP
> > and quagga does
> > what BGP is supposed to do I wuold say you shoudl use policy
> > route-map
> > filters for that purpose
>    We are probably getting a little off topic for the ipfw list now ;-)

well, maybe we will be forgiven :)

>    BGP route-maps will not do what I need.  I am not trying to change
> the routes advertised to my peers (or change the incoming ones that I
> receive).  What I really need to virtual routing tables that I can then
> control how they are updated from the BGP.  Since FreeBSD only has one
> core routing table then I seem to have to use the firewall rules to
> modify the routes.  It works but it is a kludge and doesn't scale well.

bypassing bgp with policy forwarding rules does not change route advertisin=
to the bgp neighbour and vice-versa. You can do "redistribute static" if yo=
are an endpoint but would not be wise eventually. Anyway the advertised=20
routes need to be announced by your bgp router upwards and not by any=20
artificial routing scenario otherwise there is no way to say that you get t=
traffic back over the same route, even if you frame bgp and they go out ove=
path 1 you may get them back over path 3,4,5 or any other bgp may decide. A=
that is the point at the end, bgp does the routing decision when you are=20
running bgp. So it does not matter which routing capacities your OS has=20
because it comes after bgp did it's job.


>    I haven't played with them yet but the changes to ipfw may get me
> closer to what I am looking for although ipfw probably isn't the best
> place to do the full routing solution.
> ---- Kirk

A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura.
Service fornecido pelo Datacenter Matik

Want to link to this message? Use this URL: <>