From owner-freebsd-ipfw@FreeBSD.ORG Wed May 9 18:12:46 2007 Return-Path: X-Original-To: Freebsd-ipfw@freebsd.org Delivered-To: Freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 357E816A404 for ; Wed, 9 May 2007 18:12:46 +0000 (UTC) (envelope-from asstec@matik.com.br) Received: from msrv.matik.com.br (msrv.matik.com.br [200.152.83.14]) by mx1.freebsd.org (Postfix) with ESMTP id 9614413C45A for ; Wed, 9 May 2007 18:12:45 +0000 (UTC) (envelope-from asstec@matik.com.br) Received: from anb (anb.matik.com.br [200.152.83.34]) by msrv.matik.com.br (8.14.1/8.13.1) with ESMTP id l49ICTYQ029283; Wed, 9 May 2007 15:12:30 -0300 (BRT) (envelope-from asstec@matik.com.br) From: AT Matik Organization: Infomatik To: "Kirk Davis" Date: Wed, 9 May 2007 15:12:21 -0300 User-Agent: KMail/1.9.6 References: <33910a2c0705041812s2aaf0b62t785e16abc0decee6@mail.gmail.com> <200705090647.31588.asstec@matik.com.br> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200705091512.22501.asstec@matik.com.br> X-Spam-Status: No, score=-100.1 required=5.0 tests=ALL_TRUSTED,AWL, J_CHICKENPOX_44,MONOTONE_WORDS_15_2,MR_DIFF_MID,SMILEY,TW_PF,TW_WU, USER_IN_WHITELIST autolearn=no version=3.1.8 X-Spam-Checker-Version: Antispam Datacenter Matik msrv.matik.com.br X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on msrv.matik.com.br X-Virus-Status: Clean Cc: Freebsd-ipfw@freebsd.org Subject: Re: Policy Routing natd+ipfw X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 May 2007 18:12:46 -0000 On Wednesday 09 May 2007 14:05:52 Kirk Davis wrote: > > > > I do not know enough about quagga but if you really run BGP > > and quagga does > > what BGP is supposed to do I wuold say you shoudl use policy > > route-map > > filters for that purpose > > We are probably getting a little off topic for the ipfw list now ;-) > well, maybe we will be forgiven :) > BGP route-maps will not do what I need. I am not trying to change > the routes advertised to my peers (or change the incoming ones that I > receive). What I really need to virtual routing tables that I can then > control how they are updated from the BGP. Since FreeBSD only has one > core routing table then I seem to have to use the firewall rules to > modify the routes. It works but it is a kludge and doesn't scale well. > bypassing bgp with policy forwarding rules does not change route advertisin= g=20 to the bgp neighbour and vice-versa. You can do "redistribute static" if yo= u=20 are an endpoint but would not be wise eventually. Anyway the advertised=20 routes need to be announced by your bgp router upwards and not by any=20 artificial routing scenario otherwise there is no way to say that you get t= he=20 traffic back over the same route, even if you frame bgp and they go out ove= r=20 path 1 you may get them back over path 3,4,5 or any other bgp may decide. A= nd=20 that is the point at the end, bgp does the routing decision when you are=20 running bgp. So it does not matter which routing capacities your OS has=20 because it comes after bgp did it's job. Jo=E3o > I haven't played with them yet but the changes to ipfw may get me > closer to what I am looking for although ipfw probably isn't the best > place to do the full routing solution. > > ---- Kirk > > > A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br