Re: Multiple routing tables in action...

Tue, 29 Apr 2008 12:11:50 -0700 

-net added to broaden the conversation

Paul wrote:
The routing daemons run linked separate instances and create their own RIB. Take a look at Cisco's VRF implementation. You can even have interfaces assigned to the other routing instance so you could have em0.001 on routing instance 1 and em0.002 on routing instance 2 and without using any policies or firewall rules it would know that everything coming on em0.002 uses the #2 instance and routes accordingly. Same with Juniper. 

that's coming.. have patience.. we will have vimage (check google)
plus multiple FIBS in each vimage..  for now use a firewall
classifier.




Then you can export RIB entries , say 
you have 5 BGP peers and you want to export 2 or 3 or all of them into 
the 'main' routing instance you can set up a policy to add those learned 
routes into the main instance and v-v.
Linux behaves a little bit differently as you have to make an 'ip rule' 
entry for it but it doesn't use the firewall.



for now this code asks you to use a firewall to classify incoming 
packets..


e.g.
100 setfib 2 ip from any to any in recv em0




I wish FreeBSD made a routing daemon that had total interactivity 
between the OS and daemon which would be great.. Quagga is good but the 
interaction is very annoying. Quagga has no idea what is going on on the 
kernel level and the kernel has no idea what is going on with quagga.   


I'm not a routing daemon expert..


Ex: if I add or remove a route from the kernel using 'route' command it 
does not remove it in quagga.   Would be great to have a BGP/OSPF combo 
integrated into the kernel somehow.



Sounds like Quagga needs to be made aware of routing events by 
listening for them on routing sockets. They are available.


[chop]


 I have need for

many many gigabit firewalls to put in front of many servers and the cost 
for the hardware firewall devices is way too much to deploy in the 
quantity that I need :/


Paul



If you have a roadmap, then get involved..  :-)
We need end user quidance on some of this stuff.


_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"






















					Reply via email to