Routing incoming traffic based on BGP routes

Luben Karavelov luben at bgone.net
Sat Jun 23 23:44:24 CEST 2001


On Sat, Jun 23, 2001 at 10:55:41PM +0800, Jeremy Malcolm wrote:
> I am trying to use bird to differentiate between peering traffic (which
> has a certain AS in its BGP path) and non-peering traffic.  I want to
> use a different gateway for (incoming and outgoing) peering traffic than
> I use for non-peering traffic.  I can get it to work for outgoing
You can set only the outgoing gateway for the traffic. The gw for the 
incoming traffic should be set by the peer as outgoung gw for 
your AS.

> traffic but not incoming.  My filter changes the gateway for peering and
> local outgoing traffic so that I can distinguish them from non-peering
> outgoing traffic.  I am not sure how to do a similar thing for incoming
> traffic.  How could I determine whether incoming traffic is coming from
> an address within the peering AS or from outside?  Here is my bird.conf:
>
why don't you just run 2 sessions of bgp. the peer must run also 2 sessions 
of bgp, and so the routiers must have 2 IP addresses. for example.

#default
protocol bgp default {
	local as 123;
	neighbor 1.2.3.4 as 567;
	multihop 5 via 1.2.3.10;
	source address 4.3.2.1;
	import all;
}

protocol bgp peer {
	local as  123;
	neighbor 1.2.3.5 as 567;
	multihop 5 via 1.2.3.50;
	source address 4.3.2.10;
	import filter {
		bgp_local_pref=200;
	};
	export filter {
		if bgp_path ~ /123/ then accept;
		else reject;
	}
}

and the peer must send in the second session only their networks. they must
have some similar config. 

> protocol direct {
>         interface "-eth*", "*"; # So I can manually route incoming
> }
> 
> protocol kernel {
> ...snip...
> 
> protocol device {
> ...snip...
> 
> filter waix {
> if bgp_path ~ / ? 7606 ? / then
>         {       # peering traffic
>         gw = 203.25.143.3;
>         accept;
>         }
> else
>         {       # local traffic, including incoming and my upstream
>         if bgp_path ~ / ? 7635 ? / then gw = 203.25.143.2; # This line
> # is supposed to do the trick by checking for traffic to a local
> # interface but which has my AS in it which must therefore be incoming
> # traffic from an external source.  But it doesn't seem to work...?
>         else gw = 203.25.143.3;
>         accept;
>         }
> }
> 
> protocol static {
>         route 203.25.143.0/24 via 203.25.143.254; # Local traffic
> # to local interfaces should use this route, instead of the BGP one?
> }
> 
> protocol bgp {
>         local as 7635;
>         neighbor 198.32.212.9 as 7635;
>         multihop 20 via 203.25.143.254;
>         disable after error;    # Drop back to static routing if errors
>         source address 203.25.143.1;
>         import filter waix;
> }
> 
> I'm new at this so I'm not sure what other information is needed for
> people to make suggestions, please let me know if I've left out anything
> important.  Thanks in advance for any help.
> 
> --
> Independent consulting solicitor* | _ .__ ._ _    |\/| _.| _ _ |._ _
> and technology consultant.**    \_|(/_|(/_| | |\/ |  |(_||(_(_)|| | |
> Personal site: http://malcolm.wattle.id.au     /   Finger for GPG key
> * http://www.ilaw.com.au ** http://www.terminus.net.au jm at ilaw.com.au

-- 
_________________________________________________________
Luben Karavelov                    [phone] +359 2 9877088
Network Administrator                     [ICQ#] 34741625
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20010624/febb3c2e/attachment-0001.asc>


More information about the Bird-users mailing list