Multiple Table interface Problem

Stefano Bonino stefano.bonino at lepida.it
Thu Nov 22 14:10:45 CET 2012


Dear all,
we have some problem trying to attach an interface to a particular routing
table.

We have created the routing table 60  in the kernel here

*
odorizzi at vpn1:~$ cat /etc/iproute2/rt_tables
#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
#1      inr.ruhep
60      auslre
*
we have sync the bird configuration as reported

# Turn on global debugging of all protocols
#debug protocols all;

# The direct protocol automatically generates device routes to
# all network interfaces. Can exist in as many instances as you wish
# if you want to populate multiple routing tables with device routes.
protocol direct {
    interface "-vlan*", "-eth1", "-eth2","eth0";
}
protocol direct {
    table auslre;
#    interface "vlan60";
    interface "eth1", "eth2";
}

# This pseudo-protocol performs synchronization between BIRD's routing
# tables and the kernel. If your kernel supports multiple routing tables
# (as Linux 2.2.x does), you can run multiple instances of the kernel
# protocol and synchronize different kernel tables with different BIRD
tables.
protocol kernel {
    learn;            # Learn all alien routes from the kernel
    persist;        # Don't remove routes on bird shutdown
    scan time 20;        # Scan kernel routing table every 20 seconds
    import all;        # Default is import all
    export all;        # Default is export none
#    kernel table 32367;    # Kernel table to synchronize with (default:
main)
}
protocol kernel {
    learn;            # Learn all alien routes from the kernel
    persist;        # Don't remove routes on bird shutdown
    scan time 20;        # Scan kernel routing table every 20 seconds
    import all;        # Default is import all
    export all;        # Default is export none
    kernel table 60;    # Kernel table to synchronize with (default: main)
    table auslre;
}

# This pseudo-protocol watches all interface up/down events.
protocol device {
    scan time 10;        # Scan interfaces every 10 seconds
        table auslre;
        primary "eth1" 192.168.0.1;
        primary 192.168.0.0/30;
        primary "eth2" 172.16.0.1;
        primary 172.16.0.0/30;
}



# Static routes (again, there can be multiple instances, so that you
# can disable/enable various groups of static routes on the fly).
protocol static {
#    disabled;        # Disable by default
    table auslre;        # Connect to a non-default table
    preference 1000;    # Default preference of routes
    debug { states, routes, filters, interfaces, events, packets };
    debug all;
    route 0.0.0.0/0 via 192.168.0.2;
#    route 198.51.100.0/25 reject;
#    route 10.0.0.0/8 reject;
#    route 10.1.1.0:255.255.255.0 via 198.51.100.3;
#    route 10.1.2.0:255.255.255.0 via 198.51.100.3;
#    route 10.1.3.0:255.255.255.0 via 198.51.100.4;
#    route 10.2.0.0/24 via "vlan60";
}

#protocol static {
#    debug { states, routes, filters, interfaces, events, packets };
#    debug all;
#    route 0.0.0.0/0 via 195.62.186.254;
#}


# Pipe protocol connects two routing tables... Beware of loops.
#protocol pipe {
#    peer table auslre;
# Define what routes do we export to this protocol / import from it.
#    import all;        # default is all
#    export all;        # default is none
#    import none;        # If you wish to disable imports
#    import filter test_filter;        # Use named filter
#    import where source = RTS_DEVICE;    # Use explicit filter
#}

# RIP aka Rest In Pieces...
#protocol rip MyRIP {    # You can also use an explicit name
#    preference xyzzy;
#    debug all;
#    port 1520;
#    period 7;
#    infinity 16;
#    garbage time 60;
#    interface "*" { mode broadcast; };
#    honor neighbor;        # To whom do we agree to send the routing table
#    honor always;
#    honor never;
#    passwords {
#        password "nazdar";
#    };
#    authentication none;
#    import filter { print "importing"; accept; };
#    export filter { print "exporting"; accept; };
#}

protocol ospf ospf_test {
    tick 2;
    rfc1583compat yes;
    area 0.0.0.0 {
        stub no;
        networks {195.62.186.128/25;
        };
        interface "eth0" {
            type pointopoint;
            authentication none;
            neighbors {
                195.62.186.184 eligible;
            };
        };
    };
}

protocol ospf ospf_auslre {
    tick 2;
    table auslre;
    rfc1583compat yes;
    area 0.0.0.0 {
        stub no;
        networks {192.168.0.0/30;
        };
        interface "eth1" {
#            hello 9;
#            retransmit 6;
#            cost 10;
#            transmit delay 5;
#            dead count 5;
#            wait 50;
#            type broadcast;
            type pointopoint;
            authentication none;
#            password "pass";
            neighbors {
                192.168.0.2 eligible;
#                10.1.1.4;
            };
        };

        interface "eth2" {
             type pointopoint;
            authentication none;
        };
#        interface "arc0" {
#            rx buffer large;
#            type nonbroadcast;
#            poll 14;
#            dead 75;
#            neighbors {
#                10.1.1.2 eligible;
#                10.1.1.4;
#            };
#            strict nonbroadcast yes;
#        };
#        interface "xxx0" {
#                       passwords {
#                password "abc" {
#                    id 1;
#                    generate to "22-04-2003 11:00:06";
#                    accept to "17-01-2004 12:01:05";
#                };
#                password "def" {
#                    id 2;
#                    generate from "22-04-2003 11:00:07";
#                    accept from "17-01-2003 12:01:05";
#                };
#            };
#                       authentication cryptographic;
#        };
    };
#    area 20 {
#        stub 1;
#        interface "ppp1" {
#            hello 8;
#            authentication none;
#        };
#               interface "fr*";
#               virtual link 192.168.0.1 {
#                       password "sdsdffsdfg";
#                       authentication cryptographic;
#               };
#    };
}


#protocol bgp {
#    disabled;
#    description "My BGP uplink";
#    local as 65000;
#    neighbor 198.51.100.130 as 64496;
#    multihop;
#    hold time 240;
#    startup hold time 240;
#    connect retry time 120;
#    keepalive time 80;    # defaults to hold time / 3
#    start delay time 5;    # How long do we wait before initial connect
#    error wait time 60, 300;# Minimum and maximum time we wait after an
error (when consecutive
#                # errors occur, we increase the delay exponentially ...
#    error forget time 300;    # ... until this timeout expires)
#    disable after error;    # Disable the protocol automatically when an
error occurs
#    next hop self;        # Disable next hop processing and always
advertise our local address as nexthop
#    path metric 1;        # Prefer routes with shorter paths (like Cisco
does)
#    default bgp_med 0;    # MED value we use for comparison when none is
defined
#    default bgp_local_pref 0;    # The same for local preference
#    source address 198.51.100.14;    # What local address we use for the
TCP connection
#    password "secret";    # Password used for MD5 authentication
#    rr client;        # I am a route reflector and the neighor is my client
#    rr cluster id 1.0.0.1;    # Use this value for cluster id instead of
my router id
#    export where source=RTS_STATIC;
#    export filter {
#        if source = RTS_STATIC then {
#            bgp_community = -empty-; bgp_community =
add(bgp_community,(65000,5678));
#            bgp_origin = 0;
#            bgp_community = -empty-; bgp_community.add((65000,5678));
#            if (65000,64501) ~ bgp_community then
#                bgp_community.add((0, 1));
#            if bgp_path ~ [= 65000 =] then
#                bgp_path.prepend(65000);
#            accept;
#        }
#        reject;
#    };
#}


but we cannot see that interface inside that routing  table.



we tried to force the traffic from/to that interface going to the right
table as reported but without effect.
*
*
*root at vpn1:~# ip rule show*
*0:      from all lookup local *
*32764:  from all oif eth1 lookup auslre *
*32765:  from all iif eth1 lookup auslre *
*32766:  from all lookup main *
*32767:  from all lookup default*
* *


Do you have any idea how to solve that? Probably we are struggling with the
wrong  configuration file bird.conf and we are not able to attached
correctly an interface to a specific routing table.

Thank you very much guys

Bye

Stefano
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20121122/4746c7a4/attachment.html>


More information about the Bird-users mailing list