routing using kernel fibs

Angel angel at bitnap.net
Mon May 30 19:28:08 CEST 2016


Hello Alex,

Thanks, so what we will do is configure one vlan interface for each ospf protocol, so they could use different kernel tables.


How could we configure becuase:


ospf1 with vlan igb1.1 use kernel 1?
ospf2 with vlan igb1.2 use kernel 2?
ospf3 with vlan igb1.3 use kernel 3?




We have to configure only igb1.x interfaces on each kernel table or we have to configure ix0 (carriers bgp interface) on every of them?


So, we want to get following picture:


 OSPF1 --> igb1.1 --> kernel1 --> ix0 --> internet
 OSPF2 --> igb1.2 --> kernel2 --> ix0 --> internet
 OSPF3 --> igb1.3 --> kernel3 --> ix0 --> internet


And kernel1, kernel2, kernel3 are diferrent.


Regards,

-----Mensaje original----- 
> De: "Alex Bligh" <alex at alex.org.uk> 
> A: Angel <angel at bitnap.net> 
> Cc: "Alex Bligh" <alex at alex.org.uk>, bird-users at network.cz 
> Fecha: 30-05-2016 10:36 
> Asunto: Re: routing using kernel fibs 
> 
> On 27 May 2016, at 18:14, Angel <angel at bitnap.net> wrote:
> 
> > We have two fullrouting bgp carriers, some bgp members and some ospf members.
> > 
> > To isolate OSPF members we want to use kernel fibs. But we do not understand how it works. 
> > What we need is a diferent table for each ospf member, so for example ospf1member will use carrier1 routes, and ospf2member will use carrier2 routes. 
> 
> Are you trying to get the OSPF members to talk to each other, or are you trying to get the OSPF members not to talk to each other?
> 
> Within any one given OSPF process, all OSPF speakers should receive the same set of link states (what OSPF advertises) [1]. Filtering link states will not work as the protocol assumes the link state database is the same everywhere. Moreover link states are not routes. You can in theory filter link states between the OSPF RIB and the kernel FIB without breaking the OSPF process, but it is likely to break forwarding unless you are careful.
> 
> So, within one OSPF process in general you will have no filtering (none of link states, and probably none of routes). You can filter how you wish between OSPF processes (each being a protocol within bird). You should ensure (ospf authentication is a good way to do this) the processes don't talk to each other and accidentally join.
> 
> I *think* what you are trying to do is run one IGP (OSPF) with one upstream BGP speaker, and a completely separate IGP (a different OSPF process) with another BGP speaker, and have these talk to two kernel FIBs, rather like 2 separate VRFs on Cisco. Not only do you need to inject OSPF routes from each process into a different kernel FIB, but you are are also running 2 OSPF processes on the same interface and need to have both interfaces deal with it, but also (and here's the killer) you need some way to get inbound traffic to route using the correct kernel FIB. That's going to be really hard (funkiness with ToS bits aside).
> 
> Instead, you want to make subinterfaces / VLAN interfaces / whatever for each process, and attach those to each kernel routing table. Then run only one OSPF process on each interface. Authentication is still a good idea. Whenever I've done this I've run bird in a separate network container (unshare -n) but with separate interfaces, and separate FIBs, this should theoretically work.
> 
> [1] - An oversimplification in stub areas and NSSA but ignore that complication for now as they are nothing to do with what you are asking.
> 
> -- 
> Alex Bligh




More information about the Bird-users mailing list