Add ip rule support
Ondrej Zajicek
santiago at crfreenet.org
Mon May 2 19:47:22 CEST 2022
On Mon, May 02, 2022 at 05:06:48PM +0800, Huiyuze Zhi wrote:
> Hi there,
> I'm having some issues with using bird2 to carry downstream. I have
> two different types of upstream. One can take downstream and the other
> cannot. I use bgp_large_community (141011, 3, xxx) to mark every prefix
> from upstream which can taken downstream and I sent those prefixes to my
> downstream. But when my upstream(which can take downstream) and upstream(which
> cannot take downstream) sent the same prefix, bgp_large_community ~
> [(141011, 3 *)] then accept would filter both prefixes since they have the
> same destination.
>
> For example,one has BGP.large_community (141011, 3, 27000) and other not.So
> this prefix would be filtered, but I don't want it happens.
Hi
You can define downstream specific routing table (in BIRD)
ipv6 table down6;
and define pipe to connect it with master6 table:
protocol pipe {
table master6;
peer table down6;
import all;
export where <condition selecting the proper upstream>;
}
As the pipe handles all routes, not just the best ones, it will propagate
all routes from the upstream(which can take downstream) tho the second table.
> In addition, if I successfully export the prefixes that come
> from upstream
> can take downstream. When packages go through the kernel, they may also go
> through upstreamthat cannot take downstream.
> My idea is to let two different types of prefixes in different route
> tables. Table 100(All routing tables from BGP)and Table 101 (Only from Tier
> 1 ISP and can carry downstream routing table) and use IP rule command let
> ever prefixes that my downstream export to me via table 101. But there are
> so many prefixes so I do it by manual is impossible. and it seems bird2
> doesn't support ip rule.
Yes, you can connect kernel protocol to the second bird table and feed the
kernel table 101.
You are right, bird2 does not support ip role. But if you have many
prefixes from downstream, then putting them all as separate ip rules
would be unreasonable anyways, ip rules are processed sequentially and
would be slow with many rules (i do not know whether ip sets are allowed
in ip rules or they are allowed just in netfilter).
You have to mark them based on some other criteria than src IP, perhaps iface,
if downstream and upstream are on the same router?
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list