On Tue, Feb 16, 2016 at 09:39:37AM +0000, Rohrmann Sascha wrote:
Hi,
I have 4 routers: ISP1 ISP2 l l A1 A2 l------------------l B1 B2
A1 is directly connected to its' on ISP and A2 is directly connected to its' own ISP, too. A1 and A2 are performing eBGP, iBGP and OSPF. I already configured all protocols and distributed the default gateway (A{1,2}) for B{1,2}. For that I created a 0.0.0.0/0 route in the static section of A{1,2} and filtered it out in the BGP-, OSPF-, and Kernel-table of A{1,2}:
import filter { if net = 0.0.0.0/0 then reject; accept}; export all;
So, basicly A{1,2} should throw this default-route only in OSPF and they should not have the default-route in their own routing-table. But, unfortunately, A{1,2} actually do have this route in their table.
Hi Well it is hard to say where is a problem without the configuration. Don't you swap import/export statements? For example, kernel protocol should have 'export filter { if net = 0.0.0.0/0 then reject; accept};' if you do not want to export default route to it. Or you could just have default reject/unreachable route, like in this example: https://gitlab.labs.nic.cz/labs/bird/wikis/BGP_example_2 Generally, it is a good question what are best practices for configuring BGP border routers on Linux/BIRD. There is an interesting idea to use two separate kernel routing tables, one for internal routes and one for external/BGP routes, just for the sake of clarity.
How do I have to configure my protocols so that A{1,2} do not show this behavior? In my understandings, routers like A{1,2} should not have a default-route in their routing-table...
My 2nd desire is the following: A{1,2} should throw the default-route in the OSPF area <only> if the BGP adjacency is reachable and the BGP peer is formed (BGP state should be established). Is this desire realizable with bird only?
No, that is not possible. Unless you convince your ISPs to send you also a default route through the BGP and use it to redistribute it to OSPF. But it is not a big problem - the router with BGP session down already has external routes from IBGP, so the traffic will be directed to the other border router. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."