I am trying to use bird to differentiate between peering traffic (which has a certain AS in its BGP path) and non-peering traffic. I want to use a different gateway for (incoming and outgoing) peering traffic than I use for non-peering traffic. I can get it to work for outgoing traffic but not incoming. My filter changes the gateway for peering and local outgoing traffic so that I can distinguish them from non-peering outgoing traffic. I am not sure how to do a similar thing for incoming traffic. How could I determine whether incoming traffic is coming from an address within the peering AS or from outside? Here is my bird.conf: protocol direct { interface "-eth*", "*"; # So I can manually route incoming } protocol kernel { ...snip... protocol device { ...snip... filter waix { if bgp_path ~ / ? 7606 ? / then { # peering traffic gw = 203.25.143.3; accept; } else { # local traffic, including incoming and my upstream if bgp_path ~ / ? 7635 ? / then gw = 203.25.143.2; # This line # is supposed to do the trick by checking for traffic to a local # interface but which has my AS in it which must therefore be incoming # traffic from an external source. But it doesn't seem to work...? else gw = 203.25.143.3; accept; } } protocol static { route 203.25.143.0/24 via 203.25.143.254; # Local traffic # to local interfaces should use this route, instead of the BGP one? } protocol bgp { local as 7635; neighbor 198.32.212.9 as 7635; multihop 20 via 203.25.143.254; disable after error; # Drop back to static routing if errors source address 203.25.143.1; import filter waix; } I'm new at this so I'm not sure what other information is needed for people to make suggestions, please let me know if I've left out anything important. Thanks in advance for any help. -- Independent consulting solicitor* | _ .__ ._ _ |\/| _.| _ _ |._ _ and technology consultant.** \_|(/_|(/_| | |\/ | |(_||(_(_)|| | | Personal site: http://malcolm.wattle.id.au / Finger for GPG key * http://www.ilaw.com.au ** http://www.terminus.net.au jm@ilaw.com.au
On Sat, Jun 23, 2001 at 10:55:41PM +0800, Jeremy Malcolm wrote:
I am trying to use bird to differentiate between peering traffic (which has a certain AS in its BGP path) and non-peering traffic. I want to use a different gateway for (incoming and outgoing) peering traffic than I use for non-peering traffic. I can get it to work for outgoing You can set only the outgoing gateway for the traffic. The gw for the incoming traffic should be set by the peer as outgoung gw for your AS.
traffic but not incoming. My filter changes the gateway for peering and local outgoing traffic so that I can distinguish them from non-peering outgoing traffic. I am not sure how to do a similar thing for incoming traffic. How could I determine whether incoming traffic is coming from an address within the peering AS or from outside? Here is my bird.conf:
why don't you just run 2 sessions of bgp. the peer must run also 2 sessions of bgp, and so the routiers must have 2 IP addresses. for example. #default protocol bgp default { local as 123; neighbor 1.2.3.4 as 567; multihop 5 via 1.2.3.10; source address 4.3.2.1; import all; } protocol bgp peer { local as 123; neighbor 1.2.3.5 as 567; multihop 5 via 1.2.3.50; source address 4.3.2.10; import filter { bgp_local_pref=200; }; export filter { if bgp_path ~ /123/ then accept; else reject; } } and the peer must send in the second session only their networks. they must have some similar config.
protocol direct { interface "-eth*", "*"; # So I can manually route incoming }
protocol kernel { ...snip...
protocol device { ...snip...
filter waix { if bgp_path ~ / ? 7606 ? / then { # peering traffic gw = 203.25.143.3; accept; } else { # local traffic, including incoming and my upstream if bgp_path ~ / ? 7635 ? / then gw = 203.25.143.2; # This line # is supposed to do the trick by checking for traffic to a local # interface but which has my AS in it which must therefore be incoming # traffic from an external source. But it doesn't seem to work...? else gw = 203.25.143.3; accept; } }
protocol static { route 203.25.143.0/24 via 203.25.143.254; # Local traffic # to local interfaces should use this route, instead of the BGP one? }
protocol bgp { local as 7635; neighbor 198.32.212.9 as 7635; multihop 20 via 203.25.143.254; disable after error; # Drop back to static routing if errors source address 203.25.143.1; import filter waix; }
I'm new at this so I'm not sure what other information is needed for people to make suggestions, please let me know if I've left out anything important. Thanks in advance for any help.
-- Independent consulting solicitor* | _ .__ ._ _ |\/| _.| _ _ |._ _ and technology consultant.** \_|(/_|(/_| | |\/ | |(_||(_(_)|| | | Personal site: http://malcolm.wattle.id.au / Finger for GPG key * http://www.ilaw.com.au ** http://www.terminus.net.au jm@ilaw.com.au
-- _________________________________________________________ Luben Karavelov [phone] +359 2 9877088 Network Administrator [ICQ#] 34741625 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
participants (2)
-
Jeremy Malcolm -
Luben Karavelov