Bird and aggregates
Hi bird list, I am thinking about this for some time now, reading documentation and all but I did not find a solution until now, so I am turining to you: Does bird (1.4.5) support aggregate routes in any way? The Scenario is as follows. I have a VPN consisting of around 20-40 ptp-links, an OSPF area that spans these links and several larger subnets that are connected to the nodes that interconnect using the named ptp links. So far so good. I would not want to interfere with the Prefixes in the OSPF. I however have a BGP-session to another network and I am exporting most of my routes to that session. I'd like to replace all the /32 routes for ptp links with the /24 they are taken from while exporting routes for that BGP session. Since it is totally irrelevant for the peer, which parts of the /24 are available, I would just like to attract traffic to the networks I manage as long as there are any contributing routes. I had several ideas on how to do that, one being an export filter that replaces every /32 with the according /24, but that would lead to a lot of /24 routes and seems to be impossible with bird since the prefix attribute is immutable. Another idea was a static route for the containing /24 that would be exported via BGP while the /32 were filtered away. That however leaves the /24 route in place even if there are no more /32 routes left. If there is a way to change that, that would be great. If anyone has any idea how to accomplish this, it would be very much appreciated. Thanks in advance, Joel /jbn -- Joel Brunenberg - Troisdorf PGP: 0xAD25981C
Hi, On 16/04/15 16:43, Joel Brunenberg wrote:
[...]
So far so good. I would not want to interfere with the Prefixes in the OSPF. I however have a BGP-session to another network and I am exporting most of my routes to that session. I'd like to replace all the /32 routes for ptp links with the /24 they are taken from while exporting routes for that BGP session.
Since it is totally irrelevant for the peer, which parts of the /24 are available, I would just like to attract traffic to the networks I manage as long as there are any contributing routes.
[...]
Another idea was a static route for the containing /24 that would be exported via BGP while the /32 were filtered away. That however leaves the /24 route in place even if there are no more /32 routes left. If there is a way to change that, that would be great.
Yes, I would suggest using a static blackhole route with the large aggregate range for the BGP connection, and also export that to your local kernel routing table to automatically drop traffic for all addresses that are currently not in use. Is there a special reason why you would want to have the /24 being removed entirely if none of the other connections is up? Hans
Hi Hans, Hi List, thank you for your clarification, On Thu, Apr 16, 2015 at 06:27:30PM +0200, Hans van Kranenburg wrote:
Hi,
On 16/04/15 16:43, Joel Brunenberg wrote:
[...]
Another idea was a static route for the containing /24 that would be exported via BGP while the /32 were filtered away. That however leaves the /24 route in place even if there are no more /32 routes left. If there is a way to change that, that would be great.
Yes, I would suggest using a static blackhole route with the large aggregate range for the BGP connection, and also export that to your local kernel routing table to automatically drop traffic for all addresses that are currently not in use.
It seems I concentrated so much on the aspect of making the appearance of the route conditional that I missed the obvious point. What you say makes total sense.
Is there a special reason why you would want to have the /24 being removed entirely if none of the other connections is up?
I would like to retract the route in the case, no contributing routes are there so traffic is no longer attracted in that case. If that is not possible, a static blackhole route would be ok, too I guess. So its correct to assume that the following things would do? * in protocol static add a blackhole route for the aggregate network * export the aggregate route to the kernel * export the aggregate route to be BGP peers with next-hop self * NO NOT export the aggreage to the OSPF areas * Be happy and dance around the table I will have a try and see if it works. If there was a way to conditionally import a specific protocol or filter on the presence of specific prefixes in the RIB that would be awesome. Thank you so far, Joel /jbn -- Joel Brunenberg - Troisdorf PGP: 0xAD25981C
Hi Joel, Announcing the /24 beside the /32s from each node isn't an option? Metric could be lowered too. Rgds, Stefan Joel Brunenberg <ml@jjim.de> schrieb am Fr., 17. Apr. 2015 00:22:
Hi Hans, Hi List,
thank you for your clarification,
On Thu, Apr 16, 2015 at 06:27:30PM +0200, Hans van Kranenburg wrote:
Hi,
On 16/04/15 16:43, Joel Brunenberg wrote:
[...]
Another idea was a static route for the containing /24 that would be exported via BGP while the /32 were filtered away. That however leaves the /24 route in place even if there are no more /32 routes left. If there is a way to change that, that would be great.
Yes, I would suggest using a static blackhole route with the large aggregate range for the BGP connection, and also export that to your local kernel routing table to automatically drop traffic for all addresses that are currently not in use.
It seems I concentrated so much on the aspect of making the appearance of the route conditional that I missed the obvious point. What you say makes total sense.
Is there a special reason why you would want to have the /24 being removed entirely if none of the other connections is up?
I would like to retract the route in the case, no contributing routes are there so traffic is no longer attracted in that case. If that is not possible, a static blackhole route would be ok, too I guess.
So its correct to assume that the following things would do?
* in protocol static add a blackhole route for the aggregate network * export the aggregate route to the kernel * export the aggregate route to be BGP peers with next-hop self * NO NOT export the aggreage to the OSPF areas * Be happy and dance around the table
I will have a try and see if it works. If there was a way to conditionally import a specific protocol or filter on the presence of specific prefixes in the RIB that would be awesome.
Thank you so far,
Joel
/jbn
-- Joel Brunenberg - Troisdorf PGP: 0xAD25981C
Hi Stefan, On Fri, Apr 17, 2015 at 02:20:01PM +0000, Stefan Jakob wrote:
Hi Joel,
Announcing the /24 beside the /32s from each node isn't an option? Metric could be lowered too.
Rgds, Stefan
Nope. The reason I am asking for this is, that while attracting traffic for all the /32 routes, I do not want to clutter my peers routing table with all that small routes. Since the whole supernet is quite certainly only used by me and not by my peer, announcing the Supernet does not harm the integrity. I tried the method described earlier by Hans. I prevented the smaller routes from being announced to the peer, they are still exchanged via OSPF. I created blackhole routes for the supernets. They are announced via BGP to the peer with next hop self, but not to the OSPF. This leads to the small routes not cluttering the peers routing table and network visibility not changing in my VPN. This works for me - thank you very everybody :). Greetings, Joel -- Joel Brunenberg - Troisdorf PGP: 0xAD25981C
On 04/18/2015 12:33 AM, Joel Brunenberg wrote:
This leads to the small routes not cluttering the peers routing table and network visibility not changing in my VPN. This works for me - thank you very everybody :).
\o/ Have fun, -- Hans van Kranenburg - System / Network Engineer T +31 (0)10 2760434 | hans.van.kranenburg@mendix.com | www.mendix.com
participants (3)
-
Hans van Kranenburg -
Joel Brunenberg -
Stefan Jakob