Route preference for one address
Hello, I started using bird some days ago from zero knowledge. With the different docs I found all around I understand a little bit more how that works. My configuration is made of 2 sites connected by 2 seperated links. Each link have a dedicated vpn connection for internal routing. One nominal link and one backup. In case of failure, the switch from one link to the other is working. What I want to do now, is to force the routing for one specific address (/32) via the backup link whereas the rest of the /24 is using the first one. And in case of failure of the backup link, the /32 should use the first one. I tried different things and from what I have found, my configuration is working partially. I mean there is no fallback to the first link if the second is in failed state. I tried with static routing and export filter. With static: protocol static s_special { import all; route 192.168.1.78/32 via 10.194.11.2 { preference = 250; }; } The route stays active when the link is down so the traffic can not go back to source. With filter: filter export2kernel { if net = 192.168.1.78/32 then ifname = "tun1"; accept; } The same thing happens. I took a look also to preference/cost/... but I am unable to achieve what I am looking to do. So my question, what should I look for to have this working like explained ? What information should I provide if it is not clear ? Thanks in advance, Kay
Le Mon, 16 Dec 2019 20:54:16 +0000, kc atgb <kisscoolandthegangbang@hotmail.fr> a écrit :
Hello,
I started using bird some days ago from zero knowledge. With the different docs I found all around I understand a little bit more how that works.
My configuration is made of 2 sites connected by 2 seperated links. Each link have a dedicated vpn connection for internal routing. One nominal link and one backup. In case of failure, the switch from one link to the other is working.
What I want to do now, is to force the routing for one specific address (/32) via the backup link whereas the rest of the /24 is using the first one. And in case of failure of the backup link, the /32 should use the first one.
I tried different things and from what I have found, my configuration is working partially. I mean there is no fallback to the first link if the second is in failed state. I tried with static routing and export filter.
With static: protocol static s_special { import all;
route 192.168.1.78/32 via 10.194.11.2 { preference = 250; }; }
The route stays active when the link is down so the traffic can not go back to source.
With filter: filter export2kernel {
if net = 192.168.1.78/32 then ifname = "tun1";
accept; }
The same thing happens.
I took a look also to preference/cost/... but I am unable to achieve what I am looking to do.
So my question, what should I look for to have this working like explained ? What information should I provide if it is not clear ?
Thanks in advance, Kay
Hi, After rereading there some informations that are missing I think, sorry. I'm running bird 1.6.8 on FreeBSD 11.2R x86_64. I'm trying to achieve above setup with ospf protocol. And here is what the network look like. ____ ____ | | | VPNLINK1 | | | 10.194.0.0/16 | | |-------------| | | 192.168.1.0/24 | | | | | | | ---- | R1 | | R2 | ---- | | | | | | | | | |-------------| | | | |____| VPNLINK2 |____| | Kay,
On 17.12.19 12:17, kc atgb wrote:
____ ____ | | | VPNLINK1 | | | 10.194.0.0/16 | | |-------------| | | 192.168.1.0/24 | | | | | | | ---- | R1 | | R2 | ---- | | | | | | | | | |-------------| | | | |____| VPNLINK2 |____| |
Do you control both routers? Then let R2 announce the host router over the backup link to R1 and vice versa. If the backup link goes down, the announcement will not be there any more. Regards -- Robert Sander Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin https://www.heinlein-support.de Tel: 030 / 405051-43 Fax: 030 / 405051-19 Amtsgericht Berlin-Charlottenburg - HRB 93818 B Geschäftsführer: Peer Heinlein - Sitz: Berlin
Le Tue, 17 Dec 2019 13:20:35 +0100, Robert Sander <r.sander@heinlein-support.de> a écrit :
On 17.12.19 12:17, kc atgb wrote:
____ ____ | | | VPNLINK1 | | | 10.194.0.0/16 | | |-------------| | | 192.168.1.0/24 | | | | | | | ---- | R1 | | R2 | ---- | | | | | | | | | |-------------| | | | |____| VPNLINK2 |____| |
Do you control both routers?
Yes I have full access for both.
Then let R2 announce the host router over the backup link to R1 and vice versa. If the backup link goes down, the announcement will not be there any more.
You mean without any routing protocol ? Just full static routing into the system ?
Regards
On 17.12.19 14:13, kc atgb wrote:
You mean without any routing protocol ? Just full static routing into the system ?
No, with BGP. R2 announces the host route via BGP on the backup link to R1. If the backup link goes down, the BGP session is terminated and the announcement not valid any more. Regards -- Robert Sander Heinlein Support GmbH Schwedter Str. 8/9b, 10119 Berlin https://www.heinlein-support.de Tel: 030 / 405051-43 Fax: 030 / 405051-19 Amtsgericht Berlin-Charlottenburg - HRB 93818 B Geschäftsführer: Peer Heinlein - Sitz: Berlin
Le Tue, 17 Dec 2019 14:17:50 +0100, Robert Sander <r.sander@heinlein-support.de> a écrit :
On 17.12.19 14:13, kc atgb wrote:
You mean without any routing protocol ? Just full static routing into the system ?
No, with BGP. R2 announces the host route via BGP on the backup link to R1. If the backup link goes down, the BGP session is terminated and the announcement not valid any more.
Oh. The information was not there in the first message. I added it later. I'm trying to do that with OSPF. With the static protocol or a filter to export from ospf to kernel, part of these configs is in the OP, I am able to force the route back via the backup link. But when the backup link is down, the routes persists. I am not sure why for now. Maybe because the interface stays up. It's an openvpn tunnel. The tun interface stays up on the server. Or maybe because OSPF configuration is export via the nominal link which is up, so the static or export filter is always on. I'm still trying.
Regards
participants (2)
-
kc atgb -
Robert Sander