Well, it doesn't... And it does. SPLAT's base image comes with Zebra installed, but not configured or running. It's a simple matter to create a zebra.conf and ospfd.conf file and launch the daemons on boot. I've gotten it running and it works fine, except in a Multipath environment which leads me to suspect that the kernel doesn't support multipath. I've talked to my checkpoint account team about the forthcoming SPLAT advanced routing option, which you are referring to. Apparently it'll be at an additional cost (to be determined) and will not be out until approximately June. It may be advantageous to just use Linux instead of SPLAT to avoid the waiting and the additional cost of this advanced routing option.
Jeff Jarmoc - CCSA, CCNA, MCSE Sr. Network Analyst - Grubb & Ellis [EMAIL PROTECTED] -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 17, 2005 11:52 AM To: [email protected] Subject: Re: [FW-1] Multipath OSPF on SPLAT At this point, SPLAT does not support dynamic routing protocols such as OSPF. I believe this is planned for later on this year... Regards, Matt Goddard CCSA, MCSE, CCNA Security Information Team Schneider National, Inc. ph: 920.592.4787 "Anyone who has never made a mistake has never tried anything new." -Albert Einstein |---------+--------------------------------------------> | | "Jarmoc, Jeff" | | | <[EMAIL PROTECTED]> | | | Sent by: Mailing list for | | | discussion of Firewall-1 | | | <[EMAIL PROTECTED]| | | KPOINT.COM> | | | | | | | | | 03/17/2005 11:20 AM | | | Please respond to Mailing list | | | for discussion of Firewall-1 | |---------+--------------------------------------------> >----------------------------------------------------------------------- -----------------------| | | | To: [email protected] | | cc: | | Subject: [FW-1] Multipath OSPF on SPLAT | >----------------------------------------------------------------------- -----------------------| I'm running OSPF via Zebra on Secureplatform in a test/proof of concept environment. The problem I'm experiencing pertains to Multipath OSPF. For redundancy purposes, several IP networks in my environment have multiple routes. Zebra shows this multiple routes normally, however they are not passed to the kernel and not visible via the 'ip route' command on the SPLAT box. I've found several references to this issue in Zebra documentation and discussion groups (see links). Basically, they stipulate that Zebra and the Linux kernel must be compiled with Multipath support. Given that Zebra is displaying the multipath routes correctly, it appears it has the requisite support. However, my thinking now is that the kernel is not compiled with this option. Here's an example scenario -- The preferred route is available via the kernel routing table, but the second route is not shown. Both routes are shown in zebra through the 'sh ip ospf database' command. If the primary route is made unavailable it disappears from the routing tables in both Zebra and the kernel routing table. In Zebra, the secondary route is then shown via 'show ip route' but the kernel will not show any route for this network, and the network becomes unreachable. Is anyone aware of a reference documenting what options are compiled into the Linux kernel? Has anyone had success in getting multipath routes learned via Zebra's OSPF to pass to the SPLAT kernel routing table? Obviously, recompiling the SPLAT kernel is not an option, but I'd like to be certain one way or the other whether the kernel lacks support for multipath before scrapping SPLAT in favor of a full fledged Linux deployment or some other solution. http://pilot.org.ua/zebra/kodgehopper-ecmp.html http://pilot.org.ua/zebra/zebra.html Thanks for your help. Jeff Jarmoc - CCSA, CCNA, MCSE Sr. Network Analyst - Grubb & Ellis [EMAIL PROTECTED] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
