*Hi Ondrej,*
* Thanks for your help.*
* If I use nftables to let all interfaces from downstream go to table
101. *
* However, my nodes are directly connected to each other via BGP,
which means I can't specify routing tables via interfaces. The fwmark
should also not be used in different nodes, that is to say, the fwmark
should disappear when the data packet is sent to my two nodes*.Is it right?
On Tue, 3 May 2022, 04:14 Toke Høiland-Jørgensen, wrote:
> Ondrej Zajicek writes:
>
> > On Mon, May 02, 2022 at 05:06:48PM +0800, Huiyuze Zhi wrote:
> >> Hi there,
> >> I'm having some issues with using bird2 to carry downstream. I
> have
> >> two different types of upstream. One can take downstream and the other
> >> cannot. I use bgp_large_community (141011, 3, xxx) to mark every prefix
> >> from upstream which can taken downstream and I sent those prefixes to my
> >> downstream. But when my upstream(which can take downstream) and
> upstream(which
> >> cannot take downstream) sent the same prefix, bgp_large_community ~
> >> [(141011, 3 *)] then accept would filter both prefixes since they have
> the
> >> same destination.
> >>
> >> For example,one has BGP.large_community (141011, 3, 27000) and other
> not.So
> >> this prefix would be filtered, but I don't want it happens.
> >
> > Hi
> >
> > You can define downstream specific routing table (in BIRD)
> >
> > ipv6 table down6;
> >
> > and define pipe to connect it with master6 table:
> >
> > protocol pipe {
> > table master6;
> > peer table down6;
> > import all;
> > export where ;
> > }
> >
> >
> > As the pipe handles all routes, not just the best ones, it will propagate
> > all routes from the upstream(which can take downstream) tho the second
> table.
> >
> >
> >> In addition, if I successfully export the prefixes that come
> >> from upstream
> >> can take downstream. When packages go through the kernel, they may also
> go
> >> through upstreamthat cannot take downstream.
> >> My idea is to let two different types of prefixes in different route
> >> tables. Table 100(All routing tables from BGP)and Table 101 (Only from
> Tier
> >> 1 ISP and can carry downstream routing table) and use IP rule command
> let
> >> ever prefixes that my downstream export to me via table 101. But there
> are
> >> so many prefixes so I do it by manual is impossible. and it seems bird2
> >> doesn't support ip rule.
> >
> > Yes, you can connect kernel protocol to the second bird table and feed
> the
> > kernel table 101.
> >
> > You are right, bird2 does not support ip role. But if you have many
> > prefixes from downstream, then putting them all as separate ip rules
> > would be unreasonable anyways, ip rules are processed sequentially and
> > would be slow with many rules (i do not know whether ip sets are allowed
> > in ip rules or they are allowed just in netfilter).
>
> You can't use sets directly in ip rules; you can match on fwmark,
> though, and set that using sets in netfilter; but obviously that
> requires a separate step to install such netfilter rules...
>
> -Toke
>
