Re: OpenBSDd functionality equal to "neighbor allowas-in"?
Original-Nachricht > Datum: Sun, 8 Jan 2012 15:50:53 +0100 > Von: Claudio Jeker > An: misc@openbsd.org > Betreff: Re: OpenBSDd functionality equal to "neighbor allowas-in"? > On Sat, Jan 07, 2012 at 09:21:35AM +0100, Pete Vickers wrote: > > SOO can be used for loop detection, but only if your bgp peerings don't > strip > > extended communities. > > > > another dirty hack would be to get the peer to aggregate your 'remote' > > prefixes towards you (without as-set) to conceal the ASN. beware that > ebgp > > routes are prefered over ibgp by default though - this is a gun & and > your > > feet look tempting. > > > > Not sure but I think it should be possible to run an iBGP session between > the two border routers and use "nexthop qualify via bgp". At least that > would be my initial approach if I had such a problem. Just use the > external IP addrs to make the session. > If you don't need dynamic routing to reach the other BGP then you could > even use static routes and skip the "nexthop qualify via bgp". Thanks a lot for your multiple answers; I'll talk to our Cisco guru in order to see what would be the best solution here. Thanks again! Donald > -- > :wq Claudio > > > /Pete > > > > > > On 6. jan. 2012, at 22:01, Stuart Henderson wrote: > > > > > On 2012-01-06, Donald Reichert wrote: > > >> Hi list, > > >> > > >> I'd like to replace some Ciscos by OpenBSD machines. > > >> > > >> On the routers I have configured the possibility to span networks > from our > > own AS over peerings, Cisco speak: neighbor x.x.x.x allowas-in > > >> > > >> This is needed for disjunct networks. > > >> > > >> I didn't find a clue how to do this with OpenBGPd - any hints? > > >> > > >> Thanks, > > >> > > >> Donald > > > > > > Not currently possible, it will need code changes. Normally this check > > > is done to prevent route loops. It shouldn't be too hard to naively > hack > > > this type of option into place, but I'm not sure what else might need > > > to be done to avoid loops. > -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
Re: OpenBSDd functionality equal to "neighbor allowas-in"?
On Sat, Jan 07, 2012 at 09:21:35AM +0100, Pete Vickers wrote: > SOO can be used for loop detection, but only if your bgp peerings don't strip > extended communities. > > another dirty hack would be to get the peer to aggregate your 'remote' > prefixes towards you (without as-set) to conceal the ASN. beware that ebgp > routes are prefered over ibgp by default though - this is a gun & and your > feet look tempting. > Not sure but I think it should be possible to run an iBGP session between the two border routers and use "nexthop qualify via bgp". At least that would be my initial approach if I had such a problem. Just use the external IP addrs to make the session. If you don't need dynamic routing to reach the other BGP then you could even use static routes and skip the "nexthop qualify via bgp". -- :wq Claudio > /Pete > > > On 6. jan. 2012, at 22:01, Stuart Henderson wrote: > > > On 2012-01-06, Donald Reichert wrote: > >> Hi list, > >> > >> I'd like to replace some Ciscos by OpenBSD machines. > >> > >> On the routers I have configured the possibility to span networks from our > own AS over peerings, Cisco speak: neighbor x.x.x.x allowas-in > >> > >> This is needed for disjunct networks. > >> > >> I didn't find a clue how to do this with OpenBGPd - any hints? > >> > >> Thanks, > >> > >> Donald > > > > Not currently possible, it will need code changes. Normally this check > > is done to prevent route loops. It shouldn't be too hard to naively hack > > this type of option into place, but I'm not sure what else might need > > to be done to avoid loops.
Re: OpenBSDd functionality equal to "neighbor allowas-in"?
You can work around this by pointing a default at your provider, too. But it is kind of yucky. On Sat, Jan 07, 2012 at 09:21:35AM +0100, Pete Vickers wrote: > SOO can be used for loop detection, but only if your bgp peerings don't strip > extended communities. > > another dirty hack would be to get the peer to aggregate your 'remote' > prefixes towards you (without as-set) to conceal the ASN. beware that ebgp > routes are prefered over ibgp by default though - this is a gun & and your > feet look tempting. > > /Pete > > > On 6. jan. 2012, at 22:01, Stuart Henderson wrote: > > > On 2012-01-06, Donald Reichert wrote: > >> Hi list, > >> > >> I'd like to replace some Ciscos by OpenBSD machines. > >> > >> On the routers I have configured the possibility to span networks from our > own AS over peerings, Cisco speak: neighbor x.x.x.x allowas-in > >> > >> This is needed for disjunct networks. > >> > >> I didn't find a clue how to do this with OpenBGPd - any hints? > >> > >> Thanks, > >> > >> Donald > > > > Not currently possible, it will need code changes. Normally this check > > is done to prevent route loops. It shouldn't be too hard to naively hack > > this type of option into place, but I'm not sure what else might need > > to be done to avoid loops.
Re: OpenBSDd functionality equal to "neighbor allowas-in"?
SOO can be used for loop detection, but only if your bgp peerings don't strip extended communities. another dirty hack would be to get the peer to aggregate your 'remote' prefixes towards you (without as-set) to conceal the ASN. beware that ebgp routes are prefered over ibgp by default though - this is a gun & and your feet look tempting. /Pete On 6. jan. 2012, at 22:01, Stuart Henderson wrote: > On 2012-01-06, Donald Reichert wrote: >> Hi list, >> >> I'd like to replace some Ciscos by OpenBSD machines. >> >> On the routers I have configured the possibility to span networks from our own AS over peerings, Cisco speak: neighbor x.x.x.x allowas-in >> >> This is needed for disjunct networks. >> >> I didn't find a clue how to do this with OpenBGPd - any hints? >> >> Thanks, >> >> Donald > > Not currently possible, it will need code changes. Normally this check > is done to prevent route loops. It shouldn't be too hard to naively hack > this type of option into place, but I'm not sure what else might need > to be done to avoid loops.
Re: OpenBSDd functionality equal to "neighbor allowas-in"?
On 2012-01-06, Donald Reichert wrote: > Hi list, > > I'd like to replace some Ciscos by OpenBSD machines. > > On the routers I have configured the possibility to span networks from our > own AS over peerings, Cisco speak: neighbor x.x.x.x allowas-in > > This is needed for disjunct networks. > > I didn't find a clue how to do this with OpenBGPd - any hints? > > Thanks, > > Donald Not currently possible, it will need code changes. Normally this check is done to prevent route loops. It shouldn't be too hard to naively hack this type of option into place, but I'm not sure what else might need to be done to avoid loops.
OpenBSDd functionality equal to "neighbor allowas-in"?
Hi list, I'd like to replace some Ciscos by OpenBSD machines. On the routers I have configured the possibility to span networks from our own AS over peerings, Cisco speak: neighbor x.x.x.x allowas-in This is needed for disjunct networks. I didn't find a clue how to do this with OpenBGPd - any hints? Thanks, Donald -- NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurChttp://www.gmx.net/de/go/freephone