Re: redistributing routes
Hi Tony, On Sat, 23 Oct 2010 18:44:46 +0700, Tony Sarendal t...@polarcap.org wrote: Is there a way to redistribute routes from BGP to OSPF using bgpd and ospfd ? on bgpd.conf you might want to do this: match from $peer1 inet prefix xxx.xxx.xxx.xxx/xx prefixlen bla_bla set rtlabel from_bgpd on ospfd.conf you do this: redistribute rtlabel from_bgpd I have a network where the core concists of openbsd devices using bgpd to distribute routing information. At present we need to use static routing if we connect devices that do not support BGP. Regards Tony Good Luck, -- Using Opera's revolutionary email client: http://www.opera.com/mail/
Re: redistributing routes
On Sat, Oct 23, 2010 at 2:05 PM, Insan Praja SW insan.pr...@gmail.comwrote: Hi Tony, On Sat, 23 Oct 2010 18:44:46 +0700, Tony Sarendal t...@polarcap.org wrote: Is there a way to redistribute routes from BGP to OSPF using bgpd and ospfd ? on bgpd.conf you might want to do this: match from $peer1 inet prefix xxx.xxx.xxx.xxx/xx prefixlen bla_bla set rtlabel from_bgpd on ospfd.conf you do this: redistribute rtlabel from_bgpd I have a network where the core concists of openbsd devices using bgpd to distribute routing information. At present we need to use static routing if we connect devices that do not support BGP. Regards Tony Good Luck, I was considering an approach like that, but the bgpd man page suggests that it wouldnt work. ATTRIBUTE SET AS path attributes can be modified with set. set can be used on network statements, in neighbor or group blocks, and on filter rules. Attribute sets can be expressed as lists. The following attributes can be modified: ... rtlabel label Add the prefix with the specified label to the kernel routing table. Is this an error in the page or me reading it wrong ? If this works as expected, is this the recommended way of doing it ? Regards Tony
Re: redistributing routes
On Sat, 23 Oct 2010 19:25:22 +0700, Tony Sarendal t...@polarcap.org wrote: On Sat, Oct 23, 2010 at 2:05 PM, Insan Praja SW insan.pr...@gmail.comwrote: Hi Tony, On Sat, 23 Oct 2010 18:44:46 +0700, Tony Sarendal t...@polarcap.org wrote: Is there a way to redistribute routes from BGP to OSPF using bgpd and ospfd ? on bgpd.conf you might want to do this: match from $peer1 inet prefix xxx.xxx.xxx.xxx/xx prefixlen bla_bla set rtlabel from_bgpd on ospfd.conf you do this: redistribute rtlabel from_bgpd I have a network where the core concists of openbsd devices using bgpd to distribute routing information. At present we need to use static routing if we connect devices that do not support BGP. Regards Tony Good Luck, I was considering an approach like that, but the bgpd man page suggests that it wouldnt work. ATTRIBUTE SET AS path attributes can be modified with set. set can be used on network statements, in neighbor or group blocks, and on filter rules. Attribute sets can be expressed as lists. The following attributes can be modified: ... rtlabel label Add the prefix with the specified label to the kernel routing table. Is this an error in the page or me reading it wrong ? If this works as expected, is this the recommended way of doing it ? Regards Tony well, bgpd stores the prefixes with label to kernel, and ospfd read this label from kernel, and distribute them. -- Using Opera's revolutionary email client: http://www.opera.com/mail/
Re: redistributing routes
* Tony Sarendal t...@polarcap.org [2010-10-23 14:29]: rtlabel label Add the prefix with the specified label to the kernel routing table. Is this an error in the page or me reading it wrong ? debatable... this could be worded better. with rtlabel foo, bgpd will add the label foo to all routes it inserts. If this works as expected, is this the recommended way of doing it ? i don't see anything wrong with that approach. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: redistributing routes
On Sat, Oct 23, 2010 at 3:07 PM, Henning Brauer lists-open...@bsws.dewrote: * Tony Sarendal t...@polarcap.org [2010-10-23 14:29]: rtlabel label Add the prefix with the specified label to the kernel routing table. Is this an error in the page or me reading it wrong ? debatable... this could be worded better. with rtlabel foo, bgpd will add the label foo to all routes it inserts. If this works as expected, is this the recommended way of doing it ? i don't see anything wrong with that approach. Very good. Thanks. Regards Tony
Re: redistributing routes
On Sat, Oct 23, 2010 at 03:20:45PM +0200, Tony Sarendal wrote: On Sat, Oct 23, 2010 at 3:07 PM, Henning Brauer lists-open...@bsws.dewrote: * Tony Sarendal t...@polarcap.org [2010-10-23 14:29]: rtlabel label Add the prefix with the specified label to the kernel routing table. Is this an error in the page or me reading it wrong ? debatable... this could be worded better. with rtlabel foo, bgpd will add the label foo to all routes it inserts. If this works as expected, is this the recommended way of doing it ? i don't see anything wrong with that approach. Very good. Thanks. Regards Tony I am currently taking two (soon to be three) BGP feeds, and I am redistributing 12K routes into our OSPF infrastructure without problems. I label the routes from each feed and tell ospfd to redistribute routes from particular labels. I also filter the BGP info based on community. Ken
Re: redistributing routes
On 2010-10-23, Tony Sarendal t...@polarcap.org wrote: rtlabel label Add the prefix with the specified label to the kernel routing table. I think this should be: Add the prefix to the kernel routing table with the specified label. Index: bgpd.conf.5 === RCS file: /cvs/src/usr.sbin/bgpd/bgpd.conf.5,v retrieving revision 1.112 diff -u -p -r1.112 bgpd.conf.5 --- bgpd.conf.5 13 Oct 2010 21:04:13 - 1.112 +++ bgpd.conf.5 23 Oct 2010 16:12:36 - @@ -1432,9 +1432,9 @@ times to the .Em AS path . .Pp .It Ic rtlabel Ar label -Add the prefix with the specified -.Ar label -to the kernel routing table. +Add the prefix to the kernel routing table +with the specified +.Ar label . .Pp .It Ic weight Ar number The ...maybe we could also add something like, Can be used to redistribute routes to another routing protocol daemon, or maybe we should leave that for people to figure out themselves.
Re: redistributing routes
On Sat, Oct 23, 2010 at 6:16 PM, Stuart Henderson s...@spacehopper.orgwrote: On 2010-10-23, Tony Sarendal t...@polarcap.org wrote: rtlabel label Add the prefix with the specified label to the kernel routing table. I think this should be: Add the prefix to the kernel routing table with the specified label. Index: bgpd.conf.5 === RCS file: /cvs/src/usr.sbin/bgpd/bgpd.conf.5,v retrieving revision 1.112 diff -u -p -r1.112 bgpd.conf.5 --- bgpd.conf.5 13 Oct 2010 21:04:13 - 1.112 +++ bgpd.conf.5 23 Oct 2010 16:12:36 - @@ -1432,9 +1432,9 @@ times to the .Em AS path . .Pp .It Ic rtlabel Ar label -Add the prefix with the specified -.Ar label -to the kernel routing table. +Add the prefix to the kernel routing table +with the specified +.Ar label . .Pp .It Ic weight Ar number The ...maybe we could also add something like, Can be used to redistribute routes to another routing protocol daemon, or maybe we should leave that for people to figure out themselves. How does OpenBSD handle the same prefix being in both bgpd and ospfd ? I connect devices to the core network using two core routers and redistributing BGP-OSPF would be happening on both of them. Regards Tony
Re: redistributing routes
* Tony Sarendal t...@polarcap.org [2010-10-23 19:03]: How does OpenBSD handle the same prefix being in both bgpd and ospfd ? in general? OSPF routes have priority over BGP routes. that's implemented kernel routing table side and the daemons setting the priority field to their respective priorities when inserting their routes. I connect devices to the core network using two core routers and redistributing BGP-OSPF would be happening on both of them. that I dunno OTOH -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: redistributing routes
On Sat, Oct 23, 2010 at 8:02 PM, Henning Brauer lists-open...@bsws.dewrote: * Tony Sarendal t...@polarcap.org [2010-10-23 19:03]: How does OpenBSD handle the same prefix being in both bgpd and ospfd ? in general? OSPF routes have priority over BGP routes. that's implemented kernel routing table side and the daemons setting the priority field to their respective priorities when inserting their routes. Does this mean that bgpd and ospfd can happily co-exist on the same box ? As an example: Prefix A shows up in BGP, later it shows up in OSPF, even later it is withdrawn from OSPF. Will the prefix in BGP now be in the fib ? OSPF being the winner is not optimal in my case, but being predictable is good enough. I connect devices to the core network using two core routers and redistributing BGP-OSPF would be happening on both of them. that I dunno OTOH Being able to redist BGP-OSPF and not connecting ospfd to the fib would do what I want. Unfortunately the manpage for ospfd.conf doesn't seem to support this setup. fib-update (yes|no) If set to no, do not update the Forwarding Information Base, a.k.a. the kernel routing table. The default is yes. Setting fib-update to no will implicitly set the stub router option to ensure that no traffic tries to transit via this router. Regards Tony
Re: redistributing routes
On Sat, Oct 23, 2010 at 8:45 PM, Tony Sarendal t...@polarcap.org wrote: On Sat, Oct 23, 2010 at 8:02 PM, Henning Brauer lists-open...@bsws.dewrote: * Tony Sarendal t...@polarcap.org [2010-10-23 19:03]: How does OpenBSD handle the same prefix being in both bgpd and ospfd ? in general? OSPF routes have priority over BGP routes. that's implemented kernel routing table side and the daemons setting the priority field to their respective priorities when inserting their routes. Does this mean that bgpd and ospfd can happily co-exist on the same box ? As an example: Prefix A shows up in BGP, later it shows up in OSPF, even later it is withdrawn from OSPF. Will the prefix in BGP now be in the fib ? OSPF being the winner is not optimal in my case, but being predictable is good enough. I connect devices to the core network using two core routers and redistributing BGP-OSPF would be happening on both of them. that I dunno OTOH Being able to redist BGP-OSPF and not connecting ospfd to the fib would do what I want. Unfortunately the manpage for ospfd.conf doesn't seem to support this setup. fib-update (yes|no) If set to no, do not update the Forwarding Information Base, a.k.a. the kernel routing table. The default is yes. Setting fib-update to no will implicitly set the stub router option to ensure that no traffic tries to transit via this router. I mean this would do what I want if bgpd and ospfd can't co-exist. Regards Tony
Re: redistributing routes
* Tony Sarendal t...@polarcap.org [2010-10-23 20:50]: On Sat, Oct 23, 2010 at 8:02 PM, Henning Brauer lists-open...@bsws.dewrote: * Tony Sarendal t...@polarcap.org [2010-10-23 19:03]: How does OpenBSD handle the same prefix being in both bgpd and ospfd ? in general? OSPF routes have priority over BGP routes. that's implemented kernel routing table side and the daemons setting the priority field to their respective priorities when inserting their routes. Does this mean that bgpd and ospfd can happily co-exist on the same box ? of course! As an example: Prefix A shows up in BGP, later it shows up in OSPF, even later it is withdrawn from OSPF. Will the prefix in BGP now be in the fib ? yes. I connect devices to the core network using two core routers and redistributing BGP-OSPF would be happening on both of them. that I dunno OTOH actually, I am pretty sure the right thing will happen, i. e. ospf wins, now that i thought about it. you could change the priority in bgpd or ospfd - but there is no config option for that. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: Redistributing routes for IPSec tunnels with OpenOSPFD
On 2008-06-17, Russell Howe [EMAIL PROTECTED] wrote:
I have a pair of firewall routers running OpenBSD (4.1 and 4.2 at
present - need to get them updated) and I recently added an IPsec tunnel
to their configurations, using ipsecctl and ipsec.conf complete with
sasyncd.
This works fine, and the host which is master of the carp interface I've
told isakmpd to use gets routes to and from the remote network in the
Encap section of route(8)'s output.
I tie sasyncd to a carp(4) interface and configure that interface with
a prefix that covers all of the IPsec routes on that cluster, and list
it in ospfd.conf like interface carp46 { passive }. It's a bit messy
but works reasonably well.
