Mailing List Archive

On Sun, 16 Nov 2003, Christian Hammers wrote:

> Hello
>
> I recevied the following through the Debian bug tracking system.
> Can anybody say if it is possible?

The table command, to whatever extent it works, /should/ work
regardless of the type of zebra route, AIUI. However, table command
doesnt work very well, not recc'd and badly thought out really.

> bye,
>
> -christian-

regards,
--
Paul Jakma paul@clubi.ie paul@jakma.org Key ID: 64A2FF6A
warning: do not ever send email to spam@dishone.st
Fortune:
Factorials were someone's attempt to make math LOOK exciting.

On Sun, 16 Nov 2003, Christian Hammers wrote:

> Hello
>
> I recevied the following through the Debian bug tracking system.
> Can anybody say if it is possible?
>
> bye,
>
> -christian-
>
> Brian May <bam@debian.org> http://bugs.debian.org/196034
>
> > Maybe this is already possible, but if so I couldn't work out how. In
> > this case, I would be grateful for a pointer to the documentation on how
> > to do it.
> >
> > Anyway, I want Zebra to only read/write routing rules to my "default"
> > kernel table (ie. the routine table called "default", or 253).

What is wrong with 254/main table?

> > This is because I want Zebra routes to take a lower priority then my
> > main table, according to the ip kernel rules I have already configured.

It is possible to add another table (for example: 5) with higher priority
and all required routes into this table.

> > The only command I could see in Zebra for doing anything like this is
> > the Zebra "table" command, however, this only seems to work for static
> > routes.
And it does not work ;-)

Best regards,

Krzysztof Olêdzki

On Mon, Nov 17, 2003 at 11:08:15AM +0100, Krzysztof Oledzki wrote:
> > > Maybe this is already possible, but if so I couldn't work out how. In
> > > this case, I would be grateful for a pointer to the documentation on how
> > > to do it.
> > >
> > > Anyway, I want Zebra to only read/write routing rules to my "default"
> > > kernel table (ie. the routine table called "default", or 253).
>
> What is wrong with 254/main table?

In my situation, I have two upstream Internet feeds. What
I intend to have is:

rules:

1 --> main (default routes for all dial-in PPP connections and eth0.
100 --> APANA (packets with APANA source address, goes to ippp0)
101 --> SWS (packets with SWS source address, goes to ppp0)
254 --> default (default for anything that doesn't match one of the above)
255 --> main (not used)

If I have quagga but rules in main, then this overrides the APANA
and SWS rules, but I don't want it to.

This causes problems for instance, if I send packets with a APANA
source address via SWS, they will get dropped by an aggressive
firewall policy upstream SWS who consider it a forged IP address.

Consider for instance if somebody pings my APANA ip address, I want to
reply to always by symmetric and go back via APANA even if the best
route would be back via SWS.

There are some other issues I need to think about, I don't have
time right now though.

> > > This is because I want Zebra routes to take a lower priority then my
> > > main table, according to the ip kernel rules I have already configured.
>
> It is possible to add another table (for example: 5) with higher priority
> and all required routes into this table.

The rules aren't static, and I can't see any easy way of telling ppp
for instance that it should put the routes in another table instead of
main.
(I hope I understood you).
--
Brian May <bam@debian.org>

On Tue, 18 Nov 2003, Brian May wrote:

> On Mon, Nov 17, 2003 at 11:08:15AM +0100, Krzysztof Oledzki wrote:
> > > > Maybe this is already possible, but if so I couldn't work out how. In
> > > > this case, I would be grateful for a pointer to the documentation on how
> > > > to do it.
> > > >
> > > > Anyway, I want Zebra to only read/write routing rules to my "default"
> > > > kernel table (ie. the routine table called "default", or 253).
> >
> > What is wrong with 254/main table?
>
> In my situation, I have two upstream Internet feeds. What
> I intend to have is:
>
> rules:
>
> 1 --> main (default routes for all dial-in PPP connections and eth0.
> 100 --> APANA (packets with APANA source address, goes to ippp0)
> 101 --> SWS (packets with SWS source address, goes to ppp0)
> 254 --> default (default for anything that doesn't match one of the above)
> 255 --> main (not used)
>
> If I have quagga but rules in main, then this overrides the APANA
> and SWS rules, but I don't want it to.

Why? If you add:

ip rule add from APANA's_IPs table 100
ip rule add from SWS's_IPs table 101

ip rule add from APANA's_IPs to APANA's_IPs table 254
ip rule add from APANA's_IPs to SWS's_IPs table 254

ip rule add from SWS's_IPs to APANA's_IPs table 254
ip rule add from SWS's_IPs to SWS's_IPs table 254


ip route add 0/0 via APNAgw table 100
ip route add 0/0 via SWSgw table 101

then everything should work just fine. And yes, "ip rule add" are in
reverse order.

> This causes problems for instance, if I send packets with a APANA
> source address via SWS, they will get dropped by an aggressive
> firewall policy upstream SWS who consider it a forged IP address.
>
> Consider for instance if somebody pings my APANA ip address, I want to
> reply to always by symmetric and go back via APANA even if the best
> route would be back via SWS.
>
> There are some other issues I need to think about, I don't have
> time right now though.
Yes, this is a quite common prooblem :)

> > > > This is because I want Zebra routes to take a lower priority then my
> > > > main table, according to the ip kernel rules I have already configured.
> >
> > It is possible to add another table (for example: 5) with higher priority
> > and all required routes into this table.
>
> The rules aren't static, and I can't see any easy way of telling ppp
> for instance that it should put the routes in another table instead of
> main.
What about using ip from iproute2 in /etc/ppp/ip-up with "ip route add
(...) table (..)"?

Best regards,

Krzysztof Olêdzki

>>>>> "Krzysztof" == Krzysztof Oledzki <oleq@ans.pl> writes:

>> 1 --> main (default routes for all dial-in PPP connections and
>> eth0. 100 --> APANA (packets with APANA source address, goes
>> to ippp0) 101 --> SWS (packets with SWS source address, goes to
>> ppp0) 254 --> default (default for anything that doesn't match
>> one of the above) 255 --> main (not used)
>>
>> If I have quagga but rules in main, then this overrides the
>> APANA and SWS rules, but I don't want it to.

Krzysztof> Why? If you add:

Krzysztof> ip rule add from APANA's_IPs table 100
Krzysztof> ip rule add from SWS's_IPs table 101

Krzysztof> ip rule add from APANA's_IPs to APANA's_IPs table 254
Krzysztof> ip rule add from APANA's_IPs to SWS's_IPs table 254

Krzysztof> ip rule add from SWS's_IPs to APANA's_IPs table 254
Krzysztof> ip rule add from SWS's_IPs to SWS's_IPs table 254


Krzysztof> ip route add 0/0 via APNAgw table 100 ip route add 0/0
Krzysztof> via SWSgw table 101

Krzysztof> then everything should work just fine. And yes, "ip
Krzysztof> rule add" are in reverse order.

Sorry about the delay in replying.

I am not sure that the above helps. There might be some confusion
here though, so I will details (note: I will use SWS to mean SWS's IPs
and APANA to mean APANA's IPs; APANA(eth0) is an APANA IP address on
the Ethernet). Anyway, this is what I have at the moment:

source ---> destination routing_table/destination

* ---> APANA(eth0) main/eth0
* ---> APANA(ppp0) main/ppp0

SWS ---> SWS SWS/ppp0
SWS ---> APANA SWS/ppp0
SWS ---> * main/{eth0,ppp+}
SWS ---> * default/{ippp0,ppp0}

APANA ---> SWS APANA/ippp0
APANA ---> APANA APANA/ippp0
APANA ---> * main/{eth0,ippp0,ppp+}
APANA ---> * default/{ippp0,ppp+,....}

* ---> * default/{eth0,ippp0,ppp+,....}

The problem is with the top two entries.

Sure, I could create a rule for every APANA IP address on eth0 or ppp0,
but this seems to be duplicating what is going in to main routing table;
It seems wasteful to have two tables with almost identical information.

I could, I guess move the routes from "main" to another table; this
would mean modifying every interface to not automatically add a route
to main, but use another table instead.

It seemed simpler to change just one program, quagga, to put routes in
the default table instead of the main table. Perhaps I am mistaken?

I hope this helps explain the situation a bit better then before.
--
Brian May <bam@debian.org>