Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Quagga>
  3. Users
Importing routes into Quagga from XFRM
tomkcpr at mdevsys
Oct 25, 2020, 10:56 AM
Post #1 of 2 (688 views)
Permalink
Hey Everyone,

I'm interested in finding out how to import routes from XFRM tables
(220) into Quagga (OSPF, 254)?

The XFRM policy based rules are saved in table 220 while Quagga (OSPF)
saves the routes in table 254. I have a IPSec StrongSwan on-prem GW
paired up with one of the Cloud providers. The connection is
established however I can't ping the remote VLAN's from any other device
on the on-prem network except from the on-prem GW itself.

I would like to make OSPF aware of table 220 so it can import the rules.
Or at least find another way to export the rules in table 220 and into
table 254. Is this possible?

--
Thx,
TK.
_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users
Re: Importing routes into Quagga from XFRM [ In reply to ]
mf at 14v
Oct 26, 2020, 10:29 AM
Post #2 of 2 (688 views)
Permalink
On Mon, Oct 26, 2020 at 12:00:02PM +0000, quagga-users-request@lists.quagga.net wrote:
> Message: 1
> Date: Sun, 25 Oct 2020 13:56:53 -0400
> From: TomK <tomkcpr@mdevsys.com>
> To: quagga-users@lists.quagga.net
> Subject: [quagga-users 15041] Importing routes into Quagga from XFRM
> Message-ID: <e7eb63f4-497d-3379-65a4-53fe5730bc03@mdevsys.com>
> Content-Type: text/plain; charset=utf-8; format=flowed
>
> Hey Everyone,
>
> I'm interested in finding out how to import routes from XFRM tables
> (220) into Quagga (OSPF, 254)?
>
> The XFRM policy based rules are saved in table 220 while Quagga (OSPF)
> saves the routes in table 254. I have a IPSec StrongSwan on-prem GW
> paired up with one of the Cloud providers. The connection is
> established however I can't ping the remote VLAN's from any other device
> on the on-prem network except from the on-prem GW itself.
>
> I would like to make OSPF aware of table 220 so it can import the rules.
> Or at least find another way to export the rules in table 220 and into
> table 254. Is this possible?


Hi, I would try to solve this (mostly) outside of quagga. You could
follow routing changes indicated in the output of

ip monitor route

and add/delete route entries in default table appropriately.
You need to make sure you filter out your own route additions/deletions
from the "ip monitor route" output stream, or you might run into endless
loops.

With that done, you have these routes as static routes in the default
table, and you can use

router ospf
redistribute kernel ...

in ospfd.conf to feed these routes to OSPF.

Matthias
_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal