[quagga-dev 491] Re: Linux kernel routing table support for daemons, too?

Krzysztof Oledzki oleq at ans.pl
Wed Nov 19 21:36:55 GMT 2003



On Tue, 18 Nov 2003, Brian May wrote:

> On Mon, Nov 17, 2003 at 11:08:15AM +0100, Krzysztof Oledzki wrote:
> > > > Maybe this is already possible, but if so I couldn't work out how. In
> > > > this case, I would be grateful for a pointer to the documentation on how
> > > > to do it.
> > > >
> > > > Anyway, I want Zebra to only read/write routing rules to my "default"
> > > > kernel table (ie. the routine table called "default", or 253).
> >
> > What is wrong with 254/main table?
>
> In my situation, I have two upstream Internet feeds. What
> I intend to have is:
>
> rules:
>
> 1   --> main  (default routes for all dial-in PPP connections and eth0.
> 100 --> APANA (packets with APANA source address, goes to ippp0)
> 101 --> SWS   (packets with SWS source address, goes to ppp0)
> 254 --> default (default for anything that doesn't match one of the above)
> 255 --> main (not used)
>
> If I have quagga but rules in main, then this overrides the APANA
> and SWS rules, but I don't want it to.

Why? If you add:

ip rule add from APANA's_IPs table 100
ip rule add from SWS's_IPs table 101

ip rule add from APANA's_IPs to APANA's_IPs table 254
ip rule add from APANA's_IPs to SWS's_IPs table 254

ip rule add from SWS's_IPs to APANA's_IPs table 254
ip rule add from SWS's_IPs to SWS's_IPs table 254


ip route add 0/0 via APNAgw table 100
ip route add 0/0 via SWSgw table 101

then everything should work just fine. And yes, "ip rule add" are in
reverse order.

> This causes problems for instance, if I send packets with a APANA
> source address via SWS, they will get dropped by an aggressive
> firewall policy upstream SWS who consider it a forged IP address.
>
> Consider for instance if somebody pings my APANA ip address, I want to
> reply to always by symmetric and go back via APANA even if the best
> route would be back via SWS.
>
> There are some other issues I need to think about, I don't have
> time right now though.
Yes, this is a quite common prooblem :)

> > > > This is because I want Zebra routes to take a lower priority then my
> > > > main table, according to the ip kernel rules I have already configured.
> >
> > It is possible to add another table (for example: 5) with higher priority
> > and all required routes into this table.
>
> The rules aren't static, and I can't see any easy way of telling ppp
> for instance that it should put the routes in another table instead of
> main.
What about using ip from iproute2 in /etc/ppp/ip-up with "ip route add
(...) table (..)"?

Best regards,

			Krzysztof Olędzki




More information about the Quagga-dev mailing list