Multiple routing tables in action...

Julian Elischer julian at elischer.org
Tue Apr 29 19:11:03 UTC 2008 

-net added to broaden the conversation

Paul wrote:
> The routing daemons run linked separate instances and create their own 
> RIB.  Take a look at Cisco's VRF implementation.   You can even have 
> interfaces assigned to the other routing instance so you could have 
> em0.001 on routing instance 1 and em0.002 on routing instance 2 and 
> without using any policies or firewall rules it would know that 
> everything coming on em0.002 uses the #2 instance and routes 
> accordingly.  Same with Juniper. 

that's coming.. have patience.. we will have vimage (check google)
plus multiple FIBS in each vimage..  for now use a firewall
classifier.



> Then you can export RIB entries , say 
> you have 5 BGP peers and you want to export 2 or 3 or all of them into 
> the 'main' routing instance you can set up a policy to add those learned 
> routes into the main instance and v-v.
> Linux behaves a little bit differently as you have to make an 'ip rule' 
> entry for it but it doesn't use the firewall.

for now this code asks you to use a firewall to classify incoming 
packets..

e.g.
100 setfib 2 ip from any to any in recv em0

> 
> I wish FreeBSD made a routing daemon that had total interactivity 
> between the OS and daemon which would be great.. Quagga is good but the 
> interaction is very annoying. Quagga has no idea what is going on on the 
> kernel level and the kernel has no idea what is going on with quagga.   

I'm not a routing daemon expert..

> Ex: if I add or remove a route from the kernel using 'route' command it 
> does not remove it in quagga.   Would be great to have a BGP/OSPF combo 
> integrated into the kernel somehow.

Sounds like Quagga needs to be made aware of routing events by 
listening for them on routing sockets. They are available.

[chop]

>  I have need for
> many many gigabit firewalls to put in front of many servers and the cost 
> for the hardware firewall devices is way too much to deploy in the 
> quantity that I need :/
> 
> Paul
> 

If you have a roadmap, then get involved..  :-)
We need end user quidance on some of this stuff.

More information about the freebsd-net mailing list