nanog at daork.net
Mon Aug 18 00:56:07 CDT 2008
On 18/08/2008, at 5:20 PM, Scott Francis wrote:
> sounds a lot like Chris Cappuccio's flashdist, although that's
> (worth noting that I'm partial to OpenBSD here, for both the security
> track record and tools like pf(4), carp(4), OpenBGPD, etc.)
Yep, but no 6to4, which I needed.
Also OpenBGPd/OpenOSPFd are a bit weird because OpenBGPd can't use the
IGP metric in the path selection algorithm, as the kernel doesn't
support metrics on routes. Quagga can do this obviously, as it is a
single thing (well, all the kernel interface goes through zebrad).
I also had some weird problem with how it would resolve recursive next
hops, but I was using 6to4 addresses as next-hops, so I think that was
part of the problem. Again, worked perfectly on Quagga. Oh yeah, it
was trying to be too smart and resolve the recursive next-hop before
installing the route in to the kernel, instead of installing the route
and letting the kernel resolve it as it was forwarding packets.
That broke because of how 6to4 and the routing table works in FreeBSD.
Anyway, long story short, quagga did the job.
Fine if you're doing vanilla BGP on a border router or something
though, but doesn't work for me in a complex network.
One cool thing about OpenBGPd is bgpctl irrfilter, which pulls in RPSL
and does the business with it, and stuffs it in to your live BGP daemon.
More information about the NANOG