On 18/08/2008, at 5:20 PM, Scott Francis wrote:
sounds a lot like Chris Cappuccio's flashdist[0], although that's OpenBSD-specific.
(worth noting that I'm partial to OpenBSD here, for both the security track record and tools like pf(4), carp(4), OpenBGPD, etc.)
Yep, but no 6to4, which I needed. Also OpenBGPd/OpenOSPFd are a bit weird because OpenBGPd can't use the IGP metric in the path selection algorithm, as the kernel doesn't support metrics on routes. Quagga can do this obviously, as it is a single thing (well, all the kernel interface goes through zebrad). I also had some weird problem with how it would resolve recursive next hops, but I was using 6to4 addresses as next-hops, so I think that was part of the problem. Again, worked perfectly on Quagga. Oh yeah, it was trying to be too smart and resolve the recursive next-hop before installing the route in to the kernel, instead of installing the route and letting the kernel resolve it as it was forwarding packets. That broke because of how 6to4 and the routing table works in FreeBSD. Anyway, long story short, quagga did the job. Fine if you're doing vanilla BGP on a border router or something though, but doesn't work for me in a complex network. One cool thing about OpenBGPd is bgpctl irrfilter, which pulls in RPSL and does the business with it, and stuffs it in to your live BGP daemon. -- Nathan Ward