[FUG-BR] OpenBGP allowas-in
ae moura
aemoura.afa em outlook.com
Sábado Janeiro 24 19:24:31 BRST 2015
Uau! patrick!Funcionou direitinho. Quase perfeito exceto que tive que reiniciar o servico, veja abaixo.Segundo patch seu que funciona muito bem no OpenBGP tomara que coloque logo no ports.
Não entendi porém seu comentário no patch:
" Cisco, Juniper and other BGP routing daemons do offer the samefeature, sometimes with explicit control of how many times the ASnumber is accepted in the as-path. It does not help, the wrong setupwill loop anyway, therefore we just allow it any number of times."
Qual é a diferenca na implementacao?Outra coisa coloquei allowas-in no peer e dei reload, nao funcionou. Mas quando reiniciei o openbgpd funcionou, era isso mesmo esperado?
> From: eksffa em freebsdbrasil.com.br
> To: freebsd em fug.com.br
> Date: Sat, 24 Jan 2015 02:47:00 -0200
> Subject: [FUG-BR] OpenBGP allowas-in
>
> Botei a feature no OpenBGP. O patch[1] funciona OK no OpenBSD tambem,
> alem do FreeBSD claro (e ate aplicou na versão do Linux mas como n
> uso, só vi que aplicou clean...). Se alguem preferir usar direto no
> ports ao invés de aplicar o patch na mão o diff está pronto[2] pra
> enviar um PR pro ports também, mas vou enviar depois de 1 semana de
> testes.
> Todo teste é bem-vindo.
>
> [1]http://main.bh.freebsdbrasil.com.br/~eksffa/l/local-patch-openbgpd-allowas-in.c> [2]http://main.bh.freebsdbrasil.com.br/~eksffa/l/ports_net_openbgpd-allowas-in.diff
>
> Allow the AS path of a received route to contain the recipient BGP
> speaker's AS number any number of times, avoiding Route Decision
> Engine loop prevention for this peer. This is a feature that should
> rarely be needed. Usually the need for this feature suggests something
> wrong on the current BGP setup. However in some particular setups it's
> just needed, and can be used without breaking BGP or adding loops.
> Cisco, Juniper and other BGP routing daemons do offer the same
> feature, sometimes with explicit control of how many times the AS
> number is accepted in the as-path. It does not help, the wrong setup
> will loop anyway, therefore we just allow it any number of times. On
> bgpd.conf(5), use it on a per neighbor/group basis: group "my_peers" {
> allowas-in (...) neighbor $a_peer { (...) allowas-in } } Shamely, I
> didn't patch bgpd.conf(5), therefore it's more than welcome. --
> Patrick Tracanelli
Mais detalhes sobre a lista de discussão freebsd