- Details
-
Category: Linux Networking
-
Created on Monday, 17 March 2014 11:10
-
Written by Tomasz Zdunek
Sometime is useful to rely on dynamic routing protocols like OSPF or BGP. For example we could use OSPF for two customers networks that should be never mixed in the same routing table.
To overcome this problem, and prevent mixing of the routes that we don't want to have we can use BIRD whit it's capability of using diffrent routing tables, which is not available in other solution like quagga.
Configure routing tables, add routing tables 100 and 200
vi /etc/iproute2/rt_tables
#
# local
#
100 CUSTOMER_1
200 CUSTOMER_2
Configure BIRD systemd service, you need to have it from package or compile manually
[Unit]
Description=BIRD routing daemon
After=network.target
[Service]
Type=forking
ExecStart=/usr/sbin/bird
ExecReload=/usr/sbin/birdc configure
ExecStop=/usr/sbin/birdc down
[Install]
WantedBy=multi-user.target
Apply the new configuration for BIRD
/*
* GENERAL CONFIGURATION
*/
# Configure logging
log "/var/log/bird.log" all;
# Turn on global debugging of all protocols
debug protocols all;
# Override router ID
router id 172.20.0.1;
/*
* ROUTING TABLE CONFIGURATION
*/
# Routing Tables
table CUSTOMER_1;
table CUSTOMER_1;
# Network interfaces used by routig protocols
protocol direct {
interface "eth1";
}
protocol device {
import all;
}
# Default routing table
protocol kernel {
learn; # Learn all alien routes from the kernel
persist; # Don't remove routes on bird shutdown
scan time 20; # Scan kernel routing table every 20 seconds
import all; # Default is import all
export all; # Default is export none
kernel table 5; # Kernel table to synchronize with (default: main)
}
protocol kernel kernel_CUSTOMER_2 {
table CUSTOMER_2;
kernel table 200;
learn; # Learn all alien routes from the kernel
persist; # Don't remove routes on bird shutdown
scan time 20; # Scan kernel routing table every 20 seconds
import all; # Default is import all
export all; # Default is export none
}
protocol kernel kernel_CUSTOMER_1 {
table CUSTOMER_1;
kernel table 100;
learn; # Learn all alien routes from the kernel
persist; # Don't remove routes on bird shutdown
scan time 20; # Scan kernel routing table every 20 seconds
import all; # Default is import all
export all; # Default is export none
}
/*
* ROUTING PROTOCOLS FOR CUSTOMER_1
*/
protocol ospf OSPF_CUSTOMER_1{
table CUSTOMER_1;
rfc1583compat no;
stub router yes;
tick 1;
ecmp yes limit 16;
area 0 {
networks {
172.20.11.0/30;
};
interface "eth0" {
type broadcast;
authentication none;
};
};
};
/*
* ROUTING PROTOCOLS FOR CUSTOMER_2
*/
protocol ospf OSPF_CUSTOMER_2{
table CUSTOMER_2;
rfc1583compat no;
stub router yes;
tick 1;
ecmp yes limit 16;
area 0 {
networks {
172.20.211.0/30;
};
interface "eth1" {
type broadcast;
authentication none;
};
};
};
IF the customers have to have access to services running on the Linux router itself. Follow the additional steps below.
To be more precise, CUSTOMER_1 networks can be sumarized into 172.20.0.0/17, and 172.20.128.0/17 for CUSTOMER_2 networks.
We need to configure iproute2 rules to forward the specific networks using correct tables and source interface. You need just to create additional file under /etc/sysconfig/network/ifcfg-eth0/if-up.d, called policy_routing.sh with execute privlidge.
#!/bin/bash
CONFIG="$1"
if [ "x$1" != x -a "x$1" != "x-o" ] ; then
INTERFACE="$1"
else
INTERFACE="$CONFIG"
fi
if [ $INTERFACE == "eth0"] ; then
# CUSTOMER_1 NETWORK
ip rule add from 172.20.0.0/17 table CUSTOMER_1
ip rule add to 172.20.0.0/17 table CUSTOMER_1
elif [ $INTERFACE == "eth1"] ; then
# CUSTOMER_2 NETWORK
ip rule add from 172.20.128.0/17 table CUSTOMER_2
ip rule add to 172.20.128.0/17 table CUSTOMER_2
fi
