1 Chapter 9 TCP/IP Routing Routing Principles Building Routing Tables.
Picobgp - A simple deamon for routing advertising
Click here to load reader
-
Upload
claudio-mig -
Category
Documents
-
view
176 -
download
5
Transcript of Picobgp - A simple deamon for routing advertising
picobgp
● non-compliant-bgp● routing advertising● tolopogy update● tiny and easy to use
for picobgp v0.2
CC-BY: Claudio Mignanti (2012)
picobgp - Take over of your vpn
picobgp was written to automatically setup routing inside a vpn, but can be used also in a generic net.
Suppose that you have some vpn peers, serverA and your laptop. Now serverA is also part of a local lan, say 10.0.8.0/24 and you want that your laptop can reach all the serverA-lan with minimus effort.
picobgp can help you!
192.168.6.1
192.168.6.2
10.0.8.9
vpn0: 192.168.6.1
vpn0:192.168.6.2
eth0: 10.0.8.9
vpn0: 192.168.6.1
vpn0:192.168.6.2
eth0: 10.0.8.9
# pbgp -i vpn0
# pbgp -i vpn0 -s 10.0.8.0/24
picobgp - command args
picobgp DOESN'T support configuration with files but only by cmdline args.
Supported args in v0.1 are: -i <interface> Specify the outgoing interface -s x.x.x.x/y Specify the subnet (option can be repeated for each subnet)
Supported args in v0.2 are:
-1 one-shot advertising (useful inside script) -c cascade annunce the subnet received. This option can lead to routing loop!KEEP your network in tree forms!!!
and don't forgot to...
.. enable routing on your servers
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
A more complex example
eth1: 10.1.1.1 # pbgp -i eth1 -s 192.168.1.0/24
# pbgp -i eth0 -s 10.1.1.0/29eth0: 192.168.1.2
# pbgp -i eth0
# pbgp -i eth0 -s 10.1.1.9/29
NetbookB cannot access 10.1.1.9/29
On v0.1+ the -c option allow the propagation of subnets
eth1: 10.1.1.1 # pbgp -i eth1 -s 192.168.1.0/24
# pbgp -c -i eth0 -s 10.1.1.0/29eth0: 192.168.1.2
# pbgp -i eth0
# pbgp -i eth0 -s 10.1.1.9/29
ServerB announce also ServerA subnet
picobgp as daemon
Daemon mode un-supported for choice.
# ./pbgp -cs 1.1.1.0/24 & >/dev/null 2>&1
is what you are looking for...
Do you like to know why this choice?
picobgp inside scripts
We want to annouce a given subnet if a host inside the subnet reply to ping
#!/bin/bash
while 1; do ping -c 1 192.168.1.9 && pbgp -1s 192.168.1.0/24 sleep 5done
-1 option is one-shot and die mode (thanks Clauz for the idea)
Behind the scene
The bgpmsg struct is inizialized with the program args and than spammed on iface broadcast address every 3 seconds.
typedef struct sbgpmsg {struct in_addr addr;struct in_addr netmask;struct in_addr loc_addr;time_t l_update;
} bgpmsg;
In update_rt() function this structure is used to inizialize a struct rtentry and then passed to a ioctl that manipolate the kernel route table.ioctl (sd, SIOCADDRT, &rtentry);
If a subnet is not spammed for more that 10 secs the route entry is deleted.
what's next?!?!??!
KNOW ISSUE for v0.1:* msg are broadcast using 255.255.255.255 and is not using the effective broadcast address of the passed interface* DELRT show be bogus
TODO: ideas?
Use picobgp for redundant gateway
HostA has 10.0.1.9 inside it LAN 10.0.1.0/24 and the gws are 10.0.1.1 and 10.0.1.2
We want to setup the route