Exporting only one network via RIP

Roberto Suarez Soto robe at allenta.com
Mon Jul 4 18:41:15 CEST 2005 

Hi,

	I'm testing bird, using RIP, and I've stumbled on a problem. It
seems that it wants to export every route that comes via RIP, while I only
want to export one. I'll explain.

	We've got two boxes: box A is a firewall, and gives Internet access
to a LAN behind it (directly attached to a box's ethernet) that we'll call
network 1; bird is installed here. Box B is also a firewall, but gives
Internet access to several networks; let's call them networks 2, 3 and 4;
we're using Quagga in this one. They are connected via IPSec in transport
mode, and the real communication goes through a GRE tunnel. Bird is set to
use this tunnel to propagate routes between the two points.

	The aim of this is to have a failsafe link: both extremes have a
static route with lower priority defined in bird's configuration, so if
Internet connectivity is lost they rely on a point-to-point link (more
expensive). But when there is normal connectivity, box A will transmit the
route to network 1 via RIP, and box B will transmit the routes to networks
2, 3 and 4 via RIP too. This is also done to ease maintenance: when there
is another network behind box B, we just have to add it to RIP and it
propagates to box A, connecting all networks.

	There are other circumstances that motivate this use of RIP, but
they don't matter right now :-)

	So, the ideal situation would be that bird on box A transmitted the
route to network 1 via RIP, and that it imported the routes to network 2, 3
and 4 via RIP too. But what happens is that it exports the route to network
1 ... and to whatever route it receives via RIP. This means that box A is
exporting via RIP the routes to networks 1, 2, 3 and 4, while only network
1 is its "own" route (because it has a IP in that network).

	This is the configuration that I have in RIP:

	protocol rip {
		preference 200;
		interface "tun00rg" { mode multicast; };
		authentication none;

		import where source = RTS_RIP;
		export filter { if net ~ 172.16.10.0/24 then accept; else reject; };

		period 10;
		garbage time 45;
		timeout time 15;
	}

	Network 1 is 172.16.10.0/24. I think that maybe I'm missing
something in how filters work, or what's the behaviour of "import" and
"export", but I've tried all combinations and I'm a bit lost :-) Am I doing
something wrong? Is this some bug/feature of bird that I'm not aware of? Am
I just not using the right filters?

	I've put just the configuration of RIP, but I can put the rest of
the configuration file, and even tcpdump captures of the RIP transmissions.
Ask freely.

	Thanks in advance :-)

-- 
	Roberto Suarez Soto				Allenta Consulting
	robe at allenta.com				   www.allenta.com

More information about the Bird-users mailing list