Review my BGP configuration
Ondrej Zajicek
santiago at crfreenet.org
Sun Mar 3 16:34:53 CET 2013
On Sat, Mar 02, 2013 at 06:40:05PM -0300, Andre Nathan wrote:
> The part that is bugging me about this configuration is the need for a
> kernel protocol black list filter. Is there a cleaner way to do this?
>
> Bellow is my bird.conf:
>
> # Protocol kernel: the black list is so that the routes for
> # the two /24 reject routes from the static protocol are not
> # added to the kernel routing table. This kinda smells fishy.
> # Is there a way around this?
Well, you already use reject/unreachable for these two routes
so i don't see the reason to filter these routes out. I would
just export it to the kernel, assuming that there are more
specific routes to handle real traffic.
If you use default route, it has additional advantages that
traffic to your unhandled IPs does not ping-pong between you
and your uplink.
--
Elen sila lumenn' omentielvo
Ondrej 'SanTiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20130303/f0d66112/attachment-0001.asc>
More information about the Bird-users
mailing list