<div dir="ltr">If you have a feature that you want implemented you have several options:<div><br></div><div>a) Open a issue request and hope that someone in the community picks it up. This is unlikely to ever happen. All the developers that I am aware of that are working on FRR are being paid for it by some company. Most do not have the liberty of working on what they feel like. You have already done this route, right?</div><div>b) Purchase a switch/router that some company is selling support for FRR and get them to implement this feature for you. There are more than a few ( 6Wind, Nvidia, Cisco to name a few off the top of my head ) that do this. This is also a hard route to go down unless you have a lot of purchasing power.</div><div>c) Hire a developer to develop the feature for you. If you want to go this route, message me privately and I can get you in touch with a group that does this.</div><div>d) Implement it yourself. The community always welcomes new code that meets our guidelines.</div><div><br></div><div>thanks!</div><div><br></div><div>donald</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Sep 2, 2024 at 8:35 AM Konstantin Shalygin <<a href="mailto:k0ste@k0ste.ru">k0ste@k0ste.ru</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div><div>Hi list,<div><br></div><div>I created a request [1], waited 5 years, then it was closed, but nothing was done. Is there possible don't do that? Because is still actually for us. The current PBR implementation is very limited and woks only for input packets on interface. It may be a secret for some, but the network connections of the Linux host itself are created without an interface. This means that even if you hang the policy on the interface lo - the rule will not work</div><div><br></div><div>Sep 02 17:46:51 <a href="http://example.com" target="_blank">example.com</a> kernel: LINUX OUTPUT IS: <b>IN=</b> OUT=vlan999 SRC=109.202.2.222 DST=1.1.1.1 LEN=73 TOS=0x00 PREC=0x00 TTL=64 ID=13835 PROTO=UDP SPT=41942 DPT=53 LEN=53 UID=973 GID=973 <b>MARK=0xd3</b></div><div><br></div><div>For example:</div><div><br></div><div>!</div><div><div>interface lo</div><div> pbr-policy sample</div><div>exit</div></div><div>!</div><div><div>nexthop-group sample</div><div> nexthop 10.9.0.1 tap0 weight 50</div><div> nexthop 10.10.0.1 tap1 weight 50</div><div>exit</div></div><div>!</div><div><div>pbr-map sample seq 5</div><div> match mark 211</div><div> set nexthop-group sample</div><div>exit</div></div><div><br></div><div><br></div><div>Thats produces rule: from all fwmark 0xd3 <b>iif lo</b> lookup 10000 proto zebra</div><div><br></div><div>How-to make this rule actually work</div><div><br></div><div>* make ability for FRR to omit the <b>iif</b> field (for example, via pbr (pbr-global?) without interface or with special sub-command)</div><div>* allow to set <b>table_id</b> or <b>prio</b> in pbr-map (for 3rd-party workarounds):</div><div> * set nexthop-group sample <b>table_id 10</b> (10010, for the 'pbr table range')</div><div> * with fixed <b>table_id</b> number we can add the ip rule via custom script (the same rule as FRR created, without iif filed) </div><div>* allow to set <b>prio</b> filed for the rule in pbr-map (for 3rd-party workarounds):</div><div> * set nexthop-group sample <b>prio 10010</b></div><div> * this produces: from all fwmark 0xd3 iif lo lookup 10000 <b>prio 10010</b> proto zebra</div><div> * now possible to add custom script with rule 'from all fwmark 0xd3 <b>goto 10010</b>'</div><div><br></div><div><br></div><div>From my point of view, it looks like a very simple fix can significantly expand the capabilities of FRR for the PBR functions</div><div><br></div><div>Thanks,</div><div>k</div><div>[1] <a href="https://github.com/FRRouting/frr/issues/3242" target="_blank">https://github.com/FRRouting/frr/issues/3242</a></div></div></div></div>_______________________________________________<br>
frog mailing list<br>
<a href="mailto:frog@lists.frrouting.org" target="_blank">frog@lists.frrouting.org</a><br>
<a href="https://lists.frrouting.org/listinfo/frog" rel="noreferrer" target="_blank">https://lists.frrouting.org/listinfo/frog</a><br>
</blockquote></div>