[FROG] Filtering kernel routes import

Tim Weippert weiti+frog at weiti.org
Sun Apr 11 12:12:47 UTC 2021 

Hi donald, 

that works, additional with a BGP protocol route-map to prevent
installing the v4 default route from bgp is the best solution for now.

Thanks. One small issue, i can't filter the v6 default route from bgp
protocol with this route-map, may i miss somethin obvious?

ip prefix-list DEFAULT-ROUTE seq 5 permit 0.0.0.0/0
!
ipv6 prefix-list DEFAULT-ROUTE-v6 seq 5 permit ::/0
!
route-map KERNEL deny 10
 match ip address prefix-list DEFAULT-ROUTE
!
route-map KERNEL deny 15
 match ipv6 address prefix-list DEFAULT-ROUTE-v6
!
route-map KERNEL permit 20
!
ip protocol bgp route-map KERNEL

The ipv4 filter seems to work, but not the v6 one ... 

any hints?

regards, 
tim

On Fri, Apr 09, 2021 at 09:33:26AM -0400, Donald Sharp wrote:
> Specify a very very high metric for the default kernel route then and your
> bgp default route will win:
> 
> http://docs.frrouting.org/en/latest/zebra.html#administrative-distance
> https://www.kernel.org/doc/Documentation/networking/vrf.txt
> 
> Specifically if you set the kernel metric to say 4278198272 -> FRR will
> interpret this as a Admin distance of 255 and a metric of 8192.  And your
> BGP route will win.
> 
> donald
> 
> 
> On Fri, Apr 9, 2021 at 7:17 AM Tim Weippert <weiti+frog at weiti.org> wrote:
> 
> > Hi donald,
> >
> > thanks for the answer.
> >
> > I had lab systems which get a default route via vagrant but frr
> > shouldn't use them as the systems had some bgp peerings where i
> > simulate an BGP Internet Peering environment.
> >
> > I solved my issue with the use of an vrf, but badly i can't use bgp
> > flowspec within the vrf so this test cases aren't usable now (it is not
> > really an
> > issue ...).
> >
> > So expecially i would like to remove the kernel default route as within
> > my simulation is a bgp generated default.
> >
> > hope this sounds reasonable.
> >
> > regards,
> > tim
> >
> > On Fri, Apr 09, 2021 at 06:54:42AM -0400, Donald Sharp wrote:
> > > No there isn't a way, because FRR really needs to know about routes in
> > the
> > > kernel so proper routing decisions can be made.  What are you really
> > trying
> > > to do here?
> > >
> > > donald
> > >
> > > On Fri, Apr 9, 2021 at 6:33 AM Tim Weippert <weiti+frog at weiti.org>
> > wrote:
> > >
> > > > Hi,
> > > >
> > > > i'm trying to filter a kernel default route from beeing
> > > > imported into frr/zebra.
> > > >
> > > > I tried with a prefix-list/route-map bound to ip procotol kernel#
> > > > but it seems it get only used on export routes to the kernel, not
> > > > import routes from the kernel.
> > > >
> > > > Is there a easy way to filter kernel route imports into frr/zebra?
> > > >
> > > > regards,
> > > > tim
> > > >
> > > > --
> > > > Tim Weippert
> > > > http://weiti.org - weiti at weiti.org
> > > > GPG Fingerprint - E704 7303 6FF0 8393 ADB1  398E 67F2 94AE 5995 7DD8
> > > >
> > > > _______________________________________________
> > > > frog mailing list
> > > > frog at lists.frrouting.org
> > > > https://lists.frrouting.org/listinfo/frog
> > > >
> >
> > > _______________________________________________
> > > frog mailing list
> > > frog at lists.frrouting.org
> > > https://lists.frrouting.org/listinfo/frog
> >
> >
> > --
> > Tim Weippert
> > http://weiti.org - weiti at weiti.org
> > GPG Fingerprint - E704 7303 6FF0 8393 ADB1  398E 67F2 94AE 5995 7DD8
> >
> > _______________________________________________
> > frog mailing list
> > frog at lists.frrouting.org
> > https://lists.frrouting.org/listinfo/frog
> >

> _______________________________________________
> frog mailing list
> frog at lists.frrouting.org
> https://lists.frrouting.org/listinfo/frog


-- 
Tim Weippert
http://weiti.org - weiti at weiti.org
GPG Fingerprint - E704 7303 6FF0 8393 ADB1  398E 67F2 94AE 5995 7DD8

More information about the frog mailing list