* Hyb <[EMAIL PROTECTED]> [2005-08-11 14:18]:
> While I wouldn't consider my BGP knowledge as strong, it was fundamentally
> the CARP interaction that I was trying to grasp
oh, that is very easy.
you tell bgpd that a neighbor session depends on an interface. all it
does is too look at that interface's status - let's assume carp here,
that is what this is for really -, and as long as that interface is
BACKUP, the session is kept in state IDLE. the very same moment the
interface becomes MASTER it triggers a start event for the sessions in
question, which means they go to CONNECT or ACTIVE, dependending on
wether the question is configured passive or not. Thus (if not
configured passive) bgpd tries to establish the session immediately
when the carp interface becomes master.
> For instance is it possible to achieve an equivalent of Cisco's
> 'non-exist-map' statement?
dunno what this does ;)
> _ROUTER1
> # /etc/bgpd.conf
> neighbour 10.0.8.1 {
> local-address 10.0.8.2
> depend on carp0
> descr "provider1 primary"
no point in depending on carp. you have two sessions from each of your
uplinks for a reason - no carp in the game at all for those.
ok, let me try to make it clearer.
you run two core routers, core1 and core2.
you have two upstreams, upstream1 and upstream2.
and you are on an exchange poiint network.
now let's assume on core1 and core2:
-sk0 is connected to upstream1
-sk1 is connected to upstream2
-sk2 is connected to the exchange point network
-sk3 is your inside interface.
now, let's start with the easy part. you want one IP each on core1 and
core2 sk3 for mangement purposes anyway. additionally, you have carp3
on sk3 on each, with one IP on it. This IP you use as default gateway
on your inner boxes.
also, you set up a BGP session between core1 and core2, using the IPs
on sk3 (not carp). there is no "depend on .." statement for this
session.
sk0 on core1 and core2 each gets an IP from upstream1. each runs a BGP
session to upstream1 over that. no "depend on" either.
sk1 on both core routers gets an IP each from upstream2. as above, each
core has on BGP session to upstream2, and no "depend on".
On teh exchange point network, you likely only have one IP. here carp
makes sense, this is what I wrote the "depend on" stuff for ;)
so, carp2 gets the exchange point IP, and is configured with "carpdev
sk2" on each core router. you configure the BGP sessions too your
peering partners on the IX network on each core (using a group makes a
lot of sense here...), and they "depend on carp2" indeed.
hope it's clear now
--
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
