First: Thank you for your help Toke and Ondrej. On 08/23/2018 04:42 AM, Ondrej Zajicek wrote:
Hi
Hi,
You can do it that way, or you can have just two tables, one for main_rib+RIP and another for default_rib, connect them with pipe that allows export in the direction from default to main but not in the other one, and have export filter for kernel protocol attached to main_rib (254) configurured to accept everything EXCEPT the default route.
So I've done some more reading and thinking. I have come to the following conclusion:
· Bird (routing) tables (i.e. ipv4 table main_rib) are independent of kernel (routing) tables (254).
· The RIP protocol only connects to one (bird) table.· The kernel protocol (channel) connects one bird table with one kernel table through import and export filters. · The pipe protocol (channel) connect two bird tables through import and export filters.
I believe I had misconstrued the bird (routing) table as being an interface to the kernel (routing) table. As such treated it like a singular entity. Now I understand that the two are separate and distinct things.
All in all, I believe things are now working the way that I want them to.Here's my bird.conf file. I'm curious if anyone has any comments or ProTips.
--8<--
ipv4 table bird_main;
ipv4 table bird_default;
filter accept_default {
if net = 0.0.0.0/0 then accept;
reject;
}
filter reject_default {
if net = 0.0.0.0/0 then reject;
accept;
}
protocol device {
}
protocol direct {
ipv4;
interface "*";
}
protocol kernel {
ipv4 {
table bird_main;
export filter reject_default;
import all;
};
kernel table 254;
learn;
}
protocol kernel {
ipv4 {
table bird_default;
export none;
import filter accept_default;
};
kernel table 253;
}
protocol rip {
interface "eth0", "eth1", "eth2", "eth3" {
version 2;
};
ipv4 {
export all;
import all;
table bird_main;
};
}
protocol pipe {
table bird_main;
peer table bird_default;
export none;
import filter accept_default;
}
-->8--
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
