On Thu, Jan 05, 2006 at 06:46:54AM -0500, jared r r spiegel wrote:
> On Thu, Jan 05, 2006 at 03:18:22AM +0100, Sylwester S. Biernacki wrote:
> > On Thursday, January 5, 2006, at 01:15:00, jared r r spiegel wrote:
> > 
> > > - establish session with A and learn about; is
> > >   written to pftable <IX>
> > > - establish session with B and learn about; is
> > >   written to pftable <IX>, but it's already there, who cares; or maybe
> > >   it isn't written because it's already there
> > 
> > >   either way, pftable <IX> still has in it.
> > In both cases
> > above no prefixes shouldn't deleted from pftable <IX>
>   <nod>  was just additions up to that point
> > > - A loses its route for and thus you lose it out of the
> > > session.
> > >   with A, bgpd removes from pftable <IX>
> > >   it's still valid via B, but it got removed when A lost it.
> > 
> > It may be - however command to remove prefix from pftable comes from
> > bgpd not pf, right ?
>   i think so; pftable.c (bgpd) has ioctl functions that seem to be named
>   such that they imply they do just what i think they would <G>.
>   bgpd has (should have?) enough info from its config
>   to know if it should send an addr_remove (i think this is the one)
>   to pf based upon what addr it is thinking about removing, what table
>   it is removing it from, and whether another peer who writes to that table
>   has already put that addr in the same pftable - but the actual behaviour
>   might be hard to get Just Right. 

The main problem with the using one pftable over mutliple sessions is that
bgpd does not track what is added or removed. The idea is to dump all
prefixes of a neighbor into one table. In the end the pf table and the
routes of that neighbor are in sync. If you are using multiple neighbors
as source for a table it is easy to get out of sync.

What I'm wondering is why to use a pftable in that case. It is far easier
to use a route label and let pf decide on the route label.
The route label tracks the current active routes and so never gets out of

Instead of

pass in from <IX> ...

you can use

pass in from route IX

and use something like in bgpd.conf

match from group IX set rtlabel IX

:wq Claudio

Reply via email to