Re: Question about rdomains/rtables
Il 24/10/2023 11:55, Marcus MERIGHI ha scritto: I'm playing with rdomain/rtable on OpenBSD 7.4 and I'm a bit confused about the relation between rdomains and rtables. you do not mention reading rtable(4)/rdomain(4), online here: https://man.openbsd.org/rtable [...] I'm sorry, I should have been more clear: I read the relevant manpage but, as Claudio Jeker kindly pointed out, I got it upside down. Thank you, f
Re: Question about rdomains/rtables
Il 24/10/2023 12:22, Claudio Jeker ha scritto: On Mon, Oct 23, 2023 at 06:08:37PM +0200, tetrosalame wrote: Hello misc, I'm playing with rdomain/rtable on OpenBSD 7.4 and I'm a bit confused about the relation between rdomains and rtables. If I got rdomain(4) right, the two facilities are designed so that a rdomain can hold 0-255 rtables. Even rdomain 0 -no rdomain configured- can hold several rtables. IP addresses can overlap if configured in different rdomains. No, this is not right. rtables are part of rdomains. So rdomain 0 has rtable 0. rdomain 1 uses rtable 1. rdomain 2 uses rtable 2 and so on. [...] This is a wrong view. The system has 255 rtables. You can make an rtable an rdomain when the rtable is using itself to lookup link local addresses. So the visualisation is the other way around: rtable 0 => rdomain 0 rtable 1 => rdomain 1 rtable 2 => rdomain 2 ... rtable 42 => rdomain 0 ... In this case the tables 0, 1, 2 are rdomains while table 42 is just an alternate routing table for rdomain 0. Thank you for your explanation, much appreciated. Time to trash my fine handwritten diagrams and start over drawing I guess...I couldn't be more wrong. -- f
Re: Question about rdomains/rtables
On Mon, Oct 23, 2023 at 06:08:37PM +0200, tetrosalame wrote: > Hello misc, > > I'm playing with rdomain/rtable on OpenBSD 7.4 and I'm a bit confused about > the relation between rdomains and rtables. > > If I got rdomain(4) right, the two facilities are designed so that a rdomain > can hold 0-255 rtables. Even rdomain 0 -no rdomain configured- can hold > several rtables. IP addresses can overlap if configured in different > rdomains. No, this is not right. rtables are part of rdomains. So rdomain 0 has rtable 0. rdomain 1 uses rtable 1. rdomain 2 uses rtable 2 and so on. Now it is possible to assign an extra rtable to an rdomain but as you found out there is no tool right now to allow this for any rdomain != 0. Doing this properly would probably require some new route(4) messages so that userland daemons can act on this as well. I never really needed this flexibility so I never implemented it. > In my mind the design is somehow "hierarchical" > > rdomain 0 > |--> rtable 0 > |--> rtable 1 > |... > |--> rtable 255 > > rdomain 1 > |--> rtable 0 > |--> rtable 1 > |... > |--> rtable 255 > > but in practice, since there's no utility to add more rtables beyond the > default one per rdomain, in the current implementation OS tools (pf, route, > ifconfig, daemons etc...) take advantage of these facilities in a "flat" > way: > > rdomain 0 > |--> rtable 0 > > rdomain 1 > |--> rtable 0 This is a wrong view. The system has 255 rtables. You can make an rtable an rdomain when the rtable is using itself to lookup link local addresses. So the visualisation is the other way around: rtable 0 => rdomain 0 rtable 1 => rdomain 1 rtable 2 => rdomain 2 ... rtable 42 => rdomain 0 ... In this case the tables 0, 1, 2 are rdomains while table 42 is just an alternate routing table for rdomain 0. > > and so on, where rtables are numbered after their containing rdomain. > Documentation refers to rdomains when it's appropriate to think about a > logical segment of the routing space, while it refers to rtables when the > concept is "do something with routing table number XXX". > > So while in theory one should think about rdomains first and then about the > rtables that belong to each of them, in current usage they're the same > thing: $tool -T $number and don't bother. > > But...I read the slides presented by Peter Hessler (thank you) at EuroBSD > 2012 and everything was clear...well, until I came to slide 16 and pf > ruleset "pass in on rdomain 2 rtable 4" (1). I'm puzzled: how can I "create" > rtable 4 inside rdomain 2? That rule matches packets on rdomain 2 and uses rtable 4 (which can be an rdomain) to forward the packets. > Thanks and I apologize for my lack of brevity. > > f. > > 1: > https://www.openbsd.org/papers/eurobsd2012/phessler-rdomains/mgp00016.html > -- :wq Claudio
Re: Question about rdomains/rtables
Hello f., t...@seiruote.it (tetrosalame), 2023.10.23 (Mon) 18:08 (CEST): > I'm playing with rdomain/rtable on OpenBSD 7.4 and I'm a bit confused about > the relation between rdomains and rtables. you do not mention reading rtable(4)/rdomain(4), online here: https://man.openbsd.org/rtable It has a section on "Routing tables" and one on "Routing domains" and the confirmation of your finding that "No tool is available to assign more than one rtable to an rdomain other than to the default one (0)." Marcus > If I got rdomain(4) right, the two facilities are designed so that a rdomain > can hold 0-255 rtables. Even rdomain 0 -no rdomain configured- can hold > several rtables. IP addresses can overlap if configured in different > rdomains. > > In my mind the design is somehow "hierarchical" > > rdomain 0 > |--> rtable 0 > |--> rtable 1 > |... > |--> rtable 255 > > rdomain 1 > |--> rtable 0 > |--> rtable 1 > |... > |--> rtable 255 > > but in practice, since there's no utility to add more rtables beyond the > default one per rdomain, in the current implementation OS tools (pf, route, > ifconfig, daemons etc...) take advantage of these facilities in a "flat" > way: > > rdomain 0 > |--> rtable 0 > > rdomain 1 > |--> rtable 0 > > and so on, where rtables are numbered after their containing rdomain. > Documentation refers to rdomains when it's appropriate to think about a > logical segment of the routing space, while it refers to rtables when the > concept is "do something with routing table number XXX". > > So while in theory one should think about rdomains first and then about the > rtables that belong to each of them, in current usage they're the same > thing: $tool -T $number and don't bother. > > But...I read the slides presented by Peter Hessler (thank you) at EuroBSD > 2012 and everything was clear...well, until I came to slide 16 and pf > ruleset "pass in on rdomain 2 rtable 4" (1). I'm puzzled: how can I "create" > rtable 4 inside rdomain 2? > > Thanks and I apologize for my lack of brevity. > > f. > > 1: > https://www.openbsd.org/papers/eurobsd2012/phessler-rdomains/mgp00016.html
Question about rdomains/rtables
Hello misc, I'm playing with rdomain/rtable on OpenBSD 7.4 and I'm a bit confused about the relation between rdomains and rtables. If I got rdomain(4) right, the two facilities are designed so that a rdomain can hold 0-255 rtables. Even rdomain 0 -no rdomain configured- can hold several rtables. IP addresses can overlap if configured in different rdomains. In my mind the design is somehow "hierarchical" rdomain 0 |--> rtable 0 |--> rtable 1 |... |--> rtable 255 rdomain 1 |--> rtable 0 |--> rtable 1 |... |--> rtable 255 but in practice, since there's no utility to add more rtables beyond the default one per rdomain, in the current implementation OS tools (pf, route, ifconfig, daemons etc...) take advantage of these facilities in a "flat" way: rdomain 0 |--> rtable 0 rdomain 1 |--> rtable 0 and so on, where rtables are numbered after their containing rdomain. Documentation refers to rdomains when it's appropriate to think about a logical segment of the routing space, while it refers to rtables when the concept is "do something with routing table number XXX". So while in theory one should think about rdomains first and then about the rtables that belong to each of them, in current usage they're the same thing: $tool -T $number and don't bother. But...I read the slides presented by Peter Hessler (thank you) at EuroBSD 2012 and everything was clear...well, until I came to slide 16 and pf ruleset "pass in on rdomain 2 rtable 4" (1). I'm puzzled: how can I "create" rtable 4 inside rdomain 2? Thanks and I apologize for my lack of brevity. f. 1: https://www.openbsd.org/papers/eurobsd2012/phessler-rdomains/mgp00016.html
