Two default routes and VLAN's

M

mlevel

Hi!
I have a router based on FreeBSD 9.1.
And I want to configure such interfaces on this router:
Code: 
igb0 - a lot of VLAN's with users subnets connected to this interface
em0 - a lot of VLAN's with users subnets connected to this interface

igb1 - external interface, with NAT and default route for igb0
em1 - external interface, with NAT and default route for em0

To say shortly, I need to route VLAN's on em0 via em1 and VLAN's on igb0 via igb1.

Also there is OSPFd(quagga) running on this router to redistributes kernel routes and get default route.

I know that I can solve this problem with setfib. Can anyone describe an algorithm, how to do this?

Thank you in advance.
 
If I remember correctly FreeBSD 9.1 supports multiple routing tables in GENERIC. Check this with sysctl -n net.fibs. If your kernel lacks supports for multiple routing tables fix this by adding this line to your kernel config. See the handbook on how to (re-)build and install your own kernel.
Code: 
options         ROUTETABLES=16

Let's define some basic settings for further discussion.
Code: 
ifconfig em1  10.0.1.2/24 # assume 10.0.1.1 is the default route
ifconfig igb1 10.0.2.2/24 # assume 10.0.2.1 is the default route

The setfib command allow to execute other programs with a different default routing table.
Code: 
setfib -F 1 route add default 10.0.1.1
setfib -F 2 route add default 10.0.2.1

Let's further assume that VLANs 10 to 19 are to be routed to em1 and VLANs 20 to 29 are to be routed to igb1. We continue to fill IPFW tables with these interfaces.

Code: 
for iface in em0.10  em0.11  em0.12  em0.13  em0.14  em0.15  em0.16  em0.17  em0.18  em0.19 ; do
  ipfw table 1 add $iface 1
done
for iface in igb0.20 igb0.21 igb0.22 igb0.23 igb0.24 igb0.25 igb0.26 igb0.27 igb0.28 igb0.29; do
  ipfw table 1 add $iface 2
done

Now use IPFW to associate the VLANs with their routing tables at the right $rulenum in your IPFW rules.
Code: 
ipfw add $rulenum setfib tablearg recv 'table(1)'

I haven't had the time to check this but it should work. If it doesn't their is VIMAGE with all it's potential problems.
 
For traffic that originates from the "LAN" networks you can use PF's route-to option to route traffic based on a policy to a selected gateway. It doesn't work for traffic originating on the router unfortunately
 
You must log in or register to reply here.
Back
Top