Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Quagga: Users

multihomed BGP and PA address

  

 
Quagga users RSS feed   Index | Next | Previous | View Threaded


marcin.giedz at arise

Nov 14, 2009, 5:03 AM

Post #1 of 13 (1698 views)
Permalink
multihomed BGP and PA address
Hello,

I've got 2 ISPs and quagga/bgpd/zebra configured. Let's assume that:
a) ISP1 = 1.1.1.1/30
b) ISP2 = 2.2.2.2/30
c) my advertised network is 3.3.3.0/24.

I created one IP from that network which is 3.3.3.1 and stick it on
loopback interface, so I can reach this IP from the Internet. However
when connection is established from my LAN (behind the router), I
present myself to the world using ISPs IP addresses, NOT the one
(3.3.3.1) I own.

Is it the "neighbour BGP_IP update-source 3.3.3.1" option I should add
to my configuration to present my outbound traffic as going from 3.3.3.1 IP?

or maybe I missed something and it's something completely different I
should focus on?

Many thanks,
Marcin


_______________________________________________
Quagga-users mailing list
Quagga-users [at] lists
http://lists.quagga.net/mailman/listinfo/quagga-users


quagga at rhanssen

Nov 14, 2009, 10:37 AM

Post #2 of 13 (1635 views)
Permalink
Re: multihomed BGP and PA address [In reply to]
Hello,

im not quite sure if I understand, your problem ist the source address for
packtes you send from your router to the internet ?
That has nothing to do with the update-source command. That only sets the
source IP of the packets used for the BGP TCP connection (usefull
especially for multihop or if there is more than one IPs of a subnet
configured on your router).

If you send a packet from the router towards any destination that you
receive from one of the BGP neighbors your kernel will have a route with
nexthop 1.1.1.1 or 2.2.2.2 and therefore will use the IP that is part of
the network between you and the ISP.

In several programs you can set it manually (for example "ping -I lo
www.quagga.net" or "traceroute -s 3.3.3.1 www.quagga.net")

best regards
Rolf Hanßen

> Hello,
>
> I've got 2 ISPs and quagga/bgpd/zebra configured. Let's assume that:
> a) ISP1 = 1.1.1.1/30
> b) ISP2 = 2.2.2.2/30
> c) my advertised network is 3.3.3.0/24.
>
> I created one IP from that network which is 3.3.3.1 and stick it on
> loopback interface, so I can reach this IP from the Internet. However
> when connection is established from my LAN (behind the router), I
> present myself to the world using ISPs IP addresses, NOT the one
> (3.3.3.1) I own.
>
> Is it the "neighbour BGP_IP update-source 3.3.3.1" option I should add
> to my configuration to present my outbound traffic as going from 3.3.3.1
> IP?
>
> or maybe I missed something and it's something completely different I
> should focus on?
>
> Many thanks,
> Marcin
>

_______________________________________________
Quagga-users mailing list
Quagga-users [at] lists
http://lists.quagga.net/mailman/listinfo/quagga-users


marcin.giedz at arise

Nov 14, 2009, 11:52 AM

Post #3 of 13 (1640 views)
Permalink
Re: multihomed BGP and PA address [In reply to]
Rolf Hanßen pisze:

Hi,

Yes your understanding was correct! So it's nothing to do with quagga then.

Could you/anyone please point me out how to achieve my goal? - so all
my traffic no matter which IPSs goes out always has the same source IP -
the one I advertise.

Many thanks,
M.
> Hello,
>
> im not quite sure if I understand, your problem ist the source address for
> packtes you send from your router to the internet ?
> That has nothing to do with the update-source command. That only sets the
> source IP of the packets used for the BGP TCP connection (usefull
> especially for multihop or if there is more than one IPs of a subnet
> configured on your router).
>
> If you send a packet from the router towards any destination that you
> receive from one of the BGP neighbors your kernel will have a route with
> nexthop 1.1.1.1 or 2.2.2.2 and therefore will use the IP that is part of
> the network between you and the ISP.
>
> In several programs you can set it manually (for example "ping -I lo
> www.quagga.net" or "traceroute -s 3.3.3.1 www.quagga.net")
>
> best regards
> Rolf Hanßen
>
>
>> Hello,
>>
>> I've got 2 ISPs and quagga/bgpd/zebra configured. Let's assume that:
>> a) ISP1 = 1.1.1.1/30
>> b) ISP2 = 2.2.2.2/30
>> c) my advertised network is 3.3.3.0/24.
>>
>> I created one IP from that network which is 3.3.3.1 and stick it on
>> loopback interface, so I can reach this IP from the Internet. However
>> when connection is established from my LAN (behind the router), I
>> present myself to the world using ISPs IP addresses, NOT the one
>> (3.3.3.1) I own.
>>
>> Is it the "neighbour BGP_IP update-source 3.3.3.1" option I should add
>> to my configuration to present my outbound traffic as going from 3.3.3.1
>> IP?
>>
>> or maybe I missed something and it's something completely different I
>> should focus on?
>>
>> Many thanks,
>> Marcin
>>
>>
>
> _______________________________________________
> Quagga-users mailing list
> Quagga-users [at] lists
> http://lists.quagga.net/mailman/listinfo/quagga-users
>



_______________________________________________
Quagga-users mailing list
Quagga-users [at] lists
http://lists.quagga.net/mailman/listinfo/quagga-users


nigel.marett at gmail

Nov 14, 2009, 12:32 PM

Post #4 of 13 (1642 views)
Permalink
Re: multihomed BGP and PA address [In reply to]
confusing! :)

are you saying packets from inside your network have a src address of one of
the interfaces on your router?

or are you testing from your router and seeing these packets with the wrong
src addr (I'd expect this behavior unless you specify a src if to ping /
traceroute from)

how many intrfaces do you have in your box?

n

--
sent from my Android

On 14 Nov 2009 19:58, "Marcin Giedz" <marcin.giedz [at] arise> wrote:

Rolf Hanßen pisze:

Hi,

Yes your understanding was correct! So it's nothing to do with quagga then.

Could you/anyone please point me out how to achieve my goal? - so all
my traffic no matter which IPSs goes out always has the same source IP -
the one I advertise.

Many thanks,
M.

> Hello, > > im not quite sure if I understand, your problem ist the source
address for > packtes yo...


universe at truemetal

Nov 14, 2009, 1:28 PM

Post #5 of 13 (1634 views)
Permalink
Re: multihomed BGP and PA address [In reply to]
Hello Marcin,

On Sat, 14 Nov 2009 14:03:59 +0100
Marcin Giedz <marcin.giedz [at] arise> wrote:

> I created one IP from that network which is 3.3.3.1 and stick it on
> loopback interface, so I can reach this IP from the Internet. However
> when connection is established from my LAN (behind the router), I
> present myself to the world using ISPs IP addresses, NOT the one
> (3.3.3.1) I own.

that sounds a lot like you are using NAT there. If this is on FreeBSD
and you are using natd, check natd.conf for -alias_address or
-interface, respectively see man natd for details on these switches. Or
just disable NAT if you want the hosts in your LAN appear on the
internet with their own unique IP addresses (3.3.3.x instead of
3.3.3.1).

Regards
Markus




_______________________________________________
Quagga-users mailing list
Quagga-users [at] lists
http://lists.quagga.net/mailman/listinfo/quagga-users


quagga at rhanssen

Nov 14, 2009, 2:01 PM

Post #6 of 13 (1636 views)
Permalink
Re: multihomed BGP and PA address [In reply to]
Hi,

you can do that with iptables (very dirty):
iptables -t nat -A POSTROUTING -d 1.1.1.1 -j ACCEPT
iptables -t nat -A POSTROUTING -s 1.1.1.2 -j SNAT --to-source 3.3.3.1
iptables -t nat -A POSTROUTING -d 2.2.2.2 -j ACCEPT
iptables -t nat -A POSTROUTING -s 2.2.2.1 -j SNAT --to-source 3.3.3.1
This will rewrite every source from packets send via 1.1.1.1 / 2.2.2.2 to
3.3.3.1 except thos going to the bgp peers.

But im sure you don't really want that. If you connect 3.3.3.0/24 to a
customer side interface and send packets from a server with 3.3.3.123 the
source will be 3.3.3.123.
The "problem" you mention does only appear on your router. If you really
need your router to send from that address you may try to bind the
daemon(s) (except quagga ;)) to that address.

best regards
Rolf

> Rolf Hanßen pisze:
>
> Hi,
>
> Yes your understanding was correct! So it's nothing to do with quagga
> then.
>
> Could you/anyone please point me out how to achieve my goal? - so all
> my traffic no matter which IPSs goes out always has the same source IP -
> the one I advertise.
>
> Many thanks,
> M.
>> Hello,
>>
>> im not quite sure if I understand, your problem ist the source address
>> for
>> packtes you send from your router to the internet ?
>> That has nothing to do with the update-source command. That only sets
>> the
>> source IP of the packets used for the BGP TCP connection (usefull
>> especially for multihop or if there is more than one IPs of a subnet
>> configured on your router).
>>
>> If you send a packet from the router towards any destination that you
>> receive from one of the BGP neighbors your kernel will have a route with
>> nexthop 1.1.1.1 or 2.2.2.2 and therefore will use the IP that is part of
>> the network between you and the ISP.
>>
>> In several programs you can set it manually (for example "ping -I lo
>> www.quagga.net" or "traceroute -s 3.3.3.1 www.quagga.net")
>>
>> best regards
>> Rolf Hanßen
>>
>>
>>> Hello,
>>>
>>> I've got 2 ISPs and quagga/bgpd/zebra configured. Let's assume that:
>>> a) ISP1 = 1.1.1.1/30
>>> b) ISP2 = 2.2.2.2/30
>>> c) my advertised network is 3.3.3.0/24.
>>>
>>> I created one IP from that network which is 3.3.3.1 and stick it on
>>> loopback interface, so I can reach this IP from the Internet. However
>>> when connection is established from my LAN (behind the router), I
>>> present myself to the world using ISPs IP addresses, NOT the one
>>> (3.3.3.1) I own.
>>>
>>> Is it the "neighbour BGP_IP update-source 3.3.3.1" option I should add
>>> to my configuration to present my outbound traffic as going from
>>> 3.3.3.1
>>> IP?
>>>
>>> or maybe I missed something and it's something completely different I
>>> should focus on?
>>>
>>> Many thanks,
>>> Marcin
>>>
>>>
>>
>> _______________________________________________
>> Quagga-users mailing list
>> Quagga-users [at] lists
>> http://lists.quagga.net/mailman/listinfo/quagga-users
>>
>
>
>
>


_______________________________________________
Quagga-users mailing list
Quagga-users [at] lists
http://lists.quagga.net/mailman/listinfo/quagga-users


marcin.giedz at arise

Nov 15, 2009, 3:52 AM

Post #7 of 13 (1636 views)
Permalink
Re: multihomed BGP and PA address [In reply to]
Rolf Hanßen pisze:

Hi,

..I thought so ;) anyway I see that my post is a little bit confusing.
So let me explain this.

As said earlier on I've got 2 ISPs and PA network to advertise. Now my
SMTP server sits in my LAN behind the router. My BIND is configured so
to provide access to MX from the Internet on 3.3.3.1 address - 'dig
mydomain.com MX' gives me 3.3.3.1 address and it's OK. However when I
send email from my server I go via physical interface eth0 (ISP1 -
1.1.1.1) or eth1 (ISP2 - 2.2.2.2). External email servers are then
confused as 'dig mydomain MX' and source IP address (1.1.1.1 or 2.2.2.2)
are different.

On the beginning I thought that maybe I missed something with BGP. Now I
see that it has nothing to do with BGP. Is simple SNAT the best option
to always present myself via SMTP as 3.3.3.1?

Thanks,
M.
> Hi,
>
> you can do that with iptables (very dirty):
> iptables -t nat -A POSTROUTING -d 1.1.1.1 -j ACCEPT
> iptables -t nat -A POSTROUTING -s 1.1.1.2 -j SNAT --to-source 3.3.3.1
> iptables -t nat -A POSTROUTING -d 2.2.2.2 -j ACCEPT
> iptables -t nat -A POSTROUTING -s 2.2.2.1 -j SNAT --to-source 3.3.3.1
> This will rewrite every source from packets send via 1.1.1.1 / 2.2.2.2 to
> 3.3.3.1 except thos going to the bgp peers.
>
> But im sure you don't really want that. If you connect 3.3.3.0/24 to a
> customer side interface and send packets from a server with 3.3.3.123 the
> source will be 3.3.3.123.
> The "problem" you mention does only appear on your router. If you really
> need your router to send from that address you may try to bind the
> daemon(s) (except quagga ;)) to that address.
>
> best regards
> Rolf
>
>
>> Rolf Hanßen pisze:
>>
>> Hi,
>>
>> Yes your understanding was correct! So it's nothing to do with quagga
>> then.
>>
>> Could you/anyone please point me out how to achieve my goal? - so all
>> my traffic no matter which IPSs goes out always has the same source IP -
>> the one I advertise.
>>
>> Many thanks,
>> M.
>>
>>> Hello,
>>>
>>> im not quite sure if I understand, your problem ist the source address
>>> for
>>> packtes you send from your router to the internet ?
>>> That has nothing to do with the update-source command. That only sets
>>> the
>>> source IP of the packets used for the BGP TCP connection (usefull
>>> especially for multihop or if there is more than one IPs of a subnet
>>> configured on your router).
>>>
>>> If you send a packet from the router towards any destination that you
>>> receive from one of the BGP neighbors your kernel will have a route with
>>> nexthop 1.1.1.1 or 2.2.2.2 and therefore will use the IP that is part of
>>> the network between you and the ISP.
>>>
>>> In several programs you can set it manually (for example "ping -I lo
>>> www.quagga.net" or "traceroute -s 3.3.3.1 www.quagga.net")
>>>
>>> best regards
>>> Rolf Hanßen
>>>
>>>
>>>
>>>> Hello,
>>>>
>>>> I've got 2 ISPs and quagga/bgpd/zebra configured. Let's assume that:
>>>> a) ISP1 = 1.1.1.1/30
>>>> b) ISP2 = 2.2.2.2/30
>>>> c) my advertised network is 3.3.3.0/24.
>>>>
>>>> I created one IP from that network which is 3.3.3.1 and stick it on
>>>> loopback interface, so I can reach this IP from the Internet. However
>>>> when connection is established from my LAN (behind the router), I
>>>> present myself to the world using ISPs IP addresses, NOT the one
>>>> (3.3.3.1) I own.
>>>>
>>>> Is it the "neighbour BGP_IP update-source 3.3.3.1" option I should add
>>>> to my configuration to present my outbound traffic as going from
>>>> 3.3.3.1
>>>> IP?
>>>>
>>>> or maybe I missed something and it's something completely different I
>>>> should focus on?
>>>>
>>>> Many thanks,
>>>> Marcin
>>>>
>>>>
>>>>
>>> _______________________________________________
>>> Quagga-users mailing list
>>> Quagga-users [at] lists
>>> http://lists.quagga.net/mailman/listinfo/quagga-users
>>>
>>>
>>
>>
>>
>
>
>



_______________________________________________
Quagga-users mailing list
Quagga-users [at] lists
http://lists.quagga.net/mailman/listinfo/quagga-users


quagga at rhanssen

Nov 15, 2009, 5:59 AM

Post #8 of 13 (1627 views)
Permalink
Re: multihomed BGP and PA address [In reply to]
Hi,

that's nothing you should do with routing or iptables, bind the SMTP
server to 3.3.3.1, for example for postfix that should solve your problem:
/etc/postfix/main.cf:
smtp_bind_address = 3.3.3.1

best regards
Rolf

> Rolf Hanßen pisze:
>
> Hi,
>
> ..I thought so ;) anyway I see that my post is a little bit confusing.
> So let me explain this.
>
> As said earlier on I've got 2 ISPs and PA network to advertise. Now my
> SMTP server sits in my LAN behind the router. My BIND is configured so
> to provide access to MX from the Internet on 3.3.3.1 address - 'dig
> mydomain.com MX' gives me 3.3.3.1 address and it's OK. However when I
> send email from my server I go via physical interface eth0 (ISP1 -
> 1.1.1.1) or eth1 (ISP2 - 2.2.2.2). External email servers are then
> confused as 'dig mydomain MX' and source IP address (1.1.1.1 or 2.2.2.2)
> are different.
>
> On the beginning I thought that maybe I missed something with BGP. Now I
> see that it has nothing to do with BGP. Is simple SNAT the best option
> to always present myself via SMTP as 3.3.3.1?
>
> Thanks,
> M.
>> Hi,
>>
>> you can do that with iptables (very dirty):
>> iptables -t nat -A POSTROUTING -d 1.1.1.1 -j ACCEPT
>> iptables -t nat -A POSTROUTING -s 1.1.1.2 -j SNAT --to-source 3.3.3.1
>> iptables -t nat -A POSTROUTING -d 2.2.2.2 -j ACCEPT
>> iptables -t nat -A POSTROUTING -s 2.2.2.1 -j SNAT --to-source 3.3.3.1
>> This will rewrite every source from packets send via 1.1.1.1 / 2.2.2.2
>> to
>> 3.3.3.1 except thos going to the bgp peers.
>>
>> But im sure you don't really want that. If you connect 3.3.3.0/24 to a
>> customer side interface and send packets from a server with 3.3.3.123
>> the
>> source will be 3.3.3.123.
>> The "problem" you mention does only appear on your router. If you really
>> need your router to send from that address you may try to bind the
>> daemon(s) (except quagga ;)) to that address.
>>
>> best regards
>> Rolf
>>
>>
>>> Rolf Hanßen pisze:
>>>
>>> Hi,
>>>
>>> Yes your understanding was correct! So it's nothing to do with quagga
>>> then.
>>>
>>> Could you/anyone please point me out how to achieve my goal? - so all
>>> my traffic no matter which IPSs goes out always has the same source IP
>>> -
>>> the one I advertise.
>>>
>>> Many thanks,
>>> M.
>>>
>>>> Hello,
>>>>
>>>> im not quite sure if I understand, your problem ist the source address
>>>> for
>>>> packtes you send from your router to the internet ?
>>>> That has nothing to do with the update-source command. That only sets
>>>> the
>>>> source IP of the packets used for the BGP TCP connection (usefull
>>>> especially for multihop or if there is more than one IPs of a subnet
>>>> configured on your router).
>>>>
>>>> If you send a packet from the router towards any destination that you
>>>> receive from one of the BGP neighbors your kernel will have a route
>>>> with
>>>> nexthop 1.1.1.1 or 2.2.2.2 and therefore will use the IP that is part
>>>> of
>>>> the network between you and the ISP.
>>>>
>>>> In several programs you can set it manually (for example "ping -I lo
>>>> www.quagga.net" or "traceroute -s 3.3.3.1 www.quagga.net")
>>>>
>>>> best regards
>>>> Rolf Hanßen
>>>>
>>>>
>>>>
>>>>> Hello,
>>>>>
>>>>> I've got 2 ISPs and quagga/bgpd/zebra configured. Let's assume that:
>>>>> a) ISP1 = 1.1.1.1/30
>>>>> b) ISP2 = 2.2.2.2/30
>>>>> c) my advertised network is 3.3.3.0/24.
>>>>>
>>>>> I created one IP from that network which is 3.3.3.1 and stick it on
>>>>> loopback interface, so I can reach this IP from the Internet. However
>>>>> when connection is established from my LAN (behind the router), I
>>>>> present myself to the world using ISPs IP addresses, NOT the one
>>>>> (3.3.3.1) I own.
>>>>>
>>>>> Is it the "neighbour BGP_IP update-source 3.3.3.1" option I should
>>>>> add
>>>>> to my configuration to present my outbound traffic as going from
>>>>> 3.3.3.1
>>>>> IP?
>>>>>
>>>>> or maybe I missed something and it's something completely different I
>>>>> should focus on?
>>>>>
>>>>> Many thanks,
>>>>> Marcin
>>>>>
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Quagga-users mailing list
>>>> Quagga-users [at] lists
>>>> http://lists.quagga.net/mailman/listinfo/quagga-users
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
>
>
>
>


_______________________________________________
Quagga-users mailing list
Quagga-users [at] lists
http://lists.quagga.net/mailman/listinfo/quagga-users


marcin.giedz at arise

Nov 15, 2009, 6:17 AM

Post #9 of 13 (1628 views)
Permalink
Re: multihomed BGP and PA address [In reply to]
Rolf Hanßen pisze:

Hi,

but postfix stays in my case on the server which is in LAN 192.168.30.0/24 ?

so once again:

on router:
1) ISP1: 1.1.1.1 on eth0
2) IPS2: 2.2.2.2 on eth1
3) on IPS1 and IPS2 BGP is created
4) IP of my advertised network : 3.3.3.1 on lo
5) my LAN: 192.168.30.0/24 on eth3, in this LAN SMTP server exist
192.168.30.5

6) from outside (Internet) 'dig mydomain.com MX' gives 3.3.3.1
7) during sending emails from my SMTP server connection on port 25 is
established using source IP address of ISP1 or ISP2 depends on which one
is default GW for particular network. This ends up with message from
external SMTP server saying: "your IP ISP1(1.1.1.1)/ISP2(2.2.2.2)
doesn't correspond to IP from your mydomain.com (3.3.3.1)"

I hope that's all ;)

Thanks a lot for your time and help
M.

> Hi,
>
> that's nothing you should do with routing or iptables, bind the SMTP
> server to 3.3.3.1, for example for postfix that should solve your problem:
> /etc/postfix/main.cf:
> smtp_bind_address = 3.3.3.1
>
> best regards
> Rolf
>
>
>> Rolf Hanßen pisze:
>>
>> Hi,
>>
>> ..I thought so ;) anyway I see that my post is a little bit confusing.
>> So let me explain this.
>>
>> As said earlier on I've got 2 ISPs and PA network to advertise. Now my
>> SMTP server sits in my LAN behind the router. My BIND is configured so
>> to provide access to MX from the Internet on 3.3.3.1 address - 'dig
>> mydomain.com MX' gives me 3.3.3.1 address and it's OK. However when I
>> send email from my server I go via physical interface eth0 (ISP1 -
>> 1.1.1.1) or eth1 (ISP2 - 2.2.2.2). External email servers are then
>> confused as 'dig mydomain MX' and source IP address (1.1.1.1 or 2.2.2.2)
>> are different.
>>
>> On the beginning I thought that maybe I missed something with BGP. Now I
>> see that it has nothing to do with BGP. Is simple SNAT the best option
>> to always present myself via SMTP as 3.3.3.1?
>>
>> Thanks,
>> M.
>>
>>> Hi,
>>>
>>> you can do that with iptables (very dirty):
>>> iptables -t nat -A POSTROUTING -d 1.1.1.1 -j ACCEPT
>>> iptables -t nat -A POSTROUTING -s 1.1.1.2 -j SNAT --to-source 3.3.3.1
>>> iptables -t nat -A POSTROUTING -d 2.2.2.2 -j ACCEPT
>>> iptables -t nat -A POSTROUTING -s 2.2.2.1 -j SNAT --to-source 3.3.3.1
>>> This will rewrite every source from packets send via 1.1.1.1 / 2.2.2.2
>>> to
>>> 3.3.3.1 except thos going to the bgp peers.
>>>
>>> But im sure you don't really want that. If you connect 3.3.3.0/24 to a
>>> customer side interface and send packets from a server with 3.3.3.123
>>> the
>>> source will be 3.3.3.123.
>>> The "problem" you mention does only appear on your router. If you really
>>> need your router to send from that address you may try to bind the
>>> daemon(s) (except quagga ;)) to that address.
>>>
>>> best regards
>>> Rolf
>>>
>>>
>>>
>>>> Rolf Hanßen pisze:
>>>>
>>>> Hi,
>>>>
>>>> Yes your understanding was correct! So it's nothing to do with quagga
>>>> then.
>>>>
>>>> Could you/anyone please point me out how to achieve my goal? - so all
>>>> my traffic no matter which IPSs goes out always has the same source IP
>>>> -
>>>> the one I advertise.
>>>>
>>>> Many thanks,
>>>> M.
>>>>
>>>>
>>>>> Hello,
>>>>>
>>>>> im not quite sure if I understand, your problem ist the source address
>>>>> for
>>>>> packtes you send from your router to the internet ?
>>>>> That has nothing to do with the update-source command. That only sets
>>>>> the
>>>>> source IP of the packets used for the BGP TCP connection (usefull
>>>>> especially for multihop or if there is more than one IPs of a subnet
>>>>> configured on your router).
>>>>>
>>>>> If you send a packet from the router towards any destination that you
>>>>> receive from one of the BGP neighbors your kernel will have a route
>>>>> with
>>>>> nexthop 1.1.1.1 or 2.2.2.2 and therefore will use the IP that is part
>>>>> of
>>>>> the network between you and the ISP.
>>>>>
>>>>> In several programs you can set it manually (for example "ping -I lo
>>>>> www.quagga.net" or "traceroute -s 3.3.3.1 www.quagga.net")
>>>>>
>>>>> best regards
>>>>> Rolf Hanßen
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I've got 2 ISPs and quagga/bgpd/zebra configured. Let's assume that:
>>>>>> a) ISP1 = 1.1.1.1/30
>>>>>> b) ISP2 = 2.2.2.2/30
>>>>>> c) my advertised network is 3.3.3.0/24.
>>>>>>
>>>>>> I created one IP from that network which is 3.3.3.1 and stick it on
>>>>>> loopback interface, so I can reach this IP from the Internet. However
>>>>>> when connection is established from my LAN (behind the router), I
>>>>>> present myself to the world using ISPs IP addresses, NOT the one
>>>>>> (3.3.3.1) I own.
>>>>>>
>>>>>> Is it the "neighbour BGP_IP update-source 3.3.3.1" option I should
>>>>>> add
>>>>>> to my configuration to present my outbound traffic as going from
>>>>>> 3.3.3.1
>>>>>> IP?
>>>>>>
>>>>>> or maybe I missed something and it's something completely different I
>>>>>> should focus on?
>>>>>>
>>>>>> Many thanks,
>>>>>> Marcin
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> Quagga-users mailing list
>>>>> Quagga-users [at] lists
>>>>> http://lists.quagga.net/mailman/listinfo/quagga-users
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>>
>
>
>



_______________________________________________
Quagga-users mailing list
Quagga-users [at] lists
http://lists.quagga.net/mailman/listinfo/quagga-users


quagga-users at alexis

Nov 17, 2009, 10:57 PM

Post #10 of 13 (1611 views)
Permalink
Re: multihomed BGP and PA address [In reply to]
[.Sorry for the duplicate - in a seemingly regular display of stupidity
I first posted from the wrong address.]

On Nov 15, 2009, at 9:17 AM, Marcin Giedz wrote:
> but postfix stays in my case on the server which is in LAN
> 192.168.30.0/24 ?
>
> so once again:
>
> on router:
> 1) ISP1: 1.1.1.1 on eth0
> 2) IPS2: 2.2.2.2 on eth1
> 3) on IPS1 and IPS2 BGP is created
> 4) IP of my advertised network : 3.3.3.1 on lo
> 5) my LAN: 192.168.30.0/24 on eth3, in this LAN SMTP server exist
> 192.168.30.5
>
> 6) from outside (Internet) 'dig mydomain.com MX' gives 3.3.3.1
> 7) during sending emails from my SMTP server connection on port 25 is
> established using source IP address of ISP1 or ISP2 depends on which
> one
> is default GW for particular network. This ends up with message from
> external SMTP server saying: "your IP ISP1(1.1.1.1)/ISP2(2.2.2.2)
> doesn't correspond to IP from your mydomain.com (3.3.3.1)"

A few thoughts on this:

1) This is a NAT issue. You haven't configured it correctly. So a
previous poster's suggestion to read the docs on your NAT software
(natd or whatever) is the right first step. Your problem is that you
are telling your NAT software on your router to rewrite all your
outbound traffic as coming from your router. It's doing that, and it's
choosing as a source IP address whatever interface it's sending the
traffic from. This is what you would expect, by default. You should be
able to have it use your loopback address instead, with the
appropriate rules.

2) What you're doing may be the wrong idea. Consider not using your
loopback address as the MX. (Similarly, don't use it for other servers
either.) Instead select another address inside your netblock (perhaps
3.3.3.2, using your example netblock) for your SMTP server, and set up
your NAT rules to rewrite traffic from your SMTP server as coming from
there (and do the opposite for inbound traffic). That sort of static 1-
to-1 NAT is a lot simpler conceptually and may help you get things
going. (Note that your current design isn't inherently wrong or
broken, and I have many networks set up that way myself, but if you've
got a whole /24 and you're having trouble, it's probably more complex
that you need it to be.)

3) This is the wrong list. Please take this to a networking list for
the OS you're using - you're likely to get more, better, more specific
help there.

/a
_______________________________________________
Quagga-users mailing list
Quagga-users [at] lists
http://lists.quagga.net/mailman/listinfo/quagga-users


marcin.giedz at arise

Nov 17, 2009, 11:41 PM

Post #11 of 13 (1612 views)
Permalink
Re: multihomed BGP and PA address [In reply to]
Alexis Rosen pisze:

Hi Alex,

I really appreciate your help and yes now I know this is wrong list.
Anyway to close this subject I'd like to ask you why do you see
obstacles for not using 'lo' to stick IPs from advertised network? This
is quite common in cisco or bgp generally, isn't it? If 'lo' is not good
enough should I use physical interface for my PA network?

Many thanks,
Marcin
> On Nov 15, 2009, at 9:17 AM, Marcin Giedz wrote:
>> but postfix stays in my case on the server which is in LAN
>> 192.168.30.0/24 ?
>>
>> so once again:
>>
>> on router:
>> 1) ISP1: 1.1.1.1 on eth0
>> 2) IPS2: 2.2.2.2 on eth1
>> 3) on IPS1 and IPS2 BGP is created
>> 4) IP of my advertised network : 3.3.3.1 on lo
>> 5) my LAN: 192.168.30.0/24 on eth3, in this LAN SMTP server exist
>> 192.168.30.5
>>
>> 6) from outside (Internet) 'dig mydomain.com MX' gives 3.3.3.1
>> 7) during sending emails from my SMTP server connection on port 25 is
>> established using source IP address of ISP1 or ISP2 depends on which one
>> is default GW for particular network. This ends up with message from
>> external SMTP server saying: "your IP ISP1(1.1.1.1)/ISP2(2.2.2.2)
>> doesn't correspond to IP from your mydomain.com (3.3.3.1)"
>
> A few thoughts on this:
>
> 1) This is a NAT issue. You haven't configured it correctly. So a
> previous poster's suggestion to read the docs on your NAT software
> (natd or whatever) is the right first step. Your problem is that you
> are telling your NAT software on your router to rewrite all your
> outbound traffic as coming from your router. It's doing that, and it's
> choosing as a source IP address whatever interface it's sending the
> traffic from. This is what you would expect, by default. You should be
> able to have it use your loopback address instead, with the
> appropriate rules.
>
> 2) What you're doing may be the wrong idea. Consider not using your
> loopback address as the MX. (Similarly, don't use it for other servers
> either.) Instead select another address inside your netblock (perhaps
> 3.3.3.2, using your example netblock) for your SMTP server, and set up
> your NAT rules to rewrite traffic from your SMTP server as coming from
> there (and do the opposite for inbound traffic). That sort of static
> 1-to-1 NAT is a lot simpler conceptually and may help you get things
> going. (Note that your current design isn't inherently wrong or
> broken, and I have many networks set up that way myself, but if you've
> got a whole /24 and you're having trouble, it's probably more complex
> that you need it to be.)
>
> 3) This is the wrong list. Please take this to a networking list for
> the OS you're using - you're likely to get more, better, more specific
> help there.
>
> /a



_______________________________________________
Quagga-users mailing list
Quagga-users [at] lists
http://lists.quagga.net/mailman/listinfo/quagga-users


quagga-users at alexis

Nov 18, 2009, 12:01 AM

Post #12 of 13 (1604 views)
Permalink
Re: multihomed BGP and PA address [In reply to]
On Nov 18, 2009, at 2:41 AM, Marcin Giedz wrote:
> I really appreciate your help and yes now I know this is wrong list.
> Anyway to close this subject I'd like to ask you why do you see
> obstacles for not using 'lo' to stick IPs from advertised network?
> This is quite common in cisco or bgp generally, isn't it? If 'lo' is
> not good enough should I use physical interface for my PA network?

This has nothing to do with BGP. The fact that you're confusing NAT
and BGP suggests that the simplest solution that works is the one
you're most likely to have success with. That's why I'm suggesting
that you use a static 1-to-1 NAT map between your public space and
your private IPs, for the servers that you need to expose. As I wrote
previously, there's nothing inherently wrong with mapping multiple
servers onto your router.

/a
_______________________________________________
Quagga-users mailing list
Quagga-users [at] lists
http://lists.quagga.net/mailman/listinfo/quagga-users


marcin.giedz at arise

Nov 18, 2009, 2:35 AM

Post #13 of 13 (1620 views)
Permalink
Re: multihomed BGP and PA address [In reply to]
Alexis Rosen pisze:

Thanks a lot!!!

M.
> On Nov 18, 2009, at 2:41 AM, Marcin Giedz wrote:
>
>> I really appreciate your help and yes now I know this is wrong list.
>> Anyway to close this subject I'd like to ask you why do you see
>> obstacles for not using 'lo' to stick IPs from advertised network?
>> This is quite common in cisco or bgp generally, isn't it? If 'lo' is
>> not good enough should I use physical interface for my PA network?
>>
>
> This has nothing to do with BGP. The fact that you're confusing NAT
> and BGP suggests that the simplest solution that works is the one
> you're most likely to have success with. That's why I'm suggesting
> that you use a static 1-to-1 NAT map between your public space and
> your private IPs, for the servers that you need to expose. As I wrote
> previously, there's nothing inherently wrong with mapping multiple
> servers onto your router.
>
> /a
> _______________________________________________
> Quagga-users mailing list
> Quagga-users [at] lists
> http://lists.quagga.net/mailman/listinfo/quagga-users
>



_______________________________________________
Quagga-users mailing list
Quagga-users [at] lists
http://lists.quagga.net/mailman/listinfo/quagga-users

Quagga users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.