Routing policy for local packets


#1

Good day.

I want to create route policy for packets that are generated by router itself.

For example:

“if source address is 1.1.1.1 then use default gateway 2.2.2.2”.

How this can be done?

Thanks.


I created policies

[quote]vyos@bgp# show policy route ROUTES
rule 100 {
set {
table 1
}
source {
address 1.1.1.1
}
}
rule 110 {
set {
table 2
}
source {
address 3.3.3.3
}
}

[edit][/quote]

Then i created routes:

[quote]vyos@bgp# show protocols static table 1
route 0.0.0.0/0 {
next-hop 2.2.2.2 {
}
}

[edit]
[/quote]

[quote]vyos@bgp# show protocols static table 2
route 0.0.0.0/0 {
next-hop 4.4.4.4 {
}
}

[edit]
[/quote]

But i can’t find out interface to which i must assign that policy?


#2

usually you would apply it to the ingress interface where the source traffic is flowing into, however like you pointed out the source traffic in this case is not flowing into any interface because it’s being generated by the router itself. Have you tried applying it to the loopback interface?


#3

loopback and dummy interfaces don’t have “policy” option

[quote]vyos@bgp# set interfaces loopback lo policy route ROUTES

Configuration path: interfaces loopback lo [policy] is not valid
Set failed
[/quote]


#4

Anyone?


#5

It depends on the usecase, but you could do it “the other way”. Policy route traffic traversing your router.

I see some problems with your approach, and you may observe some unpredictable behaviour. If you want to have a VPN tunnel, DHCP relay agent and other “user related” traffic generated in your router you probably want it to use the same routing table as the rest of the “user related” traffic.


#6

Good day.

We have BGP router with multiple uplinks that have default route. We want that router to respond to pings on any of the IP-addresses that are used for interconnections.

For that purpose we usually set up separate routing table with different default gateway for each address.

For example:

eth0 192.168.1.2/30 (uplink = 192.168.1.1)
eth1 192.168.2.2/30 (uplink = 192.168.2.1)

all traffic from 192.168.1.2 must go via 192.168.1.1
all traffic from 192.168.2.2 must go via 192.168.2.1


#7

I clearly don’t understand the usecase.

If you ping 192.168.1.2 on a BGP router from somewhere, it may or may not come in from 192.168.1.1. Is this for monitoring connectivity between the BGP peers?


#8

If you have multiple uplinks then usually traffic to the same network is routed via same gateway.

If traffic from router to my ip (when i try to connect to router via ssh) comes via eth0 but for some reasons (due to technical problems) i can’t be reached via eth0 -> i can’t connect to router.

Since router has multiple IP’s (one for each uplink), i want that if i connect from internet to router’s IP1 then ssh traffic from router to me must go via eth0. If i connect from internet to router’s IP2 then ssh traffic from router to me must go via eth1.

In this case if uplink with IP1 doesn’t work for some reasons, i will be able to connect to IP2.


#9

On the Vyatta system, you cannot apply policy based routing to locally generated packets.