Community discussions

MUM Europe 2020
 
fpascual
Member Candidate
Member Candidate
Topic Author
Posts: 140
Joined: Mon May 29, 2006 3:17 pm

Mangle Question

Thu Apr 12, 2007 4:23 pm

Hi, can I put more than one dst-address into a single mangle rule ?, I must to configure tagging to more than 20 networks.


Thanks
 
fpascual
Member Candidate
Member Candidate
Topic Author
Posts: 140
Joined: Mon May 29, 2006 3:17 pm

Thu Apr 12, 2007 4:27 pm

Another question, I have 5 BGP peers and use mangle to take a control to upstream traffic (balancing 3 international providers), how can I do that with BGP ?
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Re: Mangle Question

Thu Apr 12, 2007 4:40 pm

Hi, can I put more than one dst-address into a single mangle rule ?
Yes, but not directly. Use an address-list. Define the list under /ip firewall address-list and then use that list in the mangle rule (use dst-address-list in the mangle rule instead of dst-address).

--Tom
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Thu Apr 12, 2007 4:54 pm

I have 5 BGP peers and use mangle to take a control to upstream traffic (balancing 3 international providers), how can I do that with BGP ?
Traffic management with BGP is not an exact science. Because of the dynamic nature of the worldwide BGP routing table it's more of a moving target and an ongoing process. The results of BGP traffic management are often much less fine-grained then you'd hope for.

That being said you can use AS-PATH prepending and/or local preference to influence BGP routing (and thereby traffic flow). Some people like to announce sub-networks (longer prefixes) of their aggregate differently to different upstreams, or some sub-networks only to one upstream and other sub-networks to another upstream, but that is strongly discouraged as it makes the global BGP routing table larger and increases the opportunities of flapping routes (which, in turn, may get your AS dampened by your upstreams).

--Tom
 
fpascual
Member Candidate
Member Candidate
Topic Author
Posts: 140
Joined: Mon May 29, 2006 3:17 pm

Thu Apr 12, 2007 4:57 pm

Ohhh, thanks a lot !.
And then I must to configure 1 line per network in address list, is it correct ?.
Can I make this traffic treatment with BGP directly ?.
 
fpascual
Member Candidate
Member Candidate
Topic Author
Posts: 140
Joined: Mon May 29, 2006 3:17 pm

Thu Apr 12, 2007 5:17 pm

Ok Tom, I read your post about BGP.
Look, I need route some networks by src-address:


add chain=prerouting in-interface=red_acceso src-address=200.X.6.0/24 dst-address-list=bloques_nacionales action=accept comment="200.X.6.0/24 Upstream Nacional" disabled=no
add chain=prerouting in-interface=red_acceso src-address=200.X.6.0/24 dst-address=0.0.0.0/0 action=mark-routing new-routing-mark=200.X.6.0 passthrough=yes comment="200.X.6.0/24 Upstream Internacional" disabled=no

add chain=prerouting in-interface=red_acceso src-address=200.X.29.0/24 dst-address-list=bloques_nacionales action=accept comment="200.X.29.0/24 Upstream Nacional" disabled=no
add chain=prerouting in-interface=red_acceso src-address=200.X.29.0/24 dst-address=0.0.0.0/0 action=mark-routing new-routing-mark=200.X.29.0 passthrough=yes comment="200.X.29.0/24 Upstream Internacional" disabled=no


It´s only upstream traffic.
Do you understand me ?.

Thanks Tom !
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Thu Apr 12, 2007 6:36 pm

BGP does not by itself have anything to do with mangeling. From my understanding I thought that you are already using mangeling for traffic shaping and now you want to additionaly implement BGP and use the traffic control features that BGP offers - which, as I already wrote - do not have any relation to mangeling as such.

What do you want to achive and how do you plan to relate the mangeling to BGP?

Maybe you shoud show us your BGP configuration export...


--Tom
 
fpascual
Member Candidate
Member Candidate
Topic Author
Posts: 140
Joined: Mon May 29, 2006 3:17 pm

Thu Apr 12, 2007 8:49 pm

No Tom, I´m not talking about mangle with BGP, just need to route some upstream traffic depending on the source addresses.

I mean:

IF my router receive a packet with XXXX source address range and YYYY destination address, I need to route this packet to Peer N (I decide for wich peer send this packet).


Thanks
 
User avatar
tneumann
Member
Member
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Thu Apr 12, 2007 9:26 pm

Sounds like plain policy routing - it does not matter if the route to the destination is learned via BGP or not... so just configure policy routing and force it to use a certain next-hop. If that next hop is a BGP peer or would be irrelevant from what I understand.

--Tom
 
fpascual
Member Candidate
Member Candidate
Topic Author
Posts: 140
Joined: Mon May 29, 2006 3:17 pm

Thu Apr 12, 2007 9:32 pm

Oh, ok, yes, in this moment I use mangle to tag the packets and then statics routes to route him. I think that can make this job with BGP too.

Who is online

Users browsing this forum: fusa, Google [Bot], maximo, MSN [Bot] and 107 guests