[OCCAID] routing

Jeroen Massar jeroen at unfix.org
Thu Jan 25 07:53:51 EST 2007 

Miles Nordin wrote:
>>>>>> "jm" == Jeroen Massar <jeroen at unfix.org> writes:
> 
>     jm> What if the various SixXS PoPs would have a BGP
>     jm> listener&speaker.
> 
> yeah me and the two guys downstream from me are interested in that.
> It has been a fantastic learning experience, and is fun to show guests
> when they come to visit.
> 
>     jm> Will take some time to implement this, but when done properly
>     jm> it will be exactly what is needed. 
> 
> Will it be possible to keep the same OCCAID /48?

Of course. Any prefix that OCCAID allows to be announced into their core
can be accepted that way. Which also means that it might allow 'foreign
prefixes' to be accepted, but that is something for later.

[..]
> What's worst: Solaris will not allow ICMP to kill a TCP connection in
> the syn-sent state.  I think ICMP unreachable should be ignored in
> 'established' state, but not 'syn-sent' state, even according to Gont.

ICMP unreach is exactly that: that the destination has become
unreachable. The question though is, is it a 'host unreach' or a 'net
unreach', as these are usually handled differently. As Solaris is
OpenSolaris now, you can easily fix that as you have the source.

It should kill the connection.

> Linux will kill the connection.  FreeBSD will if
> net.inet.tcp.icmp_may_rst=1.

This is probably a "security" measure. Actually it is not a bad thing,
as then even if you get a few ICMP unreaches, your connectivity will
stay alive ;) I think these are mostly in place to avoid spoofed packets
disconnecting TCP sessions, which was once a common practice for IRC ;)

> NetBSD will with my patch.  but not
> Solaris.  Consequently I have to choose between withdrawing the prefix
> advertisements on the LAN and breaking things all over the place, or
> else waiting 4 minutes to browse any web page that advertises a v6
> address.  ...but with the BGP, Linux browsers were ok automatically.

Just add a null route for that prefix, or fix your Solaris installation
to accept those ICMP unreaches as RST's.

> In the mean time I will get my mail service rearranged this weekend so
> I'm SixXS-qualified.  I've been running my email at this domain since
> 1995, but unfortunately it still doesn't pass the kiddie-rejection
> heuristic. :)

There is no kiddy protection for people who can explain why they make
certain decisions about their network.

>     jm> Accidentally it will also allow for Multicast IPv6 to work
>     jm> properly.
> 
> That's interesting.  Is this with Quagga, or Cisco-only, or I should
> be trying a different routing daemon?

Standard Multiprotocol BGPv4+. Quagga should support that.

But as mentioned, don't hold your breathe for it, it might be soon but
most likely it will be later as it depends on testing and especially
time to implement.

Greets,
 Jeroen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 311 bytes
Desc: OpenPGP digital signature
Url : http://mailman.twdx.net/pipermail/occaid/attachments/20070125/a69837e2/signature.bin

More information about the Occaid mailing list