Re: Thinking about "branes" for netbsd...

[David Young <dyoung%pobox.com@localhost>]

On Fri, May 04, 2012 at 09:45:32AM +0200, Gert Doering wrote:
> Hi,
> 
> On Thu, May 03, 2012 at 10:37:35PM -0500, David Young wrote:
> > > Except for the notion that a route can belong to one domain,
> > > this is otherwise in agreement with what's proposed. More
> > > than one domain may have a specific route, for example, two
> > > domains may have the same default route.
> > 
> > How/why do two domains share a route, even the default?
> > 
> > It might help to see a made-up routing table for a couple of domains.
> 
> In Cisco IOS, you have <n> independent routing tables, but you can
> have routes pointing out of a routing instance by specifying a target
> interface that belongs to another routing instance.  Like:
> 
>   ip route vrf BLUE 0.0.0.0 0.0.0.0 gige3/6 192.0.2.1
> 
> so if "gige3/6" belongs to "vrf RED", the default route for packets 
> in "vrf BLUE" will make them change the vrf.
> 
> What you cannot easily do in IOS is "keep the packets on the same box,
> but have them change vrf" - but that's something, for example, Juniper
> ScreenOS can do with their "virtual routers" - you can point a route 
> at another vrouter, to make it jump routing tables
> 
> set vrouter "trust-vr"
>   set route 172.18.0.0/16 vrouter "untrust-vr"
> 
> (a "vrouter" is, basically, a collection of routing table entries plus
> interfaces - same as a VRF in Cisco-Speak)
> 
> 
> So, for example, you could have one network 192.168.100.0/24, which is
> reachable from all the virtual routing systems
> 
> set vrouter "vr-blue"
>   set route 192.168.100.0/24 vrouter "vr-management"
> set vrouter "vr-green"
>   set route 192.168.100.0/24 vrouter "vr-management"
> set vrouter "vr-yellow"
>   set route 192.168.100.0/24 vrouter "vr-management"
> 
> set vrouter "vr-management"
>   set route 192.168.100.0/24 interface ethernet0/3 gateway 192.168.99.1

Thanks!

The Cisco way is awful.  The Juniper way seems much more rational.

I wonder how all of this works under the hood in Cisco & Juniper.  A
naive implementation would make one routing-table lookup in vr-blue
(192.168.100.1 -> vrouter "vr-management") and a second lookup in
vr-management (192.168.100.1 -> nexthop), but somehow I think that it
doesn't actually work that way.

Dave

-- 
David Young
dyoung%pobox.com@localhost    Urbana, IL    (217) 721-9981