Default route and Babled route co-exist

[darkdrgn2k]

^{This initial comment is collaborative and open to modification by all.}

Task Summary

🎟️ Re-ticketed from: #
📅 Due date: N/A
🎯 Success criteria: ...

In a Gateway node where a tunnel interface that relies on the internet, and babeld traffic get routed causing conflict.

• Default Gateway on node will point to its local internet
  • This is needed to establish a tunnel
• Babeld wont install a default route to an exit node
  • It can be forced, but that will just collapse the tunnel
• Because default route is going out the local gateway, any other traffic routing through this trying to get out to an exit node will use the local gateway beacuse thats what the route is. Most times it will fail since the source ip address is unknown to the default gateway.

Workaround 1 - use static routes

static route only the l2tp tunnel ip to the local gateway. This will allow babeld to install the correct route

ip route delete 0.0.0.0/0
ip route add 123.123.123.123/32 via 1921.68.1.1

Workaround 2 - use separate table for babeld

Make babled put all its routes into a separate route table
This will keep the local route table and babeld's route table separate
Add this to babeld.conf
export-table 10

Route all incoming traffic on specific interfaces to use the babeld route table instead of the os master
(this includes the 0.0.0.0/0 selected by babeld)
put it in rc.local

ip rule add iif ens19 table 10
ip rule add iif tun0 table 10
ip rule add iif l2tpeth61 table 10

I had to add the routes for the local interfaces including openvpn

ip route add 100.64.21.0/24 dev ens19 table 10
ip route add 100.127.253.0/24 dev tun0 table 10

Workaround 3 - VRF to interfaces

Create a mesh VRF and assign it Routing Table 10

ip link add name mesh type vrf table 10
ip link set dev mesh up

Allow TCP and UDP port to be accessable from the VRFs (so you can SSH into the box)

/sbin/sysctl -w net.ipv4.tcp_l3mdev_accept=1
/sbin/sysctl -w net.ipv4.udp_l3mdev_accept=1

Add interfaces to the VRF that should be routing over babeld's routes

ip link set dev ens19 vrf mesh up
ip link set dev tun0 vrf mesh up
ip link set dev l2tpeth61 vrf mesh up

Create a rule that puts all incoming and outgoing packets on the interfaces to use the vrf's routing table (table 10). This is needed to forward packets

ip rule add iif ens19 table 10
ip rule add oif ens19 table 10

ip rule add iif tun0 table 10
ip rule add oif tun0 table 10

ip rule add iif l2tpeth61 table 10
ip rule add oif l2tpeth61 table 10

Add the following in babeld to use table 10 to read and write routes

export-table 10
import-table 10

Usage:

• Completely transparent to forwarded packets (packets coming from other devices)
• From the local machine all traffic happens on the GLOBAL (non mesh) route table
• To use the mesh table locally
  • ping 100.64.10.1 -I mesh <- tells it to attach it to interface MESH
  • ip vrf exec mesh traceroute 100.64.10.1 <- run traceroute (on any exec) in mesh vrf

Issues:

IPv6 addresses disappear :( and need to be re-added)

todo

• Find a way to seperate babeld and local route tables
• Check to see if you can default to table 10 instead of "opt in"
• Look into VRF and marry interfaces to tunnels

[darkdrgn2k]

No ui interface to use ip rule that i can find on edgeos

[darkdrgn2k]

Done