Re: multiple default routes

From: Anton Ivanov (aivanov@eu.level3.net)
Date: Wed May 31 2000 - 10:58:50 EST

Next message: Dunlap, Randy: "RE: Linux 2.5 / 2.6 TODO (preliminary)"
Previous message: Ed Carp: "Re: Linux 2.5 / 2.6 TODO (preliminary)"
In reply to: Andi Kleen: "Re: multiple default routes"
Next in thread: Andi Kleen: "Re: multiple default routes"
Reply: Andi Kleen: "Re: multiple default routes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Helge Hafting <helgehaf@idb.hist.no> writes:
>
> > >
> > >
> > > I have 2 NICs on each of my Linux boxes connected to 2 different
> > > network segments and routers and I would like packets coming on one
> > > ethernet interface (from any source ip) to go back over the same
> > > interface. Is that possible in Linux ?
> >
> > You probably mean something like "*answers* to incoming packets
> > should go out via the interface the packet came in?"
> >
> > IP don't work that way, as far as I know. Information about wich
> > interface received a packet is removed early, it is not in the
> > IP headers. (Firewall code like ipchains may have access to this
> > information,
> > but I don't think that is useful for your purpose.)
>
> Actually Linux preserves that information. For datagram sockets you
> can easily get it via the IP_PKTINFO control message. For TCP it is
> a bit more complicated. The stack does not react to this information
> per default (only when the packet contains source routing options), but
> the user program could. The kernel could be made too. The question is
> just if it makes sense. It usually doesn't.
>

It does for the following design.

IMHO it is b0rken, but quite common (for various reasons).

You have multiple (at least two) redundant stateful firewalls and/or load
balancers. Behind them you have N boxen that are connected to each
firewall/load balancer. You _do_not_ run routing protocol and use default or
statics. In this case you need to answer on the interface where you have been
asked in order to obey state in the firewall/load balancer.

This design has quite a few ugly points of failure. And it does not achieve
what is wanted. IMHO: use routing protocol + loopback aliases instead.

Coming back to the b0rken design. In order to implement it it is necessary to
do a queueing discipline (return same or something like that). To be honest I
have no idea if all the info in order to implement this queueing discipline is
present in the current data structures. I have not had any time to have a look
at recent 2.3.x. - 2.4.s.

[snip]

Brgds,

application/pgp-signature attachment: stored

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dunlap, Randy: "RE: Linux 2.5 / 2.6 TODO (preliminary)"
Previous message: Ed Carp: "Re: Linux 2.5 / 2.6 TODO (preliminary)"
In reply to: Andi Kleen: "Re: multiple default routes"
Next in thread: Andi Kleen: "Re: multiple default routes"
Reply: Andi Kleen: "Re: multiple default routes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed May 31 2000 - 21:00:27 EST