From nobody Mon Oct 4 07:33:15 2021 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 9282F17EA053 for ; Mon, 4 Oct 2021 07:33:20 +0000 (UTC) (envelope-from arcade@b1t.name) Received: from limbo.b1t.name (limbo.b1t.name [178.218.68.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4HNCB766ycz3p7k for ; Mon, 4 Oct 2021 07:33:19 +0000 (UTC) (envelope-from arcade@b1t.name) Received: from [172.29.1.106] (probe2.42.lan [172.29.1.106]) by limbo.b1t.name (Postfix) with ESMTPSA id 79839183 for ; Mon, 4 Oct 2021 10:33:15 +0300 (EEST) From: Volodymyr Kostyrko Subject: net.add_addr_allfibs - alternative usecases To: net@FreeBSD.org Message-ID: Date: Mon, 4 Oct 2021 10:33:15 +0300 User-Agent: Mozilla/5.0 (X11; DragonFly x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=b1t.name; s=dkim; t=1633332798; bh=DLpfuUJji3YhRnNvpDD/j911Sd6dnADmAuAsNVL3Y20=; h=From:Subject:To:Message-ID:Date:MIME-Version:Content-Type:Content-Transfer-Encoding; b=XAG9kcEp6BYzKfYHQyuMTK5Mvm6/akF8IquEHjIzPwHPKHXGCpVDBJ/4jVs7C+gDNiuuMkM5Wdd9dw2xAmdRF11q9lOe8dLrB9Yz8SxvW0QTHJFrk6MKPuSTJkAk/+Gt0oZNeeDF6dLbdOlSJI9vJP+fJNWp6sj91tsmhsIQHUs= X-Rspamd-Queue-Id: 4HNCB766ycz3p7k X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=b1t.name header.s=dkim header.b=XAG9kcEp; dmarc=pass (policy=none) header.from=b1t.name; spf=pass (mx1.freebsd.org: domain of arcade@b1t.name designates 178.218.68.68 as permitted sender) smtp.mailfrom=arcade@b1t.name X-Spamd-Result: default: False [-4.00 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[b1t.name:s=dkim]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[net@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DKIM_TRACE(0.00)[b1t.name:+]; DMARC_POLICY_ALLOW(-0.50)[b1t.name,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:34605, ipnet:178.218.68.0/24, country:UA]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-ThisMailContainsUnwantedMimeParts: N Hello. First of all, I came here not to agitate for any change, I want to understand how my configuration is inefficient and how I can do that better. I have two outgoing interfaces, if0 and if0. Those are different internet providers, I even get ipv6 through second one, and that's nice. I want to automatically fallback to the interface that is working in case of outage. Also, I want some traffic only on one of those interfaces. So I got 3 fibs: fib 0: default route fib 1: default route is if0 fib 2: default route is if1 Fibs 1-2 are used for traffic that should only pass through exactly that interface. Traffic pinning is done with PF: pass out on $outside2 inet from ($outside2) queue(in_std2, in_priv2) modulate state rtable 2 For example, I can test connectivity to both sides via: setfib 1 ping -qc 5 8.8.8.8 setfib 2 ping -qc 5 8.8.8.8 And in case one of them doesn't work I can switch to other one by changing routing on fib 0. Everything seems to work fine with net.add_addr_allfibs enabled. But once it was disabled I started wondering whether I'm using the right tools to solve my problem, or this can be done easier. Disabling net.add_addr_allfibs means that only assigned interface will provide default route for correspondent fib, and you can't manually add them to the other fib. Or maybe I got that part totally wrong? Thanks in advance, any bit of knowledge would be appreciated. -- Sphinx of black quartz judge my vow.