From owner-freebsd-net@FreeBSD.ORG Fri Dec 9 06:08:45 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B64B916A41F for ; Fri, 9 Dec 2005 06:08:45 +0000 (GMT) (envelope-from bsd@roamingsolutions.net) Received: from basillia.speedxs.net (basillia.speedxs.net [83.98.255.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6387343D79 for ; Fri, 9 Dec 2005 06:08:43 +0000 (GMT) (envelope-from bsd@roamingsolutions.net) Received: from ongers.net (ongers.speedxs.nl [83.98.237.210]) by basillia.speedxs.net (Postfix) with ESMTP id 820F17454; Fri, 9 Dec 2005 06:52:38 +0100 (CET) Received: from (165.146.252.33 [165.146.252.33]) by MailEnable Inbound Mail Agent with ESMTP; Fri, 09 Dec 2005 07:16:32 +0100 Message-ID: <43991FDC.3040002@roamingsolutions.net> Date: Fri, 09 Dec 2005 08:10:36 +0200 From: G Bryant User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Claudio Jeker References: <4397A2D1.452F290A@freebsd.org> <20051208161245.GB19179@diehard.n-r-g.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 0549-3, 2005/12/07), Outbound message X-Antivirus-Status: Clean Cc: freebsd-net@freebsd.org Subject: Re: Programming Question: Policy Based Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Dec 2005 06:08:45 -0000 Sorry - my formatting fell over... I am currently using a solution with FreeBSD 5.4 where different packets get routed out different routes. I'm using IPFW and according to protocol or source IP (but IPWF can recognise any IP header criteria you like), I then FWD the packets to the specific gateway required. For this solution to work, you need to make all the gateways available from a single external NIC (or multiple NIC's that have been ng_hook'd). Let me know if you would like examples. Regards Graham Ivo Vachkov wrote: >2005/12/8, Claudio Jeker : > > >>On Thu, Dec 08, 2005 at 01:15:04PM +0200, Ivo Vachkov wrote: >> >> >>>>Normally it's the other way around. >>>> >>>> >>>So be it :) >>> >>>My definition of Policy-Based Routing (PBR): ability make routing >>>decision based on information other than destination IP address in the >>>packet. In my project this "other" information includes source ip >>>address, L4 protocol, tos, packet length. >>> >>>Implementation: >>> >>>Plan 1) This is complex standalone solution implemented entirely in >>>the kernel, plus userland utilities (like the route command). Whole >>>current routing engine will be changed. Instead of Patricia tree I >>>implement a list of data structures, each one including special mask >>>which identifies what field of the IP header are used to match the >>>packet and an AVL tree to store routing information in it. Algorithm >>>is simple: >>> >>> >>An AVL tree is far from optimal for route lookups -- think about longest >>prefix matches. It is even worse than a Patricia tree. >>Also doing the packet classification as part of the route lookup is IMO a >>bad idea. Also the linear list that needs to be traversed for every packet >>is very expensive because you can only do one comparison at a time. >> >> > >I am aware that this part sux :) That's why I'm asking for other >people's opinions. > > > >>>Plan B) *Somehow very Linuxish* Using some sort of packet classifier >>>(for example packet filter matching code) it marks the packet with a >>>some user defined value. Example: >>> ipfw add mark 10 ip from 192.168.0.0/24 to 192.168.10.0/24 >>>and: >>> pbr_route add -mark 10 $gateway >>>The kernel implementation should check for such marks on every packet >>>and search them in a binary search tree (AVL probably). >>> >>>That's it. Please, excuse my bad english and poor explanations. If you >>>have any questions I'll try to explain better, probably using more >>>examples. >>> >>> >>> >>This is a better approach and much simpler. Pf and IPFW have a >>powerful classifier and with tables, states, ... it is possible to reduce >>the classification time significantly. >> >> >> > >However this binds the code with some external software. Further more, >what should i use to "mark" packets originating from the host ... at >some point it get too complex to configure, many rules should be to >written just to get it working ... > > > >>-- >>:wq Claudio >>_______________________________________________ >>freebsd-net@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-net >>To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> >> >> >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > >