From owner-freebsd-doc Mon Oct 19 15:59:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA29845 for freebsd-doc-outgoing; Mon, 19 Oct 1998 15:59:35 -0700 (PDT) (envelope-from owner-freebsd-doc@FreeBSD.ORG) Received: from aurora.sol.net (aurora.sol.net [206.55.65.76]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA29839 for ; Mon, 19 Oct 1998 15:59:33 -0700 (PDT) (envelope-from jgreco@aurora.sol.net) Received: (from jgreco@localhost) by aurora.sol.net (8.8.8/8.8.8/SNNS-1.02) id RAA19704 for freebsd-doc@freebsd.org; Mon, 19 Oct 1998 17:59:08 -0500 (CDT) From: Joe Greco Message-Id: <199810192259.RAA19704@aurora.sol.net> Subject: Would you like to add... To: freebsd-doc@FreeBSD.ORG Date: Mon, 19 Oct 1998 17:59:08 -0500 (CDT) X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ken is right, this is a good contribution to the handbook, or maybe a more advanced users guide of some sort. If you would like me to write it in slightly less terse language, I don't have an objection to doing so, plus I can provide some pointers to other code/patches that I have available. Message-ID: <360B9A16.703A3FDA@us.endress.com> Date: Fri, 25 Sep 1998 08:26:46 -0500 From: Kenneth Furge X-Mailer: Mozilla 4.05 [en] (Win95; I) MIME-Version: 1.0 Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: Dual/Quad NICs References: <6ub472$k3i$1@apakabar.cc.columbia.edu> <6udost$nsi@newsops.execpc.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit NNTP-Posting-Host: 198.133.30.20 X-Trace: 25 Sep 1998 13:26:49 GMT, 198.133.30.20 Organization: IBM.NET Lines: 137 X-Notice: Items posted that violate the IBM.NET Acceptable Use Policy X-Notice: should be reported to postmaster@ibm.net X-Complaints-To: postmaster@ibm.net Path: daily-bugle.newsops.execpc.com!newsops.execpc.com!newstank.sol.net!newspeer.sol.net!news.execpc.com!newsengine.sol.net!feed1.news.rcn.net!rcn!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!newsfeed.internetmci.com!165.87.194.242!newsm2.ibm.net!ibm.net!news3.ibm.net!198.133.30.20 If it's not there already, this one belongs in the handbook. - K.C. [ printing now for future reference... ] Joe Greco wrote: > > In comp.unix.bsd.freebsd.misc article <6ub472$k3i$1@apakabar.cc.columbia.edu>, wpaul@ctr.columbia.edu (Bill Paul) wrote: > :The trick is to have the second interface take over for the first without > :any traffic interruption. This sort of implies letting the second interface > :adopt the first interface's IP address; this is the only way you can keep > :existing connections alive. > > ERROR, ERROR ;-) > > This is NOT the only way to keep existing connections alive. As a matter > of fact, it's exactly the wrong way to try to keep existing connections > alive. As a matter of fact, I'm sorta sure that the IP stack tends to > associate a particular _interface_ with a given connection, since I've > never been able to get transitioning of an IP address between multiple > interfaces to work OK. > > Take advantage of what the kernel does give you, and turn on packet > forwarding. > > Create yourself a kernel with more than one instance of the loopback > interface. Now, ifconfig "lo1" as the destination address that you > wish to use. > > Configure {ed,de,xx}0 with an arbitrary IP address on a valid network > and {ed,de,xx}1 on a different network. I will give a _working_ example > in a minute. > > Now, run your service. If you intend to establish outbound connections, > and your code does not support specific-interface binding (Squid and > Apache do, some other things don't), you may wish to alter the source > code a bit to change INADDR_ANY bindings to point to a specific address. > I can provide working examples for bind4, ntp4, sendmail8, etc. > > Now, you have bound your service to an interface that _cannot_ physically > fail, and has a constant IP address. Now you merely need to get your > network to forward you the traffic. Use OSPF. > > My Squid server is a classic but simple example of this type of strategy. > It is connected via direct crossover Ethernet links to two of my core > routers, and the network configuration looks like this for the de's: > > de0: flags=c863 mtu 1500 > inet 206.55.68.230 netmask 0xfffffffc broadcast 206.55.68.231 > de1: flags=c863 mtu 1500 > inet 206.55.69.10 netmask 0xfffffffc broadcast 206.55.69.11 > > These links correspond to 206.55.68.229 and 206.55.69.9, interfaces on my > core routers. > > I then configure lo1: > > lo1: flags=8049 mtu 16384 > inet 206.55.64.121 netmask 0xffffffff > inet 206.55.64.84 netmask 0xffffffff > inet 206.55.64.88 netmask 0xffffffff > > The first one is the address associated with the machine's primary > hostname, and the second two are "virtual service" addresses. This > allows me to move services between machines simply by re-ifconfig'ing > an interface or two. > > Now the trick is to export routes with gated. The following is roughly > approximate, but may not work verbatim due to the fact that I am > butchering some stuff out on the fly: > > interfaces { > interface de passive ; > } ; > > %include "/etc/gated.routerid" > > rip no ; > > hello no ; > > ospf yes { > defaults { > preference 150 ; > } ; > > traceoptions all ; > > monauthkey "yeahright" ; > (ospf_area-or-backbone) { > authtype whatever ; > interface de cost 10416 { > priority 2 ; > authkey "likeillgivethatout" ; > retransmitinterval 5 ; > transitdelay 1 ; > hellointerval 10 ; > routerdeadinterval 40 ; > } ; > stubhosts { > 206.55.64.121 cost 1024 ; > } ; > stubhosts { > 206.55.64.84 cost 1024 ; > } ; > stubhosts { > 206.55.64.88 cost 1024 ; > } ; > } ; > }; > > export proto ospfase type 1 { > proto direct { > ALL > metric 1 ; > } ; > proto static { > ALL > metric 999 ; > } ; > }; > > So this announces routes into my OSPF routing architecture to bring in > those addresses, which will come in _via_either_ethernet_ regardless of > reachability. This isn't necessarily the most ideal way. I'm not a > gated rocket-boy. But it does work. (And if any gated rocket-boys want > to tell me how to do this correctly, please do). You can also do some > load balancing via careful costing of routes. > > I can actually sit there on the Squid server and alternately "down" de0 > and de1, and aside from a few seconds of route recomputation, there is > virtually no disruption of traffic - or my login session. > > It works. > > ... JG ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message