From owner-freebsd-net@FreeBSD.ORG Tue Apr 14 17:59:15 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 43EB01065673 for ; Tue, 14 Apr 2009 17:59:15 +0000 (UTC) (envelope-from sthaug@nethelp.no) Received: from bizet.nethelp.no (bizet.nethelp.no [195.1.209.33]) by mx1.freebsd.org (Postfix) with SMTP id 9C6088FC1A for ; Tue, 14 Apr 2009 17:59:14 +0000 (UTC) (envelope-from sthaug@nethelp.no) Received: (qmail 68418 invoked from network); 14 Apr 2009 17:59:12 -0000 Received: from bizet.nethelp.no (HELO localhost) (195.1.209.33) by bizet.nethelp.no with SMTP; 14 Apr 2009 17:59:12 -0000 Date: Tue, 14 Apr 2009 19:59:12 +0200 (CEST) Message-Id: <20090414.195912.74700172.sthaug@nethelp.no> To: steve@ibctech.ca From: sthaug@nethelp.no In-Reply-To: <49E48799.1000300@ibctech.ca> References: <20090413.220932.74699777.sthaug@nethelp.no> <49E41755.8050701@elischer.org> <49E48799.1000300@ibctech.ca> X-Mailer: Mew version 3.3 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, julian@elischer.org, pcc@gmx.net Subject: Re: Multiple default routes / Force external routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Apr 2009 17:59:15 -0000 > Perhaps the OP should rephrase his desire. > > To me, it sounds like he wants to turn the FBSD box into a VLAN > aggregator, and then "trunk" the VLANs to an external router to route > between the VLAN subnets. It's more that I'd like my FreeBSD box to be able to handle multiple routing tables completely, as seen from an L3VPN point of view (this is what Cisco calls VRF-lite, which is obviously not a full fledged MPLS L3VPN implementation): - A box can have multiple routing tables. These are logically separate. - Each interface is connected to one and only one routing table. Each routing table may have zero or more interfaces connected to it. Cisco and many other vendors call a routing table with interfaces connected to it a VRF, Virtual Router and Forwarding instance, see for instance http://en.wikipedia.org/wiki/VRF - There is no traffic between VRFs within the box (and thus, if two interfaces are in different routing tables, you can *not* get traffic between them within the box). There is no "short-circuit" between VRFs. If two interfaces are in the *same* routing table (same VRF) you can of course have traffic between them. - To go between VRFs you need to send the traffic to an external device, for instance a firewall. Thus if I have a box with the following routing tables/interfaces/ IP addresses: Table Intf IP address 1 vlan0 192.168.1.1/30 2 vlan1 192.168.2.1/30 2 vlan2 192.168.3.1/30 then I can communicate from 192.168.2.1 to 192.168.3.1 within the box, since both of these interfaces are in the same routing table. But I cannot communicate from 192.168.2.1 to 192.168.1.1 within the box, since these interfaces are in separate routing tables. To get from 192.168.2.1 to 192.168.1.1 I need to send the traffic to an external device. Steinar Haug, Nethelp consulting, sthaug@nethelp.no