From owner-freebsd-net Wed Dec 4 12:37:53 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C36C37B401 for ; Wed, 4 Dec 2002 12:37:51 -0800 (PST) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6212543EBE for ; Wed, 4 Dec 2002 12:37:50 -0800 (PST) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id ; Wed, 4 Dec 2002 15:37:49 -0500 Message-ID: From: Don Bowman To: 'Chuck Swiger' , Don Bowman Cc: "'freebsd-net@freebsd.org'" Subject: RE: SO_DONTROUTE, arp's, ipfw fwd, etc Date: Wed, 4 Dec 2002 15:37:44 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > -----Original Message----- > From: Chuck Swiger [mailto:cswiger@mac.com] > On Wednesday, December 4, 2002, at 03:20 PM, Don Bowman wrote: > > > What's happening is I have >1 router feeding me sessions which > > I'm transparently proxying (e.g. squid). > > Obviously I can't have a default route back to each of them. > > > > So I have something like: > > > > [Router1]---\ > > \ > > [Router2]--------[BSD] > > / > > [Router3]---/ > > > > This is done with a layer-2 mac rewrite, ie the router > takes the packet, > > doesn't modify the IP header, but changes the destination MAC to > > be that of the BSD machine. > > You can't have more than one default route, but you certainly > can have > several static or dynamic routes to select the appropriate > router to send > responses back. You could also look into policy-based routing or > multihoming the connections, but I guess that depends on what > you're doing. > > > I can't make the route be one of those routers, > > and the routing tables are too complicated to install (since there > > may be BGP on the left of them, etc, etc). Its important for > > me the response packets go back through the same path (to avoid > > reordering etc). > > What happens if incoming traffic comes via more than one router at a > time-- how should your system decide which path to send > replies back? > Based on the source IP? These are isp-sized routers (complicated networks with different peering points to other networks). Static routes don't work since they are much too dynamic. Additionally, the widget which is picking the traffic to send (like Cisco WCCP) is load-balancing, so there's another striping of data going on. I'd like to just send it back to the router it came from. I won't have a single TCP session come from more than one router, but will have the same source or destination IP come from the different routers concurrently. I'm not sure what you mean by policy-based routing. If its the same thing as on a router, then its not appropriate since it will be based on IP. In the example diagram above, I might have a case where host 'A' sends host 'B' two concurrent TCP sessions. These will both transparently arrive @ the BSD box, one via router1, one via router2. Triangulation breaks the application, so A->B(session1) needs to always flow via the same router it started on. I'm thinking this is achieved by just caching the interface & destination MAC etc in the PCB for the TCP session. It does this anyway once its finished sending the SYN/ACK, its just that it follows routing rules and ARP's for the SYN/ACK. This is a common application for e.g. Squid when being fed by more than one router. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message