From owner-freebsd-net@FreeBSD.ORG  Mon Feb 18 21:56:01 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 041B416A420
	for <freebsd-net@freebsd.org>; Mon, 18 Feb 2008 21:56:01 +0000 (UTC)
	(envelope-from nb@ravenbrook.com)
Received: from raven.ravenbrook.com (raven.ravenbrook.com [193.82.131.18])
	by mx1.freebsd.org (Postfix) with ESMTP id 89EEC13C506
	for <freebsd-net@freebsd.org>; Mon, 18 Feb 2008 21:56:00 +0000 (UTC)
	(envelope-from nb@ravenbrook.com)
Received: from thrush.ravenbrook.com (thrush.ravenbrook.com [193.112.141.145])
	by raven.ravenbrook.com (8.13.8/8.13.8) with ESMTP id m1ILtojA071753;
	Mon, 18 Feb 2008 21:55:50 GMT (envelope-from nb@ravenbrook.com)
Received: from thrush.ravenbrook.com (localhost [127.0.0.1])
	by thrush.ravenbrook.com (8.13.4/8.13.4) with ESMTP id m1ILtoWZ038549; 
	Mon, 18 Feb 2008 21:55:50 GMT
	(envelope-from nb@thrush.ravenbrook.com)
From: Nick Barnes <Nick.Barnes@pobox.com>
To: Bill Moran <wmoran@collaborativefusion.com>
In-Reply-To: <20080218163618.5e6672d3.wmoran@collaborativefusion.com> 
	from Bill Moran <wmoran@collaborativefusion.com> 
	of "Mon, 18 Feb 2008 16:36:18 -0500"
Date: Mon, 18 Feb 2008 21:55:50 +0000
Message-ID: <38548.1203371750@thrush.ravenbrook.com>
Sender: nb@ravenbrook.com
X-Virus-Scanned: ClamAV version 0.92,
	clamav-milter version 0.92 on raven.ravenbrook.com
X-Virus-Status: Clean
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on raven.ravenbrook.com
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00
	autolearn=ham version=3.2.3
Cc: freebsd-net@freebsd.org
Subject: Re: Multiple default routes on multihome host 
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Feb 2008 21:56:01 -0000

At 2008-02-18 21:36:18+0000, Bill Moran writes:
> In response to Nick Barnes <Nick.Barnes@pobox.com>:
> 
> > I have a multi-home host: more than one IP address.  The addresses are
> > in separate subnets but run over the same ethernet segment (this is a
> > temporary situation while I switch an office network over from one
> > network provider to another).
> > 
> > I want packets from address A1 to be sent via gateway G1, but packets
> > from address A2 to be sent via gateway G2.
> > 
> > How do I do this?  Can I just have more than one default route?  I'm
> > remote from the machine in question, so I don't want to tinker with
> > the default route until I'm sure of the answer.
> 
> You can't have multiple default routes.  The fact that you want to is
> an indicator of incorrect network design, although it could be an
> artifact of the interim setup while you migrate things around.
> 
> I would suggest you ask yourself (and possibly the list) _why_ you think
> multiple default routes is necessary ... what is it that you're hoping
> to accomplish.  I'm guessing your looking for some sort of redundancy,
> in which case something like CARP or RIP is liable to be the correct
> solution.

I agree that this is probably my inexperience showing.

I have an office network which is switching leased line, from provider
P1 to provider P2.  I have a /25 from P1 and a (different) /24 from
P2.  I am doing the migration a few machines at a time: move a little,
test a little, etc.  I am dual-homing each host for a short period
while I am switching it over.  The dual-homing works just fine, over a
shared ethernet segment, except for the fact that I can only have one
default route.

This means that I am sending packets from an address given to me by P2
to P1's router (my existing default route).  As an experimental
matter, today, this does in fact work - these packets are getting to
their destinations, via P1 - but it looks a heck of a lot like
spoofing and I am half-expecting the wrath of P1 to descend on me.
Either that or for them to silently stop routing the packets.

I would rather send packets from the P2 subnet addresses to the P2
router, while the packets from the P1 subnet addresses keep going to
the P1 router.

Apparently I can do this with some IPFW cunning, but that seems like
overkill for what seems like it ought to be a common problem.

If I were in the office, I would gird my loins for a single hard
session on all the consoles, to do all the config changes at once,
abandoning the P1 addresses.  As it is, doing it remotely, I'm being a
little more tentative.

Nick B