Date: Wed, 4 Dec 2002 16:03:24 -0500 From: Don Bowman <don@sandvine.com> To: 'Julian Elischer' <julian@elischer.org>, Don Bowman <don@sandvine.com> Cc: "'freebsd-net@freebsd.org'" <freebsd-net@freebsd.org> Subject: RE: SO_DONTROUTE, arp's, ipfw fwd, etc Message-ID: <FE045D4D9F7AED4CBFF1B3B813C85337010230FC@mail.sandvine.com>
next in thread | raw e-mail | index | archive | help
From: Julian Elischer [mailto:julian@elischer.org] > The arp is issued because the TCP stack is responding to the > SYN packet with it's own SYN, but it doesn't have a route to the > origianal source, so it creates one, as it's local. this means that it > allocates an ARP entry for it which in turn causes an arp > request to be sent. The response will result in the SYN being > transmitted. This is all pretty normal. there will not be another > ARP sent for 18 minutes for that host.. thw question is.. > > Why does it think the source is local? are the routers below > doing proxy > arp? Did you give your interface a netmask of 0,0.0.0? > > Who responds to the arp? Its a layer-2 MAC rewrite, so it arrives on a local segment, but subnetting rules don't apply. No-one responds to the ARP, hence my problem :) I know what its doing now is normal, its just that it doesn't work in my configuration (which isn't typical). The interface in question has no IP or netmask (or at least, i would like it to not have one, its not needed). >You COULD write a netgraph node that adds routes as it receives packets >in fact it could keep it's own cache of IP/MAC mappings >and switch the MACs appropriatly on outgoing packets. >Possibly adding routes would be best. >It would identify the source from the src mac address, and >add add the appropriate entry to the routing table. >a bit like a learning bridge. I'm not sure I can write a route-rule for a connection since I could have a different path back to the same IP for a different TCP connection. Thus my idea just to let the PCB take care of it. >if there is bgp to the left, you could make this machine take part.. >do the routers do bgp? Not in all cases :( >Is there a reason that return routes are not added every time >a packet is received? Well, yes. For a start it may not be what everyone >wants. I have made great use of asymetrical routing many times >(e.g. some satelite internet connections are via modem for outgoing >and via the satelite for incoming.) OK, I understand. So if I make this change, it would only be useful if it were not the default / disableable. Perhaps it would be a socket option on the listen() socket... Similar to the SO_DONTROUTE I guess. Maybe that is what SO_DONTROUTE should mean for listen()? This is only an issue for passively accepted connections. This issue comes about due to the way WCCP works with its hashing buckets and with multiple routers feeding multiple caching servers: the routers load balance across caches (so each will distribute the sources addresses on its left to more than one cache). --don (don@sandvine.com www.sandvine.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FE045D4D9F7AED4CBFF1B3B813C85337010230FC>