From owner-freebsd-hackers Tue Apr 28 00:55:53 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA16949 for freebsd-hackers-outgoing; Tue, 28 Apr 1998 00:55:53 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from idiom.com (idiom.com [140.174.82.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA16929 for ; Tue, 28 Apr 1998 00:55:47 -0700 (PDT) (envelope-from muir@idiom.com) Received: (from muir@localhost) by idiom.com (8.8.7/8.8.5) id AAA11300; Tue, 28 Apr 1998 00:55:47 -0700 (PDT) Date: Tue, 28 Apr 1998 00:55:47 -0700 (PDT) From: David Muir Sharnoff Message-Id: <199804280755.AAA11300@idiom.com> To: freebsd-hackers@FreeBSD.ORG Subject: Routing problem that I need solved. Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG My fellow FreeBSD addicts, I've got a kernel mod that I need done. I could probably do it myself, but I would much prefer not to as I've got other fish to fry. I've also got slightly more money than time. I can afford to $2,000 as a thank-you if someone does this. Idiom is now multi-homed. Idiom has three sets of IP addresses: 1: addresses that can only be routed through BEST.COM 2: addresses that can only be routed through ABOVE.NET 3: addresses that can be routed through either BEST.COM or ABOVE.NET Most addresses are type 3 (routed through both). For reliability, it's important to keep a few key services using type 1 and type 2 addresses. For example, the two primary nameservers: ns.idiom.com uses a type 1 address and ns2.idiom.com uses a type 2 address. That provides some reliability for the incomming traffic. What I would like is to make sure that at least some of the outgoing traffic is symmetrical. If a packet is coming _from_ a type 1 address, then it should be routed out through BEST.COM. If it's coming from a type 2 address then it should be routed out through ABOVE.NET. I run OSPF internally, so the routing situation tends to be a bit dynamic. As many utilities as possible should reply using the address they were contacted on. DNS, radius, etc. That's a separate problem though. My solution to this would be to create another ipfw rule: "route through" Example of usage: # skip over packets that are inbound. ipfw add 100 skipto 200 all from any to 140.174.82/24 # type 1 ipfw add 110 skipto 200 all from any to 209.66.121/24 # type 2 ipfw add 120 skipto 200 all from any to 209.157.64/19 # type 3 # selectively route type 1 and type 2 outbound ipfw add 140 pass through 140.174.37.21 all from 140.174.82/24 to any ipfw add 150 pass through 209.66.121.1 all from 209.66.121/24 to any The semantics of "pass through" are that the next hop for the packet will be chosen as if it were bound for the address given. The same rule can be deployed throughout my network. There's one other detail that would help things: make the skipto rule fast. Right now the skipto rule does a linear search. I know that $2k is not much money for tricky kernel work, but it's what I can afford for this. Cisco routers can do routing based on the source address. I use -STABLE. I need a solution that's fit for production use and also fit for inclusion in -STABLE. Thanks, -Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message