Date: Tue, 28 Apr 1998 09:11:27 -0400 (EDT) From: "Matthew N. Dodd" <winter@jurai.net> To: David Muir Sharnoff <muir@idiom.com> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Routing problem that I need solved. Message-ID: <Pine.BSF.3.96.980428091116.21511W-100000@sasami.jurai.net> In-Reply-To: <199804280755.AAA11300@idiom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Check out Vixie's ifdefault patches. On Tue, 28 Apr 1998, David Muir Sharnoff wrote: > > My fellow FreeBSD addicts, I've got a kernel mod that I need done. > I could probably do it myself, but I would much prefer not to as > I've got other fish to fry. I've also got slightly more money than > time. I can afford to $2,000 as a thank-you if someone does this. > > > Idiom is now multi-homed. Idiom has three sets of IP addresses: > 1: addresses that can only be routed through BEST.COM > 2: addresses that can only be routed through ABOVE.NET > 3: addresses that can be routed through either BEST.COM or ABOVE.NET > > Most addresses are type 3 (routed through both). For reliability, > it's important to keep a few key services using type 1 and type 2 > addresses. For example, the two primary nameservers: ns.idiom.com > uses a type 1 address and ns2.idiom.com uses a type 2 address. > > That provides some reliability for the incomming traffic. What I > would like is to make sure that at least some of the outgoing traffic > is symmetrical. > > If a packet is coming _from_ a type 1 address, then it should be > routed out through BEST.COM. If it's coming from a type 2 address then it > should be routed out through ABOVE.NET. > > I run OSPF internally, so the routing situation tends to be a bit > dynamic. > > As many utilities as possible should reply using the address they were > contacted on. DNS, radius, etc. That's a separate problem though. > > My solution to this would be to create another ipfw rule: "route through" > > Example of usage: > > # skip over packets that are inbound. > > ipfw add 100 skipto 200 all from any to 140.174.82/24 # type 1 > ipfw add 110 skipto 200 all from any to 209.66.121/24 # type 2 > ipfw add 120 skipto 200 all from any to 209.157.64/19 # type 3 > > # selectively route type 1 and type 2 outbound > > ipfw add 140 pass through 140.174.37.21 all from 140.174.82/24 to any > ipfw add 150 pass through 209.66.121.1 all from 209.66.121/24 to any > > The semantics of "pass through" are that the next hop for the packet > will be chosen as if it were bound for the address given. The same rule > can be deployed throughout my network. > > There's one other detail that would help things: make the skipto rule fast. > Right now the skipto rule does a linear search. > > I know that $2k is not much money for tricky kernel work, but it's > what I can afford for this. Cisco routers can do routing based on > the source address. > > I use -STABLE. I need a solution that's fit for production use and > also fit for inclusion in -STABLE. > > Thanks, > > -Dave > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > /* Matthew N. Dodd | A memory retaining a love you had for life winter@jurai.net | As cruel as it seems nothing ever seems to http://www.jurai.net/~winter | go right - FLA M 3.1:53 */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980428091116.21511W-100000>