From owner-freebsd-hackers Tue Apr 28 06:11:57 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
by hub.freebsd.org (8.8.8/8.8.8) id GAA16634
for freebsd-hackers-outgoing; Tue, 28 Apr 1998 06:11:57 -0700 (PDT)
(envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from sasami.jurai.net (winter@sasami.jurai.net [207.153.65.3])
by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA16623
for <freebsd-hackers@FreeBSD.ORG>; Tue, 28 Apr 1998 06:11:47 -0700 (PDT)
(envelope-from winter@jurai.net)
Received: from localhost (winter@localhost)
by sasami.jurai.net (8.8.8/8.8.7) with SMTP id JAA18861;
Tue, 28 Apr 1998 09:11:27 -0400 (EDT)
Date: Tue, 28 Apr 1998 09:11:27 -0400 (EDT)
From: "Matthew N. Dodd" <winter@jurai.net>
To: David Muir Sharnoff <muir@idiom.com>
cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: Routing problem that I need solved.
In-Reply-To: <199804280755.AAA11300@idiom.com>
Message-ID: <Pine.BSF.3.96.980428091116.21511W-100000@sasami.jurai.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG
Check out Vixie's ifdefault patches.
On Tue, 28 Apr 1998, David Muir Sharnoff wrote:
>
> My fellow FreeBSD addicts, I've got a kernel mod that I need done.
> I could probably do it myself, but I would much prefer not to as
> I've got other fish to fry. I've also got slightly more money than
> time. I can afford to $2,000 as a thank-you if someone does this.
>
>
> Idiom is now multi-homed. Idiom has three sets of IP addresses:
> 1: addresses that can only be routed through BEST.COM
> 2: addresses that can only be routed through ABOVE.NET
> 3: addresses that can be routed through either BEST.COM or ABOVE.NET
>
> Most addresses are type 3 (routed through both). For reliability,
> it's important to keep a few key services using type 1 and type 2
> addresses. For example, the two primary nameservers: ns.idiom.com
> uses a type 1 address and ns2.idiom.com uses a type 2 address.
>
> That provides some reliability for the incomming traffic. What I
> would like is to make sure that at least some of the outgoing traffic
> is symmetrical.
>
> If a packet is coming _from_ a type 1 address, then it should be
> routed out through BEST.COM. If it's coming from a type 2 address then it
> should be routed out through ABOVE.NET.
>
> I run OSPF internally, so the routing situation tends to be a bit
> dynamic.
>
> As many utilities as possible should reply using the address they were
> contacted on. DNS, radius, etc. That's a separate problem though.
>
> My solution to this would be to create another ipfw rule: "route through"
>
> Example of usage:
>
> # skip over packets that are inbound.
>
> ipfw add 100 skipto 200 all from any to 140.174.82/24 # type 1
> ipfw add 110 skipto 200 all from any to 209.66.121/24 # type 2
> ipfw add 120 skipto 200 all from any to 209.157.64/19 # type 3
>
> # selectively route type 1 and type 2 outbound
>
> ipfw add 140 pass through 140.174.37.21 all from 140.174.82/24 to any
> ipfw add 150 pass through 209.66.121.1 all from 209.66.121/24 to any
>
> The semantics of "pass through" are that the next hop for the packet
> will be chosen as if it were bound for the address given. The same rule
> can be deployed throughout my network.
>
> There's one other detail that would help things: make the skipto rule fast.
> Right now the skipto rule does a linear search.
>
> I know that $2k is not much money for tricky kernel work, but it's
> what I can afford for this. Cisco routers can do routing based on
> the source address.
>
> I use -STABLE. I need a solution that's fit for production use and
> also fit for inclusion in -STABLE.
>
> Thanks,
>
> -Dave
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
>
/*
Matthew N. Dodd | A memory retaining a love you had for life
winter@jurai.net | As cruel as it seems nothing ever seems to
http://www.jurai.net/~winter | go right - FLA M 3.1:53
*/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message