From owner-freebsd-net@FreeBSD.ORG Fri Feb 22 07:28:05 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C105816A400 for ; Fri, 22 Feb 2008 07:28:05 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.237]) by mx1.freebsd.org (Postfix) with ESMTP id 569C913C455 for ; Fri, 22 Feb 2008 07:28:05 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: by wr-out-0506.google.com with SMTP id 68so504195wri.3 for ; Thu, 21 Feb 2008 23:28:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=LNbF5MlDimfOyVz2MtRaVJ7AyvK1MHtRDoeUQxMCiH0=; b=xC26nDVv+DIfox/uU0sjjakaDLiTqpdcyxRYanNhkGY/k+Qnouib4kgBYy5ZH3uJc+xgMyfbViBytmcvfv92B/0wKjoY18cnkFS79fkrwRfcopZMxzwZLPxWVOTo6wK9yXMXhCdaEIdQDkfkIxsjQwaNICb80lsrUzKP2067DDc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=T4CEZ3RmBXiIsQyzMQr7ogoPcbqUQPCVwOP7kM0VKnOfD2LcZa149dQGOD/GKlAZ18Vz/IDc7WJQauSFCGI22iMnF4w2CNxZeRpmCyK8EE9kdOdnpcrJdQuzm+QrLRbXQBpeb0+C5umtSL0MsfW5/0A5Ny8scmEH4JlUlVZuAhI= Received: by 10.142.98.18 with SMTP id v18mr8426890wfb.61.1203665283650; Thu, 21 Feb 2008 23:28:03 -0800 (PST) Received: by 10.143.125.7 with HTTP; Thu, 21 Feb 2008 23:28:03 -0800 (PST) Message-ID: Date: Fri, 22 Feb 2008 16:28:03 +0900 From: "Adrian Chadd" Sender: adrian.chadd@gmail.com To: "Wes Peters" In-Reply-To: <1C828D1A-192A-40ED-8391-DA316611E6E2@opensail.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20080219021012.95B1116A4CB@hub.freebsd.org> <8E87DC1A-6EC2-4E53-9FA3-17E694BE7846@opensail.org> <47BCA1AA.7060800@FreeBSD.org> <1C828D1A-192A-40ED-8391-DA316611E6E2@opensail.org> X-Google-Sender-Auth: 694693e10238d52e Cc: Nick Barnes , freebsd-net@freebsd.org, "Bruce M. Simpson" Subject: Re: Multiple default routes on multihome host X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Feb 2008 07:28:05 -0000 On 22/02/2008, Wes Peters wrote: > As much as anything I just object to the semantic dissonance in > "multiple" "default". Think about it. > > I still haven't decided what it means at the packet level to have > multiple default routes. Does that mean that, not having found a > "better" route, I send the packets out both routes? Choose between > them? Doesn't that tend to flap packets in a TCP "connection" back > and forth? Does my router have to remember which route it chose for a > TCP connection and reuse that one? For proper connection hijacking, you have to do this. FreeBSD doesn't. For example, take the situation where you have N routers (Cisco) with WCCPv2 redirecting snaffled packets back to a farm of proxies. The chosen proxy is determined by a hash function on the TCP frame. Now, the proxy hijacks that TCP connection (assuming it sees a symmetric flow!) and goes to connect to the original destination. Thing is, the outward packet flow now goes out the hosts default route, not the router which sent it the packet. Now, this mostly isn't a problem, but some Squid users are beginning to notice it being an issue. > I know people want to be able to plug in a pair of itty bitty routers > and just have their computers be smart enough to use the "best" one, > but it's not clear the implementations they are pushing us towards -- > Linux and Windows -- actually accomplish that. In fact, what they > usually do is screw it up badly and the people only THINK they're > getting any enhanced reliability. Thing is, the world isn't "ideal" anymore. End users with PA space wish to do HA type tricks. The old school idea of routing just doesn't apply when you don't "have" an autonomous system with sensible IP allocations and routing policy. I guess the only thing here to add is "tools, not policy." People would like these tools. Adrian -- Adrian Chadd - adrian@freebsd.org