Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 22 Feb 2008 01:44:17 -0600
From:      Kevin Day <toasty@dragondata.com>
To:        Wes Peters <wes@opensail.org>
Cc:        freebsd-net@freebsd.org
Subject:   Re: Multiple default routes on multihome host
Message-ID:  <D44581C4-0B01-4E82-9EC9-59721A01B481@dragondata.com>
In-Reply-To: <1C828D1A-192A-40ED-8391-DA316611E6E2@opensail.org>
References:  <20080219021012.95B1116A4CB@hub.freebsd.org> <8E87DC1A-6EC2-4E53-9FA3-17E694BE7846@opensail.org> <47BCA1AA.7060800@FreeBSD.org> <1C828D1A-192A-40ED-8391-DA316611E6E2@opensail.org>

next in thread | previous in thread | raw e-mail | index | archive | help

On Feb 21, 2008, at 9:51 PM, Wes Peters wrote:
>
> As much as anything I just object to the semantic dissonance in  
> "multiple" "default".  Think about it.
>
> I still haven't decided what it means at the packet level to have  
> multiple default routes.  Does that mean that, not having found a  
> "better" route, I send the packets out both routes?  Choose between  
> them?  Doesn't that tend to flap packets in a TCP "connection" back  
> and forth?  Does my router have to remember which route it chose for  
> a TCP connection and reuse that one?
>
> I know people want to be able to plug in a pair of itty bitty  
> routers and just have their computers be smart enough to use the  
> "best" one, but it's not clear the implementations they are pushing  
> us towards -- Linux and Windows -- actually accomplish that.  In  
> fact, what they usually do is screw it up badly and the people only  
> THINK they're getting any enhanced reliability.
>

I know I'm not who you were asking, but I can give you an example of  
where we've used this successfully.

Our branch office has a T1 to our main office. The branch office has  
a /26 of public IPs routed over the T1. The T1 has extremely low  
latency, and plenty of bandwidth for the business side of things. The  
problem is that it didn't have enough bandwidth to handle a bunch of  
people watching videos on YouTube, downloading OS updates and  
everything else. I played with QoS and traffic shaping, but the  
solution for us was more bandwidth. Adding additional T1s was  
impossible, but we could get a very fast business DSL line to the  
office. They obviously wouldn't run BGP with us over it, so some  
trickery was required to make use of both connections at once.

On our firewall/router box at the branch office, we've got 3 ethernet  
interfaces. em0 goes to our LAN(1.2.3.4/26). em1 goes to the T1  
router. em2 goes to the DSL line(5.6.7.8/24).

The system's default route is through em1 to the T1. I want to send  
some traffic over the DSL line, em2. This is complicated by the fact  
that the DSL provider has only given us one IP and won't route our  
corporate IPs. So, I started up a natd instance:

natd -interface em2 -same_ports -dynamic

Now, with ipfw I can select which traffic goes through the DSL line:

ipfw add 100 divert 8668 ip from 1.2.3.0/26 to any 80   # Send all  
HTTP traffic through natd, which will go through the DSL line

Next, I need to force all traffic sourced on the DSL line's IP to  
actually go out the DSL interface. Without this, the kernel tries  
sending packets sourced with the DSL line's IP over the T1.

ipfw add 200 fwd $dsl_line_gateway ip from 5.6.7.8 to not 1.2.3.0/26    
# If it's not trying to talk to a local IP, force it to go down the  
DSL line if it's using the DSL source IP.


Now, like magic, web traffic goes over the DSL line. Everything else  
goes over the T1. In reality the configuration is much more complex,  
but it's easy enough with ipfw rules to specify what I want to go down  
the DSL line (divert it) and what I want to go down the T1.

If I didn't have to deal with the lack of routing cooperation from our  
DSL provider, I could skip the natd step completely and just fwd  
traffic as appropriate.


This isn't truly multiple default routes, but it's as close as I can  
get. As-is it adds no redundancy at all, but it was very easy to  
script something up that checked the liveliness of both interfaces and  
completely redirect everything to go down one or the other if one goes  
down.

Make sense?

-- Kevin




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D44581C4-0B01-4E82-9EC9-59721A01B481>