Date: Fri, 23 Aug 1996 11:00:19 +0300 (EET DST) From: Vladimir Jakovenko <vovik@cmr.kiev.ua> To: rkw@dataplex.net (Richard Wackerbarth) Cc: freebsd-hackers@freebsd.org Subject: Re: IP over IP Message-ID: <199608230800.IAA06085@cmr.kiev.ua> In-Reply-To: <v02140b00ae42ada8c4c1@[199.183.109.242]> from "Richard Wackerbarth" at Aug 22, 96 07:47:44 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Hi!
>
> > using RFC1918 10.0.0.0 networks. Most routers are FreeBSD boxes,
> > except some stupid people with Novell.
> >
> > At present most FreeBSD boxes in our backbone don't have direct connection
> > to [oberon], only via 1-4 routers, for which we dont have sufficient number
> > of IP addresses from ISP. But we would like to give these FreeBSD boxes
> > such addresses, mostly because we want them to be able to connect to
> > Internet not via proxy [oberon], but directly, because [oberon] is a simple
> > PC-486 with 16Mb RAM and 1Gb HDD which acts as primary DNS, mail relay, and
> > proxy, and it is already highly loaded.
>
> OK, I'm confused. Do you want to assign an internet address to "cad"?
> If so, what will be the actual path to the outside? From your diagram it
> appears that the packets must still pass through "oberon". Are you simply
> attempting to avoid the proxy overhead but still be willing to take the
> routing overhead as the packets pass through "oberon"?
>
> If so, you can do it by using (static?) routes through the various routers.
Internet | Intranet
<--------[ oberon ]----[ inferno ]--------[ ee ]-----------[ cad ]
a.b.c.d 10.1 10.2 10.9 10.10 10.17 10.18
( Real IP) (Real IP)
Static routes are perfect if you have acces to all routers in 10.0.0.0
network, and also you MUST disable all ICMP in [oberon] ( no traceroutes
from outside of campus to [cad], etc. ).
> Tunneling should not be necessary since you control the internal network.
> Tunneling is used to do things like bypassing firewalls or running an
> encrypted connection between two campuses.
Ok, but with tunnels(or any other encapsulation) I can build virtual IP
network over existent network. If my existent network use OSPF I can use
load-balancing facility of OSPF. Also with IP over IP tunnels I can
build tunnel between pure conected parts of one AS via tunnel through
good connected another AS like that:
+------------+
| | High speed connection to AS abc
| AS abb +------------+
| | |
+---+ +---+ +----+----+
Low speed connection| | | AS abc |
between AS parts | | | |
+---+ +---+ +----+----+
| | |
| +------------+
| | High speed connection to AS abc
+------------+
>
>
>
I not so familiar with FBSD kernel internals, so I look arround tun and
iijppp and mostly complete tunnel implementation via user level program.
Also i get vif-x.xx.tgz and look arround it. The first version of them
based on IP over IP implementation, so it try to hack it.
Thanx for you respond,
Vladimir.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608230800.IAA06085>