From owner-freebsd-hackers Fri Aug 23 00:36:18 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id AAA03972 for hackers-outgoing; Fri, 23 Aug 1996 00:36:18 -0700 (PDT) Received: from cmr.kiev.ua (root@cmr.kiev.ua [193.193.193.50]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id AAA03881 for ; Fri, 23 Aug 1996 00:35:54 -0700 (PDT) Received: (vovik@localhost) by cmr.kiev.ua (Sendmail 8.who.cares/5) id IAA06085; Fri, 23 Aug 1996 08:00:20 GMT From: Vladimir Jakovenko Message-Id: <199608230800.IAA06085@cmr.kiev.ua> Subject: Re: IP over IP To: rkw@dataplex.net (Richard Wackerbarth) Date: Fri, 23 Aug 1996 11:00:19 +0300 (EET DST) Cc: freebsd-hackers@freebsd.org In-Reply-To: from "Richard Wackerbarth" at Aug 22, 96 07:47:44 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi! > > > using RFC1918 10.0.0.0 networks. Most routers are FreeBSD boxes, > > except some stupid people with Novell. > > > > At present most FreeBSD boxes in our backbone don't have direct connection > > to [oberon], only via 1-4 routers, for which we dont have sufficient number > > of IP addresses from ISP. But we would like to give these FreeBSD boxes > > such addresses, mostly because we want them to be able to connect to > > Internet not via proxy [oberon], but directly, because [oberon] is a simple > > PC-486 with 16Mb RAM and 1Gb HDD which acts as primary DNS, mail relay, and > > proxy, and it is already highly loaded. > > OK, I'm confused. Do you want to assign an internet address to "cad"? > If so, what will be the actual path to the outside? From your diagram it > appears that the packets must still pass through "oberon". Are you simply > attempting to avoid the proxy overhead but still be willing to take the > routing overhead as the packets pass through "oberon"? > > If so, you can do it by using (static?) routes through the various routers. Internet | Intranet <--------[ oberon ]----[ inferno ]--------[ ee ]-----------[ cad ] a.b.c.d 10.1 10.2 10.9 10.10 10.17 10.18 ( Real IP) (Real IP) Static routes are perfect if you have acces to all routers in 10.0.0.0 network, and also you MUST disable all ICMP in [oberon] ( no traceroutes from outside of campus to [cad], etc. ). > Tunneling should not be necessary since you control the internal network. > Tunneling is used to do things like bypassing firewalls or running an > encrypted connection between two campuses. Ok, but with tunnels(or any other encapsulation) I can build virtual IP network over existent network. If my existent network use OSPF I can use load-balancing facility of OSPF. Also with IP over IP tunnels I can build tunnel between pure conected parts of one AS via tunnel through good connected another AS like that: +------------+ | | High speed connection to AS abc | AS abb +------------+ | | | +---+ +---+ +----+----+ Low speed connection| | | AS abc | between AS parts | | | | +---+ +---+ +----+----+ | | | | +------------+ | | High speed connection to AS abc +------------+ > > > I not so familiar with FBSD kernel internals, so I look arround tun and iijppp and mostly complete tunnel implementation via user level program. Also i get vif-x.xx.tgz and look arround it. The first version of them based on IP over IP implementation, so it try to hack it. Thanx for you respond, Vladimir.