From owner-freebsd-net  Sat Mar 17 20:48:10 2001
Delivered-To: freebsd-net@freebsd.org
Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220])
	by hub.freebsd.org (Postfix) with ESMTP id 1859C37B719
	for <freebsd-net@freebsd.org>; Sat, 17 Mar 2001 20:48:06 -0800 (PST)
	(envelope-from wes@softweyr.com)
Received: from [127.0.0.1] (helo=softweyr.com ident=d310c0531864e6027cf81c572427e76b)
	by homer.softweyr.com with esmtp (Exim 3.16 #1)
	id 14eV77-0007Ww-00; Sat, 17 Mar 2001 21:48:21 -0700
Message-ID: <3AB43E15.8D288A7F@softweyr.com>
Date: Sat, 17 Mar 2001 21:48:21 -0700
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Nick Rogness <nick@rogness.net>
Cc: freebsd-net@FreeBSD.ORG, Jeroen Ruigrok/Asmodai <asmodai@wxs.nl>
Subject: Re: same interface Route Cache
References: <Pine.BSF.4.21.0103171002500.16887-100000@cody.jharris.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Nick Rogness wrote:
> 
> On Sat, 17 Mar 2001, Wes Peters wrote:
> 
>         [Wes, if you get this, for some reason I can't send to your
>         domain.]
> 
>         You are not understanding what I am trying to say.  Once again I'll try to
>         clarify.
> 
> > >         For dual-homed hosts, this is a problem because your packet gets
> > >         sent out the default gateway, which may or may not get filtered
> > >         upstream.  This is usually solved by running a routing deamon but
> > >         most upstreams won't allow you to do that anyway (cable,dsl,etc).
> >
> > If you have a dual-homed host that is simply routing an internal LAN to
> > the external network, you don't need anything other than a default route.
> > If it's not bound for the internal network, it goes to the external
> > network, by definition.
> >
> 
>         Actually, that is not what "dual-homed" in the internet
>         world means.  Dual homed is having 2 *public* Internet
>         connections.  That's ISP lingo.

No, that's just wrong.  "dual-homed" means it has two network interfaces;
all routers are dual-homed at least.  ISPs are not allowed to hijack the
terminology any more that the Linux losers are.

> > I completely fail to see that you have actually stated a problem yet.
> >
> > What exactly is the problem you think you're trying to solve here?
> >
> 
>         Consider the following.  I have to restate this every damn couple
>         of weeks to get it through.  Here is the problem:
> 
>                 ISP#1                   ISP#2
>                 |                       |
>                 |                       |
>                 --- xl0 FreeBSD xl1 -----
>                          xl2
>                           |
>                           |
>                          Internal network
>                           |
>                           |
>                           Machine 1

Your FreeBSD machine in this example has three interfaces, and needs to run
a routing daemon.  This typically means either routed or gated.

>         Packet 1 comes in through ISP #2 network.  It comes into your
>         internal network to machine 1.  Machine 1 replies to the
>         packet...but where does it go?  It will exit through interface
>         to ISP #1 because of the default gateway.  It came in ISP #2 and
>         left out ISP #1.  There is your problem.

The default route for Machine 1 should be, of course, the FreeBSD machine.
Having a default route on the FreeBSD machine is a configuration error,
because a default route doesn't make sense in the case of such a machine.
You *must* run a routing daemon and use a routing protocol compatible with
ISP#1 and ISP#2.

I think you were trying to say "route table" instead of "route cache", which
does make sense with this setup.  The simple answer is get a copy of a good
book on TCP/IP network administration, learn how to configure routed, and
use the stuff the way it was meant to be used.

>         What if you are running nat in this case....your hosed.

Why?

>         You can check out route-cache at Cisco's online site.  It may help
>         to clarify as to why you would want to do this.

Just use a routing protocol, that's what they were designed for.

>         If you check the -net mailing list this problem re-occurs over and
>         over and over and over and over.  To which there is a work around
>         that's a bit messy.

Lots of problems occur over and over again, that's why people write books
to explain things like this.  Trying to fit some half-baked notion of
how IP routing is supposed to work in the code isn't a solution.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message