Date: Mon, 26 Dec 2005 07:48:13 -0800 (PST) From: Danial Thom <danial_thom@yahoo.com> To: Ted Mittelstaedt <tedm@toybox.placo.com>, "Loren M. Lang" <lorenl@alzatex.com> Cc: Yance Kowara <yance_kowara@yahoo.com>, freebsd-questions@freebsd.org Subject: RE: FreeBSD router two DSL connections Message-ID: <20051226154813.90594.qmail@web33311.mail.mud.yahoo.com> In-Reply-To: <LOBBIFDAGNMAMLGJJCKNOEBNFDAA.tedm@toybox.placo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Ted Mittelstaedt <tedm@toybox.placo.com> wrote: > > > >-----Original Message----- > >From: Danial Thom > [mailto:danial_thom@yahoo.com] > >Sent: Friday, December 23, 2005 3:47 PM > >To: Ted Mittelstaedt; Loren M. Lang > >Cc: Yance Kowara; > freebsd-questions@freebsd.org > >Subject: RE: FreeBSD router two DSL > connections > > > > > >Ted the incompetent, wrong on all counts once > >again: > > > > > >--- Ted Mittelstaedt <tedm@toybox.placo.com> > >wrote: > > > >> > >> > >> >-----Original Message----- > >> >From: Danial Thom > >> [mailto:danial_thom@yahoo.com] > >> >Sent: Wednesday, December 21, 2005 9:56 AM > >> >To: Loren M. Lang; Ted Mittelstaedt > >> >Cc: Yance Kowara; > >> freebsd-questions@freebsd.org > >> >Subject: Re: FreeBSD router two DSL > >> connections > >> > > >> > > >> >All upstream ISPs are > >> >connected to everyone on the internet, so > it > >> >doesn't matter which you send your packets > to > >> >(the entire point of a "connectionless" > >> network. > >> >They both can forward your traffic to > wherever > >> >its going. > >> > >> They aren't going to forward your traffic > >> unless > >> it's sourced by an IP number they assign. > To > >> do otherwise means they would permit you to > >> spoof IP > >> numbers. And while it's possible some very > >> small > >> ISP's run by idiots that don't know any > better > >> might > >> still permit this, their feeds certainly > will > >> not. > > > >Yes they will. > > I assure you they will not. > > >Routers route based on dest > >address only. Are you somehow suggesting that > an > >ISP can't be dual homed and use only one link > if > >one goes down, since some of the addresses > sent > >up the remaining pipe wouldn't have source > >addresses assigned by that upstream provider? > > ISP's that are dual-homed have to register > their > subnets with both providers. > > For example, suppose I'm a small ISP and I go > get a > Sprint connection and get assigned a range of > 11 IP subnets, 192.168.1.0 - 192.168.10.0 > > These are Sprint-owned IP addresses of course. > As > I source traffic from 192.168.1.x, Sprint > recognizes > it as valid traffic and allows it to pass > Sprint's > ingress filter to me. > > Now I get a bit bigger and decide I need a > redundant > connection. So I contact ARIN and buy an AS > number, > then contact ATT and get a connection to them, > then > setup BGP between myself and ATT & Sprint. > > When ATT and I are setting up BGP, ATT's techs > will > ask me what subnets I'm advertising, I tell > them > 192.168.1.0 - 192.168.10.0 ATT then checks > with > ARIN's whois server to make sure Sprint has > entered > a record for that list of subnets that says I'm > authorized to use them. If all that checks out > OK > then ATT adjusts their ingress filters so I can > source traffic to them from those subnets. So if you have 2 ISPs, then both of them know about both of your address groups, so you can load balance any way you want, right? Which is why the scenario I've suggested will work in all cases. I also know tons of secondary peering ISPs that don't do any filtering at all on incoming traffic. If you're peering with multiple networks the combinations of source addresses that are possible to go through your network are too mind-boggling to load your server with. Most T3 routers deployed can barely handle their loads without filtering every incoming packet through ingress filters. You may think they do it, but most don't For example, in my office I have a cable modem and a 100Mb/s link to an ISP that happens to be in my building. I can set my default router to either router and it works fine. The cable modem company will accept ANY source address and so will the ISP. I assure you that the cable company doesn't know of my other addresses. DT __________________________________________ Yahoo! DSL – Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051226154813.90594.qmail>