From owner-freebsd-questions@FreeBSD.ORG Mon Dec 26 15:48:16 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A3E816A41F for ; Mon, 26 Dec 2005 15:48:16 +0000 (GMT) (envelope-from danial_thom@yahoo.com) Received: from web33311.mail.mud.yahoo.com (web33311.mail.mud.yahoo.com [68.142.206.126]) by mx1.FreeBSD.org (Postfix) with SMTP id A1A5843D5E for ; Mon, 26 Dec 2005 15:48:13 +0000 (GMT) (envelope-from danial_thom@yahoo.com) Received: (qmail 90596 invoked by uid 60001); 26 Dec 2005 15:48:13 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=mEfje5cQGBlibKqjal2pHhDiNoIOFjxS5j4al/nobYRq54xz4co1QGxyVhiPp5ATHHiW71EHZ/iIj0TGw9r2pmFQ4z+ZkbwkFfjf0T1TUwy0M/aFu4lvpQBZtzNIpwutEdc9tpEdoBWhO5D2W/tN/GjH5ZMAkS2cLdq4aUFPYDg= ; Message-ID: <20051226154813.90594.qmail@web33311.mail.mud.yahoo.com> Received: from [24.46.186.215] by web33311.mail.mud.yahoo.com via HTTP; Mon, 26 Dec 2005 07:48:13 PST Date: Mon, 26 Dec 2005 07:48:13 -0800 (PST) From: Danial Thom To: Ted Mittelstaedt , "Loren M. Lang" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: Yance Kowara , freebsd-questions@freebsd.org Subject: RE: FreeBSD router two DSL connections X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: danial_thom@yahoo.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Dec 2005 15:48:16 -0000 --- Ted Mittelstaedt wrote: > > > >-----Original Message----- > >From: Danial Thom > [mailto:danial_thom@yahoo.com] > >Sent: Friday, December 23, 2005 3:47 PM > >To: Ted Mittelstaedt; Loren M. Lang > >Cc: Yance Kowara; > freebsd-questions@freebsd.org > >Subject: RE: FreeBSD router two DSL > connections > > > > > >Ted the incompetent, wrong on all counts once > >again: > > > > > >--- Ted Mittelstaedt > >wrote: > > > >> > >> > >> >-----Original Message----- > >> >From: Danial Thom > >> [mailto:danial_thom@yahoo.com] > >> >Sent: Wednesday, December 21, 2005 9:56 AM > >> >To: Loren M. Lang; Ted Mittelstaedt > >> >Cc: Yance Kowara; > >> freebsd-questions@freebsd.org > >> >Subject: Re: FreeBSD router two DSL > >> connections > >> > > >> > > >> >All upstream ISPs are > >> >connected to everyone on the internet, so > it > >> >doesn't matter which you send your packets > to > >> >(the entire point of a "connectionless" > >> network. > >> >They both can forward your traffic to > wherever > >> >its going. > >> > >> They aren't going to forward your traffic > >> unless > >> it's sourced by an IP number they assign. > To > >> do otherwise means they would permit you to > >> spoof IP > >> numbers. And while it's possible some very > >> small > >> ISP's run by idiots that don't know any > better > >> might > >> still permit this, their feeds certainly > will > >> not. > > > >Yes they will. > > I assure you they will not. > > >Routers route based on dest > >address only. Are you somehow suggesting that > an > >ISP can't be dual homed and use only one link > if > >one goes down, since some of the addresses > sent > >up the remaining pipe wouldn't have source > >addresses assigned by that upstream provider? > > ISP's that are dual-homed have to register > their > subnets with both providers. > > For example, suppose I'm a small ISP and I go > get a > Sprint connection and get assigned a range of > 11 IP subnets, 192.168.1.0 - 192.168.10.0 > > These are Sprint-owned IP addresses of course. > As > I source traffic from 192.168.1.x, Sprint > recognizes > it as valid traffic and allows it to pass > Sprint's > ingress filter to me. > > Now I get a bit bigger and decide I need a > redundant > connection. So I contact ARIN and buy an AS > number, > then contact ATT and get a connection to them, > then > setup BGP between myself and ATT & Sprint. > > When ATT and I are setting up BGP, ATT's techs > will > ask me what subnets I'm advertising, I tell > them > 192.168.1.0 - 192.168.10.0 ATT then checks > with > ARIN's whois server to make sure Sprint has > entered > a record for that list of subnets that says I'm > authorized to use them. If all that checks out > OK > then ATT adjusts their ingress filters so I can > source traffic to them from those subnets. So if you have 2 ISPs, then both of them know about both of your address groups, so you can load balance any way you want, right? Which is why the scenario I've suggested will work in all cases. I also know tons of secondary peering ISPs that don't do any filtering at all on incoming traffic. If you're peering with multiple networks the combinations of source addresses that are possible to go through your network are too mind-boggling to load your server with. Most T3 routers deployed can barely handle their loads without filtering every incoming packet through ingress filters. You may think they do it, but most don't For example, in my office I have a cable modem and a 100Mb/s link to an ISP that happens to be in my building. I can set my default router to either router and it works fine. The cable modem company will accept ANY source address and so will the ISP. I assure you that the cable company doesn't know of my other addresses. DT __________________________________________ Yahoo! DSL – Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com