From nobody Thu Apr 25 20:56:12 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VQSnY1gCwz5JXd0 for ; Thu, 25 Apr 2024 20:56:17 +0000 (UTC) (envelope-from gshapiro@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VQSnX6xs6z4sQ6; Thu, 25 Apr 2024 20:56:16 +0000 (UTC) (envelope-from gshapiro@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1714078577; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=/MHXXEo1ZfwVOPk2ZflWBUV3wlY5s+6iLd54B0bHry4=; b=bLad2pUsMyGe99JqNCFLtEbiBiWAxX0KTRhDPg+oICWFX/HnxDqGtJuvXjPDOZ3Qzf/ZGD Bh9luMwiN9EUbES3f5xKtpXSTb9kiGFhTFBsoj8D19LuCCMDYVa9nePY/6GS1J+I4j7zVX 06z7PMBIsgK6myMCdpamu8UctNUOWk1TssXKyY5Tr5DHqoi2e4vT7/7F7SWqCwPRfwpf8c DWDYDaiJCu4ReKrkMHRAgMfw7snMT9Otr8nKfQgpw6wOguqIig9VIaFHp1j4d0kVrtoE8E +AHHA8QZQSnjhe4uiL6tUBnPqSdVN/1wMKq/jZAqTq+wGC6DeufSsjMMOZnc9Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1714078577; a=rsa-sha256; cv=none; b=yCggutnMOxSthDRJHaK6e0hjvP2XFdfONnmN7tGHhhb5ua41P4yrhbgiMfWw9BVupk0cP5 jFCFkhuK+8Dfnfc8JmXNtLZh2/rVB/32we/9oZiZyuRyiB0cPQBKeCJlfMmIwm1ceqOSQM wZvx7aJ2TMzHDukhwPJBkRwf5IbIuvuoRWALGQSmjHdduVyjQs4fkBCmMr5mcbTGeaKsoX h65RW1X0P14UedixaBQsisB2RxJ2fPwEhWWufiZwAwhc23EjvlJmnk5W7eEob6XCg49hWb Eyz4AiN/jL1glH0WAmi5m4YVKCHWchcDeYqzzZvFD+SwqhvSYMZxHBKm6K7dbQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1714078577; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=/MHXXEo1ZfwVOPk2ZflWBUV3wlY5s+6iLd54B0bHry4=; b=pT0BnODmB5qpzlI+oQpAlBKH4zyPIh4MCZj+jgLMcwS2kNGxUsPv2RHm2t7dfTHPjVCIcg EwA4HhrFc8eDwJE2CuUMEdANVr9cSM6YzxKS47kDlo80ATKhL+KQbdCLab2Untabe+Rp3m gZENA+DTjJe793iHHP3DUZXts5UaMSVJzi9sG8fbkUBN5k9V+ModOhAqPJnMO0OnDXL8ch P1iovqDvvYc/flGte/VerLOGKrc1PmEPb49nO02K8pMSpcelzAbYyh7Cg5Q5t000l0ipfb i+FpaTSsQMgtDKbuP7kGn6CA1rV3MPm/0S8OIekOXK1ktfq0j19PDHWI2tBv/A== Received: from thornystick.local (thornystick.gshapiro.net [IPv6:2a0a:280:2357:5506::2ee5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: gshapiro) by smtp.freebsd.org (Postfix) with ESMTPSA id 4VQSnX3lHdz10FK; Thu, 25 Apr 2024 20:56:16 +0000 (UTC) (envelope-from gshapiro@freebsd.org) Date: Thu, 25 Apr 2024 13:56:12 -0700 From: Gregory Shapiro To: Paul Vixie Cc: freebsd-net@freebsd.org Subject: Re: Source IPv4 address selection vs BGP IX connection Message-ID: References: <202404241742.43OHghWB055177@gndrsh.dnsmgr.net> <3exr7zmcxnfxuofbyf57gdbzxxrgntprydeesbjsparq3xgeri@p4irynwruq7f> <9d8cbd3e-6531-5c2b-ce02-0ff056cc946b@redbarn.org> List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9d8cbd3e-6531-5c2b-ce02-0ff056cc946b@redbarn.org> > of course, gethostid(3) is now deprecated in favour of sysctl(3), and the > hostid(8) command is gone, and there's now more than one flavour of > Internet-capable UNIX in the world, and there's more than one Internet > address family now. so what i did in 1990 is a guide only inasmuch as some > way should exist to change the default local address of a socket so that it > isn't the address of the interface used for the destination. if that happens > i hope we coordinate with Linux and with the other BSD's. Linux already has a model to give a hint for source address selection via route table "hints". When adding routes (either manually via `ip route' or via things like bird2 BGP daemon), Linux supports setting a source IP for when that route is used. Interestingly, JunOS (which I believe is based on FreeBSD) also supports a way to specify a default IPv4 source address, preferring the primary address on lo0 that is not 127.0.0.1. It is a common practice for BGP systems to attach their announced IPs to the loopback interface. https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/default-address-selection-edit-system.html For the Linux and bird (BGP) documentation: Linux ----- http://linux-ip.net/html/tools-ip-route.html#ex-tools-ip-route-add-src "The src option provides a hint to the kernel for source address selection. When you are working with multiple routing tables and different classes of traffic, you can ease your administrative burden, by hosting several different IPs on your linux machine and setting the source address differently, depending on the type of traffic. In the example below, let's assume that our masquerading host also runs a DNS resolver for the internal network and we have selected all of the outbound DNS packets to be routed according to table 7 [53]. Now, any packet which originates on this box (or is masqueraded through this table) will have its source IP set to 205.254.211.198. Example D.19. Using src in a routing command with route add [root@masq-gw]# ip route add default via 205.254.211.254 src 205.254.211.198 table 7 " man ip-route "src ADDRESS the source address to prefer when sending to the destinations covered by the route prefix." Bird (BGP Daemon) ---- "The Kernel protocol defines several attributes. These attributes are translated to appropriate system (and OS-specific) route attributes. We support these attributes: ... ip krt_prefsrc (Linux) The preferred source address. Used in source address selection for outgoing packets. Has to be one of the IP addresses of the router."