From nobody Thu Sep 26 16:04:51 2024 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XDz2N0LgPz5XSnW for ; Thu, 26 Sep 2024 16:05:00 +0000 (UTC) (envelope-from merlyn@geeks.org) Received: from mail.geeks.org (mail.geeks.org [IPv6:2001:4980:3333:1::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4XDz2L6kMCz4ngp for ; Thu, 26 Sep 2024 16:04:58 +0000 (UTC) (envelope-from merlyn@geeks.org) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of merlyn@geeks.org designates 2001:4980:3333:1::1 as permitted sender) smtp.mailfrom=merlyn@geeks.org; dmarc=none Received: from mail.geeks.org (localhost [127.0.0.1]) by after-clamsmtpd.geeks.org (Postfix) with ESMTP id F22297AAB0 for ; Thu, 26 Sep 2024 11:04:51 -0500 (CDT) Received: by mail.geeks.org (Postfix, from userid 1003) id DEC097AAAE; Thu, 26 Sep 2024 11:04:51 -0500 (CDT) Date: Thu, 26 Sep 2024 11:04:51 -0500 From: Doug McIntyre To: questions Subject: Re: Why does dhcpd have a routers (plural) option for a subnet? Message-ID: References: <292574df4e30929138035c55f6d69185@fjl.co.uk> List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <292574df4e30929138035c55f6d69185@fjl.co.uk> X-Virus-Scanned: ClamAV using ClamSMTP X-Spamd-Result: default: False [-1.84 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_LONG(-1.00)[-0.999]; NEURAL_HAM_SHORT(-0.93)[-0.927]; NEURAL_HAM_MEDIUM(-0.62)[-0.615]; R_SPF_ALLOW(-0.20)[+ptr]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; FROM_HAS_DN(0.00)[]; ASN(0.00)[asn:7753, ipnet:2001:4980::/32, country:US]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; MISSING_XM_UA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; MLMMJ_DEST(0.00)[questions@freebsd.org]; DMARC_NA(0.00)[geeks.org]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_ALL(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org]; ARC_NA(0.00)[] X-Rspamd-Queue-Id: 4XDz2L6kMCz4ngp X-Spamd-Bar: - On Thu, Sep 26, 2024 at 03:29:39PM +0100, Frank Leonhardt wrote: > This would require the host to rotate on failed gateways. I've always > thought this was a sensible and simple idea but networking geeks said it was > a really bad one and router standby protocols were the way to go. > > So the next interesting question would be which host stacks would accept > multiple gateways and what would they do with them? You have to think back to when this would have been developed. The model of NAT didn't exist. IP addresses were unique and globally routable. Routers were large devices that weren't entirely stable, mainly to route between multiple networks. For a large campus, you probably had a router servicing every building, if not every floor. You may have put multiple routers in to talk to different types of networks. Its entirely possible that another backup router would eventually lead you back to where you needed to go, perhaps over a secondary (ie. slower) link. Any host stack should be able to handle routing tables dealing with the original scenario. Network Engineers at ISPs do this all the time. Now, with NAT being prevelent everywhere, you're going to have to go through the device that holds your session table to have NAT work back. Most firewalls won't let traffic coming in on the "wrong" interface from passing through. Thus, we've collapsed everything down to requiring the one gateway router/firewall device. This is one of the problems with NAT that old network people complain about. NAT solved the Internet IP address limit problem, but with much reduced functionality and resiliency.