On 2/23/16 8:27 AM, Gilberto Bertin wrote:
This series introduces support for the SO_BINDTOSUBNET socket option, which
allows a listener socket to bind to a subnet instead of * or a single address.
Motivation:
consider a set of servers, each one with thousands and thousands of IP
addresses. Since assigning /32 or /128 IP individual addresses would be
inefficient, one solution can be assigning subnets using local routes
(with 'ip route add local').
This allows a listener to listen and terminate connections going to any
of the IP addresses of these subnets without explicitly configuring all
of them. This is very efficient.
Unfortunately there may be the need to use different subnets for
different purposes.
One can imagine port 80 being served by one HTTP server for some IP
subnet, while another server used for another subnet.
Right now Linux does not allow this.
It is either possible to bind to *, indicating ALL traffic going to
given port, or to individual IP addresses.
The first only allows to accept connections from all the subnets.
The latter does not scale well with lots of IP addresses.
Have you looked at the VRF implementation?
Documentation/networking/vrf.txt
It certainly handles some of your requirements -- e.g., create L3
domains (VRFs) for subnets of interest. Apps can bind to the VRF device
to provide service to only those networks in the domain.
