On 06/23/09 11:08, Sebastien Roy wrote:
Hi Jim,
On Tue, 2009-06-23 at 06:56 -0700, Jim Klimov wrote:
That is, if a user accesses the server with an IP address "A" of ISP "A", the
response packets go back to gateway of ISP "A" and so on. Likewise for "B".
That is, the IP address used by clients should determine which ISP is used and
which default gateway is picked for response packets. So I thought.
Unfortunately, ordinary IP routing tables don't work that way.
Forwarding table lookups and source address selection are done
separately. In the example above, when the server responds, the route
lookup is done strictly using the destination address as input (not the
source address). Given two equivalent default routes for that
destination, either route could be chosen using this algorithm.
In fact, my system seems to alternate its default router about once a minute
(I didn't measure precisely; this may be caused by a RIPv2 client used to install
multiple routes to local internal networks, or maybe it is not related).
Given two equivalent routes for a given destination, the route chosen
for a given packet to that destination is not deterministic. The
current implementation tries to be clever and alternate which default
route is used when communicating with a new destination, and again, this
is unrelated to the source address used to communicate with that
destination.
For a given destination, what is the 'timeout' value, and does it change
based on initial creation, or last use timeout? I'd ask on James' great
blog, however comments are closed :)
Steffen
My questions are: is this strangeness intended? What could I misconfigure or
under-configure? Does a similar setup work in other builds of Solaris (maybe
it is a regression of a recent OpenSolaris)?
It is intended. What you're looking for is a form of source-based
forwarding which isn't something that normal IP forwarding does (by
design). You can implement what you want using IP filter by having IP
filter re-inject packets for transmission to a specific interface based
on the source address of that packet.
-Seb
_______________________________________________
networking-discuss mailing list
[email protected]
_______________________________________________
networking-discuss mailing list
[email protected]
