Date: Thu, 27 Jun 2002 11:23:47 -0400 From: Matt Impett <M.Impett@flarion.com> To: 'Julian Elischer' <julian@elischer.org>, Lars Eggert <larse@ISI.EDU> Cc: Matt Impett <M.Impett@flarion.com>, "'freebsd-net@freebsd.org'" <freebsd-net@freebsd.org>, "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org> Subject: RE: source address based routing Message-ID: <8C92E23A3E87FB479988285F9E22BE46FDE77D@ftmail.lab.flarion.com>
next in thread | raw e-mail | index | archive | help
inline.. > -----Original Message----- > From: Julian Elischer [mailto:julian@elischer.org] > Sent: Wednesday, June 26, 2002 9:40 PM > To: Lars Eggert > Cc: Matt Impett; 'freebsd-net@freebsd.org'; > 'freebsd-questions@freebsd.org' > Subject: Re: source address based routing > > > On Wed, 26 Jun 2002, Lars Eggert wrote: > > > Matt Impett wrote: > > > gladly.. I am trying to implement reverse tunneling for mobile-IP. The > > > basic idea is that packets must be reverse tunneled to different IP > > > addresses depending on the source address of the packet. The reason the > > > tunnel does not have an IP address associated with it is that I don't want > > > to forward traffic down the tunnel for any other reason besides source > > > addresses. As soon as I assign the tunnel interface an address, traffic > > > sent to that address will be tunneled. > > Surely 10.200.x.x is unlikely to be used.. it gives you 64000 possible > tunnels. What I am having trouble with is that the tunnel to use depends > on the SOURCE? That seems a little unusual.. Obviously I'm missing > something in the words "reverse tunnelling". The company I work for (Flarion Technologies) is building an IP access box for mobile wireless networks that will plug into existing network infrastructure. I would be a little scared reserving a large piece of the private address space as I cannot be assured that the operator that owns the (private) network we will be plugging into is not using the same space. Doing so would require agreements with them about the use or reservation of the chunks of addressing space. It could be done, but I would rather avoid it. As for tunneling based on SOURCE, here is a brief explanation. We are running mobileIP to handle device mobility in our network. Basically, mobile nodes can have IP addresses which are not topologically correct at the access router they are connected to, but rather ARE topologically correct at some node (the Home Agent) back in the network. Downlink traffic (to the mobile node) is tunnelened from the Home Agent to the mobile's current point of attachment. Similarly, uplink traffic (from the mobile node), needs to be reverse tunneled back to the Home Agent, as the IP address the mobile will be sourcing traffic with is not topologically correct and will be dropped by any routers doing ingress filtering. So, our access box has to look for packets from particular source addresses and tunnel them back to that address's Home Agent. matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8C92E23A3E87FB479988285F9E22BE46FDE77D>