From owner-freebsd-questions Thu Jun 27 8:24: 7 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail.flarion.com (mail.flarion.com [63.103.94.23]) by hub.freebsd.org (Postfix) with ESMTP id 2C38B37B401; Thu, 27 Jun 2002 08:23:56 -0700 (PDT) Received: by rrmail01.lab.flarion.com with Internet Mail Service (5.5.2653.19) id ; Thu, 27 Jun 2002 11:23:54 -0400 Message-ID: <8C92E23A3E87FB479988285F9E22BE46FDE77D@ftmail.lab.flarion.com> From: Matt Impett To: 'Julian Elischer' , Lars Eggert Cc: Matt Impett , "'freebsd-net@freebsd.org'" , "'freebsd-questions@freebsd.org'" Subject: RE: source address based routing Date: Thu, 27 Jun 2002 11:23:47 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG inline.. > -----Original Message----- > From: Julian Elischer [mailto:julian@elischer.org] > Sent: Wednesday, June 26, 2002 9:40 PM > To: Lars Eggert > Cc: Matt Impett; 'freebsd-net@freebsd.org'; > 'freebsd-questions@freebsd.org' > Subject: Re: source address based routing > > > On Wed, 26 Jun 2002, Lars Eggert wrote: > > > Matt Impett wrote: > > > gladly.. I am trying to implement reverse tunneling for mobile-IP. The > > > basic idea is that packets must be reverse tunneled to different IP > > > addresses depending on the source address of the packet. The reason the > > > tunnel does not have an IP address associated with it is that I don't want > > > to forward traffic down the tunnel for any other reason besides source > > > addresses. As soon as I assign the tunnel interface an address, traffic > > > sent to that address will be tunneled. > > Surely 10.200.x.x is unlikely to be used.. it gives you 64000 possible > tunnels. What I am having trouble with is that the tunnel to use depends > on the SOURCE? That seems a little unusual.. Obviously I'm missing > something in the words "reverse tunnelling". The company I work for (Flarion Technologies) is building an IP access box for mobile wireless networks that will plug into existing network infrastructure. I would be a little scared reserving a large piece of the private address space as I cannot be assured that the operator that owns the (private) network we will be plugging into is not using the same space. Doing so would require agreements with them about the use or reservation of the chunks of addressing space. It could be done, but I would rather avoid it. As for tunneling based on SOURCE, here is a brief explanation. We are running mobileIP to handle device mobility in our network. Basically, mobile nodes can have IP addresses which are not topologically correct at the access router they are connected to, but rather ARE topologically correct at some node (the Home Agent) back in the network. Downlink traffic (to the mobile node) is tunnelened from the Home Agent to the mobile's current point of attachment. Similarly, uplink traffic (from the mobile node), needs to be reverse tunneled back to the Home Agent, as the IP address the mobile will be sourcing traffic with is not topologically correct and will be dropped by any routers doing ingress filtering. So, our access box has to look for packets from particular source addresses and tunnel them back to that address's Home Agent. matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message