From owner-freebsd-net@FreeBSD.ORG Mon Feb 18 22:33:11 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1F79C16A419 for ; Mon, 18 Feb 2008 22:33:11 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.freebsd.org (Postfix) with ESMTP id E88AE13C4D1 for ; Mon, 18 Feb 2008 22:33:10 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from vanquish.ws.pitbpa0.priv.collaborativefusion.com (vanquish.ws.pitbpa0.priv.collaborativefusion.com [192.168.2.162]) (SSL: TLSv1/SSLv3,256bits,AES256-SHA) by wingspan with esmtp; Mon, 18 Feb 2008 17:33:07 -0500 id 00056427.47BA07A4.00010B15 Date: Mon, 18 Feb 2008 17:33:07 -0500 From: Bill Moran To: Tom Judge Message-Id: <20080218173307.00cb1296.wmoran@collaborativefusion.com> In-Reply-To: <47BA037A.8010405@tomjudge.com> References: <38308.1203368454@thrush.ravenbrook.com> <20080218163618.5e6672d3.wmoran@collaborativefusion.com> <6xiZ7xvVdDqVhj0EdhE90pfdIcQ@S1JitD8kpKQ9sTxL7Qyzy/kv7rU> <20080218170642.e079540d.wmoran@collaborativefusion.com> <47BA037A.8010405@tomjudge.com> Organization: Collaborative Fusion X-Mailer: Sylpheed 2.4.7 (GTK+ 2.12.8; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Nick Barnes , freebsd-net@freebsd.org Subject: Re: Multiple default routes on multihome host X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Feb 2008 22:33:11 -0000 In response to Tom Judge : > Bill Moran wrote: > > In response to Eygene Ryabinkin : > > > >> Bill, > >> > >> Mon, Feb 18, 2008 at 04:36:18PM -0500, Bill Moran wrote: > >>> I would suggest you ask yourself (and possibly the list) _why_ you think > >>> multiple default routes is necessary ... what is it that you're hoping > >>> to accomplish. I'm guessing your looking for some sort of redundancy, > >>> in which case something like CARP or RIP is liable to be the correct > >>> solution. > >> I had faced such situation once: I had multihomed host that was > >> running Apache daemon that was announced via two DNS names that > >> were corresponding to two different IPs, going via two different > >> providers. When the first provider's link goes down, the second > >> provider is still alive, and when both providers are alive, the > >> traffic is balanced via DNS round-robin alias. Do you see some > >> better way to do it via CARP, RIP, something different? I am still > >> interested in other possibilities. > > > > The canonical way to do this is with BGP. I can be done with CARP > > if both providers support it and are willing to work together. > > Unfortunately businesses tend to get bundled PA address space when > purchasing leased lines off of ISP. This means that a some what simple > transition from provider A to provider B can not be done with BGP. Also > as the OP states one the the address blocks that he has is a /25 which > most ISP's will filter from the BGP address table because it is to small. You're confusing issues. The OP is in the process of a migration, in which case the packet rewriting via pf/ipfw/etc is probably the best approach. Eygene is describing a different scenario with a permanent multihomed system, in which case BGP is probably the best option, but CARP _may_ be an option. > I think the cost of learning BGP, getting an AS number and a suitable > large block of PI address space, getting 2 routers that can do BGP, > coupled with the consultancy costs charged by the ISP to setup the BGP > feed totally out way the cost of just multihoming a box for a few > days/weeks while the required changes take affect.. Ok so this is not > ideal but hey it works and its simpler.. Agreed. In fact, if you read the prior messages, I never disagreed. Personally, I prefer to do this type of migration as a "flag day" where everything just gets switched over all at once ... but that's not always possible. The OP seems to have a number of systems with public IPs, and it's harder to do a flag day with a lot of systems. -- Bill Moran Collaborative Fusion Inc. http://people.collaborativefusion.com/~wmoran/ wmoran@collaborativefusion.com Phone: 412-422-3463x4023