Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 28 Apr 1998 14:03:13 +0100
From:      Chrisy Luke <chrisy@flix.net>
To:        scaner@belabm.by
Cc:        David Muir Sharnoff <muir@idiom.com>, "freebsd-hackers@FreeBSD.ORG" <freebsd-hackers@FreeBSD.ORG>
Subject:   Re: Routing problem that I need solved.
Message-ID:  <19980428140313.12655@flix.net>
In-Reply-To: <3545B47A.5AABF3AC@belabm.by>; from Eugene Vedistchev on Tue, Apr 28, 1998 at 01:50:34PM %2B0300
References:  <199804280755.AAA11300@idiom.com> <3545B47A.5AABF3AC@belabm.by>
next in thread | previous in thread | raw e-mail | index | archive | help 
Eugene Vedistchev wrote (on Apr 28):
> Have you seen IP-Filter ?
> check http://cheops.anu.edu.au/~avalon/
> and http://cheops.anu.edu.au/~avalon/examples.html#redirection

This won't solve his precise problem, however, which is one of a
client machine determining onto which network to forward information,
but not necessarily using a directly attached next-hop - so it *needs*
to do real routing [tm] etc.

I've almost done it (kernel building as I type :-) with the ipfw
package built into FreeBSD. I'm also making it work with multipath
stuff - I was going to anyway, since I can then use the ipfw engine
to implement persistant-route multipath, where you cache the next-hop
found for a given source address and keep it for a while (before
expiring it if not used for "n" seconds).

You could then use this for a scalable transparent web proxy. One or
two multipath routers in front of one or two or more web proxies with
appropriate configs. You'd need an application that periodically
scanned the proxies to make sure they're alive and do appropricate
actions. I fully intend deploying this (and will of course make
FreeBSD a strong competitor against the likes of Inktomi, NetApp
and Mirror Image et al).

I might even go so far as implementing the TCP divert that this would
require in ipfw, which at the moment it lacks, although the bitmask on
ipfw commands means this may be difficult to squeeze in... at least
it would all be in one package. In any case, I'm not wild about the
way ipfilter does it.

Chris.
-- 
== chris@easynet.net, chrisy@flix.net, chrisy@flirble.org.
== Head of Systems for Easynet Group PLC.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980428140313.12655>