Date: Thu, 27 Jun 2002 11:02:46 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: Matt Impett <M.Impett@flarion.com> Cc: Lars Eggert <larse@ISI.EDU>, "'freebsd-net@freebsd.org'" <freebsd-net@freebsd.org>, "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org> Subject: RE: source address based routing Message-ID: <Pine.BSF.4.21.0206271059360.69706-100000@InterJet.elischer.org> In-Reply-To: <8C92E23A3E87FB479988285F9E22BE46FDE77D@ftmail.lab.flarion.com>
next in thread | previous in thread | raw e-mail | index | archive | help
ahhhhhhh ok You need tje netgraph ipfw node or bpf node, attached to a netgraph ksocket node implementing the tunnel hmm the netgraph ipfw node is not yet checked in.. someone volunteered to update it, and in fact I guess now that luigi has rewritten ipfw, maybe the new one can b emade into a netgraph node easier. You may find that this works for a prototype, and that you then want to write a special purpose netgraph node to do just what you want.. anyhow, check out netgraph while you are about it.. it was designed for tunnelling and ancapsulation.. On Thu, 27 Jun 2002, Matt Impett wrote: > inline.. > > > -----Original Message----- > > From: Julian Elischer [mailto:julian@elischer.org] > > Sent: Wednesday, June 26, 2002 9:40 PM > > To: Lars Eggert > > Cc: Matt Impett; 'freebsd-net@freebsd.org'; > > 'freebsd-questions@freebsd.org' > > Subject: Re: source address based routing > > > > > > On Wed, 26 Jun 2002, Lars Eggert wrote: > > > > > Matt Impett wrote: > > > > gladly.. I am trying to implement reverse tunneling for mobile-IP. > The > > > > basic idea is that packets must be reverse tunneled to different IP > > > > addresses depending on the source address of the packet. The reason > the > > > > tunnel does not have an IP address associated with it is that I don't > want > > > > to forward traffic down the tunnel for any other reason besides source > > > > addresses. As soon as I assign the tunnel interface an address, > traffic > > > > sent to that address will be tunneled. > > > > Surely 10.200.x.x is unlikely to be used.. it gives you 64000 possible > > tunnels. What I am having trouble with is that the tunnel to use depends > > on the SOURCE? That seems a little unusual.. Obviously I'm missing > > something in the words "reverse tunnelling". > > The company I work for (Flarion Technologies) is building an IP access box > for mobile wireless networks that will plug into existing network > infrastructure. I would be a little scared reserving a large piece of the > private address space as I cannot be assured that the operator that owns the > (private) network we will be plugging into is not using the same space. > Doing so would require agreements with them about the use or reservation of > the chunks of addressing space. It could be done, but I would rather avoid > it. > > As for tunneling based on SOURCE, here is a brief explanation. We are > running mobileIP to handle device mobility in our network. Basically, > mobile nodes can have IP addresses which are not topologically correct at > the access router they are connected to, but rather ARE topologically > correct at some node (the Home Agent) back in the network. Downlink traffic > (to the mobile node) is tunnelened from the Home Agent to the mobile's > current point of attachment. Similarly, uplink traffic (from the mobile > node), needs to be reverse tunneled back to the Home Agent, as the IP > address the mobile will be sourcing traffic with is not topologically > correct and will be dropped by any routers doing ingress filtering. So, our > access box has to look for packets from particular source addresses and > tunnel them back to that address's Home Agent. > > matt > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0206271059360.69706-100000>