Date: Fri, 22 Feb 2008 16:28:03 +0900 From: "Adrian Chadd" <adrian@freebsd.org> To: "Wes Peters" <wes@opensail.org> Cc: Nick Barnes <Nick.Barnes@pobox.com>, freebsd-net@freebsd.org, "Bruce M. Simpson" <bms@freebsd.org> Subject: Re: Multiple default routes on multihome host Message-ID: <d763ac660802212328h6a583aaasd8f522e51ef10ee6@mail.gmail.com> In-Reply-To: <1C828D1A-192A-40ED-8391-DA316611E6E2@opensail.org> References: <20080219021012.95B1116A4CB@hub.freebsd.org> <8E87DC1A-6EC2-4E53-9FA3-17E694BE7846@opensail.org> <47BCA1AA.7060800@FreeBSD.org> <1C828D1A-192A-40ED-8391-DA316611E6E2@opensail.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 22/02/2008, Wes Peters <wes@opensail.org> wrote: > As much as anything I just object to the semantic dissonance in > "multiple" "default". Think about it. > > I still haven't decided what it means at the packet level to have > multiple default routes. Does that mean that, not having found a > "better" route, I send the packets out both routes? Choose between > them? Doesn't that tend to flap packets in a TCP "connection" back > and forth? Does my router have to remember which route it chose for a > TCP connection and reuse that one? For proper connection hijacking, you have to do this. FreeBSD doesn't. For example, take the situation where you have N routers (Cisco) with WCCPv2 redirecting snaffled packets back to a farm of proxies. The chosen proxy is determined by a hash function on the TCP frame. Now, the proxy hijacks that TCP connection (assuming it sees a symmetric flow!) and goes to connect to the original destination. Thing is, the outward packet flow now goes out the hosts default route, not the router which sent it the packet. Now, this mostly isn't a problem, but some Squid users are beginning to notice it being an issue. > I know people want to be able to plug in a pair of itty bitty routers > and just have their computers be smart enough to use the "best" one, > but it's not clear the implementations they are pushing us towards -- > Linux and Windows -- actually accomplish that. In fact, what they > usually do is screw it up badly and the people only THINK they're > getting any enhanced reliability. Thing is, the world isn't "ideal" anymore. End users with PA space wish to do HA type tricks. The old school idea of routing just doesn't apply when you don't "have" an autonomous system with sensible IP allocations and routing policy. I guess the only thing here to add is "tools, not policy." People would like these tools. Adrian -- Adrian Chadd - adrian@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d763ac660802212328h6a583aaasd8f522e51ef10ee6>