From: Alpt <alpt-6BmP915+9Ldg9hUCZPvPmw@public.gmane.org>
To: "Gary W. Smith" <gary-zyWbyo0F5n8lRZJAF2VpKQ@public.gmane.org>
Cc: netfilter-wool9L35kiczKOhml7GhPkB+6BGkLq7r@public.gmane.org,
netsukuku-6BmP915+9Ldg9hUCZPvPmw@public.gmane.org
Subject: Re: Multiple inet gw and multipath
Date: Wed, 1 Mar 2006 05:55:03 +0100 [thread overview]
Message-ID: <20060301045503.GA7482@nihil> (raw)
In-Reply-To: <57F9959B46E0FA4D8BA88AEDFBE582901673AA-pXpRIbuYcI+xSBpebk8nUM8lm8qNBeZ/JUWSQBdlaSk@public.gmane.org>
On Tue, Feb 28, 2006 at 03:06:57PM -0800, <Gary W. Smith>:
~> Well, what we do is to mark a packet coming in an interface and use a
~> special table based on mark to decide which route to take. Ours is a
~> little more complicated as we are nat'ing addresses internal from each
~> external interface. We end up having servers with two internal IP's
~> which are nat'ed to an external IP. But the logic should still hold
~> true for you.
~>
~> Iptables sets the mark in the mangle table.
~> -A PREROUTING -i eth0 -j MARK --set-mark 0x4
~> -A PREROUTING -i eth1 -j MARK --set-mark 0x8
Unfortunately we have to use only one IP per node because we are in an adhoc
net. If we assign different IPs to the same node conflicts will arise,
therefore each interface and tunnel has to have the same IP.
If it hadn't been like this we would have used the source routing method
described in the lartc HOWTO.
Let's recap:
We have multiple gw. When a new connection is established through a gw,
all the packets belonging to the same connection must be sent through the
same gw.
We cannot use the source routing method since all the IFs use the same IP,
thus in order to accomplish this we have to:
mark with the same id all the packets which belong to the same
connection.
Each connection has to have a different mark in order to go through
different gateways.
A simple idea is to assign a mark to each tunnel (outgoing IF), and
when a new connection is created through a specific tunnel, all the outgoing
packets of the connection are marked with the same id. But how?
Another idea is to conntrack the connection and marking the packets with a
4bit number which is the hash of the destination IP. Probably this requires a
new netfilter extension.
That's all,
regards and thanks
--
:wq!
"I don't know nothing" The One Who reached the Thinking Matter '.'
[ Alpt --- Freaknet Medialab ]
[ GPG Key ID 441CF0EE ]
[ Key fingerprint = 8B02 26E8 831A 7BB9 81A9 5277 BFF8 037E 441C F0EE ]
next prev parent reply other threads:[~2006-03-01 4:55 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-28 23:06 Multiple inet gw and multipath Gary W. Smith
[not found] ` <57F9959B46E0FA4D8BA88AEDFBE582901673AA-pXpRIbuYcI+xSBpebk8nUM8lm8qNBeZ/JUWSQBdlaSk@public.gmane.org>
2006-03-01 4:55 ` Alpt [this message]
2006-03-01 5:35 ` Philip Craig
[not found] ` <440532BA.40009-XXXsiaCtIV5Wk0Htik3J/w@public.gmane.org>
2006-03-02 2:38 ` Alpt
-- strict thread matches above, loose matches on Subject: below --
2006-02-28 21:44 Alpt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060301045503.GA7482@nihil \
--to=alpt-6bmp915+9ldg9huczpvpmw@public.gmane.org \
--cc=gary-zyWbyo0F5n8lRZJAF2VpKQ@public.gmane.org \
--cc=netfilter-wool9L35kiczKOhml7GhPkB+6BGkLq7r@public.gmane.org \
--cc=netsukuku-6BmP915+9Ldg9hUCZPvPmw@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.