From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] routing problem
Date: Tue, 11 Nov 2003 04:22:38 +0000 [thread overview]
Message-ID: <marc-lartc-106854419318581@msgid-missing> (raw)
In-Reply-To: <marc-lartc-101530055025659@msgid-missing>
Meretei,
: I've an interface (eth0) and its address (eg. 195.150.0.11) routed
: throught 195.150.0.1 I made an alias 193.144.0.11 too (eth0:1) but I
: have to route the second subnet trought an other router (193.144.0.1)
:
: the main problem is, that I cannot make two default routes... I dont
: know really what to in this case
Damion was correct when he suggested that policy routing would be a good
solution for you. He suggested reading lartc.org [0] and also a chapter
in my (incomplete) book; the chapter on routing [1]. Together these two
resources should give you a good idea of how the solution works. Policy
routing leverages multiple routing tables and a policy database. The
lookups in the policy database select the routing table to apply for a
particular packet. With a careful design of your routing tables, you can
easily have two or more default routes, depending on the characteristics
of the outbound packet.
: +--------+
: | linux | eth0 (195.150.0.11) -- [router: 195.150.0.1] -- INET
: | router | eth0:1 (193.144.0.11) -- [router: 193.144.0.1] -- INET
: +--------+
I assume that you are only showing us the networks connected to this
router, and that there are no others. If that is the case, then my
following statements hold.
For you, the pitfall and difficulty will likely have more to do with
ensuring that the packets are sourced from the correct IP. This will be
trivial if you are running servers on 195.150.0.11 and 193.144.0.11, but
may be more difficult if you are trying to select outbound path from
userspace. This could depend on your application supporting the call to
bind to a particular IP.
In particular, you'll want to examine the kernel's rules for selecting a
source IP if it is not specified by the application [2].
If eth0 is your preferred link, then this should work for you as a
starting point:
echo secondary >> /etc/iproute2/rt_tables
ip rule add from 193.144.0.11 table secondary
ip route flush table secondary
ip route show table main | while read ROUTE ; do
ip route add table secondary $ROUTE
done
ip route change default table secondary via 193.144.0.1
One other note. The use of the term IP aliasing is archaic and
deprecated. The command "ifconfig" displays "aliased" interfaces with
the old-style name "eth0:0", when, in fact, there is no such thing as an
alias under Linux. This is immediately obvious when using the "ip
address" command line tool to list addresses associated with a particular
interface.
-Martin
[0] http://lartc.org/howto/lartc.rpdb.html#LARTC.RPDB.SIMPLE
[1] http://linux-ip.net/html/ch-routing.html
[2] http://linux-ip.net/gl/ip-cref/node155.html
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-11-11 4:22 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-03-05 3:55 [LARTC] routing problem suresh
2002-03-05 17:28 ` Ard van Breemen
2002-03-06 6:44 ` suresh
2002-11-20 17:31 ` [LARTC] Routing problem Mauro Cerboni
2002-11-22 0:03 ` Jose Luis Domingo Lopez
2002-11-22 0:32 ` George J. Jahchan, Eng.
2002-12-17 16:53 ` [LARTC] ROUTING Problem Andre Lorenz
2003-09-05 16:12 ` [LARTC] Routing problem gaston
2003-09-07 23:03 ` Damion de Soto
2003-09-08 6:41 ` Ronny Aasen
2003-09-08 14:46 ` gaston
2003-09-09 13:59 ` gaston
2003-11-10 12:29 ` [LARTC] routing problem Meretei Balázs
2003-11-10 23:55 ` Damion de Soto
2003-11-11 4:22 ` Martin A. Brown [this message]
2004-04-06 11:09 ` [LARTC] Routing problem huffo
2004-04-06 12:28 ` huffo
2004-04-06 23:32 ` Damion de Soto
2004-04-07 1:16 ` huffo
2004-04-07 1:26 ` huffo
2006-12-12 13:07 ` [LARTC] Routing Problem Javier A Toledano
2006-12-13 15:05 ` Taylor, Grant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-106854419318581@msgid-missing \
--to=mabrown-lartc@securepipe.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox