Source routing without rules?

Netdev List
 help / color / mirror / Atom feed

* Source routing without rules?
@ 2013-08-28  0:16 Andy Lutomirski
  2013-08-28  0:57 ` Brian Haley
  2013-08-28  1:14 ` Hannes Frederic Sowa
  0 siblings, 2 replies; 6+ messages in thread
From: Andy Lutomirski @ 2013-08-28  0:16 UTC (permalink / raw)
  To: Network Development

I'm about to implement a trivial source routing policy for the third
time, and this is IMO stupid.  I want to have two routes to a network.
 Each route should specify a src, and, if the flow matches the src,
then that route should win.

The rules that don't work are:

ip route add <net> via <gw1> dev <dev1> metric 0
ip route add <net> via <gw2> dev <dev2> src <dev2addr> metric 10

Even if I bind a socket to dev2addr, the outgoing packets go out dev1
to gw1.  This is exactly what I don't want to have happen.

This would fix it:

ip route add <net> via <gw1> dev <dev1> src <dev1addr> metric 0 match_src
ip route add <net> via <gw2> dev <dev2> src <dev2addr> metric 10

The semantics of match_src would be that, if set, the route only
matches if the flow has no assigned source address or if the assigned
source address matches.

(Also, if SO_BINDTODEVICE didn't require privilege, that would already
work.  Should there be a sysctl to allow anyone to use
SO_BINDTODEVICE?)

--Andy

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Source routing without rules?
  2013-08-28  0:16 Source routing without rules? Andy Lutomirski
@ 2013-08-28  0:57 ` Brian Haley
  2013-08-28  1:29   ` Andy Lutomirski
  2013-08-28  1:14 ` Hannes Frederic Sowa
  1 sibling, 1 reply; 6+ messages in thread
From: Brian Haley @ 2013-08-28  0:57 UTC (permalink / raw)
  To: Andy Lutomirski; +Cc: Network Development

On 08/27/2013 08:16 PM, Andy Lutomirski wrote:
> I'm about to implement a trivial source routing policy for the third
> time, and this is IMO stupid.  I want to have two routes to a network.
>  Each route should specify a src, and, if the flow matches the src,
> then that route should win.
> 
> The rules that don't work are:
> 
> ip route add <net> via <gw1> dev <dev1> metric 0
> ip route add <net> via <gw2> dev <dev2> src <dev2addr> metric 10
> 
> Even if I bind a socket to dev2addr, the outgoing packets go out dev1
> to gw1.  This is exactly what I don't want to have happen.

Look at this page on routing rules:

http://lartc.org/howto/lartc.rpdb.html

-Brian

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Source routing without rules?
  2013-08-28  0:57 ` Brian Haley
@ 2013-08-28  1:29   ` Andy Lutomirski
  0 siblings, 0 replies; 6+ messages in thread
From: Andy Lutomirski @ 2013-08-28  1:29 UTC (permalink / raw)
  To: Brian Haley; +Cc: Network Development

On Tue, Aug 27, 2013 at 5:57 PM, Brian Haley <brian.haley@hp.com> wrote:
> On 08/27/2013 08:16 PM, Andy Lutomirski wrote:
>> I'm about to implement a trivial source routing policy for the third
>> time, and this is IMO stupid.  I want to have two routes to a network.
>>  Each route should specify a src, and, if the flow matches the src,
>> then that route should win.
>>
>> The rules that don't work are:
>>
>> ip route add <net> via <gw1> dev <dev1> metric 0
>> ip route add <net> via <gw2> dev <dev2> src <dev2addr> metric 10
>>
>> Even if I bind a socket to dev2addr, the outgoing packets go out dev1
>> to gw1.  This is exactly what I don't want to have happen.
>
> Look at this page on routing rules:
>
> http://lartc.org/howto/lartc.rpdb.html

Been there, done that.  I want to do this in a way that's easy and
scalable, and rules are neither.

--Andy

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Source routing without rules?
  2013-08-28  0:16 Source routing without rules? Andy Lutomirski
  2013-08-28  0:57 ` Brian Haley
@ 2013-08-28  1:14 ` Hannes Frederic Sowa
  2013-08-28  1:46   ` Andy Lutomirski
  1 sibling, 1 reply; 6+ messages in thread
From: Hannes Frederic Sowa @ 2013-08-28  1:14 UTC (permalink / raw)
  To: Andy Lutomirski; +Cc: Network Development

On Tue, Aug 27, 2013 at 05:16:21PM -0700, Andy Lutomirski wrote:
> I'm about to implement a trivial source routing policy for the third
> time, and this is IMO stupid.  I want to have two routes to a network.
>  Each route should specify a src, and, if the flow matches the src,
> then that route should win.
> 
> The rules that don't work are:
> 
> ip route add <net> via <gw1> dev <dev1> metric 0
> ip route add <net> via <gw2> dev <dev2> src <dev2addr> metric 10

src is actually the preferred src address. In ipv6 land there is a RTA_SRC
(look for ip route *from* parameter) route attribute settable to only
select routes if the from-source matches the route. If you implement
such a feature I would go with the same design (IPV6_SUBTREES).

Greetings,

  Hannes

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Source routing without rules?
  2013-08-28  1:14 ` Hannes Frederic Sowa
@ 2013-08-28  1:46   ` Andy Lutomirski
  2013-08-28  1:51     ` Hannes Frederic Sowa
  0 siblings, 1 reply; 6+ messages in thread
From: Andy Lutomirski @ 2013-08-28  1:46 UTC (permalink / raw)
  To: Andy Lutomirski, Network Development

On Tue, Aug 27, 2013 at 6:14 PM, Hannes Frederic Sowa
<hannes@stressinduktion.org> wrote:
> On Tue, Aug 27, 2013 at 05:16:21PM -0700, Andy Lutomirski wrote:
>> I'm about to implement a trivial source routing policy for the third
>> time, and this is IMO stupid.  I want to have two routes to a network.
>>  Each route should specify a src, and, if the flow matches the src,
>> then that route should win.
>>
>> The rules that don't work are:
>>
>> ip route add <net> via <gw1> dev <dev1> metric 0
>> ip route add <net> via <gw2> dev <dev2> src <dev2addr> metric 10
>
> src is actually the preferred src address. In ipv6 land there is a RTA_SRC
> (look for ip route *from* parameter) route attribute settable to only
> select routes if the from-source matches the route. If you implement
> such a feature I would go with the same design (IPV6_SUBTREES).

Interesting.  The Kconfig help text for IPV6_SUBTREES is incredibly
confusing.  What are the actual semantics?  I'm guessing that only
routes that match the source address in their "from" clause are
considered and ties are broken in favor of the longest from prefix.

This is considerably more complicated than my suggestion, but it's
also more powerful.  Implementing this will require actually
understanding how the trie code works :/

--Andy

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Source routing without rules?
  2013-08-28  1:46   ` Andy Lutomirski
@ 2013-08-28  1:51     ` Hannes Frederic Sowa
  0 siblings, 0 replies; 6+ messages in thread
From: Hannes Frederic Sowa @ 2013-08-28  1:51 UTC (permalink / raw)
  To: Andy Lutomirski; +Cc: Network Development

On Tue, Aug 27, 2013 at 06:46:35PM -0700, Andy Lutomirski wrote:
> On Tue, Aug 27, 2013 at 6:14 PM, Hannes Frederic Sowa
> <hannes@stressinduktion.org> wrote:
> > On Tue, Aug 27, 2013 at 05:16:21PM -0700, Andy Lutomirski wrote:
> >> I'm about to implement a trivial source routing policy for the third
> >> time, and this is IMO stupid.  I want to have two routes to a network.
> >>  Each route should specify a src, and, if the flow matches the src,
> >> then that route should win.
> >>
> >> The rules that don't work are:
> >>
> >> ip route add <net> via <gw1> dev <dev1> metric 0
> >> ip route add <net> via <gw2> dev <dev2> src <dev2addr> metric 10
> >
> > src is actually the preferred src address. In ipv6 land there is a RTA_SRC
> > (look for ip route *from* parameter) route attribute settable to only
> > select routes if the from-source matches the route. If you implement
> > such a feature I would go with the same design (IPV6_SUBTREES).
> 
> Interesting.  The Kconfig help text for IPV6_SUBTREES is incredibly
> confusing.  What are the actual semantics?  I'm guessing that only
> routes that match the source address in their "from" clause are
> considered and ties are broken in favor of the longest from prefix.

At first normal longest-prefix lookup is done with the destination
address. The resulting fib6_node can now hold a subtree where a source
lookup will be done. If a node matches, this is the result. Otherwise
backtracking takes place in the "main" fib6_table.

Greetings,

  Hannes

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2013-08-28  1:52 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-08-28  0:16 Source routing without rules? Andy Lutomirski
2013-08-28  0:57 ` Brian Haley
2013-08-28  1:29   ` Andy Lutomirski
2013-08-28  1:14 ` Hannes Frederic Sowa
2013-08-28  1:46   ` Andy Lutomirski
2013-08-28  1:51     ` Hannes Frederic Sowa

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox