"mouss" is correct. UNIX routing is done solely on destination IP address
and the current route table. UNIX doesn't even attempt to load level across
multiple paths. First recognized route is the one it uses (or last, I can't
remember, but I think its first).
Actually, I have seen exceptions. The Sequoia fault-tolerant system that we
ran here previously had an environment variable in the shell which indicated
which NIC the incoming connection was made on. Packets left on the NIC the
variable was set to assuming that it was a valid route. For new outbound
connections, the normal route table was used.
It was actually a very nice design. If you had multiple NICs and round-robin
DNS, then the inbound traffic would be spread across multiple NICs; just
like other UNIX systems. Additionally, unlike other UNIX systems, the
outbound replies would be sent out the original NIC- that is spread across
multiple NICs.
> -----Original Message-----
> From: mouss [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, October 31, 2000 9:42 AM
> To: Ben Nagy
> Cc: '[EMAIL PROTECTED]'
> Subject: Re: Unexpected NIC selection...
>
> At 12:46 30/10/00 +1030, Ben Nagy wrote:
> >[snip]
> >
> >That's the bit I thought was impossible (silly me) - IMO it should not
> send
> >packets out of an interface that has a different L3 address unless
> >configured to be a router. Kind of like local spoof protection...
>
> The fact is that NICs and IP addresses are different things. The latter
> belong to IP
> when the former belong to the link layer. modularity says that these
> should
> stay
> sufficiently far from each other. Note that systems like solaris and linux
>
> (among others)
> that require to define an interface associated with an IP address just
> encourage
> the misconception (remember those stupid eth0:14?). the "good" approach is
> the
> BSD one: each interface has a list of IP addresses. That's why I like the
> BSD/OS
> keyword "add" instead of "alias" in ifconfig. nothing has never said that
> an interface
> should have _one_ IP address.
>
> This matters are justified by the fact that routing is done on a per
> destination basis.
> asking for routing to be done on a per source basis is like askig your
> mailman to
> deliver letters sent to a single person using different means depending on
>
> whether
> the letter was sent by you or by your wife: that's possible, but it's
> complicated and
> the mailman won't do it for free!
>
> Yes, there are policy based routing implementation, But they are used in
> special
> situations and can't go into standard stacks for performance reasons. the
> "one parameter" search (only IP destination) allows the use of the simple
> tree
> algorithm (PATRICIA is worth of love), and that if you add other search
> parameters,
> you're forced to get back to the stupid linear table search (even hash
> tables are
> difficult in the presence of multiple wildcard fields).
>
>
> cheers,
> mouss
>
>
>
>
>
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
