On Fri, 2008-07-25 at 09:20 -0600, Ed Brown wrote: > Well you got me there, saying 'only way' was just asking for trouble. > But policy routing is hardly a practical answer to the OP's > question.
I disagree, it would take only a few lines to address the OP's request (traffic that comes in on one interface goes out on the same interface) with policy routing, especially since he states that the device does not do any routing. That means that any inbound traffic to that server has to be directed to the IP address of the interface, and thus the responses will need to come from the IP address on which the connection is made. Now, I won't get into the whether that request is actually what he really wanted, but that was he stated (his later example from a SunOS machine did not imply that this is what he meant by his request, it seemed he just wanted the default route to be eth0 instead of eth2). > And it's really a semantic stretch to say that policy > routing is a way of having multiple "default routes". You can only > have one "default route", period. If you have multiple defined > routes, whether static or 'policy' based, they aren't "defaults", you > are explicitly configuring them, whatever the criteria (source ip, > dest ip, etc). I suspect we might be using a different definition of a "default route". Your using it in the global sense, what Cisco might call a "gateway of last resort", the route a device uses when no other route matches. I'm using the definition to mean "a route to 0/0 which might exist in any given routing table" which is more of the definition that the iproute2 tools in Linux use. Since Linux supports multiple routing tables, you can have multiple "default routes" (using my definition) based on a load of criteria, including simply the interface on which the traffic is sourced from. Of course there is a "default" routing table, but it's completely possible that this "default" routing table does not have a default route while the other routing tables for specific interfaces each have their own "default route" (route to 0/0). > Binding applications to particular interfaces really hasn't anything > to do with routing. And you still have to configure routing to > non-local networks for the application to be able to communicate with > them. Again, you can NOT have more than one "default route". Binding to an interface was just an example of how a source IP might be set, certainly not the only way, and, it's still routing that decides which interface the packet is sent on. Another example might be a server running a single apache instance listening on all interfaces, one exposed to the Internet, another exposed to an internal network. Users on the Internet would connect to the external IP address/interface while users on the internal network would connect to the internal IP address/interface. Of course in this environment you could easily just use static destination routes, assuming you knew all of the possible internal networks that might exist on each of the interfaces, but what if you didn't? Policy routing would allow you to use a "default route" for all connections that came in on the external interface, and a completely separate "default route" for connections that came on the internal interface, all without knowing anything but IP addresses of the gateways on each interface. Not only that, it would work, without you having to do anything, as new subnets are added on either side (assuming of course the network guys are doing their job and routing these new subnets to you). Later, Tom _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
