On Fri, 2008-07-25 at 12:17 -0600, Ed Brown wrote: > Tom, you're going to wake up in the morning and wonder what the heck > it was you were thinking. (Or maybe I will.) If the box does not > serve as a router, then policy routing is a complete non-starter.
Ed, perhaps this is yet another semantic disagreement. To me "routing" refers to forwarding of IP traffic between two interfaces and/or subnets, not the interaction of a single or multiple interfaces with the network. I don't consider my workstations "routers" even though, yes, technically, they do know to route packets to the default gateway. They are not "routers" because they can't forward traffic between two interfaces/or two subnets (net.ipv4.ip_forward = 0). > Think about it. The only reason for traffic to come into this box, is > to interact with some application there. Then the OS needs to know > how to route the REPLY traffic. It doesn't know what interface the > http request came in on, for example. It isn't the same traffic going > out! Right, this isn't about the application, it's about the kernel network layer. However, when a connection comes in to the server it will come to a specific IP address. Since the TCP session was established to that IP address replay packets must use that IP address as their source. So, let's say I have a system with two NICs like so: eth0 10.10.1.1 eth1 10.20.1.1 So now I advertise to my clients a DNS record for my box which sends them to 10.20.1.1. That means that the reply's to those clients have to come from 10.20.1.1. If I have a simple policy which says all IP packets with a source address of 10.20.1.1 must be sent via the gateway on interface eth1, clients that make their connections to 10.20.1.1, no matter what their IP address, will get their response from that interface via that gateway. > No, absolutely not. You are describing a router. Guess we'll have to > agree to disagree... Once again, to me a router is a device which forwards packets from one interface/subnet to another. Just because a device has multiple interfaces does not make it a router. Heck, even a Cisco router with "no ip routing" command becomes a simple host with multiple NIC's. But I'm more than willing to let it drop seeing that it's not really on topic for the OP. Later, Tom _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
