Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Q: multi-homed server with multiple default routers

1,002 views
Skip to first unread message

Ryo Furue

unread,
May 17, 2003, 7:47:52 AM5/17/03
to
Hello all,

I'm wondering what's the best way to set multiple default routers
for a multi-homed server.

I have a Solaris machine which has two network interfaces,
which are connected to different subnets, say,
"X.Y.Z.0/25" and "X.Y.Z.128/25", and which have addresses
"X.Y.Z.22" and "X.Y.Z.188", say. We have routers, whose
addresses are "X.Y.Z.1" and "X.Y.Z.129", say.

When the Solaris machine sends a packet whose
source address is "X.Y.Z.22", I want the packet to be
sent to the router "X.Y.Z.1"; when the source address
is "X.Y.Z.188", I want the packet to be sent to
"X.Y.Z.129".

However, in a *usual* setting of Solaris,
you write the address(es) of the router(s) in /etc/defaultrouter
but no consideration is made on which network interface
should be associated with which default router.

What's the standard solution to this problem?

After much trial and error, I found the following method works

# route delete 0.0.0.0 X.Y.Z.1
# route add 0.0.0.0 X.Y.Z.1 -ifp hme0
# route add 0.0.0.0 X.Y.Z.129 -ifp hme1

where hme0 is the interface connected to "X.Y.Z.0/25" and
hme1 is the one connected to "X.Y.Z.128/25".
Is this what I should do by editing /etc/rcS.d/K43inet ?
I guess there should be a more elegant and standard solution.

Thank you,
Ryo

Darren Dunham

unread,
May 17, 2003, 1:50:32 PM5/17/03
to
Ryo Furue <furu...@ccsr.u-tokyo.ac.jp> wrote:
> Hello all,

> I'm wondering what's the best way to set multiple default routers
> for a multi-homed server.

> I have a Solaris machine which has two network interfaces,
> which are connected to different subnets, say,
> "X.Y.Z.0/25" and "X.Y.Z.128/25", and which have addresses
> "X.Y.Z.22" and "X.Y.Z.188", say. We have routers, whose
> addresses are "X.Y.Z.1" and "X.Y.Z.129", say.

> When the Solaris machine sends a packet whose
> source address is "X.Y.Z.22", I want the packet to be
> sent to the router "X.Y.Z.1"; when the source address
> is "X.Y.Z.188", I want the packet to be sent to
> "X.Y.Z.129".

This is "source based routing" or "policy routing". Solaris doesn't do
that. Instead only the destination address and routing table are used
to determine the interface and hardware destination.

> However, in a *usual* setting of Solaris,
> you write the address(es) of the router(s) in /etc/defaultrouter
> but no consideration is made on which network interface
> should be associated with which default router.

Right. A "default" router is one used when no other router matches..
You don't want that. You want an interface router of some sort, which
is not directly supported by Solaris.

> What's the standard solution to this problem?

Install IP filter and have it route based on packet content.

From the sunmanagers archives...
http://www.sunmanagers.org/pipermail/summaries/2002-May/003118.html
- Casper Dik wrote:
> ipfilter actually does allow you to route deliberately using the source
> address; I have two internet connections at home and use that feature
> with the two rules at the start of my ipf.conf:
>
> pass out quick on qe0 to qe1:<qe1-router> from <qe1-address> to any
> pass out quick on qe1 to qe0:<qe0-router> from <qe0-address> to any
>
> I have two interfaces here, qe0 and qe1; in the first rule, when a packet
> is seen "on qe0" with the wrong address (from <qe*1*-address>), I send it
> "to qe1" but make sure to direct the packet at "qe1-router" (the
> default route for the qe1 interface).
>
> And the second rules send packets that should hav ebeen from qe0 but
> appear to be on qe1 back to qe0's default route.


> where hme0 is the interface connected to "X.Y.Z.0/25" and
> hme1 is the one connected to "X.Y.Z.128/25".
> Is this what I should do by editing /etc/rcS.d/K43inet ?
> I guess there should be a more elegant and standard solution.

If you do go that route, don't edit rc2.d/S69inet directly. Instead run
a separate script just after it that does what you want.

--
Darren Dunham ddu...@taos.com
Unix System Administrator Taos - The SysAdmin Company
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >

Ryo Furue

unread,
May 19, 2003, 9:24:33 AM5/19/03
to
Darren Dunham <ddu...@redwood.taos.com> wrote in message news:<IDuxa.838$vX5.93...@newssvr13.news.prodigy.com>...
> Ryo Furue <furu...@ccsr.u-tokyo.ac.jp> wrote:
[...]

> > When the Solaris machine sends a packet whose
> > source address is "X.Y.Z.22", I want the packet to be
> > sent to the router "X.Y.Z.1"; when the source address
> > is "X.Y.Z.188", I want the packet to be sent to
> > "X.Y.Z.129".
>
> This is "source based routing" or "policy routing". Solaris doesn't do
> that. Instead only the destination address and routing table are used
> to determine the interface and hardware destination.
[...snip...]

Thank you for the explanation, which was very clear!

There's one thing I'd like to correct myself: In the first posting
I said (or at least implied) that

# route add 0.0.0.0 X.Y.Z.1 -ifp hme0
# route add 0.0.0.0 X.Y.Z.129 -ifp hme1

would enable source based routing. I was wrong. At first it seemed
working: The machine grabbed X.Y.Z.129 as the router in responding to
an incoming packet to the hme1 interface. But, then the machine didn't
use X.Y.Z.1 even when responding to a packet for hme0....

Anyhow, thank you again,
Ryo

RRG

unread,
May 19, 2003, 1:40:39 PM5/19/03
to
furu...@ccsr.u-tokyo.ac.jp (Ryo Furue) wrote in message news:<e10cccdf.03051...@posting.google.com>...

The standard is to define the routers in the /etc/gateways file.
The in.routed process reads the optional /etc/gateways file upon
initialization to add additional static routes. This is another way
to add a permanent (passive) route other than adding a default router.
It is also a method to add one or more permanent routes that are not
default routes. These are the fields in the /etc/gateways:
net dest.net gateway router metric cnt [passive] [active]
For example
net 128.50.3.0 gateway sword-r metric 2 passive

I hope this help you.
RRG - SCSA/SCNA

Darren Dunham

unread,
May 19, 2003, 4:29:10 PM5/19/03
to
RRG <rigo...@sunguru.com> wrote:
> furu...@ccsr.u-tokyo.ac.jp (Ryo Furue) wrote in message news:<e10cccdf.03051...@posting.google.com>...
>> Darren Dunham <ddu...@redwood.taos.com> wrote in message news:<IDuxa.838$vX5.93...@newssvr13.news.prodigy.com>...
>> > Ryo Furue <furu...@ccsr.u-tokyo.ac.jp> wrote:
>> [...]
>> > > When the Solaris machine sends a packet whose
>> > > source address is "X.Y.Z.22", I want the packet to be
>> > > sent to the router "X.Y.Z.1"; when the source address
>> > > is "X.Y.Z.188", I want the packet to be sent to
>> > > "X.Y.Z.129".
>> >
>> > This is "source based routing" or "policy routing". Solaris doesn't do
>> > that. Instead only the destination address and routing table are used
>> > to determine the interface and hardware destination.
>> [...snip...]
>>

> The standard is to define the routers in the /etc/gateways file.


> The in.routed process reads the optional /etc/gateways file upon
> initialization to add additional static routes. This is another way
> to add a permanent (passive) route other than adding a default router.
> It is also a method to add one or more permanent routes that are not
> default routes. These are the fields in the /etc/gateways:
> net dest.net gateway router metric cnt [passive] [active]
> For example
> net 128.50.3.0 gateway sword-r metric 2 passive

That's still not going to do policy routing. It will populate the
routing table, but will not cause packets to select a gatway based on
source address in the manner that the OP requested.

James Carlson

unread,
May 20, 2003, 6:28:41 AM5/20/03
to
Darren Dunham <ddu...@redwood.taos.com> writes:

> RRG <rigo...@sunguru.com> wrote:
> > The standard is to define the routers in the /etc/gateways file.
> > The in.routed process reads the optional /etc/gateways file upon
> > initialization to add additional static routes. This is another way
> > to add a permanent (passive) route other than adding a default router.
> > It is also a method to add one or more permanent routes that are not
> > default routes. These are the fields in the /etc/gateways:
> > net dest.net gateway router metric cnt [passive] [active]
> > For example
> > net 128.50.3.0 gateway sword-r metric 2 passive
>
> That's still not going to do policy routing. It will populate the
> routing table, but will not cause packets to select a gatway based on
> source address in the manner that the OP requested.

True, and what's worse is that this isn't really a good way to add
static routes. Those entries in /etc/gateways happen to have the
*effect* of adding static routes, but that's really only a
side-effect. The real purpose of those entries is an ancient kludge:
where there are interfaces or routers of which in.routed is unaware
(e.g., some proxy ARP configurations), it's necessary to tell
in.routed that the interface exists.

The representation inside in.routed for those /etc/gateways entries is
as an *interface*, not a *route*. This can easily lead to odd
behavior if not used cautiously.

No, Solaris does not currently have a usable mechanism (other than
/etc/defaultrouter) for configuring static routes.

--
James Carlson, Solaris Networking <james.d...@east.sun.com>
Sun Microsystems / 1 Network Drive 71.234W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.497N Fax +1 781 442 1677

0 new messages