Subject: Re: Uncommon routing arrangement
To: Daniel Carosone <>
From: John Klos <>
List: tech-net
Date: 02/16/2005 14:34:56

> bridge(4) the two interfaces.  Perhaps you can convince the provider to 
> speak STP with you, in which case failover can be ~automatic, otherwise 
> you'll need to script something with brconfig to toggle discovery, 
> address learning, and flushing mac of tables to trigger failover.

I'll ask, but it took me four people before I could get someone who 
realizes that asking to have a subnet routed to MY hardware doesn't 
require special DSL hardware.

> bridge(4) is great for nic and switch failover, with a pair of switches 
> speaking stp and connected by a crossover.  windows calls this 'nic 
> teaming'

> load balancing outbound is under your control, and could be done a few 
> ways.  load balancing inbound depends how the head end router works: 
> does it select the link to use by MAC address or IP address?

Inbound, I'm not so worried, since the inbound speed is much greater than 
the outbound (6 Mbps versus 768 kbps). But I'd like to be able to use the 
full outgoing 768 kbps x two.

> (this also has important implications for whether different customers
> can conduct arp poisining attacks against eachother, as well as
> against other instances of themselves :)

Well, bridged connections definitely do have more issues, which is why I'm 
wondering if anyone knows how the ADSL bridges typically work.

> If by IP address, using a NAT address pool for source address will be 
> enough to distribute replies.  If it uses mac address, you'll also need 
> to arrange for IP addresses for each link to appear in the router's arp 
> table with MAC addresses that the bridge will direct accordingly, by 
> transmitting from the appropriate nic.

I suppose the possible answers will change a bit depending on whether an 
IP can be simply used from either bridge or not. Perhaps I should wait and 

I'm still not clear about what to do to tell the system, "use ex0 for 
communicating with the default route" versus "use ex1" or whatever. Nor am 
I clear about what complexities I'll see when two interfaces have the same 
MAC address for the same IP address.

> Either way, ipf fastroute is probably the best way to direct traffic
> outbound, but the answer will have important implications for
> interaction with failover.

Hmmm... At least the machine is local, so I'll be able to play around 
without worrying about knocking myself offline.