tech-net: Re: [patch] source-address selection

Subject: Re: [patch] source-address selection
To: None <tech-net@netbsd.org>
From: David Young <dyoung@pobox.com>
List: tech-net
Date: 02/22/2007 01:52:19
On Tue, Sep 05, 2006 at 11:15:25AM +0300, Mihai CHELARU wrote:
> David Young wrote:
> 
> > For review, here are my latest patches adding a mechanism
> > for enforcing an IPv4 source-address selection policy,
> > <ftp://cuw.ojctech.com/cuw/netbsd-e3b075d7/pristine-selsrc-patch>.
> [..]
> 
> Great work ! Thank you !
> 
> [..]
> >         preference      ranks by _source preference_; lower preference
> >                         numbers are ranked more highly
> 
> Preference should do exactly the opposite. Higher preference for higher
> rank. This is the logical way. If user sets an address without preference
> it should default to 0.

Mihai,

(Six months later....)

I agree with you.  I'm going to change the sense of 'preference', update
docs, and send a pull-up request for 4.0.

> >                         _destination address_.  A category is one of
> >                         "private", "link-local", or "other".  If the
> >                         categories exactly match, same-category assigns a
> >                         rank of 2.  Some sources are ranked 1 by category:
> >                         a link-local source with a private destination,
> >                         a private source with a link-local destination,
> >                         and a private source with an "other" destination
> >                         rank 1.  All other sources rank 0.
> > 
> >                         Categories are defined as follows.
> > 
> >                         private: RFC1918 networks, 192.168/16, 172.16/12,
> >                                  and 10/8,
> > 
> >                         link-local: 169.254/16, 224/24
> > 
> >                         other: all other networks---i.e., not private,
> >                                not link-local
> 
> Uhm, I don't understand this. Isn't common prefix enough ? Why is 224/24
> (shouldn't be 224/4 ?) link-local ? Maybe you wanted 240/4 ? Also for
> link-local I suggest adding 0/8. But the first question remains: why do we
> need this ?

I don't remember if I answered this.  Common prefix is not enough
because 224/24 and 169.254/16 do not have a common prefix, but they
nevertheless have "link-local" semantics, so an operator may want to
treat them alike---I do!

Can you explain a bit more about 0/8 ?  ISTR that is a BSDism that
appeases dhclient somehow?

Curious whether you've used IPSELSRC any?

Dave

-- 
David Young             OJC Technologies
dyoung@ojctech.com      Urbana, IL * (217) 278-3933