Re: merging forwarding & packet filtering?

[David Young <dyoung%pobox.com@localhost>]

On Thu, Mar 10, 2011 at 12:52:26PM +0800, Dennis Ferguson wrote:
> Finally, though, there is the issue of what useful purpose this might
> serve and whether there are other ways to get to the same place.  I'm
> not sure what the purpose of the example might be, but let me just assume
> that it is a method for doing something useful when you have two
> working default routes and want to split traffic between them.

It's a method for achieving the best possible Internet reliability at a
site that connects to two or more Internet providers on consumer-class
subscriber lines---i.e., BGP is not available---and the computers at
the site connect to the Internet through a NAT router.  When the link
to provider A goes down, you don't know ahead of time for how long.
It is helpful to direct new flows to provider B during an outage of
provider A, however, redirecting existing flows to provider B during an
outage is unhelpful at best.  At worst, it kills the flows[1].  If the
outage lasts just 10 seconds, and switching providers kills flows, then
reliability may be worse than if you did not fail over to B all.  The
best possible thing to do is to hold existing flows on provider A and
to let new flows start on provider B.  I haven't found a way to do that
without keeping some flow state.

Dave

[1] Under certain circumstances a TCP RST or an ICMP packet will
    come back from provider B.

-- 
David Young             OJC Technologies
dyoung%ojctech.com@localhost      Urbana, IL * (217) 344-0444 x24