tech-net: Re: RFC: local address selection

Subject: Re: RFC: local address selection
To: None <tech-net@netbsd.org>
From: Miles Nordin <carton@Ivy.NET>
List: tech-net
Date: 11/07/2004 17:26:04
--pgp-sign-Multipart_Sun_Nov__7_17:25:54_2004-1
Content-Type: text/plain; charset=US-ASCII

>>>>> "ed" == Emmanuel Dreyfus <manu@netbsd.org> writes:
>>>>> "i" == itojun  <itojun@iijlab.net> writes:

    ed> ifconfig ex0 alias 10.0.12.7 prefered

    ed> route add default 10.0.12.1 -localaddr 10.0.12.7

    ed> Opinions?

It helps but is not really general enough to put the problem to rest
forever.

Routes don't inherit from encompasing routes like nesting in a
statically-scoped language---rather, only the most-specific route can
be consulted.  Suppose I want:

  destination   |  local address
----------------------------------
 192.168.0.0/16 |  192.168.168.3
 0.0.0.0/0      |  216.158.24.196

I can create those two routes with this new local-address attribute,
but my setting is lost if I have more specific routes from an IGP.
Even if I have interface routes for subnets, it's lost.

It seems to me the most flexible way would be an entirely separate
table like the routing table just for choosing interface address, so
more-specific routes can be omitted from this table. But I think
that's too complicated!

Honestly, for my network what would work best is, a special case: ``if
there is a /32 alias on lo0, use that address whenever it's necessary
to choose a default source address.''  I think many people who add
loopback aliases would prefer that.  It is adequate for your VPN,
right, because the SPD for the IPsec tunnel will specify a source
address rather than using default, so the loopback alias can be used
for VPN-protected traffic only?

Another more complicated alternative, would be to assign each
interface address a ``priority''.  Only the address with smallest
priority setting would be used.  In the case of a tie, it could choose
among the winners...somehow.  This is different from your 
'alias ... prefer' because if one interface address had the lowest
priority, it would be used for all packets, not just ones going out
that interface.  But I'm not sure it has any advantages in practice
over the loopback-alias-special-case.

     i> in IPv4 code, rt_ifa is used for selecting source address for
     i> a particular routing entry.  route -ifa should be sufficient.

[confused].  The local address selection is not consistent, so what
you describe maybe applies to manu's ICMPv4 case only?

Also, I thought -ifa was for -iface routes, to imply the interface.
Is it for something else---is it possible to install a route that,
when matched, targets a packet to Interface A, but assigns a local
address from Interface B?

-- 
Any man can be President, but only one man can be in the White House:  
the White Man.
		-- 53rd & 5th Ave Preacher

--pgp-sign-Multipart_Sun_Nov__7_17:25:54_2004-1
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (NetBSD)

iQCVAwUAQY6g/InCBbTaW/4dAQJbyQP+MB1I6sNwXCKAnpIqObF0zwvcbVjtEZYV
iGb7kSQp+nuufXZSILqqGgBPY77nejhFM74iZjXV5bV33xFKqQP6eWBIAX/d35Ij
HZMGYWspMjCXvfjgIvD/8l+naAg16fqQ8osxoCwD5XO5S1vc5uy9dec4RbMqe5VS
Ymjc3HlQe/o=
=ZiK0
-----END PGP SIGNATURE-----

--pgp-sign-Multipart_Sun_Nov__7_17:25:54_2004-1--