Re: merging forwarding & packet filtering?

To: tech-net%netbsd.org@localhost
Subject: Re: merging forwarding & packet filtering?
From: "S.P.Zeidler" <spz%serpens.de@localhost>
Date: Fri, 18 Mar 2011 07:48:02 +0000 (UTC)

dyoung%pobox.com@localhost (David Young) writes:

>What do people think about gradually merging the packet-forwarding and
>packet-filtering functions in the kernel?

If we touch the packet forwarding at all, please consider:

- for IPv6 PA multihoming you must consider source prefix as well
  (sending provider B traffic with provider A prefix is not going to work
  if provider B has their ducks in a row).

  The solution to the two-providers-and-NAPT problem is to stop natting
  new connections to provider A and to route -after- NAT based on the
  source address you have, ie you should have <addr A>:default and
  <addr B>:default at the same time. Thus you only need to keep the
  NAPT state. Signalling the translator that source address A became
  a bad choice is left as exercise to the reader :-P

- metric; also, stateless ECMP (RFC2991) routing.
  Not a must, but a rather definite want :)

regards,
        spz
-- 
spz%serpens.de@localhost (S.P.Zeidler)

References:
- merging forwarding & packet filtering?
  - From: David Young

Prev by Date: Re: merging forwarding & packet filtering?
Next by Date: [GSoC] : Interest in project
Previous by Thread: Re: merging forwarding & packet filtering?
Next by Thread: DHCPv6 support in dhcpcd?
Indexes:

Home | Main Index | Thread Index | Old Index