On 12/28/2015 04:50 AM, Eliezer Croitoru wrote:
Which means he has 1 server with two gateway devices which each has it's own broadcast space\network. It's not clear to me if there are two gateways in the same broadcast\network or not.
I think it's safe to assume that the two addresses and, necessarily, the gateways, are in separate broadcast domains. However, even if that weren't the case, it is still sufficient to create two routing tables and use "ip rule" to select the appropriate table (and the gateway it specifies) based on the source address of the packet being routed.
Just to walk you through it, assume his server has two addresses in separate broadcast domains. The first interface has 1.2.3.4/24 with gateway 1.2.3.1. The second interface has 2.3.4.5/24 with gateway 2.3.4.1.
Now, a host at 192.0.2.2 initiates a connection. It sends a TCP SYN packet to 1.2.3.4. The server receives that packet and sends a TCP SYN/ACK to 192.0.2.2. The source address of that packet is 1.2.3.4. A rule exits that matches packets from 1.2.3.4 and selects the first routing table, where the default gateway is 1.2.3.1.
Later, a host at 198.51.100.3 initiates a connection. It sends a TCP SYN packet to 2.3.4.5. The server receives that packet and sends a TCP SYN/ACK to 198.51.100.3. The source address of that packet is 2.3.4.5, since that is the address that the SYN was sent to. A rule exists on the server that matches packets from 2.3.4.5 and selects the second routing table, where the default gateway is 2.3.4.1.
if it's on the same network then he must have some routing rules and the issue is not about a specific src address but about a connection..
You wouldn't normally have two addresses on two interfaces in the same broadcast domain. You'd probably bond the interfaces instead. But if you did, it wouldn't change the process. Reply packets will still have their source address set to the same address that received the request, and you'd still be able to specify the routing table based on that address.
So, again, you *can* mark connections and select a route that way, but it's slower and more complex than using information that's already available. There's simply no reason to do that in a standard multi-homed setup.
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
