Re: Re: multipath routing problem [Shorter version] - Helpstill needed :-)

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


	Hello,

On 25 Oct 2002, Vincent Jaussaud wrote:

> > ssh tends to play with TOS fields (and rightly so). Routing is keyed to the
> > *triple* (src, dst, tos), something that most people (including me) normally
> > forget. However, in this particular case that may be the reason for your
> > ssh's breaking.
> >
> Hmm... that's really interesting. Thanks for the pointer. I remember now
> that I've read something regarding SSH & TOS field some days ago. If I'm
> right, it use the Minimum Delay TOS value.
>
> Now, how am I suppose to deal with this TOS issue ? What TOS value
> should do the trick ?

	In theory, you should not reach multipath route for
traffic that is already NAT-ed. May be you have to fix your
routes. The TOS field plays in the input routing performed
on forwarding and traffic between two public IP addresses can select
different nexthop if the TOS is different or if the routing
cache is somehow flushed (on route/address add/del, expiration).

> I'm using a 2.2 kernel with ipchains.
>
> > The reason for FTP breaking possibly has to do with packets for
> > the control connection going out the one gateway and for the data going
> > out the other... but this is speculation on my part.
>
> That sounds wise. However, routes are suppose to be cached using the src
> IP field as well (If I'm not mistaken), so that every packets coming
> from a particular IP are likely to take the same route than the others.
> Am I wrong ?

	Yes, TOS is a routing key just like SADDR and DADDR.
By using multipath route between 2 IP addresses you agree that
the packets can _safely_ choose any of the paths. When using
two or more ISPs you simply can't do this if the ISPs have
source spoofing disabled. In such cases only the traffic that
is NAT-ed from your box has the right to use the multipath route.
This is a key requirement for the patches you are using. Once
the NAT connections are established they don't hit multipath
route.

> A BIG Thanks for your reply :-)
> Cheers,
> Vincent.

Regards

--
Julian Anastasov <ja@ssi.bg>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux