On Fri, 2002-11-22 at 13:39, Andreas Hasenack wrote: > - the internal network would probably do many downloads, and not uploads > > - the web server doesn't originate traffic, it responds to requests from > the outside world, and it will respond using the same link the request > came in (or not?) > No, replies packet will hit the multipath route, and thus may not take the same link to come back. But in such situation, the sraddr in the replies packets are likely to be set to the one on which the original request came on. In that case, we can add specific routing rules to ensure that the replies goes back through the right link. As far as I know, sraddr is likely to be set correctly for TCP servers, while for UDP servers it may not work as expected. Also, if our ISPs don't do rp_filtering, then we don't care what link is beeing used for the replies, as soon as the saddr is correct. Vincent. > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -- Vincent Jaussaud Kelkoo.com Security Manager email: tatooin@kelkoo.com "The UNIX philosophy is to design small tools that do one thing, and do it well." _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
