On Wed, 24 Sep 2014 10:08:29 -0400, John de la Garza said: > why not look at the destination ip of the ip header? It's possible to receive a packet on the "wrong" interface. For instance, we have a software package installed here that insists on talking on one IP address, so we end up with this setup: world - 198.82.X.Y- |BOX| - 172.28.40.z - private 10G net - clientbox and the client box does a 'route add host 198.82.x.y gw 172.28.40.z', so when it sends packets to 198.82.x.y, it shows up on the box's 10G interface. Said packet is then cheerfully accepted, because the destination address matches *one* of the boxes's addresses (just on a different interface). Another similar situation is for HA, where you'll have a pair (or more) of boxes that each have their own IP address on a subnet, and a floating IP that's used by client machines to actually access the service, and which moves back and forth if a box fails or is down for maintenance. So the active one of the HA pair has 2 addresses on the interface. And that's not even starting on the case of "Linux-based router", where *most* packets you handle don't have your IP address in the destination field, because you are going to forward it.
Attachment:
pgp58gnvSS0V0.pgp
Description: PGP signature
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
