[LARTC] Application routing

paul.walling@ntlworld.com paul.walling@ntlworld.com
Sun, 17 Aug 2003 10:32:03 +0000 

As requested I am attaching my network topology and routing
tables. I can see that my request was a little ambiquous so
heres a little more info

NETWORK TOPOLOGY
================
On my linux PC (redhat 7.3) I have two interfaces IF1 & F2.
Each is connected to an ADSL router IF1 to R1 and IF2 to R2.
The ADSL routers are configured with static NAT active.
My networks are private with the addressing scheme.
 IF1 address 172.21.1.12 
  R1 address 172.21.1.11
NET1 address 172.21.0.0/16

 IF2 address 172.22.1.12 
  R2 address 172.22.1.11
NET2 address 172.22.0.0/16

ASSUMPTIONS
===========
The network topology as above means that I can guarantee
that all incoming frames at IF1 and IF2 will have the 
destination address as the appropriate IF address.
There are no other devices on these networks.

ROUTING TABLES
==============
Add routing tables T1 and T2 
ip route add default via 172.21.1.11 dev eth1 table T1
ip route add default via 172.22.1.11 dev eth2 table T2

Add policy rules 
ip rule add from 172.21.1.12 table T1
ip rule add from 172.22.1.12 table T2

Show Routing table main:
172.21.0.0/16 dev eth1 scope link
172.22.0.0/16 dev eth2 scope link
127.0.0.0/8 dev lo scope link

Show Routing table T1:
default via 172.21.1.11 dev eth1

Show Routing table T2:
default via 172.22.1.11 dev eth2

Show Rule table:
0: from all lookup local
32764:  from 172.21.1.12 lookup T1
32765:  from 172.22.1.12 lookup T2
32766:  from all lookup main
32767:  from all lookup 253

TESTING
=======

INCOMING PACKETS
----------------
With the above configuration I have been able to receive 
incoming packets and route them back out the interface they 
have been received on. This works because when the
applications respond to a request they swap the IP dest
address and IP source address hence I know that the source
address has been set correctly, hence my rule applies
and hence traffic is sent via the correct interface.

OUTGOING PACKETS
----------------
Here in lies the problem.
I use ping as an application first. If I just ping an 
address which happens to be accessible via both networks 
e.g. ping 194.159.243.228 (www.sip.com) then frames 
will not actually route out of my system. This is because 
there is no rule or route to return a source address.
Now if I include the interface ping -i IF1 194.159.243.228
then frames are sent out on IF1. This works because the 
ping application binds to the source address of the 
interface.

MY APPLICATION
==============
I want to be able to simultaneously get the same web page
via both routers. Hence in this application the destination 
address will always be the same. This discounts routing by 
destination address. As my application resides well above 
the socket layer, there is no access to the bind facility.

Now this is why I'm thinking of Marking frames with the 
target interface ID based on the PID of the application. 
Hence each frame that the application sends will then be 
marked with either a 1 or a 2. I can then add two further 
rules which would then route based on the Mark to either T1 
or T2 which will. However a response I have received 
indicates that this is not reliable.

So back to my original question which I suppose is how do 
you get an application to be able to select the source 
address if you don't have access to bind ?

Sorry this has been a bit long winded but at least you have 
the entire picture now

Many thanks

Paul


-----------------------------------------
Email provided by http://www.ntlhome.com/