[LARTC] Application routing

Martin A. Brown mabrown-lartc@securepipe.com
Sat, 23 Aug 2003 23:02:48 -0500 (CDT) 

Paul,

[ Sorry for the slow reply. ]

 : As requested I am attaching my network topology and routing tables. I
 : can see that my request was a little ambiquous so heres a little more
 : info

[ good and accurate description, based on LARTC HOWTO, snipped ]

 : Here in lies the problem. I use ping as an application first. If I just
 : ping an address which happens to be accessible via both networks e.g.
 : ping 194.159.243.228 (www.sip.com) then frames will not actually route
 : out of my system. This is because there is no rule or route to return a
 : source address. Now if I include the interface ping -i IF1
 : 194.159.243.228 then frames are sent out on IF1. This works because the
 : ping application binds to the source address of the interface.

You could add a multipath route into your main routing table.  Then at
any given time, a new route lookup in the main routing table would return
something at least.

 : I want to be able to simultaneously get the same web page via both
 : routers. Hence in this application the destination address will always
 : be the same. This discounts routing by destination address.

As an example, I would recommend using "wget --bind-address=172.21.1.12"

       --bind-address=ADDRESS
           When making client TCP/IP connections, "bind()" to
           ADDRESS on the local machine.  ADDRESS may be speci­
           fied as a hostname or IP address.  This option can be
           useful if your machine is bound to multiple IPs.

 : As my application resides well above the socket layer, there is no
 : access to the bind facility.

Ah!  Now that's a problem for which I have no solution!

 : Now this is why I'm thinking of Marking frames with the target
 : interface ID based on the PID of the application.  Hence each frame
 : that the application sends will then be marked with either a 1 or a 2.
 : I can then add two further rules which would then route based on the
 : Mark to either T1 or T2 which will. However a response I have received
 : indicates that this is not reliable.

Indeed, it is not.  This reply was accurate (to my knowledge).

 : So back to my original question which I suppose is how do you get an
 : application to be able to select the source address if you don't have
 : access to bind ?

Indeed--unfortunately, this is a problem for which I have no answer.  I
believe I have seen subsequent postings from you where you are
experimenting with using netfilter to route packets out particular
interfaces, and I saw somebody else mention a desired netfilter
<software type="imagined">-j RT_LOOKUP</software> target.

Best of luck,

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com