[CentOS] Configuring source-specific routing

Thu May 2 13:22:47 UTC 2013
Michael Mol <mikemol at gmail.com>

On 05/02/2013 01:01 AM, anax wrote:
> On 2013-05-01 22:05, Michael Mol wrote:
>> I'm attempting to configure source-specific routing so that my servers
>> can exist on multiple subnets from multiple upstream providers.
>> A rough diagram of the network layout:
>> ISP1 router (blackbox, routes subnet A, address on subnet A)
>>    \
>>     -----------eth0(firewall)eth1---((servers))
>>    /
>> ISP2 router (blackbox, routes subnet B, address on subnet B)
>> The aim is to allow the servers to use both subnet A and subnet B. To
>> allow this, any machine on both subnets must have source-specific
>> routing configured, else packets originating from one ISP's AS will be
>> directed at the other's router, and neither ISP cares for that.
>> At the moment, I'm focusing on getting the second ISP properly added to
>> the firewall box. The firewall box is using CentOS 6.4, and normally
>> passes traffic back and forth via proxy_arp. None of my interfaces are
>> NM_CONTROLLED, and NetworkManager is not installed, much less started.
>> I've created a route-eth0:1 file that looks roughly like this:
>> dev eth0:1 \
>>    src \
>>    from
>> default via dev eth0:1 \
>>    src \
>>    from
>> (Treat indented lines as continuations of the previous line)
>> (No, the ISPs aren't giving me RFC1918 addresses; these are redacted.)
>> If I run "ifup eth0:1", "ip route show" includes the lines:
>> dev eth0  scope link  src
>> dev eth0  proto kernel  scope link  src
>> default via dev eth0
>> Note that the "from" clause is missing. With the addition of
>> a second default route on my firewall/gateway without any restriction on
>> which traffic should go that way, my whole network, of course, tanks.
>> I'm surprised it's been such a pain; I would have expected it to be a
>> relatively common configuration. What's the proper way of doing
>> source-specific routing on CentOS?
> http://www.linuxjournal.com/article/7291
> http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html
> might probably help you
> suomi

Read that whole document before writing a line of code.

Also of use, in case anyone else comes across this thread:
Network Warrior, by Gary A. Donahue
The TCP/IP Guide, by Charles M. Kozierok
NIST SP 800-800-119, Guidelines for the Secure Deployment of IPv6
IPv6 Network Administration, by Niall Richard Murphy & David Malone
Content Delivery Networks, edited by Rajkumar Buyya, Mukaddim Pathan,
Athena Vakali (In particular, see DNS-based network management)

That's most of the relevant network-related stuff I've got in my library.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 555 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130502/e518041e/attachment-0005.sig>