On 05/02/2013 01:01 AM, anax wrote: > On 2013-05-01 22:05, Michael Mol wrote: >> I'm attempting to configure source-specific routing so that my servers >> can exist on multiple subnets from multiple upstream providers. >> >> A rough diagram of the network layout: >> >> >> ISP1 router (blackbox, routes subnet A, address on subnet A) >> \ >> -----------eth0(firewall)eth1---((servers)) >> / >> ISP2 router (blackbox, routes subnet B, address on subnet B) >> >> The aim is to allow the servers to use both subnet A and subnet B. To >> allow this, any machine on both subnets must have source-specific >> routing configured, else packets originating from one ISP's AS will be >> directed at the other's router, and neither ISP cares for that. >> >> At the moment, I'm focusing on getting the second ISP properly added to >> the firewall box. The firewall box is using CentOS 6.4, and normally >> passes traffic back and forth via proxy_arp. None of my interfaces are >> NM_CONTROLLED, and NetworkManager is not installed, much less started. >> >> I've created a route-eth0:1 file that looks roughly like this: >> >> 10.0.0.1 dev eth0:1 \ >> src 10.0.0.2 \ >> from 10.0.0.0/29 >> >> default via 10.0.0.1 dev eth0:1 \ >> src 10.0.0.2 \ >> from 10.0.0.0/29 >> >> (Treat indented lines as continuations of the previous line) >> (No, the ISPs aren't giving me RFC1918 addresses; these are redacted.) >> >> If I run "ifup eth0:1", "ip route show" includes the lines: >> >> 10.0.0.1 dev eth0 scope link src 10.0.0.2 >> 10.0.0.0/29 dev eth0 proto kernel scope link src 10.0.0.2 >> default via 10.0.0.1 dev eth0 >> >> >> Note that the "from 10.0.0.0/29" clause is missing. With the addition of >> a second default route on my firewall/gateway without any restriction on >> which traffic should go that way, my whole network, of course, tanks. >> >> I'm surprised it's been such a pain; I would have expected it to be a >> relatively common configuration. What's the proper way of doing >> source-specific routing on CentOS? > > http://www.linuxjournal.com/article/7291 > http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html > > might probably help you > > suomi > Read that whole document before writing a line of code. Also of use, in case anyone else comes across this thread: Network Warrior, by Gary A. Donahue The TCP/IP Guide, by Charles M. Kozierok NIST SP 800-800-119, Guidelines for the Secure Deployment of IPv6 IPv6 Network Administration, by Niall Richard Murphy & David Malone Content Delivery Networks, edited by Rajkumar Buyya, Mukaddim Pathan, Athena Vakali (In particular, see DNS-based network management) That's most of the relevant network-related stuff I've got in my library. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 555 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20130502/e518041e/attachment-0005.sig>