[CentOS] Configuring source-specific routing

Thu May 2 17:05:24 UTC 2013
Les Mikesell <lesmikesell at gmail.com>

On Thu, May 2, 2013 at 8:14 AM, Michael Mol <mikemol at gmail.com> wrote:
> Ultimately, for this to work cleanly, anything which requires a public
> IP (be it a raw authoritative DNS server or a load balancer) will
> require an IP on both public subnets.

No it doesn't, as long as you don't mind losing the source IP for
logging or configure your http proxy to pass it.  You can use separate
front end proxies or load balancers on each public range, with its
default gateway pointing toward the ISP handling it.   DNS service is
simple enough to have standalone servers for each instance you need.
 Web browsers are actually very good at handling multiple IPs in DNS
responses and doing their own failover if some of the IPs don't
respond.  SMTP will retry following your MX priorities.  For other
services you might need to actively change DNS to drop IPs if you know
they have become unreachable, though.

> The only blocker right now is getting CentOS to do source-policy routing
> properly.

It's a black art - I'd give up the source IP logging first and rely on
the back end servers sending back to the proxy that received the
request and only has the default route to that one ISP.

   Les Mikesell
    lesmikesell at gmail.com