[CentOS] Configuring source-specific routing

Thu May 2 05:01:08 UTC 2013
anax <anax at ayni.com>

http://www.linuxjournal.com/article/7291
http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html

might probably help you

suomi

On 2013-05-01 22:05, Michael Mol wrote:
> I'm attempting to configure source-specific routing so that my servers
> can exist on multiple subnets from multiple upstream providers.
>
> A rough diagram of the network layout:
>
>
> ISP1 router (blackbox, routes subnet A, address on subnet A)
>    \
>     -----------eth0(firewall)eth1---((servers))
>    /
> ISP2 router (blackbox, routes subnet B, address on subnet B)
>
> The aim is to allow the servers to use both subnet A and subnet B. To
> allow this, any machine on both subnets must have source-specific
> routing configured, else packets originating from one ISP's AS will be
> directed at the other's router, and neither ISP cares for that.
>
> At the moment, I'm focusing on getting the second ISP properly added to
> the firewall box. The firewall box is using CentOS 6.4, and normally
> passes traffic back and forth via proxy_arp. None of my interfaces are
> NM_CONTROLLED, and NetworkManager is not installed, much less started.
>
> I've created a route-eth0:1 file that looks roughly like this:
>
> 10.0.0.1 dev eth0:1 \
>    src 10.0.0.2 \
>    from 10.0.0.0/29
>
> default via 10.0.0.1 dev eth0:1 \
>    src 10.0.0.2 \
>    from 10.0.0.0/29
>
> (Treat indented lines as continuations of the previous line)
> (No, the ISPs aren't giving me RFC1918 addresses; these are redacted.)
>
> If I run "ifup eth0:1", "ip route show" includes the lines:
>
> 10.0.0.1 dev eth0  scope link  src 10.0.0.2
> 10.0.0.0/29 dev eth0  proto kernel  scope link  src 10.0.0.2
> default via 10.0.0.1 dev eth0
>
>
> Note that the "from 10.0.0.0/29" clause is missing. With the addition of
> a second default route on my firewall/gateway without any restriction on
> which traffic should go that way, my whole network, of course, tanks.
>
> I'm surprised it's been such a pain; I would have expected it to be a
> relatively common configuration. What's the proper way of doing
> source-specific routing on CentOS?
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>