Re: how to choose outgoing IPv4 address/interface ?

Fri, 30 Dec 2011 14:54:59 -0800 

* Claudio Jeker <cje...@diehard.n-r-g.com> [2011-12-30 23:32]:
> On Fri, Dec 30, 2011 at 05:08:28PM +0100, Henning Brauer wrote:
> > * PP;QQ P(P8P?P8QP8P= <chipits...@gmail.com> [2011-12-30 05:21]:
> > > why does OpenBSD choose vlan379 ? how can I make it use vlan200 for
> > > all outgoing traffic except bgp communication ?
> > for wildcard binds (INADDR_ANY aka 0.0.0.0, connect without bind has the
> > same effect) the address is chosen based on the route to the destination.
> Many applications allow to bind(2) before doing the connect(2) so you can
> define the outgoing address being used. I know that especialy the DNS
> resolvers bind and unbound have that option.

true.
i kinda exluded the per-app options.

> > how's the if address figured out? easy. if the route lookup gives a
> > gateway route (as in the above example, gateway 80.81.203.34), a lookup
> > for the route to that gateway is done (basically, i simplify a bit).
> > if needed this is repeated until we get a connected route - which we
> > have straight after looking up the route to the gateway from the
> > previous route in this case.
> To be true the ifa (as in if address) is stored on each route individually
> and can be forced by route(8). But yes, on route insertion the kernel will
> do the mentioned dance by looking up the gateway unless userland provided
> an ifa in advance. Now that does not help for BGP learened routes but can
> be used for other tricks.

in the "common" setup the true vs exit nexthop stuff will do the
trick, but indeed there are exceptions.

> > so all you need to do is getting your routes right. from your
> > description (which leads to the impression that your ISP makes you use
> > a pretty strange setup) you'll need to set the nexthop to your ISP's
> > address on that other vlan in your bgpd.conf - look for "set nexthop"
> > in bgpd.conf.5
> set nexthop will not work it is used for outgoing updates not for the FIB.

you're right, thinko on my side.

--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully
Managed
Henning Brauer Consulting, http://henningbrauer.com/

Reply via email to