Multiple routing tables Or Policy routing for Dragonfly

bycn82 bycn82 at gmail.com
Fri Dec 12 17:15:31 PST 2014


*Hi,*

*here are the three options I mentioned in my previous email. actually I
also did not check into the detail of the implementation.*

*Option1: Port the "full implementation" from FreeBSD. that means support
FIB from socket to PCB and thread and all the way down to routing table.
even a syscall is needed. *

*Option2: A "Cut Off" version of FIB, it means only create multiple routing
tables, and find a way to mark the traffic by
src/dst/socket/thread/whatever, *

*Option3: "I Quit", Lots of effort needed especially for option1. Instead I
ask myself "why we need that?", the "fwd" in ipfw or "rdr-to" in PF can
fulfil the most requirements already, So maybe just find a direction to
enhance it.*

*The original developer(Julian Elischer)** is every kind and explained to
me about the fib and pointed out 10 items in one email (it is very helpful
:) ) I did not dive into the source level yet but I want to say that "FIB
in FreeBSD is great and it can be implemented because that developer is a
legendary person!", so I prefer to the option 2 or 3 for myself. because
that 10 items probably will cause me 100 months effort and outcome with
1000 bugs :) *

*So i think it is better to try the simplest way to provide "multi routing"
for *
*1. jail*
*2. socket/process/uid*
*3. ?? any other idea*

*BTW, which option do yo prefer? *

*regards,*
*bycn82*




On Sat, Dec 13, 2014 at 8:14 AM, Matthew Dillon <dillon at backplane.com>
wrote:
>
> I'm really not happy with the way FreeBSD implemented multiple routing
> tables and I don't really want to see those massive hacks brought into
> DragonFly.  I don't know what the best solution is per-say.  Probably
> better to hang a pointer directly off the kernel thread structure
> (sys/thread.h) and have a separate kernel domain topology rather than using
> jails.
>
> -Matt
>
> On Thu, Dec 11, 2014 at 11:11 PM, Matthias Rampke <
> matthias.rampke at googlemail.com> wrote:
>>
>> Three scenarios come to mind:
>>
>> 1) different routing for (some) VMs or Jails from the host (host uses one
>> internet connection, jail uses another)
>> 2) ditto, but for unjailed processes or users
>> 3) different routing for (certain) forwardings
>>
>> I have implemented 3) without multiple routing tables, just using pf, in
>> OpenBSD[0], but have not yet checked if this is possible with Dragonfly pf.
>> I failed at 1) once due to the lack of multiple routing tables but did not
>> know the pf way at the time.
>>
>> /Matthias
>>
>> [0] http://rampke.de/posts/ipv6-openvpn/
>>
>> On Fri, Dec 12, 2014, 02:33 bycn82 <bycn82 at gmail.com> wrote:
>>
>> * In what kind of scenario you are going to use the "multiple routing
>> table" (FIB in FreeBSD)? if you are familiar with it. *
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20141213/01d8fd8f/attachment-0002.html>


More information about the Users mailing list