From nobody Wed Apr 24 17:45:13 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VPmbf1P4sz5J2xW for ; Wed, 24 Apr 2024 17:45:18 +0000 (UTC) (envelope-from gshapiro@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VPmbd60Vyz4vgl; Wed, 24 Apr 2024 17:45:17 +0000 (UTC) (envelope-from gshapiro@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1713980717; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pgomdU57CMe1y6zUUU3nLdZLHEIlrmUBrWe4pFt0m4w=; b=hPMcq1B2DPPFZFvUXfd33GxLpEegVvq68zfpmWpiTjqMIZrDXfw+BkvpwTy3zsEl9nN63E J5ZBgkAb43VVT/8erxU96d0tyF73TXO7h6Yxm0hChfWEsCMQYV38NM48m8ABlGKhzSHyLB YYeucx2ucq03gns0hPgFvxdi1JZpvmzJ6rdHSVqUBztTpXatMNevZKwXr+CLCpuflD+0RJ JPZxA4FNfzqxXvAQ/rxeC1/B8AlEsNjV5HEYTKY1euvKlreTv5DDcuf8pdKik2coJmrQSd NuqyUeYodePya5KKkTSIolEarPLnSka0dr6ZsJB/nYTEgyVVzd7jJX/aIydf/A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1713980717; a=rsa-sha256; cv=none; b=bgyPPVqu68rH7C9mvNcrngTk205eETRxHj1ndwNHcaaWuYYDerMF2c8TY86ulXqCutj0xV 1ZEVOThsqiH0v9KLNxUbGrsxkSgBOWrKVu8s9hlXaZKmasX1tmRnMqj41Aqww9Igl84oaO viW/glQaL0V4rtJib2UgjqqGcLPbqj9gclgo6rbkMZsCdf9Je7TN25lZInAzOekD2o6aQS emhmnW1DH6LUjeowyQdwN+u/3YLuzsvAFtNpNJo11icHLGf1g8rSzlUa7XOKVy0fiAdytc 97wug/p45EUT9Y++tLjB2h9OxQWbxEN85mbYrknHeaZaeN/FdAetO23TZSmosw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1713980717; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pgomdU57CMe1y6zUUU3nLdZLHEIlrmUBrWe4pFt0m4w=; b=lr9Vtt5nLv+oUzkMr50qathf1sQ4iV/XcwWe3e0iJ+ZqwD0+WUl2SbL0R6Albol6JIyZBD elawjaisbSmPYHXtUpTYJoHjtEeu0RYBcG2zVDwh4U8msn14lfRfuGTU1SIFL/LLB5MBlX JRw4fsHy84ejYbd2WQslpk7+9L2Qqu2rbeb4YNWZltgpjb0tj8mXdsetNAnOzDO8/ZS7uY IqEZiMAYODQjuf7QYZByPFDU4W4CO9Uc2VYVTUrEBsFtc1a0Wx3h/C6VLXPlfOEw5l0Rz4 mYv05CPkD6NReSPXAZPkgqV44nydCCKdVcr50EGEfgZQzNjGwJyaVfI/L6i2Cw== Received: from thornystick.local (thornystick.gshapiro.net [IPv6:2a0a:280:2357:5506::2ee5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: gshapiro) by smtp.freebsd.org (Postfix) with ESMTPSA id 4VPmbc5G8Sz1PXd; Wed, 24 Apr 2024 17:45:16 +0000 (UTC) (envelope-from gshapiro@freebsd.org) Date: Wed, 24 Apr 2024 10:45:13 -0700 From: Gregory Shapiro To: Marek Zarychta Cc: freebsd-net@freebsd.org Subject: Re: Source IPv4 address selection vs BGP IX connection Message-ID: References: <8895bb37-ccf3-48fd-877c-74c659045b23@plan-b.pwste.edu.pl> List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <8895bb37-ccf3-48fd-877c-74c659045b23@plan-b.pwste.edu.pl> On Wed, Apr 24, 2024 at 07:10:51AM +0200, Marek Zarychta wrote: > W dniu 24.04.2024 o 04:12, Gregory Shapiro pisze: > > Short version: > > > > Using FreeBSD as a BGP router has network issues caused by suboptimal > > default IPv4 source address selection when connected to Internet > > Exchanges (which are required to use IPs that aren't routable on the > > Internet). I was hoping to find more elegant workarounds or encourage > > FreeBSD to add source IPv4 selection akin to the existing IPv6 source > > address selection (no_prefer_iface and prefer_source). > In this case, probably best solution will probably be using multiple FIBs. > Running a BGP routing daemon under not default FIB after assigning its > interface to this FIB should solve the problem but it might create > eventually new problems to solve (for example in which FIB should imported > routes be stored). Thank you for sharing the ideas. This first idea seems to negate the positive impact of multihoming and connecting to the IX for peering and additional transit. If the routes aren't usable in the default routing RIB (for downstream/LAN hosts or the router itself), then there doesn't seem to be a purpose of having multiple routes. > It's also possible to set and use non-default FIB for DNS lookups and > maintenance tasks like pkg upgrade (setfib -1 pkg ....). This approach is > probably more straightforward to conduct. Until you consider that not all work is done from the command line such that 'setfib' can proceed every command. What if cron wants to send a message with output from a cron job? What if a system service needs to connect to another host (e.g., ntpd)? Even to ssh into the system, sshd needs DNS for PTR lookups. I really think this isn't an issue with routing (and therefore can't be fixed elegantly by changing routing). It is an issue with source IP selection (one that has been addressed for IPv6, just not IPv4). I'll try to dig into how FreeBSD does source IP selection and see if I can add code to tune that process.