From nobody Fri Sep 27 09:23:51 2024 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XFQ552jDCz5XlLV for ; Fri, 27 Sep 2024 09:23:53 +0000 (UTC) (envelope-from freebsd-doc@fjl.co.uk) Received: from bs2.fjl.org.uk (bs2.fjl.org.uk [84.45.41.208]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "bs2.fjl.org.uk", Issuer "bs2.fjl.org.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XFQ543t9Xz4Rfb for ; Fri, 27 Sep 2024 09:23:52 +0000 (UTC) (envelope-from freebsd-doc@fjl.co.uk) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of freebsd-doc@fjl.co.uk designates 84.45.41.208 as permitted sender) smtp.mailfrom=freebsd-doc@fjl.co.uk; dmarc=none Received: from roundcube.fjl.uk ([192.168.0.2]) by bs2.fjl.org.uk (8.16.1/8.16.1) with ESMTP id 48R9Np1N015482 for ; Fri, 27 Sep 2024 09:23:51 GMT (envelope-from freebsd-doc@fjl.co.uk) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 Date: Fri, 27 Sep 2024 10:23:51 +0100 From: Frank Leonhardt To: questions@freebsd.org Subject: Re: Why does dhcpd have a routers (plural) option for a subnet? In-Reply-To: References: <292574df4e30929138035c55f6d69185@fjl.co.uk> Message-ID: <029dafc8cfcf9cdc0c874c966225dc7b@fjl.co.uk> X-Sender: freebsd-doc@fjl.co.uk Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-2.04 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_LONG(-0.96)[-0.965]; NEURAL_HAM_MEDIUM(-0.96)[-0.961]; NEURAL_HAM_SHORT(-0.91)[-0.913]; R_SPF_ALLOW(-0.20)[+ip4:84.45.41.208:c]; ONCE_RECEIVED(0.10)[]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; MISSING_XM_UA(0.00)[]; DMARC_NA(0.00)[fjl.co.uk]; ASN(0.00)[asn:25577, ipnet:84.45.0.0/17, country:GB]; FROM_HAS_DN(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org]; R_DKIM_NA(0.00)[]; MLMMJ_DEST(0.00)[questions@freebsd.org]; MIME_TRACE(0.00)[0:+] X-Rspamd-Queue-Id: 4XFQ543t9Xz4Rfb X-Spamd-Bar: -- On 2024-09-26 17:04, Doug McIntyre wrote: > On Thu, Sep 26, 2024 at 03:29:39PM +0100, Frank Leonhardt wrote: >> This would require the host to rotate on failed gateways. I've always >> thought this was a sensible and simple idea but networking geeks said >> it was >> a really bad one and router standby protocols were the way to go. >> >> So the next interesting question would be which host stacks would >> accept >> multiple gateways and what would they do with them? > > > You have to think back to when this would have been developed. > > The model of NAT didn't exist. IP addresses were unique and globally > routable. > > Routers were large devices that weren't entirely stable, mainly to > route between multiple networks. > > For a large campus, you probably had a router servicing every building, > if not every floor. > You may have put multiple routers in to talk to different types of > networks. Its entirely possible > that another backup router would eventually lead you back to where you > needed to go, perhaps over a > secondary (ie. slower) link. > > Any host stack should be able to handle routing tables dealing with the > original scenario. > Network Engineers at ISPs do this all the time. > > Now, with NAT being prevelent everywhere, you're going to have to go > through the device that holds your session table to have NAT work > back. Most firewalls won't let traffic coming in on the "wrong" > interface from passing through. Thus, we've collapsed everything down > to requiring > the one gateway router/firewall device. > > This is one of the problems with NAT that old network people complain > about. > NAT solved the Internet IP address limit problem, but with much reduced > functionality and resiliency. Yes, now you mention it, it's obvious a lot of the state information in a LHR is indeed down to asymmetric NAT! Hosts flipping themselves to a backup gateway is break connections and cause retries, but so is having someone turn a stalled router off and on again, so I've never been convinced that having a spare online waiting, without state, is such a bad thing (like DNS servers). I suspect Network Engineer's dislike of a quick-and-dirty imperfect solution may be down to maintaining their mystique around things like HSRP. But what DOES FreeBSD (or anything else) do when there are two 0.0.0.0 in the routing table? It lets you configure two (and it's a PITA to delete the wrong one), but whenever I've checked the FM, everything says "There is only ever one default gateway, you ignorant peasant!" -- ------ 25-Sept-24 My apologies to everyone who I appear to have ignored for the last few years. A procmail script was misfiling some replies to Questions to the wrong folder.