View Single Post
  #1   (View Single Post)  
Old 8th November 2010
SlyM SlyM is offline
Port Guard
 
Join Date: Nov 2010
Posts: 21
Default Multi-Path or Route-To?

Hello everyone,

I'd like to ask all of those who have serious in-depth knowledge of how the OpenBSD kernel works and how pf works to answer a possibly simple, possibly complicated question.

Basically what I want to know is how the multipath routing in the OpenBSD kernel works. Is it meant to work for multiple routers available on the same subnet or can they be on separate subnets? I am trying to use only 1 NIC for egress traffic to the Internet. Both routes are actually 2 separate ISP connections (say cable and dsl) over a single NIC with both lines connected to it via a switch and ISP1's IP assigned to the NIC as the primary IP and the IP of ISP2 aliased onto the same NIC and then using multipath default routes to define the default gateways of each ISP connection.

What I'm basically trying to do it load balance 2 Internet connections with my OBSD firewall. But with simple multipath routes it sort of works, but I suffer a whole heck of a lot of packet loss.

What I ultimately found using line snooping Ethernet sniffers is that the firewall would sometimes attempt to send traffic from one ISP's IP address to the default gateway of the other ISP's connection. I assumed this would not happen since each ISP connection has a small 5 IP subnet and I did specify the netmask and the default gateway for each ISP is within its subnet. I made the seemingly logical assumption that it would intelligently route traffic from ISP1's IP to ISP1's default gateway and ISP2's IP to ISP2's default gateway. But it doesn't seem to be doing that, picking a default gateway seemingly at random without taking into consideration the source IP its employing at the moment.

Why is this? Am I misunderstanding what multipath routes are meant for? Or is this a bug in the kernel/my configuration of multipath?

I found a seemingly slightly better working solution with just using Route-to rules in pf. I now no longer suffer from packets going down the wrong default gateway, but I only have the default gateway for ISP1's connection defined for this to work right.

Is multipath routing only meant to work for routers on the same subnet?
Reply With Quote