[Gllug] routing via a second external IP

John Winters john at sinodun.org.uk
Wed Aug 13 08:36:22 UTC 2008


t.clarke wrote:
> I am getting a bit confused with the various posts on the 2nd ADSL connection!
> 
> I always understood that packets were routed based on their destination,
> regardless of which interface they arrived on.
> 
> So, for exmaple, if I have two interfaces on machine with addresses
> 123.123.123.123   - DNS entry of  www.seacon.co.uk
> and
> 124.124.124.124
> 
> 
> and a default route out via 123.123.123.123
> and a specific route to a customer on IP address  100.100.100.100
> via 124.124.124.124
> 
> and that customer connects to www.seacon.co.uk (123.123.123.123)
> reply packets will go back over 124.124.124.124,  presumably with with a
> source-address of 124.124.124.124  - in which case I asume they will be
> disregared by the customers machine.

Yes, your customer will struggle if he attempts to talk *to your gateway
machine* using the address 123.123.123.123.  (Actually, re-reading that
I'm not sure he will.  I think it might work.)  However presumably he
doesn't want to talk to your gateway machine - he wants to talk to some
machine internal to your network.  It too will need a brace of IP
addresses in order that external routers know which of your two links to
send incoming packets down.  Let's arbitrarily assign 121.121.121.121
(or 121 for short) and 122.122.122.122 (hereinafter referred to as 122).

You tell your ISP (or ISPs) that traffic for 121 should be routed in
down the 123 link and traffic for 122 should be routed down the 124
link.  (Obviously, thought has to be given to netmasks and the like -
the real addresses wouldn't look anything like this.)

Most of your customers will use the 121 address.  Their incoming traffic
will be routed in down the 123 link and forwarded on to the server.
When the reply comes back it will carry a source address of 121 and a
destination address of xxx and so will go out down the 123 link, exactly
as before.

If your special customer ignores your instruction to use the new IP
address (122) then he will continue to send his packets to the 121
address.  They will thus come in down the 123 link and be sent on to the
server.  The server will respond with a source address of 121 and a
target address of 100 and so the router will send the outgoing packets
on the 124 link.  This is how the situation arises that packets are
coming in down one link and going out down another.  It will work fine
(the Internet was designed to work this way) but you won't get the full
benefit of the dedicated link.

Once your special customer switches over to using the 122 address as
instructed then you get the full benefit.  His incoming packets arrive
down the 124 link, are routed to the server and then go back out down
the 124 link.  Note that, provided NAT is not involved, the source and
destination address stays the same through the life of the packet.

> 
> Either way, I assume if the two ADSL lines use a router with NAT in place,
> it won't work.

If one of your lines has NAT in place and your customer continues to use
the old (wrong) target address then yes, it won't work.

John
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list