[Babel-users] policy routing
Juliusz Chroboczek
jch at pps.jussieu.fr
Sun Feb 5 01:55:26 UTC 2012
>> However the problem of dealing with ipv6's various forms of addressing has
>> O(n) complexity, it seems, so multiples of tables seem needed.
Dave, you're confused, as usual. There's no "problem" with the multiple
forms of addressing in IPv6.
The problem is with the ingress filtering policies of your upstream
ISPs. The clean solution is to use a single upstream ISP, or to use PI
space and make sure your upstreams accept packets sourced with your
address.
If you cannot do that, put a full mesh of GRE tunnels between your
Internet gateways, and put a bunch of source policy rules to make sure
each packet gets routed through the right gateway for its source
address. Assuming the case of n upstreams, that's n gateways, and n-1
tunnels originating on each gateway. Since there's no reason to have
more than two upstreams (the cheap one and the reliable one), that's
very reasonable.
> I was trying to come up with a sane set of filters using the filter
> rules, and failed.
Please try again.
-- Juliusz
More information about the Babel-users
mailing list