The Daily Static
  The Daily Static
UF Archives
Register
UF Membership
Ad Free Site
Postcards
Community
Geekfinder
UFie Gear
Advertise on UF
Forum Rules
& FAQ

Username

Password


Create a New Account

  
 

Back to UserFriendly Strip Comments Index
Invoke: Uber Network Geeks RE: Router Discovery by pseudonym2005-03-31 16:35:00
  Hmmm.... I think I get it by thread_killer2005-03-31 17:42:20
    Everyone Look here =) by pseudonym 2005-03-31 20:24:52
Okay you guys kinda got it. What is going on here is we have three different sites. Each site has between 1 and 4 internet connections. Each site has between 5 and 10 clients NATed out on the router local to them. In addition we have set up an IPSec tunnel between the three sites. We also have a bridge set up through the tunnel so the entire thing appears to be on the same physical subnet.

gif0 is the IPSec tunnel interface. So it is entirely virtual in nature.

Each DHCP server is running the same dhcpd.conf and that is rsynced around the network. We want the three DHCP servers for a number of reasons, obstenance being one of them =P. But more to the point these are running over consumer I-Net accounts and the last thing we want is for the connection/s of the site that is hosting the DHCP to go down and lose it for the entire network.

We have to have everything rsynced because there is no gurentee which DHCP server that you will pull your IP because it all seems to be on the same subnet. Eventually we will refine this so that only broadcast traffic goes over the bridge and IP out over the IPSec tunnel.

What I need to do is find a way to have the router option be somewhat dynamic based on the physical location of the device. This is complecated because the network has no real way to diferentiate between locations. We want devices to retain their IP's even though they have traveled to another site, but to route through the correct router. We only want to have to edit ONE dhcpd.conf to get a new host set up on the network (hencse not just blocking the bootps port over the tunnel and having individual dhcp servers at each site).

What I was thinking of doing was using the ICMP router discovery packets, blocking THOSE from going over the tunnel so that while each client will have a list of routers (No priority designation or priority all the same) it will only be able to see the one router and therefore will choose that one.

As for the kinds of routers.. they are all OpenBSD 3.6 boxes useing Packet Filter.

I am looking for other options too.. I am not sure my solution is the most eleagant out there. Thanks for all the help guys. I have been scratching my head over this for the last few days.
[ Reply ]
      Threadkiller: IP addressing scheme by pseudonym2005-03-31 21:33:59
      clarification, blocking over the bridge,not tunnel by pseudonym2005-03-31 21:43:59

 

[Todays Cartoon Discussion] [News Index]

Come get yer ARS (Account Registration System) Source Code here!
All images, characters, content and text are copyrighted and trademarks of J.D. Frazer except where other ownership applies. Don't do bad things, we have lawyers.
UserFriendly.Org and its operators are not liable for comments or content posted by its visitors, and will cheerfully assist the lawful authorities in hunting down script-kiddies, spammers and other net scum. And if you're really bad, we'll call your mom. (We're not kidding, we've done it before.)