Special Case Routing Functions
As covered in Chapter 7, “Kernel Support Tools”, adding additional functions to Internet gateways can add additional value to a Linux router and, indeed, often gives Linux an edge over traditional routers as Internet access gateways.
There are additional considerations, or special cases, that also arise when planning and deploying networks that you should be aware of.
IP Version 6 Support
Chapter 4, “IPv4 and IPv6 Addressing,” covers the innards of addressing networks. Organizations choosing to support IPv6 will need phase-in methodologies to support both versions of the Internet protocol.
RFC 1933, “Transition Mechanisms for IPv6 Hosts and Routers,” defines two methods for transitioning to IPv6: dual IP layer and IPv6 over IPv4 tunneling.
Dual IP layer is very similar to dual stacks to support multiple protocols. For example, many workstations and PCs supported both IP and Novell’s IPX during Novell’s popularity in the 1990s.
Dual stacks is a host-based solution, that is, the host can communicate with both IP version 6 and version 4 nodes, which provides a very broad base of interoperability capability.
Many organizations wish to deploy specific IPv6 networks as opposed to a dual stack approach. Therefore, RFC 1933 also defined tunneling of IPv6 over IPv4 networks. Tunneling of IP version 6 over version 4 is similar to other tunneling technology. An example of the tunneling is shown in Figure 10.4.
Figure 10.4. IP version 6 over IP version 4.
Node A and B both have IP version 6 and IP version 4 interfaces. For traffic flowing from A to B, A encapsulates the IPv6 packet received on interface A1 into a version 4 packet and routes it out interface A2. Router B then accepts the IPv4 packet on interface B1, strips the IPv4 header from the packet, and routes it out interface B2 as an IP version 6 packet.
Multihoming
Multihoming, for most system administrators, describes connecting a host or network to multiple networks. A router, by definition, is multihomed. In this chapter, multihoming refers to actually connecting to the Internet via at least 2 upstream providers.
Administrative Considerations
Internet service providers’ policies on multihoming vary greatly—from very little concern on how you implement multihoming (these ISPs will tend to use filtering very strongly on the edge of the network to ensure your network is not affecting the core network) to a very detailed list of dos and don’ts. This chapter covers the technical aspects of multihoming, but do consult with the ISPs of choice on their policies and recommendations.
Simple Multihoming
The simplest form of multihoming is shown in Figure 10.5.
Figure 10.5. Simple multihoming.
In Figure 10.5, the enterprise is connected to ISP A and ISP B via T1 connections. On the router, penguin, two default routes with equal weights are pointed to each ISP A and B creating a load balance between the two ISPs.
The major advantage to this solution is simplicity and a total bandwidth for Internet connectivity of 3Mbps. The major disadvantage of this solution is that 50% of traffic destined to ISP A for outsourced services such as WWW, DNS, or even email, will travel through ISP B. Static routes for the ISP’s networks can be entered to create a hybrid Simple Multihoming network; however, the ISPs also have many customers where traffic should go through a particular link (assuming the link is in service). Therefore, a more efficient method is often needed.
BGP Multihoming
By using BGP with both providers, the edge router(s) can determine the best path to both ISP providers’ customers. This can be implemented in several ways. Should the provider only advertise customer networks with customers, then a direct BGP implementation is straightforward. Should the provider advertise all routes, a filtering mechanism is required at the edge of the provider’s network or on the customer premise.
Filtering is preferred over simply adding entries for the providers’ networks given that adding entries does not take failures into consideration. Consider the network shown in Figure 10.6. With the static entry, the connection will fail because all the traffic is going out link A1. However, if router A knew about the failure through a routing update, then the router will use link A2, and the traffic will arrive through ISP B.
Figure 10.6. Link failure bypass.
Challenges of Multihoming
Due to the wide spread acceptance of CIDR by ISPs, ISPs are resistant to advertising networks not within their CIDR domain. Multihoming, by nature, creates the situation where an ISP needs to advertise another provider’s CIDR portion within its network. Even if the ISP is willing to advertise the route for the other provider’s address space within its domain, routers outside the domain will not know that both ISPs have a path to the network.
Due to the large number of Internet attacks that make use of spoofed addresses, ISPs also will filter out packets that have source addresses not belonging to their CIDR.This, then, also should be considered when designing the access network for multihoming.
NAT could be used to ensure all packets through a particular ISP use the address space assigned by that ISP as the source address.This will add complexity to the network; however, most networks use NAT already, so it is a question of the specific network requirements and implementation on how much additional complexity is added.