interface defaults again (Re: BGP announcements and small providers )

Paul A Vixie paul at vix.com
Tue Feb 25 21:23:58 UTC 1997


> Knowing that NSPs are filtering /24s, how does an Internet Content
> Provider (ICP) with just a /24 (all that is needed) that is wishing
> to be dual-homed see all of the net?

Why even use a /24?  Here  is a "netstat -nr" from an interface default
client, which has an RFC1597 private network for its content server and a
BSD/OS 2.1 squid accelerator front-ending it.

	Destination      Gateway            Flags     Refs     Use  Interface
	default:de1      137.39.63.225      UGS         1        0  de1
	default:de2      204.74.120.1       UGS         1        0  de2
	default          137.39.63.225      UGS      1523 15365222  de1
	127              127.0.0.1          UGRS        0        0  lo0
	127.0.0.1        127.0.0.1          UH         11     6482  lo0
	137.39.63.224/27 link#2             UC          0        0  de1
	137.39.63.225    0:0:c:35:29:a0     UHL         1      307  de1
	137.39.63.227    0:0:f8:1:a5:8e     UHL         0       16  de1
	137.39.63.228    0:a0:24:94:5b:e9   UHL         0        3  de1
	137.39.63.255    link#2             UHL         0        1  de1
	192.168.1        link#1             UC          0        0  de0
	192.168.1.1      0:0:f8:2:b3:66     UHL         1       20  lo0
	192.168.1.2      8:0:69:2:65:e7     UHL         2   793220  de0
	192.168.1.255    link#1             UHL         1      206  de0
	204.74.120/27    link#3             UC          0        0  de2
	204.74.120.31    link#3             UHL         0        1  de2
	224/8            link#1             UC          0        0  de0

The diffs are all PD and should apply OK against other BSDish systems.  I
gave a more detailed talk about this at SF NANOG.  The diffs are also quite
short.

	% ftp ftp.vix.com
	ftp> cd pub/vixie/ifdefault
	ftp> ls
	-rw-rw-r--  1 716  ten  1731 Jan 31 06:15 ifconfig-diffs
	-rw-rw-r--  1 716  ten  5386 Jan 31 05:59 kernel-diffs
	-rw-rw-r--  1 716  ten  3696 Jan 31 06:23 netstat-diffs

You also need to set up a "socket" forwarder for things you want to be
handled by the private-net device:

  telnet  stream  tcp  nowait nobody /usr/libexec/tcpd socket 192.168.1.2 23
  other-ssl stream tcp nowait nobody /usr/libexec/socket socket 192.168.1.2 145

There's a small amount of sendmail.cf work needed to masquerade as the private
host and relay mail between the different address spaces.





More information about the NANOG mailing list