LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

RE: LVS-DR and IP Spoofing

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>,<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: LVS-DR and IP Spoofing
From: "Peter Mueller" <pmueller@xxxxxxxxxxxx>
Date: Wed, 14 Jul 2004 10:59:28 -0700
What about http://lartc.org/howto/lartc.rpdb.multiple-links.html#AEN298?  Be 
sure to use the dead-gateway patch from Julian at the bottom of this link.

inbound (assuming you need it) = round robin DNS
outbound = above solution.
 
P

________________________________

From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx on behalf of Mog
Sent: Tue 7/13/2004 8:46 PM
To: LinuxVirtualServer.org users mailing list.
Subject: Re: LVS-DR and IP Spoofing



Hi Horms,

I cannot afford BGP routing. I couldn't afford to violate any network
policies for forwarding unwanted traffic across their upstream routers
too...

Thanks for your input.

Obviously money solve a lot of things, but it's so much challenging to
find a workaround ;)
Gaétan

On Tue, 2004-07-13 at 22:47, Horms wrote:
> On Tue, Jul 13, 2004 at 07:23:01PM -0400, Mog wrote:
> > hello to all,
> >
> > I have a question concerning LVS-DR and IP Spoofing. Let me briefly
> > explain the situation.
> >
> > First, I am a DSL user and I wish to multiplex my traffic over two or
> > tree DSL lines. I decided to accomplish a spoofing test with some
> > hand-crafted forged packets on my actual ISP network and it succeeded
> > for packets being sent with a different source address that my current
> > static IP that where Inside or Outside of my ISP allocated range (Witch
> > probably mean that I am on the good way).
> >
> > I decided to find another ISP willing to help in order to accomplish a
> > crosstalk between both ISPs. Their response was their own providers
> > (bell, sprint etc..) will not allow non sanctioned IP to be sent through
> > there network. They say they (bell, sprint etc..) use filters to stop
> > some range of IPs from passing trough. They would probably take an
> > agreement for a whole class C adress but not for a single IP.
> >
> > According to my previous readings on this list and the LVS How-to (and
> > from what I understand) it's only a question of my ISP router config,
> > not their own upstream provider...
> >
> > What are your thoughts on this ?
>
> I think that the explanation of your ISP is quite plausible.
> I would not be at all surprised if the backbone providers
> have filtering in place for a variety of reasons. And if this
> is the case, your packets can't travel over their networks,
> and you have a problem.
>
> The real solution is to get your own IP addresses and advertise them
> to all the providers that you are connected to. Unfortunately,
> this tends to be a rather costly procedure.

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users


<Prev in Thread] Current Thread [Next in Thread>