[clug] A routing question

Robert Edwards bob at cs.anu.edu.au
Sun Apr 22 23:34:21 GMT 2007 

Hi Chris,

I am struggling to get a good picture of your network. Your description
has three subnets and three routers, with one per subnet. But routers
route _between_ subnets, and I am not clear which subnet has access to
"the rest of the Internet". Maybe a bit of ACSII art would help me to
see it.

If you want to use IP over IP, you will need to have IP protocol 4
(if you are using ipencap) or IP protocol 94 (if you are using ipip)
open on the routers/firewalls between your internal subnet and the
external router.

Other options are PPP over SSH (not good for interactive gaming), GRE
(as you have said), IPSec, OpenVPN, CIPE (not sure if this works on 2.6
kernels) etc., many of which will also encrypt the traffic (IP over IP
doesn't encrypt).

Cheers,

Bob Edwards.

Chris wrote:
> Hi Bob,
> 
> The rate-limiting only applies from colleges to colleges, they probably 
> did this by specifying subnets in their traffic shaping rules.
> 
> I looked at GRE tunneling. I can make a tunnel between my own gateway in 
> subnet A and the host in subnet C, I can make another tunnel in between 
> the host in subnet C and my other gateway in subnet B.
> 
> Say this is the situation:
> 
> 
> subnet A  150.203.A.0
> netmask   255.255.255.0
> router    150.203.A.2
> 
> subnet B 150.203.B.0
> netmask 255.255.255.0
> router    150.203.B.2
> 
> subnet C 150.203.C.0
> netmask 255.255.255.0
> router    150.203.C.2
> 
> In subnet A's gateway I do this,
> 
> //making a tunnel between my gateway in A and the host in C
> 
> ip tunnel add netc mode gre remote 150.203.C.2 local 150.203.A.2 ttl 255
> ip link set netc up
> ip addr add 150.203.A.2 dev netc
> ip route add 150.203.C.2 dev netc  (if this won't work, I can then try 
> ip route add 150.203.C.0/24 dev netc)
> 
> In subnet B's gateway I do this,
> 
> //making a tunnel between my gateway in B and the host in C
> 
> ip tunnel add netc mode gre remote 150.203.C.2 local 150.203.B.2 ttl 255
> ip link set netc up
> ip addr add 150.203.B.2 dev netc
> ip route add 150.203.B.2 dev netc (if this won't work, I can then try ip 
> route add 150.203.B.0/24 dev netc)
> 
> 
> If the above is correct, I have built a tunnel between A and C, then 
> between B and C. How do I connect these two tunnels together on the host 
> in C?
> 
> Cheers
> Chris
> 
> 
> On 19/04/2007, at 9:30 AM, Robert Edwards wrote:
> 
>>
>> This is a bit hard to do if you are in a residential college and looking
>> for ways around the rate-limiting between your college room and the rest
>> of the (ANU) campus networks... :-)
>>
>> Chris, you might want to look at using IP over IP and SNAT - that is one
>> way we have used in the past to achieve something similar to what you
>> are looking at. Of course, I am only speaking theoretically...
>>
>> Bob Edwards.
>>
>> Kim Holburn wrote:
>>> It really depends on what sort of routers you have and how much you 
>>> control them.
>>> The simplest way would probably be to remove the A to B link.  What 
>>> do you need it for anyway?
>>> Make all the machines on subnet A use the router that handles A to 
>>> C.  Tell the A to C router that subnet B traffic goes to the router 
>>> handing C to B.  On subnet B tell the router that to find subnet A go 
>>> the the router handing B to C.
>>> On 2007/Apr/18, at 3:54 PM, Christopher Zhang wrote:
>>>> Hi list,
>>>>
>>>> Say if the connections from subnet A to B are throttled down, but 
>>>> the connections from subnet A to C and from subnet B to C aren't. 
>>>> The way the connections are throttled is by applying rules on the 
>>>> default gateways of subnets A and B.
>>>>
>>>> Is there a way to speed up the connections from subnet A to B?
>>>>
>>>> The closest idea I can think of is to setup a gateway within subnet 
>>>> A, let's call it D. Setup a host in subnet C, let's call it E, and 
>>>> finally another gateway in subnet B, and call it F.
>>>>
>>>> The idea is to route all traffic from subnet A to C, then bounce it 
>>>> off C to B. Since the connections from A to C and B to C are fast, 
>>>> this effectively increases speed from A to B. So instead of using 
>>>> the default gateways for subnet A and B, we can use our own new 
>>>> gateway D, then somehow pipe all traffic to E, and then from E pipe 
>>>> all traffic to our new gateway F in subnet B.
>>>>
>>>> The reason this increases the speed from subnet A to B is that the 
>>>> connection is unthrottled from subnet A to C, and from subnet C to B.
>>>>
>>>> Eventually this is like a man in the middle setup, in subnet A, tell 
>>>> all machines to use D as the default gateway. What D does is to 
>>>> forward to the traffic to E, D still uses the real default gateway 
>>>> for subnet A to do that however since this connection is to host E 
>>>> in an unaffected subnet, the connection is fast. Then E forwards 
>>>> whatever is forwarded to it to F, if we tell all computers to use F 
>>>> in subnet B, the traffic will reach any host fin subnet B, without 
>>>> any speed loss.
>>>>
>>>> It is easy to setup D as a gateway and route traffic through it, but 
>>>> how can I tell D to route the traffic to E (in subnet C) and from E 
>>>> route all traffic to F (in subnet B)? I cannot tell D to use E as 
>>>> the default gateway since they are on different subnets. If I use 
>>>> iptables to forward the traffic, the packet will lose the original 
>>>> header which means the reverse won't come through.
>>>>
>>>> Maybe a tunnel needs to be setup, but I have no idea how to do that, 
>>>> does anyone have better ideas?
>>>>
>>>> Thanks
>>>>
>>>> Chris
>>>>
>>>> --linux mailing list
>>>> linux at lists.samba.org <mailto:linux at lists.samba.org>
>>>> https://lists.samba.org/mailman/listinfo/linux
>>> -- 
>>> Kim Holburn
>>> IT Network & Security Consultant
>>> Ph: +39 06 855 4294  M: +39 3494957443
>>> mailto:kim at holburn.net  aim://kimholburn
>>> skype://kholburn - PGP Public Key on request
>>> Democracy imposed from without is the severest form of tyranny.
>>>                           -- Lloyd Biggle, Jr. Analog, Apr 1961
>>> --linux mailing list
>>> linux at lists.samba.org <mailto:linux at lists.samba.org>
>>> https://lists.samba.org/mailman/listinfo/linux
>>
>> -- 
>> linux mailing list
>> linux at lists.samba.org <mailto:linux at lists.samba.org>
>> https://lists.samba.org/mailman/listinfo/linux
>

More information about the linux mailing list